diff --git a/security/manager/pki/resources/content/CAOverlay.xul b/security/manager/pki/resources/content/CAOverlay.xul
index 5897e540226..f462ac999dc 100644
--- a/security/manager/pki/resources/content/CAOverlay.xul
+++ b/security/manager/pki/resources/content/CAOverlay.xul
@@ -32,11 +32,12 @@
xmlns:cert="http://netscape.com/rdf-cert#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
-
-
+
+
@@ -44,7 +45,8 @@
-->
-
+
+
-
+
+
diff --git a/security/manager/pki/resources/content/MineOverlay.xul b/security/manager/pki/resources/content/MineOverlay.xul
new file mode 100644
index 00000000000..7c284b7c13b
--- /dev/null
+++ b/security/manager/pki/resources/content/MineOverlay.xul
@@ -0,0 +1,47 @@
+
+
+
+
+
+
+
+
+
+
+ &certmgr.mine;
+
+
+
+
+
+
+
+
+
+
diff --git a/security/manager/pki/resources/content/WebSitesOverlay.xul b/security/manager/pki/resources/content/WebSitesOverlay.xul
new file mode 100644
index 00000000000..2a396d08598
--- /dev/null
+++ b/security/manager/pki/resources/content/WebSitesOverlay.xul
@@ -0,0 +1,47 @@
+
+
+
+
+
+
+
+
+
+
+ &certmgr.websites;
+
+
+
+
+
+
+
+
+
+
diff --git a/security/manager/pki/resources/content/certManager.js b/security/manager/pki/resources/content/certManager.js
index 185651321f5..82efe377b12 100644
--- a/security/manager/pki/resources/content/certManager.js
+++ b/security/manager/pki/resources/content/certManager.js
@@ -21,6 +21,31 @@
* Ian McGreer
*/
+var selected_certs = [];
+var certmgr;
+
+function getSelectedCerts()
+{
+ var mine_tab = document.getElementById("mine_tab");
+ //var others_tab = document.getElementById("others_tab");
+ var websites_tab = document.getElementById("websites_tab");
+ var tree = document.getElementById('ca_treeset');
+ if (mine_tab.selected) {
+ tree = document.getElementById('mine_treeset');
+ } else if (websites_tab.selected) {
+ tree = document.getElementById('websites_treeset');
+ }
+ var items = tree.selectedItems;
+ if (items.length > 0) {
+ selected_certs = [];
+ for (var t=0; t 0) {
+ var delim = certNameList[0];
+ certNameList = certNameList.split(delim);
+ certNameList.sort();
+ }
+ for (var i=1; i 0) {
+ token = certname.substring(0, ti);
+ certname = certname.substring(ti+1, certname.length);
+ }
+ AddNameWithToken(node, [certname, token], node + "_", i);
+ }
+}
+
function LoadCertNames()
{
certmgr = Components
@@ -54,7 +118,6 @@ function LoadCertNames()
var nb = 0;
var nm = 0;
for (var i=1; i
+
+
@@ -44,25 +44,22 @@
+
-
-
+
+
+
+
-
+
@@ -81,5 +78,22 @@
+
+
+
+
+
+
+
diff --git a/security/manager/pki/resources/content/viewCertDetails.js b/security/manager/pki/resources/content/viewCertDetails.js
index cbf0e74ee89..302cef321b8 100644
--- a/security/manager/pki/resources/content/viewCertDetails.js
+++ b/security/manager/pki/resources/content/viewCertDetails.js
@@ -21,28 +21,91 @@
* Ian McGreer
*/
+const nsIX509Cert = Components.interfaces.nsIX509Cert;
+const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
+const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
+const nsPK11TokenDB = "thayes@netscape.com/pk11tokendb;1";
+const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
+
+function AddCertChain(node, chain)
+{
+ var idfier = "chain_";
+ var child = [document.getElementById(node)];
+ var item = document.createElement("treeitem");
+ item.setAttribute("id", idfier + "0");
+ item.setAttribute("container", "true");
+ item.setAttribute("open", "true");
+ var items = [item];
+ var rows = [document.createElement("treerow")];
+ var cell = document.createElement("treecell");
+ cell.setAttribute("class", "treecell-indent");
+ cell.setAttribute("value", chain[0]);
+ var cells = [cell];
+ for (var i=1; i=0; i--) {
+ rows[i].appendChild(cells[i]);
+ items[i].appendChild(rows[i]);
+ child[i].appendChild(items[i]);
+ }
+}
+
function setWindowName()
{
myName = self.name;
-// alert(myName);
var windowReference=document.getElementById('certDetails');
- windowReference.setAttribute("title","Certificate Detail: "+myName);
+ windowReference.setAttribute("title","Certificate Detail: \""+myName+"\"");
- certmgr = Components
- .classes["@mozilla.org/security/certmanager;1"]
- .createInstance();
- certmgr = certmgr.QueryInterface(Components
- .interfaces
- .nsICertificateManager);
+ // Get the token
+ // XXX ignore this for now. NSS will find the cert on a token
+ // by "tokenname:certname", which is what we have.
+ //var tokenName = "";
+ //var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
+ //var token = pk11db.findTokenByName(tokenName);
- cnstr = certmgr.getCertCN(myName);
+ // Get the cert from the cert database
+ var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
+ //var cert = certdb.getCertByNickname(token, myName);
+ var cert = certdb.getCertByNickname(null, myName);
+
+ //
+ // Set the cert attributes for viewing
+ //
+
+ // The chain of trust
+ var chainEnum = cert.getChain();
+ chainEnum.first();
+ var c = 0;
+ var chain = [];
+ try {
+ while (true) {
+ var node = chainEnum.currentItem();
+ node = node.QueryInterface(nsIX509Cert);
+ chain[c++] = node.commonName;
+ chainEnum.next();
+ }
+ } catch (e) {}
+ AddCertChain("chain", chain.reverse());
+
+ // Common Name
var cn=document.getElementById('commonname');
- cn.setAttribute("value", cnstr);
- // for now
- orgstr = certmgr.getCertCN(myName);
+ cn.setAttribute("value", cert.commonName);
+
+ // Organization
var org=document.getElementById('organization');
- org.setAttribute("value", orgstr);
- oustr = certmgr.getCertCN(myName);
+ org.setAttribute("value", cert.organization);
+
+ // Organizational Unit
var ou=document.getElementById('orgunit');
- ou.setAttribute("value", oustr);
+ ou.setAttribute("value", cert.organizationalUnit);
}
diff --git a/security/manager/pki/resources/content/viewCertDetails.xul b/security/manager/pki/resources/content/viewCertDetails.xul
index 47e56114e55..678d30e0110 100644
--- a/security/manager/pki/resources/content/viewCertDetails.xul
+++ b/security/manager/pki/resources/content/viewCertDetails.xul
@@ -40,10 +40,12 @@
-
-
+
+
-
+
+
+
diff --git a/security/manager/pki/resources/jar.mn b/security/manager/pki/resources/jar.mn
index 7b2055a480a..fef16a26347 100644
--- a/security/manager/pki/resources/jar.mn
+++ b/security/manager/pki/resources/jar.mn
@@ -14,6 +14,8 @@ pippki.jar:
content/pippki/certManager.js (content/certManager.js)
content/pippki/certManager.xul (content/certManager.xul)
content/pippki/CAOverlay.xul (content/CAOverlay.xul)
+ content/pippki/WebSitesOverlay.xul (content/WebSitesOverlay.xul)
+ content/pippki/MineOverlay.xul (content/MineOverlay.xul)
content/pippki/viewCertDetails.xul (content/viewCertDetails.xul)
content/pippki/viewCertDetails.js (content/viewCertDetails.js)
content/pippki/pippki.js (content/pippki.js)
diff --git a/security/manager/pki/resources/locale/en-US/certManager.dtd b/security/manager/pki/resources/locale/en-US/certManager.dtd
index 35f42d0a09c..264f5a6dfb1 100644
--- a/security/manager/pki/resources/locale/en-US/certManager.dtd
+++ b/security/manager/pki/resources/locale/en-US/certManager.dtd
@@ -22,9 +22,17 @@
-
-
-
+
+
+
+
+
+
+
+
+
+
+
diff --git a/security/manager/pki/src/nsCertificateManager.cpp b/security/manager/pki/src/nsCertificateManager.cpp
index 28bebfd49e4..e69de29bb2d 100644
--- a/security/manager/pki/src/nsCertificateManager.cpp
+++ b/security/manager/pki/src/nsCertificateManager.cpp
@@ -1,85 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
- *
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2001 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- * Ian McGreer
- */
-
-#include "nsIServiceManager.h"
-#include "nsIX509CertDB.h"
-#include "nsCertificateManager.h"
-
-#include "prlog.h"
-#ifdef PR_LOGGING
-PRLogModuleInfo* gPIPPKILog = nsnull;
-#endif
-
-static NS_DEFINE_IID(kCertDBCID, NS_X509CERTDB_CID);
-
-nsCertificateManager::nsCertificateManager()
-{
- NS_INIT_REFCNT();
-#ifdef PR_LOGGING
- if (!gPIPPKILog)
- gPIPPKILog = PR_NewLogModule("pippki");
-#endif
-}
-
-nsCertificateManager::~nsCertificateManager()
-{
-}
-
-NS_IMPL_ISUPPORTS(nsCertificateManager, NS_GET_IID(nsICertificateManager));
-
-NS_IMETHODIMP
-nsCertificateManager::GetCertNicknames(PRUint32 type,
- PRUnichar **_rNameList)
-{
- nsresult rv;
- nsAutoString nameList;
- PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting certdb service\n"));
- NS_WITH_SERVICE(nsIX509CertDB, certdb, kCertDBCID, &rv);
- if (NS_FAILED(rv)) return rv;
- PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting cert names\n"));
- rv = certdb->GetCertificateNames(nsnull, nsIX509Cert::CA_CERT, nameList);
- if (NS_SUCCEEDED(rv)) {
- PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("converting unicode\n"));
- *_rNameList = nameList.ToNewUnicode();
- }
- return rv;
-}
-
-// wstring getCertCN(in string nickname);
-NS_IMETHODIMP
-nsCertificateManager::GetCertCN(const char *nickname,
- PRUnichar **_rvCN)
-{
- nsresult rv;
- nsIX509Cert *cert;
- PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting certdb service\n"));
- NS_WITH_SERVICE(nsIX509CertDB, certdb, kCertDBCID, &rv);
- if (NS_FAILED(rv)) return rv;
- PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting cert %s\n", nickname));
- rv = certdb->GetCertByName(nsnull, nickname, &cert);
- if (NS_SUCCEEDED(rv)) {
- PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("converting unicode\n"));
- rv = cert->GetCommonName(_rvCN);
- }
- return rv;
-}
diff --git a/security/manager/ssl/public/nsICertificateManager.idl b/security/manager/ssl/public/nsICertificateManager.idl
index d3b6c611fa0..e69de29bb2d 100644
--- a/security/manager/ssl/public/nsICertificateManager.idl
+++ b/security/manager/ssl/public/nsICertificateManager.idl
@@ -1,46 +0,0 @@
-/*
- * The contents of this file are subject to the Mozilla Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of
- * the License at http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is Netscape
- * Communications Corporation. Portions created by Netscape are
- * Copyright (C) 2001 Netscape Communications Corporation. All
- * Rights Reserved.
- *
- * Contributor(s):
- * Ian McGreer
- */
-
-#include "nsISupports.idl"
-#include "nsIX509Cert.idl"
-
-/**
- * nsICertificateManager
- * This is the interface for the certificate manager
- */
-[scriptable, uuid(246ec570-11aa-11d5-ac66-000064657374)]
-interface nsICertificateManager : nsISupports
-{
- wstring getCertNicknames(in unsigned long type);
-
- wstring getCertCN(in string nickname);
-};
-
-%{C++
-
-// 246ec570-11aa-11d5-ac66-000064657374
-#define NS_CERTIFICATEMANAGER_CID \
-{ 0x246ec570, 0x11aa, 0x11d5, {0xac, 0x66, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74} }
-
-#define NS_CERTIFICATEMANAGER_CONTRACTID "@mozilla.org/security/certmanager;1"
-
-%}
diff --git a/security/manager/ssl/public/nsIX509Cert.idl b/security/manager/ssl/public/nsIX509Cert.idl
index fb8a1892a4e..60aa6b2cc34 100644
--- a/security/manager/ssl/public/nsIX509Cert.idl
+++ b/security/manager/ssl/public/nsIX509Cert.idl
@@ -34,6 +34,7 @@
*/
#include "nsISupports.idl"
+#include "nsIEnumerator.idl"
[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
interface nsIX509CertValidity : nsISupports {
@@ -48,6 +49,8 @@ interface nsIX509Cert : nsISupports {
* attributes for certs
*/
readonly attribute wstring commonName;
+ readonly attribute wstring organization;
+ readonly attribute wstring organizationalUnit;
readonly attribute nsIX509CertValidity validity;
@@ -68,6 +71,12 @@ interface nsIX509Cert : nsISupports {
/*
* accessors for certs
*/
+ nsIEnumerator getChain();
+/*
+ void getChain(out PRUint32 count,
+ [retval, array, size_is(count)] out nsIX509Cert chain);
+*/
+
[noscript] unsigned long getRawDER(out charPtr result);
};
diff --git a/security/manager/ssl/public/nsIX509CertDB.idl b/security/manager/ssl/public/nsIX509CertDB.idl
index 0acf83dcca5..15ad7ff787a 100644
--- a/security/manager/ssl/public/nsIX509CertDB.idl
+++ b/security/manager/ssl/public/nsIX509CertDB.idl
@@ -49,8 +49,8 @@ native nsAutoString(nsAutoString);
interface nsIX509CertDB : nsISupports {
- [noscript] nsIX509Cert getCertByName(in nsIPK11Token aToken,
- in string aNickname);
+ nsIX509Cert getCertByNickname(in nsIPK11Token aToken,
+ in wstring aNickname);
/*
* getCertificateList
diff --git a/security/manager/ssl/src/nsNSSCertificate.cpp b/security/manager/ssl/src/nsNSSCertificate.cpp
index 8f4577ba2cc..ec22f23b0e0 100644
--- a/security/manager/ssl/src/nsNSSCertificate.cpp
+++ b/security/manager/ssl/src/nsNSSCertificate.cpp
@@ -32,12 +32,13 @@
* may use your version of this file under either the MPL or the
* GPL.
*
- * $Id: nsNSSCertificate.cpp,v 1.6 2001-03-13 00:22:13 javi%netscape.com Exp $
+ * $Id: nsNSSCertificate.cpp,v 1.7 2001-03-13 16:20:54 mcgreer%netscape.com Exp $
*/
#include "prmem.h"
#include "nsCOMPtr.h"
+#include "nsISupportsArray.h"
#include "nsNSSCertificate.h"
#include "nsIX509Cert.h"
#include "nsString.h"
@@ -479,6 +480,71 @@ nsNSSCertificate::GetCommonName(PRUnichar **aCommonName)
return NS_OK;
}
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganization(PRUnichar **aOrganization)
+{
+ NS_ENSURE_ARG(aOrganization);
+ *aOrganization = nsnull;
+ if (mCert) {
+ char *organization = CERT_GetOrgName(&mCert->subject);
+ if (organization) {
+ nsAutoString org = NS_ConvertASCIItoUCS2(organization);
+ *aOrganization = org.ToNewUnicode();
+ }
+ }
+ return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganizationalUnit(PRUnichar **aOrganizationalUnit)
+{
+ NS_ENSURE_ARG(aOrganizationalUnit);
+ *aOrganizationalUnit = nsnull;
+ if (mCert) {
+ char *orgunit = CERT_GetOrgUnitName(&mCert->subject);
+ if (orgunit) {
+ nsAutoString ou = NS_ConvertASCIItoUCS2(orgunit);
+ *aOrganizationalUnit = ou.ToNewUnicode();
+ }
+ }
+ return NS_OK;
+}
+
+/*
+ * nsIEnumerator getChain();
+ */
+NS_IMETHODIMP
+nsNSSCertificate::GetChain(nsIEnumerator **_rvChain)
+{
+ nsresult rv;
+ CERTCertListNode *node;
+ nsIX509Cert **chain;
+ /* Get the cert chain from NSS */
+ CERTCertList *nssChain;
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting chain for \"%s\"\n", mCert->nickname));
+ nssChain = CERT_GetCertChainFromCert(mCert, PR_Now(), certUsageSSLClient);
+ if (!nssChain)
+ return NS_ERROR_FAILURE;
+ /* enumerate the chain for scripting purposes */
+ nsCOMPtr array;
+ rv = NS_NewISupportsArray(getter_AddRefs(array));
+ if (NS_FAILED(rv)) {
+ goto done;
+ }
+ for (node = CERT_LIST_HEAD(nssChain);
+ !CERT_LIST_END(node, nssChain);
+ node = CERT_LIST_NEXT(node)) {
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("adding %s to chain\n", node->cert->nickname));
+ nsCOMPtr cert = new nsNSSCertificate(node->cert);
+ array->AppendElement(cert);
+ }
+ rv = array->Enumerate(_rvChain);
+done:
+ if (nssChain)
+ CERT_DestroyCertList(nssChain);
+ return rv;
+}
+
/* [noscript] long getRawDER (out charPtr result) */
NS_IMETHODIMP
nsNSSCertificate::GetRawDER(char **result, PRUint32 *_retval)
@@ -524,26 +590,39 @@ nsNSSCertificateDB::~nsNSSCertificateDB()
{
}
-/* [noscript] nsIX509Cert getCertByName(in nsIPK11Token aToken,
- * in string aNickname);
+/* nsIX509Cert getCertByNickname(in nsIPK11Token aToken,
+ * in wstring aNickname);
*/
NS_IMETHODIMP
-nsNSSCertificateDB::GetCertByName(nsIPK11Token *aToken,
- const char *nickname,
- nsIX509Cert **_rvCert)
+nsNSSCertificateDB::GetCertByNickname(nsIPK11Token *aToken,
+ const PRUnichar *nickname,
+ nsIX509Cert **_rvCert)
{
CERTCertificate *cert = NULL;
- nsCOMPtr pCert = nsnull;
- char *foo = PL_strdup(nickname);
- PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", foo));
- cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), foo);
+ char *asciiname = NULL;
+ asciiname = NS_ConvertUCS2toUTF8(nickname);
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
+#if 0
+ // what it should be, but for now...
+ if (aToken) {
+ cert = PK11_FindCertFromNickname(asciiname, NULL);
+ } else {
+ cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
+ }
+#endif
+ cert = PK11_FindCertFromNickname(asciiname, NULL);
+ if (!cert) {
+ cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname);
+ }
if (cert) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));
- pCert = new nsNSSCertificate(cert);
+ nsCOMPtr pCert = new nsNSSCertificate(cert);
+ *_rvCert = pCert;
+ NS_ADDREF(*_rvCert);
+ return NS_OK;
}
- *_rvCert = pCert;
- NS_ADDREF(*_rvCert);
- return NS_OK;
+ *_rvCert = nsnull;
+ return NS_ERROR_FAILURE;
}
/* [noscript] void getCertificateNames(in nsIPK11Token aToken,
@@ -561,9 +640,13 @@ nsNSSCertificateDB::GetCertificateNames(nsIPK11Token *aToken,
*/
CERTCertList *certList = NULL;
PK11CertListType pk11type;
+#if 0
+ // this would seem right, but it didn't work...
+ // oh, I know why - bonks out on internal slot certs
if (aType == nsIX509Cert::USER_CERT)
pk11type = PK11CertListUser;
else
+#endif
pk11type = PK11CertListUnique;
certList = PK11_ListCerts(pk11type, NULL);
if (!certList)
@@ -656,7 +739,7 @@ nsNSSCertificateDB::getCertNames(CERTCertList *certList,
{
CERTCertListNode *node;
- PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("List of certs:\n"));
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("List of certs %d:\n", type));
for (node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
node = CERT_LIST_NEXT(node)) {
@@ -669,6 +752,8 @@ nsNSSCertificateDB::getCertNames(CERTCertList *certList,
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("%s\n", node->cert->nickname));
}
+ if (type == nsIX509Cert::USER_CERT)
+ PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("%s\n", node->cert->nickname));
}
}