The Tor Browser: comparison security/manager/pki/resources/content/device_manager.js

comparison: security/manager/pki/resources/content/device_manager.js

security/manager/pki/resources/content/device_manager.js

branch: TOR_BUG_9701
changeset 3: 141e0f1194b1

equal deleted inserted replaced

--1:000000000000
+:5978427da186
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+const nsIFilePicker = Components.interfaces.nsIFilePicker;
+const nsFilePicker = "@mozilla.org/filepicker;1";
+const nsIPKCS11Slot = Components.interfaces.nsIPKCS11Slot;
+const nsIPKCS11Module = Components.interfaces.nsIPKCS11Module;
+const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
+const nsIPKCS11ModuleDB = Components.interfaces.nsIPKCS11ModuleDB;
+const nsIPK11Token = Components.interfaces.nsIPK11Token;
+const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
+const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
+const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
+const nsDialogParamBlock = "@mozilla.org/embedcomp/dialogparam;1";
+const nsIPKCS11 = Components.interfaces.nsIPKCS11;
+const nsPKCS11ContractID = "@mozilla.org/security/pkcs11;1";
+var bundle;
+var secmoddb;
+var skip_enable_buttons = false;
+/* Do the initial load of all PKCS# modules and list them. */
+function LoadModules()
+{
+bundle = document.getElementById("pippki_bundle");
+secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
+window.crypto.enableSmartCardEvents = true;
+document.addEventListener("smartcard-insert", onSmartCardChange, false);
+document.addEventListener("smartcard-remove", onSmartCardChange, false);
+RefreshDeviceList();
+}
+function getPKCS11()
+{
+return Components.classes[nsPKCS11ContractID].getService(nsIPKCS11);
+}
+function getNSSString(name)
+{
+return document.getElementById("pipnss_bundle").getString(name);
+}
+function doPrompt(msg)
+{
+let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+getService(Components.interfaces.nsIPromptService);
+prompts.alert(window, null, msg);
+}
+function doConfirm(msg)
+{
+let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
+getService(Components.interfaces.nsIPromptService);
+return prompts.confirm(window, null, msg);
+}
+function RefreshDeviceList()
+{
+var modules = secmoddb.listModules();
+var done = false;
+try {
+modules.isDone();
+} catch (e) { done = true; }
+while (!done) {
+var module = modules.currentItem().QueryInterface(nsIPKCS11Module);
+if (module) {
+var slotnames = [];
+var slots = module.listSlots();
+var slots_done = false;
+try {
+slots.isDone();
+} catch (e) { slots_done = true; }
+while (!slots_done) {
+var slot = null;
+	try {
+slot = slots.currentItem().QueryInterface(nsIPKCS11Slot);
+} catch (e) { slot = null; }
+// in the ongoing discussion of whether slot names or token names
+// are to be shown, I've gone with token names because NSS will
+// prefer lookup by token name.  However, the token may not be
+// present, so maybe slot names should be listed, while token names
+// are "remembered" for lookup?
+	if (slot != null) {
+if (slot.tokenName)
+slotnames[slotnames.length] = slot.tokenName;
+else
+slotnames[slotnames.length] = slot.name;
+	}
+try {
+slots.next();
+} catch (e) { slots_done = true; }
+}
+AddModule(module.name, slotnames);
+}
+try {
+modules.next();
+} catch (e) { done = true; }
+}
+/* Set the text on the fips button */
+SetFIPSButton();
+}
+function SetFIPSButton()
+{
+var fipsButton = document.getElementById("fipsbutton");
+var label;
+if (secmoddb.isFIPSEnabled) {
+label = bundle.getString("disable_fips");
+} else {
+label = bundle.getString("enable_fips");
+}
+fipsButton.setAttribute("label", label);
+var can_toggle = secmoddb.canToggleFIPS;
+if (can_toggle) {
+fipsButton.removeAttribute("disabled");
+} else {
+fipsButton.setAttribute("disabled", "true");
+}
+}
+/* Add a module to the tree.  slots is the array of slots in the module,
+* to be represented as children.
+*/
+function AddModule(module, slots)
+{
+var tree = document.getElementById("device_list");
+var item  = document.createElement("treeitem");
+var row  = document.createElement("treerow");
+var cell = document.createElement("treecell");
+cell.setAttribute("label", module);
+row.appendChild(cell);
+item.appendChild(row);
+var parent = document.createElement("treechildren");
+for (var i = 0; i<slots.length; i++) {
+var child_item = document.createElement("treeitem");
+var child_row = document.createElement("treerow");
+var child_cell = document.createElement("treecell");
+child_cell.setAttribute("label", slots[i]);
+child_row.appendChild(child_cell);
+child_item.appendChild(child_row);
+child_item.setAttribute("pk11kind", "slot");
+parent.appendChild(child_item);
+}
+item.appendChild(parent);
+item.setAttribute("pk11kind", "module");
+item.setAttribute("open", "true");
+item.setAttribute("container", "true");
+tree.appendChild(item);
+}
+var selected_slot;
+var selected_module;
+/* get the slot selected by the user (can only be one-at-a-time) */
+function getSelectedItem()
+{
+var tree = document.getElementById('device_tree');
+if (tree.currentIndex < 0) return;
+var item = tree.contentView.getItemAtIndex(tree.currentIndex);
+selected_slot = null;
+selected_module = null;
+if (item) {
+var kind = item.getAttribute("pk11kind");
+var module_name;
+if (kind == "slot") {
+// get the module cell for this slot cell
+var cell = item.parentNode.parentNode.firstChild.firstChild;
+module_name = cell.getAttribute("label");
+var module = secmoddb.findModuleByName(module_name);
+// get the cell for the selected row (the slot to display)
+cell = item.firstChild.firstChild;
+var slot_name = cell.getAttribute("label");
+selected_slot = module.findSlotByName(slot_name);
+} else { // (kind == "module")
+// get the cell for the selected row (the module to display)
+cell = item.firstChild.firstChild;
+module_name = cell.getAttribute("label");
+selected_module = secmoddb.findModuleByName(module_name);
+}
+}
+}
+function enableButtons()
+{
+if (skip_enable_buttons)
+return;
+var login_toggle = "true";
+var logout_toggle = "true";
+var pw_toggle = "true";
+var unload_toggle = "true";
+getSelectedItem();
+if (selected_module) {
+unload_toggle = "false";
+showModuleInfo();
+} else if (selected_slot) {
+// here's the workaround - login functions are all with token,
+// so grab the token type
+var selected_token = selected_slot.getToken();
+if (selected_token != null) {
+if (selected_token.needsLogin() || !(selected_token.needsUserInit)) {
+pw_toggle = "false";
+if(selected_token.needsLogin()) {
+if (selected_token.isLoggedIn()) {
+logout_toggle = "false";
+} else {
+login_toggle = "false";
+}
+}
+}
+}
+showSlotInfo();
+}
+var thebutton = document.getElementById('login_button');
+thebutton.setAttribute("disabled", login_toggle);
+thebutton = document.getElementById('logout_button');
+thebutton.setAttribute("disabled", logout_toggle);
+thebutton = document.getElementById('change_pw_button');
+thebutton.setAttribute("disabled", pw_toggle);
+thebutton = document.getElementById('unload_button');
+thebutton.setAttribute("disabled", unload_toggle);
+// not implemented
+//thebutton = document.getElementById('change_slotname_button');
+//thebutton.setAttribute("disabled", toggle);
+}
+// clear the display of information for the slot
+function ClearInfoList()
+{
+var info_list = document.getElementById("info_list");
+while (info_list.firstChild)
+info_list.removeChild(info_list.firstChild);
+}
+function ClearDeviceList()
+{
+ClearInfoList();
+skip_enable_buttons = true;
+var tree = document.getElementById('device_tree');
+tree.view.selection.clearSelection();
+skip_enable_buttons = false;
+// Remove the existing listed modules so that refresh doesn't
+// display the module that just changed.
+var device_list = document.getElementById("device_list");
+while (device_list.hasChildNodes())
+device_list.removeChild(device_list.firstChild);
+}
+// show a list of info about a slot
+function showSlotInfo()
+{
+var present = true;
+ClearInfoList();
+switch (selected_slot.status) {
+case nsIPKCS11Slot.SLOT_DISABLED:
+AddInfoRow(bundle.getString("devinfo_status"),
+bundle.getString("devinfo_stat_disabled"),
+"tok_status");
+present = false;
+break;
+case nsIPKCS11Slot.SLOT_NOT_PRESENT:
+AddInfoRow(bundle.getString("devinfo_status"),
+bundle.getString("devinfo_stat_notpresent"),
+"tok_status");
+present = false;
+break;
+case nsIPKCS11Slot.SLOT_UNINITIALIZED:
+AddInfoRow(bundle.getString("devinfo_status"),
+bundle.getString("devinfo_stat_uninitialized"),
+"tok_status");
+break;
+case nsIPKCS11Slot.SLOT_NOT_LOGGED_IN:
+AddInfoRow(bundle.getString("devinfo_status"),
+bundle.getString("devinfo_stat_notloggedin"),
+"tok_status");
+break;
+case nsIPKCS11Slot.SLOT_LOGGED_IN:
+AddInfoRow(bundle.getString("devinfo_status"),
+bundle.getString("devinfo_stat_loggedin"),
+"tok_status");
+break;
+case nsIPKCS11Slot.SLOT_READY:
+AddInfoRow(bundle.getString("devinfo_status"),
+bundle.getString("devinfo_stat_ready"),
+"tok_status");
+break;
+}
+AddInfoRow(bundle.getString("devinfo_desc"),
+selected_slot.desc, "slot_desc");
+AddInfoRow(bundle.getString("devinfo_manID"),
+selected_slot.manID, "slot_manID");
+AddInfoRow(bundle.getString("devinfo_hwversion"),
+selected_slot.HWVersion, "slot_hwv");
+AddInfoRow(bundle.getString("devinfo_fwversion"),
+selected_slot.FWVersion, "slot_fwv");
+if (present) {
+showTokenInfo();
+}
+}
+function showModuleInfo()
+{
+ClearInfoList();
+AddInfoRow(bundle.getString("devinfo_modname"),
+selected_module.name, "module_name");
+AddInfoRow(bundle.getString("devinfo_modpath"),
+selected_module.libName, "module_path");
+}
+// add a row to the info list, as [col1 col2] (ex.: ["status" "logged in"])
+function AddInfoRow(col1, col2, cell_id)
+{
+var tree = document.getElementById("info_list");
+var item  = document.createElement("treeitem");
+var row  = document.createElement("treerow");
+var cell1 = document.createElement("treecell");
+cell1.setAttribute("label", col1);
+cell1.setAttribute("crop", "never");
+row.appendChild(cell1);
+var cell2 = document.createElement("treecell");
+cell2.setAttribute("label", col2);
+cell2.setAttribute("crop", "never");
+cell2.setAttribute("id", cell_id);
+row.appendChild(cell2);
+item.appendChild(row);
+tree.appendChild(item);
+}
+// log in to a slot
+function doLogin()
+{
+getSelectedItem();
+// here's the workaround - login functions are with token
+var selected_token = selected_slot.getToken();
+try {
+selected_token.login(false);
+var tok_status = document.getElementById("tok_status");
+if (selected_token.isLoggedIn()) {
+tok_status.setAttribute("label",
+bundle.getString("devinfo_stat_loggedin"));
+} else {
+tok_status.setAttribute("label",
+bundle.getString("devinfo_stat_notloggedin"));
+}
+} catch (e) {
+doPrompt(bundle.getString("login_failed"));
+}
+enableButtons();
+}
+// log out of a slot
+function doLogout()
+{
+getSelectedItem();
+// here's the workaround - login functions are with token
+var selected_token = selected_slot.getToken();
+try {
+selected_token.logoutAndDropAuthenticatedResources();
+var tok_status = document.getElementById("tok_status");
+if (selected_token.isLoggedIn()) {
+tok_status.setAttribute("label",
+bundle.getString("devinfo_stat_loggedin"));
+} else {
+tok_status.setAttribute("label",
+bundle.getString("devinfo_stat_notloggedin"));
+}
+} catch (e) {
+}
+enableButtons();
+}
+// load a new device
+function doLoad()
+{
+window.open("load_device.xul", "loaddevice",
+"chrome,centerscreen,modal");
+ClearDeviceList();
+RefreshDeviceList();
+}
+function deleteSelected()
+{
+getSelectedItem();
+if (selected_module &&
+doConfirm(getNSSString("DelModuleWarning"))) {
+try {
+getPKCS11().deleteModule(selected_module.name);
+}
+catch (e) {
+doPrompt(getNSSString("DelModuleError"));
+return false;
+}
+selected_module = null;
+return true;
+}
+return false;
+}
+function doUnload()
+{
+if (deleteSelected()) {
+ClearDeviceList();
+RefreshDeviceList();
+}
+}
+// handle card insertion and removal
+function onSmartCardChange()
+{
+var tree = document.getElementById('device_tree');
+var index = tree.currentIndex;
+tree.currentIndex = 0;
+ClearDeviceList();
+RefreshDeviceList();
+tree.currentIndex = index;
+enableButtons();
+}
+function changePassword()
+{
+getSelectedItem();
+var params = Components.classes[nsDialogParamBlock].createInstance(nsIDialogParamBlock);
+params.SetString(1,selected_slot.tokenName);
+window.openDialog("changepassword.xul",
+"",
+"chrome,centerscreen,modal", params);
+showSlotInfo();
+enableButtons();
+}
+// browse fs for PKCS#11 device
+function doBrowseFiles()
+{
+var srbundle = document.getElementById("pippki_bundle");
+var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
+fp.init(window,
+srbundle.getString("loadPK11TokenDialog"),
+nsIFilePicker.modeOpen);
+fp.appendFilters(nsIFilePicker.filterAll);
+if (fp.show() == nsIFilePicker.returnOK) {
+var pathbox = document.getElementById("device_path");
+pathbox.setAttribute("value", fp.file.path);
+}
+}
+function doLoadDevice()
+{
+var name_box = document.getElementById("device_name");
+var path_box = document.getElementById("device_path");
+try {
+getPKCS11().addModule(name_box.value, path_box.value, 0,0);
+}
+catch (e) {
+if (e.result == Components.results.NS_ERROR_ILLEGAL_VALUE)
+doPrompt(getNSSString("AddModuleDup"));
+else
+doPrompt(getNSSString("AddModuleFailure"));
+return false;
+}
+return true;
+}
+// -------------------------------------   Old code
+function showTokenInfo()
+{
+//ClearInfoList();
+var selected_token = selected_slot.getToken();
+AddInfoRow(bundle.getString("devinfo_label"),
+selected_token.tokenLabel, "tok_label");
+AddInfoRow(bundle.getString("devinfo_manID"),
+selected_token.tokenManID, "tok_manID");
+AddInfoRow(bundle.getString("devinfo_serialnum"),
+selected_token.tokenSerialNumber, "tok_sNum");
+AddInfoRow(bundle.getString("devinfo_hwversion"),
+selected_token.tokenHWVersion, "tok_hwv");
+AddInfoRow(bundle.getString("devinfo_fwversion"),
+selected_token.tokenFWVersion, "tok_fwv");
+}
+function toggleFIPS()
+{
+if (!secmoddb.isFIPSEnabled) {
+// A restriction of FIPS mode is, the password must be set
+// In FIPS mode the password must be non-empty.
+// This is different from what we allow in NON-Fips mode.
+var tokendb = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
+var internal_token = tokendb.getInternalKeyToken(); // nsIPK11Token
+var slot = secmoddb.findSlotByName(internal_token.tokenName);
+switch (slot.status) {
+case nsIPKCS11Slot.SLOT_UNINITIALIZED:
+case nsIPKCS11Slot.SLOT_READY:
+// Token has either no or an empty password.
+doPrompt(bundle.getString("fips_nonempty_password_required"));
+return;
+}
+}
+try {
+secmoddb.toggleFIPSMode();
+}
+catch (e) {
+doPrompt(bundle.getString("unable_to_toggle_FIPS"));
+return;
+}
+//Remove the existing listed modules so that re-fresh doesn't
+//display the module that just changed.
+ClearDeviceList();
+RefreshDeviceList();
+}