mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-14 22:05:44 +00:00
Download and manage CRLs. Bug# 58233, r=javi@netscape.com, sr=blizzard@mozilla.org
This commit is contained in:
parent
89993c6a77
commit
090cc567ac
104
security/manager/pki/resources/content/crlManager.js
Normal file
104
security/manager/pki/resources/content/crlManager.js
Normal file
@ -0,0 +1,104 @@
|
||||
/*
|
||||
* The contents of this file are subject to the Mozilla Public
|
||||
* License Version 1.1 (the "License"); you may not use this file
|
||||
* except in compliance with the License. You may obtain a copy of
|
||||
* the License at http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS
|
||||
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
||||
* implied. See the License for the specific language governing
|
||||
* rights and limitations under the License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is Netscape
|
||||
* Communications Corporation. Portions created by Netscape are
|
||||
* Copyright (C) 2001 Netscape Communications Corporation. All
|
||||
* Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* David Drinan <ddrinan@netscape.com>
|
||||
*/
|
||||
|
||||
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
|
||||
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
|
||||
const nsICrlEntry = Components.interfaces.nsICrlEntry;
|
||||
const nsISupportsArray = Components.interfaces.nsISupportsArray;
|
||||
|
||||
var certdb;
|
||||
var crls;
|
||||
|
||||
function onLoad()
|
||||
{
|
||||
var crlEntry;
|
||||
var i;
|
||||
|
||||
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
|
||||
crls = certdb.getCrls();
|
||||
|
||||
for (i=0; i<crls.Count(); i++) {
|
||||
crlEntry = crls.GetElementAt(i).QueryInterface(nsICrlEntry);
|
||||
var name = crlEntry.name;
|
||||
var lastUpdate = crlEntry.lastUpdate;
|
||||
var nextUpdate = crlEntry.nextUpdate;
|
||||
AddItem("crlList", [name, lastUpdate, nextUpdate], "crltree_", i);
|
||||
}
|
||||
}
|
||||
|
||||
function AddItem(children,cells,prefix,idfier)
|
||||
{
|
||||
var kids = document.getElementById(children);
|
||||
var item = document.createElement("treeitem");
|
||||
var row = document.createElement("treerow");
|
||||
for(var i = 0; i < cells.length; i++)
|
||||
{
|
||||
var cell = document.createElement("treecell");
|
||||
cell.setAttribute("class", "propertylist");
|
||||
cell.setAttribute("label", cells[i])
|
||||
row.appendChild(cell);
|
||||
}
|
||||
item.appendChild(row);
|
||||
item.setAttribute("id",prefix + idfier);
|
||||
kids.appendChild(item);
|
||||
}
|
||||
|
||||
function DeleteCrlSelected() {
|
||||
var crlEntry;
|
||||
|
||||
// delete selected item
|
||||
var crltree = document.getElementById("crltree");
|
||||
var i = crltree.selectedIndex;
|
||||
|
||||
// Delete it
|
||||
certdb.deleteCrl(i);
|
||||
DeleteItemSelected("crltree", "crltree_", "crlList");
|
||||
if( !crltree.selectedItems.length ) {
|
||||
if( !document.getElementById("deleteCrl").disabled ) {
|
||||
document.getElementById("deleteCrl").setAttribute("disabled", "true")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function EnableCrlActions() {
|
||||
document.getElementById("deleteCrl").removeAttribute("disabled", "true");
|
||||
// document.getElementById("updateCrl").removeAttribute("disabled", "true");
|
||||
}
|
||||
|
||||
function DeleteItemSelected(tree, prefix, kids) {
|
||||
var i;
|
||||
var delnarray = [];
|
||||
var rv = "";
|
||||
var cookietree = document.getElementById(tree);
|
||||
var selitems = cookietree.selectedItems;
|
||||
for(i = 0; i < selitems.length; i++)
|
||||
{
|
||||
delnarray[i] = document.getElementById(selitems[i].getAttribute("id"));
|
||||
var itemid = parseInt(selitems[i].getAttribute("id").substring(prefix.length,selitems[i].getAttribute("id").length));
|
||||
rv += (itemid + ",");
|
||||
}
|
||||
for(i = 0; i < delnarray.length; i++)
|
||||
{
|
||||
document.getElementById(kids).removeChild(delnarray[i]);
|
||||
}
|
||||
return rv;
|
||||
}
|
78
security/manager/pki/resources/content/crlManager.xul
Normal file
78
security/manager/pki/resources/content/crlManager.xul
Normal file
@ -0,0 +1,78 @@
|
||||
<?xml version="1.0"?>
|
||||
<!--
|
||||
The contents of this file are subject to the Netscape Public
|
||||
License Version 1.1 (the "License"); you may not use this file
|
||||
except in compliance with the License. You may obtain a copy of
|
||||
the License at http://www.mozilla.org/NPL/
|
||||
|
||||
Software distributed under the License is distributed on an "AS
|
||||
IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
||||
implied. See the License for the specific language governing
|
||||
rights and limitations under the License.
|
||||
|
||||
The Original Code is Mozilla Communicator client code, released
|
||||
March 31, 1998.
|
||||
|
||||
The Initial Developer of the Original Code is Netscape
|
||||
Communications Corporation. Portions created by Netscape are
|
||||
Copyright (C) 1998-1999 Netscape Communications Corporation. All
|
||||
Rights Reserved.
|
||||
|
||||
Contributor(s):
|
||||
David Drinan (ddrinan@netscape.com)
|
||||
-->
|
||||
|
||||
<!-- CHANGE THIS WHEN MOVING FILES -->
|
||||
<?xml-stylesheet href="chrome://communicator/skin/" type="text/css"?>
|
||||
<?xul-overlay href="chrome://global/content/dialogOverlay.xul"?>
|
||||
|
||||
<!-- CHANGE THIS WHEN MOVING FILES -->
|
||||
<!DOCTYPE window SYSTEM "chrome://pippki/locale/pref-validation.dtd">
|
||||
|
||||
<window id="crlviewer"
|
||||
class="dialog"
|
||||
title="&validation.crlmanager.label;"
|
||||
xmlns:html="http://www.w3.org/1999/xhtml"
|
||||
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
|
||||
style="width: 30em;"
|
||||
orient="vertical"
|
||||
onload="onLoad()">
|
||||
|
||||
<script src="chrome://global/content/strres.js"/>
|
||||
<script src="crlManager.js"/>
|
||||
|
||||
<text class="label" value="&validation.crlmanager.label;"/>
|
||||
<separator class="thin"/>
|
||||
<tree id="crltree" class="inset" style="height: 10em;"
|
||||
multiple="false" onclick="EnableCrlActions()" flex="1">
|
||||
<treecolgroup>
|
||||
<treecol flex="4" width="0"/>
|
||||
<splitter class="tree-splitter"/>
|
||||
<treecol flex="2" width="0"/>
|
||||
<splitter class="tree-splitter"/>
|
||||
<treecol flex="2" width="0"/>
|
||||
</treecolgroup>
|
||||
<treehead>
|
||||
<treerow>
|
||||
<treecell class="treecell-header sortDirectionIndicator"
|
||||
label="&validation.crlname.label;"
|
||||
/>
|
||||
<treecell class="treecell-header
|
||||
sortDirectionIndicator"
|
||||
label="&validation.crllastupdate.label;"
|
||||
/>
|
||||
<treecell class="treecell-header
|
||||
sortDirectionIndicator"
|
||||
label="&validation.crlnextupdate.label;"
|
||||
/>
|
||||
</treerow>
|
||||
</treehead>
|
||||
<treechildren id="crlList" flex="1"/>
|
||||
</tree>
|
||||
<box>
|
||||
<button id="deleteCrl" class="dialog push" disabled="true"
|
||||
label="&validation.deletecrl.label;"
|
||||
oncommand="DeleteCrlSelected();"/>
|
||||
</box>
|
||||
<separator class="thin"/>
|
||||
</window>
|
@ -84,3 +84,10 @@ function changeURL()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function openCrlManager()
|
||||
{
|
||||
window.open('chrome://pippki/content/crlManager.xul', "",
|
||||
'chrome,width=500,height=400,resizable=1');
|
||||
}
|
||||
|
||||
|
@ -48,11 +48,14 @@
|
||||
<!-- Fancy panel header -->
|
||||
<box class="box-smallheader" title="&validation.title;" description="&validation.description;"/>
|
||||
|
||||
<!--
|
||||
<titledbox orient="horizontal">
|
||||
<titledbox orient="vertical">
|
||||
<label value="&validation.crl.label;"/>
|
||||
<html> &validation.crl.description; </html>
|
||||
<box halign="left" autostretch="never">
|
||||
<button class="dialog" label="&validation.managecrls.button;" disabled="false"
|
||||
oncommand="openCrlManager();" />
|
||||
</box>
|
||||
</titledbox>
|
||||
-->
|
||||
|
||||
<titledbox orient="vertical" autostretch="never" >
|
||||
<label value="&validation.ocsp.label;"/>
|
||||
|
@ -44,6 +44,8 @@ pippki.jar:
|
||||
content/pippki/escrowWarn.js (content/escrowWarn.js)
|
||||
content/pippki/pref-validation.xul (content/pref-validation.xul)
|
||||
content/pippki/pref-validation.js (content/pref-validation.js)
|
||||
content/pippki/crlManager.xul (content/crlManager.xul)
|
||||
content/pippki/crlManager.js (content/crlManager.js)
|
||||
locale/en-US/pippki/contents.rdf (locale/en-US/contents.rdf)
|
||||
locale/en-US/pippki/pippki.dtd (locale/en-US/pippki.dtd)
|
||||
locale/en-US/pippki/pref-ssl.dtd (locale/en-US/pref-ssl.dtd)
|
||||
|
@ -24,9 +24,17 @@
|
||||
<!ENTITY validation.description "Settings for Validation">
|
||||
|
||||
<!ENTITY validation.crl.label "CRL">
|
||||
<!ENTITY validation.crl.description "Use the CRL Manager to manage the Certificate Revocation Lists (CRL) that are stored in your certificate database.">
|
||||
<!ENTITY validation.managecrls.button "Manage CRLs...">
|
||||
<!ENTITY validation.crlmanager.label "Manage CRLs">
|
||||
<!ENTITY validation.crlname.label "Name">
|
||||
<!ENTITY validation.crllastupdate.label "Last Update">
|
||||
<!ENTITY validation.crlnextupdate.label "Next Update">
|
||||
<!ENTITY validation.deletecrl.label "Delete">
|
||||
<!ENTITY validation.updatecrl.label "Update">
|
||||
|
||||
<!ENTITY validation.ocsp.label "OCSP">
|
||||
<!ENTITY validation.ocsp.description "&brandShortName; can use Online Certificate Status Protocol(OCSP) to verify certificates. Set &brandShortName; to use OCSP as follows:">
|
||||
<!ENTITY validation.ocsp.description "&brandShortName; can use Online Certificate Status Protocol (OCSP) to verify certificates. Set &brandShortName; to use OCSP as follows:">
|
||||
<!ENTITY disableOCSP.label "Do not use OCSP for certificate validation">
|
||||
<!ENTITY certOCSP.label "Use OCSP to validate only cerificates that specify on OCSP service URL">
|
||||
<!ENTITY proxyOCSP.label "Use OCSP to validate all certificates using the URL and signer specified here:">
|
||||
|
@ -35,15 +35,12 @@
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
%{C++
|
||||
#include "nsString.h"
|
||||
%}
|
||||
|
||||
interface nsISupportsArray;
|
||||
interface nsIX509Cert;
|
||||
interface nsIPK11Token;
|
||||
interface nsILocalFile;
|
||||
interface nsIInterfaceRequestor;
|
||||
interface nsIURI;
|
||||
|
||||
%{C++
|
||||
|
||||
@ -70,6 +67,12 @@ interface nsIOCSPResponder : nsISupports {
|
||||
readonly attribute wstring serviceURL;
|
||||
};
|
||||
|
||||
[scriptable, uuid(c185d920-4a3e-11d5-ba27-00108303b117)]
|
||||
interface nsICrlEntry : nsISupports {
|
||||
readonly attribute wstring name;
|
||||
readonly attribute wstring lastUpdate;
|
||||
readonly attribute wstring nextUpdate;
|
||||
};
|
||||
|
||||
[scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]
|
||||
interface nsIX509CertDB : nsISupports {
|
||||
@ -196,5 +199,29 @@ interface nsIX509CertDB : nsISupports {
|
||||
*/
|
||||
nsISupportsArray getOCSPResponders();
|
||||
|
||||
};
|
||||
/*
|
||||
* importCrl
|
||||
*
|
||||
* Import a CRL into the database.
|
||||
*/
|
||||
[noscript] void importCrl(in charPtr data,
|
||||
in unsigned long length,
|
||||
in nsIURI uri,
|
||||
in PRUint32 type);
|
||||
|
||||
/*
|
||||
* getCrls
|
||||
*
|
||||
* Get a list of Crl entries in the DB.
|
||||
*/
|
||||
nsISupportsArray getCrls();
|
||||
|
||||
/*
|
||||
* deleteCrl
|
||||
*
|
||||
* Delete the crl.
|
||||
*/
|
||||
void deleteCrl(in PRUint32 crlIndex);
|
||||
|
||||
};
|
||||
|
||||
|
@ -32,7 +32,7 @@
|
||||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: nsNSSCertificate.cpp,v 1.25 2001/05/15 23:15:08 javi%netscape.com Exp $
|
||||
* $Id: nsNSSCertificate.cpp,v 1.26 2001/05/19 01:20:17 ddrinan%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#include "prmem.h"
|
||||
@ -53,6 +53,7 @@
|
||||
#include "nsIDateTimeFormat.h"
|
||||
#include "nsDateTimeFormatCID.h"
|
||||
#include "nsILocaleService.h"
|
||||
#include "nsIURI.h"
|
||||
|
||||
#include "nspr.h"
|
||||
extern "C" {
|
||||
@ -64,6 +65,7 @@ extern "C" {
|
||||
#include "secasn1.h"
|
||||
#include "secder.h"
|
||||
}
|
||||
#include "ssl.h"
|
||||
#include "ocsp.h"
|
||||
|
||||
#ifdef PR_LOGGING
|
||||
@ -2864,3 +2866,231 @@ nsNSSCertificateDB::getCertType(CERTCertificate *cert)
|
||||
return nsIX509Cert::UNKNOWN_CERT;
|
||||
}
|
||||
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::ImportCrl (char *aData, PRUint32 aLength, nsIURI * aURI, PRUint32 aType)
|
||||
{
|
||||
PRArenaPool *arena = NULL;
|
||||
CERTCertificate *caCert;
|
||||
SECItem derName = { siBuffer, NULL, 0 };
|
||||
SECItem derCrl;
|
||||
CERTSignedData sd;
|
||||
SECStatus sec_rv;
|
||||
CERTSignedCrl *crl;
|
||||
nsXPIDLCString url;
|
||||
aURI->GetSpec(getter_Copies(url));
|
||||
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
if (!arena) {
|
||||
goto loser;
|
||||
}
|
||||
memset(&sd, 0, sizeof(sd));
|
||||
|
||||
derCrl.data = (unsigned char*)aData;
|
||||
derCrl.len = aLength;
|
||||
sec_rv = CERT_KeyFromDERCrl(arena, &derCrl, &derName);
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
caCert = CERT_FindCertByName(CERT_GetDefaultCertDB(), &derName);
|
||||
if (!caCert) {
|
||||
if (aType == SEC_KRL_TYPE){
|
||||
goto loser;
|
||||
}
|
||||
} else {
|
||||
sec_rv = SEC_ASN1DecodeItem(arena,
|
||||
&sd, CERT_SignedDataTemplate,
|
||||
&derCrl);
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
sec_rv = CERT_VerifySignedData(&sd, caCert, PR_Now(),
|
||||
nsnull);
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
}
|
||||
|
||||
crl = SEC_NewCrl(CERT_GetDefaultCertDB(), (char*)url.get(), &derCrl,
|
||||
aType);
|
||||
if (!crl) {
|
||||
goto loser;
|
||||
}
|
||||
SSL_ClearSessionCache();
|
||||
SEC_DestroyCrl(crl);
|
||||
return NS_OK;
|
||||
loser:
|
||||
return NS_ERROR_FAILURE;;
|
||||
}
|
||||
|
||||
/* Header file */
|
||||
class nsCrlEntry : public nsICrlEntry
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSICRLENTRY
|
||||
|
||||
nsCrlEntry();
|
||||
nsCrlEntry(const PRUnichar*, const PRUnichar*, const PRUnichar*);
|
||||
virtual ~nsCrlEntry();
|
||||
/* additional members */
|
||||
private:
|
||||
nsString mName;
|
||||
nsString mLastUpdate;
|
||||
nsString mNextUpdate;
|
||||
};
|
||||
|
||||
/* Implementation file */
|
||||
NS_IMPL_ISUPPORTS1(nsCrlEntry, nsICrlEntry)
|
||||
|
||||
nsCrlEntry::nsCrlEntry()
|
||||
{
|
||||
NS_INIT_ISUPPORTS();
|
||||
/* member initializers and constructor code */
|
||||
}
|
||||
|
||||
nsCrlEntry::nsCrlEntry(const PRUnichar * aName, const PRUnichar * aLastUpdate, const PRUnichar *aNextUpdate)
|
||||
{
|
||||
NS_INIT_ISUPPORTS();
|
||||
mName.Assign(aName);
|
||||
mLastUpdate.Assign(aLastUpdate);
|
||||
mNextUpdate.Assign(aNextUpdate);
|
||||
}
|
||||
|
||||
nsCrlEntry::~nsCrlEntry()
|
||||
{
|
||||
/* destructor code */
|
||||
}
|
||||
|
||||
/* readonly attribute */
|
||||
NS_IMETHODIMP nsCrlEntry::GetName(PRUnichar** aName)
|
||||
{
|
||||
NS_ENSURE_ARG(aName);
|
||||
*aName = mName.ToNewUnicode();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/* readonly attribute */
|
||||
NS_IMETHODIMP nsCrlEntry::GetLastUpdate(PRUnichar** aLastUpdate)
|
||||
{
|
||||
NS_ENSURE_ARG(aLastUpdate);
|
||||
*aLastUpdate = mLastUpdate.ToNewUnicode();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/* readonly attribute */
|
||||
NS_IMETHODIMP nsCrlEntry::GetNextUpdate(PRUnichar** aNextUpdate)
|
||||
{
|
||||
NS_ENSURE_ARG(aNextUpdate);
|
||||
*aNextUpdate = mNextUpdate.ToNewUnicode();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
/*
|
||||
* getCRLs
|
||||
*
|
||||
* Export a set of certs and keys from the database to a PKCS#12 file.
|
||||
*/
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::GetCrls(nsISupportsArray ** aCrls)
|
||||
{
|
||||
SECStatus sec_rv;
|
||||
CERTCrlHeadNode *head = nsnull;
|
||||
CERTCrlNode *node = nsnull;
|
||||
CERTCertificate *caCert = nsnull;
|
||||
nsAutoString name;
|
||||
nsAutoString nextUpdate;
|
||||
nsAutoString lastUpdate;
|
||||
PRTime tmpDate;
|
||||
nsCOMPtr<nsISupportsArray> crlsArray;
|
||||
nsresult rv;
|
||||
rv = NS_NewISupportsArray(getter_AddRefs(crlsArray));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIDateTimeFormat> dateFormatter =
|
||||
do_CreateInstance(kDateTimeFormatCID, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
// Get the list of certs //
|
||||
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (head) {
|
||||
for (node=head->first; node != nsnull; node = node->next) {
|
||||
// Get the information we need here //
|
||||
|
||||
// Name (this is the OU of the CA)
|
||||
caCert = CERT_FindCertByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName));
|
||||
if (caCert) {
|
||||
char *orgunit = CERT_GetOrgUnitName(&caCert->subject);
|
||||
if (orgunit) {
|
||||
name = NS_ConvertASCIItoUCS2(orgunit);
|
||||
}
|
||||
}
|
||||
|
||||
// Last Update time
|
||||
sec_rv = DER_UTCTimeToTime(&tmpDate, &(node->crl->crl.lastUpdate));
|
||||
if (sec_rv == SECSuccess) {
|
||||
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
|
||||
tmpDate, lastUpdate);
|
||||
}
|
||||
|
||||
// Next update time
|
||||
sec_rv = DER_UTCTimeToTime(&tmpDate, &(node->crl->crl.nextUpdate));
|
||||
if (sec_rv == SECSuccess) {
|
||||
dateFormatter->FormatPRTime(nsnull, kDateFormatShort, kTimeFormatNone,
|
||||
tmpDate, nextUpdate);
|
||||
}
|
||||
nsCOMPtr<nsICrlEntry> entry = new nsCrlEntry(name.get(), lastUpdate.get(), nextUpdate.get());
|
||||
crlsArray->AppendElement(entry);
|
||||
}
|
||||
PORT_FreeArena(head->arena, PR_FALSE);
|
||||
}
|
||||
|
||||
*aCrls = crlsArray;
|
||||
NS_IF_ADDREF(*aCrls);
|
||||
return NS_OK;
|
||||
loser:
|
||||
return NS_ERROR_FAILURE;;
|
||||
}
|
||||
|
||||
/*
|
||||
* deletetCrl
|
||||
*
|
||||
* Delete a Crl entry from the cert db.
|
||||
*/
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::DeleteCrl(PRUint32 aCrlIndex)
|
||||
{
|
||||
CERTSignedCrl *realCrl = nsnull;
|
||||
CERTCrlHeadNode *head = nsnull;
|
||||
CERTCrlNode *node = nsnull;
|
||||
SECStatus sec_rv;
|
||||
PRUint32 i;
|
||||
|
||||
// Get the list of certs //
|
||||
sec_rv = SEC_LookupCrls(CERT_GetDefaultCertDB(), &head, -1);
|
||||
if (sec_rv != SECSuccess) {
|
||||
goto loser;
|
||||
}
|
||||
|
||||
if (head) {
|
||||
for (i = 0, node=head->first; node != nsnull; i++, node = node->next) {
|
||||
if (i != aCrlIndex) {
|
||||
continue;
|
||||
}
|
||||
realCrl = SEC_FindCrlByName(CERT_GetDefaultCertDB(), &(node->crl->crl.derName), node->type);
|
||||
SEC_DeletePermCRL(realCrl);
|
||||
SEC_DestroyCrl(realCrl);
|
||||
SSL_ClearSessionCache();
|
||||
}
|
||||
PORT_FreeArena(head->arena, PR_FALSE);
|
||||
}
|
||||
return NS_OK;
|
||||
loser:
|
||||
return NS_ERROR_FAILURE;;
|
||||
}
|
||||
|
@ -102,12 +102,12 @@ nsNSSComponent::nsNSSComponent()
|
||||
|
||||
nsNSSComponent::~nsNSSComponent()
|
||||
{
|
||||
if (mCertContentListener) {
|
||||
if (mPSMContentListener) {
|
||||
nsresult rv = NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIURILoader> dispatcher(do_GetService(NS_URI_LOADER_CONTRACTID));
|
||||
if (dispatcher) {
|
||||
rv = dispatcher->UnRegisterContentListener(mCertContentListener);
|
||||
rv = dispatcher->UnRegisterContentListener(mPSMContentListener);
|
||||
}
|
||||
}
|
||||
if (mPref)
|
||||
@ -325,14 +325,14 @@ nsNSSComponent::InitializePIPNSSBundle()
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsNSSComponent::RegisterCertContentListener()
|
||||
nsNSSComponent::RegisterPSMContentListener()
|
||||
{
|
||||
nsresult rv = NS_OK;
|
||||
if (!mCertContentListener) {
|
||||
if (!mPSMContentListener) {
|
||||
nsCOMPtr<nsIURILoader> dispatcher(do_GetService(NS_URI_LOADER_CONTRACTID));
|
||||
if (dispatcher) {
|
||||
mCertContentListener = do_CreateInstance(NS_CERTCONTENTLISTEN_CONTRACTID);
|
||||
rv = dispatcher->RegisterContentListener(mCertContentListener);
|
||||
mPSMContentListener = do_CreateInstance(NS_PSMCONTENTLISTEN_CONTRACTID);
|
||||
rv = dispatcher->RegisterContentListener(mPSMContentListener);
|
||||
}
|
||||
}
|
||||
return rv;
|
||||
@ -502,7 +502,7 @@ nsNSSComponent::Init()
|
||||
return rv;
|
||||
}
|
||||
InstallLoadableRoots();
|
||||
RegisterCertContentListener();
|
||||
RegisterPSMContentListener();
|
||||
RegisterProfileChangeObserver();
|
||||
return rv;
|
||||
}
|
||||
@ -754,30 +754,30 @@ setPassword(PK11SlotInfo *slot, nsIInterfaceRequestor *ctx)
|
||||
// Implementation of an nsIInterfaceRequestor for use
|
||||
// as context for NSS calls
|
||||
//
|
||||
class CertDownloaderContext : public nsIInterfaceRequestor
|
||||
class PSMContentDownloaderContext : public nsIInterfaceRequestor
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
|
||||
CertDownloaderContext();
|
||||
virtual ~CertDownloaderContext();
|
||||
PSMContentDownloaderContext();
|
||||
virtual ~PSMContentDownloaderContext();
|
||||
|
||||
};
|
||||
|
||||
NS_IMPL_ISUPPORTS1(CertDownloaderContext, nsIInterfaceRequestor)
|
||||
NS_IMPL_ISUPPORTS1(PSMContentDownloaderContext, nsIInterfaceRequestor)
|
||||
|
||||
CertDownloaderContext::CertDownloaderContext()
|
||||
PSMContentDownloaderContext::PSMContentDownloaderContext()
|
||||
{
|
||||
NS_INIT_ISUPPORTS();
|
||||
}
|
||||
|
||||
CertDownloaderContext::~CertDownloaderContext()
|
||||
PSMContentDownloaderContext::~PSMContentDownloaderContext()
|
||||
{
|
||||
}
|
||||
|
||||
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
|
||||
NS_IMETHODIMP CertDownloaderContext::GetInterface(const nsIID & uuid, void * *result)
|
||||
NS_IMETHODIMP PSMContentDownloaderContext::GetInterface(const nsIID & uuid, void * *result)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
@ -805,27 +805,35 @@ NS_IMETHODIMP CertDownloaderContext::GetInterface(const nsIID & uuid, void * *re
|
||||
return rv;
|
||||
}
|
||||
|
||||
class CertDownloader : public nsIStreamListener
|
||||
class PSMContentDownloader : public nsIStreamListener
|
||||
{
|
||||
public:
|
||||
CertDownloader() {NS_ASSERTION(PR_FALSE, "don't use this constructor."); }
|
||||
CertDownloader(PRUint32 type);
|
||||
virtual ~CertDownloader();
|
||||
PSMContentDownloader() {NS_ASSERTION(PR_FALSE, "don't use this constructor."); }
|
||||
PSMContentDownloader(PRUint32 type);
|
||||
virtual ~PSMContentDownloader();
|
||||
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSIREQUESTOBSERVER
|
||||
NS_DECL_NSISTREAMLISTENER
|
||||
|
||||
enum {UNKNOWN_TYPE = 0};
|
||||
enum {X509_CA_CERT = 1};
|
||||
enum {X509_USER_CERT = 2};
|
||||
enum {X509_EMAIL_CERT = 3};
|
||||
enum {X509_SERVER_CERT = 4};
|
||||
enum {PKCS7_CRL = 5};
|
||||
|
||||
protected:
|
||||
char* mByteData;
|
||||
PRInt32 mBufferOffset;
|
||||
PRInt32 mContentLength;
|
||||
PRUint32 mType;
|
||||
nsCOMPtr<nsISecurityManagerComponent> mNSS;
|
||||
nsCOMPtr<nsIURI> mURI;
|
||||
};
|
||||
|
||||
|
||||
CertDownloader::CertDownloader(PRUint32 type)
|
||||
PSMContentDownloader::PSMContentDownloader(PRUint32 type)
|
||||
: mByteData(nsnull),
|
||||
mType(type)
|
||||
{
|
||||
@ -834,25 +842,28 @@ CertDownloader::CertDownloader(PRUint32 type)
|
||||
mNSS = do_GetService(PSM_COMPONENT_CONTRACTID);
|
||||
}
|
||||
|
||||
CertDownloader::~CertDownloader()
|
||||
PSMContentDownloader::~PSMContentDownloader()
|
||||
{
|
||||
if (mByteData)
|
||||
nsMemory::Free(mByteData);
|
||||
}
|
||||
|
||||
/*NS_IMPL_ISUPPORTS1(CertDownloader, nsIStreamListener);*/
|
||||
NS_IMPL_ISUPPORTS(CertDownloader,NS_GET_IID(nsIStreamListener));
|
||||
NS_IMPL_ISUPPORTS(PSMContentDownloader,NS_GET_IID(nsIStreamListener));
|
||||
|
||||
const PRInt32 kDefaultCertAllocLength = 2048;
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertDownloader::OnStartRequest(nsIRequest* request, nsISupports* context)
|
||||
PSMContentDownloader::OnStartRequest(nsIRequest* request, nsISupports* context)
|
||||
{
|
||||
nsresult rv;
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertDownloader::OnStartRequest\n"));
|
||||
nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
|
||||
if (!channel) return NS_ERROR_FAILURE;
|
||||
|
||||
// Get the URI //
|
||||
channel->GetURI(getter_AddRefs(mURI));
|
||||
|
||||
rv = channel->GetContentLength(&mContentLength);
|
||||
if (rv != NS_OK || mContentLength == -1)
|
||||
mContentLength = kDefaultCertAllocLength;
|
||||
@ -866,7 +877,7 @@ CertDownloader::OnStartRequest(nsIRequest* request, nsISupports* context)
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertDownloader::OnDataAvailable(nsIRequest* request,
|
||||
PSMContentDownloader::OnDataAvailable(nsIRequest* request,
|
||||
nsISupports* context,
|
||||
nsIInputStream *aIStream,
|
||||
PRUint32 aSourceOffset,
|
||||
@ -905,7 +916,7 @@ CertDownloader::OnDataAvailable(nsIRequest* request,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertDownloader::OnStopRequest(nsIRequest* request,
|
||||
PSMContentDownloader::OnStopRequest(nsIRequest* request,
|
||||
nsISupports* context,
|
||||
nsresult aStatus)
|
||||
{
|
||||
@ -914,10 +925,10 @@ CertDownloader::OnStopRequest(nsIRequest* request,
|
||||
nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
|
||||
|
||||
nsresult rv;
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new CertDownloaderContext();
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new PSMContentDownloaderContext();
|
||||
|
||||
switch (mType) {
|
||||
case nsIX509Cert::CA_CERT:
|
||||
case PSMContentDownloader::X509_CA_CERT:
|
||||
{
|
||||
nsCOMPtr<nsIX509Cert> cert = new nsNSSCertificate(mByteData, mBufferOffset);
|
||||
if (certdb == nsnull)
|
||||
@ -935,8 +946,11 @@ CertDownloader::OnStopRequest(nsIRequest* request,
|
||||
|
||||
return certdb->ImportCertificate(cert, mType, trust, nsnull);
|
||||
}
|
||||
case nsIX509Cert::USER_CERT:
|
||||
case PSMContentDownloader::X509_USER_CERT:
|
||||
return certdb->ImportUserCertificate(mByteData, mBufferOffset, ctx);
|
||||
break;
|
||||
case PSMContentDownloader::PKCS7_CRL:
|
||||
return certdb->ImportCrl(mByteData, mBufferOffset, mURI, SEC_CRL_TYPE);
|
||||
default:
|
||||
rv = NS_ERROR_FAILURE;
|
||||
break;
|
||||
@ -955,43 +969,45 @@ loser:
|
||||
*/
|
||||
|
||||
PRUint32
|
||||
getPSMCertType(const char * aContentType)
|
||||
getPSMContentType(const char * aContentType)
|
||||
{
|
||||
if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
|
||||
return nsIX509Cert::CA_CERT;
|
||||
return PSMContentDownloader::X509_CA_CERT;
|
||||
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
|
||||
return nsIX509Cert::SERVER_CERT;
|
||||
return PSMContentDownloader::X509_SERVER_CERT;
|
||||
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
|
||||
return nsIX509Cert::USER_CERT;
|
||||
return PSMContentDownloader::X509_USER_CERT;
|
||||
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
|
||||
return nsIX509Cert::EMAIL_CERT;
|
||||
return nsIX509Cert::UNKNOWN_CERT;
|
||||
return PSMContentDownloader::X509_EMAIL_CERT;
|
||||
else if (!nsCRT::strcasecmp(aContentType, "application/x-pkcs7-crl"))
|
||||
return PSMContentDownloader::PKCS7_CRL;
|
||||
return PSMContentDownloader::UNKNOWN_TYPE;
|
||||
}
|
||||
|
||||
|
||||
NS_IMPL_ISUPPORTS2(CertContentListener,
|
||||
NS_IMPL_ISUPPORTS2(PSMContentListener,
|
||||
nsIURIContentListener,
|
||||
nsISupportsWeakReference);
|
||||
|
||||
CertContentListener::CertContentListener()
|
||||
PSMContentListener::PSMContentListener()
|
||||
{
|
||||
NS_INIT_REFCNT();
|
||||
mLoadCookie = nsnull;
|
||||
mParentContentListener = nsnull;
|
||||
}
|
||||
|
||||
CertContentListener::~CertContentListener()
|
||||
PSMContentListener::~PSMContentListener()
|
||||
{
|
||||
}
|
||||
|
||||
nsresult
|
||||
CertContentListener::init()
|
||||
PSMContentListener::init()
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::OnStartURIOpen(nsIURI *aURI, PRBool *aAbortOpen)
|
||||
PSMContentListener::OnStartURIOpen(nsIURI *aURI, PRBool *aAbortOpen)
|
||||
{
|
||||
//if we don't want to handle the URI, return PR_TRUE in
|
||||
//*aAbortOpen
|
||||
@ -999,7 +1015,7 @@ CertContentListener::OnStartURIOpen(nsIURI *aURI, PRBool *aAbortOpen)
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::GetProtocolHandler(nsIURI *aURI,
|
||||
PSMContentListener::GetProtocolHandler(nsIURI *aURI,
|
||||
nsIProtocolHandler **aProtocolHandler)
|
||||
{
|
||||
*aProtocolHandler = nsnull;
|
||||
@ -1007,7 +1023,7 @@ CertContentListener::GetProtocolHandler(nsIURI *aURI,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::IsPreferred(const char * aContentType,
|
||||
PSMContentListener::IsPreferred(const char * aContentType,
|
||||
nsURILoadCommand aCommand,
|
||||
char ** aDesiredContentType,
|
||||
PRBool * aCanHandleContent)
|
||||
@ -1017,13 +1033,13 @@ CertContentListener::IsPreferred(const char * aContentType,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::CanHandleContent(const char * aContentType,
|
||||
PSMContentListener::CanHandleContent(const char * aContentType,
|
||||
nsURILoadCommand aCommand,
|
||||
char ** aDesiredContentType,
|
||||
PRBool * aCanHandleContent)
|
||||
{
|
||||
PRUint32 type;
|
||||
type = getPSMCertType(aContentType);
|
||||
type = getPSMContentType(aContentType);
|
||||
if (type == nsIX509Cert::UNKNOWN_CERT) {
|
||||
*aCanHandleContent = PR_FALSE;
|
||||
} else {
|
||||
@ -1033,18 +1049,18 @@ CertContentListener::CanHandleContent(const char * aContentType,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::DoContent(const char * aContentType,
|
||||
PSMContentListener::DoContent(const char * aContentType,
|
||||
nsURILoadCommand aCommand,
|
||||
nsIRequest * aRequest,
|
||||
nsIStreamListener ** aContentHandler,
|
||||
PRBool * aAbortProcess)
|
||||
{
|
||||
CertDownloader *downLoader;
|
||||
PSMContentDownloader *downLoader;
|
||||
PRUint32 type;
|
||||
type = getPSMCertType(aContentType);
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("CertContentListener::DoContent\n"));
|
||||
type = getPSMContentType(aContentType);
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("PSMContentListener::DoContent\n"));
|
||||
if (type != nsIX509Cert::UNKNOWN_CERT) {
|
||||
downLoader = new CertDownloader(type);
|
||||
downLoader = new PSMContentDownloader(type);
|
||||
if (downLoader) {
|
||||
downLoader->QueryInterface(NS_GET_IID(nsIStreamListener),
|
||||
(void **)aContentHandler);
|
||||
@ -1055,7 +1071,7 @@ CertContentListener::DoContent(const char * aContentType,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::GetLoadCookie(nsISupports * *aLoadCookie)
|
||||
PSMContentListener::GetLoadCookie(nsISupports * *aLoadCookie)
|
||||
{
|
||||
*aLoadCookie = mLoadCookie;
|
||||
NS_IF_ADDREF(*aLoadCookie);
|
||||
@ -1063,14 +1079,14 @@ CertContentListener::GetLoadCookie(nsISupports * *aLoadCookie)
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::SetLoadCookie(nsISupports * aLoadCookie)
|
||||
PSMContentListener::SetLoadCookie(nsISupports * aLoadCookie)
|
||||
{
|
||||
mLoadCookie = aLoadCookie;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::GetParentContentListener(nsIURIContentListener ** aContentListener)
|
||||
PSMContentListener::GetParentContentListener(nsIURIContentListener ** aContentListener)
|
||||
{
|
||||
*aContentListener = mParentContentListener;
|
||||
NS_IF_ADDREF(*aContentListener);
|
||||
@ -1078,7 +1094,7 @@ CertContentListener::GetParentContentListener(nsIURIContentListener ** aContentL
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
CertContentListener::SetParentContentListener(nsIURIContentListener * aContentListener)
|
||||
PSMContentListener::SetParentContentListener(nsIURIContentListener * aContentListener)
|
||||
{
|
||||
mParentContentListener = aContentListener;
|
||||
return NS_OK;
|
||||
|
@ -52,8 +52,8 @@
|
||||
{0xd4b49dd6, 0x1dd1, 0x11b2, \
|
||||
{ 0xb6, 0xfe, 0xb1, 0x4c, 0xfa, 0xf6, 0x9c, 0xbd }}
|
||||
|
||||
#define NS_CERTCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
|
||||
#define NS_CERTCONTENTLISTEN_CONTRACTID "@mozilla.org/security/certdownload;1"
|
||||
#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
|
||||
#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
|
||||
|
||||
|
||||
class NS_NO_VTABLE nsINSSComponent : public nsISupports {
|
||||
@ -107,13 +107,13 @@ private:
|
||||
nsresult InitializePIPNSSBundle();
|
||||
nsresult ConfigureInternalPKCS11Token();
|
||||
char * GetPK11String(const PRUnichar *name, PRUint32 len);
|
||||
nsresult RegisterCertContentListener();
|
||||
nsresult RegisterPSMContentListener();
|
||||
nsresult RegisterProfileChangeObserver();
|
||||
static int PrefChangedCallback(const char* aPrefName, void* data);
|
||||
void PrefChanged(const char* aPrefName);
|
||||
|
||||
nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
|
||||
nsCOMPtr<nsIURIContentListener> mCertContentListener;
|
||||
nsCOMPtr<nsIURIContentListener> mPSMContentListener;
|
||||
nsCOMPtr<nsIPref> mPref;
|
||||
static PRBool mNSSInitialized;
|
||||
};
|
||||
@ -122,11 +122,11 @@ private:
|
||||
// Now we need a content listener to register
|
||||
//--------------------------------------------
|
||||
|
||||
class CertContentListener : public nsIURIContentListener,
|
||||
class PSMContentListener : public nsIURIContentListener,
|
||||
public nsSupportsWeakReference {
|
||||
public:
|
||||
CertContentListener();
|
||||
virtual ~CertContentListener();
|
||||
PSMContentListener();
|
||||
virtual ~PSMContentListener();
|
||||
nsresult init();
|
||||
|
||||
NS_DECL_ISUPPORTS
|
||||
|
@ -52,7 +52,7 @@ NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPK11TokenDB)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPKCS11ModuleDB)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertContentListener, init)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSCertificateDB)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertOutliner)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCrypto)
|
||||
@ -154,9 +154,9 @@ static nsModuleComponentInfo components[] =
|
||||
|
||||
{
|
||||
"Generic Certificate Content Handler",
|
||||
NS_CERTCONTENTLISTEN_CID,
|
||||
NS_CERTCONTENTLISTEN_CONTRACTID,
|
||||
CertContentListenerConstructor
|
||||
NS_PSMCONTENTLISTEN_CID,
|
||||
NS_PSMCONTENTLISTEN_CONTRACTID,
|
||||
PSMContentListenerConstructor
|
||||
},
|
||||
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user