mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-13 05:15:45 +00:00
b=106587 FIPS enabled mode fails when Master PWD is not set.
r=javi/cotter sr=shaver
This commit is contained in:
parent
90b7eea68f
commit
07bda86df6
@ -411,6 +411,23 @@ function showTokenInfo()
|
||||
|
||||
function toggleFIPS()
|
||||
{
|
||||
if (!secmoddb.isFIPSEnabled) {
|
||||
// A restriction of FIPS mode is, the password must be set
|
||||
// In FIPS mode the password must be non-empty.
|
||||
// This is different from what we allow in NON-Fips mode.
|
||||
|
||||
var tokendb = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
|
||||
var internal_token = tokendb.getInternalKeyToken(); // nsIPK11Token
|
||||
var slot = secmoddb.findSlotByName(internal_token.tokenName);
|
||||
switch (slot.status) {
|
||||
case nsIPKCS11Slot.SLOT_UNINITIALIZED:
|
||||
case nsIPKCS11Slot.SLOT_READY:
|
||||
// Token has either no or an empty password.
|
||||
alert(bundle.GetStringFromName("fips_nonempty_password_required"));
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
secmoddb.toggleFIPSMode();
|
||||
//Remove the existing listed modules so that re-fresh doesn't
|
||||
//display the module that just changed.
|
||||
|
@ -176,16 +176,26 @@ function setPassword()
|
||||
// This makes no sense that we arrive here,
|
||||
// we reached a case that should have been prevented by checkPasswords.
|
||||
} else {
|
||||
token.changePassword(oldpw, pw1.value);
|
||||
if (pw1.value == "") {
|
||||
alert(bundle.GetStringFromName("pw_erased_ok")
|
||||
+ " "
|
||||
+ bundle.GetStringFromName("pw_empty_warning"));
|
||||
} else {
|
||||
alert(bundle.GetStringFromName("pw_change_ok"));
|
||||
var secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
|
||||
if (secmoddb.isFIPSEnabled) {
|
||||
// empty passwords are not allowed in FIPS mode
|
||||
alert(bundle.GetStringFromName("pw_change2empty_in_fips_mode"));
|
||||
passok = 0;
|
||||
}
|
||||
}
|
||||
if (passok) {
|
||||
token.changePassword(oldpw, pw1.value);
|
||||
if (pw1.value == "") {
|
||||
alert(bundle.GetStringFromName("pw_erased_ok")
|
||||
+ " "
|
||||
+ bundle.GetStringFromName("pw_empty_warning"));
|
||||
} else {
|
||||
alert(bundle.GetStringFromName("pw_change_ok"));
|
||||
}
|
||||
success = true;
|
||||
}
|
||||
}
|
||||
success = true;
|
||||
} else {
|
||||
oldpwbox.focus();
|
||||
oldpwbox.setAttribute("value", "");
|
||||
|
@ -122,6 +122,7 @@ pw_change_ok=Master Password successfully changed.
|
||||
pw_erased_ok=Warning! You have deleted your Master Password.
|
||||
pw_not_wanted=Warning! You have decided not to use a Master Password.
|
||||
pw_empty_warning=Your stored web and email passwords, form data, and private keys will not be protected.
|
||||
pw_change2empty_in_fips_mode=You are currently in FIPS mode. FIPS requires a non-empty Master Password.
|
||||
login_failed=Failed to Login
|
||||
loadPK11TokenDialog=Choose a PKCS#11 device to load
|
||||
devinfo_modname=Module
|
||||
@ -141,6 +142,7 @@ devinfo_stat_loggedin=Logged In
|
||||
devinfo_stat_ready=Ready
|
||||
enable_fips=Enable FIPS
|
||||
disable_fips=Disable FIPS
|
||||
fips_nonempty_password_required=FIPS mode requires that you have a Master Password set for each security device. Please set the password before trying to enable FIPS mode.
|
||||
|
||||
certmgr.verified=Verified
|
||||
certmgr.verifiedNoOCSP=Verified (No OCSP)
|
||||
|
Loading…
Reference in New Issue
Block a user