Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-18 06:45:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

preliminary checkin of certificate manager

Browse Source
This commit is contained in:
mcgreer%netscape.com 2001-03-07 19:24:12 +00:00
parent 75275b086f
commit 33891979ac
24 changed files with 953 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
security/manager/pki/resources/content/CAOverlay.xul Normal file
View File

@ -0,0 +1,83 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
- Contributor(s):
- Bob Lord <lord@netscape.com>
- Ian McGreer <mcgreer@netscape.com>
-->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE window SYSTEM "chrome://pippki/locale/certManager.dtd">
<overlay id="CAOverlay"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cert="http://netscape.com/rdf-cert#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<box id="CACerts" orient="vertical" flex="0" height="100">
<tree id="treeset" debug="false" flex="0"
height="100" onselect="enableButtons()">
<treecolgroup>
<treecol flex="1"/>
</treecolgroup>
<treechildren>
<treeitem container="true" open="true" flex="1">
<!--
<treehead>
-->
<treerow>
<treecell value="&certmgr.builtinstab;" flex="1"/>
</treerow>
<!--
</treehead>
-->
<treechildren id="builtins" flex="1" />
</treeitem>
<treeitem container="true" open="true" flex="1">
<!--
<treehead>
-->
<treerow>
<treecell value="&certmgr.mycastab;" flex="1"/>
</treerow>
<!--
</treehead>
-->
<treechildren id="mycas" flex="1" />
</treeitem>
</treechildren>
</tree>
<box orient="horizontal">
<button id="viewButton" class="normal"
value="&certmgr.view.label;" orient="horizontal"
disabled="true" onclick="viewCerts();"/>
<button id="editButton" class="normal"
value="&certmgr.edit.label;" orient="horizontal"
disabled="true" onclick="viewCerts();"/>
<button id="deleteButton" class="normal"
value="&certmgr.delete.label;" orient="horizontal"
disabled="true" onclick="deleteCerts();"/>
<button id="addButton" class="normal"
value="&certmgr.add.label;" orient="horizontal"
disabled="true" onclick="deleteCerts();"/>
</box>
</box>
</overlay>

3
security/manager/pki/resources/content/SecurityPrefs.js
View File

@ -48,5 +48,6 @@ function onLoad()
function openCertManager()
{
alert('this will eventually open the cert manager');
window.open('chrome://pippki/content/certManager.xul', "",
'chrome,width=500,height=400,resizable=1');
}

2
security/manager/pki/resources/content/SecurityPrefs.xul
View File

@ -1,3 +1,4 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
@ -33,7 +34,6 @@
- may use your version of this file under either the MPL or the
- GPL.
-->
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://communicator/skin/" type="text/css"?>
<?xml-stylesheet href="chrome://communicator/skin/dialogOverlay.css" type="text/css"?>

155
security/manager/pki/resources/content/certManager.js Normal file
View File

@ -0,0 +1,155 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Bob Lord <lord@netscape.com>
* Ian McGreer <mcgreer@netscape.com>
*/
function AddItem(children, cells, prefix, idfier)
{
var kids = document.getElementById(children);
var item = document.createElement("treeitem");
var row = document.createElement("treerow");
for (var i=0; i<cells.length; i++) {
var cell = document.createElement("treecell");
cell.setAttribute("class", "propertylist");
cell.setAttribute("value", cells[i]);
row.appendChild(cell);
}
item.appendChild(row);
item.setAttribute("id", prefix + idfier);
kids.appendChild(item);
}
function LoadCertNames()
{
certmgr = Components
.classes["@mozilla.org/security/certmanager;1"]
.createInstance();
certmgr = certmgr.QueryInterface(Components
.interfaces
.nsICertificateManager);
certNameList = certmgr.getCertNicknames(1);
if (certNameList.length > 0) {
var delim = certNameList[0];
certNameList = certNameList.split(delim);
certNameList.sort();
}
var nb = 0;
var nm = 0;
for (var i=1; i<certNameList.length; i++) {
var certname = certNameList[i];
var certname = certNameList[i];
var ti = certname.indexOf(":");
var token = "";
if (ti > 0) {
token = certname.substring(0, ti);
certname = certname.substring(ti+1, certname.length);
}
if (token == "Builtin Object Token") {
AddItem("builtins", [certname], "builtin_", nb);
nb++;
} else {
AddItem("mycas", [certname], "myca_", nm);
nm++;
}
}
}
function enableButtons()
{
var tree = document.getElementById('treeset');
var items = tree.selectedItems;
var toggle="true";
if (items.length == 0) {
toggle="true";
} else {
toggle="false";
}
/*
var enablebackupbutton=document.getElementById('backupButton');
enablebackupbutton.setAttribute("disabled",toggle);
*/
var enableViewButton=document.getElementById('viewButton');
enableViewButton.setAttribute("disabled",toggle);
var enableDeleteButton=document.getElementById('deleteButton');
enableDeleteButton.setAttribute("disabled",toggle);
}
function doBackup()
{
var tree = document.getElementById('treeset');
var items = tree.selectedItems;
if (items.length==0){
// alert("No items are selected.");
return;
} else {
txt="(Insert real dialog box here)\nYou want to view these certificates:\n\n";
for (t=0; t<items.length; t++) {
txt += items[t].firstChild.firstChild.getAttribute('value')+'\n';
}
alert(txt);
}
}
function doBackupAll()
{
// Select all rows, then call doBackup()
var tree = document.getElementById('treeset');
tree.selectAll();
doBackup();
}
function changePassword()
{
// window.open("changepassword.xul","pwchange", "chrome,width=300,height=350,resizable=0,modal=1,dialog=1");
}
function deleteCerts()
{
var tree = document.getElementById('treeset');
var items = tree.selectedItems;
if (items.length == 0) alert("No items are selected.");
else {
txt = "You want to delete these certificates:\n\n";
for (t=0; t<items.length; t++){
txt+=items[t].firstChild.firstChild.getAttribute('value')+'\n';
}
alert(txt);
}
}
function viewCerts()
{
var tree = document.getElementById('treeset');
var items = tree.selectedItems;
if (items.length == 0) {
alert("No items are selected.");
return;
} else {
for (t=0; t<items.length; t++){
windowName=items[t].firstChild.firstChild.getAttribute('value');
window.open('chrome://pippki/content/viewCertDetails.xul',
windowName,
'chrome,width=500,height=400,resizable=1');
}
}
}

85
security/manager/pki/resources/content/certManager.xul Normal file
View File

@ -0,0 +1,85 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
- Contributor(s):
- Bob Lord <lord@netscape.com>
- Ian McGreer <mcgreer@netscape.com>
-->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<?xul-overlay href="chrome://global/content/dialogOverlay.xul"?>
<!-- XXX
<?xul-overlay href="mycertsOverlay.xul"?>
<?xul-overlay href="othercertsOverlay.xul"?>
<?xul-overlay href="webcertsOverlay.xul"?>
-->
<?xul-overlay href="chrome://pippki/content/CAOverlay.xul"?>
<!DOCTYPE window SYSTEM "chrome://pippki/locale/certManager.dtd">
<window id="certmanager"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
style="width: 30em;"
title="&certmgr.title;"
debug="0"
onload="LoadCertNames()">
<script src="certManager.js"/>
<grid flex="1">
<column flex="1"/>
<rows>
<row flex="1">
<tabcontrol flex="0" orient="vertical">
<tabbox orient="horizontal">
<!--
<tab value="My Certificates"/>
<tab value="Other People's Certificates"/>
<tab value="Web Site Certificates"/>
-->
<tab value="&certmgr.catab;" selected="true"/>
</tabbox>
<tabpanel flex="1">
<!--
<box id="myCerts" flex="1"/>
<box id="othersCerts" flex="1"/>
<box id="webCerts"/>
-->
<box id="CACerts" flex="1"/>
</tabpanel>
</tabcontrol>
</row>
<row>
<box orient="horizontal" flex="1">
<button id="HelpButton" class="normal"
value="&certmgr.help.label;"
orient="horizontal" accesskey="h" />
<button id="closeButton" class="normal"
value="&certmgr.close.label;"
orient="horizontal" accesskey="c"
onclick="window.close();"
onkeypress="window.close();"/>
</box>
</row>
</rows>
</grid>
</window>

25
security/manager/pki/resources/content/viewCertDetails.js Normal file
View File

@ -0,0 +1,25 @@
function setWindowName()
{
myName = self.name;
// alert(myName);
var windowReference=document.getElementById('certDetails');
windowReference.setAttribute("title","Certificate Detail: "+myName);
certmgr = Components
.classes["@mozilla.org/security/certmanager;1"]
.createInstance();
certmgr = certmgr.QueryInterface(Components
.interfaces
.nsICertificateManager);
cnstr = certmgr.getCertCN(myName);
var cn=document.getElementById('commonname');
cn.setAttribute("value", cnstr);
// for now
orgstr = certmgr.getCertCN(myName);
var org=document.getElementById('organization');
org.setAttribute("value", orgstr);
oustr = certmgr.getCertCN(myName);
var ou=document.getElementById('orgunit');
ou.setAttribute("value", oustr);
}

98
security/manager/pki/resources/content/viewCertDetails.xul Normal file
View File

@ -0,0 +1,98 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
- Contributor(s):
- Bob Lord <lord@netscape.com>
- Ian McGreer <mcgreer@netscape.com>
-->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE window SYSTEM "chrome://pippki/locale/certManager.dtd">
<window
id="certDetails"
title="&certmgr.certdetail.title;"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="setWindowName();"
persist="height width screenX screenY"
debug="tru1"
>
<script src="viewCertDetails.js"/>
<box orient="vertical" flex="1">
<box flex="0" height="100">
<tree id="CADetailTreeSet" debug="false" width="500" flex="1">
<treecols flex="1">
<treecol flex="1"/>
</treecols>
<treechildren flex="1">
<treeitem container="true" open="true">
<treerow style="border-top: 1px solid black">
<treecell class="treecell-indent" value="Foo CA"/>
</treerow>
<treechildren>
<treeitem container="true" open="true">
<treerow>
<treecell class="treecell-indent" value="Bar CA"/>
</treerow>
<treechildren>
<treeitem>
<treerow>
<treecell class="treecell-indent"
value="Bob Lord's Personal Cert"/>
</treerow>
</treeitem>
</treechildren>
</treeitem>
</treechildren>
</treeitem>
</treechildren>
</tree>
</box>
<box>
<grid style="margin: 5px;border: 1px solid black;">
<columns>
<column width="200"/>
<column width="200"/>
</columns>
<rows>
<row>
<text value="&certmgr.certdetail.cn;" /> <text id="commonname"/>
</row>
<row>
<text value="&certmgr.certdetail.o;" /> <text id="organization"/>
</row>
<row>
<text value="&certmgr.certdetail.ou;" /> <text id="orgunit" />
</row>
</rows>
</grid>
</box>
<box>
<button id="closeButton"
class="normal"
value="&certmgr.close.label;"
orient="horizontal"
onclick="window.close();" />
</box>
</box>
</window>

6
security/manager/pki/resources/jar.mn
View File

@ -11,6 +11,11 @@ pippki.jar:
content/pippki/newserver.xul (content/newserver.xul)
content/pippki/downloadcert.js (content/downloadcert.js)
content/pippki/downloadcert.xul (content/downloadcert.xul)
content/pippki/certManager.js (content/certManager.js)
content/pippki/certManager.xul (content/certManager.xul)
content/pippki/CAOverlay.xul (content/CAOverlay.xul)
content/pippki/viewCertDetails.xul (content/viewCertDetails.xul)
content/pippki/viewCertDetails.js (content/viewCertDetails.js)
content/pippki/pippki.js (content/pippki.js)
content/pippki/domainMismatch.xul (content/domainMismatch.xul)
content/pippki/domainMismatch.js (content/domainMismatch.js)
@ -25,3 +30,4 @@ pippki.jar:
locale/en-US/pippki/newserver.dtd (locale/en-US/newserver.dtd)
locale/en-US/pippki/SecurityPrefs.dtd (locale/en-US/SecurityPrefs.dtd)
locale/en-US/pippki/PageInfoOverlay.dtd (locale/en-US/PageInfoOverlay.dtd)
locale/en-US/pippki/certManager.dtd (locale/en-US/certManager.dtd)

40
security/manager/pki/resources/locale/en-US/certManager.dtd Normal file
View File

@ -0,0 +1,40 @@
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
- Contributor(s):
- Ian McGreer <mcgreer@netscape.com>
-->
<!ENTITY certmgr.title "Certificate Manager">
<!ENTITY certmgr.catab "CA Certificates">
<!ENTITY certmgr.builtinstab "Built-in CAs">
<!ENTITY certmgr.mycastab "CAs Managed By You">
<!ENTITY certmgr.certdetail.title "Certificate Detail">
<!ENTITY certmgr.certdetail.cn "Common Name (CN)">
<!ENTITY certmgr.certdetail.o "Organization (O)">
<!ENTITY certmgr.certdetail.ou "Organizational Unit (OU)">
<!ENTITY certmgr.help.label "Help">
<!ENTITY certmgr.close.label "Close">
<!ENTITY certmgr.view.label "View">
<!ENTITY certmgr.edit.label "Edit">
<!ENTITY certmgr.add.label "Add">
<!ENTITY certmgr.delete.label "Delete">

1
security/manager/pki/src/Makefile.in
View File

@ -51,6 +51,7 @@ EXPORTS = \
CPPSRCS = \
nsNSSDialogs.cpp \
nsPKIModule.cpp \
nsCertificateManager.cpp \
$(NULL)
REQUIRES = nspr security js

1
security/manager/pki/src/makefile.win
View File

@ -62,6 +62,7 @@ EXPORTS = \
OBJS = \
.\$(OBJDIR)\nsNSSDialogs.obj \
.\$(OBJDIR)\nsPKIModule.obj \
.\$(OBJDIR)\nsCertificateManager.obj \
$(NULL)
include <$(DEPTH)\config\rules.mak>

83
security/manager/pki/src/nsCertificateManager.cpp Normal file
View File

@ -0,0 +1,83 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*/
#include "nsIServiceManager.h"
#include "nsIX509CertDB.h"
#include "nsCertificateManager.h"
#include "prlog.h"
#ifdef PR_LOGGING
PRLogModuleInfo* gPIPPKILog = nsnull;
#endif
static NS_DEFINE_IID(kCertDBCID, NS_X509CERTDB_CID);
nsCertificateManager::nsCertificateManager()
{
NS_INIT_REFCNT();
if (!gPIPPKILog)
gPIPPKILog = PR_NewLogModule("pippki");
}
nsCertificateManager::~nsCertificateManager()
{
}
NS_IMPL_ISUPPORTS(nsCertificateManager, NS_GET_IID(nsICertificateManager));
NS_IMETHODIMP
nsCertificateManager::GetCertNicknames(PRUint32 type,
PRUnichar **_rNameList)
{
nsresult rv;
nsAutoString nameList;
PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting certdb service\n"));
NS_WITH_SERVICE(nsIX509CertDB, certdb, kCertDBCID, &rv);
if (NS_FAILED(rv)) return rv;
PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting cert names\n"));
rv = certdb->GetCertificateNames(nsnull, nsIX509Cert::CA_CERT, nameList);
if (NS_SUCCEEDED(rv)) {
PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("converting unicode\n"));
*_rNameList = nameList.ToNewUnicode();
}
return rv;
}
// wstring getCertCN(in string nickname);
NS_IMETHODIMP
nsCertificateManager::GetCertCN(const char *nickname,
PRUnichar **_rvCN)
{
nsresult rv;
nsIX509Cert *cert;
PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting certdb service\n"));
NS_WITH_SERVICE(nsIX509CertDB, certdb, kCertDBCID, &rv);
if (NS_FAILED(rv)) return rv;
PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("getting cert %s\n", nickname));
rv = certdb->GetCertByName(nsnull, nickname, &cert);
if (NS_SUCCEEDED(rv)) {
PR_LOG(gPIPPKILog, PR_LOG_ERROR, ("converting unicode\n"));
rv = cert->GetCommonName(_rvCN);
}
return rv;
}

37
security/manager/pki/src/nsCertificateManager.h Normal file
View File

@ -0,0 +1,37 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*/
#include "nsISupports.h"
#include "nsICertificateManager.h"
class nsCertificateManager : public nsICertificateManager
{
public:
nsCertificateManager();
virtual ~nsCertificateManager();
NS_DECL_ISUPPORTS
NS_DECL_NSICERTIFICATEMANAGER
};

1
security/manager/pki/src/nsNSSDialogs.cpp
View File

@ -641,3 +641,4 @@ nsNSSDialogs::DownloadCACert(nsIInterfaceRequestor *ctx,
return rv;
}

11
security/manager/pki/src/nsPKIModule.cpp
View File

@ -25,8 +25,10 @@
#include "nsIGenericFactory.h"
#include "nsNSSDialogs.h"
#include "nsCertificateManager.h"
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSDialogs, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificateManager)
static nsModuleComponentInfo components[] =
{
@ -36,6 +38,13 @@ static nsModuleComponentInfo components[] =
NS_NSSDIALOGS_CONTRACTID,
nsNSSDialogsConstructor
},
{ "PSM Certificate Manager",
NS_CERTIFICATEMANAGER_CID,
NS_CERTIFICATEMANAGER_CONTRACTID,
nsCertificateManagerConstructor
}
};
NS_IMPL_NSGETMODULE("PKI", components);
NS_IMPL_NSGETMODULE("PKI", components)

1
security/manager/ssl/public/Makefile.in
View File

@ -51,6 +51,7 @@ XPIDLSRCS = \
nsIPKCS11Slot.idl \
nsIPK11TokenDB.idl \
nsINSSDialogs.idl \
nsICertificateManager.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

1
security/manager/ssl/public/makefile.win
View File

@ -57,6 +57,7 @@ XPIDLSRCS= \
.\nsIPKCS11Slot.idl \
.\nsIPK11TokenDB.idl \
.\nsINSSDialogs.idl \
.\nsICertificateManager.idl \
$(NULL)

46
security/manager/ssl/public/nsICertificateManager.idl Normal file
View File

@ -0,0 +1,46 @@
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2001 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Ian McGreer <mcgreer@netscape.com>
*/
#include "nsISupports.idl"
#include "nsIX509Cert.idl"
/**
* nsICertificateManager
* This is the interface for the certificate manager
*/
[scriptable, uuid(246ec570-11aa-11d5-ac66-000064657374)]
interface nsICertificateManager : nsISupports
{
wstring getCertNicknames(in unsigned long type);
wstring getCertCN(in string nickname);
};
%{C++
// 246ec570-11aa-11d5-ac66-000064657374
#define NS_CERTIFICATEMANAGER_CID \
{ 0x246ec570, 0x11aa, 0x11d5, {0xac, 0x66, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74} }
#define NS_CERTIFICATEMANAGER_CONTRACTID "@mozilla.org/security/certmanager;1"
%}

1
security/manager/ssl/public/nsINSSDialogs.idl
View File

@ -110,6 +110,7 @@ interface nsICertificateDialogs : nsISupports
in nsIX509Cert cert,
out unsigned long trust,
out boolean canceled);
};
/**

9
security/manager/ssl/public/nsIX509Cert.idl
View File

@ -72,3 +72,12 @@ interface nsIX509Cert : nsISupports {
};
%{C++
#define NS_X509CERT_CID { 0xf0980f60, 0xee3d, 0x11d4, \
{ 0x99, 0x8b, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0 } }
#define NS_X509CERT_CONTRACTID "@mozilla.org/security/x509cert;1"
%}

80
security/manager/ssl/public/nsIX509CertDB.idl
View File

@ -35,15 +35,83 @@
#include "nsISupports.idl"
interface nsIX509Cert;
%{C++
#include "nsString.h"
%}
[scriptable, uuid(a5b8fb1a-ee62-11d4-998b-00b0d02354a0)]
interface nsIX509Cert;
interface nsIPK11Token;
native nsAutoString(nsAutoString);
[ref] native nsAutoStringRef(nsAutoString);
[scriptable, uuid(da48b3c0-1284-11d5-ac67-000064657374)]
interface nsIX509CertDB : nsISupports {
void importCertificate(in nsIX509Cert cert,
in unsigned long type,
in unsigned long trust,
in wstring nickname);
[noscript] nsIX509Cert getCertByName(in nsIPK11Token aToken,
in string aNickname);
/*
* getCertificateList
*
* Obtain a list of certificates from the database.
*
* token - PKCS#11 token to get certs from (null for all tokens)
* type - type of certificate to obtain (see nsIX509Cert)
* count - number of certs in list
* certs - the list
*/
/*
void getCertificateList(in nsIPK11Token token,
in unsigned long type,
[array, size_is(count)] out nsIX509Cert certs,
[retval] out unsigned long count);
*/
/*
* getCertificateNames
*
* Obtain a list of certificate names from the database.
* What the name is depends on type:
* user, ca, or server cert - the nickname
* email cert - the email address
*
* aToken - PKCS#11 token to get certs from (null for all tokens)
* aType - type of certificate to obtain (see nsIX509Cert)
* rCertNameList - a string of certificate names seperated by a delimiter
*/
[noscript] void getCertificateNames(in nsIPK11Token aToken,
in unsigned long aType,
in nsAutoStringRef rCertNameList);
/*
* importCertificate
*
* Import a certificate into the database.
* XXX For now, this only imports into the default internal slot.
* should there be a importCertificateToSlot? Or change the sig?
*/
[noscript] void importCertificate(in nsIX509Cert cert,
in unsigned long type,
in unsigned long trust,
in wstring nickname);
};
%{C++
#define NS_X509CERTDB_CID { /* da48b3c0-1284-11d5-ac67-000064657374 */ \
0xda48b3c0, \
0x1284, \
0x11d5, \
{0xac, 0x67, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74} \
}
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
#define NS_CERTIFICATEMGR_DATASOURCE_CONTRACTID \
"@mozilla.org/rdf/datasource;1?name=certificatemgr"
%}

194
security/manager/ssl/src/nsNSSCertificate.cpp
View File

@ -32,13 +32,19 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nsNSSCertificate.cpp,v 1.3 2001/02/26 21:50:52 mcgreer%netscape.com Exp $
* $Id: nsNSSCertificate.cpp,v 1.4 2001/03/07 19:24:11 mcgreer%netscape.com Exp $
*/
#include "prmem.h"
#include "nsCOMPtr.h"
#include "nsNSSCertificate.h"
#include "nsIX509Cert.h"
#include "nsString.h"
#include "pk11func.h"
#include "certdb.h"
#include "cert.h"
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
@ -58,8 +64,15 @@ public:
virtual ~nsNSSCertTrust();
/* query */
void IsTrustedCA(PRBool *ssl, PRBool *email, PRBool *objSign);
void IsTrustedPeer(PRBool *ssl, PRBool *email, PRBool *objSign);
PRBool HasCA(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
PRBool HasPeer(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
PRBool HasUser(PRBool checkSSL = PR_TRUE,
PRBool checkEmail = PR_TRUE,
PRBool checkObjSign = PR_TRUE);
/* common defaults */
/* equivalent to "c,c,c" */
@ -100,6 +113,7 @@ public:
private:
void addTrust(unsigned int *t, unsigned int v);
void removeTrust(unsigned int *t, unsigned int v);
PRBool hasTrust(unsigned int t, unsigned int v);
CERTCertTrust mTrust;
};
@ -145,6 +159,11 @@ nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl,
addTrust(&mTrust.objectSigningFlags, objsign);
}
nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
{
memcpy(&mTrust, t, sizeof(CERTCertTrust));
}
nsNSSCertTrust::~nsNSSCertTrust()
{
}
@ -299,12 +318,59 @@ nsNSSCertTrust::SetUser()
PR_TRUE, PR_FALSE);
}
PRBool
nsNSSCertTrust::HasCA(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_CA))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_CA))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasPeer(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_VALID_PEER))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_VALID_PEER))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_PEER))
return PR_FALSE;
return PR_TRUE;
}
PRBool
nsNSSCertTrust::HasUser(PRBool checkSSL,
PRBool checkEmail,
PRBool checkObjSign)
{
if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_USER))
return PR_FALSE;
if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_USER))
return PR_FALSE;
if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
return PR_FALSE;
return PR_TRUE;
}
void
nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
{
*t |= v;
}
PRBool
nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
{
return (t & v);
}
/* Header file */
class nsX509CertValidity : public nsIX509CertValidity
{
@ -458,11 +524,70 @@ nsNSSCertificateDB::~nsNSSCertificateDB()
{
}
/* [noscript] nsIX509Cert getCertByName(in nsIPK11Token aToken,
* in string aNickname);
*/
NS_IMETHODIMP
nsNSSCertificateDB::GetCertByName(nsIPK11Token *aToken,
const char *nickname,
nsIX509Cert **_rvCert)
{
CERTCertificate *cert = NULL;
nsCOMPtr<nsIX509Cert> pCert = nsnull;
char *foo = strdup(nickname);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", foo));
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), foo);
if (cert) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("got it\n"));
pCert = new nsNSSCertificate(cert);
}
*_rvCert = pCert;
NS_ADDREF(*_rvCert);
return NS_OK;
}
/* [noscript] void getCertificateNames(in nsIPK11Token aToken,
* in unsigned long aType,
* in nsAutoStringRef rCertNameList);
*/
NS_IMETHODIMP
nsNSSCertificateDB::GetCertificateNames(nsIPK11Token *aToken,
PRUint32 aType,
nsAutoString& rCertNameList)
{
nsresult rv = NS_ERROR_FAILURE;
/*
* obtain the cert list from NSS
*/
CERTCertList *certList = NULL;
PK11CertListType pk11type;
if (aType == nsIX509Cert::USER_CERT)
pk11type = PK11CertListUser;
else
pk11type = PK11CertListUnique;
certList = PK11_ListCerts(pk11type, NULL);
if (!certList)
goto cleanup;
/*
* get list of cert names from list of certs
* XXX also cull the list (NSS only distinguishes based on user/non-user
*/
getCertNames(certList, aType, rCertNameList);
rv = NS_OK;
/*
* finish up
*/
cleanup:
if (certList)
CERT_DestroyCertList(certList);
return rv;
}
/*
* nsresult importCertificate (in nsIX509Cert cert,
* in unsigned long type,
* in unsigned long trust,
* in wchar tokenName);
* [noscript] void importCertificate (in nsIX509Cert cert,
* in unsigned long type,
* in unsigned long trust,
* in wchar tokenName);
*/
NS_IMETHODIMP
nsNSSCertificateDB::ImportCertificate(nsIX509Cert *cert,
@ -513,3 +638,58 @@ done:
return (srv) ? NS_ERROR_FAILURE : NS_OK;
}
/*
* NSS Helper Routines (private to nsNSSCertificateDB)
*/
#define DELIM '\001'
/*
* GetSortedNameList
*
* Converts a CERTCertList to a list of certificate names
*/
void
nsNSSCertificateDB::getCertNames(CERTCertList *certList,
PRUint32 type,
nsString& nameList)
{
nsresult rv = NS_ERROR_FAILURE;
CERTCertListNode *node;
int i, num = 0;
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("List of certs:\n"));
for (node = CERT_LIST_HEAD(certList);
!CERT_LIST_END(node, certList);
node = CERT_LIST_NEXT(node)) {
if (getCertType(node->cert) == type) {
nameList.AppendWithConversion(DELIM);
if (type == nsIX509Cert::EMAIL_CERT) {
nameList.AppendWithConversion(node->cert->emailAddr);
} else {
nameList.AppendWithConversion(node->cert->nickname);
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("%s\n", node->cert->nickname));
}
}
}
/* somewhat follows logic of cert_list_include_cert from PSM 1.x */
PRUint32
nsNSSCertificateDB::getCertType(CERTCertificate *cert)
{
char *nick = cert->nickname;
char *email = cert->emailAddr;
nsNSSCertTrust trust(cert->trust);
if (nick) {
if (trust.HasUser())
return nsIX509Cert::USER_CERT;
if (trust.HasCA())
return nsIX509Cert::CA_CERT;
if (trust.HasPeer(PR_TRUE, PR_FALSE, PR_FALSE))
return nsIX509Cert::SERVER_CERT;
}
if (email && trust.HasPeer(PR_FALSE, PR_FALSE, PR_TRUE))
return nsIX509Cert::EMAIL_CERT;
return nsIX509Cert::UNKNOWN_CERT;
}

10
security/manager/ssl/src/nsNSSCertificate.h
View File

@ -44,10 +44,6 @@
#include "cert.h"
#include "secitem.h"
#define NS_X509CERTDB_CID { 0x78e5b720, 0x0442, 0x11d5, \
{ 0xac, 0x56, 0x00, 0x00, 0x64, 0x65, 0x73, 0x74 } }
#define NS_X509CERTDB_CONTRACTID "@mozilla.org/x509certdb;1"
/* Certificate */
class nsNSSCertificate : public nsIX509Cert
{
@ -76,6 +72,12 @@ public:
private:
void getCertNames(CERTCertList *certList,
PRUint32 type,
nsString& nameList);
PRUint32 getCertType(CERTCertificate *cert);
};
#endif /* _NS_NSSCERTIFICATE_H_ */

2
security/manager/ssl/src/nsNSSComponent.cpp
View File

@ -648,7 +648,6 @@ CertDownloader::OnStartRequest(nsIRequest* request, nsISupports* context)
return NS_OK;
}
NS_IMETHODIMP
CertDownloader::OnDataAvailable(nsIRequest* request,
nsISupports* context,
@ -677,7 +676,6 @@ CertDownloader::OnDataAvailable(nsIRequest* request,
return NS_OK;
}
NS_IMETHODIMP
CertDownloader::OnStopRequest(nsIRequest* request,
nsISupports* context,