b215898 - Provisional Security UI for Firebird .7. Also reintroduce some XUL blake removed, but commented out.

2025-01-26 06:38:36 +00:00 · 2003-08-27 17:52:04 +00:00 · 2003-08-27 17:52:04 +00:00 · 7c5951e7aa
commit 7c5951e7aa
parent 340f3b91c7
4 changed files with 306 additions and 16 deletions
--- a/browser/components/prefwindow/content/pref-advanced.xul
+++ b/browser/components/prefwindow/content/pref-advanced.xul
@ -1,10 +1,17 @@
 <?xml version="1.0"?> 

+#define PROVISIONAL_SECURITY_UI
+
 <?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
 <?xml-stylesheet href="chrome://mozapps/skin/pref/pref.css" type="text/css"?>
 <?xml-stylesheet href="chrome://browser/skin/pref/pref.css" type="text/css"?>

-<!DOCTYPE window SYSTEM "chrome://browser/locale/pref/pref-advanced.dtd" >
+<!DOCTYPE page [
+  <!ENTITY % brandDTD SYSTEM "chrome://global/locale/brand.dtd">
+  <!ENTITY % advancedDTD SYSTEM "chrome://browser/locale/pref/pref-advanced.dtd">
+  %brandDTD;
+  %advancedDTD;
+]>

 <page xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
      onload="parent.initPanel('chrome://browser/content/pref/pref-advanced.xul');"
@ -16,10 +23,50 @@
                         "loadInBackground", "useAutoScrolling",
                         "useSmoothScrolling", "enableAutoImageResizing",
                         "useSSL2", "useSSL3", "useTLS1", "useTypeAheadFind",
-                         "linksOnlyTypeAheadFind",];
+                         "linksOnlyTypeAheadFind"
+#ifdef PROVISIONAL_SECURITY_UI
+                         , "certSelection", "securityOCSPEnabled", "serviceURL", "signingCA"
+#endif
+                         ];

+#ifdef PROVISIONAL_SECURITY_UI
+      const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
+      const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
+      const nsIOCSPResponder = Components.interfaces.nsIOCSPResponder;
+      const nsISupportsArray = Components.interfaces.nsISupportsArray;
+
+      var certdb;
+      var ocspResponders;
+#endif
      function Startup() {
        updatePrefs();
+#ifdef PROVISIONAL_SECURITY_UI
+        var ocspEntry;
+        var i;
+
+        certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
+        ocspResponders = certdb.getOCSPResponders();
+
+        var signersMenu = document.getElementById("signingCA");
+        var signersURL = document.getElementById("serviceURL");
+        for (i=0; i<ocspResponders.length; i++) {
+          ocspEntry = ocspResponders.queryElementAt(i, nsIOCSPResponder);
+          var menuItemNode = document.createElement("menuitem");
+          menuItemNode.setAttribute("value", ocspEntry.responseSigner);
+          menuItemNode.setAttribute("label", ocspEntry.responseSigner);
+          signersMenu.firstChild.appendChild(menuItemNode);
+        }
+
+        doSecurityEnabling();
+        
+        // XXXben menulists suck, see explanation in pref-privacy.js
+        // style resolution problem inside scrollable areas. 
+        var scb = document.getElementById("signingCABox");
+        var sca = document.getElementById("signingCA");
+        sca.removeAttribute("hidden");
+        sca.parentNode.removeChild(sca);
+        scb.appendChild(sca);
+#endif
      }

      function updatePrefs() {
@ -27,6 +74,80 @@
        var linksOnly = document.getElementById("linksOnlyTypeAheadFind");
        linksOnly.disabled = !enabled;
      }
+
+#ifdef PROVISIONAL_SECURITY_UI
+      function doSecurityEnabling()
+      {
+        var signersMenu = document.getElementById("signingCA");
+        var signersURL = document.getElementById("serviceURL");
+        var radiogroup = document.getElementById("securityOCSPEnabled");
+        
+        switch ( radiogroup.value ) {
+        case "0":
+        case "1":
+          signersMenu.setAttribute("disabled", true);
+          signersURL.setAttribute("disabled", true);
+          break;
+        case "2":
+        default:
+          signersMenu.removeAttribute("disabled");
+          signersURL.removeAttribute("disabled");
+        }
+      }
+
+      function changeURL()
+      {
+        var signersMenu = document.getElementById("signingCA");
+        var signersURL = document.getElementById("serviceURL");
+        var CA = signersMenu.getAttribute("value");
+        var i;
+        var ocspEntry;
+
+        for (i=0; i < ocspResponders.length; i++) {
+          ocspEntry = ocspResponders.queryElementAt(i, nsIOCSPResponder);
+          if (CA == ocspEntry.responseSigner) {
+            signersURL.setAttribute("value", ocspEntry.serviceURL);
+            break;
+          }
+        }
+      }
+
+      function openCrlManager()
+      {
+          window.open('chrome://pippki/content/crlManager.xul',  "",
+                      'chrome,width=500,height=400,resizable=1');
+      }
+
+      function openCertManager()
+      {
+        //check for an existing certManager window and focus it; it's not application modal
+        const kWindowMediatorContractID = "@mozilla.org/appshell/window-mediator;1";
+        const kWindowMediatorIID = Components.interfaces.nsIWindowMediator;
+        const kWindowMediator = Components.classes[kWindowMediatorContractID].getService(kWindowMediatorIID);
+        var lastCertManager = kWindowMediator.getMostRecentWindow("mozilla:certmanager");
+        if (lastCertManager)
+          lastCertManager.focus();
+        else {
+          window.open('chrome://pippki/content/certManager.xul',  "",
+                      'chrome,height=400,centerscreen,resizable=yes,dialog=no');
+        }
+      }
+
+      function openDeviceManager()
+      {
+        //check for an existing deviceManger window and focus it; it's not application modal
+        const kWindowMediatorContractID = "@mozilla.org/appshell/window-mediator;1";
+        const kWindowMediatorIID = Components.interfaces.nsIWindowMediator;
+        const kWindowMediator = Components.classes[kWindowMediatorContractID].getService(kWindowMediatorIID);
+        var lastCertManager = kWindowMediator.getMostRecentWindow("mozilla:devicemanager");
+        if (lastCertManager)
+          lastCertManager.focus();
+        else {
+          window.open('chrome://pippki/content/device_manager.xul',  "devmgr",
+                      'chrome,height=400,centerscreen,resizable=yes,dialog=no');
+        }
+      }
+#endif
    ]]>
  </script>

@ -61,6 +182,104 @@
      <checkbox id="useTLS1" label="&useTLS1.label;"
                prefstring="security.enable_tls"/>
    </expander>
+    
+#ifdef PROVISIONAL_SECURITY_UI
+    <expander id="certs" label="&certs.label;" open="false" persist="open" clearhidden="true">      
+      <description>This section is PROVISIONAL and will change or disappear in future releases!
+                   It exists here now only to provide this functionality where no other access point
+                   is available.</description>
+      <groupbox align="start">
+        <caption label="&SSLClientAuthMethod;"/>
+        <description>&certselect.description;</description>
+        <!-- Prefs -->
+        <radiogroup id="certSelection" orient="horizontal" preftype="string" 
+	            prefstring="security.default_personal_cert">
+          <radio label="&certselect.auto;" value="Select Automatically"/>
+          <radio label="&certselect.ask;" value="Ask Every Time"/>
+        </radiogroup>
+      </groupbox>
+
+      <!-- Certificate manager -->
+      <groupbox>
+        <caption label="&managecerts.label;"/>
+        <description>&managecerts.text;</description>
+        <hbox align="center">
+          <button label="&managecerts.button;"
+                  oncommand="openCertManager();" 
+                  id="openCertManagerButton"
+                  accesskey="&managecerts.accesskey;"
+                  prefstring="security.disable_button.openCertManager"/>
+        </hbox>
+      </groupbox>
+
+      <!-- Device manager -->
+      <groupbox>
+        <caption label="&managedevices.label;"/>
+        <description>&managedevices.text;</description>
+        <hbox align="center">
+          <button label="&managedevices.button;"
+                  oncommand="openDeviceManager();"
+                  id="openDeviceManagerButton"
+                  accesskey="&managedevices.accesskey;"
+                  prefstring="security.disable_button.openDeviceManager"/>
+        </hbox>
+      </groupbox>
+    </expander>
+    
+    <expander id="validation" label="&validation.label;" open="false" persist="open" clearhidden="true">      
+      <description>This section is PROVISIONAL and will change or disappear in future releases!
+                   It exists here now only to provide this functionality where no other access point
+                   is available.</description>
+      <groupbox>
+        <caption label="&validation.crl.label;"/>
+        <description>&validation.crl.description;</description>
+        <hbox align="center">
+          <button label="&validation.managecrls.button;"
+                  oncommand="openCrlManager();"
+                  id="managecrlbutton"
+                  accesskey="&validation.managecrls.accesskey;"
+                  prefstring="security.OCSP.disable_button.managecrl"/>
+        </hbox>
+      </groupbox>
+
+      <groupbox align="start">
+        <caption label="&validation.ocsp.label;"/>
+        <description>&validation.ocsp.description;</description>
+        <!-- Prefs -->
+        <radiogroup id="securityOCSPEnabled"
+                    prefstring="security.OCSP.enabled">
+            <radio value="0" label="&disableOCSP.label;" oncommand="doSecurityEnabling();"/>
+            <radio value="1" label="&certOCSP.label;" oncommand="doSecurityEnabling();"/>
+            <radio value="2" label="&proxyOCSP.label;" oncommand="doSecurityEnabling();"/>
+
+            <grid class="indent" flex="1">
+              <columns>
+              <column/>
+              <column flex="1"/>
+              </columns>
+              
+              <rows>
+                <row align="center">
+                  <label value="&signingCA.label;" accesskey="&signingCA.accesskey;" control="signingCA"/>
+                  <hbox id="signingCABox" flex="1"/>
+                </row>
+                <row align="center">
+                  <label value="&serviceURL.label;" accesskey="&serviceURL.accesskey;" control="serviceURL"/>
+                  <textbox id="serviceURL" prefstring="security.OCSP.URL"/>
+                </row>
+            </rows>
+          </grid>
+        </radiogroup>
+      </groupbox>
+    </expander>    
+
+    <menulist id="signingCA" preftype="string" prefstring="security.OCSP.signingCA"
+              flex="1" oncommand="changeURL()" hidden="true">
+      <menupopup/>
+    </menulist>
+
+#endif
  </vbox>
+
 </page>

--- a/browser/components/prefwindow/content/pref-privacy.js
+++ b/browser/components/prefwindow/content/pref-privacy.js
@ -35,6 +35,7 @@
 # 
 # ***** END LICENSE BLOCK *****

+#define DL_RETAIN_WINDOW 0

 var _elementIDs = ["histDay", "browserCacheDiskCache", "enableCookies",
                    "enableCookiesForOriginatingSiteOnly", "enableCookiesForCurrentSessionOnly",
@ -78,7 +79,7 @@ function Startup() {
  
  var categories = document.getElementById("privacyCategories");
  categories.addEventListener("clear", PrivacyPanel.clear, false);
-  
+
  // XXXben - we do this because of a bug with the download retention window menulist. 
  // The bug is that when the Options dialog opens, or you switch from another panel to
  // this panel, style is incompletely resolved on the menulist's display area anonymous
@ -92,11 +93,11 @@ function Startup() {
  // the bound element. dbaron is helping me with this with a reduced test case, but in 
  // the meantime, I'm working around this bug by placing the menulist outside the bound element
  // until it is completely initialized and then scooting it in, which is what this code does. 
-  // var drb = document.getElementById("downloadsRetentionBox");
-  // var drp = document.getElementById("downloadsRetentionPolicy");
-  // drp.removeAttribute("hidden");
-  // document.documentElement.removeChild(drp);
-  // drb.appendChild(drp);
+# var drb = document.getElementById("downloadsRetentionBox");
+# var drp = document.getElementById("downloadsRetentionPolicy");
+# drp.removeAttribute("hidden");
+# document.documentElement.removeChild(drp);
+# drb.appendChild(drp);
 }

 function unload()
--- a/browser/components/prefwindow/content/pref-privacy.xul
+++ b/browser/components/prefwindow/content/pref-privacy.xul
@ -92,6 +92,10 @@
    <!-- Downloaded Files List -->
    <expander id="downloads" label="&downloads.label;" clearlabel="&clearDownloads.label;" persist="open">
      <description>&downloadsDescription.label;</description>     
+
+#      <hbox align="center" id="downloadsRetentionBox">                          
+#        <description>&downloadsRetentionPolicy.label;</description>             
+#      </hbox>                                                                         
    </expander>

    <!-- Cookies -->
@ -143,14 +147,15 @@
    <button label="&clearAll.label;" oncommand="PrivacyPanel.clearAll();"/>
  </hbox>

-#  <menulist id="downloadsRetentionPolicy" hidden="true"
-#            preftype="int" prefstring="browser.download.retention" prefdefval="0">
-#    <menupopup>
-#      <menuitem value="0" label="&downloadsRemoveImmediately.label;"/>
-#      <menuitem value="1" label="&downloadsRemoveExit.label;"/>
-#      <menuitem value="2" label="&downloadsRemoveManually.label;"/>
-#    </menupopup>
-#  </menulist>
+
+# <menulist id="downloadsRetentionPolicy" hidden="true"
+#           preftype="int" prefstring="browser.download.retention" prefdefval="0">
+#   <menupopup>
+#     <menuitem value="0" label="&downloadsRemoveImmediately.label;"/>
+#     <menuitem value="1" label="&downloadsRemoveExit.label;"/>
+#     <menuitem value="2" label="&downloadsRemoveManually.label;"/>
+#   </menupopup>
+# </menulist>

 </page>
    
--- a/browser/components/prefwindow/locale/pref-advanced.dtd
+++ b/browser/components/prefwindow/locale/pref-advanced.dtd
@ -17,3 +17,68 @@
 <!ENTITY useTLS1.label                "Use TLS 1.0">
 <!ENTITY useTypeAheadFind.label       "Use Find As You Type">
 <!ENTITY linksOnlyTypeAheadFind.label "to search links only">
+
+<!-- PROVISIONAL SECURITY UI ONLY -->
+<!-- Certs -->
+<!ENTITY certs.label                  "Certificates">
+<!ENTITY SSLClientAuthMethod          "Client Certificate Selection">
+<!ENTITY certselect.description       "Decide how &brandShortName; selects a security certificate to present to web sites that require one:">
+<!ENTITY certselect.auto              "Select Automatically">
+<!ENTITY certselect.ask               "Ask Every Time">
+<!ENTITY  managecerts.label           "Manage Certificates">
+<!ENTITY  managecerts.text            "Use the Certificate Manager to manage your personal certificates, as well as those of other people and certificate authorities.">
+<!ENTITY  managecerts.button          "Manage Certificates...">
+<!ENTITY  managecerts.accesskey       "M">
+<!ENTITY  managedevices.label         "Manage Security Devices">
+<!ENTITY  managedevices.text          "Use this button to manage your security devices, such as smart cards.">
+<!ENTITY  managedevices.button        "Manage Security Devices...">
+<!ENTITY  managedevices.accesskey     "S">
+
+<!ENTITY  validation.label            "Validation">
+
+<!-- Validation -->
+<!ENTITY  validation.title          "Validation">
+
+<!ENTITY  validation.crl.label      "CRL">
+<!ENTITY  validation.crl.description "Use the CRL Manager to manage the Certificate Revocation Lists (CRL) that are stored in your certificate database.">
+<!ENTITY  validation.managecrls.button      "Manage CRLs...">
+<!ENTITY  validation.managecrls.accesskey   "M">
+<!ENTITY  validation.crlmanager.label       "Manage CRLs">
+<!ENTITY  validation.crlname.label          "Name">
+<!ENTITY  validation.crllastupdate.label    "Last Update">
+<!ENTITY  validation.crlnextupdate.label    "Next Update">
+<!ENTITY  validation.crlautoupdateenabled.label   "Auto Update">
+<!ENTITY  validation.crlautoupdatestatus.label    "Auto Update Status">
+<!ENTITY  validation.deletecrl.label        "Delete">
+<!ENTITY  validation.updatecrl.label        "Update">
+<!ENTITY  validation.advanced.label         "Settings">
+
+<!ENTITY  validation.crl.autoupdate.title            "Automatic CRL Update Preferences">
+<!ENTITY  validation.crl.autoupdate.enable.label     "Enable Automatic Update for this CRL">
+<!ENTITY  validation.crl.autoupdate.time.label1      "Update">
+<!ENTITY  validation.crl.autoupdate.time.label2      "Day(s) before Next Update date">
+<!ENTITY  validation.crl.autoupdate.freq.label1      "Update every">
+<!ENTITY  validation.crl.autoupdate.freq.label2      "Day(s)">
+<!ENTITY  validation.crl.autoupdate.url.label        "CRL would be imported From:">
+<!ENTITY  crl.import.status.title         "CRL Import Status">
+<!ENTITY  crl.import.success.message      "The Certificate Revocation List (CRL) was successfully imported.">
+<!ENTITY  crl.issuer.label                "CRL Issued By:">
+<!ENTITY  crl.issuer.org.label            "Organization: ">
+<!ENTITY  crl.issuer.orgunit.label        "Unit: ">
+<!ENTITY  crl.import.nextupdate.label     "Next Update On: ">
+<!ENTITY  crl.autoupdate.fail.cnt.label      "Previous Consecutive Update Failures: ">
+<!ENTITY  crl.autoupdate.fail.reason.label   "Details of Last Update Failure: ">
+<!ENTITY  ok.button        "OK">
+<!ENTITY  cancel.button    "Cancel">
+<!ENTITY  help.button      "Help">
+<!ENTITY  edit.button      "Settings">
+
+<!ENTITY validation.ocsp.label      "OCSP">
+<!ENTITY validation.ocsp.description "&brandShortName; can use Online Certificate Status Protocol (OCSP) to verify certificates. Set &brandShortName; to use OCSP as follows:">
+<!ENTITY disableOCSP.label "Do not use OCSP for certificate validation">
+<!ENTITY certOCSP.label "Use OCSP to validate only certificates that specify an OCSP service URL">
+<!ENTITY proxyOCSP.label "Use OCSP to validate all certificates using this URL and signer:">
+<!ENTITY serviceURL.label "Service URL:">
+<!ENTITY serviceURL.accesskey "S">
+<!ENTITY signingCA.label "Response Signer:">
+<!ENTITY signingCA.accesskey "R">