mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=144435 Allow to edit trust for other people's certificate 

r=javi sr=alecf
This commit is contained in:
kaie%netscape.com 2002-08-06 13:18:12 +00:00
Родитель a811506968
Коммит ef2a7ad3c1
8 изменённых файлов: 168 добавлений и 7 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
security/manager/pki/resources/content/OthersOverlay.xul
Просмотреть файл

@ -66,11 +66,9 @@
<button id="email_viewButton"
label="&certmgr.view.label;"
disabled="true" oncommand="viewCerts();"/>
<!-- Not yet implemented
<button id="email_editButton"
label="&certmgr.edit.label;"
disabled="true" oncommand="editCerts();"/>
-->
<button id="email_addButton"
label="&certmgr.restore.label;"
oncommand="addEmailCert();"/>

6
security/manager/pki/resources/content/certManager.js
Просмотреть файл

@ -240,6 +240,8 @@ function email_enableButtons()
}
var enableViewButton=document.getElementById('email_viewButton');
enableViewButton.setAttribute("disabled",toggle);
var enableEditButton=document.getElementById('email_editButton');
enableEditButton.setAttribute("disabled",toggle);
var enableDeleteButton=document.getElementById('email_deleteButton');
enableDeleteButton.setAttribute("disabled",toggle);
}
@ -281,9 +283,13 @@ function editCerts()
var cert = selected_certs[t];
var certkey = cert.dbKey;
var ca_tab = document.getElementById("ca_tab");
var others_tab = document.getElementById("others_tab");
if (ca_tab.selected) {
window.openDialog('chrome://pippki/content/editcacert.xul', certkey,
'chrome,width=100,resizable=1,modal');
} else if (others_tab.selected) {
window.openDialog('chrome://pippki/content/editemailcert.xul', certkey,
'chrome,width=100,resizable=1,modal');
} else {
window.openDialog('chrome://pippki/content/editsslcert.xul', certkey,
'chrome,width=100,resizable=1,modal');

69
security/manager/pki/resources/content/editcerts.js
Просмотреть файл

@ -107,7 +107,7 @@ function doLoadForSSLCert()
setText("issuer", cert.issuerName);
var cacert = getCaCertForServerCert(cert);
var cacert = getCaCertForEntityCert(cert);
if(cacert == null)
{
setText("explainations",bundle.GetStringFromName("issuerNotKnown"));
@ -152,9 +152,72 @@ function doSSLOK()
window.close();
}
function doLoadForEmailCert()
{
var dbkey = self.name;
// Get the cert from the cert database
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
cert = certdb.getCertByDBKey(dbkey, null);
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
var windowReference = document.getElementById('editEmailCert');
var message1 = bundle.formatStringFromName("editTrustEmail",
[ cert.commonName ],
1);
setText("certmsg", message1);
setText("issuer", cert.issuerName);
var cacert = getCaCertForEntityCert(cert);
if(cacert == null)
{
setText("explainations",bundle.GetStringFromName("issuerNotKnown"));
}
else if(certdb.getCertTrust(cacert, nsIX509Cert.CA_CERT,
nsIX509CertDB.TRUSTED_EMAIL))
{
setText("explainations",bundle.GetStringFromName("issuerTrusted"));
}
else
{
setText("explainations",bundle.GetStringFromName("issuerNotTrusted"));
}
/*
if(cacert == null)
{
var editButton = document.getElementById('editca-button');
editButton.setAttribute("disabled","true");
}
*/
var trustemail = document.getElementById("trustEmailCert");
var notrustemail = document.getElementById("dontTrustEmailCert");
if (certdb.getCertTrust(cert, nsIX509Cert.EMAIL_CERT,
nsIX509CertDB.TRUSTED_EMAIL)) {
trustemail.radioGroup.selectedItem = trustemail;
} else {
trustemail.radioGroup.selectedItem = notrustemail;
}
window.sizeToContent();
}
function doEmailOK()
{
var email = document.getElementById("trustEmailCert");
//var checked = ssl.getAttribute("value");
var trustemail = email.selected ? nsIX509CertDB.TRUSTED_EMAIL : 0;
//
// Set the cert trust
//
certdb.setCertTrust(cert, nsIX509Cert.EMAIL_CERT, trustemail);
window.close();
}
function editCaTrust()
{
var cacert = getCaCertForServerCert(cert);
var cacert = getCaCertForEntityCert(cert);
if(cacert != null)
{
window.openDialog('chrome://pippki/content/editcacert.xul', cacert.dbKey,
@ -167,7 +230,7 @@ function editCaTrust()
}
}
function getCaCertForServerCert(cert)
function getCaCertForEntityCert(cert)
{
var i=1;
var nextCertInChain;

71
security/manager/pki/resources/content/editemailcert.xul Normal file
Просмотреть файл

@ -0,0 +1,71 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
- Contributor(s):
- Bob Lord <lord@netscape.com>
- Ian McGreer <mcgreer@netscape.com>
-->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE window SYSTEM "chrome://pippki/locale/certManager.dtd">
<window id="editEmailCert"
title="&certmgr.editemailcert.title;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="doLoadForEmailCert();"
>
<script type="application/x-javascript" src="chrome://global/content/strres.js"/>
<script type="application/x-javascript" src="chrome://pippki/content/pippki.js"/>
<script type="application/x-javascript" src="chrome://pippki/content/editcerts.js"/>
<script type="application/x-javascript" src="chrome://help/content/contextHelp.js"/>
<vbox flex="1">
<description id="certmsg"/>
<description id="issuer"/>
<separator/>
<description id="explainations"/>
<separator />
<description>&certmgr.editemailcert.edittrust;</description>
<vbox>
<radiogroup id="sslTrustGroup" flex="1">
<radio label="&certmgr.editemailcert.dotrust;"
id="trustEmailCert"/>
<radio label="&certmgr.editemailcert.donttrust;"
id="dontTrustEmailCert"/>
</radiogroup>
</vbox>
<hbox>
<button id="editca-button" label="&certmgr.editca.label;"
oncommand="editCaTrust();"/>
</hbox>
<hbox>
<button id="ok-button" label="&certmgr.ok.label;"
oncommand="doEmailOK();"/>
<button id="cancel-button" label="&certmgr.cancel.label;"
oncommand="window.close();"/>
<button id="help-button" label="&certmgr.help.label;"
oncommand="openHelp('edit_email_certs');"/>
</hbox>
</vbox>
</window>

1
security/manager/pki/resources/jar.mn
Просмотреть файл

@ -25,6 +25,7 @@ pippki.jar:
content/pippki/MineOverlay.xul (content/MineOverlay.xul)
content/pippki/viewCertDetails.xul (content/viewCertDetails.xul)
content/pippki/editcacert.xul (content/editcacert.xul)
content/pippki/editemailcert.xul (content/editemailcert.xul)
content/pippki/editsslcert.xul (content/editsslcert.xul)
content/pippki/editcerts.js (content/editcerts.js)
content/pippki/deletecert.xul (content/deletecert.xul)

4
security/manager/pki/resources/locale/en-US/certManager.dtd
Просмотреть файл

@ -61,6 +61,10 @@
<!ENTITY certmgr.editsslcert.edittrust "Edit certificate trust settings:">
<!ENTITY certmgr.editsslcert.dotrust "Trust the authenticity of this certificate.">
<!ENTITY certmgr.editsslcert.donttrust "Do not trust the authenticity of this certificate.">
<!ENTITY certmgr.editemailcert.title "Edit email certificate trust settings">
<!ENTITY certmgr.editemailcert.edittrust "Edit certificate trust settings:">
<!ENTITY certmgr.editemailcert.dotrust "Trust the authenticity of this certificate.">
<!ENTITY certmgr.editemailcert.donttrust "Do not trust the authenticity of this certificate.">
<!ENTITY certmgr.deletecert.title "Delete Certificate">
<!ENTITY certmgr.deletecert.beforename "You have requested to delete this certificate:">

1
security/manager/pki/resources/locale/en-US/pippki.properties
Просмотреть файл

@ -31,6 +31,7 @@ unnamedCA=Certificate Authority (unnamed)
editTrustWindowTitle=Edit certificate trust
editTrustCA=The certificate "%S" represents a Certificate Authority.
editTrustSSL=The certificate "%S" was issued by:
editTrustEmail=The certificate "%S" was issued by:
issuerNotTrusted=Because you do not trust the certificate authority that issued this certificate, you do not trust the authenticity of this certificate unless otherwise indicated here.
issuerTrusted=Because you trust the certificate authority that issued this certificate, you trust the authenticity of this certificate unless otherwise indicated here.
issuerNotKnown=Because you do not know the certificate authority that issued this certificate, you do not trust the authenticity of this certificate unless otherwise indicated here.

21
security/manager/ssl/src/nsNSSCertificate.cpp
Просмотреть файл

@ -3682,8 +3682,15 @@ nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert,
srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
nsscert,
trust.GetTrust());
} else if (type == nsIX509Cert::EMAIL_CERT) {
// always start with untrusted and move up
trust.SetValidPeer();
trust.AddPeerTrust(0, trusted & nsIX509CertDB::TRUSTED_EMAIL, 0);
srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
nsscert,
trust.GetTrust());
} else {
// ignore user and email certs
// ignore user certs
return NS_OK;
}
return (srv) ? NS_ERROR_FAILURE : NS_OK;
@ -3726,7 +3733,17 @@ nsNSSCertificateDB::GetCertTrust(nsIX509Cert *cert,
} else {
return NS_ERROR_FAILURE;
}
} /* user or email, ignore */
} else if (certType == nsIX509Cert::EMAIL_CERT) {
if (trustType & nsIX509CertDB::TRUSTED_SSL) {
*_isTrusted = trust.HasTrustedPeer(PR_TRUE, PR_FALSE, PR_FALSE);
} else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
*_isTrusted = trust.HasTrustedPeer(PR_FALSE, PR_TRUE, PR_FALSE);
} else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) {
*_isTrusted = trust.HasTrustedPeer(PR_FALSE, PR_FALSE, PR_TRUE);
} else {
return NS_ERROR_FAILURE;
}
} /* user: ignore */
return NS_OK;
}