1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/pki/resources/content/editcerts.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,156 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +const nsIX509Cert = Components.interfaces.nsIX509Cert;
1.9 +const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
1.10 +const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
1.11 +const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
1.12 +
1.13 +var certdb;
1.14 +var cert;
1.15 +
1.16 +function doPrompt(msg)
1.17 +{
1.18 + let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
1.19 + getService(Components.interfaces.nsIPromptService);
1.20 + prompts.alert(window, null, msg);
1.21 +}
1.22 +
1.23 +function setWindowName()
1.24 +{
1.25 + var dbkey = self.name;
1.26 +
1.27 + // Get the cert from the cert database
1.28 + certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
1.29 + cert = certdb.findCertByDBKey(dbkey, null);
1.30 +
1.31 + var bundle = document.getElementById("pippki_bundle");
1.32 +
1.33 + var message1 = bundle.getFormattedString("editTrustCA", [cert.commonName]);
1.34 + setText("certmsg", message1);
1.35 +
1.36 + var ssl = document.getElementById("trustSSL");
1.37 + if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,
1.38 + nsIX509CertDB.TRUSTED_SSL)) {
1.39 + ssl.setAttribute("checked", "true");
1.40 + } else {
1.41 + ssl.setAttribute("checked", "false");
1.42 + }
1.43 + var email = document.getElementById("trustEmail");
1.44 + if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,
1.45 + nsIX509CertDB.TRUSTED_EMAIL)) {
1.46 + email.setAttribute("checked", "true");
1.47 + } else {
1.48 + email.setAttribute("checked", "false");
1.49 + }
1.50 + var objsign = document.getElementById("trustObjSign");
1.51 + if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,
1.52 + nsIX509CertDB.TRUSTED_OBJSIGN)) {
1.53 + objsign.setAttribute("checked", "true");
1.54 + } else {
1.55 + objsign.setAttribute("checked", "false");
1.56 + }
1.57 +}
1.58 +
1.59 +function doOK()
1.60 +{
1.61 + var ssl = document.getElementById("trustSSL");
1.62 + var email = document.getElementById("trustEmail");
1.63 + var objsign = document.getElementById("trustObjSign");
1.64 + var trustssl = (ssl.checked) ? nsIX509CertDB.TRUSTED_SSL : 0;
1.65 + var trustemail = (email.checked) ? nsIX509CertDB.TRUSTED_EMAIL : 0;
1.66 + var trustobjsign = (objsign.checked) ? nsIX509CertDB.TRUSTED_OBJSIGN : 0;
1.67 + //
1.68 + // Set the cert trust
1.69 + //
1.70 + certdb.setCertTrust(cert, nsIX509Cert.CA_CERT,
1.71 + trustssl | trustemail | trustobjsign);
1.72 + return true;
1.73 +}
1.74 +
1.75 +function doLoadForEmailCert()
1.76 +{
1.77 + var dbkey = self.name;
1.78 +
1.79 + // Get the cert from the cert database
1.80 + certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
1.81 + cert = certdb.findCertByDBKey(dbkey, null);
1.82 +
1.83 + var bundle = document.getElementById("pippki_bundle");
1.84 +
1.85 + var message1 = bundle.getFormattedString("editTrustEmail", [cert.commonName]);
1.86 + setText("certmsg", message1);
1.87 +
1.88 + setText("issuer", cert.issuerName);
1.89 +
1.90 + var cacert = getCaCertForEntityCert(cert);
1.91 + if(cacert == null)
1.92 + {
1.93 + setText("explanations", bundle.getString("issuerNotKnown"));
1.94 + }
1.95 + else if(certdb.isCertTrusted(cacert, nsIX509Cert.CA_CERT,
1.96 + nsIX509CertDB.TRUSTED_EMAIL))
1.97 + {
1.98 + setText("explanations", bundle.getString("issuerTrusted"));
1.99 + }
1.100 + else
1.101 + {
1.102 + setText("explanations", bundle.getString("issuerNotTrusted"));
1.103 + }
1.104 + var sslTrust = document.getElementById("sslTrustGroup");
1.105 + sslTrust.value = certdb.isCertTrusted(cert, nsIX509Cert.EMAIL_CERT,
1.106 + nsIX509CertDB.TRUSTED_EMAIL);
1.107 +}
1.108 +
1.109 +function doEmailOK()
1.110 +{
1.111 + var sslTrust = document.getElementById("sslTrustGroup");
1.112 + var trustemail = sslTrust.value == "true"
1.113 + ? nsIX509CertDB.TRUSTED_EMAIL
1.114 + : nsIX509CertDB.UNTRUSTED;
1.115 + //
1.116 + // Set the cert trust
1.117 + //
1.118 + certdb.setCertTrust(cert, nsIX509Cert.EMAIL_CERT, trustemail);
1.119 + return true;
1.120 +}
1.121 +
1.122 +function editCaTrust()
1.123 +{
1.124 + var cacert = getCaCertForEntityCert(cert);
1.125 + if(cacert != null)
1.126 + {
1.127 + window.openDialog('chrome://pippki/content/editcacert.xul', cacert.dbKey,
1.128 + 'chrome,centerscreen,modal');
1.129 + }
1.130 + else
1.131 + {
1.132 + var bundle = document.getElementById("pippki_bundle");
1.133 + doPrompt(bundle.getString("issuerCertNotFound"));
1.134 + }
1.135 +}
1.136 +
1.137 +function getCaCertForEntityCert(cert)
1.138 +{
1.139 + var nextCertInChain;
1.140 + nextCertInChain = cert;
1.141 + var lastSubjectName="";
1.142 + while(true)
1.143 + {
1.144 + if(nextCertInChain == null)
1.145 + {
1.146 + return null;
1.147 + }
1.148 + if((nextCertInChain.type == nsIX509Cert.CA_CERT) ||
1.149 + (nextCertInChain.subjectName == lastSubjectName))
1.150 + {
1.151 + break;
1.152 + }
1.153 +
1.154 + lastSubjectName = nextCertInChain.subjectName;
1.155 + nextCertInChain = nextCertInChain.issuer;
1.156 + }
1.157 +
1.158 + return nextCertInChain;
1.159 +}
