mozilla
/
mozilla-history
зеркало из https://github.com/mozilla/mozilla-history.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Checkin for bug #75123. Improves the cert manager to make it look more like the mock-up. Implementation of nsIOutlinerView to improve cert listings. 

r=javi, sr=blizzard
This commit is contained in:
mcgreer%netscape.com 2001-05-01 23:23:23 +00:00
Родитель c6ee9c8192
Коммит 31c82812d4
32 изменённых файлов: 2303 добавлений и 538 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
security/manager/pki/resources/content/CAOverlay.xul
Просмотреть файл

@ -35,9 +35,13 @@
<box id="CACerts" orient="vertical">
<outliner id="ca-outliner" multiple="true"
onselect="ca_enableButtons()" flex="1">
<outlinercol id="certcol" label="&certmgr.certname;" flex="1"/>
<splitter/>
<outlinercol id="tokencol" label="&certmgr.tokenname;" flex="1"/>
<outlinercol id="certcol" label="&certmgr.certname;" primary="true"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="tokencol" label="&certmgr.tokenname;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<outlinercol id="certdbkeycol" collapsed="true" flex="1"/>
<outlinerbody flex="1"/>
</outliner>

26
security/manager/pki/resources/content/MineOverlay.xul
Просмотреть файл

@ -37,9 +37,29 @@
<separator class="thin"/>
<outliner id="user-outliner" multiple="true"
onselect="mine_enableButtons()" flex="1">
<outlinercol id="certcol" label="&certmgr.certname;" flex="1"/>
<splitter/>
<outlinercol id="tokencol" label="&certmgr.tokenname;" flex="1"/>
<outlinercol id="certcol" label="&certmgr.certname;" primary="true"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="tokencol" label="&certmgr.tokenname;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="verifiedcol" label="&certmgr.verified;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="purposecol" label="&certmgr.purpose;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="issuedcol" label="&certmgr.issued;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="expiredcol" label="&certmgr.expires;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<outlinercol id="certdbkeycol" collapsed="true" flex="1"/>
<outlinerbody flex="1"/>
</outliner>

10
security/manager/pki/resources/content/WebSitesOverlay.xul
Просмотреть файл

@ -37,9 +37,13 @@
<separator class="thin"/>
<outliner id="server-outliner" multiple="true"
onselect="websites_enableButtons()" flex="1">
<outlinercol id="certcol" label="&certmgr.certname;" flex="1"/>
<splitter/>
<outlinercol id="tokencol" label="&certmgr.tokenname;" flex="1"/>
<outlinercol id="certcol" label="&certmgr.certname;" primary="true"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<splitter class="tree-splitter"/>
<outlinercol id="tokencol" label="&certmgr.tokenname;"
class="outlinercol-header outlinercell-inset-header"
flex="1"/>
<outlinercol id="certdbkeycol" collapsed="true" flex="1"/>
<outlinerbody flex="1"/>
</outliner>

283
security/manager/pki/resources/content/certManager.js
Просмотреть файл

@ -26,137 +26,80 @@ const nsFilePicker = "@mozilla.org/filepicker;1";
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsICertOutliner = Components.interfaces.nsICertOutliner;
const nsCertOutliner = "@mozilla.org/security/nsCertOutliner;1";
var selected_certs = [];
var certdb;
var caCertNameList;
var serverCertNameList;
//var emailCertNameList;
var userCertNameList;
var caOutlinerView;
var serverOutlinerView;
//var emailOutlinerView;
var userOutlinerView;
var caOutlinerView = {
rowCount : 50,
setOutliner : function(outliner) {},
getCellText : function(row, column) {
if (row >= caCertNameList.length) return "";
var certstuff = caCertNameList[row];
var delim = certstuff[0];
var certstr = certstuff.split(delim);
if (certstr.length < 4) {
tokenname = "PSM Certificate Database";
certname = certstr[1];
certkey = certstr[2];
} else {
tokenname = certstr[1];
certname = certstr[2];
certkey = certstr[3];
}
if (column=="certcol") return certname;
else if (column=="tokencol") return tokenname;
else return certkey;
},
getRowProperties : function(row, prop) {},
getColumnProperties : function(column, prop) {},
getCellProperties : function(cell, prop) {},
isContainer : function(index) { return false; }
};
function LoadCerts()
{
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
var serverOutlinerView = {
rowCount : 10,
setOutliner : function(outliner) {},
getCellText : function(row, column) {
if (row >= serverCertNameList.length) return "";
var certstuff = serverCertNameList[row];
var delim = certstuff[0];
var certstr = certstuff.split(delim);
if (certstr.length < 4) {
tokenname = "PSM Certificate Database";
certname = certstr[1];
certkey = certstr[2];
} else {
tokenname = certstr[1];
certname = certstr[2];
certkey = certstr[3];
}
if (column=="certcol") return certname;
else if (column=="tokencol") return tokenname;
else return certkey;
},
getRowProperties : function(row, prop) {},
getColumnProperties : function(column, prop) {},
getCellProperties : function(cell, prop) {},
isContainer : function(index) { return false; }
};
caOutlinerView = Components.classes[nsCertOutliner]
.createInstance(nsICertOutliner);
caOutlinerView.loadCerts(nsIX509Cert.CA_CERT);
document.getElementById('ca-outliner')
.outlinerBoxObject.view = caOutlinerView;
serverOutlinerView = Components.classes[nsCertOutliner]
.createInstance(nsICertOutliner);
serverOutlinerView.loadCerts(nsIX509Cert.SERVER_CERT);
document.getElementById('server-outliner')
.outlinerBoxObject.view = serverOutlinerView;
/*
var emailOutlinerView = {
rowCount : 10,
setOutliner : function(outliner) {},
getCellText : function(row, column) {
if (row >= emailCertNameList.length) return "";
var certname = emailCertertNameList[row];
var ti = certname.indexOf(":");
var tokenname = "PSM Certificate Database";
if (ti > 0) {
tokenname = certname.substring(0, ti);
certname = certname.substring(ti+1, certname.length);
}
var ki = certname.indexOf(1);
var keystr = certname.substring(ki+1, certname.length);
certname = certname.substring(0, ki);
if (column=="certcol") return certname;
else if (column=="tokencol") return tokenname;
else return keystr;
},
getRowProperties : function(row, prop) {},
getColumnProperties : function(column, prop) {},
getCellProperties : function(cell, prop) {},
isContainer : function(index) { return false; }
};
emailOutlinerView = Components.classes[nsCertOutliner]
.createInstance(nsICertOutliner);
emailOutlinerView.loadCerts(nsIX509Cert.EMAIL_CERT);
document.getElementById('email-outliner')
.outlinerBoxObject.view = emailOutlinerView;
*/
var userOutlinerView = {
rowCount : 10,
setOutliner : function(outliner) {},
getCellText : function(row, column) {
if (row >= userCertNameList.length) return "";
var certstuff = userCertNameList[row];
var delim = certstuff[0];
var certstr = certstuff.split(delim);
if (certstr.length < 4) {
tokenname = "PSM Certificate Database";
certname = certstr[1];
certkey = certstr[2];
} else {
tokenname = certstr[1];
certname = certstr[2];
certkey = certstr[3];
}
if (column=="certcol") return certname;
else if (column=="tokencol") return tokenname;
else return certkey;
},
getRowProperties : function(row, prop) {},
getColumnProperties : function(column, prop) {},
getCellProperties : function(cell, prop) {},
isContainer : function(index) { return false; }
};
userOutlinerView = Components.classes[nsCertOutliner]
.createInstance(nsICertOutliner);
userOutlinerView.loadCerts(nsIX509Cert.USER_CERT);
document.getElementById('user-outliner')
.outlinerBoxObject.view = userOutlinerView;
}
function ReloadCerts()
{
caOutlinerView.loadCerts(nsIX509Cert.CA_CERT);
serverOutlinerView.loadCerts(nsIX509Cert.SERVER_CERT);
//emailOutlinerView.loadCerts(nsIX509Cert.EMAIL_CERT);
userOutlinerView.loadCerts(nsIX509Cert.USER_CERT);
}
function getSelectedCerts()
{
var ca_tab = document.getElementById("ca_tab");
var mine_tab = document.getElementById("mine_tab");
//var others_tab = document.getElementById("others_tab");
var websites_tab = document.getElementById("websites_tab");
var items = caOutlinerView.selection;
if (mine_tab.selected) {
var items = null;
if (ca_tab.selected) {
items = caOutlinerView.selection;
} else if (mine_tab.selected) {
items = userOutlinerView.selection;
/*
} else if (others_tab.selected) {
items = emailOutlinerView.selection;
*/
} else if (websites_tab.selected) {
items = serverOutlinerView.selection;
}
var nr = items.getRangeCount();
selected_certs = [];
var cert = null;
var nr = 0;
if (items != null) nr = items.getRangeCount();
if (nr > 0) {
selected_certs = [];
for (var i=0; i<nr; i++) {
var o1 = {};
var o2 = {};
@ -164,55 +107,24 @@ function getSelectedCerts()
var min = o1.value;
var max = o2.value;
for (var j=min; j<=max; j++) {
var tokenName = items.outliner.view.getCellText(j, "tokencol");
//var certName = items.outliner.view.getCellText(j, "certcol");
var certDBKey = items.outliner.view.getCellText(j, "certdbkeycol");
selected_certs[selected_certs.length] = [tokenName, certDBKey];
if (ca_tab.selected) {
cert = caOutlinerView.getCert(j);
} else if (mine_tab.selected) {
cert = userOutlinerView.getCert(j);
/*
} else if (others_tab.selected) {
cert = emailOutlinerView.getCert(j);
*/
} else if (websites_tab.selected) {
cert = serverOutlinerView.getCert(j);
}
if (cert)
selected_certs[selected_certs.length] = cert;
}
}
}
}
function LoadCertNamesByType(type)
{
var obj1 = {};
var obj2 = {};
certdb.getCertNicknames(null, type, obj1, obj2);
var count = obj1.value;
if (type == nsIX509Cert.CA_CERT) {
caCertNameList = obj2.value;
caCertNameList.sort();
} else if (type == nsIX509Cert.SERVER_CERT) {
serverCertNameList = obj2.value;
serverCertNameList.sort();
/*
} else if (type == nsIX509Cert.EMAIL_CERT) {
emailCertNameList = obj2.value;
emailCertNameList.sort();
*/
} else { /* if (type == nsIX509Cert.USER_CERT) */
userCertNameList = obj2.value;
userCertNameList.sort();
}
}
function LoadCertNames()
{
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
LoadCertNamesByType(nsIX509Cert.CA_CERT);
LoadCertNamesByType(nsIX509Cert.SERVER_CERT);
//LoadCertNamesByType(nsIX509Cert.EMAIL_CERT);
LoadCertNamesByType(nsIX509Cert.USER_CERT);
document.getElementById('ca-outliner')
.outlinerBoxObject.view = caOutlinerView;
document.getElementById('server-outliner')
.outlinerBoxObject.view = serverOutlinerView;
/*document.getElementById('email-outliner')
.outlinerBoxObject.view = emailOutlinerView; */
document.getElementById('user-outliner')
.outlinerBoxObject.view = userOutlinerView;
}
function ca_enableButtons()
{
var items = caOutlinerView.selection;
@ -221,6 +133,8 @@ function ca_enableButtons()
if (nr == 0) {
toggle="true";
}
edit_toggle=toggle;
/*
var edit_toggle="true";
if (nr > 0) {
for (var i=0; i<nr; i++) {
@ -240,6 +154,7 @@ function ca_enableButtons()
edit_toggle="false";
}
}
*/
var enableViewButton=document.getElementById('ca_viewButton');
enableViewButton.setAttribute("disabled",toggle);
var enableEditButton=document.getElementById('ca_editButton');
@ -281,15 +196,7 @@ function websites_enableButtons()
function backupCerts()
{
getSelectedCerts();
var numcerts= selected_certs.length;
var certs = [];
var windowName = "";
for (var t=0; t<numcerts; t++) {
//var token = tokendb.findTokenByName(selected_certs[t][0]);
var token = null;
if (selected_certs[t][1].length == 0) break; // workaround
certs[t] = certdb.getCertByDBKey(selected_certs[t][1], token);
}
var numcerts = selected_certs.length;
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
fp.init(window,
@ -299,10 +206,9 @@ function backupCerts()
fp.appendFilters(nsIFilePicker.filterAll);
if (fp.show() == nsIFilePicker.returnOK ||
fp.show() == nsIFilePicker.returnReplace) {
certdb.exportPKCS12File(null, fp.file, certs.length, certs);
certdb.exportPKCS12File(null, fp.file,
selected_certs.length, selected_certs);
}
// don't really know it was successful...
alert(bundle.GetStringFromName("SuccessfulP12Backup"));
}
function backupAllCerts()
@ -315,12 +221,10 @@ function backupAllCerts()
function editCerts()
{
getSelectedCerts();
var numcerts= selected_certs.length;
var numcerts = selected_certs.length;
for (var t=0; t<numcerts; t++) {
//var token = tokendb.findTokenByName(selected_certs[t][0]);
var token = null;
var certkey = selected_certs[t][1];
var cert = certdb.getCertByDBKey(certkey, token);
var cert = selected_certs[t];
var certkey = cert.dbKey;
window.open('chrome://pippki/content/editcerts.xul', certkey,
'chrome,width=500,height=400,resizable=1');
}
@ -339,47 +243,28 @@ function restoreCerts()
var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
certdb.importPKCS12File(null, fp.file);
}
// don't really know it was successful...
alert(bundle.GetStringFromName("SuccessfulP12Restore"));
LoadCertNames();
userOutlinerView.loadCerts(nsIX509Cert.USER_CERT);
}
function deleteCerts()
{
getSelectedCerts();
var numcerts= selected_certs.length;
/*
var windowName = "";
for (var t=0; t<selected_certs.length; t++) {
if (selected_certs[t][0] &&
selected_certs[t][0] != "PSM Certificate Database") { // token name
windowName = selected_certs[t].join(":");
} else {
windowName = selected_certs[t][1];
}
*/
var numcerts = selected_certs.length;
for (var t=0; t<numcerts; t++) {
//var token = tokendb.findTokenByName(selected_certs[t][0]);
var token = null;
var cert = certdb.getCertByDBKey(selected_certs[t][1], token);
alert("You want to delete \"" + cert.windowTitle + "\"");
/*
window.open('chrome://pippki/content/deleteCert.xul', windowName,
'chrome,width=500,height=400,resizable=1');
*/
var cert = selected_certs[t];
var certkey = cert.dbKey;
window.openDialog('chrome://pippki/content/deletecert.xul', certkey,
'chrome,resizable=1,modal');
}
LoadCertNames();
ReloadCerts();
}
function viewCerts()
{
getSelectedCerts();
var numcerts= selected_certs.length;
var numcerts = selected_certs.length;
for (var t=0; t<numcerts; t++) {
//var token = tokendb.findTokenByName(selected_certs[t][0]);
var token = null;
var cert = certdb.getCertByDBKey(selected_certs[t][1], token);
cert.view();
selected_certs[t].view();
}
}

8
security/manager/pki/resources/content/certManager.xul
Просмотреть файл

@ -37,10 +37,10 @@
<window id="certmanager"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
style="width: 30em;"
style="width: 40em;"
title="&certmgr.title;"
debug="0"
onload="LoadCertNames()">
onload="LoadCerts()">
<script src="chrome://global/content/strres.js" />
<script src="certManager.js"/>
@ -53,13 +53,17 @@
<tabbox flex="0" orient="vertical">
<tabs orient="horizontal">
<tab id="mine_tab" label="&certmgr.tab.mine;" />
<!--
<tab id="others_tab" label="&certmgr.tab.others;" />
-->
<tab id="websites_tab" label="&certmgr.tab.websites;" />
<tab id="ca_tab" label="&certmgr.tab.ca;" selected="true"/>
</tabs>
<tabpanels flex="1">
<box id="myCerts" flex="1"/>
<!--
<box id="othersCerts" flex="1"/>
-->
<box id="webCerts" flex="1"/>
<box id="CACerts" flex="1"/>
</tabpanels>

54
security/manager/pki/resources/content/deletecert.js Normal file
Просмотреть файл

@ -0,0 +1,54 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*/
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
var certdb;
var cert;
function setWindowName()
{
var dbkey = self.name;
// Get the cert from the cert database
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
//var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
//var isupport = pkiParams.getISupportAtIndex(1);
//cert = isupport.QueryInterface(nsIX509Cert);
cert = certdb.getCertByDBKey(dbkey, null);
var windowReference = document.getElementById('deleteCert');
windowReference.setAttribute("title", cert.commonName);
var certname = document.getElementById("certname");
certname.setAttribute("value", cert.commonName);
}
function doOK()
{
certdb.deleteCertificate(cert);
window.close();
}

55
security/manager/pki/resources/content/deletecert.xul Normal file
Просмотреть файл

@ -0,0 +1,55 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
- Contributor(s):
- Ian McGreer <mcgreer@netscape.com>
-->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE window SYSTEM "chrome://pippki/locale/certManager.dtd">
<window
id="deleteCert"
title="&certmgr.deletecert.title;"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="setWindowName();"
persist="height width screenX screenY"
debug="false"
>
<script src="deletecert.js"/>
<box orient="vertical" flex="1">
<html>&certmgr.deletecert.beforename;</html>
<text id="certname"/>
<html>&certmgr.deletecert.aftername;</html>
<separator />
<box orient="horizontal" align="center">
<button id="ok-button" class="dialog" label="&certmgr.ok.label;"
style="width: 8ex" oncommand="doOK();"/>
<button id="cancel-button" class="dialog" label="&certmgr.cancel.label;"
style="width: 8ex" oncommand="window.close();" />
<button id="help-button" class="dialog" label="&certmgr.help.label;"
style="width: 8ex" oncommand="alert('Help to add here');" />
</box>
</box>
</window>

167
security/manager/pki/resources/content/editcerts.js
Просмотреть файл

@ -1,84 +1,83 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Bob Lord <lord@netscape.com>
* Ian McGreer <mcgreer@netscape.com>
*/
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
//var myName;
// XXX yes?
var certdb;
var cert;
function setWindowName()
{
//myName = self.name;
certkey = self.name;
// Get the cert from the cert database
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
//var cert = certdb.getCertByNickname(token, myName);
//cert = certdb.getCertByNickname(null, myName);
cert = certdb.getCertByDBKey(certkey, null);
var windowReference = document.getElementById('editCert');
windowReference.setAttribute("title", cert.commonName);
var certname = document.getElementById("certname");
certname.setAttribute("value", cert.commonName);
var ssl = document.getElementById("trustSSL");
if (certdb.getCertTrust(cert, 1)) {
ssl.setAttribute("checked", "true");
} else {
ssl.setAttribute("checked", "false");
}
var email = document.getElementById("trustEmail");
if (certdb.getCertTrust(cert, 2)) {
email.setAttribute("checked", "true");
} else {
email.setAttribute("checked", "false");
}
var objsign = document.getElementById("trustObjSign");
if (certdb.getCertTrust(cert, 4)) {
objsign.setAttribute("checked", "true");
} else {
objsign.setAttribute("checked", "false");
}
}
function doOK()
{
var ssl = document.getElementById("trustSSL");
var email = document.getElementById("trustEmail");
var objsign = document.getElementById("trustObjSign");
// clean this up
var trustssl = (ssl.checked) ? 1 : 0;
var trustemail = (email.checked) ? 2 : 0;
var trustobjsign = (objsign.checked) ? 4 : 0;
//
// Set the cert trust
//
certdb.setCertTrust(cert, 1, trustssl | trustemail | trustobjsign);
window.close();
}
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Bob Lord <lord@netscape.com>
* Ian McGreer <mcgreer@netscape.com>
*/
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
var certdb;
var cert;
function setWindowName()
{
var dbkey = self.name;
// Get the cert from the cert database
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
//var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
//var isupport = pkiParams.getISupportAtIndex(1);
//cert = isupport.QueryInterface(nsIX509Cert);
cert = certdb.getCertByDBKey(dbkey, null);
var windowReference = document.getElementById('editCert');
windowReference.setAttribute("title", cert.commonName);
var certname = document.getElementById("certname");
certname.setAttribute("value", cert.commonName);
var ssl = document.getElementById("trustSSL");
if (certdb.getCertTrust(cert, 1)) {
ssl.setAttribute("checked", "true");
} else {
ssl.setAttribute("checked", "false");
}
var email = document.getElementById("trustEmail");
if (certdb.getCertTrust(cert, 2)) {
email.setAttribute("checked", "true");
} else {
email.setAttribute("checked", "false");
}
var objsign = document.getElementById("trustObjSign");
if (certdb.getCertTrust(cert, 4)) {
objsign.setAttribute("checked", "true");
} else {
objsign.setAttribute("checked", "false");
}
}
function doOK()
{
var ssl = document.getElementById("trustSSL");
var email = document.getElementById("trustEmail");
var objsign = document.getElementById("trustObjSign");
// clean this up
var trustssl = (ssl.checked) ? 1 : 0;
var trustemail = (email.checked) ? 2 : 0;
var trustobjsign = (objsign.checked) ? 4 : 0;
//
// Set the cert trust
//
certdb.setCertTrust(cert, 1, trustssl | trustemail | trustobjsign);
window.close();
}

65
security/manager/pki/resources/content/editcerts.xul
Просмотреть файл

@ -1,65 +0,0 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
- Contributor(s):
- Bob Lord <lord@netscape.com>
- Ian McGreer <mcgreer@netscape.com>
-->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE window SYSTEM "chrome://pippki/locale/certManager.dtd">
<window
id="editCert"
title="&certmgr.editcert.title;"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="setWindowName();"
persist="height width screenX screenY"
debug="false"
>
<script src="editcerts.js"/>
<box orient="vertical" flex="1">
<html>&certmgr.editcert.beforename;</html>
<text id="certname"/>
<html>&certmgr.editcert.aftername;</html>
<separator />
<html>&certmgr.editcert.edittrust;</html>
<box orient = "vertical">
<checkbox label="&certmgr.editcert.trustssl;" checked="false"
id="trustSSL"/>
<checkbox label="&certmgr.editcert.trustemail;" checked="false"
id="trustEmail"/>
<checkbox label="&certmgr.editcert.trustobjsign;" checked="false"
id="trustObjSign"/>
</box>
<box orient="horizontal" align="center">
<button id="ok-button" class="dialog" label="&certmgr.ok.label;"
style="width: 8ex" oncommand="doOK();"/>
<button id="cancel-button" class="dialog" label="&certmgr.cancel.label;"
style="width: 8ex" oncommand="window.close();" />
<button id="help-button" class="dialog" label="&certmgr.help.label;"
style="width: 8ex" oncommand="alert('Help to add here');" />
</box>
</box>
</window>

9
security/manager/pki/resources/content/pref-security.js
Просмотреть файл

@ -48,6 +48,11 @@ function onLoad()
function openCertManager()
{
window.open('chrome://pippki/content/certManager.xul', "",
'chrome,width=500,height=400,resizable=1');
// var windowReference = document.getElementById("certmanager");
// if (windowReference != null) {
// windowReference.focus();
// } else {
window.open('chrome://pippki/content/certManager.xul', "",
'chrome,width=500,height=400,resizable=1');
// }
}

2
security/manager/pki/resources/jar.mn
Просмотреть файл

@ -20,6 +20,8 @@ pippki.jar:
content/pippki/viewCertDetails.xul (content/viewCertDetails.xul)
content/pippki/editcerts.xul (content/editcerts.xul)
content/pippki/editcerts.js (content/editcerts.js)
content/pippki/deletecert.xul (content/deletecert.xul)
content/pippki/deletecert.js (content/deletecert.js)
content/pippki/viewCertDetails.js (content/viewCertDetails.js)
content/pippki/getp12password.xul (content/getp12password.xul)
content/pippki/setp12password.xul (content/setp12password.xul)

12
security/manager/pki/resources/locale/en-US/certManager.dtd
Просмотреть файл

@ -56,8 +56,20 @@
<!ENTITY certmgr.editcert.trustemail "This certificate can identify mail users.">
<!ENTITY certmgr.editcert.trustobjsign "This certificate can identify software makers.">
<!ENTITY certmgr.deletecert.title "Delete Certificate">
<!ENTITY certmgr.deletecert.beforename "You have requested to delete this certificate:">
<!ENTITY certmgr.deletecert.aftername "Are you sure you want to delete this certificate?">
<!ENTITY certmgr.deleteusercert.title "Delete Your Certificate">
<!ENTITY certmgr.deleteusercert.beforename "You have requested to delete the certificate:">
<!ENTITY certmgr.deleteusercert.aftername "Once you have deleted this certificate, you will not be able to read mail that has been encrypted with it.">
<!ENTITY certmgr.certname "Certificate Name">
<!ENTITY certmgr.tokenname "Token Name">
<!ENTITY certmgr.verified "Verified">
<!ENTITY certmgr.purpose "Purpose">
<!ENTITY certmgr.issued "Issued On">
<!ENTITY certmgr.expires "Expires On">
<!ENTITY certmgr.help.label "Help">
<!ENTITY certmgr.ok.label "Ok">
<!ENTITY certmgr.close.label "Close">

3
security/manager/pki/resources/locale/en-US/pippki.dtd
Просмотреть файл

@ -45,6 +45,9 @@
<!ENTITY cancel.label "Cancel">
<!ENTITY help.label "Help">
<!ENTITY piperror.title "Error">
<!ENTITY pipalert.title "Error - cannot recover">
<!-- Prefs panel strings -->
<!ENTITY pref.security.general.lHeader "Security">
<!ENTITY pref.security.general.rHeader "Settings for general security">

2
security/manager/pki/resources/locale/en-US/pippki.properties
Просмотреть файл

@ -29,8 +29,6 @@ newCAMessage1=Do you want to trust "%S" for the following purposes?
#PKCS#12 file dialogs
chooseP12RestoreFileDialog=File Name to Restore
chooseP12BackupFileDialog=File Name to Backup
SuccessfulP12Backup=Successfully backed up your security certificate(s) and private key(s).
SuccessfulP12Restore=Successfully restored your security certificate(s) and private key(s).
#Mismatch Domain Dialg
mismatchDomainMsg1=You have attempted to establish a connection with "%S". However, the security certificate presented belongs to "%S". It is possible, though unlikely, that someone may be trying to intercept your communication with this web site.

1
security/manager/ssl/public/Makefile.in
Просмотреть файл

@ -51,6 +51,7 @@ XPIDLSRCS = \
nsIPKCS11Slot.idl \
nsIPK11TokenDB.idl \
nsINSSDialogs.idl \
nsICertOutliner.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

1
security/manager/ssl/public/makefile.win
Просмотреть файл

@ -57,6 +57,7 @@ XPIDLSRCS= \
.\nsIPKCS11Slot.idl \
.\nsIPK11TokenDB.idl \
.\nsINSSDialogs.idl \
.\nsICertOutliner.idl \
$(NULL)

0
security/manager/ssl/public/nsICertOutliner.idl Normal file
Просмотреть файл

5
security/manager/ssl/public/nsIX509Cert.idl
Просмотреть файл

@ -59,6 +59,9 @@ interface nsIX509Cert : nsISupports {
readonly attribute wstring rsaPubModulus;
readonly attribute wstring sha1Fingerprint;
readonly attribute wstring md5Fingerprint;
readonly attribute wstring issuedDate;
readonly attribute wstring expiresDate;
readonly attribute wstring tokenName;
readonly attribute nsIX509CertValidity validity;
readonly attribute string dbKey;
@ -92,6 +95,8 @@ interface nsIX509Cert : nsISupports {
out PRUint32 count,
[array, size_is(count)] out wstring usages);
void getPurposes(out PRUint32 verified, out wstring purposes);
/*
* This method is here to make it easier to view a cert.
* It will get the implemention of the nsICertificateDialogs

43
security/manager/ssl/public/nsIX509CertDB.idl
Просмотреть файл

@ -39,10 +39,27 @@
#include "nsString.h"
%}
interface nsISupportsArray;
interface nsIX509Cert;
interface nsIPK11Token;
interface nsILocalFile;
%{C++
#define NS_X509CERTDB_CID { /* da48b3c0-1284-11d5-ac67-000064657374 */ \
0xda48b3c0, \
0x1284, \
0x11d5, \
{0xac, 0x67, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74} \
}
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
typedef int (*nsCertCompareFunc)(nsIX509Cert *a, nsIX509Cert *b);
%}
native nsCertCompareFunc(nsCertCompareFunc);
native nsAutoString(nsAutoString);
[ref] native nsAutoStringRef(nsAutoString);
@ -84,6 +101,16 @@ interface nsIX509CertDB : nsISupports {
out unsigned long count,
[array, size_is(count)] out wstring certNameList);
/*
* getCertsByType
*
* Obtain a list of certs from the database.
*
*/
[notxpcom, noscript] boolean getCertsByType(in unsigned long aType,
in nsCertCompareFunc aCertCmpFn,
out nsISupportsArray certs);
/*
* importCertificate
*
@ -148,19 +175,3 @@ interface nsIX509CertDB : nsISupports {
};
%{C++
#define NS_X509CERTDB_CID { /* da48b3c0-1284-11d5-ac67-000064657374 */ \
0xda48b3c0, \
0x1284, \
0x11d5, \
{0xac, 0x67, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74} \
}
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
#define NS_CERTIFICATEMGR_DATASOURCE_CONTRACTID \
"@mozilla.org/rdf/datasource;1?name=certificatemgr"
%}

22
security/manager/ssl/resources/locale/en-US/pipnss.properties
Просмотреть файл

@ -30,6 +30,7 @@ SlotDescription=PSM Internal Cryptographic Services Version 4.0
PrivateSlotDescription=PSM User Private Key and Certificate Services
FipsSlotDescription=PSM Internal FIPS-140-1 Cryptographic Services
FipsPrivateSlotDescription=PSM FIPS-140-1 User Private Key Services
InternalToken=Software Security Module
VerifySSLClient=SSL Client Certificate
VerifySSLServer=SSL Server Certificate
VerifySSLStepUp=SSL Server with Step-up
@ -42,3 +43,24 @@ VerifyUserImport=User Import Cert
VerifyCAVerifier=CA Verifier
VerifyStatusResponder=Status Responder Certificate
VerifyAnyCA=Any Certificate Authority
VerifySSLClient_p=Client
VerifySSLServer_p=Server
VerifySSLStepUp_p=Step-up
VerifySSLCA_p=SSL CA
VerifyEmailSigner_p=Sign
VerifyEmailRecip_p=Encrypt
VerifyProtectObjSign_p=Protected Object Signer
VerifyObjSign_p=Object Signer
VerifyUserImport_p=User Import
VerifyCAVerifier_p=CA Verifier
VerifyStatusResponder_p=Status Responder
VerifyAnyCA_p=CA
VerifiedTrue=true
VerifiedFalse=false
PK11BadPassword=The token password entered was incorrect.
SuccessfulP12Backup=Successfully backed up your security certificate(s) and private key(s).
SuccessfulP12Restore=Successfully restored your security certificate(s) and private key(s).
PKCS12PasswordInvalid=Could not decode PKCS#12 file. Perhaps the password you entered was incorrect?
PKCS12DecodeErr=Failed to decode the file. Either it is not in PKCS#12 format, has been corrupted, or the password you entered was incorrect.
PKCS12UnknownErrRestore=Failed to restore the PKCS#12 file for unknown reasons.
PKCS12UnknownErrBackup=Failed to backup the PKCS#12 file for unknown reasons.

1
security/manager/ssl/src/Makefile.in
Просмотреть файл

@ -60,6 +60,7 @@ CPPSRCS = \
nsPK11TokenDB.cpp \
nsNSSCertificate.cpp \
nsPKCS12Blob.cpp \
nsCertOutliner.cpp \
$(NULL)
REQUIRES = nspr security xpcom string necko uriloader pref caps dom intl locale profile windowwatcher js docshell widget layout gfx2

1
security/manager/ssl/src/makefile.win
Просмотреть файл

@ -88,6 +88,7 @@ OBJS = \
.\$(OBJDIR)\nsPK11TokenDB.obj \
.\$(OBJDIR)\nsNSSCertificate.obj \
.\$(OBJDIR)\nsPKCS12Blob.obj \
.\$(OBJDIR)\nsCertOutliner.obj \
$(NULL)
include <$(DEPTH)\config\rules.mak>

644
security/manager/ssl/src/nsCertOutliner.cpp Normal file
Просмотреть файл

@ -0,0 +1,644 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
#include "nsCertOutliner.h"
#include "nsIX509Cert.h"
#include "nsIX509CertDB.h"
#include "nsXPIDLString.h"
#include "prlog.h"
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
// outlinerArrayElStr
//
// structure used to hold map of outliner. Each thread (an organization
// field from a cert) has an element in the array. The numChildren field
// stores the number of certs corresponding to that thread.
struct outlinerArrayElStr {
PRUnichar *orgName; /* heading for thread */
PRBool open; /* toggle open state for thread */
PRInt32 certIndex; /* index into cert array for 1st cert */
PRInt32 numChildren; /* number of chidren (certs) for thread */
};
NS_IMPL_ISUPPORTS2(nsCertOutliner, nsICertOutliner, nsIOutlinerView)
nsCertOutliner::nsCertOutliner() : mOutlinerArray(NULL)
{
NS_INIT_ISUPPORTS();
}
nsCertOutliner::~nsCertOutliner()
{
if (mOutlinerArray)
nsMemory::Free(mOutlinerArray);
}
void
nsCertOutliner::FreeCertArray()
{
if (mCertArray) {
PRUint32 count;
nsresult rv = mCertArray->Count(&count);
NS_ASSERTION(NS_SUCCEEDED(rv), "Count failed");
PRInt32 i;
for (i = count - 1; i >= 0; i--)
mCertArray->RemoveElementAt(i);
}
mCertArray = nsnull;
}
// CmpByToken
//
// Compare two certificate by their token name. Returns -1, 0, 1 as
// in strcmp. No token name (null) is treated as <.
PRInt32
nsCertOutliner::CmpByToken(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp1;
nsXPIDLString aTok, bTok;
a->GetTokenName(getter_Copies(aTok));
b->GetTokenName(getter_Copies(bTok));
if (aTok != nsnull && bTok != nsnull) {
nsAutoString aStr(aTok);
cmp1 = aStr.CompareWithConversion(bTok);
} else {
cmp1 = (aTok == nsnull) ? -1 : 1;
}
return cmp1;
}
// CmpByOrg
//
// Compare two certificates by their O= field. Returns -1, 0, 1 as
// in strcmp. No organization (null) is treated as <.
PRInt32
nsCertOutliner::CmpByOrg(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp1;
nsXPIDLString aOrg, bOrg;
a->GetOrganization(getter_Copies(aOrg));
b->GetOrganization(getter_Copies(bOrg));
if (aOrg != nsnull && bOrg != nsnull) {
nsAutoString aStr(aOrg);
cmp1 = aStr.CompareWithConversion(bOrg);
} else {
cmp1 = (aOrg == nsnull) ? -1 : 1;
}
return cmp1;
}
// CmpByName
//
// Compare two certificates by their CN= field. Returns -1, 0, 1 as
// in strcmp. No common name (null) is treated as <.
PRInt32
nsCertOutliner::CmpByName(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp1;
nsXPIDLString aName, bName;
a->GetOrganization(getter_Copies(aName));
b->GetOrganization(getter_Copies(bName));
if (aName != nsnull && bName != nsnull) {
nsAutoString aStr(aName);
cmp1 = aStr.CompareWithConversion(bName);
} else {
cmp1 = (aName == nsnull) ? -1 : 1;
}
return cmp1;
}
// CmpByTok_Org_Name
//
// Compare two certificates by token name, organization, and common name,
// in that order. Used to sort cert list.
PRInt32
nsCertOutliner::CmpByTok_Org_Name(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp;
cmp = CmpByToken(a, b);
if (cmp != 0) return cmp;
cmp = CmpByOrg(a, b);
if (cmp != 0) return cmp;
return CmpByName(a, b);
}
// CountOrganizations
//
// Count the number of different organizations encountered in the cert
// list. Note that the same organization of a different token is counted
// seperately.
PRInt32
nsCertOutliner::CountOrganizations()
{
PRUint32 i, certCount;
nsresult rv = mCertArray->Count(&certCount);
if (NS_FAILED(rv)) return -1;
if (certCount == 0) return 0;
nsCOMPtr<nsISupports> isupport = dont_AddRef(mCertArray->ElementAt(0));
nsCOMPtr<nsIX509Cert> orgCert = do_QueryInterface(isupport);
nsCOMPtr<nsIX509Cert> nextCert = nsnull;
PRInt32 orgCount = 1;
for (i=1; i<certCount; i++) {
isupport = dont_AddRef(mCertArray->ElementAt(i));
nextCert = do_QueryInterface(isupport);
if (!(CmpByToken(orgCert, nextCert) == 0 &&
CmpByOrg(orgCert, nextCert) == 0)) {
orgCert = nextCert;
orgCount++;
}
}
return orgCount;
}
// GetThreadDescAtIndex
//
// If the row at index is an organization thread, return the collection
// associated with that thread. Otherwise, return null.
outlinerArrayEl *
nsCertOutliner::GetThreadDescAtIndex(PRInt32 index)
{
int i, idx=0;
if (index < 0) return nsnull;
for (i=0; i<mNumOrgs; i++) {
if (index == idx) {
return &mOutlinerArray[i];
}
if (mOutlinerArray[i].open == PR_FALSE) {
idx++;
} else {
idx += mOutlinerArray[i].numChildren + 1;
}
if (idx > index) break;
}
return nsnull;
}
// GetCertAtIndex
//
// If the row at index is a cert, return that cert. Otherwise, return null.
nsIX509Cert *
nsCertOutliner::GetCertAtIndex(PRInt32 index)
{
int i, idx = 0, cIndex = 0, nc;
nsIX509Cert *rawPtr = nsnull;
if (index < 0) return nsnull;
// Loop over the threads
for (i=0; i<mNumOrgs; i++) {
if (index == idx) return nsnull; // index is for thread
idx++; // get past the thread
nc = (mOutlinerArray[i].open) ? mOutlinerArray[i].numChildren : 0;
if (index < idx + nc) { // cert is within range of this thread
PRInt32 certIndex = cIndex + index - idx;
nsCOMPtr<nsISupports> isupport =
dont_AddRef(mCertArray->ElementAt(certIndex));
nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(isupport);
rawPtr = cert;
NS_ADDREF(rawPtr);
break;
}
if (mOutlinerArray[i].open)
idx += mOutlinerArray[i].numChildren;
cIndex += mOutlinerArray[i].numChildren;
if (idx > index) break;
}
return rawPtr;
}
// LoadCerts
//
// Load all of the certificates in the DB for this type. Sort them
// by token, organization, then common name.
NS_IMETHODIMP
nsCertOutliner::LoadCerts(const PRUint32 aType)
{
nsresult rv;
PRBool rowsChanged = PR_FALSE;
PRInt32 numChanged = 0;
if (mOutlinerArray) {
FreeCertArray();
nsMemory::Free(mOutlinerArray);
mOutlinerArray = NULL;
rowsChanged = PR_TRUE;
numChanged = mNumRows;
mNumRows = 0;
}
nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
if (certdb == nsnull) return NS_ERROR_FAILURE;
rv = certdb->GetCertsByType(aType,
CmpByTok_Org_Name,
getter_AddRefs(mCertArray));
if (NS_FAILED(rv)) return rv;
PRUint32 count;
rv = mCertArray->Count(&count);
if (NS_FAILED(rv)) return rv;
mNumOrgs = CountOrganizations();
mOutlinerArray = (outlinerArrayEl *)nsMemory::Alloc(
sizeof(outlinerArrayEl) * mNumOrgs);
PRUint32 j = 0;
nsCOMPtr<nsISupports> isupport = dont_AddRef(mCertArray->ElementAt(j));
nsCOMPtr<nsIX509Cert> orgCert = do_QueryInterface(isupport);
for (PRInt32 i=0; i<mNumOrgs; i++) {
orgCert->GetOrganization(&mOutlinerArray[i].orgName);
mOutlinerArray[i].open = PR_TRUE;
mOutlinerArray[i].certIndex = j;
mOutlinerArray[i].numChildren = 1;
if (++j >= count) break;
isupport = dont_AddRef(mCertArray->ElementAt(j));
nsCOMPtr<nsIX509Cert> nextCert = do_QueryInterface(isupport);
while (CmpByOrg(orgCert, nextCert) == 0) {
mOutlinerArray[i].numChildren++;
if (++j >= count) break;
isupport = dont_AddRef(mCertArray->ElementAt(j));
nextCert = do_QueryInterface(isupport);
}
orgCert = nextCert;
}
mNumRows = count + mNumOrgs;
if (rowsChanged) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%d,%d]", mNumRows, numChanged));
numChanged = mNumRows - numChanged;
if (mOutliner) mOutliner->RowCountChanged(0, numChanged);
}
return NS_OK;
}
//////////////////////////////////////////////////////////////////////////////
//
// Begin nsIOutlinerView methods
//
/////////////////////////////////////////////////////////////////////////////
/* nsIX509Cert getCert(in unsigned long index); */
NS_IMETHODIMP
nsCertOutliner::GetCert(const PRUint32 aIndex, nsIX509Cert **_cert)
{
NS_ENSURE_ARG(_cert);
*_cert = GetCertAtIndex(aIndex);
//nsCOMPtr<nsIX509Cert> cert = GetCertAtIndex(aIndex);
//if (cert) {
//*_cert = cert;
//NS_ADDREF(*_cert);
//}
return NS_OK;
}
/* readonly attribute long rowCount; */
NS_IMETHODIMP
nsCertOutliner::GetRowCount(PRInt32 *aRowCount)
{
PRUint32 count = 0;
for (PRInt32 i=0; i<mNumOrgs; i++) {
if (mOutlinerArray[i].open == PR_TRUE) {
count += mOutlinerArray[i].numChildren + 1;
} else {
count++;
}
}
*aRowCount = count;
return NS_OK;
}
/* attribute nsIOutlinerSelection selection; */
NS_IMETHODIMP
nsCertOutliner::GetSelection(nsIOutlinerSelection * *aSelection)
{
*aSelection = mSelection;
NS_IF_ADDREF(*aSelection);
return NS_OK;
}
NS_IMETHODIMP
nsCertOutliner::SetSelection(nsIOutlinerSelection * aSelection)
{
mSelection = aSelection;
return NS_OK;
}
/* void getRowProperties (in long index, in nsISupportsArray properties); */
NS_IMETHODIMP
nsCertOutliner::GetRowProperties(PRInt32 index, nsISupportsArray *properties)
{
return NS_OK;
}
/* void getCellProperties (in long row, in wstring colID,
* in nsISupportsArray properties);
*/
NS_IMETHODIMP
nsCertOutliner::GetCellProperties(PRInt32 row, const PRUnichar *colID,
nsISupportsArray *properties)
{
return NS_OK;
}
/* void getColumnProperties (in wstring colID,
* in nsIDOMElement colElt,
* in nsISupportsArray properties);
*/
NS_IMETHODIMP
nsCertOutliner::GetColumnProperties(const PRUnichar *colID,
nsIDOMElement *colElt,
nsISupportsArray *properties)
{
return NS_OK;
}
/* boolean isContainer (in long index); */
NS_IMETHODIMP
nsCertOutliner::IsContainer(PRInt32 index, PRBool *_retval)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el) {
*_retval = PR_TRUE;
} else {
*_retval = PR_FALSE;
}
return NS_OK;
}
/* boolean isContainerOpen (in long index); */
NS_IMETHODIMP
nsCertOutliner::IsContainerOpen(PRInt32 index, PRBool *_retval)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el && el->open == PR_TRUE) {
*_retval = PR_TRUE;
} else {
*_retval = PR_FALSE;
}
return NS_OK;
}
/* boolean isContainerEmpty (in long index); */
NS_IMETHODIMP
nsCertOutliner::IsContainerEmpty(PRInt32 index, PRBool *_retval)
{
*_retval = PR_FALSE;
return NS_OK;
}
/* long getParentIndex (in long rowIndex); */
NS_IMETHODIMP
nsCertOutliner::GetParentIndex(PRInt32 rowIndex, PRInt32 *_retval)
{
int i, idx = 0;
for (i=0; i<mNumOrgs; i++) {
if (rowIndex == idx) break; // index is for thread
if (rowIndex < idx + mOutlinerArray[i].numChildren + 1) {
*_retval = idx;
return NS_OK;
}
idx += mOutlinerArray[i].numChildren + 1;
if (idx > rowIndex) break;
}
*_retval = -1;
return NS_OK;
}
/* boolean hasNextSibling (in long rowIndex, in long afterIndex); */
NS_IMETHODIMP
nsCertOutliner::HasNextSibling(PRInt32 rowIndex, PRInt32 afterIndex,
PRBool *_retval)
{
*_retval = PR_FALSE;
return NS_OK;
}
/* long getLevel (in long index); */
NS_IMETHODIMP
nsCertOutliner::GetLevel(PRInt32 index, PRInt32 *_retval)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el) {
*_retval = 0;
} else {
*_retval = 1;
}
return NS_OK;
}
/* wstring getCellText (in long row, in wstring colID); */
NS_IMETHODIMP
nsCertOutliner::GetCellText(PRInt32 row, const PRUnichar *colID,
PRUnichar **_retval)
{
nsresult rv;
char *col = NS_CONST_CAST(char *, NS_ConvertUCS2toUTF8(colID).get());
outlinerArrayEl *el = GetThreadDescAtIndex(row);
if (el != nsnull) {
if (strcmp(col, "certcol") == 0) {
nsAutoString oName(el->orgName);
*_retval = oName.ToNewUnicode();
} else {
*_retval = nsnull;
}
return NS_OK;
}
nsCOMPtr<nsIX509Cert> cert = GetCertAtIndex(row);
if (cert == nsnull) return NS_ERROR_FAILURE;
char *str = NULL;
PRUnichar *wstr = NULL;
if (strcmp(col, "certcol") == 0) {
rv = cert->GetCommonName(&wstr);
if (NS_FAILED(rv) || !wstr) {
// can this be fixed to not do copying?
PRUnichar *tmp = nsnull;
rv = cert->GetNickname(&tmp);
nsAutoString nick(tmp);
char *tmps = nick.ToNewCString();
char *mark = strchr(tmps, ':');
if (mark) {
str = PL_strdup(mark + 1);
} else {
wstr = nick.ToNewUnicode();
}
nsMemory::Free(tmp);
nsMemory::Free(tmps);
}
} else if (strcmp(col, "tokencol") == 0) {
rv = cert->GetTokenName(&wstr);
} else if (strcmp(col, "verifiedcol") == 0) {
PRUint32 verified;
nsCOMPtr<nsINSSComponent> nssComponent(
do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return rv;
rv = cert->GetPurposes(&verified, NULL);
if (verified == nsIX509Cert::VERIFIED_OK) {
nsAutoString vfy;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifiedTrue").get(), vfy);
if (!NS_FAILED(rv))
wstr = vfy.ToNewUnicode();
} else {
nsAutoString vfy;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifiedFalse").get(), vfy);
if (!NS_FAILED(rv))
wstr = vfy.ToNewUnicode();
}
} else if (strcmp(col, "purposecol") == 0) {
PRUint32 verified;
rv = cert->GetPurposes(&verified, &wstr);
} else if (strcmp(col, "issuedcol") == 0) {
rv = cert->GetIssuedDate(&wstr);
} else if (strcmp(col, "expiredcol") == 0) {
rv = cert->GetExpiresDate(&wstr);
} else if (strcmp(col, "certdbkeycol") == 0) {
rv = cert->GetDbKey(&str);
} else {
return NS_ERROR_FAILURE;
}
if (str) {
nsAutoString astr = NS_ConvertASCIItoUCS2(str);
wstr = astr.ToNewUnicode();
}
*_retval = wstr;
return rv;
}
/* void setOutliner (in nsIOutlinerBoxObject outliner); */
NS_IMETHODIMP
nsCertOutliner::SetOutliner(nsIOutlinerBoxObject *outliner)
{
mOutliner = outliner;
return NS_OK;
}
/* void toggleOpenState (in long index); */
NS_IMETHODIMP
nsCertOutliner::ToggleOpenState(PRInt32 index)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el) el->open = !el->open;
PRInt32 fac = (el->open) ? 1 : -1;
if (mOutliner) mOutliner->RowCountChanged(index, fac * el->numChildren);
return NS_OK;
}
/* void cycleHeader (in wstring colID, in nsIDOMElement elt); */
NS_IMETHODIMP
nsCertOutliner::CycleHeader(const PRUnichar *colID, nsIDOMElement *elt)
{
return NS_OK;
}
/* void selectionChanged (); */
NS_IMETHODIMP
nsCertOutliner::SelectionChanged()
{
return NS_ERROR_NOT_IMPLEMENTED;
}
/* void cycleCell (in long row, in wstring colID); */
NS_IMETHODIMP
nsCertOutliner::CycleCell(PRInt32 row, const PRUnichar *colID)
{
return NS_OK;
}
/* boolean isEditable (in long row, in wstring colID); */
NS_IMETHODIMP
nsCertOutliner::IsEditable(PRInt32 row, const PRUnichar *colID, PRBool *_retval)
{
*_retval = PR_FALSE;
return NS_OK;
}
/* void setCellText (in long row, in wstring colID, in wstring value); */
NS_IMETHODIMP
nsCertOutliner::SetCellText(PRInt32 row, const PRUnichar *colID,
const PRUnichar *value)
{
return NS_OK;
}
/* void performAction (in wstring action); */
NS_IMETHODIMP
nsCertOutliner::PerformAction(const PRUnichar *action)
{
return NS_OK;
}
/* void performActionOnRow (in wstring action, in long row); */
NS_IMETHODIMP
nsCertOutliner::PerformActionOnRow(const PRUnichar *action, PRInt32 row)
{
return NS_OK;
}
/* void performActionOnCell (in wstring action, in long row,
* in wstring colID);
*/
NS_IMETHODIMP
nsCertOutliner::PerformActionOnCell(const PRUnichar *action, PRInt32 row,
const PRUnichar *colID)
{
return NS_OK;
}
#ifdef DEBUG_CERT_OUTLINER
void
nsCertOutliner::dumpMap()
{
for (int i=0; i<mNumOrgs; i++) {
nsAutoString org(mOutlinerArray[i].orgName);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("ORG[%s]", org.ToNewCString()));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("OPEN[%d]", mOutlinerArray[i].open));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("INDEX[%d]", mOutlinerArray[i].certIndex));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NCHILD[%d]", mOutlinerArray[i].numChildren));
}
for (int i=0; i<mNumRows; i++) {
outlinerArrayEl *el = GetThreadDescAtIndex(i);
if (el != nsnull) {
nsAutoString td(el->orgName);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("thread desc[%d]: %s",i,td.ToNewCString()));
}
nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
if (ct != nsnull) {
PRUnichar *goo;
ct->GetCommonName(&goo);
nsAutoString doo(goo);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert [%d]: %s",i,doo.ToNewCString()));
}
}
}
#endif

86
security/manager/ssl/src/nsCertOutliner.h Normal file
Просмотреть файл

@ -0,0 +1,86 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NS_CERTOUTLINER_H_
#define _NS_CERTOUTLINER_H_
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "nsICertOutliner.h"
#include "nsIOutlinerView.h"
#include "nsIOutlinerBoxObject.h"
#include "nsIOutlinerSelection.h"
#include "nsISupportsArray.h"
typedef struct outlinerArrayElStr outlinerArrayEl;
class nsCertOutliner : public nsICertOutliner
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICERTOUTLINER
NS_DECL_NSIOUTLINERVIEW
nsCertOutliner();
virtual ~nsCertOutliner();
protected:
static PRInt32 CmpByToken(nsIX509Cert *a, nsIX509Cert *b);
static PRInt32 CmpByOrg(nsIX509Cert *a, nsIX509Cert *b);
static PRInt32 CmpByName(nsIX509Cert *a, nsIX509Cert *b);
static PRInt32 CmpByTok_Org_Name(nsIX509Cert *a, nsIX509Cert *b);
PRInt32 CountOrganizations();
private:
nsCOMPtr<nsISupportsArray> mCertArray;
nsCOMPtr<nsIOutlinerBoxObject> mOutliner;
nsCOMPtr<nsIOutlinerSelection> mSelection;
outlinerArrayEl *mOutlinerArray;
PRInt32 mNumOrgs;
PRInt32 mNumRows;
outlinerArrayEl *GetThreadDescAtIndex(PRInt32 _index);
nsIX509Cert *GetCertAtIndex(PRInt32 _index);
void FreeCertArray();
#ifdef DEBUG_CERT_OUTLINER
/* for debugging purposes */
void dumpMap();
#endif
};
#endif /* _NS_CERTOUTLINER_H_ */

644
security/manager/ssl/src/nsCertTree.cpp Normal file
Просмотреть файл

@ -0,0 +1,644 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
#include "nsCertOutliner.h"
#include "nsIX509Cert.h"
#include "nsIX509CertDB.h"
#include "nsXPIDLString.h"
#include "prlog.h"
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
// outlinerArrayElStr
//
// structure used to hold map of outliner. Each thread (an organization
// field from a cert) has an element in the array. The numChildren field
// stores the number of certs corresponding to that thread.
struct outlinerArrayElStr {
PRUnichar *orgName; /* heading for thread */
PRBool open; /* toggle open state for thread */
PRInt32 certIndex; /* index into cert array for 1st cert */
PRInt32 numChildren; /* number of chidren (certs) for thread */
};
NS_IMPL_ISUPPORTS2(nsCertOutliner, nsICertOutliner, nsIOutlinerView)
nsCertOutliner::nsCertOutliner() : mOutlinerArray(NULL)
{
NS_INIT_ISUPPORTS();
}
nsCertOutliner::~nsCertOutliner()
{
if (mOutlinerArray)
nsMemory::Free(mOutlinerArray);
}
void
nsCertOutliner::FreeCertArray()
{
if (mCertArray) {
PRUint32 count;
nsresult rv = mCertArray->Count(&count);
NS_ASSERTION(NS_SUCCEEDED(rv), "Count failed");
PRInt32 i;
for (i = count - 1; i >= 0; i--)
mCertArray->RemoveElementAt(i);
}
mCertArray = nsnull;
}
// CmpByToken
//
// Compare two certificate by their token name. Returns -1, 0, 1 as
// in strcmp. No token name (null) is treated as <.
PRInt32
nsCertOutliner::CmpByToken(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp1;
nsXPIDLString aTok, bTok;
a->GetTokenName(getter_Copies(aTok));
b->GetTokenName(getter_Copies(bTok));
if (aTok != nsnull && bTok != nsnull) {
nsAutoString aStr(aTok);
cmp1 = aStr.CompareWithConversion(bTok);
} else {
cmp1 = (aTok == nsnull) ? -1 : 1;
}
return cmp1;
}
// CmpByOrg
//
// Compare two certificates by their O= field. Returns -1, 0, 1 as
// in strcmp. No organization (null) is treated as <.
PRInt32
nsCertOutliner::CmpByOrg(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp1;
nsXPIDLString aOrg, bOrg;
a->GetOrganization(getter_Copies(aOrg));
b->GetOrganization(getter_Copies(bOrg));
if (aOrg != nsnull && bOrg != nsnull) {
nsAutoString aStr(aOrg);
cmp1 = aStr.CompareWithConversion(bOrg);
} else {
cmp1 = (aOrg == nsnull) ? -1 : 1;
}
return cmp1;
}
// CmpByName
//
// Compare two certificates by their CN= field. Returns -1, 0, 1 as
// in strcmp. No common name (null) is treated as <.
PRInt32
nsCertOutliner::CmpByName(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp1;
nsXPIDLString aName, bName;
a->GetOrganization(getter_Copies(aName));
b->GetOrganization(getter_Copies(bName));
if (aName != nsnull && bName != nsnull) {
nsAutoString aStr(aName);
cmp1 = aStr.CompareWithConversion(bName);
} else {
cmp1 = (aName == nsnull) ? -1 : 1;
}
return cmp1;
}
// CmpByTok_Org_Name
//
// Compare two certificates by token name, organization, and common name,
// in that order. Used to sort cert list.
PRInt32
nsCertOutliner::CmpByTok_Org_Name(nsIX509Cert *a, nsIX509Cert *b)
{
PRInt32 cmp;
cmp = CmpByToken(a, b);
if (cmp != 0) return cmp;
cmp = CmpByOrg(a, b);
if (cmp != 0) return cmp;
return CmpByName(a, b);
}
// CountOrganizations
//
// Count the number of different organizations encountered in the cert
// list. Note that the same organization of a different token is counted
// seperately.
PRInt32
nsCertOutliner::CountOrganizations()
{
PRUint32 i, certCount;
nsresult rv = mCertArray->Count(&certCount);
if (NS_FAILED(rv)) return -1;
if (certCount == 0) return 0;
nsCOMPtr<nsISupports> isupport = dont_AddRef(mCertArray->ElementAt(0));
nsCOMPtr<nsIX509Cert> orgCert = do_QueryInterface(isupport);
nsCOMPtr<nsIX509Cert> nextCert = nsnull;
PRInt32 orgCount = 1;
for (i=1; i<certCount; i++) {
isupport = dont_AddRef(mCertArray->ElementAt(i));
nextCert = do_QueryInterface(isupport);
if (!(CmpByToken(orgCert, nextCert) == 0 &&
CmpByOrg(orgCert, nextCert) == 0)) {
orgCert = nextCert;
orgCount++;
}
}
return orgCount;
}
// GetThreadDescAtIndex
//
// If the row at index is an organization thread, return the collection
// associated with that thread. Otherwise, return null.
outlinerArrayEl *
nsCertOutliner::GetThreadDescAtIndex(PRInt32 index)
{
int i, idx=0;
if (index < 0) return nsnull;
for (i=0; i<mNumOrgs; i++) {
if (index == idx) {
return &mOutlinerArray[i];
}
if (mOutlinerArray[i].open == PR_FALSE) {
idx++;
} else {
idx += mOutlinerArray[i].numChildren + 1;
}
if (idx > index) break;
}
return nsnull;
}
// GetCertAtIndex
//
// If the row at index is a cert, return that cert. Otherwise, return null.
nsIX509Cert *
nsCertOutliner::GetCertAtIndex(PRInt32 index)
{
int i, idx = 0, cIndex = 0, nc;
nsIX509Cert *rawPtr = nsnull;
if (index < 0) return nsnull;
// Loop over the threads
for (i=0; i<mNumOrgs; i++) {
if (index == idx) return nsnull; // index is for thread
idx++; // get past the thread
nc = (mOutlinerArray[i].open) ? mOutlinerArray[i].numChildren : 0;
if (index < idx + nc) { // cert is within range of this thread
PRInt32 certIndex = cIndex + index - idx;
nsCOMPtr<nsISupports> isupport =
dont_AddRef(mCertArray->ElementAt(certIndex));
nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(isupport);
rawPtr = cert;
NS_ADDREF(rawPtr);
break;
}
if (mOutlinerArray[i].open)
idx += mOutlinerArray[i].numChildren;
cIndex += mOutlinerArray[i].numChildren;
if (idx > index) break;
}
return rawPtr;
}
// LoadCerts
//
// Load all of the certificates in the DB for this type. Sort them
// by token, organization, then common name.
NS_IMETHODIMP
nsCertOutliner::LoadCerts(const PRUint32 aType)
{
nsresult rv;
PRBool rowsChanged = PR_FALSE;
PRInt32 numChanged = 0;
if (mOutlinerArray) {
FreeCertArray();
nsMemory::Free(mOutlinerArray);
mOutlinerArray = NULL;
rowsChanged = PR_TRUE;
numChanged = mNumRows;
mNumRows = 0;
}
nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
if (certdb == nsnull) return NS_ERROR_FAILURE;
rv = certdb->GetCertsByType(aType,
CmpByTok_Org_Name,
getter_AddRefs(mCertArray));
if (NS_FAILED(rv)) return rv;
PRUint32 count;
rv = mCertArray->Count(&count);
if (NS_FAILED(rv)) return rv;
mNumOrgs = CountOrganizations();
mOutlinerArray = (outlinerArrayEl *)nsMemory::Alloc(
sizeof(outlinerArrayEl) * mNumOrgs);
PRUint32 j = 0;
nsCOMPtr<nsISupports> isupport = dont_AddRef(mCertArray->ElementAt(j));
nsCOMPtr<nsIX509Cert> orgCert = do_QueryInterface(isupport);
for (PRInt32 i=0; i<mNumOrgs; i++) {
orgCert->GetOrganization(&mOutlinerArray[i].orgName);
mOutlinerArray[i].open = PR_TRUE;
mOutlinerArray[i].certIndex = j;
mOutlinerArray[i].numChildren = 1;
if (++j >= count) break;
isupport = dont_AddRef(mCertArray->ElementAt(j));
nsCOMPtr<nsIX509Cert> nextCert = do_QueryInterface(isupport);
while (CmpByOrg(orgCert, nextCert) == 0) {
mOutlinerArray[i].numChildren++;
if (++j >= count) break;
isupport = dont_AddRef(mCertArray->ElementAt(j));
nextCert = do_QueryInterface(isupport);
}
orgCert = nextCert;
}
mNumRows = count + mNumOrgs;
if (rowsChanged) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%d,%d]", mNumRows, numChanged));
numChanged = mNumRows - numChanged;
if (mOutliner) mOutliner->RowCountChanged(0, numChanged);
}
return NS_OK;
}
//////////////////////////////////////////////////////////////////////////////
//
// Begin nsIOutlinerView methods
//
/////////////////////////////////////////////////////////////////////////////
/* nsIX509Cert getCert(in unsigned long index); */
NS_IMETHODIMP
nsCertOutliner::GetCert(const PRUint32 aIndex, nsIX509Cert **_cert)
{
NS_ENSURE_ARG(_cert);
*_cert = GetCertAtIndex(aIndex);
//nsCOMPtr<nsIX509Cert> cert = GetCertAtIndex(aIndex);
//if (cert) {
//*_cert = cert;
//NS_ADDREF(*_cert);
//}
return NS_OK;
}
/* readonly attribute long rowCount; */
NS_IMETHODIMP
nsCertOutliner::GetRowCount(PRInt32 *aRowCount)
{
PRUint32 count = 0;
for (PRInt32 i=0; i<mNumOrgs; i++) {
if (mOutlinerArray[i].open == PR_TRUE) {
count += mOutlinerArray[i].numChildren + 1;
} else {
count++;
}
}
*aRowCount = count;
return NS_OK;
}
/* attribute nsIOutlinerSelection selection; */
NS_IMETHODIMP
nsCertOutliner::GetSelection(nsIOutlinerSelection * *aSelection)
{
*aSelection = mSelection;
NS_IF_ADDREF(*aSelection);
return NS_OK;
}
NS_IMETHODIMP
nsCertOutliner::SetSelection(nsIOutlinerSelection * aSelection)
{
mSelection = aSelection;
return NS_OK;
}
/* void getRowProperties (in long index, in nsISupportsArray properties); */
NS_IMETHODIMP
nsCertOutliner::GetRowProperties(PRInt32 index, nsISupportsArray *properties)
{
return NS_OK;
}
/* void getCellProperties (in long row, in wstring colID,
* in nsISupportsArray properties);
*/
NS_IMETHODIMP
nsCertOutliner::GetCellProperties(PRInt32 row, const PRUnichar *colID,
nsISupportsArray *properties)
{
return NS_OK;
}
/* void getColumnProperties (in wstring colID,
* in nsIDOMElement colElt,
* in nsISupportsArray properties);
*/
NS_IMETHODIMP
nsCertOutliner::GetColumnProperties(const PRUnichar *colID,
nsIDOMElement *colElt,
nsISupportsArray *properties)
{
return NS_OK;
}
/* boolean isContainer (in long index); */
NS_IMETHODIMP
nsCertOutliner::IsContainer(PRInt32 index, PRBool *_retval)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el) {
*_retval = PR_TRUE;
} else {
*_retval = PR_FALSE;
}
return NS_OK;
}
/* boolean isContainerOpen (in long index); */
NS_IMETHODIMP
nsCertOutliner::IsContainerOpen(PRInt32 index, PRBool *_retval)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el && el->open == PR_TRUE) {
*_retval = PR_TRUE;
} else {
*_retval = PR_FALSE;
}
return NS_OK;
}
/* boolean isContainerEmpty (in long index); */
NS_IMETHODIMP
nsCertOutliner::IsContainerEmpty(PRInt32 index, PRBool *_retval)
{
*_retval = PR_FALSE;
return NS_OK;
}
/* long getParentIndex (in long rowIndex); */
NS_IMETHODIMP
nsCertOutliner::GetParentIndex(PRInt32 rowIndex, PRInt32 *_retval)
{
int i, idx = 0;
for (i=0; i<mNumOrgs; i++) {
if (rowIndex == idx) break; // index is for thread
if (rowIndex < idx + mOutlinerArray[i].numChildren + 1) {
*_retval = idx;
return NS_OK;
}
idx += mOutlinerArray[i].numChildren + 1;
if (idx > rowIndex) break;
}
*_retval = -1;
return NS_OK;
}
/* boolean hasNextSibling (in long rowIndex, in long afterIndex); */
NS_IMETHODIMP
nsCertOutliner::HasNextSibling(PRInt32 rowIndex, PRInt32 afterIndex,
PRBool *_retval)
{
*_retval = PR_FALSE;
return NS_OK;
}
/* long getLevel (in long index); */
NS_IMETHODIMP
nsCertOutliner::GetLevel(PRInt32 index, PRInt32 *_retval)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el) {
*_retval = 0;
} else {
*_retval = 1;
}
return NS_OK;
}
/* wstring getCellText (in long row, in wstring colID); */
NS_IMETHODIMP
nsCertOutliner::GetCellText(PRInt32 row, const PRUnichar *colID,
PRUnichar **_retval)
{
nsresult rv;
char *col = NS_CONST_CAST(char *, NS_ConvertUCS2toUTF8(colID).get());
outlinerArrayEl *el = GetThreadDescAtIndex(row);
if (el != nsnull) {
if (strcmp(col, "certcol") == 0) {
nsAutoString oName(el->orgName);
*_retval = oName.ToNewUnicode();
} else {
*_retval = nsnull;
}
return NS_OK;
}
nsCOMPtr<nsIX509Cert> cert = GetCertAtIndex(row);
if (cert == nsnull) return NS_ERROR_FAILURE;
char *str = NULL;
PRUnichar *wstr = NULL;
if (strcmp(col, "certcol") == 0) {
rv = cert->GetCommonName(&wstr);
if (NS_FAILED(rv) || !wstr) {
// can this be fixed to not do copying?
PRUnichar *tmp = nsnull;
rv = cert->GetNickname(&tmp);
nsAutoString nick(tmp);
char *tmps = nick.ToNewCString();
char *mark = strchr(tmps, ':');
if (mark) {
str = PL_strdup(mark + 1);
} else {
wstr = nick.ToNewUnicode();
}
nsMemory::Free(tmp);
nsMemory::Free(tmps);
}
} else if (strcmp(col, "tokencol") == 0) {
rv = cert->GetTokenName(&wstr);
} else if (strcmp(col, "verifiedcol") == 0) {
PRUint32 verified;
nsCOMPtr<nsINSSComponent> nssComponent(
do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return rv;
rv = cert->GetPurposes(&verified, NULL);
if (verified == nsIX509Cert::VERIFIED_OK) {
nsAutoString vfy;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifiedTrue").get(), vfy);
if (!NS_FAILED(rv))
wstr = vfy.ToNewUnicode();
} else {
nsAutoString vfy;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifiedFalse").get(), vfy);
if (!NS_FAILED(rv))
wstr = vfy.ToNewUnicode();
}
} else if (strcmp(col, "purposecol") == 0) {
PRUint32 verified;
rv = cert->GetPurposes(&verified, &wstr);
} else if (strcmp(col, "issuedcol") == 0) {
rv = cert->GetIssuedDate(&wstr);
} else if (strcmp(col, "expiredcol") == 0) {
rv = cert->GetExpiresDate(&wstr);
} else if (strcmp(col, "certdbkeycol") == 0) {
rv = cert->GetDbKey(&str);
} else {
return NS_ERROR_FAILURE;
}
if (str) {
nsAutoString astr = NS_ConvertASCIItoUCS2(str);
wstr = astr.ToNewUnicode();
}
*_retval = wstr;
return rv;
}
/* void setOutliner (in nsIOutlinerBoxObject outliner); */
NS_IMETHODIMP
nsCertOutliner::SetOutliner(nsIOutlinerBoxObject *outliner)
{
mOutliner = outliner;
return NS_OK;
}
/* void toggleOpenState (in long index); */
NS_IMETHODIMP
nsCertOutliner::ToggleOpenState(PRInt32 index)
{
outlinerArrayEl *el = GetThreadDescAtIndex(index);
if (el) el->open = !el->open;
PRInt32 fac = (el->open) ? 1 : -1;
if (mOutliner) mOutliner->RowCountChanged(index, fac * el->numChildren);
return NS_OK;
}
/* void cycleHeader (in wstring colID, in nsIDOMElement elt); */
NS_IMETHODIMP
nsCertOutliner::CycleHeader(const PRUnichar *colID, nsIDOMElement *elt)
{
return NS_OK;
}
/* void selectionChanged (); */
NS_IMETHODIMP
nsCertOutliner::SelectionChanged()
{
return NS_ERROR_NOT_IMPLEMENTED;
}
/* void cycleCell (in long row, in wstring colID); */
NS_IMETHODIMP
nsCertOutliner::CycleCell(PRInt32 row, const PRUnichar *colID)
{
return NS_OK;
}
/* boolean isEditable (in long row, in wstring colID); */
NS_IMETHODIMP
nsCertOutliner::IsEditable(PRInt32 row, const PRUnichar *colID, PRBool *_retval)
{
*_retval = PR_FALSE;
return NS_OK;
}
/* void setCellText (in long row, in wstring colID, in wstring value); */
NS_IMETHODIMP
nsCertOutliner::SetCellText(PRInt32 row, const PRUnichar *colID,
const PRUnichar *value)
{
return NS_OK;
}
/* void performAction (in wstring action); */
NS_IMETHODIMP
nsCertOutliner::PerformAction(const PRUnichar *action)
{
return NS_OK;
}
/* void performActionOnRow (in wstring action, in long row); */
NS_IMETHODIMP
nsCertOutliner::PerformActionOnRow(const PRUnichar *action, PRInt32 row)
{
return NS_OK;
}
/* void performActionOnCell (in wstring action, in long row,
* in wstring colID);
*/
NS_IMETHODIMP
nsCertOutliner::PerformActionOnCell(const PRUnichar *action, PRInt32 row,
const PRUnichar *colID)
{
return NS_OK;
}
#ifdef DEBUG_CERT_OUTLINER
void
nsCertOutliner::dumpMap()
{
for (int i=0; i<mNumOrgs; i++) {
nsAutoString org(mOutlinerArray[i].orgName);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("ORG[%s]", org.ToNewCString()));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("OPEN[%d]", mOutlinerArray[i].open));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("INDEX[%d]", mOutlinerArray[i].certIndex));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NCHILD[%d]", mOutlinerArray[i].numChildren));
}
for (int i=0; i<mNumRows; i++) {
outlinerArrayEl *el = GetThreadDescAtIndex(i);
if (el != nsnull) {
nsAutoString td(el->orgName);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("thread desc[%d]: %s",i,td.ToNewCString()));
}
nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
if (ct != nsnull) {
PRUnichar *goo;
ct->GetCommonName(&goo);
nsAutoString doo(goo);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert [%d]: %s",i,doo.ToNewCString()));
}
}
}
#endif

86
security/manager/ssl/src/nsCertTree.h Normal file
Просмотреть файл

@ -0,0 +1,86 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU General Public License Version 2 or later (the
* "GPL"), in which case the provisions of the GPL are applicable
* instead of those above. If you wish to allow use of your
* version of this file only under the terms of the GPL and not to
* allow others to use your version of this file under the MPL,
* indicate your decision by deleting the provisions above and
* replace them with the notice and other provisions required by
* the GPL. If you do not delete the provisions above, a recipient
* may use your version of this file under either the MPL or the
* GPL.
*
*/
#ifndef _NS_CERTOUTLINER_H_
#define _NS_CERTOUTLINER_H_
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "nsICertOutliner.h"
#include "nsIOutlinerView.h"
#include "nsIOutlinerBoxObject.h"
#include "nsIOutlinerSelection.h"
#include "nsISupportsArray.h"
typedef struct outlinerArrayElStr outlinerArrayEl;
class nsCertOutliner : public nsICertOutliner
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICERTOUTLINER
NS_DECL_NSIOUTLINERVIEW
nsCertOutliner();
virtual ~nsCertOutliner();
protected:
static PRInt32 CmpByToken(nsIX509Cert *a, nsIX509Cert *b);
static PRInt32 CmpByOrg(nsIX509Cert *a, nsIX509Cert *b);
static PRInt32 CmpByName(nsIX509Cert *a, nsIX509Cert *b);
static PRInt32 CmpByTok_Org_Name(nsIX509Cert *a, nsIX509Cert *b);
PRInt32 CountOrganizations();
private:
nsCOMPtr<nsISupportsArray> mCertArray;
nsCOMPtr<nsIOutlinerBoxObject> mOutliner;
nsCOMPtr<nsIOutlinerSelection> mSelection;
outlinerArrayEl *mOutlinerArray;
PRInt32 mNumOrgs;
PRInt32 mNumRows;
outlinerArrayEl *GetThreadDescAtIndex(PRInt32 _index);
nsIX509Cert *GetCertAtIndex(PRInt32 _index);
void FreeCertArray();
#ifdef DEBUG_CERT_OUTLINER
/* for debugging purposes */
void dumpMap();
#endif
};
#endif /* _NS_CERTOUTLINER_H_ */

421
security/manager/ssl/src/nsNSSCertificate.cpp
Просмотреть файл

@ -32,7 +32,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nsNSSCertificate.cpp,v 1.15 2001-03-30 19:54:57 mcgreer%netscape.com Exp $
* $Id: nsNSSCertificate.cpp,v 1.16 2001-05-01 23:23:20 mcgreer%netscape.com Exp $
*/
#include "prmem.h"
@ -47,6 +47,9 @@
#include "nsIX509Cert.h"
#include "nsINSSDialogs.h"
#include "nsString.h"
#include "nsILocaleService.h"
#include "nsIDateTimeFormat.h"
#include "nsDateTimeFormatCID.h"
#include "pk11func.h"
#include "certdb.h"
@ -59,6 +62,8 @@ extern PRLogModuleInfo* gPIPNSSLog;
#endif
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
static NS_DEFINE_CID(kDateTimeFormatCID, NS_DATETIMEFORMAT_CID);
static NS_DEFINE_CID(kLocaleServiceCID, NS_LOCALESERVICE_CID);
/*
* nsNSSCertTrust
@ -731,6 +736,75 @@ nsNSSCertificate::GetMd5Fingerprint(PRUnichar **_md5Fingerprint)
return NS_ERROR_FAILURE;
}
/* readonly attribute wstring issuedDate; */
NS_IMETHODIMP
nsNSSCertificate::GetIssuedDate(PRUnichar **_issuedDate)
{
nsresult rv;
PRTime beforeTime;
nsCOMPtr<nsIX509CertValidity> validity;
rv = this->GetValidity(getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotBefore(&beforeTime);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
beforeTime, date);
*_issuedDate = date.ToNewUnicode();
return NS_OK;
}
/* readonly attribute wstring expiresDate; */
NS_IMETHODIMP
nsNSSCertificate::GetExpiresDate(PRUnichar **_expiresDate)
{
nsresult rv;
PRTime afterTime;
nsCOMPtr<nsIX509CertValidity> validity;
rv = this->GetValidity(getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotAfter(&afterTime);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
do_CreateInstance(kDateTimeFormatCID, &rv);
if (NS_FAILED(rv)) return rv;
nsAutoString date;
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
afterTime, date);
*_expiresDate = date.ToNewUnicode();
return NS_OK;
}
NS_IMETHODIMP
nsNSSCertificate::GetTokenName(PRUnichar **aTokenName)
{
NS_ENSURE_ARG(aTokenName);
*aTokenName = nsnull;
if (mCert) {
if (mCert->slot) {
char *token = PK11_GetTokenName(mCert->slot);
if (token) {
nsAutoString tok = NS_ConvertASCIItoUCS2(token);
*aTokenName = tok.ToNewUnicode();
}
} else {
nsresult rv;
nsAutoString tok;
nsCOMPtr<nsINSSComponent> nssComponent(
do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return rv;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("InternalToken").get(), tok);
if (!NS_FAILED(rv))
*aTokenName = tok.ToNewUnicode();
}
}
return NS_OK;
}
/* [noscript] long getRawDER (out charPtr result) */
NS_IMETHODIMP
nsNSSCertificate::GetRawDER(char **result, PRUint32 *_retval)
@ -795,6 +869,139 @@ nsNSSCertificate::verifyFailed(PRUint32 *_verified)
return PR_TRUE;
}
nsresult
nsNSSCertificate::GetUsageArray(char *suffix,
PRUint32 *_verified,
PRUint32 *_count,
PRUnichar **tmpUsages)
{
nsresult rv;
int tmpCount = 0;
CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return rv;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLClient, NULL) == SECSuccess) {
// add client to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifySSLClient").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLServer, NULL) == SECSuccess) {
// add server to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifySSLServer").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLServerWithStepUp, NULL) == SECSuccess) {
// add stepup to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifySSLStepUp").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageEmailSigner, NULL) == SECSuccess) {
// add signer to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyEmailSigner").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageEmailRecipient, NULL) == SECSuccess) {
// add recipient to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyEmailRecip").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageObjectSigner, NULL) == SECSuccess) {
// add objsigner to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyObjSign").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#if 0
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageProtectedObjectSigner, NULL) == SECSuccess) {
// add protected objsigner to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyProtectObjSign").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageUserCertImport, NULL) == SECSuccess) {
// add user import to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyUserImport").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#endif
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLCA, NULL) == SECSuccess) {
// add SSL CA to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifySSLCA").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#if 0
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageVerifyCA, NULL) == SECSuccess) {
// add verify CA to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyCAVerifier").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#endif
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageStatusResponder, NULL) == SECSuccess) {
// add status responder to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyStatusResponder").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#if 0
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageAnyCA, NULL) == SECSuccess) {
// add any CA to usage
nsAutoString verifyDesc;
nsAutoString typestr(NS_LITERAL_STRING("VerifyAnyCA").get());
typestr.AppendWithConversion(suffix);
rv = nssComponent->GetPIPNSSBundleString(typestr.GetUnicode(), verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#endif
*_count = tmpCount;
*_verified = nsNSSCertificate::VERIFIED_OK;
return NS_OK;
verify_failed:
*_count = 0;
return NS_OK;
}
/*
* void getUsages(out PRUint32 verified,
* out PRUint32 count,
@ -806,140 +1013,45 @@ nsNSSCertificate::GetUsages(PRUint32 *_verified,
PRUnichar ***_usages)
{
nsresult rv;
PRUnichar *tmpUsages[6];
int tmpCount = 0;
CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return rv;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLClient, NULL) == SECSuccess) {
// add client to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifySSLClient").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLServer, NULL) == SECSuccess) {
// add server to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifySSLServer").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLServerWithStepUp, NULL) == SECSuccess) {
// add stepup to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifySSLStepUp").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageEmailSigner, NULL) == SECSuccess) {
// add signer to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyEmailSigner").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageEmailRecipient, NULL) == SECSuccess) {
// add recipient to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyEmailRecip").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageObjectSigner, NULL) == SECSuccess) {
// add objsigner to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyObjSign").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#if 0
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageProtectedObjectSigner, NULL) == SECSuccess) {
// add protected objsigner to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyProtectObjSign").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageUserCertImport, NULL) == SECSuccess) {
// add user import to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyUserImport").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#endif
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageSSLCA, NULL) == SECSuccess) {
// add SSL CA to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifySSLCA").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#if 0
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageVerifyCA, NULL) == SECSuccess) {
// add verify CA to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyCAVerifier").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#endif
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageStatusResponder, NULL) == SECSuccess) {
// add status responder to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyStatusResponder").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#if 0
if (CERT_VerifyCertNow(defaultcertdb, mCert, PR_TRUE,
certUsageAnyCA, NULL) == SECSuccess) {
// add any CA to usage
nsAutoString verifyDesc;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("VerifyAnyCA").get(),
verifyDesc);
tmpUsages[tmpCount++] = verifyDesc.ToNewUnicode();
} else if (verifyFailed(_verified)) goto verify_failed;
#endif
PRUnichar *tmpUsages[13];
char *suffix = "";
PRUint32 tmpCount;
rv = GetUsageArray(suffix, _verified, &tmpCount, tmpUsages);
if (tmpCount > 0) {
*_usages = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * tmpCount);
for (int i=0; i<tmpCount; i++) {
for (PRUint32 i=0; i<tmpCount; i++) {
(*_usages)[i] = tmpUsages[i];
}
*_count = tmpCount;
*_verified = nsNSSCertificate::VERIFIED_OK;
return NS_OK;
}
verify_failed:
*_usages = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *));
*_count = 0;
return NS_OK;
}
/* void getPurposes(out PRUint32 verified, out wstring purposes); */
NS_IMETHODIMP
nsNSSCertificate::GetPurposes(PRUint32 *_verified,
PRUnichar **_purposes)
{
nsresult rv;
PRUnichar *tmpUsages[13];
char *suffix = "_p";
PRUint32 tmpCount;
rv = GetUsageArray(suffix, _verified, &tmpCount, tmpUsages);
nsAutoString porpoises;
for (PRUint32 i=0; i<tmpCount; i++) {
if (i>0) porpoises.AppendWithConversion(",");
porpoises.Append(tmpUsages[i]);
nsMemory::Free(tmpUsages[i]);
}
if (_purposes != NULL) { // skip it for verify-only
*_purposes = porpoises.ToNewUnicode();
}
return NS_OK;
}
/* void view (); */
NS_IMETHODIMP
nsNSSCertificate::View()
@ -1070,6 +1182,51 @@ cleanup:
return rv;
}
/*
* [noscript] unsigned long getCertsByType(in unsigned long aType,
* in nsCertCompareFunc aCertCmpFn,
* out nsISupportsArray certs);
*/
PRBool
nsNSSCertificateDB::GetCertsByType(PRUint32 aType,
nsCertCompareFunc aCertCmpFn,
nsISupportsArray **_certs)
{
CERTCertList *certList = NULL;
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("GetCertsByType"));
nsCOMPtr<nsISupportsArray> certarray;
nsresult rv = NS_NewISupportsArray(getter_AddRefs(certarray));
if (NS_FAILED(rv)) return PR_FALSE;
certList = PK11_ListCerts(PK11CertListUnique, NULL);
CERTCertListNode *node;
int i, count = 0;
for (node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
node = CERT_LIST_NEXT(node)) {
if (getCertType(node->cert) == aType) {
nsCOMPtr<nsIX509Cert> pipCert = new nsNSSCertificate(node->cert);
if (pipCert) {
for (i=0; i<count; i++) {
nsCOMPtr<nsISupports> isupport =
getter_AddRefs(certarray->ElementAt(i));
nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(isupport);
if ((*aCertCmpFn)(pipCert, cert) < 0) {
certarray->InsertElementAt(pipCert, i);
break;
}
}
if (i == count) certarray->AppendElement(pipCert);
count++;
}
}
}
*_certs = certarray;
NS_ADDREF(*_certs);
if (certList)
CERT_DestroyCertList(certList);
return PR_TRUE;
}
/*
* [noscript] void importCertificate (in nsIX509Cert cert,
* in unsigned long type,
@ -1131,16 +1288,22 @@ done:
NS_IMETHODIMP
nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert)
{
nsNSSCertificate *nssCert = NS_STATIC_CAST(nsNSSCertificate*, aCert);
CERTCertificate *cert = nssCert->GetCert();
if (!cert) return NS_ERROR_FAILURE;
SECStatus srv;
#if 0
if (getCertType(aCert->mCert) == nsNSSCertificate::USER_CERT) {
return ((PK11_DeleteTokenCertAndKey(aCert->mCert, NULL)) == SECSuccess) ?
NS_OK : NS_ERROR_FAILURE;
// for later, to use tokens ...
if (getCertType(cert) == nsNSSCertificate::USER_CERT) {
srv = PK11_DeleteTokenCertAndKey(cert, NULL);
} else {
return ((SEC_DeletePermCertificate(aCert->mCert)) == SECSuccess) ?
NS_OK : NS_ERROR_FAILURE;
srv = SEC_DeletePermCertificate(cert);
}
#endif
return NS_ERROR_NOT_IMPLEMENTED;
srv = SEC_DeletePermCertificate(cert);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert deleted: %d", srv));
CERT_DestroyCertificate(cert);
return (srv) ? NS_ERROR_FAILURE : NS_OK;
}
/*

5
security/manager/ssl/src/nsNSSCertificate.h
Просмотреть файл

@ -61,6 +61,11 @@ private:
CERTCertificate *mCert;
PRBool verifyFailed(PRUint32 *_verified);
nsresult GetUsageArray(char *suffix,
PRUint32 *_verified,
PRUint32 *_count,
PRUnichar **tmpUsages);
};
class nsNSSCertificateDB : public nsIX509CertDB

9
security/manager/ssl/src/nsNSSModule.cpp
Просмотреть файл

@ -37,6 +37,7 @@
#include "nsPK11TokenDB.h"
#include "nsNSSCertificate.h"
#include "nsCertOutliner.h"
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
@ -46,6 +47,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPK11TokenDB)
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertContentListener, init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSCertificateDB)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertOutliner)
static nsModuleComponentInfo components[] =
{
@ -145,6 +147,13 @@ static nsModuleComponentInfo components[] =
NS_X509CERTDB_CID,
NS_X509CERTDB_CONTRACTID,
nsNSSCertificateDBConstructor
},
{
"Certificate Outliner",
NS_CERTOUTLINER_CID,
NS_CERTOUTLINER_CONTRACTID,
nsCertOutlinerConstructor
}
};

5
security/manager/ssl/src/nsPK11TokenDB.cpp
Просмотреть файл

@ -93,6 +93,7 @@ NS_IMETHODIMP
nsPK11Token::Login(PRBool force)
{
nsresult rv;
SECStatus srv;
PRBool test;
rv = this->NeedsLogin(&test);
if (NS_FAILED(rv)) return rv;
@ -102,8 +103,8 @@ nsPK11Token::Login(PRBool force)
}
rv = setPassword(mSlot, mUIContext);
if (NS_FAILED(rv)) return rv;
PK11_Authenticate(mSlot, PR_TRUE, mUIContext);
return NS_OK;
srv = PK11_Authenticate(mSlot, PR_TRUE, mUIContext);
return (srv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
}
/* void logout (); */

157
security/manager/ssl/src/nsPKCS12Blob.cpp
Просмотреть файл

@ -31,7 +31,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nsPKCS12Blob.cpp,v 1.7 2001-04-04 21:06:22 mcgreer%netscape.com Exp $
* $Id: nsPKCS12Blob.cpp,v 1.8 2001-05-01 23:23:22 mcgreer%netscape.com Exp $
*/
#include "prmem.h"
@ -40,7 +40,11 @@
#include "nsIFileSpec.h"
#include "nsINSSDialogs.h"
#include "nsIDirectoryService.h"
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
#include "nsProxiedService.h"
#include "nsNSSComponent.h"
#include "nsNSSHelper.h"
#include "nsPKCS12Blob.h"
#include "nsString.h"
@ -57,8 +61,13 @@
extern PRLogModuleInfo* gPIPNSSLog;
#endif
#define PIP_PKCS12_TMPFILENAME ".pip_p12tmp"
#define PIP_PKCS12_BUFFER_SIZE 2048
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
#define PIP_PKCS12_TMPFILENAME ".pip_p12tmp"
#define PIP_PKCS12_BUFFER_SIZE 2048
#define PIP_PKCS12_RESTORE_OK 1
#define PIP_PKCS12_BACKUP_OK 2
#define PIP_PKCS12_USER_CANCELED 3
// constructor
nsPKCS12Blob::nsPKCS12Blob()
@ -100,7 +109,7 @@ nsresult
nsPKCS12Blob::ImportFromFile(nsILocalFile *file)
{
nsresult rv;
SECStatus srv;
SECStatus srv = SECSuccess;
SEC_PKCS12DecoderContext *dcx = NULL;
PK11SlotInfo *slot = PK11_GetInternalKeySlot(); /* XXX fix me! */
SECItem unicodePw;
@ -112,18 +121,23 @@ nsPKCS12Blob::ImportFromFile(nsILocalFile *file)
// get file password (unicode)
unicodePw.data = NULL;
rv = getPKCS12FilePassword(&unicodePw);
if (NS_FAILED(rv) || unicodePw.data == NULL) goto finish;
rv = NS_ERROR_FAILURE;
if (NS_FAILED(rv)) goto finish;
if (unicodePw.data == NULL) {
handleError(PIP_PKCS12_USER_CANCELED);
return NS_OK;
}
// initialize the decoder
dcx = SEC_PKCS12DecoderStart(&unicodePw, slot, NULL,
digest_open, digest_close,
digest_read, digest_write,
this);
if (!dcx) goto finish;
if (!dcx) {
srv = SECFailure;
goto finish;
}
// read input file and feed it to the decoder
rv = inputToDecoder(dcx, file);
if (NS_FAILED(rv)) goto finish;
rv = NS_ERROR_FAILURE;
// verify the blob
srv = SEC_PKCS12DecoderVerify(dcx);
if (srv) goto finish;
@ -134,15 +148,15 @@ nsPKCS12Blob::ImportFromFile(nsILocalFile *file)
srv = SEC_PKCS12DecoderImportBags(dcx);
if (srv) goto finish;
// Later - check to see if this should become default email cert
rv = NS_OK;
handleError(PIP_PKCS12_RESTORE_OK);
finish:
if (NS_FAILED(rv)) {
if (NS_FAILED(rv) || srv != SECSuccess) {
handleError();
}
// finish the decoder
if (dcx)
SEC_PKCS12DecoderFinish(dcx);
return rv;
return NS_OK;
}
#if 0
@ -201,7 +215,7 @@ nsresult
nsPKCS12Blob::ExportToFile(nsILocalFile *file,
nsIX509Cert **certs, int numCerts)
{
nsresult rv, nrv;
nsresult rv;
SECStatus srv;
SEC_PKCS12ExportContext *ecx = NULL;
SEC_PKCS12SafeInfo *certSafe = NULL, *keySafe = NULL;
@ -215,12 +229,18 @@ nsPKCS12Blob::ExportToFile(nsILocalFile *file,
// get file password (unicode)
unicodePw.data = NULL;
rv = newPKCS12FilePassword(&unicodePw);
if (NS_FAILED(rv) || unicodePw.data == NULL) goto finish;
if (NS_FAILED(rv)) goto finish;
if (unicodePw.data == NULL) {
handleError(PIP_PKCS12_USER_CANCELED);
return NS_OK;
}
// what about slotToUse in psm 1.x ???
rv = NS_ERROR_FAILURE;
// create export context
ecx = SEC_PKCS12CreateExportContext(NULL, NULL, NULL /*slot*/, NULL);
if (!ecx) goto finish;
if (!ecx) {
srv = SECFailure;
goto finish;
}
// add password integrity
srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1);
if (srv) goto finish;
@ -240,9 +260,11 @@ nsPKCS12Blob::ExportToFile(nsILocalFile *file,
nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
// get it as a CERTCertificate XXX
CERTCertificate *nssCert = NULL;
//nrv = cert->GetCert(&nssCert);
nssCert = cert->GetCert();
if (NS_FAILED(nrv)) goto finish;
if (!nssCert) {
rv = NS_ERROR_FAILURE;
goto finish;
}
// XXX this is why, to verify the slot is the same
// PK11_FindObjectForCert(nssCert, NULL, slot);
// create the cert and key safes
@ -253,7 +275,10 @@ nsPKCS12Blob::ExportToFile(nsILocalFile *file,
certSafe = SEC_PKCS12CreatePasswordPrivSafe(ecx, &unicodePw,
SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
}
if (!certSafe || !keySafe) goto finish;
if (!certSafe || !keySafe) {
rv = NS_ERROR_FAILURE;
goto finish;
}
// add the cert and key to the blob
srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, NULL, nssCert,
CERT_GetDefaultCertDB(), // XXX
@ -271,9 +296,9 @@ nsPKCS12Blob::ExportToFile(nsILocalFile *file,
// encode and write
srv = SEC_PKCS12Encode(ecx, write_export_file, this);
if (srv) goto finish;
rv = NS_OK;
handleError(PIP_PKCS12_BACKUP_OK);
finish:
if (NS_FAILED(rv)) {
if (NS_FAILED(rv) || srv != SECSuccess) {
handleError();
}
if (ecx)
@ -503,24 +528,104 @@ pip_ucs2_ascii_conversion_fn(PRBool toUnicode,
return PR_TRUE;
}
#define kWindowWatcherCID "@mozilla.org/embedcomp/window-watcher;1"
PRBool
nsPKCS12Blob::handleError()
nsPKCS12Blob::handleError(int myerr)
{
nsresult rv;
PRBool keepGoing = PR_FALSE;
int prerr = PORT_GetError();
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PKCS12: NSS/NSPR error(%d)", prerr));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PKCS12: I called(%d)", myerr));
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return PR_FALSE;
nsCOMPtr<nsIProxyObjectManager> proxyman(
do_GetService(NS_XPCOMPROXY_CONTRACTID));
if (!proxyman) return PR_FALSE;
nsCOMPtr<nsIPrompt> errPrompt;
nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(kWindowWatcherCID));
if (wwatch) {
wwatch->GetNewPrompter(0, getter_AddRefs(errPrompt));
if (errPrompt) {
nsCOMPtr<nsIPrompt> proxyPrompt;
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, NS_GET_IID(nsIPrompt),
errPrompt, PROXY_SYNC,
getter_AddRefs(proxyPrompt));
if (!proxyPrompt) return PR_FALSE;
} else {
return PR_FALSE;
}
} else {
return PR_FALSE;
}
nsAutoString errorMsg;
switch (myerr) {
case PIP_PKCS12_RESTORE_OK:
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("SuccessfulP12Restore").get(),
errorMsg);
if (NS_FAILED(rv)) return rv;
errPrompt->Alert(nsnull, errorMsg.GetUnicode());
return PR_TRUE;
case PIP_PKCS12_BACKUP_OK:
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("SuccessfulP12Backup").get(),
errorMsg);
if (NS_FAILED(rv)) return rv;
errPrompt->Alert(nsnull, errorMsg.GetUnicode());
return PR_TRUE;
case PIP_PKCS12_USER_CANCELED:
return PR_TRUE; /* Just ignore it for now */
case 0:
default:
break;
}
switch (prerr) {
// The following errors have the potential to be "handled", by asking
// the user (via a dialog) whether s/he wishes to continue
case 0: break;
case SEC_ERROR_BAD_DER: /* sigh - this is thrown when password is wrong */
case SEC_ERROR_PKCS12_CERT_COLLISION:
/* pop a dialog saying the cert is already in the database */
/* ask to keep going? what happens if one collision but others ok? */
// The following errors cannot be "handled", notify the user (via an alert)
// that the operation failed.
#if 0
// XXX a boy can dream...
// but the PKCS12 lib never throws this error
// but then again, how would it? anyway, convey the info below
case SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT:
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("PKCS12PasswordInvalid").get(),
errorMsg);
if (NS_FAILED(rv)) return rv;
errPrompt->Alert(nsnull, errorMsg.GetUnicode());
break;
#endif
case SEC_ERROR_BAD_PASSWORD:
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("PK11BadPassword").get(),
errorMsg);
if (NS_FAILED(rv)) return rv;
errPrompt->Alert(nsnull, errorMsg.GetUnicode());
break;
case SEC_ERROR_BAD_DER:
case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
case SEC_ERROR_PKCS12_INVALID_MAC:
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("PKCS12DecodeErr").get(),
errorMsg);
if (NS_FAILED(rv)) return rv;
errPrompt->Alert(nsnull, errorMsg.GetUnicode());
break;
default:
/* open the "Unknown failure" alert */
/* always exit with failure */
return PR_FALSE;
rv = nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("PKCS12UnknownErrRestore").get(),
errorMsg);
if (NS_FAILED(rv)) return rv;
errPrompt->Alert(nsnull, errorMsg.GetUnicode());
}
return PR_FALSE;
if (NS_FAILED(rv)) return rv;
return keepGoing;
}

4
security/manager/ssl/src/nsPKCS12Blob.h
Просмотреть файл

@ -31,7 +31,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nsPKCS12Blob.h,v 1.3 2001-03-30 19:55:00 mcgreer%netscape.com Exp $
* $Id: nsPKCS12Blob.h,v 1.4 2001-05-01 23:23:23 mcgreer%netscape.com Exp $
*/
#ifndef _NS_PKCS12BLOB_H_
@ -84,7 +84,7 @@ private:
nsresult newPKCS12FilePassword(SECItem *);
nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsILocalFile *);
void unicodeToItem(PRUnichar *, SECItem *);
PRBool handleError();
PRBool handleError(int myerr = 0);
// NSPR file I/O for temporary digest file
PRFileDesc *mTmpFile;