b=161915 Combine verified and purposes column in certificate manager

r=javi sr=jag
2002-08-26 20:16:25 +00:00 · 2002-08-26 20:16:25 +00:00 · 7f95e3306b
--- a/security/manager/pki/resources/content/MineOverlay.xul
+++ b/security/manager/pki/resources/content/MineOverlay.xul
@ -43,9 +43,6 @@
        <treecol id="tokencol" label="&certmgr.tokenname;"
                     persist="hidden width ordinal" flex="1"/>
        <splitter class="tree-splitter"/>
-        <treecol id="verifiedcol" 
-                     persist="hidden width ordinal" flex="1"/>
-        <splitter class="tree-splitter"/>
        <treecol id="purposecol" label="&certmgr.purpose;"
                     persist="hidden width ordinal" flex="1"/>
        <splitter class="tree-splitter"/>
--- a/security/manager/pki/resources/content/OthersOverlay.xul
+++ b/security/manager/pki/resources/content/OthersOverlay.xul
@ -56,7 +56,7 @@
        <treecol id="emailcol" label="&certmgr.email;"
                     flex="1"/>
        <splitter class="tree-splitter"/>
-        <treecol id="tokencol" label="&certmgr.tokenname;"
+        <treecol id="purposecol" label="&certmgr.purpose;"
                     flex="1"/>
 <!--        <treecol id="certdbkeycol" collapsed="true" flex="1"/> -->
      </treecols>
--- a/security/manager/pki/resources/content/WebSitesOverlay.xul
+++ b/security/manager/pki/resources/content/WebSitesOverlay.xul
@ -40,7 +40,7 @@
        <treecol id="certcol" label="&certmgr.certname;" primary="true" 
                     persist="hidden width ordinal" flex="1"/>
        <splitter class="tree-splitter"/>
-        <treecol id="tokencol" label="&certmgr.tokenname;"
+        <treecol id="purposecol" label="&certmgr.purpose;"
                     persist="hidden width ordinal" flex="1"/>
 <!--        <treecol id="certdbkeycol" collapsed="true" flex="1"/> -->
      </treecols>
--- a/security/manager/pki/resources/content/certManager.js
+++ b/security/manager/pki/resources/content/certManager.js
@ -87,16 +87,9 @@ function LoadCerts()
    enableBackupAllButton.setAttribute("enabled",true);
  }

-
-  var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
-  var verifiedColText;
  if (certdb.ocspOn) {
-    verifiedColText = bundle.GetStringFromName("certmgr.verifiedNoOCSP");
-  } else {
-    verifiedColText = bundle.GetStringFromName("certmgr.verified");
+    document.getElementById('ocsp_info').removeAttribute("hidden");
  }
-  var verifiedCol = document.getElementById('verifiedcol');
-  verifiedCol.setAttribute('label', verifiedColText);
 }

 function getSelectedTab()
--- a/security/manager/pki/resources/content/certManager.xul
+++ b/security/manager/pki/resources/content/certManager.xul
@ -57,11 +57,12 @@
      </tabpanels>
    </tabbox>

-    <hbox>
+    <hbox align="center">
      <button id="HelpButton"
              label="&certmgr.help.label;" 
              accesskey="&certmgr.helpButtonAccessKey;"
              oncommand="doHelpButton();"/>
+      <description id="ocsp_info" hidden="true">&certmgr.ocsp_info;</description>
    </hbox>
  </vbox>

--- a/security/manager/pki/resources/locale/en-US/certManager.dtd
+++ b/security/manager/pki/resources/locale/en-US/certManager.dtd
@ -75,11 +75,12 @@

 <!ENTITY certmgr.certname "Certificate Name">
 <!ENTITY certmgr.tokenname "Security Device">
-<!ENTITY certmgr.purpose "Purpose">
+<!ENTITY certmgr.purpose "Purposes">
 <!ENTITY certmgr.issued "Issued On">
 <!ENTITY certmgr.expires "Expires On">
 <!ENTITY certmgr.email "E-Mail Address">
 <!ENTITY certmgr.serial "Serial Number">
+<!ENTITY certmgr.ocsp_info "Certificates have not been validated with OCSP. Click View to do so.">

 <!ENTITY certmgr.help.label "Help">
 <!ENTITY certmgr.ok.label "OK">
--- a/security/manager/pki/resources/locale/en-US/pippki.properties
+++ b/security/manager/pki/resources/locale/en-US/pippki.properties
@ -144,9 +144,6 @@ enable_fips=Enable FIPS
 disable_fips=Disable FIPS
 fips_nonempty_password_required=FIPS mode requires that you have a Master Password set for each security device. Please set the password before trying to enable FIPS mode.

-certmgr.verified=Verified
-certmgr.verifiedNoOCSP=Verified (No OCSP)
-
 # CRL next update.
 crlNextUpdateMsg1=%S cannot establish an encrypted connection with "%S".
 crlNextUpdateMsg2=The certificate revocation list (CRL) from "%S" needs to be updated.
--- a/security/manager/ssl/resources/locale/en-US/pipnss.properties
+++ b/security/manager/ssl/resources/locale/en-US/pipnss.properties
@ -226,3 +226,10 @@ CrlImportFailureNetworkProblem=Download of the CRL failed due to Network problem
 CrlImportFailureReasonUnknown=Error Importing CRL to local Database. Error Code: 
 CrlImportFailure2=Please ask your system administrator for assistance.
 NSSInitProblem=Could not initialize the browser's security component. The most likely cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behaviour when accessing security features.
+VerifyExpired=<Expired>
+VerifyRevoked=<Revoked>
+VerifyNotTrusted=<Not Trusted>
+VerifyIssuerNotTrusted=<Issuer Not Trusted>
+VerifyIssuerUnknown=<Issuer Unknown>
+VerifyInvalidCA=<Invalid CA>
+VerifyUnknown=<Unknown>
--- a/security/manager/ssl/src/nsCertTree.cpp
+++ b/security/manager/ssl/src/nsCertTree.cpp
@ -118,6 +118,7 @@ nsCertTree::nsCertTree() : mTreeArray(NULL)
 {
  NS_INIT_ISUPPORTS();
  mCompareCache.ops = nsnull;
+  mNSSComponent = do_GetService(kNSSComponentCID);
 }

 void nsCertTree::ClearCompareHash()
@ -714,47 +715,58 @@ nsCertTree::GetCellText(PRInt32 row, const PRUnichar *colID,
    rv = cert->GetTokenName(&wstr);
  } else if (strcmp(col, "emailcol") == 0) {
    rv = cert->GetEmailAddress(&wstr);
-  } else if (strcmp(col, "verifiedcol") == 0) {
+  } else if (strcmp(col, "purposecol") == 0 && mNSSComponent) {
    PRUint32 verified;
-    nsCOMPtr<nsINSSComponent> nssComponent(
-                                      do_GetService(kNSSComponentCID, &rv));
-    if (NS_FAILED(rv)) return rv;
    PRBool ocspEnabled;
    cert->GetUsesOCSP(&ocspEnabled);
    if (ocspEnabled) {
-      nssComponent->DisableOCSP();
+      mNSSComponent->DisableOCSP();
    }
+
    rv = cert->GetPurposes(&verified, NULL);
-    if (verified == nsIX509Cert::VERIFIED_OK) {
-      nsAutoString vfy;
-      rv = nssComponent->GetPIPNSSBundleString(
-                                NS_LITERAL_STRING("VerifiedTrue").get(), vfy);
-      if (NS_SUCCEEDED(rv))
-        wstr = ToNewUnicode(vfy);
-    } else {
-      nsAutoString vfy;
-      rv = nssComponent->GetPIPNSSBundleString(
-                                NS_LITERAL_STRING("VerifiedFalse").get(), vfy);
-      if (NS_SUCCEEDED(rv))
-        wstr = ToNewUnicode(vfy);
+    if (NS_FAILED(rv)) {
+      verified = nsIX509Cert::NOT_VERIFIED_UNKNOWN;
    }
-    if (ocspEnabled) {
-      nssComponent->EnableOCSP();
+
+    switch (verified) {
+      case nsIX509Cert::VERIFIED_OK:
+        rv = cert->GetPurposes(&verified, &wstr);
+        break;
+
+      case nsIX509Cert::CERT_REVOKED:
+        rv = mNSSComponent->GetPIPNSSBundleString(
+                                  NS_LITERAL_STRING("VerifyRevoked").get(), &wstr);
+        break;
+      case nsIX509Cert::CERT_EXPIRED:
+        rv = mNSSComponent->GetPIPNSSBundleString(
+                                  NS_LITERAL_STRING("VerifyExpired").get(), &wstr);
+        break;
+      case nsIX509Cert::CERT_NOT_TRUSTED:
+        rv = mNSSComponent->GetPIPNSSBundleString(
+                                  NS_LITERAL_STRING("VerifyNotTrusted").get(), &wstr);
+        break;
+      case nsIX509Cert::ISSUER_NOT_TRUSTED:
+        rv = mNSSComponent->GetPIPNSSBundleString(
+                                  NS_LITERAL_STRING("VerifyIssuerNotTrusted").get(), &wstr);
+        break;
+      case nsIX509Cert::ISSUER_UNKNOWN:
+        rv = mNSSComponent->GetPIPNSSBundleString(
+                                  NS_LITERAL_STRING("VerifyIssuerUnknown").get(), &wstr);
+        break;
+      case nsIX509Cert::INVALID_CA:
+        rv = mNSSComponent->GetPIPNSSBundleString(
+                                  NS_LITERAL_STRING("VerifyInvalidCA").get(), &wstr);
+        break;
+      case nsIX509Cert::NOT_VERIFIED_UNKNOWN:
+      case nsIX509Cert::USAGE_NOT_ALLOWED:
+      default:
+        rv = mNSSComponent->GetPIPNSSBundleString(
+                                  NS_LITERAL_STRING("VerifyUnknown").get(), &wstr);
+        break;
    }
-  } else if (strcmp(col, "purposecol") == 0) {
-    PRUint32 verified;
-    PRBool ocspEnabled;
-    nsCOMPtr<nsINSSComponent> nssComponent(
-                                      do_GetService(kNSSComponentCID, &rv));
-    if (NS_FAILED(rv)) return rv;
-  
-    cert->GetUsesOCSP(&ocspEnabled);
+
    if (ocspEnabled) {
-      nssComponent->DisableOCSP();
-    }
-    rv = cert->GetPurposes(&verified, &wstr);
-    if (ocspEnabled) {
-      nssComponent->EnableOCSP();
+      mNSSComponent->EnableOCSP();
    }
  } else if (strcmp(col, "issuedcol") == 0) {
    rv = cert->GetIssuedDate(&wstr);
--- a/security/manager/ssl/src/nsCertTree.h
+++ b/security/manager/ssl/src/nsCertTree.h
@ -89,6 +89,7 @@ private:
  PRInt32                         mNumOrgs;
  PRInt32                         mNumRows;
  PLDHashTable mCompareCache;
+  nsCOMPtr<nsINSSComponent> mNSSComponent;

  treeArrayEl *GetThreadDescAtIndex(PRInt32 _index);
  nsIX509Cert *GetCertAtIndex(PRInt32 _index);