mozilla
/
mozilla-history
зеркало из https://github.com/mozilla/mozilla-history.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=168450 Cleanup some PSM code and add JavaDoc documentation to all freeze candidates 

r=javi sr=alecf
This commit is contained in:
kaie%netscape.com 2002-11-14 00:50:02 +00:00
Родитель 8ffbf69207
Коммит 11e4a80cf5
36 изменённых файлов: 985 добавлений и 553 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
mailnews/extensions/smime/resources/content/am-smime.js
Просмотреть файл

@ -220,10 +220,10 @@ function checkOtherCert(nickname, pref, usage, msgNeedCertWantSame, msgWantSame,
return;
if (email_recipient_cert_usage == usage) {
matchingOtherCert = certdb.getEmailEncryptionCert(nickname);
matchingOtherCert = certdb.findEmailEncryptionCert(nickname);
}
else if (email_signing_cert_usage == usage) {
matchingOtherCert = certdb.getEmailSigningCert(nickname);
matchingOtherCert = certdb.findEmailSigningCert(nickname);
}
else
return;

8
mailnews/extensions/smime/src/nsMsgComposeSecure.cpp
Просмотреть файл

@ -873,8 +873,8 @@ nsresult nsMsgComposeSecure::MimeCryptoHackCerts(const char *aRecipients,
PRBool no_clearsigning_p = PR_FALSE;
PR_ASSERT(aEncrypt || aSign);
certdb->GetEmailEncryptionCert(mEncryptionCertName, getter_AddRefs(mSelfEncryptionCert));
certdb->GetEmailSigningCert(mSigningCertName, getter_AddRefs(mSelfSigningCert));
certdb->FindEmailEncryptionCert(mEncryptionCertName, getter_AddRefs(mSelfEncryptionCert));
certdb->FindEmailSigningCert(mSigningCertName, getter_AddRefs(mSelfSigningCert));
// must have both the signing and encryption certs to sign
if ((mSelfSigningCert == nsnull) && aSign) {
@ -929,7 +929,7 @@ nsresult nsMsgComposeSecure::MimeCryptoHackCerts(const char *aRecipients,
nsCString mailbox_lowercase;
ToLowerCase(nsDependentCString(mailbox), mailbox_lowercase);
nsCOMPtr<nsIX509Cert> cert;
certdb->GetCertByEmailAddress(nsnull, mailbox_lowercase.get(), getter_AddRefs(cert));
certdb->FindCertByEmailAddress(nsnull, mailbox_lowercase.get(), getter_AddRefs(cert));
PRBool foundValidCert = PR_FALSE;
if (cert) {
@ -960,7 +960,7 @@ nsresult nsMsgComposeSecure::MimeCryptoHackCerts(const char *aRecipients,
*/
PRBool isSame;
if (NS_SUCCEEDED(cert->IsSameCert(mSelfEncryptionCert, &isSame))
if (NS_SUCCEEDED(cert->Equals(mSelfEncryptionCert, &isSame))
&& isSame) {
already_added_self_cert = PR_TRUE;
}

40
mailnews/extensions/smime/src/nsSMimeJSHelper.cpp
Просмотреть файл

@ -43,6 +43,7 @@
#include "nsString.h"
#include "nsIMsgHeaderParser.h"
#include "nsIX509CertDB.h"
#include "nsIX509CertValidity.h"
#include "nsIServiceManager.h"
#include "nsPromiseFlatString.h"
#include "nsCRT.h"
@ -153,7 +154,7 @@ NS_IMETHODIMP nsSMimeJSHelper::GetRecipientCertsInfo(
ToLowerCase(email, email_lowercase);
nsCOMPtr<nsIX509Cert> cert;
if (NS_SUCCEEDED(certdb->GetCertByEmailAddress(nsnull, email_lowercase.get(), getter_AddRefs(cert)))
if (NS_SUCCEEDED(certdb->FindCertByEmailAddress(nsnull, email_lowercase.get(), getter_AddRefs(cert)))
&& cert)
{
*iCert = cert;
@ -177,23 +178,28 @@ NS_IMETHODIMP nsSMimeJSHelper::GetRecipientCertsInfo(
}
}
nsXPIDLString id, ed;
nsCOMPtr<nsIX509CertValidity> validity;
rv = cert->GetValidity(getter_AddRefs(validity));
if (NS_SUCCEEDED(cert->GetIssuedDate(id)))
{
*iCII = ToNewUnicode(id);
if (!*iCII) {
memory_failure = PR_TRUE;
continue;
if (NS_SUCCEEDED(rv)) {
nsXPIDLString id, ed;
if (NS_SUCCEEDED(validity->GetNotBeforeLocalDay(id)))
{
*iCII = ToNewUnicode(id);
if (!*iCII) {
memory_failure = PR_TRUE;
continue;
}
}
}
if (NS_SUCCEEDED(cert->GetExpiresDate(ed)))
{
*iCEI = ToNewUnicode(ed);
if (!*iCEI) {
memory_failure = PR_TRUE;
continue;
if (NS_SUCCEEDED(validity->GetNotAfterLocalDay(ed)))
{
*iCEI = ToNewUnicode(ed);
if (!*iCEI) {
memory_failure = PR_TRUE;
continue;
}
}
}
}
@ -295,7 +301,7 @@ NS_IMETHODIMP nsSMimeJSHelper::GetNoCertAddresses(
ToLowerCase(email, email_lowercase);
nsCOMPtr<nsIX509Cert> cert;
if (NS_SUCCEEDED(certdb->GetCertByEmailAddress(nsnull, email_lowercase.get(), getter_AddRefs(cert)))
if (NS_SUCCEEDED(certdb->FindCertByEmailAddress(nsnull, email_lowercase.get(), getter_AddRefs(cert)))
&& cert)
{
PRUint32 verification_result;

64
security/manager/boot/public/nsISecurityWarningDialogs.idl
Просмотреть файл

@ -29,40 +29,78 @@
interface nsIInterfaceRequestor;
/**
* nsISecurityWarningDialogs - functions that
* display warnings for transitions between secure
* and insecure pages, posts to insecure servers etc.
* Functions that display warnings for transitions between secure
* and insecure pages, posts to insecure servers etc.
*/
[scriptable, uuid(1c399d06-1dd2-11b2-bc58-c87cbcacdb78)]
interface nsISecurityWarningDialogs : nsISupports
{
/**
* alertEnteringSecure
* Inform the user that a transition
* from an insecure page
* to a secure page
* is happening.
*
* @param ctx A user interface context.
*
* @return true if the user confirms to continue
*/
boolean alertEnteringSecure(in nsIInterfaceRequestor ctx);
boolean confirmEnteringSecure(in nsIInterfaceRequestor ctx);
/**
* alertEnteringWeak
* Inform the user that a transition
* from an insecure page
* or from a secure page
* to a weak security page
* is happening.
*
* @param ctx A user interface context.
*
* @return true if the user confirms to continue
*/
boolean alertEnteringWeak(in nsIInterfaceRequestor ctx);
boolean confirmEnteringWeak(in nsIInterfaceRequestor ctx);
/**
* alertLeavingSecure
* Inform the user that a transition
* from a secure page
* to an insecure page
* is happening.
*
* @param ctx A user interface context.
*
* @return true if the user confirms to continue
*/
boolean alertLeavingSecure(in nsIInterfaceRequestor ctx);
boolean confirmLeavingSecure(in nsIInterfaceRequestor ctx);
/**
* alertMixedMode
* Inform the user the currently displayed page
* contains some secure and some insecure page components.
*
* @param ctx A user interface context.
*
* @return true if the user decides to show insecure objects.
*/
boolean alertMixedMode(in nsIInterfaceRequestor ctx);
boolean confirmMixedMode(in nsIInterfaceRequestor ctx);
/**
* confirmPostToInsecure
* Inform the user that information is being submitted
* to an insecure page.
*
* @param ctx A user interface context.
*
* @return true if the user confirms to submit.
*/
boolean confirmPostToInsecure(in nsIInterfaceRequestor ctx);
/**
* confirmPostToInsecureFromSecure
* Inform the user: Although the currently displayed
* page was loaded using a secure connection, and the UI probably
* currently indicates a secure page,
* that information is being submitted to an insecure page.
*
* @param ctx A user interface context.
*
* @return true if the user confirms to submit.
*/
boolean confirmPostToInsecureFromSecure(in nsIInterfaceRequestor ctx);
};

56
security/manager/boot/src/nsSecureBrowserUIImpl.cpp
Просмотреть файл

@ -1030,19 +1030,19 @@ nsresult nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest)
{
case lis_no_security:
case lis_broken_security:
AlertLeavingSecure();
ConfirmLeavingSecure();
break;
case lis_mixed_security:
AlertMixedMode();
ConfirmMixedMode();
break;
case lis_low_security:
AlertEnteringWeak();
ConfirmEnteringWeak();
break;
case lis_high_security:
AlertEnteringSecure();
ConfirmEnteringSecure();
break;
}
}
@ -1308,68 +1308,68 @@ GetNSSDialogs(nsISecurityWarningDialogs **result)
return CallQueryInterface(proxiedResult, result);
}
void nsSecureBrowserUIImpl::
AlertEnteringSecure()
PRBool nsSecureBrowserUIImpl::
ConfirmEnteringSecure()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(getter_AddRefs(dialogs));
if (!dialogs) return;
if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented?
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
PRBool canceled;
dialogs->AlertEnteringSecure(ctx, &canceled);
PRBool confirms;
dialogs->ConfirmEnteringSecure(ctx, &confirms);
return;
return confirms;
}
void nsSecureBrowserUIImpl::
AlertEnteringWeak()
PRBool nsSecureBrowserUIImpl::
ConfirmEnteringWeak()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(getter_AddRefs(dialogs));
if (!dialogs) return;
if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented?
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
PRBool canceled;
dialogs->AlertEnteringWeak(ctx, &canceled);
PRBool confirms;
dialogs->ConfirmEnteringWeak(ctx, &confirms);
return;
return confirms;
}
void nsSecureBrowserUIImpl::
AlertLeavingSecure()
PRBool nsSecureBrowserUIImpl::
ConfirmLeavingSecure()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(getter_AddRefs(dialogs));
if (!dialogs) return;
if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented?
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
PRBool canceled;
dialogs->AlertLeavingSecure(ctx, &canceled);
PRBool confirms;
dialogs->ConfirmLeavingSecure(ctx, &confirms);
return;
return confirms;
}
void nsSecureBrowserUIImpl::
AlertMixedMode()
PRBool nsSecureBrowserUIImpl::
ConfirmMixedMode()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(getter_AddRefs(dialogs));
if (!dialogs) return;
if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented?
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
PRBool canceled;
dialogs->AlertMixedMode(ctx, &canceled);
PRBool confirms;
dialogs->ConfirmMixedMode(ctx, &confirms);
return;
return confirms;
}
/**

9
security/manager/boot/src/nsSecureBrowserUIImpl.h
Просмотреть файл

@ -117,11 +117,10 @@ protected:
nsresult CheckPost(nsIURI *formURI, nsIURI *actionURL, PRBool *okayToPost);
nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value);
// Alerts for security transitions
void AlertEnteringSecure();
void AlertEnteringWeak();
void AlertLeavingSecure();
void AlertMixedMode();
PRBool ConfirmEnteringSecure();
PRBool ConfirmEnteringWeak();
PRBool ConfirmLeavingSecure();
PRBool ConfirmMixedMode();
PRBool ConfirmPostToInsecure();
PRBool ConfirmPostToInsecureFromSecure();

16
security/manager/boot/src/nsSecurityWarningDialogs.cpp
Просмотреть файл

@ -70,7 +70,7 @@ nsSecurityWarningDialogs::Init()
}
NS_IMETHODIMP
nsSecurityWarningDialogs::AlertEnteringSecure(nsIInterfaceRequestor *ctx, PRBool *canceled)
nsSecurityWarningDialogs::ConfirmEnteringSecure(nsIInterfaceRequestor *ctx, PRBool *_retval)
{
nsresult rv;
@ -78,12 +78,12 @@ nsSecurityWarningDialogs::AlertEnteringSecure(nsIInterfaceRequestor *ctx, PRBool
NS_LITERAL_STRING("EnterSecureMessage").get(),
NS_LITERAL_STRING("EnterSecureShowAgain").get());
*canceled = PR_FALSE;
*_retval = PR_TRUE;
return rv;
}
NS_IMETHODIMP
nsSecurityWarningDialogs::AlertEnteringWeak(nsIInterfaceRequestor *ctx, PRBool *canceled)
nsSecurityWarningDialogs::ConfirmEnteringWeak(nsIInterfaceRequestor *ctx, PRBool *_retval)
{
nsresult rv;
@ -91,12 +91,12 @@ nsSecurityWarningDialogs::AlertEnteringWeak(nsIInterfaceRequestor *ctx, PRBool *
NS_LITERAL_STRING("WeakSecureMessage").get(),
NS_LITERAL_STRING("WeakSecureShowAgain").get());
*canceled = PR_FALSE;
*_retval = PR_TRUE;
return rv;
}
NS_IMETHODIMP
nsSecurityWarningDialogs::AlertLeavingSecure(nsIInterfaceRequestor *ctx, PRBool *canceled)
nsSecurityWarningDialogs::ConfirmLeavingSecure(nsIInterfaceRequestor *ctx, PRBool *_retval)
{
nsresult rv;
@ -104,13 +104,13 @@ nsSecurityWarningDialogs::AlertLeavingSecure(nsIInterfaceRequestor *ctx, PRBool
NS_LITERAL_STRING("LeaveSecureMessage").get(),
NS_LITERAL_STRING("LeaveSecureShowAgain").get());
*canceled = PR_FALSE;
*_retval = PR_TRUE;
return rv;
}
NS_IMETHODIMP
nsSecurityWarningDialogs::AlertMixedMode(nsIInterfaceRequestor *ctx, PRBool *canceled)
nsSecurityWarningDialogs::ConfirmMixedMode(nsIInterfaceRequestor *ctx, PRBool *_retval)
{
nsresult rv;
@ -118,7 +118,7 @@ nsSecurityWarningDialogs::AlertMixedMode(nsIInterfaceRequestor *ctx, PRBool *can
NS_LITERAL_STRING("MixedContentMessage").get(),
NS_LITERAL_STRING("MixedContentShowAgain").get());
*canceled = PR_FALSE;
*_retval = PR_TRUE;
return rv;
}

2
security/manager/pki/resources/content/certManager.js
Просмотреть файл

@ -85,7 +85,7 @@ function LoadCerts()
enableBackupAllButton.setAttribute("enabled",true);
}
if (certdb.ocspOn) {
if (certdb.isOcspOn) {
document.getElementById('ocsp_info').removeAttribute("hidden");
}
}

4
security/manager/pki/resources/content/crlImportDialog.js
Просмотреть файл

@ -56,9 +56,9 @@ function onLoad()
var nextUpdate = document.getElementById("nextUpdate");
nextUpdate.setAttribute("value",nextUpdateStr);
var org = document.getElementById("orgText");
org.setAttribute("value",crl.org);
org.setAttribute("value", crl.organization);
var orgUnit = document.getElementById("orgUnitText");
orgUnit.setAttribute("value",crl.orgUnit);
orgUnit.setAttribute("value", crl.organizationalUnit);
prefs = Components.classes["@mozilla.org/preferences;1"].getService(nsIPref);
var autoupdateEnabledString = "security.crl.autoupdate.enable." + crl.nameInDb;

4
security/manager/pki/resources/content/crlManager.js
Просмотреть файл

@ -55,8 +55,8 @@ function onLoad()
for (i=0; i<crls.length; i++) {
crlEntry = crls.queryElementAt(i, nsICRLInfo);
var org = crlEntry.org;
var orgUnit = crlEntry.orgUnit;
var org = crlEntry.organization;
var orgUnit = crlEntry.organizationalUnit;
var lastUpdate = crlEntry.lastUpdateLocale;
var nextUpdate = crlEntry.nextUpdateLocale;
autoupdateEnabledString = autoupdateEnabledBaseString + crlEntry.nameInDb;

2
security/manager/pki/resources/content/deletecert.js
Просмотреть файл

@ -44,7 +44,7 @@ function setWindowName()
for(var x=0; x<numberOfCerts;x++)
{
dbkey = gParams.GetString(x+1);
certs[x] = certdb.getCertByDBKey(dbkey , null);
certs[x] = certdb.findCertByDBKey(dbkey , null);
}
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");

20
security/manager/pki/resources/content/editcerts.js
Просмотреть файл

@ -38,7 +38,7 @@ function setWindowName()
//var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
//var isupport = pkiParams.getISupportAtIndex(1);
//cert = isupport.QueryInterface(nsIX509Cert);
cert = certdb.getCertByDBKey(dbkey, null);
cert = certdb.findCertByDBKey(dbkey, null);
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
var windowReference = document.getElementById('editCaCert');
@ -49,21 +49,21 @@ function setWindowName()
setText("certmsg", message1);
var ssl = document.getElementById("trustSSL");
if (certdb.getCertTrust(cert, nsIX509Cert.CA_CERT,
if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,
nsIX509CertDB.TRUSTED_SSL)) {
ssl.setAttribute("checked", "true");
} else {
ssl.setAttribute("checked", "false");
}
var email = document.getElementById("trustEmail");
if (certdb.getCertTrust(cert, nsIX509Cert.CA_CERT,
if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,
nsIX509CertDB.TRUSTED_EMAIL)) {
email.setAttribute("checked", "true");
} else {
email.setAttribute("checked", "false");
}
var objsign = document.getElementById("trustObjSign");
if (certdb.getCertTrust(cert, nsIX509Cert.CA_CERT,
if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,
nsIX509CertDB.TRUSTED_OBJSIGN)) {
objsign.setAttribute("checked", "true");
} else {
@ -95,7 +95,7 @@ function doLoadForSSLCert()
// Get the cert from the cert database
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
cert = certdb.getCertByDBKey(dbkey, null);
cert = certdb.findCertByDBKey(dbkey, null);
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
var windowReference = document.getElementById('editWebsiteCert');
@ -112,7 +112,7 @@ function doLoadForSSLCert()
{
setText("explainations",bundle.GetStringFromName("issuerNotKnown"));
}
else if(certdb.getCertTrust(cacert, nsIX509Cert.CA_CERT,
else if(certdb.isCertTrusted(cacert, nsIX509Cert.CA_CERT,
nsIX509CertDB.TRUSTED_SSL))
{
setText("explainations",bundle.GetStringFromName("issuerTrusted"));
@ -130,7 +130,7 @@ function doLoadForSSLCert()
*/
var trustssl = document.getElementById("trustSSLCert");
var notrustssl = document.getElementById("dontTrustSSLCert");
if (certdb.getCertTrust(cert, nsIX509Cert.SERVER_CERT,
if (certdb.isCertTrusted(cert, nsIX509Cert.SERVER_CERT,
nsIX509CertDB.TRUSTED_SSL)) {
trustssl.radioGroup.selectedItem = trustssl;
} else {
@ -158,7 +158,7 @@ function doLoadForEmailCert()
// Get the cert from the cert database
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
cert = certdb.getCertByDBKey(dbkey, null);
cert = certdb.findCertByDBKey(dbkey, null);
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
var windowReference = document.getElementById('editEmailCert');
@ -175,7 +175,7 @@ function doLoadForEmailCert()
{
setText("explainations",bundle.GetStringFromName("issuerNotKnown"));
}
else if(certdb.getCertTrust(cacert, nsIX509Cert.CA_CERT,
else if(certdb.isCertTrusted(cacert, nsIX509Cert.CA_CERT,
nsIX509CertDB.TRUSTED_EMAIL))
{
setText("explainations",bundle.GetStringFromName("issuerTrusted"));
@ -193,7 +193,7 @@ function doLoadForEmailCert()
*/
var trustemail = document.getElementById("trustEmailCert");
var notrustemail = document.getElementById("dontTrustEmailCert");
if (certdb.getCertTrust(cert, nsIX509Cert.EMAIL_CERT,
if (certdb.isCertTrusted(cert, nsIX509Cert.EMAIL_CERT,
nsIX509CertDB.TRUSTED_EMAIL)) {
trustemail.radioGroup.selectedItem = trustemail;
} else {

12
security/manager/pki/resources/content/viewCertDetails.js
Просмотреть файл

@ -89,8 +89,8 @@ function setWindowName()
//var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
//var token = pk11db.findTokenByName(tokenName);
//var cert = certdb.getCertByNickname(token, myName);
cert = certdb.getCertByNickname(null, myName);
//var cert = certdb.findCertByNickname(token, myName);
cert = certdb.findCertByNickname(null, myName);
} else {
var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
var isupport = pkiParams.getISupportAtIndex(1);
@ -175,7 +175,7 @@ function DisplayGeneralDataFromCert(cert)
var o1 = {};
var o2 = {};
var o3 = {};
cert.getUsages(o1, o2, o3);
cert.getUsagesArray(false, o1, o2, o3); // do not ignore OCSP when checking
var verifystate = o1.value;
var count = o2.value;
var usageList = o3.value;
@ -218,9 +218,9 @@ function DisplayGeneralDataFromCert(cert)
// MD5 Fingerprint
addAttributeFromCert('md5fingerprint',cert.md5Fingerprint);
// Validity start
addAttributeFromCert('validitystart', cert.issuedDate);
addAttributeFromCert('validitystart', cert.validity.notBeforeLocalDay);
// Validity end
addAttributeFromCert('validityend', cert.expiresDate);
addAttributeFromCert('validityend', cert.validity.notAfterLocalDay);
//Now to populate the fields that correspond to the issuer.
var issuerCommonname, issuerOrg, issuerOrgUnit;
@ -245,7 +245,7 @@ function updateCertDump()
var dbKey = item.firstChild.firstChild.getAttribute('display');
// Get the cert from the cert database
var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
var cert = certdb.getCertByDBKey(dbKey,null);
var cert = certdb.findCertByDBKey(dbKey,null);
asn1Tree.loadASN1Structure(cert.ASN1Structure);
}
displaySelected();

26
security/manager/pki/src/nsASN1Tree.cpp
Просмотреть файл

@ -90,7 +90,7 @@ void nsNSSASN1Tree::InitChildsRecursively(myNode *n)
// That way, n->seq and n->child will be either both set or both null.
PRBool isContainer;
n->seq->GetProcessObjects(&isContainer);
n->seq->GetIsValidContainer(&isContainer);
if (!isContainer) {
n->seq = nsnull;
return;
@ -250,7 +250,7 @@ nsNSSASN1Tree::IsContainerOpen(PRInt32 index, PRBool *_retval)
if (!n || !n->seq)
return NS_ERROR_FAILURE;
n->seq->GetShowObjects(_retval);
n->seq->GetIsExpanded(_retval);
return NS_OK;
}
@ -360,14 +360,14 @@ nsNSSASN1Tree::ToggleOpenState(PRInt32 index)
if (!n->seq)
return NS_ERROR_FAILURE;
PRBool showObjects;
n->seq->GetShowObjects(&showObjects);
PRBool IsExpanded;
n->seq->GetIsExpanded(&IsExpanded);
PRInt32 rowCountChange;
if (showObjects) {
if (IsExpanded) {
rowCountChange = 1-CountVisibleNodes(n);
n->seq->SetShowObjects(PR_FALSE);
n->seq->SetIsExpanded(PR_FALSE);
} else {
n->seq->SetShowObjects(PR_TRUE);
n->seq->SetIsExpanded(PR_TRUE);
rowCountChange = CountVisibleNodes(n)-1;
}
if (mTree)
@ -533,9 +533,9 @@ PRInt32 nsNSSASN1Tree::CountVisibleNodes(myNode *n)
++count;
if (walk->seq) {
PRBool showObjects;
walk->seq->GetShowObjects(&showObjects);
if (showObjects) {
PRBool IsExpanded;
walk->seq->GetIsExpanded(&IsExpanded);
if (IsExpanded) {
count += CountVisibleNodes(walk->child);
}
}
@ -592,9 +592,9 @@ nsNSSASN1Tree::FindNodeFromIndex(myNode *n, PRInt32 wantedIndex,
}
if (walk->seq) {
PRBool showObjects;
walk->seq->GetShowObjects(&showObjects);
if (showObjects) {
PRBool IsExpanded;
walk->seq->GetIsExpanded(&IsExpanded);
if (IsExpanded) {
++index_counter; // set to walk->child
++level_counter;

56
security/manager/pki/src/nsNSSDialogs.cpp
Просмотреть файл

@ -156,9 +156,9 @@ nsNSSDialogs::GetPassword(nsIInterfaceRequestor *ctx,
}
NS_IMETHODIMP
nsNSSDialogs::UnknownIssuer(nsIInterfaceRequestor *socketInfo,
nsIX509Cert *cert, PRInt16 *outAddType,
PRBool *_retval)
nsNSSDialogs::ConfirmUnknownIssuer(nsIInterfaceRequestor *socketInfo,
nsIX509Cert *cert, PRInt16 *outAddType,
PRBool *_retval)
{
nsresult rv;
PRInt32 addType;
@ -214,9 +214,9 @@ nsNSSDialogs::UnknownIssuer(nsIInterfaceRequestor *socketInfo,
}
NS_IMETHODIMP
nsNSSDialogs::MismatchDomain(nsIInterfaceRequestor *socketInfo,
const nsACString &targetURL,
nsIX509Cert *cert, PRBool *_retval)
nsNSSDialogs::ConfirmMismatchDomain(nsIInterfaceRequestor *socketInfo,
const nsACString &targetURL,
nsIX509Cert *cert, PRBool *_retval)
{
nsresult rv;
@ -254,8 +254,8 @@ nsNSSDialogs::MismatchDomain(nsIInterfaceRequestor *socketInfo,
}
NS_IMETHODIMP
nsNSSDialogs::CertExpired(nsIInterfaceRequestor *socketInfo,
nsIX509Cert *cert, PRBool *_retval)
nsNSSDialogs::ConfirmCertExpired(nsIInterfaceRequestor *socketInfo,
nsIX509Cert *cert, PRBool *_retval)
{
nsresult rv;
PRTime now = PR_Now();
@ -341,8 +341,8 @@ nsNSSDialogs::CertExpired(nsIInterfaceRequestor *socketInfo,
}
NS_IMETHODIMP
nsNSSDialogs::CrlNextupdate(nsIInterfaceRequestor *socketInfo,
const nsACString &targetURL, nsIX509Cert *cert)
nsNSSDialogs::NotifyCrlNextupdate(nsIInterfaceRequestor *socketInfo,
const nsACString &targetURL, nsIX509Cert *cert)
{
nsresult rv;
@ -382,19 +382,15 @@ nsNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICRLInfo *crl)
return NS_OK;
}
/* void downloadCACert (in nsIInterfaceRequestor ctx,
in nsIX509Cert cert,
out trust,
out canceled); */
NS_IMETHODIMP
nsNSSDialogs::DownloadCACert(nsIInterfaceRequestor *ctx,
nsIX509Cert *cert,
PRUint32 *_trust,
PRBool *_canceled)
nsNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor *ctx,
nsIX509Cert *cert,
PRUint32 *_trust,
PRBool *_retval)
{
nsresult rv;
*_canceled = PR_FALSE;
*_retval = PR_TRUE;
// Get the parent window for the dialog
nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx);
@ -431,19 +427,17 @@ nsNSSDialogs::DownloadCACert(nsIInterfaceRequestor *ctx,
*_trust |= (email) ? nsIX509CertDB::TRUSTED_EMAIL : 0;
*_trust |= (objsign) ? nsIX509CertDB::TRUSTED_OBJSIGN : 0;
*_canceled = (status == 0)?PR_TRUE:PR_FALSE;
*_retval = (status == 0)?PR_FALSE:PR_TRUE;
return rv;
}
NS_IMETHODIMP
nsNSSDialogs::CACertExists(nsIInterfaceRequestor *ctx,PRBool *_canceled)
nsNSSDialogs::NotifyCACertExists(nsIInterfaceRequestor *ctx)
{
nsresult rv;
*_canceled = PR_FALSE;
// Get the parent window for the dialog
nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx);
@ -574,10 +568,10 @@ nsNSSDialogs::PickCertificate(nsIInterfaceRequestor *ctx,
NS_IMETHODIMP
nsNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
nsAString &_password,
PRBool *_canceled)
PRBool *_retval)
{
nsresult rv;
*_canceled = PR_FALSE;
*_retval = PR_TRUE;
// Get the parent window for the dialog
nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx);
nsCOMPtr<nsIDialogParamBlock> block(do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID));
@ -591,8 +585,8 @@ nsNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
PRInt32 status;
rv = block->GetInt(1, &status);
if (NS_FAILED(rv)) return rv;
*_canceled = (status == 0) ? PR_TRUE : PR_FALSE;
if (!*_canceled) {
*_retval = (status == 0) ? PR_FALSE : PR_TRUE;
if (*_retval) {
// retrieve the password
PRUnichar *pw;
rv = block->GetString(2, &pw);
@ -607,10 +601,10 @@ nsNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
NS_IMETHODIMP
nsNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
nsAString &_password,
PRBool *_canceled)
PRBool *_retval)
{
nsresult rv;
*_canceled = PR_FALSE;
*_retval = PR_TRUE;
// Get the parent window for the dialog
nsCOMPtr<nsIDOMWindowInternal> parent = do_GetInterface(ctx);
nsCOMPtr<nsIDialogParamBlock> block(do_CreateInstance(NS_DIALOGPARAMBLOCK_CONTRACTID));
@ -624,8 +618,8 @@ nsNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
PRInt32 status;
rv = block->GetInt(1, &status);
if (NS_FAILED(rv)) return rv;
*_canceled = (status == 0) ? PR_TRUE : PR_FALSE;
if (!*_canceled) {
*_retval = (status == 0) ? PR_FALSE : PR_TRUE;
if (*_retval) {
// retrieve the password
PRUnichar *pw;
rv = block->GetString(2, &pw);

32
security/manager/ssl/public/nsIASN1Object.idl
Просмотреть файл

@ -35,8 +35,22 @@
#include "nsISupports.idl"
/**
* This represents an ASN.1 object,
* where ASN.1 is "Abstract Syntax Notation number One".
*
* The additional state information carried in this interface
* makes it fit for being used as the data structure
* when working with visual reprenstation of ASN.1 objects
* in a human user interface, like in a tree widget
* where open/close state of nodes must be remembered.
*/
[scriptable, uuid(ba8bf582-1dd1-11b2-898c-f40246bc9a63)]
interface nsIASN1Object : nsISupports {
/**
* Identifiers for the possible types of object.
*/
const unsigned long ASN1_END_CONTENTS = 0;
const unsigned long ASN1_BOOLEAN = 1;
const unsigned long ASN1_INTEGER = 2;
@ -61,11 +75,25 @@ interface nsIASN1Object : nsISupports {
const unsigned long ASN1_APPLICATION = 33;
const unsigned long ASN1_PRIVATE = 34;
// This will be either one of the const
// values above.
/**
* "type" will be equal to one of the defined object identifiers.
*/
attribute unsigned long type;
/**
* This contains a tag as explained in ASN.1 standards documents.
*/
attribute unsigned long tag;
/**
* "displayName" contains a human readable explanatory label.
*/
attribute AString displayName;
/**
* "displayValue" contains the human readable value.
*/
attribute AString displayValue;
};

65
security/manager/ssl/public/nsIASN1Sequence.idl
Просмотреть файл

@ -34,29 +34,52 @@
*/
#include "nsISupports.idl"
//
// Overview of how this ASN1 interface is intended to
// work.
//
// First off, the nsIASN1Sequence is any type in ASN1
// that consists of sub-elements (ie SEQUENCE, SET)
// nsIASN1Printable Items are all the other types that
// can be viewed by themselves without interpreting further.
// Examples would include INTEGER, UTF-8 STRING, OID.
// These are not intended to directly reflect the numberous
// types that exist in ASN1, but merely an interface to ease
// producing a tree display the ASN1 structure of any DER
// object.
//
interface nsIMutableArray;
#include "nsIASN1Object.idl"
interface nsIMutableArray;
/**
* This represents a sequence of ASN.1 objects,
* where ASN.1 is "Abstract Syntax Notation number One".
*
* Overview of how this ASN1 interface is intended to
* work.
*
* First off, the nsIASN1Sequence is any type in ASN1
* that consists of sub-elements (ie SEQUENCE, SET)
* nsIASN1Printable Items are all the other types that
* can be viewed by themselves without interpreting further.
* Examples would include INTEGER, UTF-8 STRING, OID.
* These are not intended to directly reflect the numberous
* types that exist in ASN1, but merely an interface to ease
* producing a tree display the ASN1 structure of any DER
* object.
*
* The additional state information carried in this interface
* makes it fit for being used as the data structure
* when working with visual reprenstation of ASN.1 objects
* in a human user interface, like in a tree widget
* where open/close state of nodes must be remembered.
*/
[scriptable, uuid(b6b957e6-1dd1-11b2-89d7-e30624f50b00)]
interface nsIASN1Sequence : nsIASN1Object {
attribute nsIMutableArray ASN1Objects;
attribute boolean processObjects;
attribute boolean showObjects;
};
/**
* The array of objects stored in the sequence.
*/
attribute nsIMutableArray ASN1Objects;
/**
* Whether the node at this position in the ASN.1 data structure
* sequence contains sub elements understood by the
* application.
*/
attribute boolean isValidContainer;
/**
* Whether the contained objects should be shown or hidden.
* A UI implementation can use this flag to store the current
* expansion state when shown in a tree widget.
*/
attribute boolean isExpanded;
};

106
security/manager/ssl/public/nsIBadCertListener.idl
Просмотреть файл

@ -38,25 +38,109 @@
interface nsIX509Cert;
interface nsIInterfaceRequestor;
/**
* Functions that display warnings for problems with web site trust.
*/
[scriptable, uuid(86960956-edb0-11d4-998b-00b0d02354a0)]
interface nsIBadCertListener : nsISupports {
/**
* No decision was made by the user, whether to trust a cert.
*/
const short UNINIT_ADD_FLAG = -1;
const short ADD_TRUSTED_FOR_SESSION =1;
/**
* The user decided to add trust to a certificate temporarily
* for the current application session only.
*/
const short ADD_TRUSTED_FOR_SESSION = 1;
/**
* The user decided to add trust to a certificate permanently.
*/
const short ADD_TRUSTED_PERMANENTLY = 2;
boolean unknownIssuer(in nsIInterfaceRequestor socketInfo,
in nsIX509Cert cert,
out short certAddType);
boolean mismatchDomain(in nsIInterfaceRequestor socketInfo,
in AUTF8String targetURL,
in nsIX509Cert cert);
/**
* Inform the user there are problems with the trust of a certificate,
* and request a decision from the user.
* The UI should offer the user a way to look at the certificate in detail.
* The following is a sample UI message to be shown to the user:
*
* Unable to verify the identity of %S as a trusted site.
* Possible reasons for this error:
* - Your browser does not recognize the Certificate Authority
* that issued the site's certificate.
* - The site's certificate is incomplete due to a
* server misconfiguration.
* - You are connected to a site pretending to be %S,
* possibly to obtain your confidential information.
* Please notify the site's webmaster about this problem.
* Before accepting this certificate, you should examine this site's
* certificate carefully. Are you willing to to accept this certificate
* for the purpose of identifying the Web site %S?
* o Accept this certificate permanently
* x Accept this certificate temporarily for this session
* o Do not accept this certificate and do not connect to this Web site
*
* @param socketInfo A network communication context that can be used to obtain more information
* about the active connection.
* @param cert The certificate that is not trusted and that is having the problem.
* @param certAddType The user's trust decision. See constants defined above.
*
* @return true if the user decided to connect anyway, false if the user decided to not connect
*/
boolean confirmUnknownIssuer(in nsIInterfaceRequestor socketInfo,
in nsIX509Cert cert,
out short certAddType);
boolean certExpired(in nsIInterfaceRequestor socketInfo,
in nsIX509Cert cert);
/**
* Inform the user there are problems with the trust of a certificate,
* and request a decision from the user.
* The hostname mentioned in the server's certificate is not the hostname
* that was used as a destination address for the current connection.
*
* @param socketInfo A network communication context that can be used to obtain more information
* about the active connection.
* @param targetURL The URL that was used to open the current connection.
* @param cert The certificate that was presented by the server.
*
* @return true if the user decided to connect anyway, false if the user decided to not connect
*/
boolean confirmMismatchDomain(in nsIInterfaceRequestor socketInfo,
in AUTF8String targetURL,
in nsIX509Cert cert);
void crlNextupdate(in nsIInterfaceRequestor socketInfo,
in AUTF8String targetURL, in nsIX509Cert cert);
/**
* Inform the user there are problems with the trust of a certificate,
* and request a decision from the user.
* The certificate presented by the server is no longer valid because
* the validity period has expired.
*
* @param socketInfo A network communication context that can be used to obtain more information
* about the active connection.
* @param cert The certificate that was presented by the server.
*
* @return true if the user decided to connect anyway, false if the user decided to not connect
*/
boolean confirmCertExpired(in nsIInterfaceRequestor socketInfo,
in nsIX509Cert cert);
/**
* Inform the user there are problems with the trust of a certificate,
* and request a decision from the user.
* The Certificate Authority (CA) that issued the server's certificate has issued a
* Certificate Revocation List (CRL).
* However, the application does not have a current version of the CA's CRL.
* Due to the application configuration, the application disallows the connection
* to the remote site.
*
* @param socketInfo A network communication context that can be used to obtain more information
* about the active connection.
* @param targetURL The URL that was used to open the current connection.
* @param cert The certificate that was presented by the server.
*/
void notifyCrlNextupdate(in nsIInterfaceRequestor socketInfo,
in AUTF8String targetURL, in nsIX509Cert cert);
};

42
security/manager/ssl/public/nsICRLInfo.idl
Просмотреть файл

@ -35,15 +35,53 @@
#include "nsISupports.idl"
/**
* Information on a Certificate Revocation List (CRL)
* issued by a Aertificate Authority (CA).
*/
[scriptable, uuid(c185d920-4a3e-11d5-ba27-00108303b117)]
interface nsICRLInfo : nsISupports {
readonly attribute AString org;
readonly attribute AString orgUnit;
/**
* The issuing CA's organization.
*/
readonly attribute AString organization;
/**
* The issuing CA's organizational unit.
*/
readonly attribute AString organizationalUnit;
/**
* The time this CRL was created at.
*/
readonly attribute PRTime lastUpdate;
/**
* The time the suggested next update for this CRL.
*/
readonly attribute PRTime nextUpdate;
/**
* lastUpdate formatted as a human readable string
* formatted according to the environment locale.
*/
readonly attribute AString lastUpdateLocale;
/**
* nextUpdate formatted as a human readable string
* formatted according to the environment locale.
*/
readonly attribute AString nextUpdateLocale;
/**
* The key identifying the CRL in the database.
*/
readonly attribute AString nameInDb;
/**
* The URL this CRL was last fetched from.
*/
readonly attribute AUTF8String lastFetchURL;
};

70
security/manager/ssl/public/nsICertificateDialogs.idl
Просмотреть файл

@ -27,35 +27,87 @@ interface nsIX509Cert;
interface nsICRLInfo;
/**
* nsICertificateDialogs
* Provides UI for certificate-related dialogs.
* Functions that implement user interface dialogs to manage certificates.
*/
[scriptable, uuid(a03ca940-09be-11d5-ac5d-000064657374)]
interface nsICertificateDialogs : nsISupports
{
/**
* downloadCACert
* UI shown when a user is asked to download a new CA cert. Provides
* user with ability to choose trust settings for the cert.
* Trust is a bit mask, see nsIX509CertDB for possible values.
* UI shown when a user is asked to download a new CA cert.
* Provides user with ability to choose trust settings for the cert.
* Asks the user to grant permission to import the certificate.
*
* @param ctx A user interface context.
* @param cert The certificate that is about to get installed.
* @param trust a bit mask of trust flags,
* see nsIX509CertDB for possible values.
*
* @return true if the user allows to import the certificate.
*/
boolean downloadCACert(in nsIInterfaceRequestor ctx,
boolean confirmDownloadCACert(in nsIInterfaceRequestor ctx,
in nsIX509Cert cert,
out unsigned long trust);
boolean cACertExists(in nsIInterfaceRequestor ctx);
/**
* UI shown when a web site has delivered a CA certificate to
* be imported, but the certificate is already contained in the
* user's storage.
*
* @param ctx A user interface context.
*/
void notifyCACertExists(in nsIInterfaceRequestor ctx);
/**
* UI shown when a user's personal certificate is going to be
* exported to a backup file.
* The implementation of this dialog should make sure
* to prompt the user to type the password twice in order to
* confirm correct input.
* The wording in the dialog should also motivate the user
* to enter a strong password.
*
* @param ctx A user interface context.
* @param password The password provided by the user.
*
* @return false if the user requests to cancel.
*/
boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx,
out AString password);
/**
* UI shown when a user is about to restore a personal
* certificate from a backup file.
* The user is requested to enter the password
* that was used in the past to protect that backup file.
*
* @param ctx A user interface context.
* @param password The password provided by the user.
*
* @return false if the user requests to cancel.
*/
boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx,
out AString password);
/**
* UI shown when a certificate needs to be shown to the user.
* The implementation should try to display as many attributes
* as possible.
*
* @param ctx A user interface context.
* @param cert The certificate to be shown to the user.
*/
void viewCert(in nsIInterfaceRequestor ctx,
in nsIX509Cert cert);
/**
* UI shown after a Certificate Revocation List (CRL) has been
* successfully imported.
*
* @param ctx A user interface context.
* @param crl Information describing the CRL that was imported.
*/
void crlImportStatusDialog(in nsIInterfaceRequestor ctx,
in nsICRLInfo nameInDB);
in nsICRLInfo crl);
};
%{C++

183
security/manager/ssl/public/nsIX509Cert.idl
Просмотреть файл

@ -39,39 +39,107 @@ interface nsIArray;
interface nsIX509CertValidity;
interface nsIASN1Object;
/**
* This represents a X.509 certificate.
*/
[scriptable, uuid(f0980f60-ee3d-11d4-998b-00b0d02354a0)]
interface nsIX509Cert : nsISupports {
/*
* attributes for certs
/**
* A nickname for the certificate.
*/
readonly attribute AString nickname;
/**
* The primary email address of the certificate, if present.
*/
readonly attribute AString emailAddress;
readonly attribute AString commonName;
readonly attribute AString organization;
readonly attribute AString organizationalUnit;
/**
* The subject owning the certificate.
*/
readonly attribute AString subjectName;
readonly attribute AString issuerName;
readonly attribute AString serialNumber;
/**
* The subject's common name.
*/
readonly attribute AString commonName;
/**
* The subject's organization.
*/
readonly attribute AString organization;
/**
* The subject's organizational unit.
*/
readonly attribute AString organizationalUnit;
/**
* The fingerprint of the certificate's public key,
* calculated using the SHA1 algorithm.
*/
readonly attribute AString sha1Fingerprint;
/**
* The fingerprint of the certificate's public key,
* calculated using the MD5 algorithm.
*/
readonly attribute AString md5Fingerprint;
readonly attribute AString issuedDate;
readonly attribute AString issuedDateSortable;
readonly attribute AString expiresDate;
readonly attribute AString expiresDateSortable;
/**
* A human readable name identifying the hardware or
* software token the certificate is stored on.
*/
readonly attribute AString tokenName;
/**
* The subject identifying the issuer certificate.
*/
readonly attribute AString issuerName;
/**
* The serial number the issuer assigned to this certificate.
*/
readonly attribute AString serialNumber;
/**
* The issuer subject's common name.
*/
readonly attribute AString issuerCommonName;
/**
* The issuer subject's organization.
*/
readonly attribute AString issuerOrganization;
/**
* The issuer subject's organizational unit.
*/
readonly attribute AString issuerOrganizationUnit;
/**
* The certificate used by the issuer to sign this certificate.
*/
readonly attribute nsIX509Cert issuer;
/**
* This certificate's validity period.
*/
readonly attribute nsIX509CertValidity validity;
readonly attribute string dbKey;
readonly attribute string windowTitle;
readonly attribute boolean usesOCSP;
/*
* enums for certs
/**
* A unique identifier of this certificate within the local storage.
*/
readonly attribute string dbKey;
/**
* A human readable identifier to label this certificate.
*/
readonly attribute string windowTitle;
/**
* Constants to classify the type of a certificate.
*/
const unsigned long UNKNOWN_CERT = 0;
const unsigned long CA_CERT = 1 << 0;
@ -79,7 +147,9 @@ interface nsIX509Cert : nsISupports {
const unsigned long EMAIL_CERT = 1 << 2;
const unsigned long SERVER_CERT = 1 << 3;
// errors in verifying certs
/**
* Constants for certificate verification results.
*/
const unsigned long VERIFIED_OK = 0;
const unsigned long NOT_VERIFIED_UNKNOWN = 1 << 0;
const unsigned long CERT_REVOKED = 1 << 1;
@ -90,18 +160,9 @@ interface nsIX509Cert : nsISupports {
const unsigned long INVALID_CA = 1 << 6;
const unsigned long USAGE_NOT_ALLOWED = 1 << 7;
/*
* accessors for certs
/**
* Constants that describe the certified usages of a certificate.
*/
nsIArray getChain();
void getUsages(out unsigned long verified,
out unsigned long count,
[array, size_is(count)] out wstring usages);
void getPurposes(out unsigned long verified, out AString purposes);
const unsigned long CERT_USAGE_SSLClient = 0;
const unsigned long CERT_USAGE_SSLServer = 1;
const unsigned long CERT_USAGE_SSLServerWithStepUp = 2;
@ -115,20 +176,68 @@ interface nsIX509Cert : nsISupports {
const unsigned long CERT_USAGE_StatusResponder = 10;
const unsigned long CERT_USAGE_AnyCA = 11;
/*
* output is verification result, bitmask?
*/
unsigned long verifyForUsage(in unsigned long usage);
/**
* Obtain a list of certificates that contains this certificate
* and the issuing certificates of all involved issuers,
* up to the root issuer.
*
* @return The chain of certifficates including the issuers.
*/
nsIArray getChain();
/*
* This is the attribute which describes the ASN1 layout
* of the certificate. This can be used when doing a
* "pretty print" of the certificate's ASN1 structure.
/**
* Obtain an array of human readable strings describing
* the certificate's certified usages.
*
* @param ignoreOcsp Do not use OCSP even if it is currently activated.
* @param verified The certificate verification result, see constants.
* @param count The number of human readable usages returned.
* @param usages The array of human readable usages.
*/
void getUsagesArray(in boolean ignoreOcsp,
out PRUint32 verified,
out PRUint32 count,
[array, size_is(count)] out wstring usages);
/**
* Obtain a single comma separated human readable string describing
* the certificate's certified usages.
*
* @param ignoreOcsp Do not use OCSP even if it is currently activated.
* @param verified The certificate verification result, see constants.
* @param purposes The string listing the usages.
*/
void getUsagesString(in boolean ignoreOcsp, out PRUint32 verified, out AString usages);
/**
* Verify the certificate for a particular usage.
*
* @return The certificate verification result, see constants.
*/
unsigned long verifyForUsage(in unsigned long usage);
/**
* This is the attribute which describes the ASN1 layout
* of the certificate. This can be used when doing a
* "pretty print" of the certificate's ASN1 structure.
*/
readonly attribute nsIASN1Object ASN1Structure;
/**
* Obtain a raw binary encoding of this certificate
* in DER format.
*
* @param length The number of bytes in the binary encoding.
* @param data The bytes representing the DER encoded certificate.
*/
void getRawDER(out unsigned long length,
[retval, array, size_is(length)] out octet data);
boolean isSameCert(in nsIX509Cert other);
/**
* Test whether two certificate instances represent the
* same certificate.
*
* @return Whether the certificates are equal
*/
boolean equals(in nsIX509Cert other);
};

262
security/manager/ssl/public/nsIX509CertDB.idl
Просмотреть файл

@ -44,180 +44,250 @@ interface nsIInterfaceRequestor;
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
%}
/**
* This represents a service to access and manipulate
* X.509 certificates stored in a database.
*/
[scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]
interface nsIX509CertDB : nsISupports {
/* the database is responsible for managing cert trust */
/**
* Constants that define which usages a certificate
* is trusted for.
*/
const unsigned long UNTRUSTED = 0;
const unsigned long TRUSTED_SSL = 1 << 0;
const unsigned long TRUSTED_EMAIL = 1 << 1;
const unsigned long TRUSTED_OBJSIGN = 1 << 2;
nsIX509Cert getCertByNickname(in nsISupports aToken,
in AString aNickname);
/*
* getCertByDBKey
/**
* Given a nickname and optionally a token,
* locate the matching certificate.
*
* Will find a certificate based on its dbkey
* retrieved by getting the dbKey attribute of
* the certificate.
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aNickname The nickname to be used as the key
* to find a certificate.
*
* @return The matching certificate if found.
*/
nsIX509Cert getCertByDBKey(in string aDBkey, in nsISupports aToken);
nsIX509Cert findCertByNickname(in nsISupports aToken,
in AString aNickname);
/*
* getCertNicknames
/**
* Will find a certificate based on its dbkey
* retrieved by getting the dbKey attribute of
* the certificate.
*
* Obtain a list of certificate nicknames from the database.
* What the name is depends on type:
* user, ca, or server cert - the nickname
* email cert - the email address
*
* aToken - PKCS#11 token to get certs from (null for all tokens)
* aType - type of certificate to obtain (see nsIX509Cert)
* count, certNameList - the returned array of names
* @param aDBkey Database internal key, as obtained using
* attribute dbkey in nsIX509Cert.
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
*/
void getCertNicknames(in nsISupports aToken,
in unsigned long aType,
out unsigned long count,
[array, size_is(count)] out wstring certNameList);
nsIX509Cert findCertByDBKey(in string aDBkey, in nsISupports aToken);
/* Get the user encryption cert */
nsIX509Cert getEmailEncryptionCert(in AString aNickname);
/**
* Obtain a list of certificate nicknames from the database.
* What the name is depends on type:
* user, ca, or server cert - the nickname
* email cert - the email address
*
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aType Type of certificate to obtain
* See certificate type constants in nsIX509Cert.
* @param count The number of nicknames in the returned array
* @param certNameList The returned array of certificate nicknames.
*/
void findCertNicknames(in nsISupports aToken,
in unsigned long aType,
out unsigned long count,
[array, size_is(count)] out wstring certNameList);
/* Get the user signing cert */
nsIX509Cert getEmailSigningCert(in AString aNickname);
/**
* Find the email encryption certificate by nickname.
*
* @param aNickname The nickname to be used as the key
* to find the certificate.
*
* @return The matching certificate if found.
*/
nsIX509Cert findEmailEncryptionCert(in AString aNickname);
/* Get a cert by email address */
nsIX509Cert getCertByEmailAddress(in nsISupports aToken,
in string aEmailAddress);
/**
* Find the email signing certificate by nickname.
*
* @param aNickname The nickname to be used as the key
* to find the certificate.
*
* @return The matching certificate if found.
*/
nsIX509Cert findEmailSigningCert(in AString aNickname);
/*
* importCertificates
* Use this to import a stream sent down as a mime type into
* the default cert db. The stream may consist of one or more
* certificates.
* XXX We may want to add a parameter for a PK11 Token where
* the certs will utlimtately live. Currently, they'll
* be placed in the default token.
/**
* Find a certificate by email address.
*
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aEmailAddress The email address to be used as the key
* to find the certificate.
*
* @return The matching certificate if found.
*/
nsIX509Cert findCertByEmailAddress(in nsISupports aToken,
in string aEmailAddress);
/**
* Use this to import a stream sent down as a mime type into
* the certificate database on the default token.
* The stream may consist of one or more certificates.
*
* @param data The raw data to be imported
* @param length The length of the data to be imported
* @param type The type of the certificate, see constants in nsIX509Cert
* @param ctx A UI context.
*/
void importCertificates([array, size_is(length)] in octet data,
in unsigned long length,
in unsigned long type,
in nsIInterfaceRequestor ctx);
/*
* importEmailCertificate
/**
* Import another person's email certificate into the database.
*
* Import a user certificate into the database.
*
* @param length - The number of bytes contained in the data array.
*
* @param data - Raw certificate data, containing the certificate to import.
* @param data The raw data to be imported
* @param length The length of the data to be imported
* @param ctx A UI context.
*/
void importEmailCertificate([array, size_is(length)] in octet data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
/**
* Import a server machine's certificate into the database.
*
* @param data The raw data to be imported
* @param length The length of the data to be imported
* @param ctx A UI context.
*/
void importServerCertificate([array, size_is(length)] in octet data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
/*
* importCertificate
/**
* Import a personal certificate into the database, assuming
* the database already contains the private key for this certificate.
*
* Import a user certificate into the database.
* XXX This method and the importCertificate should be merged into one.
* @param data The raw data to be imported
* @param length The length of the data to be imported
* @param ctx A UI context.
*/
void importUserCertificate([array, size_is(length)] in octet data,
in unsigned long length,
in nsIInterfaceRequestor ctx);
/*
* deleteCertificate
/**
* Delete a certificate stored in the database.
*
* Remove a certificate from the database.
* @param aCert Delete this certificate.
*/
void deleteCertificate(in nsIX509Cert aCert);
/*
* setCertTrust
/**
* Modify the trust that is stored and associated to a certificate within
* a database. Separate trust is stored for
* One call manipulates the trust for one trust type only.
* See the trust type constants defined within this interface.
*
* The certificate database is responsible for managing cert trust. This
* function allows clients to set the trust settings for a cert.
* @param cert Change the stored trust of this certificate.
* @param type The type of the certificate. See nsIX509Cert.
* @param trust A bitmask. The new trust for the possible usages.
* See the trust constants defined within this interface.
*/
void setCertTrust(in nsIX509Cert cert,
in unsigned long type,
in unsigned long trust);
/*
* getCertTrust
/**
* Query whether a certificate is trusted for a particular use.
*
* Get the trust settings for this certificate.
* @param cert Obtain the stored trust of this certificate.
* @param certType The type of the certificate. See nsIX509Cert.
* @param trustType A single bit from the usages constants defined
* within this interface.
*
* trustType = TRUSTED_SSL => returns true if cert is trusted SSL cert
* trustType = TRUSTED_EMAIL => returns true if cert is trusted email cert
* trustType = TRUSTED_OBJSIGN => returns true if cert is trusted
* object signing cert
* @return Returns true if the certificate is trusted for the given use.
*/
boolean getCertTrust(in nsIX509Cert cert,
boolean isCertTrusted(in nsIX509Cert cert,
in unsigned long certType,
in unsigned long trustType);
/*
* importCertsFromFile
/**
* Import certificate(s) from file
*
* Import certificate(s) from file
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aFile Identifies a file that contains the certificate
* to be imported.
* @param aType Describes the type of certificate that is going to
* be imported. See type constants in nsIX509Cert.
*/
void importCertsFromFile(in nsISupports aToken,
in nsILocalFile aFile,
in unsigned long aType);
/*
* importPKCS12File
/**
* Import a PKCS#12 file containing cert(s) and key(s) into the database.
*
* Import a PKCS#12 file contain cert(s) and key(s) into the database.
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aFile Identifies a file that contains the data
* to be imported.
*/
void importPKCS12File(in nsISupports aToken,
in nsILocalFile aFile);
/*
* exportPKCS12File
/**
* Export a set of certs and keys from the database to a PKCS#12 file.
*
* Export a set of certs and keys from the database to a PKCS#12 file.
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aFile Identifies a file that will be filled with the data
* to be exported.
* @param count The number of certificates to be exported.
* @param aCerts The array of all certificates to be exported.
*/
void exportPKCS12File(in nsISupports aToken,
in nsILocalFile aFile,
in unsigned long count,
[array, size_is(count)] in nsIX509Cert aCerts);
/*
* getOCSPResponders
/**
* An array of all known OCSP responders within the scope of the
* certificate database.
*
* Export a set of OCSP responders i.e. CA names and (optional) URLs.
* @return Array of OCSP responders, entries are QIable to nsIOCSPResponder.
*/
nsIArray getOCSPResponders();
/*
* Query about the status of OCSP
/**
* Whether OCSP is enabled in preferences.
*/
readonly attribute boolean ocspOn;
readonly attribute boolean isOcspOn;
/*
* Use this to temporarily disable OCSP checking.
* Needed if OCSP checks slow down UI rendering too much.
* A call to this should be followed with a call to
* enableOCSP soon afterwards.
*/
void disableOCSP();
/*
* Sets the OCSP options to correspond with the preferences
* values.
*/
void enableOCSP();
/*
* decode base64 certificate and return a new nsIX509Cert instance
*
* Decode a raw data presentation and instantiate an object in memory.
*
* @param base64 The raw representation of a certificate,
* encoded as Base 64.
* @return The new certificate object.
*/
nsIX509Cert constructX509FromBase64(in string base64);
};

54
security/manager/ssl/public/nsIX509CertValidity.idl
Просмотреть файл

@ -35,13 +35,65 @@
#include "nsISupports.idl"
/**
* Information on the validity period of a X.509 certificate.
*/
[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
interface nsIX509CertValidity : nsISupports {
/**
* The earliest point in time where
* a certificate is valid.
*/
readonly attribute PRTime notBefore;
/**
* "notBefore" attribute formatted as a time string
* according to the environment locale,
* according to the environment time zone.
*/
readonly attribute AString notBeforeLocalTime;
/**
* The day portion of "notBefore"
* formatted as a time string
* according to the environment locale,
* according to the environment time zone.
*/
readonly attribute AString notBeforeLocalDay;
/**
* "notBefore" attribute formatted as a string
* according to the environment locale,
* displayed as GMT / UTC.
*/
readonly attribute AString notBeforeGMT;
/**
* The latest point in time where
* a certificate is valid.
*/
readonly attribute PRTime notAfter;
/**
* "notAfter" attribute formatted as a time string
* according to the environment locale,
* according to the environment time zone.
*/
readonly attribute AString notAfterLocalTime;
/**
* The day portion of "notAfter"
* formatted as a time string
* according to the environment locale,
* according to the environment time zone.
*/
readonly attribute AString notAfterLocalDay;
/**
* "notAfter" attribute formatted as a time string
* according to the environment locale,
* displayed as GMT / UTC.
*/
readonly attribute AString notAfterGMT;
};

4
security/manager/ssl/src/nsCRLInfo.cpp
Просмотреть файл

@ -136,14 +136,14 @@ nsCRLInfo::~nsCRLInfo()
}
/* readonly attribute */
NS_IMETHODIMP nsCRLInfo::GetOrg(nsAString & aOrg)
NS_IMETHODIMP nsCRLInfo::GetOrganization(nsAString & aOrg)
{
aOrg = mOrg;
return NS_OK;
}
/* readonly attribute */
NS_IMETHODIMP nsCRLInfo::GetOrgUnit(nsAString & aOrgUnit)
NS_IMETHODIMP nsCRLInfo::GetOrganizationalUnit(nsAString & aOrgUnit)
{
aOrgUnit = mOrgUnit;
return NS_OK;

51
security/manager/ssl/src/nsCertTree.cpp
Просмотреть файл

@ -36,6 +36,7 @@
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
#include "nsCertTree.h"
#include "nsIX509Cert.h"
#include "nsIX509CertValidity.h"
#include "nsIX509CertDB.h"
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
@ -650,6 +651,7 @@ nsCertTree::GetCellText(PRInt32 row, const PRUnichar *colID,
nsAString& _retval)
{
nsresult rv;
_retval.Truncate();
NS_ConvertUCS2toUTF8 aUtf8ColID(colID);
const char *col = aUtf8ColID.get();
treeArrayEl *el = GetThreadDescAtIndex(row);
@ -690,21 +692,16 @@ nsCertTree::GetCellText(PRInt32 row, const PRUnichar *colID,
rv = cert->GetEmailAddress(_retval);
} else if (strcmp(col, "purposecol") == 0 && mNSSComponent) {
PRUint32 verified;
PRBool ocspEnabled;
cert->GetUsesOCSP(&ocspEnabled);
if (ocspEnabled) {
mNSSComponent->DisableOCSP();
}
nsAutoString dummyPurposes;
rv = cert->GetPurposes(&verified, dummyPurposes);
nsAutoString theUsages;
rv = cert->GetUsagesString(PR_TRUE, &verified, theUsages); // ignore OCSP
if (NS_FAILED(rv)) {
verified = nsIX509Cert::NOT_VERIFIED_UNKNOWN;
}
switch (verified) {
case nsIX509Cert::VERIFIED_OK:
rv = cert->GetPurposes(&verified, _retval);
_retval = theUsages;
break;
case nsIX509Cert::CERT_REVOKED:
@ -738,14 +735,20 @@ nsCertTree::GetCellText(PRInt32 row, const PRUnichar *colID,
NS_LITERAL_STRING("VerifyUnknown").get(), _retval);
break;
}
if (ocspEnabled) {
mNSSComponent->EnableOCSP();
}
} else if (strcmp(col, "issuedcol") == 0) {
rv = cert->GetIssuedDate(_retval);
nsCOMPtr<nsIX509CertValidity> validity;
rv = cert->GetValidity(getter_AddRefs(validity));
if (NS_SUCCEEDED(rv)) {
validity->GetNotBeforeLocalDay(_retval);
}
} else if (strcmp(col, "expiredcol") == 0) {
rv = cert->GetExpiresDate(_retval);
nsCOMPtr<nsIX509CertValidity> validity;
rv = cert->GetValidity(getter_AddRefs(validity));
if (NS_SUCCEEDED(rv)) {
validity->GetNotAfterLocalDay(_retval);
}
} else if (strcmp(col, "serialnumcol") == 0) {
rv = cert->GetSerialNumber(_retval);
} else {
@ -933,7 +936,25 @@ nsCertTree::CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry,
cert->GetCommonName(str);
break;
case sort_IssuedDateDescending:
cert->GetIssuedDateSortable(str);
{
nsresult rv;
nsCOMPtr<nsIX509CertValidity> validity;
PRTime notBefore;
rv = cert->GetValidity(getter_AddRefs(validity));
if (NS_SUCCEEDED(rv)) {
rv = validity->GetNotBefore(&notBefore);
}
if (NS_SUCCEEDED(rv)) {
PRExplodedTime explodedTime;
PR_ExplodeTime(notBefore, PR_GMTParameters, &explodedTime);
char datebuf[20]; // 4 + 2 + 2 + 2 + 2 + 2 + 1 = 15
if (0 != PR_FormatTime(datebuf, sizeof(datebuf), "%Y%m%d%H%M%S", &explodedTime)) {
str = NS_ConvertASCIItoUCS2(nsDependentCString(datebuf));
}
}
}
break;
case sort_Email:
cert->GetEmailAddress(str);

38
security/manager/ssl/src/nsNSSASN1Object.cpp
Просмотреть файл

@ -238,8 +238,8 @@ CreateFromDER(unsigned char *data,
return rv;
}
nsNSSASN1Sequence::nsNSSASN1Sequence() : mProcessObjects(PR_TRUE),
mShowObjects(PR_TRUE)
nsNSSASN1Sequence::nsNSSASN1Sequence() : mIsValidContainer(PR_TRUE),
mIsExpanded(PR_TRUE)
{
NS_INIT_ISUPPORTS();
/* member initializers and constructor code */
@ -324,36 +324,34 @@ nsNSSASN1Sequence::SetDisplayValue(const nsAString &aDisplayValue)
return NS_OK;
}
/* attribute boolean processObjects; */
NS_IMETHODIMP
nsNSSASN1Sequence::GetProcessObjects(PRBool *aProcessObjects)
nsNSSASN1Sequence::GetIsValidContainer(PRBool *aIsValidContainer)
{
NS_ENSURE_ARG_POINTER(aProcessObjects);
*aProcessObjects = mProcessObjects;
NS_ENSURE_ARG_POINTER(aIsValidContainer);
*aIsValidContainer = mIsValidContainer;
return NS_OK;
}
NS_IMETHODIMP
nsNSSASN1Sequence::SetProcessObjects(PRBool aProcessObjects)
nsNSSASN1Sequence::SetIsValidContainer(PRBool aIsValidContainer)
{
mProcessObjects = aProcessObjects;
SetShowObjects(mProcessObjects);
return NS_OK;
}
/* attribute boolean showObjects; */
NS_IMETHODIMP
nsNSSASN1Sequence::GetShowObjects(PRBool *aShowObjects)
{
NS_ENSURE_ARG_POINTER(aShowObjects);
*aShowObjects = mShowObjects;
mIsValidContainer = aIsValidContainer;
SetIsExpanded(mIsValidContainer);
return NS_OK;
}
NS_IMETHODIMP
nsNSSASN1Sequence::SetShowObjects(PRBool aShowObjects)
nsNSSASN1Sequence::GetIsExpanded(PRBool *aIsExpanded)
{
mShowObjects = aShowObjects;
NS_ENSURE_ARG_POINTER(aIsExpanded);
*aIsExpanded = mIsExpanded;
return NS_OK;
}
NS_IMETHODIMP
nsNSSASN1Sequence::SetIsExpanded(PRBool aIsExpanded)
{
mIsExpanded = aIsExpanded;
return NS_OK;
}

4
security/manager/ssl/src/nsNSSASN1Object.h
Просмотреть файл

@ -66,8 +66,8 @@ private:
nsString mDisplayValue;
PRUint32 mType;
PRUint32 mTag;
PRBool mProcessObjects;
PRBool mShowObjects;
PRBool mIsValidContainer;
PRBool mIsExpanded;
};
class nsNSSASN1PrintableItem : public nsIASN1PrintableItem

39
security/manager/ssl/src/nsNSSCertValidity.cpp
Просмотреть файл

@ -101,6 +101,26 @@ NS_IMETHODIMP nsX509CertValidity::GetNotBeforeLocalTime(nsAString &aNotBeforeLoc
return NS_OK;
}
NS_IMETHODIMP nsX509CertValidity::GetNotBeforeLocalDay(nsAString &aNotBeforeLocalDay)
{
if (!mTimesInitialized)
return NS_ERROR_FAILURE;
nsresult rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
PRExplodedTime explodedTime;
PR_ExplodeTime(mNotBefore, PR_LocalTimeParameters, &explodedTime);
dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatNone,
&explodedTime, date);
aNotBeforeLocalDay = date;
return NS_OK;
}
NS_IMETHODIMP nsX509CertValidity::GetNotBeforeGMT(nsAString &aNotBeforeGMT)
{
if (!mTimesInitialized)
@ -152,6 +172,25 @@ NS_IMETHODIMP nsX509CertValidity::GetNotAfterLocalTime(nsAString &aNotAfterLocal
return NS_OK;
}
NS_IMETHODIMP nsX509CertValidity::GetNotAfterLocalDay(nsAString &aNotAfterLocalDay)
{
if (!mTimesInitialized)
return NS_ERROR_FAILURE;
nsresult rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
PRExplodedTime explodedTime;
PR_ExplodeTime(mNotAfter, PR_LocalTimeParameters, &explodedTime);
dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatNone,
&explodedTime, date);
aNotAfterLocalDay = date;
return NS_OK;
}
NS_IMETHODIMP nsX509CertValidity::GetNotAfterGMT(nsAString &aNotAfterGMT)
{
if (!mTimesInitialized)

142
security/manager/ssl/src/nsNSSCertificate.cpp
Просмотреть файл

@ -295,7 +295,7 @@ nsNSSCertificate::FormatUIStrings(const nsAutoString &nickname, nsAutoString &ni
}
PRUint32 tempInt = 0;
if (NS_SUCCEEDED(x509Proxy->GetPurposes(&tempInt, temp1)) && !temp1.IsEmpty()) {
if (NS_SUCCEEDED(x509Proxy->GetUsagesString(PR_FALSE, &tempInt, temp1)) && !temp1.IsEmpty()) {
details.Append(NS_LITERAL_STRING(" "));
if (NS_SUCCEEDED(nssComponent->GetPIPNSSBundleString(NS_LITERAL_STRING("CertInfoPurposes").get(), info))) {
details.Append(info);
@ -645,90 +645,6 @@ nsNSSCertificate::GetMd5Fingerprint(nsAString &_md5Fingerprint)
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsNSSCertificate::GetIssuedDate(nsAString &_issuedDate)
{
_issuedDate.Truncate();
nsresult rv;
PRTime beforeTime;
nsCOMPtr<nsIX509CertValidity> validity;
rv = this->GetValidity(getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotBefore(&beforeTime);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
beforeTime, date);
_issuedDate = date;
return NS_OK;
}
nsresult
nsNSSCertificate::GetSortableDate(PRTime aTime, nsAString &_aSortableDate)
{
PRExplodedTime explodedTime;
PR_ExplodeTime(aTime, PR_GMTParameters, &explodedTime);
char datebuf[20]; // 4 + 2 + 2 + 2 + 2 + 2 + 1 = 15
if (0 != PR_FormatTime(datebuf, sizeof(datebuf), "%Y%m%d%H%M%S", &explodedTime)) {
_aSortableDate = NS_ConvertASCIItoUCS2(nsDependentCString(datebuf));
return NS_OK;
}
else
return NS_ERROR_OUT_OF_MEMORY;
}
NS_IMETHODIMP
nsNSSCertificate::GetIssuedDateSortable(nsAString &_issuedDate)
{
_issuedDate.Truncate();
nsresult rv;
PRTime beforeTime;
nsCOMPtr<nsIX509CertValidity> validity;
rv = this->GetValidity(getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotBefore(&beforeTime);
if (NS_FAILED(rv)) return rv;
return GetSortableDate(beforeTime, _issuedDate);
}
NS_IMETHODIMP
nsNSSCertificate::GetExpiresDate(nsAString &_expiresDate)
{
_expiresDate.Truncate();
nsresult rv;
PRTime afterTime;
nsCOMPtr<nsIX509CertValidity> validity;
rv = this->GetValidity(getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotAfter(&afterTime);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
afterTime, date);
_expiresDate = date;
return NS_OK;
}
NS_IMETHODIMP
nsNSSCertificate::GetExpiresDateSortable(nsAString &_expiresDate)
{
_expiresDate.Truncate();
nsresult rv;
PRTime afterTime;
nsCOMPtr<nsIX509CertValidity> validity;
rv = this->GetValidity(getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotAfter(&afterTime);
if (NS_FAILED(rv)) return rv;
return GetSortableDate(afterTime, _expiresDate);
}
NS_IMETHODIMP
nsNSSCertificate::GetTokenName(nsAString &aTokenName)
{
@ -761,25 +677,6 @@ nsNSSCertificate::GetTokenName(nsAString &aTokenName)
return NS_OK;
}
NS_IMETHODIMP
nsNSSCertificate::GetUsesOCSP(PRBool *aUsesOCSP)
{
nsCOMPtr<nsIPref> prefService = do_GetService(NS_PREF_CONTRACTID);
PRInt32 ocspEnabled;
prefService->GetIntPref("security.OCSP.enabled", &ocspEnabled);
if (ocspEnabled == 2) {
*aUsesOCSP = PR_TRUE;
} else if (ocspEnabled == 1) {
nsXPIDLCString ocspLocation;
ocspLocation.Adopt(CERT_GetOCSPAuthorityInfoAccessLocation(mCert));
*aUsesOCSP = (ocspLocation) ? PR_TRUE : PR_FALSE;
} else {
*aUsesOCSP = PR_FALSE;
}
return NS_OK;
}
NS_IMETHODIMP
nsNSSCertificate::GetRawDER(PRUint32 *aLength, PRUint8 **aArray)
{
@ -927,22 +824,19 @@ nsNSSCertificate::VerifyForUsage(PRUint32 usage, PRUint32 *verificationResult)
}
/*
* void getUsages(out PRUint32 verified,
* out PRUint32 count,
* [retval, array, size_is(count)] out wstring usages);
*/
NS_IMETHODIMP
nsNSSCertificate::GetUsages(PRUint32 *_verified,
PRUint32 *_count,
PRUnichar ***_usages)
nsNSSCertificate::GetUsagesArray(PRBool ignoreOcsp,
PRUint32 *_verified,
PRUint32 *_count,
PRUnichar ***_usages)
{
nsresult rv;
PRUnichar *tmpUsages[13];
const int max_usages = 13;
PRUnichar *tmpUsages[max_usages];
char *suffix = "";
PRUint32 tmpCount;
nsUsageArrayHelper uah(mCert);
rv = uah.GetUsageArray(suffix, 13, _verified, &tmpCount, tmpUsages);
rv = uah.GetUsagesArray(suffix, ignoreOcsp, max_usages, _verified, &tmpCount, tmpUsages);
if (tmpCount > 0) {
*_usages = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * tmpCount);
for (PRUint32 i=0; i<tmpCount; i++) {
@ -957,19 +851,21 @@ nsNSSCertificate::GetUsages(PRUint32 *_verified,
}
NS_IMETHODIMP
nsNSSCertificate::GetPurposes(PRUint32 *_verified,
nsAString &_purposes)
nsNSSCertificate::GetUsagesString(PRBool ignoreOcsp,
PRUint32 *_verified,
nsAString &_usages)
{
nsresult rv;
PRUnichar *tmpUsages[13];
const int max_usages = 13;
PRUnichar *tmpUsages[max_usages];
char *suffix = "_p";
PRUint32 tmpCount;
nsUsageArrayHelper uah(mCert);
rv = uah.GetUsageArray(suffix, 13, _verified, &tmpCount, tmpUsages);
_purposes.Truncate();
rv = uah.GetUsagesArray(suffix, ignoreOcsp, max_usages, _verified, &tmpCount, tmpUsages);
_usages.Truncate();
for (PRUint32 i=0; i<tmpCount; i++) {
if (i>0) _purposes.Append(NS_LITERAL_STRING(","));
_purposes.Append(tmpUsages[i]);
if (i>0) _usages.Append(NS_LITERAL_STRING(","));
_usages.Append(tmpUsages[i]);
nsMemory::Free(tmpUsages[i]);
}
return NS_OK;
@ -989,7 +885,7 @@ ProcessSECAlgorithmID(SECAlgorithmID *algID,
GetOIDText(&algID->algorithm, nssComponent, text);
if (!algID->parameters.len || algID->parameters.data[0] == nsIASN1Object::ASN1_NULL) {
sequence->SetDisplayValue(text);
sequence->SetProcessObjects(PR_FALSE);
sequence->SetIsValidContainer(PR_FALSE);
} else {
nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
printableItem->SetDisplayValue(text);
@ -1493,7 +1389,7 @@ nsNSSCertificate::GetASN1Structure(nsIASN1Object * *aASN1Structure)
}
NS_IMETHODIMP
nsNSSCertificate::IsSameCert(nsIX509Cert *other, PRBool *result)
nsNSSCertificate::Equals(nsIX509Cert *other, PRBool *result)
{
NS_ENSURE_ARG(other);
NS_ENSURE_ARG(result);

60
security/manager/ssl/src/nsNSSCertificateDB.cpp
Просмотреть файл

@ -90,7 +90,7 @@ nsNSSCertificateDB::~nsNSSCertificateDB()
}
NS_IMETHODIMP
nsNSSCertificateDB::GetCertByNickname(nsISupports *aToken,
nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
const nsAString &nickname,
nsIX509Cert **_rvCert)
{
@ -123,7 +123,7 @@ nsNSSCertificateDB::GetCertByNickname(nsISupports *aToken,
}
NS_IMETHODIMP
nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsISupports *aToken,
nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
nsIX509Cert **_cert)
{
SECItem keyItem = {siBuffer, nsnull, 0};
@ -160,7 +160,7 @@ nsNSSCertificateDB::GetCertByDBKey(const char *aDBkey, nsISupports *aToken,
}
NS_IMETHODIMP
nsNSSCertificateDB::GetCertNicknames(nsISupports *aToken,
nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken,
PRUint32 aType,
PRUint32 *_count,
PRUnichar ***_certNames)
@ -344,18 +344,18 @@ nsNSSCertificateDB::handleCACertDownload(nsIArray *x509Certs,
CERTCertificateCleaner tmpCertCleaner(tmpCert);
PRBool canceled;
if (tmpCert->isperm) {
dialogs->CACertExists(ctx, &canceled);
dialogs->NotifyCACertExists(ctx);
return NS_ERROR_FAILURE;
}
PRUint32 trustBits;
rv = dialogs->DownloadCACert(ctx, certToShow, &trustBits, &canceled);
PRBool allows;
rv = dialogs->ConfirmDownloadCACert(ctx, certToShow, &trustBits, &allows);
if (NS_FAILED(rv))
return rv;
if (canceled)
if (!allows)
return NS_ERROR_NOT_AVAILABLE;
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("trust is %d\n", trustBits));
@ -729,16 +729,11 @@ nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert,
return (srv) ? NS_ERROR_FAILURE : NS_OK;
}
/*
* boolean getCertTrust(in nsIX509Cert cert,
* in unsigned long certType,
* in unsigned long trustType);
*/
NS_IMETHODIMP
nsNSSCertificateDB::GetCertTrust(nsIX509Cert *cert,
PRUint32 certType,
PRUint32 trustType,
PRBool *_isTrusted)
nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert,
PRUint32 certType,
PRUint32 trustType,
PRBool *_isTrusted)
{
SECStatus srv;
nsNSSCertificate *pipCert = NS_STATIC_CAST(nsNSSCertificate *, cert);
@ -1029,9 +1024,8 @@ finish:
/* somewhat follows logic of cert_list_include_cert from PSM 1.x */
/* readonly attribute boolean ocspOn; */
NS_IMETHODIMP
nsNSSCertificateDB::GetOcspOn(PRBool *aOcspOn)
nsNSSCertificateDB::GetIsOcspOn(PRBool *aOcspOn)
{
nsCOMPtr<nsIPref> prefService = do_GetService(NS_PREF_CONTRACTID);
@ -1041,33 +1035,9 @@ nsNSSCertificateDB::GetOcspOn(PRBool *aOcspOn)
return NS_OK;
}
/* void disableOCSP (); */
NS_IMETHODIMP
nsNSSCertificateDB::DisableOCSP()
{
nsresult rv;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
return rv;
return nssComponent->DisableOCSP();
}
/* void enableOCSP (); */
NS_IMETHODIMP
nsNSSCertificateDB::EnableOCSP()
{
nsresult rv;
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
return rv;
return nssComponent->EnableOCSP();
}
/* nsIX509Cert getDefaultEmailEncryptionCert (); */
NS_IMETHODIMP
nsNSSCertificateDB::GetEmailEncryptionCert(const nsAString &aNickname, nsIX509Cert **_retval)
nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString &aNickname, nsIX509Cert **_retval)
{
if (!_retval)
return NS_ERROR_FAILURE;
@ -1106,7 +1076,7 @@ loser:
/* nsIX509Cert getDefaultEmailSigningCert (); */
NS_IMETHODIMP
nsNSSCertificateDB::GetEmailSigningCert(const nsAString &aNickname, nsIX509Cert **_retval)
nsNSSCertificateDB::FindEmailSigningCert(const nsAString &aNickname, nsIX509Cert **_retval)
{
if (!_retval)
return NS_ERROR_FAILURE;
@ -1144,7 +1114,7 @@ loser:
}
NS_IMETHODIMP
nsNSSCertificateDB::GetCertByEmailAddress(nsISupports *aToken, const char *aEmailAddress, nsIX509Cert **_retval)
nsNSSCertificateDB::FindCertByEmailAddress(nsISupports *aToken, const char *aEmailAddress, nsIX509Cert **_retval)
{
CERTCertificate *any_cert = CERT_FindCertByNicknameOrEmailAddr(CERT_GetDefaultCertDB(), (char*)aEmailAddress);
if (!any_cert)

4
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -320,7 +320,7 @@ nsNSSComponent::GetPIPNSSBundleString(const PRUnichar *name,
}
NS_IMETHODIMP
nsNSSComponent::DisableOCSP()
nsNSSComponent::SkipOcsp()
{
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
@ -329,7 +329,7 @@ nsNSSComponent::DisableOCSP()
}
NS_IMETHODIMP
nsNSSComponent::EnableOCSP()
nsNSSComponent::SkipOcspOff()
{
setOCSPOptions(mPref);
return NS_OK;

8
security/manager/ssl/src/nsNSSComponent.h
Просмотреть файл

@ -112,11 +112,11 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
// This method will just disable OCSP in NSS, it will not
// alter the respective pref values.
NS_IMETHOD DisableOCSP() = 0;
NS_IMETHOD SkipOcsp() = 0;
// This method will set the OCSP value according to the
// values in the preferences.
NS_IMETHOD EnableOCSP() = 0;
NS_IMETHOD SkipOcspOff() = 0;
NS_IMETHOD RememberCert(CERTCertificate *cert) = 0;
@ -160,8 +160,8 @@ public:
const PRUnichar **params,
PRUint32 numParams,
PRUnichar **outString);
NS_IMETHOD DisableOCSP();
NS_IMETHOD EnableOCSP();
NS_IMETHOD SkipOcsp();
NS_IMETHOD SkipOcspOff();
nsresult InitializeCRLUpdateTimer();
nsresult StopCRLUpdateTimer();
NS_IMETHOD RemoveCrlFromList(nsAutoString);

12
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -1270,14 +1270,13 @@ nsContinueDespiteCertError(nsNSSSocketInfo *infoObject,
this in future - need to define a proper ui for this situation
*/
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
rv = badCertHandler->UnknownIssuer(csi, callBackCert, &addType, &retVal);
rv = badCertHandler->ConfirmUnknownIssuer(csi, callBackCert, &addType, &retVal);
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
{
nsXPIDLCString url; url.Adopt(SSL_RevealURL(sslSocket));
NS_ASSERTION(url.get(), "could not find valid URL in ssl socket");
rv = badCertHandler->MismatchDomain(csi, url,
rv = badCertHandler->ConfirmMismatchDomain(csi, url,
callBackCert, &retVal);
if (NS_SUCCEEDED(rv) && retVal) {
rv = CERT_AddOKDomainName(peerCert, url);
@ -1285,7 +1284,7 @@ nsContinueDespiteCertError(nsNSSSocketInfo *infoObject,
}
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
rv = badCertHandler->CertExpired(csi, callBackCert, & retVal);
rv = badCertHandler->ConfirmCertExpired(csi, callBackCert, & retVal);
if (rv == SECSuccess && retVal) {
// XXX We need an NSS API for this equivalent functionality.
// Having to reach inside the cert is evil.
@ -1296,10 +1295,7 @@ nsContinueDespiteCertError(nsNSSSocketInfo *infoObject,
{
nsXPIDLCString url; url.Adopt(SSL_RevealURL(sslSocket));
NS_ASSERTION(url, "could not find valid URL in ssl socket");
rv = badCertHandler->CrlNextupdate(csi, url, callBackCert);
if (NS_SUCCEEDED(rv) && retVal) {
rv = CERT_AddOKDomainName(peerCert, url.get());
}
rv = badCertHandler->NotifyCrlNextupdate(csi, url, callBackCert);
retVal = PR_FALSE;
}
break;

14
security/manager/ssl/src/nsPKCS12Blob.cpp
Просмотреть файл

@ -31,7 +31,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nsPKCS12Blob.cpp,v 1.31 2002-09-23 20:17:13 kaie%netscape.com Exp $
* $Id: nsPKCS12Blob.cpp,v 1.32 2002-11-14 00:49:56 kaie%netscape.com Exp $
*/
#include "prmem.h"
@ -450,14 +450,14 @@ nsPKCS12Blob::newPKCS12FilePassword(SECItem *unicodePw)
{
nsresult rv = NS_OK;
nsAutoString password;
PRBool canceled;
nsCOMPtr<nsICertificateDialogs> certDialogs;
rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs),
NS_CERTIFICATEDIALOGS_CONTRACTID);
if (NS_FAILED(rv)) return rv;
rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &canceled);
if (NS_FAILED(rv) || canceled) return rv;
PRBool pressedOK;
rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &pressedOK);
if (NS_FAILED(rv) || !pressedOK) return rv;
unicodeToItem(password.get(), unicodePw);
return NS_OK;
}
@ -471,14 +471,14 @@ nsPKCS12Blob::getPKCS12FilePassword(SECItem *unicodePw)
{
nsresult rv = NS_OK;
nsAutoString password;
PRBool canceled;
nsCOMPtr<nsICertificateDialogs> certDialogs;
rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs),
NS_CERTIFICATEDIALOGS_CONTRACTID);
if (NS_FAILED(rv)) return rv;
rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &canceled);
if (NS_FAILED(rv) || canceled) return rv;
PRBool pressedOK;
rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &pressedOK);
if (NS_FAILED(rv) || !pressedOK) return rv;
unicodeToItem(password.get(), unicodePw);
return NS_OK;
}

22
security/manager/ssl/src/nsUsageArrayHelper.cpp
Просмотреть файл

@ -170,7 +170,8 @@ nsUsageArrayHelper::verifyFailed(PRUint32 *_verified)
}
nsresult
nsUsageArrayHelper::GetUsageArray(char *suffix,
nsUsageArrayHelper::GetUsagesArray(char *suffix,
PRBool ignoreOcsp,
PRUint32 outArraySize,
PRUint32 *_verified,
PRUint32 *_count,
@ -182,6 +183,19 @@ nsUsageArrayHelper::GetUsageArray(char *suffix,
if (outArraySize < max_returned_out_array_size)
return NS_ERROR_FAILURE;
nsCOMPtr<nsINSSComponent> nssComponent;
if (ignoreOcsp) {
nsresult rv;
nssComponent = do_GetService(kNSSComponentCID, &rv);
if (NS_FAILED(rv))
return rv;
if (nssComponent) {
nssComponent->SkipOcsp();
}
}
PRUint32 &count = *_count;
count = 0;
@ -205,6 +219,11 @@ nsUsageArrayHelper::GetUsageArray(char *suffix,
#if 0
check(suffix, certUsageAnyCA, count, outUsages);
#endif
if (ignoreOcsp && nssComponent) {
nssComponent->SkipOcspOff();
}
if (count == 0) {
verifyFailed(_verified);
} else {
@ -212,4 +231,3 @@ nsUsageArrayHelper::GetUsageArray(char *suffix,
}
return NS_OK;
}

3
security/manager/ssl/src/nsUsageArrayHelper.h
Просмотреть файл

@ -44,7 +44,8 @@ class nsUsageArrayHelper
public:
nsUsageArrayHelper(CERTCertificate *aCert);
nsresult GetUsageArray(char *suffix,
nsresult GetUsagesArray(char *suffix,
PRBool ignoreOcsp,
PRUint32 outArraySize,
PRUint32 *_verified,
PRUint32 *_count,