security/manager/pki/resources/content/editcerts.js@141e0f1194b1 (annotated)
security/manager/pki/resources/content/editcerts.js
Wed, 31 Dec 2014 07:16:47 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 07:16:47 +0100
- branch
- TOR_BUG_9701
- changeset 3
- 141e0f1194b1
- permissions
- -rw-r--r--
Revert simplistic fix pending revisit of Mozilla integration attempt.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | const nsIX509Cert = Components.interfaces.nsIX509Cert; |
| michael@0 | 6 | const nsX509CertDB = "@mozilla.org/security/x509certdb;1"; |
| michael@0 | 7 | const nsIX509CertDB = Components.interfaces.nsIX509CertDB; |
| michael@0 | 8 | const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock; |
| michael@0 | 9 | |
| michael@0 | 10 | var certdb; |
| michael@0 | 11 | var cert; |
| michael@0 | 12 | |
| michael@0 | 13 | function doPrompt(msg) |
| michael@0 | 14 | { |
| michael@0 | 15 | let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]. |
| michael@0 | 16 | getService(Components.interfaces.nsIPromptService); |
| michael@0 | 17 | prompts.alert(window, null, msg); |
| michael@0 | 18 | } |
| michael@0 | 19 | |
| michael@0 | 20 | function setWindowName() |
| michael@0 | 21 | { |
| michael@0 | 22 | var dbkey = self.name; |
| michael@0 | 23 | |
| michael@0 | 24 | // Get the cert from the cert database |
| michael@0 | 25 | certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB); |
| michael@0 | 26 | cert = certdb.findCertByDBKey(dbkey, null); |
| michael@0 | 27 | |
| michael@0 | 28 | var bundle = document.getElementById("pippki_bundle"); |
| michael@0 | 29 | |
| michael@0 | 30 | var message1 = bundle.getFormattedString("editTrustCA", [cert.commonName]); |
| michael@0 | 31 | setText("certmsg", message1); |
| michael@0 | 32 | |
| michael@0 | 33 | var ssl = document.getElementById("trustSSL"); |
| michael@0 | 34 | if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, |
| michael@0 | 35 | nsIX509CertDB.TRUSTED_SSL)) { |
| michael@0 | 36 | ssl.setAttribute("checked", "true"); |
| michael@0 | 37 | } else { |
| michael@0 | 38 | ssl.setAttribute("checked", "false"); |
| michael@0 | 39 | } |
| michael@0 | 40 | var email = document.getElementById("trustEmail"); |
| michael@0 | 41 | if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, |
| michael@0 | 42 | nsIX509CertDB.TRUSTED_EMAIL)) { |
| michael@0 | 43 | email.setAttribute("checked", "true"); |
| michael@0 | 44 | } else { |
| michael@0 | 45 | email.setAttribute("checked", "false"); |
| michael@0 | 46 | } |
| michael@0 | 47 | var objsign = document.getElementById("trustObjSign"); |
| michael@0 | 48 | if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, |
| michael@0 | 49 | nsIX509CertDB.TRUSTED_OBJSIGN)) { |
| michael@0 | 50 | objsign.setAttribute("checked", "true"); |
| michael@0 | 51 | } else { |
| michael@0 | 52 | objsign.setAttribute("checked", "false"); |
| michael@0 | 53 | } |
| michael@0 | 54 | } |
| michael@0 | 55 | |
| michael@0 | 56 | function doOK() |
| michael@0 | 57 | { |
| michael@0 | 58 | var ssl = document.getElementById("trustSSL"); |
| michael@0 | 59 | var email = document.getElementById("trustEmail"); |
| michael@0 | 60 | var objsign = document.getElementById("trustObjSign"); |
| michael@0 | 61 | var trustssl = (ssl.checked) ? nsIX509CertDB.TRUSTED_SSL : 0; |
| michael@0 | 62 | var trustemail = (email.checked) ? nsIX509CertDB.TRUSTED_EMAIL : 0; |
| michael@0 | 63 | var trustobjsign = (objsign.checked) ? nsIX509CertDB.TRUSTED_OBJSIGN : 0; |
| michael@0 | 64 | // |
| michael@0 | 65 | // Set the cert trust |
| michael@0 | 66 | // |
| michael@0 | 67 | certdb.setCertTrust(cert, nsIX509Cert.CA_CERT, |
| michael@0 | 68 | trustssl | trustemail | trustobjsign); |
| michael@0 | 69 | return true; |
| michael@0 | 70 | } |
| michael@0 | 71 | |
| michael@0 | 72 | function doLoadForEmailCert() |
| michael@0 | 73 | { |
| michael@0 | 74 | var dbkey = self.name; |
| michael@0 | 75 | |
| michael@0 | 76 | // Get the cert from the cert database |
| michael@0 | 77 | certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB); |
| michael@0 | 78 | cert = certdb.findCertByDBKey(dbkey, null); |
| michael@0 | 79 | |
| michael@0 | 80 | var bundle = document.getElementById("pippki_bundle"); |
| michael@0 | 81 | |
| michael@0 | 82 | var message1 = bundle.getFormattedString("editTrustEmail", [cert.commonName]); |
| michael@0 | 83 | setText("certmsg", message1); |
| michael@0 | 84 | |
| michael@0 | 85 | setText("issuer", cert.issuerName); |
| michael@0 | 86 | |
| michael@0 | 87 | var cacert = getCaCertForEntityCert(cert); |
| michael@0 | 88 | if(cacert == null) |
| michael@0 | 89 | { |
| michael@0 | 90 | setText("explanations", bundle.getString("issuerNotKnown")); |
| michael@0 | 91 | } |
| michael@0 | 92 | else if(certdb.isCertTrusted(cacert, nsIX509Cert.CA_CERT, |
| michael@0 | 93 | nsIX509CertDB.TRUSTED_EMAIL)) |
| michael@0 | 94 | { |
| michael@0 | 95 | setText("explanations", bundle.getString("issuerTrusted")); |
| michael@0 | 96 | } |
| michael@0 | 97 | else |
| michael@0 | 98 | { |
| michael@0 | 99 | setText("explanations", bundle.getString("issuerNotTrusted")); |
| michael@0 | 100 | } |
| michael@0 | 101 | var sslTrust = document.getElementById("sslTrustGroup"); |
| michael@0 | 102 | sslTrust.value = certdb.isCertTrusted(cert, nsIX509Cert.EMAIL_CERT, |
| michael@0 | 103 | nsIX509CertDB.TRUSTED_EMAIL); |
| michael@0 | 104 | } |
| michael@0 | 105 | |
| michael@0 | 106 | function doEmailOK() |
| michael@0 | 107 | { |
| michael@0 | 108 | var sslTrust = document.getElementById("sslTrustGroup"); |
| michael@0 | 109 | var trustemail = sslTrust.value == "true" |
| michael@0 | 110 | ? nsIX509CertDB.TRUSTED_EMAIL |
| michael@0 | 111 | : nsIX509CertDB.UNTRUSTED; |
| michael@0 | 112 | // |
| michael@0 | 113 | // Set the cert trust |
| michael@0 | 114 | // |
| michael@0 | 115 | certdb.setCertTrust(cert, nsIX509Cert.EMAIL_CERT, trustemail); |
| michael@0 | 116 | return true; |
| michael@0 | 117 | } |
| michael@0 | 118 | |
| michael@0 | 119 | function editCaTrust() |
| michael@0 | 120 | { |
| michael@0 | 121 | var cacert = getCaCertForEntityCert(cert); |
| michael@0 | 122 | if(cacert != null) |
| michael@0 | 123 | { |
| michael@0 | 124 | window.openDialog('chrome://pippki/content/editcacert.xul', cacert.dbKey, |
| michael@0 | 125 | 'chrome,centerscreen,modal'); |
| michael@0 | 126 | } |
| michael@0 | 127 | else |
| michael@0 | 128 | { |
| michael@0 | 129 | var bundle = document.getElementById("pippki_bundle"); |
| michael@0 | 130 | doPrompt(bundle.getString("issuerCertNotFound")); |
| michael@0 | 131 | } |
| michael@0 | 132 | } |
| michael@0 | 133 | |
| michael@0 | 134 | function getCaCertForEntityCert(cert) |
| michael@0 | 135 | { |
| michael@0 | 136 | var nextCertInChain; |
| michael@0 | 137 | nextCertInChain = cert; |
| michael@0 | 138 | var lastSubjectName=""; |
| michael@0 | 139 | while(true) |
| michael@0 | 140 | { |
| michael@0 | 141 | if(nextCertInChain == null) |
| michael@0 | 142 | { |
| michael@0 | 143 | return null; |
| michael@0 | 144 | } |
| michael@0 | 145 | if((nextCertInChain.type == nsIX509Cert.CA_CERT) || |
| michael@0 | 146 | (nextCertInChain.subjectName == lastSubjectName)) |
| michael@0 | 147 | { |
| michael@0 | 148 | break; |
| michael@0 | 149 | } |
| michael@0 | 150 | |
| michael@0 | 151 | lastSubjectName = nextCertInChain.subjectName; |
| michael@0 | 152 | nextCertInChain = nextCertInChain.issuer; |
| michael@0 | 153 | } |
| michael@0 | 154 | |
| michael@0 | 155 | return nextCertInChain; |
| michael@0 | 156 | } |
