1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/src/nsCertPicker.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,188 @@
1.4 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
1.5 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.6 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.8 +
1.9 +#include "nsCertPicker.h"
1.10 +#include "pkix/pkixtypes.h"
1.11 +#include "nsMemory.h"
1.12 +#include "nsCOMPtr.h"
1.13 +#include "nsXPIDLString.h"
1.14 +#include "nsIServiceManager.h"
1.15 +#include "nsNSSComponent.h"
1.16 +#include "nsNSSCertificate.h"
1.17 +#include "nsReadableUtils.h"
1.18 +#include "nsICertPickDialogs.h"
1.19 +#include "nsNSSShutDown.h"
1.20 +#include "nsNSSCertHelper.h"
1.21 +#include "ScopedNSSTypes.h"
1.22 +
1.23 +#include "cert.h"
1.24 +
1.25 +using namespace mozilla;
1.26 +
1.27 +NS_IMPL_ISUPPORTS(nsCertPicker, nsIUserCertPicker)
1.28 +
1.29 +nsCertPicker::nsCertPicker()
1.30 +{
1.31 +}
1.32 +
1.33 +nsCertPicker::~nsCertPicker()
1.34 +{
1.35 +}
1.36 +
1.37 +NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx,
1.38 + const char16_t *selectedNickname,
1.39 + int32_t certUsage,
1.40 + bool allowInvalid,
1.41 + bool allowDuplicateNicknames,
1.42 + bool *canceled,
1.43 + nsIX509Cert **_retval)
1.44 +{
1.45 + nsNSSShutDownPreventionLock locker;
1.46 + int32_t selectedIndex = -1;
1.47 + bool selectionFound = false;
1.48 + char16_t **certNicknameList = nullptr;
1.49 + char16_t **certDetailsList = nullptr;
1.50 + CERTCertListNode* node = nullptr;
1.51 + nsresult rv = NS_OK;
1.52 +
1.53 + {
1.54 + // Iterate over all certs. This assures that user is logged in to all hardware tokens.
1.55 + nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
1.56 + mozilla::pkix::ScopedCERTCertList allcerts(
1.57 + PK11_ListCerts(PK11CertListUnique, ctx));
1.58 + }
1.59 +
1.60 + /* find all user certs that are valid and for SSL */
1.61 + /* note that we are allowing expired certs in this list */
1.62 +
1.63 + mozilla::pkix::ScopedCERTCertList certList(
1.64 + CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
1.65 + (SECCertUsage)certUsage,
1.66 + !allowDuplicateNicknames,
1.67 + !allowInvalid,
1.68 + ctx));
1.69 + if (!certList) {
1.70 + return NS_ERROR_NOT_AVAILABLE;
1.71 + }
1.72 +
1.73 + ScopedCERTCertNicknames nicknames(getNSSCertNicknamesFromCertList(certList.get()));
1.74 + if (!nicknames) {
1.75 + return NS_ERROR_NOT_AVAILABLE;
1.76 + }
1.77 +
1.78 + certNicknameList = (char16_t **)nsMemory::Alloc(sizeof(char16_t *) * nicknames->numnicknames);
1.79 + certDetailsList = (char16_t **)nsMemory::Alloc(sizeof(char16_t *) * nicknames->numnicknames);
1.80 +
1.81 + if (!certNicknameList || !certDetailsList) {
1.82 + nsMemory::Free(certNicknameList);
1.83 + nsMemory::Free(certDetailsList);
1.84 + return NS_ERROR_OUT_OF_MEMORY;
1.85 + }
1.86 +
1.87 + int32_t CertsToUse;
1.88 +
1.89 + for (CertsToUse = 0, node = CERT_LIST_HEAD(certList.get());
1.90 + !CERT_LIST_END(node, certList.get()) &&
1.91 + CertsToUse < nicknames->numnicknames;
1.92 + node = CERT_LIST_NEXT(node)
1.93 + )
1.94 + {
1.95 + nsNSSCertificate *tempCert = nsNSSCertificate::Create(node->cert);
1.96 +
1.97 + if (tempCert) {
1.98 +
1.99 + // XXX we really should be using an nsCOMPtr instead of manually add-refing,
1.100 + // but nsNSSCertificate does not have a default constructor.
1.101 +
1.102 + NS_ADDREF(tempCert);
1.103 +
1.104 + nsAutoString i_nickname(NS_ConvertUTF8toUTF16(nicknames->nicknames[CertsToUse]));
1.105 + nsAutoString nickWithSerial;
1.106 + nsAutoString details;
1.107 +
1.108 + if (!selectionFound) {
1.109 + if (i_nickname == nsDependentString(selectedNickname)) {
1.110 + selectedIndex = CertsToUse;
1.111 + selectionFound = true;
1.112 + }
1.113 + }
1.114 +
1.115 + if (NS_SUCCEEDED(tempCert->FormatUIStrings(i_nickname, nickWithSerial, details))) {
1.116 + certNicknameList[CertsToUse] = ToNewUnicode(nickWithSerial);
1.117 + certDetailsList[CertsToUse] = ToNewUnicode(details);
1.118 + }
1.119 + else {
1.120 + certNicknameList[CertsToUse] = nullptr;
1.121 + certDetailsList[CertsToUse] = nullptr;
1.122 + }
1.123 +
1.124 + NS_RELEASE(tempCert);
1.125 +
1.126 + ++CertsToUse;
1.127 + }
1.128 + }
1.129 +
1.130 + if (CertsToUse) {
1.131 + nsICertPickDialogs *dialogs = nullptr;
1.132 + rv = getNSSDialogs((void**)&dialogs,
1.133 + NS_GET_IID(nsICertPickDialogs),
1.134 + NS_CERTPICKDIALOGS_CONTRACTID);
1.135 +
1.136 + if (NS_SUCCEEDED(rv)) {
1.137 + nsPSMUITracker tracker;
1.138 + if (tracker.isUIForbidden()) {
1.139 + rv = NS_ERROR_NOT_AVAILABLE;
1.140 + }
1.141 + else {
1.142 + /* Throw up the cert picker dialog and get back the index of the selected cert */
1.143 + rv = dialogs->PickCertificate(ctx,
1.144 + (const char16_t**)certNicknameList, (const char16_t**)certDetailsList,
1.145 + CertsToUse, &selectedIndex, canceled);
1.146 + }
1.147 +
1.148 + NS_RELEASE(dialogs);
1.149 + }
1.150 + }
1.151 +
1.152 + int32_t i;
1.153 + for (i = 0; i < CertsToUse; ++i) {
1.154 + nsMemory::Free(certNicknameList[i]);
1.155 + nsMemory::Free(certDetailsList[i]);
1.156 + }
1.157 + nsMemory::Free(certNicknameList);
1.158 + nsMemory::Free(certDetailsList);
1.159 +
1.160 + if (!CertsToUse) {
1.161 + return NS_ERROR_NOT_AVAILABLE;
1.162 + }
1.163 +
1.164 + if (NS_SUCCEEDED(rv) && !*canceled) {
1.165 + for (i = 0, node = CERT_LIST_HEAD(certList);
1.166 + !CERT_LIST_END(node, certList);
1.167 + ++i, node = CERT_LIST_NEXT(node)) {
1.168 +
1.169 + if (i == selectedIndex) {
1.170 + nsNSSCertificate *cert = nsNSSCertificate::Create(node->cert);
1.171 + if (!cert) {
1.172 + rv = NS_ERROR_OUT_OF_MEMORY;
1.173 + break;
1.174 + }
1.175 +
1.176 + nsIX509Cert *x509 = 0;
1.177 + nsresult rv = cert->QueryInterface(NS_GET_IID(nsIX509Cert), (void**)&x509);
1.178 + if (NS_FAILED(rv)) {
1.179 + break;
1.180 + }
1.181 +
1.182 + NS_ADDREF(x509);
1.183 + *_retval = x509;
1.184 + NS_RELEASE(cert);
1.185 + break;
1.186 + }
1.187 + }
1.188 + }
1.189 +
1.190 + return rv;
1.191 +}
