The Tor Browser: security/manager/pki/resources/content/editcerts.js@141e0f1194b1

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     5 const nsIX509Cert = Components.interfaces.nsIX509Cert;

     6 const nsX509CertDB = "@mozilla.org/security/x509certdb;1";

     7 const nsIX509CertDB = Components.interfaces.nsIX509CertDB;

     8 const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;

    10 var certdb;

    11 var cert;

    13 function doPrompt(msg)

    14 {

    15   let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].

    16     getService(Components.interfaces.nsIPromptService);

    17   prompts.alert(window, null, msg);

    18 }

    20 function setWindowName()

    21 {

    22   var dbkey = self.name;

    24   //  Get the cert from the cert database

    25   certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);

    26   cert = certdb.findCertByDBKey(dbkey, null);

    28   var bundle = document.getElementById("pippki_bundle");

    30   var message1 = bundle.getFormattedString("editTrustCA", [cert.commonName]);

    31   setText("certmsg", message1);

    33   var ssl = document.getElementById("trustSSL");

    34   if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,

    35                            nsIX509CertDB.TRUSTED_SSL)) {

    36     ssl.setAttribute("checked", "true");

    37   } else {

    38     ssl.setAttribute("checked", "false");

    39   }

    40   var email = document.getElementById("trustEmail");

    41   if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,

    42                            nsIX509CertDB.TRUSTED_EMAIL)) {

    43     email.setAttribute("checked", "true");

    44   } else {

    45     email.setAttribute("checked", "false");

    46   }

    47   var objsign = document.getElementById("trustObjSign");

    48   if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT,

    49                            nsIX509CertDB.TRUSTED_OBJSIGN)) {

    50     objsign.setAttribute("checked", "true");

    51   } else {

    52     objsign.setAttribute("checked", "false");

    53   }

    54 }

    56 function doOK()

    57 {

    58   var ssl = document.getElementById("trustSSL");

    59   var email = document.getElementById("trustEmail");

    60   var objsign = document.getElementById("trustObjSign");

    61   var trustssl = (ssl.checked) ? nsIX509CertDB.TRUSTED_SSL : 0;

    62   var trustemail = (email.checked) ? nsIX509CertDB.TRUSTED_EMAIL : 0;

    63   var trustobjsign = (objsign.checked) ? nsIX509CertDB.TRUSTED_OBJSIGN : 0;

    64   //

    65   //  Set the cert trust

    66   //

    67   certdb.setCertTrust(cert, nsIX509Cert.CA_CERT,

    68                       trustssl | trustemail | trustobjsign);

    69   return true;

    70 }

    72 function doLoadForEmailCert()

    73 {

    74   var dbkey = self.name;

    76   //  Get the cert from the cert database

    77   certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);

    78   cert = certdb.findCertByDBKey(dbkey, null);

    80   var bundle = document.getElementById("pippki_bundle");

    82   var message1 = bundle.getFormattedString("editTrustEmail", [cert.commonName]);

    83   setText("certmsg", message1);

    85   setText("issuer", cert.issuerName);

    87   var cacert = getCaCertForEntityCert(cert);

    88   if(cacert == null)

    89   {

    90      setText("explanations", bundle.getString("issuerNotKnown"));

    91   }

    92   else if(certdb.isCertTrusted(cacert, nsIX509Cert.CA_CERT,

    93                                nsIX509CertDB.TRUSTED_EMAIL))

    94   {

    95      setText("explanations", bundle.getString("issuerTrusted"));

    96   }

    97   else

    98   {

    99      setText("explanations", bundle.getString("issuerNotTrusted"));

   100   }

   101   var sslTrust = document.getElementById("sslTrustGroup");

   102   sslTrust.value = certdb.isCertTrusted(cert, nsIX509Cert.EMAIL_CERT,

   103                                         nsIX509CertDB.TRUSTED_EMAIL);

   104 }

   106 function doEmailOK()

   107 {

   108   var sslTrust = document.getElementById("sslTrustGroup");

   109   var trustemail = sslTrust.value == "true"

   110                    ? nsIX509CertDB.TRUSTED_EMAIL

   111                    : nsIX509CertDB.UNTRUSTED;

   112   //

   113   //  Set the cert trust

   114   //

   115   certdb.setCertTrust(cert, nsIX509Cert.EMAIL_CERT, trustemail);

   116   return true;

   117 }

   119 function editCaTrust()

   120 {

   121    var cacert = getCaCertForEntityCert(cert);

   122    if(cacert != null)

   123    {

   124       window.openDialog('chrome://pippki/content/editcacert.xul', cacert.dbKey,

   125                         'chrome,centerscreen,modal');

   126    }

   127    else

   128    {

   129       var bundle = document.getElementById("pippki_bundle");

   130       doPrompt(bundle.getString("issuerCertNotFound"));

   131    }

   132 }

   134 function getCaCertForEntityCert(cert)

   135 {

   136    var nextCertInChain;

   137    nextCertInChain = cert;

   138    var lastSubjectName="";

   139    while(true)

   140    {

   141      if(nextCertInChain == null)

   142      {

   143         return null;

   144      }

   145      if((nextCertInChain.type == nsIX509Cert.CA_CERT) ||

   146         (nextCertInChain.subjectName == lastSubjectName))

   147      {

   148         break;

   149      }

   151      lastSubjectName = nextCertInChain.subjectName;

   152      nextCertInChain = nextCertInChain.issuer;

   153    }

   155    return nextCertInChain;

   156 }

The Tor Browser / file revision