The functionality is unnecessary duplication of what the Device Manager already
does, and nsITokenDialogs.ChooseToken() exists as a dedicated UI for choosing
tokens anyways.
Since we're already breaking addon compat, the changes here also update
nsITokenPasswordDialogs.setPassword() to not unnecessarily return the `canceled`
value through an outparam.
MozReview-Commit-ID: C2KVXzrpDR3
--HG--
extra : rebase_source : e0e6eb89735125a9b85491356c9d367eab0c2a3b
In general, any code that was using nsIX509Cert.nickname should be able to use
the attribute displayName (if using nickname for display purposes) or the
attribute dbKey (if using nickname as a unique identifier for a certificate).
MozReview-Commit-ID: G9CfMJDfLqe
--HG--
extra : rebase_source : 1c464dab8f028568cedd5a42cf87428b8bb63fc0
This patch makes the following changes:
1. renames nsIX509Cert.windowTitle to displayName
2. removes (most of*) displayName's use of the NSS certificate nickname API
3. adds additional fields that displayName will attempt to use to find a good
name to return (namely, organizationalUnitName and organizationName)
*except for built-in roots, where we have a good hard-coded value for the name
MozReview-Commit-ID: Bt864GnOu7D
--HG--
extra : rebase_source : 5d85aaf68fd4fbe563596354a5ed50e541689934
nsIDialogParamBlock isn't a great API, and is best avoided.
This patch also splits password.js into two files that implement the
functionality of changepassword.xul and setp12password.xul
respectively, and adds a test.
MozReview-Commit-ID: A1GlnIFl8h
--HG--
rename : security/manager/pki/resources/content/password.js => security/manager/pki/resources/content/changepassword.js
extra : rebase_source : ae3e4491951e749fe0ffb6f2c25205072a3698b0
An nsIDialogParamBlock is unnecessary for how deletecert.(js|xul) is currently
used. Moreover, nsIDialogParamBlock is arguably a poor API, so moving away from
it is also advantageous.
In addition, this patch also fixes this bug:
1. Select a cert to delete in one of the cert manager tabs.
2. Press the delete button to launch the confirmation dialog, but don't accept
or cancel.
3. Switch to another tab in the cert manager.
4. Press the accept button in the confirmation dialog.
ER:
Cert selected in the original tab is deleted.
AR:
Cert at the same index of the new tab is deleted, even though it was never
selected.
MozReview-Commit-ID: 3N8klOhrVzi
--HG--
extra : rebase_source : 92c11209e0fed36ab88f4a9d0fa7e82c88a1ca4a
nsIDialogParamBlock isn't a great API, and is best avoided.
This patch also updates downloadcert.js to match modern PSM style, and adds a
test.
MozReview-Commit-ID: J2g2H0iBAn4
--HG--
extra : rebase_source : 9365f7b1c7a88caef84f0353e18510dcab9a5d32
nsIDialogParamBlock isn't a great API, and is best avoided.
MozReview-Commit-ID: 2B0HkKNJizo
--HG--
extra : rebase_source : a05e7a05ff0745f26d08616a74b532bc8a37c4fd
The cert viewer currently supports two ways to pass a handle to the cert:
1. Passing the nickname of the cert via window.name.
2. Via an nsIDialogParamBlock, which is itself accessed through window.arguments.
Method 1 is unused and unnecessary.
Method 2 is overly complex: the relevant nsIX509Cert can just be passed directly.
This patch does the following:
1. Makes it so that there is only a single, straightforward way to pass a handle
to the cert.
2. Makes the cert viewer title localisable while we're nearby.
3. Renames viewCertDetails.js to better reflect the current use of the file.
MozReview-Commit-ID: pqtfNgvImT
--HG--
rename : security/manager/pki/resources/content/viewCertDetails.js => security/manager/pki/resources/content/certViewer.js
extra : rebase_source : 776a27111ab26cdcdc91b002890c43a3fe4f48e8
editcacert.xul/editcerts.js currently requires the |dbKey| attribute of an
nsIX509Cert to be passed to it via the window name so it can get a handle to the
nsIX509Cert.
This has two problems:
1. This used to trigger warnings, and is unwise to do in any case.
2. It's unnecessary complexity - the nsIX509Cert can be passed directly.
This patch:
1. Addresses the two problems.
2. Adds a test to ensure the functionality of editcerts.js actually works.
3. Rewrites editcerts.js to better fit modern PSM style.
4. Updates the name of editcerts.js so it's more consistent with the general
convention under security/pki/resources/content
MozReview-Commit-ID: ECxziXq5TmL
--HG--
rename : security/manager/pki/resources/content/editcerts.js => security/manager/pki/resources/content/editcacert.js
extra : rebase_source : ae140466dccf947cd28cbda102c1e5b3ea0eb9d4
editcacert.xul/editcerts.js currently requires the |dbKey| attribute of an
nsIX509Cert to be passed to it via the window name so it can get a handle to the
nsIX509Cert.
This has two problems:
1. This used to trigger warnings, and is unwise to do in any case.
2. It's unnecessary complexity - the nsIX509Cert can be passed directly.
This patch:
1. Addresses the two problems.
2. Adds a test to ensure the functionality of editcerts.js actually works.
3. Rewrites editcerts.js to better fit modern PSM style.
4. Updates the name of editcerts.js so it's more consistent with the general
convention under security/pki/resources/content
MozReview-Commit-ID: ECxziXq5TmL
--HG--
rename : security/manager/pki/resources/content/editcerts.js => security/manager/pki/resources/content/editcacert.js
extra : rebase_source : 46a6b2ff2ee90aded61a27b21ce3d5c1a8bed5c2
Deleting certs via the cert manager results in a confirmation dialog popping up.
This dialog contains a list of certs that were selected for deletion.
Currently, only the Common Name of each cert is used to represent it in the list.
This is a problem for certs that don't have a CN. More jarringly, the cert
manager itself falls back to various other attributes, so for example selecting
a cert that is represented by its OU ends up popping up a dialog where an empty
list is shown.
MozReview-Commit-ID: 3z4BebW8Ucd
--HG--
extra : rebase_source : 468eb3de470e3ec42471c80183a9c48ebfb130c9
extra : histedit_source : 90e1d2fc73aaba4ded68d933b6ea3a6092d60636
The code is used in comm-central, but is unused in mozilla-central. It will be
imported into comm-central in Bug 1297368.
MozReview-Commit-ID: BEY9BR0YRiD
--HG--
extra : rebase_source : 6d34c1e82cd749a009f26be50fde0537373f2f9e
This patch adds tests for the core aspects of the client authentication code,
mainly to ensure the client auth process even works.
MozReview-Commit-ID: DzV4BuwlrDE
--HG--
extra : rebase_source : 43224d3159964f02b175e8c54491b2cabba2cb8a
It appears the wallet code was not included during the initial 2007 import of
code from CVS to Mercurial, so anything referencing wallet has been dead code
ever since.
MozReview-Commit-ID: BRTd1M0DsT0
--HG--
extra : transplant_source : %BC%FC%05%AE%B5%8C%DC%21J%DC%B4%B17M%19%AA%F3%B9%05L
chooseCertificate() currently uses a concatenation of the Common Name of the
server cert and the port of the server to allow the user to identify the server
requesting client authentication. Unfortunately, this approach is flawed, since
it doesn't take into account things like SAN entries, which might be very
different from the CN.
Using the hostname instead avoids this problem.
MozReview-Commit-ID: 6XjGCknWNi9
--HG--
extra : transplant_source : k%10N%7B%E8%A4%9B%C9%9A%23Q%D1%99%D2%A3%C0.%2B%7F%A5
This removes the unnecessary setting of c-basic-offset from all
python-mode files.
This was automatically generated using
perl -pi -e 's/; *c-basic-offset: *[0-9]+//'
... on the affected files.
The bulk of these files are moz.build files but there a few others as
well.
MozReview-Commit-ID: 2pPf3DEiZqx
--HG--
extra : rebase_source : 0a7dcac80b924174a2c429b093791148ea6ac204
nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and
getUsagesString. These APIs were problematic in that the synchronous ones would
cause certificate verification to block the main thread and the asynchronous one
was needlessly indirect in its definition (it made use of two additional
special-case xpidl types) and needlessly complex in its implementation (it
required nsNSSComponent to manually manage a background thread without the aid
of recent improvements in that area (e.g. CryptoTask)). Furthermore, these APIs
would return string descriptions of the usages the certificate in question had
been verified for rather than using more concrete identifiers or values. This
paradigm is usable but imprecise. The new nsIX509CertDB API
asyncVerifyCertAtTime is much more expressive, enforces off-main-thread
computation, and makes use of CryptoTask for a simple implementation. Using this
API, previous uses of the old nsIX509Cert APIs can be replaced. As an additional
benefit, this removes a ton of obsolete C++ code.
MozReview-Commit-ID: KXVTcjAKehu
--HG--
extra : rebase_source : 50c51f73b2b61ed0ad4dc9702cc5df470ce998bc
This makes the certificate viewer able to shrink itself down a bit on small
screen sizes. Without this patch, the "Close" button would be off the screen on
small resolutions like 1024x768. On larger screen sizes, this patch should have
no effect on the initial size of the certificate viewer window (although it now
can be made smaller manually).
MozReview-Commit-ID: IET9dxx23Xc
--HG--
extra : rebase_source : 487c88d626df7184502226b9ce02410adc504f12
This provides implementations of ChooseCertificate() with more flexibility, and
allows callers of ChooseCertificate() to be less complex.
A portion of this work involves reimplementing
nsNSSCertificate::FormatUIStrings() in JS and improving UI strings for l10n.
MozReview-Commit-ID: CE7Uc2ntwmZ
--HG--
extra : transplant_source : R%A8eC%CEO2%DC%20%F7%B4V%F3g%E6h%EB%D5%8D3
This fixes the following in the IDL:
1. Misleading or unclear parameter names in the IDL. |cn| in practice is the
concatenation of the CN of the server cert and the port of the server, and
|issuer| is the Organization of the issuer cert of the server cert.
2. Use of the |wstring| type. |AString| is generally preferred, and has the
benefit of letting implementations skip null checks due to the use of
references.
3. Using an explicit |canceled| outparam instead of just setting a return type.
There is no need for the outparam if the return type can be used.
4. Using |long| (int32_t) for |selectedIndex|. |unsigned long| (uint32_t) is
more logical, and paves the way for future changes.
This fixes the following in the Android implementation:
1. Lack of checks to ensure the QueryInterface() call succeeded. In practice,
the call will always succeed, but it's good practice to check anyways.
2. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
This fixes the following in the desktop implementation:
1. Lack of null pointer checking.
2. Trying to get a parent window ref off a context that doesn't actually support
doing so.
3. Setting a variable to an nsIPrefService instance initially, then later
setting it to a pref branch instance later on. This is confusing and
unnecessary.
4. Abusal of the CAPS bundle.
5. Unnecessary variables.
6. Variables declared far away from where they are used.
7. Variable shadowing.
8. Style issues.
9. Lack of documentation.
This also fixes the following:
1. Lack of localisation notes.
MozReview-Commit-ID: FTc6XecJd6h
--HG--
extra : transplant_source : %ABQ%8F%E6%A3%25%FE%94%E4%D6X%3D%28%2C%05%5E%FB%84.-
Be warned. Do not attemp to change the .js "test" source code in ./js
They are meant to check
- the outdated 0666 octal constant is still parsed correctly,
- the outdated 0666 octal constant raises syntax error flag
in strict mode, etc.
So leave them alone.
It no longer serves any useful purpose:
1. It is no longer possible to add explicit trust for server certs post Bug 825583.
1A. The Add Exception feature is better suited for this anyways.
2. It isn't possible to set explicit distrust in the Cert Manager, only remove explicit trust.
3. Importing may also inadvertently cause verification failures (see Bug 1202636).
