bug 101637, expire master password after each time it is used, r=pchen, sr=alecf

extensions/wallet/resources/content/pref-passwords.xul

@@ -36,7 +36,7 @@
 
   <script type="application/x-javascript">
   <![CDATA[
-    var _elementIDs = ["signonRememberSignons", "encryptEnabled"];
+    var _elementIDs = ["signonRememberSignons", "encryptEnabled", "encryptExpire"];
   ]]>
   </script>
 
@@ -63,6 +63,23 @@
       wallet.WALLET_InitReencryptCallback(window);
     }
 
+    function encryptionTest() {
+      var checkbox = document.getElementById("encryptExpire");
+      var checked = checkbox.getAttribute("checked");
+
+      var wallet = Components.classes['@mozilla.org/wallet/wallet-service;1'];
+      wallet = wallet.getService();
+      wallet = wallet.QueryInterface(Components.interfaces.nsIWalletService);
+      try {
+        wallet.WALLET_Encrypt("dummy");
+      } catch (ex) {
+        // user could not supply master password, leave checkbox in original state
+        checkbox.setAttribute("checked", !checked);
+        return false;
+      }
+      return true;
+    }
+
   ]]>
   </script>
         
@@ -87,11 +104,14 @@
   <groupbox orient="vertical">
     <caption label="&encryptHeader.label;"/>
     <html flex="1">&encryptDescription.label;</html>
-    <hbox autostretch="never">
+    <vbox autostretch="never">
       <checkbox id="encryptEnabled" label="&encryptEnabled.label;" accesskey="&encryptEnabled.accesskey;"
               pref="true" preftype="bool" prefstring="wallet.crypto"
               prefattribute="checked" oncommand="initReencryptCallback();"/>
-    </hbox>
+      <checkbox id="encryptExpire" label="&encryptExpire.label;" accesskey="&encryptExpire.accesskey;"
+              pref="true" preftype="bool" prefstring="signon.expireMasterPassword"
+              prefattribute="checked" oncommand="encryptionTest();"/>
+    </vbox>
 
   </groupbox>
 

extensions/wallet/resources/locale/en-US/pref-passwords.dtd

@@ -12,3 +12,5 @@
 <!ENTITY  encryptDescription.label    "Sensitive data that is stored on your hard disk can be encrypted to prevent the data from being read by an intruder.  A password is used to access the data.">
 <!ENTITY  encryptEnabled.label        "Use encryption when storing sensitive data.">
 <!ENTITY  encryptEnabled.accesskey    "n">
+<!ENTITY  encryptExpire.label         "Expire master password after each use.">
+<!ENTITY  encryptExpire.accesskey     "x">

extensions/wallet/src/nsWalletService.cpp

@@ -272,6 +272,23 @@ nsWalletlibService::UnregisterProc(nsIComponentManager *aCompMgr,
   return NS_OK;
 }
 
+PRBool expireMasterPassword = PR_FALSE;
+#define expireMasterPasswordPref "signon.expireMasterPassword"
+
+MODULE_PRIVATE int PR_CALLBACK
+ExpireMasterPasswordPrefChanged(const char * newpref, void * data) {
+  nsresult rv;
+  nsCOMPtr<nsIPref> prefs(do_GetService(NS_PREF_CONTRACTID, &rv));
+  if (NS_FAILED(prefs->GetBoolPref(expireMasterPasswordPref, &expireMasterPassword))) {
+    expireMasterPassword = PR_FALSE;
+  }
+  if (expireMasterPassword) {
+      PRBool status;
+      WLLT_ExpirePassword(&status);
+  }
+  return 0;
+}
+
 nsresult nsWalletlibService::Init() 
 {
   nsresult rv;
@@ -299,6 +316,13 @@ nsresult nsWalletlibService::Init()
   else
     NS_ASSERTION(PR_FALSE, "Could not get nsIDocumentLoader");
   
+  /* initialize the expire-master-password feature */
+  nsCOMPtr<nsIPref> prefs(do_GetService(NS_PREF_CONTRACTID, &rv));
+  if (NS_SUCCEEDED(rv)) {
+    prefs->RegisterCallback(expireMasterPasswordPref, ExpireMasterPasswordPrefChanged, NULL);
+    prefs->GetBoolPref(expireMasterPasswordPref, &expireMasterPassword);
+  }
+
   return NS_OK;
 }
 
@@ -448,6 +472,10 @@ nsWalletlibService::OnStateChange(nsIWebProgress* aWebProgress,
           }
         }
     }
+    if (expireMasterPassword) {
+      PRBool status;
+      WLLT_ExpirePassword(&status);
+    }
     return rv;
 }