1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/pki/resources/content/password.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,307 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
1.8 +const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
1.9 +const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
1.10 +const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
1.11 +const nsIPKCS11ModuleDB = Components.interfaces.nsIPKCS11ModuleDB;
1.12 +const nsIPKCS11Slot = Components.interfaces.nsIPKCS11Slot;
1.13 +const nsIPK11Token = Components.interfaces.nsIPK11Token;
1.14 +
1.15 +var params;
1.16 +var tokenName="";
1.17 +var pw1;
1.18 +
1.19 +function doPrompt(msg)
1.20 +{
1.21 + let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
1.22 + getService(Components.interfaces.nsIPromptService);
1.23 + prompts.alert(window, null, msg);
1.24 +}
1.25 +
1.26 +function onLoad()
1.27 +{
1.28 + document.documentElement.getButton("accept").disabled = true;
1.29 +
1.30 + pw1 = document.getElementById("pw1");
1.31 + try {
1.32 + params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
1.33 + tokenName = params.GetString(1);
1.34 + } catch(exception) {
1.35 + // this should not happen.
1.36 + // previously we had self.name, but self.name was a bad idea
1.37 + // as window name must be a subset of ascii, and the code was
1.38 + // previously trying to assign unicode to the window's name.
1.39 + // I checked all the places where we get a password prompt and
1.40 + // all of them pass an argument as part of this patch.
1.41 + tokenName="";
1.42 + }
1.43 +
1.44 +
1.45 + if(tokenName=="") {
1.46 + var sectokdb = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
1.47 + var tokenList = sectokdb.listTokens();
1.48 + var enumElement;
1.49 + var i=0;
1.50 + var menu = document.getElementById("tokenMenu");
1.51 + try {
1.52 + for ( ; !tokenList.isDone(); tokenList.next()) {
1.53 + enumElement = tokenList.currentItem();
1.54 + var token = enumElement.QueryInterface(nsIPK11Token);
1.55 + if(token.needsLogin() || !(token.needsUserInit)) {
1.56 + var menuItemNode = document.createElement("menuitem");
1.57 + menuItemNode.setAttribute("value", token.tokenName);
1.58 + menuItemNode.setAttribute("label", token.tokenName);
1.59 + menu.firstChild.appendChild(menuItemNode);
1.60 + if (i == 0) {
1.61 + menu.selectedItem = menuItemNode;
1.62 + tokenName = token.tokenName;
1.63 + }
1.64 + i++;
1.65 + }
1.66 + }
1.67 + }catch(exception){}
1.68 + } else {
1.69 + var sel = document.getElementById("tokenMenu");
1.70 + sel.setAttribute("hidden", "true");
1.71 + var tag = document.getElementById("tokenName");
1.72 + tag.setAttribute("value",tokenName);
1.73 + }
1.74 +
1.75 + process();
1.76 +}
1.77 +
1.78 +function onMenuChange()
1.79 +{
1.80 + //get the selected token
1.81 + var list = document.getElementById("tokenMenu");
1.82 + tokenName = list.value;
1.83 +
1.84 + process();
1.85 +}
1.86 +
1.87 +
1.88 +function process()
1.89 +{
1.90 + var secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
1.91 + var bundle = document.getElementById("pippki_bundle");
1.92 +
1.93 + // If the token is unitialized, don't use the old password box.
1.94 + // Otherwise, do.
1.95 +
1.96 + var slot = secmoddb.findSlotByName(tokenName);
1.97 + if (slot) {
1.98 + var oldpwbox = document.getElementById("oldpw");
1.99 + var msgBox = document.getElementById("message");
1.100 + var status = slot.status;
1.101 + if (status == nsIPKCS11Slot.SLOT_UNINITIALIZED
1.102 + || status == nsIPKCS11Slot.SLOT_READY) {
1.103 +
1.104 + oldpwbox.setAttribute("hidden", "true");
1.105 + msgBox.setAttribute("value", bundle.getString("password_not_set"));
1.106 + msgBox.setAttribute("hidden", "false");
1.107 +
1.108 + if (status == nsIPKCS11Slot.SLOT_READY) {
1.109 + oldpwbox.setAttribute("inited", "empty");
1.110 + } else {
1.111 + oldpwbox.setAttribute("inited", "true");
1.112 + }
1.113 +
1.114 + // Select first password field
1.115 + document.getElementById('pw1').focus();
1.116 +
1.117 + } else {
1.118 + // Select old password field
1.119 + oldpwbox.setAttribute("hidden", "false");
1.120 + msgBox.setAttribute("hidden", "true");
1.121 + oldpwbox.setAttribute("inited", "false");
1.122 + oldpwbox.focus();
1.123 + }
1.124 + }
1.125 +
1.126 + if (params) {
1.127 + // Return value 0 means "canceled"
1.128 + params.SetInt(1, 0);
1.129 + }
1.130 +
1.131 + checkPasswords();
1.132 +}
1.133 +
1.134 +function onP12Load(disableOkButton)
1.135 +{
1.136 + document.documentElement.getButton("accept").disabled = disableOkButton;
1.137 + pw1 = document.getElementById("pw1");
1.138 + params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
1.139 + // Select first password field
1.140 + document.getElementById('pw1').focus();
1.141 +}
1.142 +
1.143 +function setPassword()
1.144 +{
1.145 + var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
1.146 + var token = pk11db.findTokenByName(tokenName);
1.147 +
1.148 + var oldpwbox = document.getElementById("oldpw");
1.149 + var initpw = oldpwbox.getAttribute("inited");
1.150 + var bundle = document.getElementById("pippki_bundle");
1.151 +
1.152 + var success = false;
1.153 +
1.154 + if (initpw == "false" || initpw == "empty") {
1.155 + try {
1.156 + var oldpw = "";
1.157 + var passok = 0;
1.158 +
1.159 + if (initpw == "empty") {
1.160 + passok = 1;
1.161 + } else {
1.162 + oldpw = oldpwbox.value;
1.163 + passok = token.checkPassword(oldpw);
1.164 + }
1.165 +
1.166 + if (passok) {
1.167 + if (initpw == "empty" && pw1.value == "") {
1.168 + // This makes no sense that we arrive here,
1.169 + // we reached a case that should have been prevented by checkPasswords.
1.170 + } else {
1.171 + if (pw1.value == "") {
1.172 + var secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
1.173 + if (secmoddb.isFIPSEnabled) {
1.174 + // empty passwords are not allowed in FIPS mode
1.175 + doPrompt(bundle.getString("pw_change2empty_in_fips_mode"));
1.176 + passok = 0;
1.177 + }
1.178 + }
1.179 + if (passok) {
1.180 + token.changePassword(oldpw, pw1.value);
1.181 + if (pw1.value == "") {
1.182 + doPrompt(bundle.getString("pw_erased_ok")
1.183 + + " "
1.184 + + bundle.getString("pw_empty_warning"));
1.185 + } else {
1.186 + doPrompt(bundle.getString("pw_change_ok"));
1.187 + }
1.188 + success = true;
1.189 + }
1.190 + }
1.191 + } else {
1.192 + oldpwbox.focus();
1.193 + oldpwbox.setAttribute("value", "");
1.194 + doPrompt(bundle.getString("incorrect_pw"));
1.195 + }
1.196 + } catch (e) {
1.197 + doPrompt(bundle.getString("failed_pw_change"));
1.198 + }
1.199 + } else {
1.200 + token.initPassword(pw1.value);
1.201 + if (pw1.value == "") {
1.202 + doPrompt(bundle.getString("pw_not_wanted")
1.203 + + " "
1.204 + + bundle.getString("pw_empty_warning"));
1.205 + }
1.206 + success = true;
1.207 + }
1.208 +
1.209 + if (success && params)
1.210 + // Return value 1 means "successfully executed ok"
1.211 + params.SetInt(1, 1);
1.212 +
1.213 + // Terminate dialog
1.214 + return success;
1.215 +}
1.216 +
1.217 +function getPassword()
1.218 +{
1.219 + // grab what was entered
1.220 + params.SetString(2, pw1.value);
1.221 + // Return value
1.222 + params.SetInt(1, 1);
1.223 + // Terminate dialog
1.224 + return true;
1.225 +}
1.226 +
1.227 +function setP12Password()
1.228 +{
1.229 + // grab what was entered
1.230 + params.SetString(2, pw1.value);
1.231 + // Return value
1.232 + params.SetInt(1, 1);
1.233 + // Terminate dialog
1.234 + return true;
1.235 +}
1.236 +
1.237 +function setPasswordStrength()
1.238 +{
1.239 +// Here is how we weigh the quality of the password
1.240 +// number of characters
1.241 +// numbers
1.242 +// non-alpha-numeric chars
1.243 +// upper and lower case characters
1.244 +
1.245 + var pw=document.getElementById('pw1').value;
1.246 +// doPrompt("password='" + pw +"'");
1.247 +
1.248 +//length of the password
1.249 + var pwlength=(pw.length);
1.250 + if (pwlength>5)
1.251 + pwlength=5;
1.252 +
1.253 +
1.254 +//use of numbers in the password
1.255 + var numnumeric = pw.replace (/[0-9]/g, "");
1.256 + var numeric=(pw.length - numnumeric.length);
1.257 + if (numeric>3)
1.258 + numeric=3;
1.259 +
1.260 +//use of symbols in the password
1.261 + var symbols = pw.replace (/\W/g, "");
1.262 + var numsymbols=(pw.length - symbols.length);
1.263 + if (numsymbols>3)
1.264 + numsymbols=3;
1.265 +
1.266 +//use of uppercase in the password
1.267 + var numupper = pw.replace (/[A-Z]/g, "");
1.268 + var upper=(pw.length - numupper.length);
1.269 + if (upper>3)
1.270 + upper=3;
1.271 +
1.272 +
1.273 + var pwstrength=((pwlength*10)-20) + (numeric*10) + (numsymbols*15) + (upper*10);
1.274 +
1.275 + // make sure we're give a value between 0 and 100
1.276 + if ( pwstrength < 0 ) {
1.277 + pwstrength = 0;
1.278 + }
1.279 +
1.280 + if ( pwstrength > 100 ) {
1.281 + pwstrength = 100;
1.282 + }
1.283 +
1.284 + var mymeter=document.getElementById('pwmeter');
1.285 + mymeter.setAttribute("value",pwstrength);
1.286 +
1.287 + return;
1.288 +}
1.289 +
1.290 +function checkPasswords()
1.291 +{
1.292 + var pw1=document.getElementById('pw1').value;
1.293 + var pw2=document.getElementById('pw2').value;
1.294 +
1.295 + var oldpwbox = document.getElementById("oldpw");
1.296 + if (oldpwbox) {
1.297 + var initpw = oldpwbox.getAttribute("inited");
1.298 +
1.299 + if (initpw == "empty" && pw1 == "") {
1.300 + // The token has already been initialized, therefore this dialog
1.301 + // was called with the intention to change the password.
1.302 + // The token currently uses an empty password.
1.303 + // We will not allow changing the password from empty to empty.
1.304 + document.documentElement.getButton("accept").disabled = true;
1.305 + return;
1.306 + }
1.307 + }
1.308 +
1.309 + document.documentElement.getButton("accept").disabled = (pw1 != pw2);
1.310 +}
