bug 80094, implement device manager for PSM2

r=thayes, sr=blizzard

security/manager/pki/resources/content/device_manager.js

@@ -0,0 +1,353 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 2001 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *  Bob Lord <lord@netscape.com>
+ *  Ian McGreer <mcgreer@netscape.com>
+ */
+
+const nsIFilePicker = Components.interfaces.nsIFilePicker;
+const nsFilePicker = "@mozilla.org/filepicker;1";
+const nsIPKCS11Slot = Components.interfaces.nsIPKCS11Slot;
+const nsIPKCS11Module = Components.interfaces.nsIPKCS11Module;
+const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
+const nsIPKCS11ModuleDB = Components.interfaces.nsIPKCS11ModuleDB;
+const nsIPK11Token = Components.interfaces.nsIPK11Token;
+const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
+const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
+
+var bundle;
+var secmoddb;
+
+/* Do the initial load of all PKCS# modules and list them. */
+function LoadModules()
+{
+  bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
+  secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
+  var modules = secmoddb.listModules();
+  var done = false;
+  try {
+    modules.isDone();
+  } catch (e) { done = true; }
+  while (!done) {
+    var module = modules.currentItem().QueryInterface(nsIPKCS11Module);
+    if (module) {
+      var slotnames = [];
+      var slots = module.listSlots();
+      var slots_done = false;
+      try {
+        slots.isDone();
+      } catch (e) { slots_done = true; }
+      while (!slots_done) {
+        var slot = slots.currentItem().QueryInterface(nsIPKCS11Slot);
+        // in the ongoing discussion of whether slot names or token names
+        // are to be shown, I've gone with token names because NSS will
+        // prefer lookup by token name.  However, the token may not be
+        // present, so maybe slot names should be listed, while token names
+        // are "remembered" for lookup?
+        slotnames[slotnames.length] = slot.name;
+        try {
+          slots.next();
+        } catch (e) { slots_done = true; }
+      }
+      AddModule(module.name, slotnames);
+    }
+    try {
+      modules.next();
+    } catch (e) { done = true; }
+  }
+}
+
+/* Add a module to the tree.  slots is the array of slots in the module,
+ * to be represented as children.
+ */
+function AddModule(module, slots)
+{
+  var tree = document.getElementById("device_list");
+  var item  = document.createElement("treeitem");
+  var row  = document.createElement("treerow");
+  var cell = document.createElement("treecell");
+  cell.setAttribute("class", "propertylist");
+  cell.setAttribute("label", module);
+  cell.setAttribute("style", "font-weight: bold");
+  cell.setAttribute("crop", "never");
+  row.appendChild(cell);
+  item.appendChild(row);
+  var parent = document.createElement("treechildren");
+  for (var i = 0; i<slots.length; i++) {
+    var child_item = document.createElement("treeitem");
+    var child_row = document.createElement("treerow");
+    var child_cell = document.createElement("treecell");
+    child_cell.setAttribute("label", slots[i]);
+    child_cell.setAttribute("class", "treecell-indent");
+    child_row.appendChild(child_cell);
+    child_item.appendChild(child_row);
+    child_item.setAttribute("pk11kind", "slot");
+    parent.appendChild(child_item);
+  }
+  item.appendChild(parent);
+  item.setAttribute("pk11kind", "module");
+  item.setAttribute("open", "true");
+  item.setAttribute("container", "true");
+  tree.appendChild(item);
+}
+
+var selected_slot;
+
+/* get the slot selected by the user (can only be one-at-a-time) */
+function getSelectedSlot()
+{
+  var tree = document.getElementById('device_tree');
+  var items = tree.selectedItems;
+  selected_slot = null;
+  if (items.length > 0) {
+    var kind = items[0].getAttribute("pk11kind");
+    if (kind == "slot") {
+      // get the module cell for this slot cell
+      var cell = items[0].parentNode.parentNode.firstChild.firstChild;
+      var module_name = cell.getAttribute("label");
+      var module = secmoddb.findModuleByName(module_name);
+      // get the cell for the selected row (the slot to display)
+      cell = items[0].firstChild.firstChild;
+      var slot_name = cell.getAttribute("label");
+      selected_slot = module.findSlotByName(slot_name);
+    }
+    /* else (kind == "module") */ /* nothing for now */
+  }
+}
+
+function enableButtons()
+{
+  var toggle = "true";
+  var login_toggle = "true";
+  var logout_toggle = "true";
+  var pw_toggle = "true";
+  getSelectedSlot();
+  if (!selected_slot) {
+    ClearInfoList();
+    return;
+  }
+  // here's the workaround - login functions are all with token,
+  // so grab the token type
+  var selected_token = selected_slot.getToken();
+  if (selected_token != null) {
+    toggle="false";
+    if (selected_token.needsLogin()) {
+      pw_toggle = "false";
+      if (selected_token.isLoggedIn()) {
+        login_toggle = "true";
+        logout_toggle = "false";
+      } else {
+        login_toggle = "false";
+        logout_toggle = "true";
+      }
+    }
+  }
+  var thebutton = document.getElementById('change_slotname_button');
+  // not implemented
+  //thebutton.setAttribute("disabled", toggle);
+  thebutton.setAttribute("disabled", "true");
+  thebutton = document.getElementById('login_button');
+  thebutton.setAttribute("disabled", login_toggle);
+  thebutton = document.getElementById('logout_button');
+  thebutton.setAttribute("disabled", logout_toggle);
+  thebutton = document.getElementById('change_pw_button');
+  // not implemented
+  //thebutton.setAttribute("disabled", pw_toggle);
+  thebutton.setAttribute("disabled", "true");
+  showSlotInfo();
+}
+
+// clear the display of information for the slot
+function ClearInfoList()
+{
+  var info_list = document.getElementById("info_list");
+  var nodes = info_list.childNodes;
+  for (var i=0; i<nodes.length; i++) {
+    info_list.removeChild(nodes[i])
+  }
+}
+
+// show a list of info about a slot
+function showSlotInfo()
+{
+  ClearInfoList();
+  switch (selected_slot.status) {
+   case nsIPKCS11Slot.SLOT_DISABLED:
+     AddInfoRow(bundle.GetStringFromName("devinfo_status"), 
+                bundle.GetStringFromName("devinfo_stat_disabled"), 
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_NOT_PRESENT:
+     AddInfoRow(bundle.GetStringFromName("devinfo_status"), 
+                bundle.GetStringFromName("devinfo_stat_notpresent"), 
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_UNITIALIZED:
+     AddInfoRow(bundle.GetStringFromName("devinfo_status"), 
+                bundle.GetStringFromName("devinfo_stat_uninitialized"), 
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_NOT_LOGGED_IN:
+     AddInfoRow(bundle.GetStringFromName("devinfo_status"), 
+                bundle.GetStringFromName("devinfo_stat_notloggedin"), 
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_LOGGED_IN:
+     AddInfoRow(bundle.GetStringFromName("devinfo_status"), 
+                bundle.GetStringFromName("devinfo_stat_loggedin"), 
+                "tok_status");
+     break;
+   case nsIPKCS11Slot.SLOT_READY:
+     AddInfoRow(bundle.GetStringFromName("devinfo_status"), 
+                bundle.GetStringFromName("devinfo_stat_ready"), 
+                "tok_status");
+     break;
+  }
+  AddInfoRow(bundle.GetStringFromName("devinfo_desc"), 
+             selected_slot.desc, "slot_desc");
+  AddInfoRow(bundle.GetStringFromName("devinfo_manID"), 
+             selected_slot.manID, "slot_manID");
+  AddInfoRow(bundle.GetStringFromName("devinfo_hwversion"),
+             selected_slot.HWVersion, "slot_hwv");
+  AddInfoRow(bundle.GetStringFromName("devinfo_fwversion"),
+             selected_slot.FWVersion, "slot_fwv");
+}
+
+// add a row to the info list, as [col1 col2] (ex.: ["status" "logged in"])
+function AddInfoRow(col1, col2, cell_id)
+{
+  var tree = document.getElementById("info_list");
+  var item  = document.createElement("treeitem");
+  var row  = document.createElement("treerow");
+  var cell1 = document.createElement("treecell");
+  cell1.setAttribute("label", col1);
+  cell1.setAttribute("crop", "never");
+  row.appendChild(cell1);
+  var cell2 = document.createElement("treecell");
+  cell2.setAttribute("label", col2);
+  cell2.setAttribute("crop", "never");
+  cell2.setAttribute("id", cell_id);
+  row.appendChild(cell2);
+  item.appendChild(row);
+  tree.appendChild(item);
+}
+
+// log in to a slot
+function doLogin()
+{
+  getSelectedSlot();
+  // here's the workaround - login functions are with token
+  var selected_token = selected_slot.getToken();
+  try {
+    selected_token.login(false);
+    var tok_status = document.getElementById("tok_status");
+    if (selected_token.isLoggedIn()) {
+      tok_status.setAttribute("label", 
+                          bundle.GetStringFromName("devinfo_stat_loggedin"));
+    } else {
+      tok_status.setAttribute("label",
+                       bundle.GetStringFromName("devinfo_stat_notloggedin"));
+    }
+  } catch (e) {
+    alert("failed to login");
+  }
+  enableButtons();
+}
+
+// log out of a slot
+function doLogout()
+{
+  getSelectedSlot();
+  // here's the workaround - login functions are with token
+  var selected_token = selected_slot.getToken();
+  try {
+    selected_token.logout(false);
+    var tok_status = document.getElementById("tok_status");
+    if (selected_token.isLoggedIn()) {
+      tok_status.setAttribute("label", 
+                          bundle.GetStringFromName("devinfo_stat_loggedin"));
+    } else {
+      tok_status.setAttribute("label",
+                       bundle.GetStringFromName("devinfo_stat_notloggedin"));
+    }
+  } catch (e) {
+  }
+  enableButtons();
+}
+
+// load a new device
+function doLoad()
+{
+  window.open("load_device.xul", "loaddevice", 
+              "chrome,width=300,height=200,resizable=0,dialog=1");
+}
+
+function doUnload()
+{
+  // to be implemented by pkcs11 object
+}
+
+function changePassword()
+{
+  //window.open("changepassword.xul","pwchange", "chrome,width=300,height=350,resizable=0,modal=1,dialog=1");
+}
+
+// browse fs for PKCS#11 device
+function doBrowseFiles()
+{
+  var srbundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
+  var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
+  fp.init(window,
+          srbundle.GetStringFromName("loadPK11TokenDialog"),
+          nsIFilePicker.modeOpen);
+  fp.appendFilters(nsIFilePicker.filterAll);
+  if (fp.show() == nsIFilePicker.returnOK) {
+    var pathbox = document.getElementById("device_path");
+    pathbox.setAttribute("value", fp.file.persistentDescriptor);
+  }
+}
+
+function doLoadDevice()
+{
+  var tokdb = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
+  var name_box = document.getElementById("device_name");
+  var device_name = name_box.getAttribute("value");
+  var path_box = document.getElementById("device_path");
+  var device_path = path_box.getAttribute("value");
+  // to be implemented by pkcs11 object
+  window.close();
+}
+
+// -------------------------------------   Old code
+
+function showTokenInfo()
+{
+  ClearInfoList();
+  getSelectedToken();
+  AddInfoRow(bundle.GetStringFromName("devinfo_label"), 
+             selected_token.tokenLabel, "tok_label");
+  AddInfoRow(bundle.GetStringFromName("devinfo_manID"),
+             selected_token.tokenManID, "tok_manID");
+  AddInfoRow(bundle.GetStringFromName("devinfo_serialnum"), 
+             selected_token.tokenSerialNumber, "tok_sNum");
+  AddInfoRow(bundle.GetStringFromName("devinfo_hwversion"),
+             selected_token.tokenHWVersion, "tok_hwv");
+  AddInfoRow(bundle.GetStringFromName("devinfo_fwversion"),
+             selected_token.tokenFWVersion, "tok_fwv");
+}

security/manager/pki/resources/content/device_manager.xul

@@ -0,0 +1,122 @@
+<?xml version="1.0"?>
+<!-- 
+   - The contents of this file are subject to the Mozilla Public
+   - License Version 1.1 (the "License"); you may not use this file
+   - except in compliance with the License. You may obtain a copy of
+   - the License at http://www.mozilla.org/MPL/
+   - 
+   - Software distributed under the License is distributed on an "AS
+   - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+   - implied. See the License for the specific language governing
+   - rights and limitations under the License.
+   - 
+   - The Original Code is mozilla.org code.
+   - 
+   - The Initial Developer of the Original Code is Netscape
+   - Communications Corp.  Portions created by Netscape are
+   - Copyright (C) 2001 Netscape Communications Corp.  All
+   - Rights Reserved.
+   - 
+   - Contributor(s):
+   -   Bob Lord <lord@netscape.com>
+   -   Ian McGreer <mcgreer@netscape.com>
+  -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE window [
+<!ENTITY % deviceManangerDTD SYSTEM "chrome://pippki/locale/deviceManager.dtd">
+%deviceManangerDTD;
+<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
+%pippkiDTD;
+]>
+
+
+<window id="devicemanager" 
+	xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
+        title="&devmgr.title;"
+        persist="screenX screenY width height"
+        onload="LoadModules();">
+
+<script src="chrome://global/content/strres.js" />
+<script src="device_manager.js"/>
+
+<grid flex="1">
+  <columns>
+    <column flex="1"/> 
+    <column flex="1"/> 
+    <column flex="1"/> 
+  </columns>
+  <rows>
+    <row>
+      <box flex="1"> <!-- List of devices -->
+        <tree id="device_tree" rows="12" multiple="false"
+              onselect="enableButtons();" debug="false" 
+              flex="1" style="min-width:15em">
+          <treecolgroup> 
+            <treecol flex="1"/> 
+          </treecolgroup>
+          <treehead>
+            <treerow>
+              <treecell class="treecell-header" 
+                        label="&devmgr.devlist.label;"
+                        flex="1"/>
+            </treerow>
+          </treehead>
+          <treechildren id="device_list"/>
+        </tree>
+      </box> <!-- / List of devices -->
+      <box flex="1"> <!-- Device status -->
+        <tree id="info_tree" debug="false" rows="12" multiple="false" 
+              class="list" flex="1" style="min-width:10em">
+          <treecolgroup> 
+            <treecol flex="5"/> 
+            <treecol flex="7"/> 
+          </treecolgroup>
+          <treehead>
+            <treerow>
+              <treecell class="treecell-header"
+                        label="&devmgr.details.title;" flex="5"/>
+              <treecell class="treecell-header"
+                        label="&devmgr.details.title2;" flex="7"/>
+            </treerow>
+          </treehead>
+          <treechildren id="info_list"/>
+        </tree>
+      </box> <!-- / Device status -->
+      <vbox> <!-- Buttons for manipulating devices -->
+        <button id="change_slotname_button" 
+                label="&devmgr.button.changeslotname.label;"
+                disabled="true"/> 
+        <button id="login_button" 
+                label="&devmgr.button.login.label;"
+                onclick="doLogin();" disabled="true"/> 
+        <button id="logout_button" 
+                label="&devmgr.button.logout.label;"
+                onclick="doLogout();" disabled="true"/> 
+        <button id="change_pw_button" 
+                label="&devmgr.button.changepw.label;"
+                disabled="true"/> 
+        <!-- these are disabled until fully implemented -->
+        <button id="load_button" 
+                label="&devmgr.button.load.label;"
+                onclick="doLoad();" disabled="true"/> 
+        <button id="unload_button" 
+                label="&devmgr.button.unload.label;"
+                onclick="doUnload();" disabled="true"/> 
+      </vbox> <!-- / Buttons for manipulating devices -->
+    </row>
+    <row>
+      <box>
+        <button id="help_button" 
+                label="&help.label;" 
+                orient="horizontal" class="normal"/> 
+        <button id="ok_button" 
+                label="&ok.label;" 
+                orient="horizontal" class="normal" 
+                onclick="window.close();"/> 
+      </box>
+    </row>
+  </rows>
+</grid>
+</window>

security/manager/pki/resources/content/load_device.xul

@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<!-- 
+   - The contents of this file are subject to the Mozilla Public
+   - License Version 1.1 (the "License"); you may not use this file
+   - except in compliance with the License. You may obtain a copy of
+   - the License at http://www.mozilla.org/MPL/
+   - 
+   - Software distributed under the License is distributed on an "AS
+   - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+   - implied. See the License for the specific language governing
+   - rights and limitations under the License.
+   - 
+   - The Original Code is mozilla.org code.
+   - 
+   - The Initial Developer of the Original Code is Netscape
+   - Communications Corp.  Portions created by Netscape are
+   - Copyright (C) 2001 Netscape Communications Corp.  All
+   - Rights Reserved.
+   - 
+   - Contributor(s):
+   -   Bob Lord <lord@netscape.com>
+   -   Ian McGreer <mcgreer@netscape.com>
+  -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE window [
+<!ENTITY % deviceManangerDTD SYSTEM "chrome://pippki/locale/deviceManager.dtd">
+%deviceManangerDTD;
+<!ENTITY % pippkiDTD SYSTEM "chrome://pippki/locale/pippki.dtd" >
+%pippkiDTD;
+]>
+
+<window id="loaddevice" 
+	xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
+        title="&loaddevice.title;">
+
+  <script src="chrome://global/content/strres.js" />
+  <script src="device_manager.js"/>
+
+  <vbox>
+    <html>&loaddevice.info;</html>
+    <box>
+      <html>&loaddevice.modname;</html>
+      <textbox id="device_name" flex="1" value="&loaddevice.modname.default;"/>
+    </box>
+    <box>
+      <html>&loaddevice.filename;</html>
+      <textbox id="device_path" flex="1" oninput="doEnabling();"/>
+      <button label="&loaddevice.browse;" flex="1" onclick="doBrowseFiles();"/>
+    </box>
+    <box>
+      <button id="ok_button" 
+              label="&ok.label;" 
+              orient="horizontal" class="normal" 
+              onclick="doLoadDevice();"/> 
+      <button id="cancel_button" 
+              label="&cancel.label;" 
+              orient="horizontal" class="normal" 
+              onclick="window.close();"/> 
+    </box>
+  </vbox>
+
+</window>

security/manager/pki/resources/content/pref-security.js

@@ -56,3 +56,9 @@ function openCertManager()
                 'chrome,width=500,height=400,resizable=1');
 //  }
 }
+
+function openDeviceManager()
+{
+    window.open('chrome://pippki/content/device_manager.xul',  "devmgr",
+                'chrome,width=540,height=360,resizable=1');
+}

security/manager/pki/resources/content/pref-security.xul

@@ -85,9 +85,8 @@
 &managedevices.text;
 </html>
     <box halign="left" autostretch="never">
-      <button class="dialog" label="&managedevices.button;" disabled="true"
-        oncommand="window.openDialog('chrome://pip/content/device_manager.xul', '',
-                       'modal=yes,resizable,chrome');" />
+      <button class="dialog" label="&managedevices.button;" disabled="false"
+        oncommand="openDeviceManager();" />
     </box>
   </titledbox>
 

security/manager/pki/resources/jar.mn

@@ -35,6 +35,9 @@ pippki.jar:
     content/pippki/clientauthask.js			 (content/clientauthask.js)
     content/pippki/certViewer.xul            (content/certViewer.xul)
     content/pippki/certDump.xul              (content/certDump.xul)
+    content/pippki/device_manager.xul        (content/device_manager.xul)
+    content/pippki/device_manager.js         (content/device_manager.js)
+    content/pippki/load_device.xul           (content/load_device.xul)
     content/pippki/choosetoken.xul           (content/choosetoken.xul)
     content/pippki/choosetoken.js            (content/choosetoken.js)
     content/pippki/pref-validation.xul       (content/pref-validation.xul)
@@ -49,4 +52,5 @@ pippki.jar:
     locale/en-US/pippki/pref-security.dtd    (locale/en-US/pref-security.dtd)
     locale/en-US/pippki/PageInfoOverlay.dtd  (locale/en-US/PageInfoOverlay.dtd)
     locale/en-US/pippki/certManager.dtd      (locale/en-US/certManager.dtd)
+    locale/en-US/pippki/deviceManager.dtd    (locale/en-US/deviceManager.dtd)
     locale/en-US/pippki/pref-validation.dtd  (locale/en-US/pref-validation.dtd)

security/manager/pki/resources/locale/en-US/certManager.dtd

@@ -64,7 +64,7 @@
 <!ENTITY certmgr.deleteusercert.aftername "Once you have deleted this certificate, you will not be able to read mail that has been encrypted with it.">
 
 <!ENTITY certmgr.certname "Certificate Name">
-<!ENTITY certmgr.tokenname "Token Name">
+<!ENTITY certmgr.tokenname "Security Device">
 <!ENTITY certmgr.verified "Verified">
 <!ENTITY certmgr.purpose "Purpose">
 <!ENTITY certmgr.issued "Issued On">

security/manager/pki/resources/locale/en-US/deviceManager.dtd

@@ -0,0 +1,44 @@
+<!-- 
+   - The contents of this file are subject to the Mozilla Public
+   - License Version 1.1 (the "License"); you may not use this file
+   - except in compliance with the License. You may obtain a copy of
+   - the License at http://www.mozilla.org/MPL/
+   - 
+   - Software distributed under the License is distributed on an "AS
+   - IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+   - implied. See the License for the specific language governing
+   - rights and limitations under the License.
+   - 
+   - The Original Code is mozilla.org code.
+   - 
+   - The Initial Developer of the Original Code is Netscape
+   - Communications Corp.  Portions created by Netscape are
+   - Copyright (C) 2001 Netscape Communications Corp.  All
+   - Rights Reserved.
+   - 
+   - Contributor(s):
+   -   Ian McGreer <mcgreer@netscape.com>
+  -->
+
+<!ENTITY devmgr.title "Device Manager">
+
+<!ENTITY devmgr.devlist.label "Security Modules and Devices">
+<!ENTITY devmgr.details.title "Details">
+<!ENTITY devmgr.details.title2 "Value">
+<!ENTITY devmgr.status.label "Status">
+<!ENTITY devmgr.version.label "Version">
+
+<!ENTITY devmgr.button.changeslotname.label "Change Slot Name">
+<!ENTITY devmgr.button.login.label "Login">
+<!ENTITY devmgr.button.logout.label "Logout">
+<!ENTITY devmgr.button.changepw.label "Change Password">
+<!ENTITY devmgr.button.load.label "Load">
+<!ENTITY devmgr.button.unload.label "Unload">
+
+<!ENTITY loaddevice.info "Enter the information for the module you want to add.">
+<!ENTITY loaddevice.modname "Module Name:">
+<!ENTITY loaddevice.modname.default "New PKCS#11 Module">
+<!ENTITY loaddevice.filename "Module filename:">
+<!ENTITY loaddevice.browse "Browse...">
+
+<!ENTITY loaddevice.title "Load PKCS#11 Device">

security/manager/pki/resources/locale/en-US/pippki.properties

@@ -74,3 +74,19 @@ pageInfo_Privacy_Weak2=Low-grade encryption may allow some unauthorized people t
 #Cert Viewer
 certDetails=Certificate Details:
 notPresent=<Not Part Of Certificate>
+
+#Token Manager
+loadPK11TokenDialog=Choose a PKCS#11 device to load
+devinfo_label=Label
+devinfo_manID=Manufacturer
+devinfo_serialnum=Serial Number
+devinfo_hwversion=HW Version
+devinfo_fwversion=FW Version
+devinfo_status=Status
+devinfo_desc=Description
+devinfo_stat_disabled=Disabled
+devinfo_stat_notpresent=Not Present
+devinfo_stat_unitialized=Unitialized
+devinfo_stat_notloggedin=Not Logged In
+devinfo_stat_loggedin=Logged In
+devinfo_stat_ready=Ready

security/manager/ssl/public/nsIPK11TokenDB.idl

@@ -42,6 +42,12 @@ interface nsIPK11Token : nsISupports
    */
   readonly attribute wstring tokenName;
 
+  readonly attribute wstring tokenLabel;
+  readonly attribute wstring tokenManID;
+  readonly attribute wstring tokenHWVersion;
+  readonly attribute wstring tokenFWVersion;
+  readonly attribute wstring tokenSerialNumber;
+
   /*
    * Login information
    */
@@ -86,4 +92,6 @@ interface nsIPK11TokenDB : nsISupports
    * List all tokens
    */
   nsIEnumerator listTokens();
+
 };
+

security/manager/ssl/public/nsIPKCS11Slot.idl

@@ -34,11 +34,65 @@
  */
 
 #include "nsISupports.idl"
+#include "nsIEnumerator.idl"
+#include "nsIPK11TokenDB.idl"
+
+%{C++
+#define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1"
+%}
 
 [scriptable, uuid(c2d4f296-ee60-11d4-998b-00b0d02354a0)]
 interface nsIPKCS11Slot : nsISupports {
-  /*
-   * We'l add methods as we need them.
+
+  readonly attribute wstring name;
+  readonly attribute wstring desc;
+  readonly attribute wstring manID;
+  readonly attribute wstring HWVersion;
+  readonly attribute wstring FWVersion;
+
+  const unsigned long SLOT_DISABLED      = 0;
+  const unsigned long SLOT_NOT_PRESENT   = 1;
+  const unsigned long SLOT_UNINITIALIZED = 2;
+  const unsigned long SLOT_NOT_LOGGED_IN = 3;
+  const unsigned long SLOT_LOGGED_IN     = 4;
+  const unsigned long SLOT_READY         = 5;
+  readonly attribute unsigned long status;
+
+  /* This is really a workaround for now.  All of the "slot" functions
+   * (isTokenPresent(), etc.) are in nsIPK11Token.  For now, return the
+   * token and handle those things there.
    */
+  nsIPK11Token getToken();
+
+  /* more fun with workarounds - we're referring to everything by token name */
+  readonly attribute wstring tokenName;
+
+};
+
+[scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)]
+interface nsIPKCS11Module : nsISupports
+{
+
+  readonly attribute wstring name;
+  readonly attribute wstring libName;
+
+  nsIPKCS11Slot findSlotByName(in wstring name);
+
+  nsIEnumerator listSlots();
+
+};
+
+[scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)]
+interface nsIPKCS11ModuleDB : nsISupports
+{
+
+  nsIPKCS11Module getInternal();
+
+  nsIPKCS11Module getInternalFIPS();
+
+  nsIPKCS11Module findModuleByName(in wstring name);
+
+  nsIEnumerator listModules();
+
 };
 

security/manager/ssl/resources/locale/en-US/pipnss.properties

@@ -23,17 +23,17 @@
 # 
 
 SignedBy=Signed by %S
-CertPassPrompt=Please enter the Personal Security Password for the %S security device.
+CertPassPrompt=Please enter the master password for the %S.
 RootCertModuleName=Builtin Roots Module
 ManufacturerID=Mozilla.org
 LibraryDescription=PSM Internal Crypto Services
-TokenDescription=PSM Generic Crypto Services
-PrivateTokenDescription=PSM Private Keys
-SlotDescription=PSM Internal Cryptographic Services Version 4.0
-PrivateSlotDescription=PSM User Private Key and Certificate Services
+TokenDescription=Generic Crypto Services
+PrivateTokenDescription=Software Security Device
+SlotDescription=PSM Internal Cryptographic Services
+PrivateSlotDescription=PSM Private Keys
 FipsSlotDescription=PSM Internal FIPS-140-1 Cryptographic Services
 FipsPrivateSlotDescription=PSM FIPS-140-1 User Private Key Services
-InternalToken=Software Security Module
+InternalToken=Software Security Device
 VerifySSLClient=SSL Client Certificate
 VerifySSLServer=SSL Server Certificate
 VerifySSLStepUp=SSL Server with Step-up

security/manager/ssl/src/Makefile.in

@@ -63,6 +63,7 @@ CPPSRCS = 				\
 	nsNSSASN1Object.cpp		\
 	nsCertOutliner.cpp              \
 	nsKeygenHandler.cpp		\
+        nsPKCS11Slot.cpp                \
 	$(NULL)
 
 REQUIRES = nspr security xpcom string necko uriloader pref caps dom intl locale profile windowwatcher js docshell widget layout gfx2 pippki

security/manager/ssl/src/makefile.win

@@ -91,6 +91,7 @@ OBJS = \
     .\$(OBJDIR)\nsKeygenHandler.obj \
     .\$(OBJDIR)\nsCertOutliner.obj \
     .\$(OBJDIR)\nsNSSASN1Object.obj \
+    .\$(OBJDIR)\nsPKCS11Slot.obj \
     $(NULL)
 
 include <$(DEPTH)\config\rules.mak>

security/manager/ssl/src/nsNSSComponent.cpp

@@ -490,18 +490,17 @@ nsNSSComponent::Init()
 #endif
 
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Beginning NSS initialization\n"));
-  rv = InitializeNSS();
-  if (NS_FAILED(rv)) {
-    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS.\n"));
-    return rv;
-  }
-
   rv = InitializePIPNSSBundle();
   if (NS_FAILED(rv)) {
     PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to create pipnss bundle.\n"));
     return rv;
   }      
   ConfigureInternalPKCS11Token();
+  rv = InitializeNSS();
+  if (NS_FAILED(rv)) {
+    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS.\n"));
+    return rv;
+  }
   InstallLoadableRoots();
   RegisterCertContentListener();
   RegisterProfileChangeObserver();

security/manager/ssl/src/nsNSSModule.cpp

@@ -37,6 +37,7 @@
 #include "nsSDR.h"
 
 #include "nsPK11TokenDB.h"
+#include "nsPKCS11Slot.h"
 #include "nsNSSCertificate.h"
 #include "nsCertOutliner.h"
 
@@ -46,6 +47,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsPK11TokenDB)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsPKCS11ModuleDB)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertContentListener, init)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSCertificateDB)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertOutliner)
@@ -136,6 +138,13 @@ static nsModuleComponentInfo components[] =
     nsPK11TokenDBConstructor
   },
 
+  {
+    "PKCS11 Module Database",
+    NS_PKCS11MODULEDB_CID,
+    NS_PKCS11MODULEDB_CONTRACTID,
+    nsPKCS11ModuleDBConstructor
+  },
+
   {
     "Generic Certificate Content Handler",
     NS_CERTCONTENTLISTEN_CID,

security/manager/ssl/src/nsPK11TokenDB.cpp

@@ -25,29 +25,9 @@
 
 #include "nsPK11TokenDB.h"
 
-#include "nsCOMPtr.h"
-#include "nsISupportsArray.h"
-#include "nsString.h"
-#include "nsNSSHelper.h"
-#include "pk11func.h"
-
-class nsPK11Token : public nsIPK11Token
-{
-public:
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSIPK11TOKEN
-
-  nsPK11Token(PK11SlotInfo *slot);
-  virtual ~nsPK11Token();
-  /* additional members */
-
-private:
-  friend class nsPK11TokenDB;
-
-  nsString mTokenName;
-  PK11SlotInfo *mSlot;
-  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
-};
+#ifdef PR_LOGGING
+extern PRLogModuleInfo* gPIPNSSLog;
+#endif
 
 NS_IMPL_ISUPPORTS1(nsPK11Token, nsIPK11Token)
 
@@ -60,6 +40,33 @@ nsPK11Token::nsPK11Token(PK11SlotInfo *slot)
   
   mTokenName = NS_ConvertUTF8toUCS2(PK11_GetTokenName(slot));
 
+  SECStatus srv;
+
+  CK_TOKEN_INFO tok_info;
+  srv = PK11_GetTokenInfo(mSlot, &tok_info);
+  if (srv == SECSuccess) {
+    // Set the Label field
+    mTokenLabel.AssignWithConversion((char *)tok_info.label, 
+                                     sizeof(tok_info.label));
+    mTokenLabel.Trim(" ", PR_FALSE, PR_TRUE);
+    // Set the Manufacturer field
+    mTokenManID.AssignWithConversion((char *)tok_info.manufacturerID, 
+                                     sizeof(tok_info.manufacturerID));
+    mTokenManID.Trim(" ", PR_FALSE, PR_TRUE);
+    // Set the Hardware Version field
+    mTokenHWVersion.AppendInt(tok_info.hardwareVersion.major);
+    mTokenHWVersion.AppendWithConversion(".");
+    mTokenHWVersion.AppendInt(tok_info.hardwareVersion.minor);
+    // Set the Firmware Version field
+    mTokenFWVersion.AppendInt(tok_info.firmwareVersion.major);
+    mTokenFWVersion.AppendWithConversion(".");
+    mTokenFWVersion.AppendInt(tok_info.firmwareVersion.minor);
+    // Set the Serial Number field
+    mTokenSerialNum.AssignWithConversion((char *)tok_info.serialNumber, 
+                                         sizeof(tok_info.serialNumber));
+    mTokenSerialNum.Trim(" ", PR_FALSE, PR_TRUE);
+  }
+
   mUIContext = new PipUIContext();
 }
 
@@ -78,6 +85,46 @@ NS_IMETHODIMP nsPK11Token::GetTokenName(PRUnichar * *aTokenName)
   return NS_OK;
 }
 
+/* readonly attribute wstring tokenDesc; */
+NS_IMETHODIMP nsPK11Token::GetTokenLabel(PRUnichar **aTokLabel)
+{
+  *aTokLabel = mTokenLabel.ToNewUnicode();
+  if (!*aTokLabel) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring tokenManID; */
+NS_IMETHODIMP nsPK11Token::GetTokenManID(PRUnichar **aTokManID)
+{
+  *aTokManID = mTokenManID.ToNewUnicode();
+  if (!*aTokManID) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring tokenHWVersion; */
+NS_IMETHODIMP nsPK11Token::GetTokenHWVersion(PRUnichar **aTokHWVersion)
+{
+  *aTokHWVersion = mTokenHWVersion.ToNewUnicode();
+  if (!*aTokHWVersion) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring tokenFWVersion; */
+NS_IMETHODIMP nsPK11Token::GetTokenFWVersion(PRUnichar **aTokFWVersion)
+{
+  *aTokFWVersion = mTokenFWVersion.ToNewUnicode();
+  if (!*aTokFWVersion) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring tokenSerialNumber; */
+NS_IMETHODIMP nsPK11Token::GetTokenSerialNumber(PRUnichar **aTokSerialNum)
+{
+  *aTokSerialNum = mTokenSerialNum.ToNewUnicode();
+  if (!*aTokSerialNum) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
 /* boolean isLoggedIn (); */
 NS_IMETHODIMP nsPK11Token::IsLoggedIn(PRBool *_retval)
 {
@@ -110,11 +157,10 @@ nsPK11Token::Login(PRBool force)
 /* void logout (); */
 NS_IMETHODIMP nsPK11Token::Logout()
 {
-  nsresult rv = NS_OK;
-
+  // PK11_MapError sets CKR_USER_NOT_LOGGED_IN to SEC_ERROR_LIBRARY_FAILURE,
+  // so not going to learn anything here by a failure.  Treat it like void.
   PK11_Logout(mSlot);
-
-  return rv;
+  return NS_OK;
 }
 
 /* readonly attribute long minimumPasswordLength; */
@@ -185,6 +231,7 @@ NS_IMETHODIMP nsPK11Token::IsFriendly(PRBool *_retval)
 
   return rv;
 }
+
 /*=========================================================*/
 
 NS_IMPL_ISUPPORTS1(nsPK11TokenDB, nsIPK11TokenDB)
@@ -269,3 +316,4 @@ done:
   if (list) PK11_FreeSlotList(list);
   return rv;
 }
+

security/manager/ssl/src/nsPK11TokenDB.h

@@ -24,8 +24,33 @@
 #ifndef __NS_PK11TOKENDB_H__
 #define __NS_PK11TOKENDB_H__
 
+#include "nsCOMPtr.h"
+#include "nsString.h"
 #include "nsISupports.h"
 #include "nsIPK11TokenDB.h"
+#include "nsISupportsArray.h"
+#include "nsNSSHelper.h"
+#include "pk11func.h"
+
+class nsPK11Token : public nsIPK11Token
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPK11TOKEN
+
+  nsPK11Token(PK11SlotInfo *slot);
+  virtual ~nsPK11Token();
+  /* additional members */
+
+private:
+  friend class nsPK11TokenDB;
+
+  nsString mTokenName;
+  nsString mTokenLabel, mTokenManID, mTokenHWVersion, mTokenFWVersion;
+  nsString mTokenSerialNum;
+  PK11SlotInfo *mSlot;
+  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
+};
 
 class nsPK11TokenDB : public nsIPK11TokenDB
 {

security/manager/ssl/src/nsPKCS11Slot.cpp

@@ -0,0 +1,349 @@
+/*
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ * 
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ * 
+ * The Original Code is the Netscape security libraries.
+ * 
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are 
+ * Copyright (C) 2000 Netscape Communications Corporation.  All
+ * Rights Reserved.
+ * 
+ * Contributor(s):
+ *  Ian McGreer <mcgreer@netscape.com>
+ * 
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ *
+ */
+
+#include "nsPKCS11Slot.h"
+#include "nsPK11TokenDB.h"
+
+#include "nsCOMPtr.h"
+#include "nsISupportsArray.h"
+#include "nsString.h"
+
+#include "secmod.h"
+
+#ifdef PR_LOGGING
+extern PRLogModuleInfo* gPIPNSSLog;
+#endif
+
+NS_IMPL_ISUPPORTS1(nsPKCS11Slot, nsIPKCS11Slot)
+
+nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo *slot)
+{
+  NS_INIT_ISUPPORTS();
+  PK11_ReferenceSlot(slot);
+  mSlot = slot;
+
+  CK_SLOT_INFO slot_info;
+  if (PK11_GetSlotInfo(mSlot, &slot_info) == SECSuccess) {
+    // Set the Description field
+    mSlotDesc.AssignWithConversion((char *)slot_info.slotDescription, 
+                                   sizeof(slot_info.slotDescription));
+    mSlotDesc.Trim(" ", PR_FALSE, PR_TRUE);
+    // Set the Manufacturer field
+    mSlotManID.AssignWithConversion((char *)slot_info.manufacturerID, 
+                                    sizeof(slot_info.manufacturerID));
+    mSlotManID.Trim(" ", PR_FALSE, PR_TRUE);
+    // Set the Hardware Version field
+    mSlotHWVersion.AppendInt(slot_info.hardwareVersion.major);
+    mSlotHWVersion.AppendWithConversion(".");
+    mSlotHWVersion.AppendInt(slot_info.hardwareVersion.minor);
+    // Set the Firmware Version field
+    mSlotFWVersion.AppendInt(slot_info.firmwareVersion.major);
+    mSlotFWVersion.AppendWithConversion(".");
+    mSlotFWVersion.AppendInt(slot_info.firmwareVersion.minor);
+  }
+
+}
+
+nsPKCS11Slot::~nsPKCS11Slot()
+{
+  if (mSlot) PK11_FreeSlot(mSlot);
+}
+
+/* readonly attribute wstring name; */
+NS_IMETHODIMP 
+nsPKCS11Slot::GetName(PRUnichar **aName)
+{
+  char *csn = PK11_GetSlotName(mSlot);
+  if (strlen(csn) > 0) {
+    nsAutoString sn = NS_ConvertUTF8toUCS2(csn);
+    *aName = sn.ToNewUnicode();
+  } else if (PK11_HasRootCerts(mSlot)) {
+    // This is a workaround to an NSS bug - the root certs module has
+    // no slot name.  Not bothering to localize, because this is a workaround
+    // and for now all the slot names returned by NSS are char * anyway.
+    nsAutoString sn(NS_LITERAL_STRING("Root Certificates").get());
+    *aName = sn.ToNewUnicode();
+  } else {
+    // same as above, this is a catch-all
+    nsAutoString sn(NS_LITERAL_STRING("Unnamed Slot").get());
+    *aName = sn.ToNewUnicode();
+  }
+  if (!*aName) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring desc; */
+NS_IMETHODIMP 
+nsPKCS11Slot::GetDesc(PRUnichar **aDesc)
+{
+  *aDesc = mSlotDesc.ToNewUnicode();
+  if (!*aDesc) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring manID; */
+NS_IMETHODIMP 
+nsPKCS11Slot::GetManID(PRUnichar **aManID)
+{
+  *aManID = mSlotManID.ToNewUnicode();
+  if (!*aManID) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring HWVersion; */
+NS_IMETHODIMP 
+nsPKCS11Slot::GetHWVersion(PRUnichar **aHWVersion)
+{
+  *aHWVersion = mSlotHWVersion.ToNewUnicode();
+  if (!*aHWVersion) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* readonly attribute wstring FWVersion; */
+NS_IMETHODIMP 
+nsPKCS11Slot::GetFWVersion(PRUnichar **aFWVersion)
+{
+  *aFWVersion = mSlotFWVersion.ToNewUnicode();
+  if (!*aFWVersion) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+/* nsIPK11Token getToken (); */
+NS_IMETHODIMP 
+nsPKCS11Slot::GetToken(nsIPK11Token **_retval)
+{
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot);
+  if (!token)
+    return NS_ERROR_OUT_OF_MEMORY;
+  *_retval = token;
+  NS_ADDREF(*_retval);
+  return NS_OK;
+}
+
+/* readonly attribute wstring tokenName; */
+NS_IMETHODIMP 
+nsPKCS11Slot::GetTokenName(PRUnichar **aName)
+{
+  nsAutoString tn = NS_ConvertUTF8toUCS2(PK11_GetTokenName(mSlot));
+  *aName = tn.ToNewUnicode();
+  if (!*aName) return NS_ERROR_OUT_OF_MEMORY;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetStatus(PRUint32 *_retval)
+{
+  if (PK11_IsDisabled(mSlot))
+    *_retval = SLOT_DISABLED;
+  else if (!PK11_IsPresent(mSlot))
+    *_retval = SLOT_NOT_PRESENT;
+  else if (PK11_NeedLogin(mSlot) && PK11_NeedUserInit(mSlot))
+    *_retval = SLOT_UNINITIALIZED;
+  else if (PK11_NeedLogin(mSlot) && !PK11_IsLoggedIn(mSlot, NULL))
+    *_retval = SLOT_NOT_LOGGED_IN;
+  else if (PK11_NeedLogin(mSlot))
+    *_retval = SLOT_LOGGED_IN;
+  else
+    *_retval = SLOT_READY;
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS1(nsPKCS11Module, nsIPKCS11Module)
+
+nsPKCS11Module::nsPKCS11Module(SECMODModule *module)
+{
+  NS_INIT_ISUPPORTS();
+  SECMOD_ReferenceModule(module);
+  mModule = module;
+}
+
+nsPKCS11Module::~nsPKCS11Module()
+{
+  SECMOD_DestroyModule(mModule);
+}
+
+/* readonly attribute wstring name; */
+NS_IMETHODIMP 
+nsPKCS11Module::GetName(PRUnichar **aName)
+{
+  nsAutoString mn = NS_ConvertUTF8toUCS2(mModule->commonName);
+  *aName = mn.ToNewUnicode();
+  return NS_OK;
+}
+
+/* readonly attribute wstring libName; */
+NS_IMETHODIMP 
+nsPKCS11Module::GetLibName(PRUnichar **aName)
+{
+  nsAutoString ln = NS_ConvertUTF8toUCS2(mModule->dllName);
+  *aName = ln.ToNewUnicode();
+  return NS_OK;
+}
+
+/*  nsIPKCS11Slot findSlotByName(in wstring name); */
+NS_IMETHODIMP 
+nsPKCS11Module::FindSlotByName(const PRUnichar *aName,
+                               nsIPKCS11Slot **_retval)
+{
+  char *asciiname = NULL;
+  asciiname = NS_ConvertUCS2toUTF8(aName).ToNewCString();
+  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
+  PK11SlotInfo *slotinfo = SECMOD_FindSlot(mModule, asciiname);
+  if (!slotinfo) {
+    // XXX *sigh*  if token is present, SECMOD_FindSlot goes by token
+    // name (huh?)  reimplement it here for the fun of it.
+    for (int i=0; i<mModule->slotCount; i++) {
+      if (nsCRT::strcmp(asciiname, PK11_GetSlotName(mModule->slots[i])) == 0) {
+        slotinfo = PK11_ReferenceSlot(mModule->slots[i]);
+      }
+    }
+    if (!slotinfo) {
+      // XXX another workaround - the builtin module has no name
+      if (nsCRT::strcmp(asciiname, "Root Certificates") == 0) {
+        slotinfo = PK11_ReferenceSlot(mModule->slots[0]);
+      } else {
+        // give up
+        nsMemory::Free(asciiname);
+        return NS_ERROR_FAILURE;
+      }
+    }
+  }
+  nsMemory::Free(asciiname);
+  nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotinfo);
+  if (!slot)
+    return NS_ERROR_OUT_OF_MEMORY;
+  *_retval = slot;
+  NS_ADDREF(*_retval);
+  return NS_OK;
+}
+
+/* nsIEnumerator listSlots (); */
+NS_IMETHODIMP 
+nsPKCS11Module::ListSlots(nsIEnumerator **_retval)
+{
+  nsresult rv = NS_OK;
+  int i;
+  /* get isupports array */
+  nsCOMPtr<nsISupportsArray> array;
+  rv = NS_NewISupportsArray(getter_AddRefs(array));
+  if (NS_FAILED(rv)) return rv;
+  for (i=0; i<mModule->slotCount; i++) {
+    if (mModule->slots[i]) {
+      nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
+      array->AppendElement(slot);
+    }
+  }
+  rv = array->Enumerate(_retval);
+  return rv;
+}
+
+NS_IMPL_ISUPPORTS1(nsPKCS11ModuleDB, nsIPKCS11ModuleDB)
+
+nsPKCS11ModuleDB::nsPKCS11ModuleDB()
+{
+  NS_INIT_ISUPPORTS();
+}
+
+nsPKCS11ModuleDB::~nsPKCS11ModuleDB()
+{
+}
+
+/* nsIPKCS11Module getInternal (); */
+NS_IMETHODIMP 
+nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
+{
+  nsCOMPtr<nsIPKCS11Module> module = 
+     new nsPKCS11Module(SECMOD_GetInternalModule());
+  if (!module)
+    return NS_ERROR_OUT_OF_MEMORY;
+  *_retval = module;
+  NS_ADDREF(*_retval);
+  return NS_OK;
+}
+
+/* nsIPKCS11Module getInternalFIPS (); */
+NS_IMETHODIMP 
+nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
+{
+  nsCOMPtr<nsIPKCS11Module> module = 
+     new nsPKCS11Module(SECMOD_GetFIPSInternal());
+  if (!module)
+    return NS_ERROR_OUT_OF_MEMORY;
+  *_retval = module;
+  NS_ADDREF(*_retval);
+  return NS_OK;
+}
+
+/* nsIPKCS11Module findModuleByName(in wstring name); */
+NS_IMETHODIMP 
+nsPKCS11ModuleDB::FindModuleByName(const PRUnichar *aName,
+                                   nsIPKCS11Module **_retval)
+{
+  SECMODModule *mod =
+    SECMOD_FindModule(NS_CONST_CAST(char *, NS_ConvertUCS2toUTF8(aName).get()));
+  if (!mod)
+    return NS_ERROR_FAILURE;
+  nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(mod);
+  if (!module)
+    return NS_ERROR_OUT_OF_MEMORY;
+  *_retval = module;
+  NS_ADDREF(*_retval);
+  return NS_OK;
+}
+
+/* nsIEnumerator listModules (); */
+NS_IMETHODIMP 
+nsPKCS11ModuleDB::ListModules(nsIEnumerator **_retval)
+{
+  nsresult rv = NS_OK;
+  /* get isupports array */
+  nsCOMPtr<nsISupportsArray> array;
+  rv = NS_NewISupportsArray(getter_AddRefs(array));
+  if (NS_FAILED(rv)) return rv;
+  /* get the default list of modules */
+  SECMODModuleList *list = SECMOD_GetDefaultModuleList();
+  /* lock down the list for reading */
+  SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
+  SECMOD_GetReadLock(lock);
+  while (list) {
+    nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
+    array->AppendElement(module);
+    list = list->next;
+  }
+  SECMOD_ReleaseReadLock(lock);
+  rv = array->Enumerate(_retval);
+  return rv;
+}
+

security/manager/ssl/src/nsPKCS11Slot.h

@@ -0,0 +1,75 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 2001 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *   Ian McGreer <mcgreer@netscape.com>
+ */
+
+#ifndef __NS_PKCS11SLOT_H__
+#define __NS_PKCS11SLOT_H__
+
+#include "nsISupports.h"
+#include "nsIPKCS11Slot.h"
+#include "nsString.h"
+#include "pk11func.h"
+
+class nsPKCS11Slot : public nsIPKCS11Slot
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11SLOT
+
+  nsPKCS11Slot(PK11SlotInfo *slot);
+  virtual ~nsPKCS11Slot();
+
+private:
+
+  PK11SlotInfo *mSlot;
+  nsString mSlotDesc, mSlotManID, mSlotHWVersion, mSlotFWVersion;
+};
+
+class nsPKCS11Module : public nsIPKCS11Module
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULE
+
+  nsPKCS11Module(SECMODModule *module);
+  virtual ~nsPKCS11Module();
+
+private:
+  SECMODModule *mModule;
+};
+
+class nsPKCS11ModuleDB : public nsIPKCS11ModuleDB
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULEDB
+
+  nsPKCS11ModuleDB();
+  virtual ~nsPKCS11ModuleDB();
+  /* additional members */
+};
+
+#define NS_PKCS11MODULEDB_CID \
+{ 0xff9fbcd7, 0x9517, 0x4334, \
+  { 0xb9, 0x7a, 0xce, 0xed, 0x78, 0x90, 0x99, 0x74 }}
+
+#endif