michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: const nsIFilePicker = Components.interfaces.nsIFilePicker;
michael@0: const nsFilePicker = "@mozilla.org/filepicker;1";
michael@0: const nsIPKCS11Slot = Components.interfaces.nsIPKCS11Slot;
michael@0: const nsIPKCS11Module = Components.interfaces.nsIPKCS11Module;
michael@0: const nsPKCS11ModuleDB = "@mozilla.org/security/pkcs11moduledb;1";
michael@0: const nsIPKCS11ModuleDB = Components.interfaces.nsIPKCS11ModuleDB;
michael@0: const nsIPK11Token = Components.interfaces.nsIPK11Token;
michael@0: const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
michael@0: const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
michael@0: const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
michael@0: const nsDialogParamBlock = "@mozilla.org/embedcomp/dialogparam;1";
michael@0: const nsIPKCS11 = Components.interfaces.nsIPKCS11;
michael@0: const nsPKCS11ContractID = "@mozilla.org/security/pkcs11;1";
michael@0: 
michael@0: var bundle;
michael@0: var secmoddb;
michael@0: var skip_enable_buttons = false;
michael@0: 
michael@0: /* Do the initial load of all PKCS# modules and list them. */
michael@0: function LoadModules()
michael@0: {
michael@0:   bundle = document.getElementById("pippki_bundle");
michael@0:   secmoddb = Components.classes[nsPKCS11ModuleDB].getService(nsIPKCS11ModuleDB);
michael@0:   window.crypto.enableSmartCardEvents = true;
michael@0:   document.addEventListener("smartcard-insert", onSmartCardChange, false);
michael@0:   document.addEventListener("smartcard-remove", onSmartCardChange, false);
michael@0: 
michael@0:   RefreshDeviceList();
michael@0: }
michael@0: 
michael@0: function getPKCS11()
michael@0: {
michael@0:   return Components.classes[nsPKCS11ContractID].getService(nsIPKCS11);
michael@0: }
michael@0: 
michael@0: function getNSSString(name)
michael@0: {
michael@0:   return document.getElementById("pipnss_bundle").getString(name);
michael@0: }
michael@0: 
michael@0: function doPrompt(msg)
michael@0: {
michael@0:   let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
michael@0:     getService(Components.interfaces.nsIPromptService);
michael@0:   prompts.alert(window, null, msg);
michael@0: }
michael@0: 
michael@0: function doConfirm(msg)
michael@0: {
michael@0:   let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
michael@0:     getService(Components.interfaces.nsIPromptService);
michael@0:   return prompts.confirm(window, null, msg);
michael@0: }
michael@0: 
michael@0: function RefreshDeviceList()
michael@0: {
michael@0:   var modules = secmoddb.listModules();
michael@0:   var done = false;
michael@0: 
michael@0:   try {
michael@0:     modules.isDone();
michael@0:   } catch (e) { done = true; }
michael@0:   while (!done) {
michael@0:     var module = modules.currentItem().QueryInterface(nsIPKCS11Module);
michael@0:     if (module) {
michael@0:       var slotnames = [];
michael@0:       var slots = module.listSlots();
michael@0:       var slots_done = false;
michael@0:       try {
michael@0:         slots.isDone();
michael@0:       } catch (e) { slots_done = true; }
michael@0:       while (!slots_done) {
michael@0:         var slot = null;
michael@0:  	try {
michael@0:           slot = slots.currentItem().QueryInterface(nsIPKCS11Slot);
michael@0:         } catch (e) { slot = null; }
michael@0:         // in the ongoing discussion of whether slot names or token names
michael@0:         // are to be shown, I've gone with token names because NSS will
michael@0:         // prefer lookup by token name.  However, the token may not be
michael@0:         // present, so maybe slot names should be listed, while token names
michael@0:         // are "remembered" for lookup?
michael@0: 	if (slot != null) {
michael@0:           if (slot.tokenName)
michael@0:             slotnames[slotnames.length] = slot.tokenName;
michael@0:           else
michael@0:             slotnames[slotnames.length] = slot.name;
michael@0: 	}
michael@0:         try {
michael@0:           slots.next();
michael@0:         } catch (e) { slots_done = true; }
michael@0:       }
michael@0:       AddModule(module.name, slotnames);
michael@0:     }
michael@0:     try {
michael@0:       modules.next();
michael@0:     } catch (e) { done = true; }
michael@0:   }
michael@0:   /* Set the text on the fips button */
michael@0:   SetFIPSButton();
michael@0: }
michael@0: 
michael@0: function SetFIPSButton()
michael@0: {
michael@0:   var fipsButton = document.getElementById("fipsbutton");
michael@0:   var label;
michael@0:   if (secmoddb.isFIPSEnabled) {
michael@0:    label = bundle.getString("disable_fips");
michael@0:   } else {
michael@0:    label = bundle.getString("enable_fips");
michael@0:   }
michael@0:   fipsButton.setAttribute("label", label);
michael@0: 
michael@0:   var can_toggle = secmoddb.canToggleFIPS;
michael@0:   if (can_toggle) {
michael@0:     fipsButton.removeAttribute("disabled");
michael@0:   } else {
michael@0:     fipsButton.setAttribute("disabled", "true");
michael@0:   }
michael@0: }
michael@0: 
michael@0: /* Add a module to the tree.  slots is the array of slots in the module,
michael@0:  * to be represented as children.
michael@0:  */
michael@0: function AddModule(module, slots)
michael@0: {
michael@0:   var tree = document.getElementById("device_list");
michael@0:   var item  = document.createElement("treeitem");
michael@0:   var row  = document.createElement("treerow");
michael@0:   var cell = document.createElement("treecell");
michael@0:   cell.setAttribute("label", module);
michael@0:   row.appendChild(cell);
michael@0:   item.appendChild(row);
michael@0:   var parent = document.createElement("treechildren");
michael@0:   for (var i = 0; i<slots.length; i++) {
michael@0:     var child_item = document.createElement("treeitem");
michael@0:     var child_row = document.createElement("treerow");
michael@0:     var child_cell = document.createElement("treecell");
michael@0:     child_cell.setAttribute("label", slots[i]);
michael@0:     child_row.appendChild(child_cell);
michael@0:     child_item.appendChild(child_row);
michael@0:     child_item.setAttribute("pk11kind", "slot");
michael@0:     parent.appendChild(child_item);
michael@0:   }
michael@0:   item.appendChild(parent);
michael@0:   item.setAttribute("pk11kind", "module");
michael@0:   item.setAttribute("open", "true");
michael@0:   item.setAttribute("container", "true");
michael@0:   tree.appendChild(item);
michael@0: }
michael@0: 
michael@0: var selected_slot;
michael@0: var selected_module;
michael@0: 
michael@0: /* get the slot selected by the user (can only be one-at-a-time) */
michael@0: function getSelectedItem()
michael@0: {
michael@0:   var tree = document.getElementById('device_tree');
michael@0:   if (tree.currentIndex < 0) return;
michael@0:   var item = tree.contentView.getItemAtIndex(tree.currentIndex);
michael@0:   selected_slot = null;
michael@0:   selected_module = null;
michael@0:   if (item) {
michael@0:     var kind = item.getAttribute("pk11kind");
michael@0:     var module_name;
michael@0:     if (kind == "slot") {
michael@0:       // get the module cell for this slot cell
michael@0:       var cell = item.parentNode.parentNode.firstChild.firstChild;
michael@0:       module_name = cell.getAttribute("label");
michael@0:       var module = secmoddb.findModuleByName(module_name);
michael@0:       // get the cell for the selected row (the slot to display)
michael@0:       cell = item.firstChild.firstChild;
michael@0:       var slot_name = cell.getAttribute("label");
michael@0:       selected_slot = module.findSlotByName(slot_name);
michael@0:     } else { // (kind == "module")
michael@0:       // get the cell for the selected row (the module to display)
michael@0:       cell = item.firstChild.firstChild;
michael@0:       module_name = cell.getAttribute("label");
michael@0:       selected_module = secmoddb.findModuleByName(module_name);
michael@0:     }
michael@0:   }
michael@0: }
michael@0: 
michael@0: function enableButtons()
michael@0: {
michael@0:   if (skip_enable_buttons)
michael@0:     return;
michael@0: 
michael@0:   var login_toggle = "true";
michael@0:   var logout_toggle = "true";
michael@0:   var pw_toggle = "true";
michael@0:   var unload_toggle = "true";
michael@0:   getSelectedItem();
michael@0:   if (selected_module) {
michael@0:     unload_toggle = "false";
michael@0:     showModuleInfo();
michael@0:   } else if (selected_slot) {
michael@0:     // here's the workaround - login functions are all with token,
michael@0:     // so grab the token type
michael@0:     var selected_token = selected_slot.getToken();
michael@0:     if (selected_token != null) {
michael@0:       if (selected_token.needsLogin() || !(selected_token.needsUserInit)) {
michael@0:         pw_toggle = "false";
michael@0:         if(selected_token.needsLogin()) {
michael@0:           if (selected_token.isLoggedIn()) {
michael@0:             logout_toggle = "false";
michael@0:           } else {
michael@0:             login_toggle = "false";
michael@0:           }
michael@0:         }
michael@0:       }
michael@0:     }
michael@0:     showSlotInfo();
michael@0:   }
michael@0:   var thebutton = document.getElementById('login_button');
michael@0:   thebutton.setAttribute("disabled", login_toggle);
michael@0:   thebutton = document.getElementById('logout_button');
michael@0:   thebutton.setAttribute("disabled", logout_toggle);
michael@0:   thebutton = document.getElementById('change_pw_button');
michael@0:   thebutton.setAttribute("disabled", pw_toggle);
michael@0:   thebutton = document.getElementById('unload_button');
michael@0:   thebutton.setAttribute("disabled", unload_toggle);
michael@0:   // not implemented
michael@0:   //thebutton = document.getElementById('change_slotname_button');
michael@0:   //thebutton.setAttribute("disabled", toggle);
michael@0: }
michael@0: 
michael@0: // clear the display of information for the slot
michael@0: function ClearInfoList()
michael@0: {
michael@0:   var info_list = document.getElementById("info_list");
michael@0:   while (info_list.firstChild)
michael@0:       info_list.removeChild(info_list.firstChild);
michael@0: }
michael@0: 
michael@0: function ClearDeviceList()
michael@0: {
michael@0:   ClearInfoList();
michael@0: 
michael@0:   skip_enable_buttons = true;
michael@0:   var tree = document.getElementById('device_tree');
michael@0:   tree.view.selection.clearSelection();
michael@0:   skip_enable_buttons = false;
michael@0: 
michael@0:   // Remove the existing listed modules so that refresh doesn't 
michael@0:   // display the module that just changed.
michael@0:   var device_list = document.getElementById("device_list");
michael@0:   while (device_list.hasChildNodes())
michael@0:     device_list.removeChild(device_list.firstChild);
michael@0: }
michael@0: 
michael@0: 
michael@0: // show a list of info about a slot
michael@0: function showSlotInfo()
michael@0: {
michael@0:   var present = true;
michael@0:   ClearInfoList();
michael@0:   switch (selected_slot.status) {
michael@0:    case nsIPKCS11Slot.SLOT_DISABLED:
michael@0:      AddInfoRow(bundle.getString("devinfo_status"),
michael@0:                 bundle.getString("devinfo_stat_disabled"),
michael@0:                 "tok_status");
michael@0:      present = false;
michael@0:      break;
michael@0:    case nsIPKCS11Slot.SLOT_NOT_PRESENT:
michael@0:      AddInfoRow(bundle.getString("devinfo_status"),
michael@0:                 bundle.getString("devinfo_stat_notpresent"),
michael@0:                 "tok_status");
michael@0:      present = false;
michael@0:      break;
michael@0:    case nsIPKCS11Slot.SLOT_UNINITIALIZED:
michael@0:      AddInfoRow(bundle.getString("devinfo_status"),
michael@0:                 bundle.getString("devinfo_stat_uninitialized"),
michael@0:                 "tok_status");
michael@0:      break;
michael@0:    case nsIPKCS11Slot.SLOT_NOT_LOGGED_IN:
michael@0:      AddInfoRow(bundle.getString("devinfo_status"),
michael@0:                 bundle.getString("devinfo_stat_notloggedin"),
michael@0:                 "tok_status");
michael@0:      break;
michael@0:    case nsIPKCS11Slot.SLOT_LOGGED_IN:
michael@0:      AddInfoRow(bundle.getString("devinfo_status"),
michael@0:                 bundle.getString("devinfo_stat_loggedin"),
michael@0:                 "tok_status");
michael@0:      break;
michael@0:    case nsIPKCS11Slot.SLOT_READY:
michael@0:      AddInfoRow(bundle.getString("devinfo_status"),
michael@0:                 bundle.getString("devinfo_stat_ready"),
michael@0:                 "tok_status");
michael@0:      break;
michael@0:   }
michael@0:   AddInfoRow(bundle.getString("devinfo_desc"),
michael@0:              selected_slot.desc, "slot_desc");
michael@0:   AddInfoRow(bundle.getString("devinfo_manID"),
michael@0:              selected_slot.manID, "slot_manID");
michael@0:   AddInfoRow(bundle.getString("devinfo_hwversion"),
michael@0:              selected_slot.HWVersion, "slot_hwv");
michael@0:   AddInfoRow(bundle.getString("devinfo_fwversion"),
michael@0:              selected_slot.FWVersion, "slot_fwv");
michael@0:   if (present) {
michael@0:      showTokenInfo();
michael@0:   }
michael@0: }
michael@0: 
michael@0: function showModuleInfo()
michael@0: {
michael@0:   ClearInfoList();
michael@0:   AddInfoRow(bundle.getString("devinfo_modname"),
michael@0:              selected_module.name, "module_name");
michael@0:   AddInfoRow(bundle.getString("devinfo_modpath"),
michael@0:              selected_module.libName, "module_path");
michael@0: }
michael@0: 
michael@0: // add a row to the info list, as [col1 col2] (ex.: ["status" "logged in"])
michael@0: function AddInfoRow(col1, col2, cell_id)
michael@0: {
michael@0:   var tree = document.getElementById("info_list");
michael@0:   var item  = document.createElement("treeitem");
michael@0:   var row  = document.createElement("treerow");
michael@0:   var cell1 = document.createElement("treecell");
michael@0:   cell1.setAttribute("label", col1);
michael@0:   cell1.setAttribute("crop", "never");
michael@0:   row.appendChild(cell1);
michael@0:   var cell2 = document.createElement("treecell");
michael@0:   cell2.setAttribute("label", col2);
michael@0:   cell2.setAttribute("crop", "never");
michael@0:   cell2.setAttribute("id", cell_id);
michael@0:   row.appendChild(cell2);
michael@0:   item.appendChild(row);
michael@0:   tree.appendChild(item);
michael@0: }
michael@0: 
michael@0: // log in to a slot
michael@0: function doLogin()
michael@0: {
michael@0:   getSelectedItem();
michael@0:   // here's the workaround - login functions are with token
michael@0:   var selected_token = selected_slot.getToken();
michael@0:   try {
michael@0:     selected_token.login(false);
michael@0:     var tok_status = document.getElementById("tok_status");
michael@0:     if (selected_token.isLoggedIn()) {
michael@0:       tok_status.setAttribute("label", 
michael@0:                               bundle.getString("devinfo_stat_loggedin"));
michael@0:     } else {
michael@0:       tok_status.setAttribute("label",
michael@0:                               bundle.getString("devinfo_stat_notloggedin"));
michael@0:     }
michael@0:   } catch (e) {
michael@0:     doPrompt(bundle.getString("login_failed"));
michael@0:   }
michael@0:   enableButtons();
michael@0: }
michael@0: 
michael@0: // log out of a slot
michael@0: function doLogout()
michael@0: {
michael@0:   getSelectedItem();
michael@0:   // here's the workaround - login functions are with token
michael@0:   var selected_token = selected_slot.getToken();
michael@0:   try {
michael@0:     selected_token.logoutAndDropAuthenticatedResources();
michael@0:     var tok_status = document.getElementById("tok_status");
michael@0:     if (selected_token.isLoggedIn()) {
michael@0:       tok_status.setAttribute("label", 
michael@0:                               bundle.getString("devinfo_stat_loggedin"));
michael@0:     } else {
michael@0:       tok_status.setAttribute("label",
michael@0:                               bundle.getString("devinfo_stat_notloggedin"));
michael@0:     }
michael@0:   } catch (e) {
michael@0:   }
michael@0:   enableButtons();
michael@0: }
michael@0: 
michael@0: // load a new device
michael@0: function doLoad()
michael@0: {
michael@0:   window.open("load_device.xul", "loaddevice", 
michael@0:               "chrome,centerscreen,modal");
michael@0:   ClearDeviceList();
michael@0:   RefreshDeviceList();
michael@0: }
michael@0: 
michael@0: function deleteSelected()
michael@0: {
michael@0:   getSelectedItem();
michael@0:   if (selected_module &&
michael@0:       doConfirm(getNSSString("DelModuleWarning"))) {
michael@0:     try {
michael@0:       getPKCS11().deleteModule(selected_module.name);
michael@0:     }
michael@0:     catch (e) {
michael@0:       doPrompt(getNSSString("DelModuleError"));
michael@0:       return false;
michael@0:     }
michael@0:     selected_module = null;
michael@0:     return true;
michael@0:   }
michael@0:   return false;
michael@0: }
michael@0: 
michael@0: function doUnload()
michael@0: {
michael@0:   if (deleteSelected()) {
michael@0:     ClearDeviceList();
michael@0:     RefreshDeviceList();
michael@0:   }
michael@0: }
michael@0: 
michael@0: // handle card insertion and removal
michael@0: function onSmartCardChange()
michael@0: {
michael@0:   var tree = document.getElementById('device_tree');
michael@0:   var index = tree.currentIndex;
michael@0:   tree.currentIndex = 0;
michael@0:   ClearDeviceList();
michael@0:   RefreshDeviceList();
michael@0:   tree.currentIndex = index;
michael@0:   enableButtons();
michael@0: }
michael@0: 
michael@0: function changePassword()
michael@0: {
michael@0:   getSelectedItem();
michael@0:   var params = Components.classes[nsDialogParamBlock].createInstance(nsIDialogParamBlock);
michael@0:   params.SetString(1,selected_slot.tokenName);
michael@0:   window.openDialog("changepassword.xul",
michael@0:               "", 
michael@0:               "chrome,centerscreen,modal", params);
michael@0:   showSlotInfo();
michael@0:   enableButtons();
michael@0: }
michael@0: 
michael@0: // browse fs for PKCS#11 device
michael@0: function doBrowseFiles()
michael@0: {
michael@0:   var srbundle = document.getElementById("pippki_bundle");
michael@0:   var fp = Components.classes[nsFilePicker].createInstance(nsIFilePicker);
michael@0:   fp.init(window,
michael@0:           srbundle.getString("loadPK11TokenDialog"),
michael@0:           nsIFilePicker.modeOpen);
michael@0:   fp.appendFilters(nsIFilePicker.filterAll);
michael@0:   if (fp.show() == nsIFilePicker.returnOK) {
michael@0:     var pathbox = document.getElementById("device_path");
michael@0:     pathbox.setAttribute("value", fp.file.path);
michael@0:   }
michael@0: }
michael@0: 
michael@0: function doLoadDevice()
michael@0: {
michael@0:   var name_box = document.getElementById("device_name");
michael@0:   var path_box = document.getElementById("device_path");
michael@0:   try {
michael@0:     getPKCS11().addModule(name_box.value, path_box.value, 0,0);
michael@0:   }
michael@0:   catch (e) {
michael@0:     if (e.result == Components.results.NS_ERROR_ILLEGAL_VALUE)
michael@0:       doPrompt(getNSSString("AddModuleDup"));
michael@0:     else
michael@0:       doPrompt(getNSSString("AddModuleFailure"));
michael@0: 
michael@0:     return false;
michael@0:   }
michael@0:   return true;
michael@0: }
michael@0: 
michael@0: // -------------------------------------   Old code
michael@0: 
michael@0: function showTokenInfo()
michael@0: {
michael@0:   //ClearInfoList();
michael@0:   var selected_token = selected_slot.getToken();
michael@0:   AddInfoRow(bundle.getString("devinfo_label"),
michael@0:              selected_token.tokenLabel, "tok_label");
michael@0:   AddInfoRow(bundle.getString("devinfo_manID"),
michael@0:              selected_token.tokenManID, "tok_manID");
michael@0:   AddInfoRow(bundle.getString("devinfo_serialnum"),
michael@0:              selected_token.tokenSerialNumber, "tok_sNum");
michael@0:   AddInfoRow(bundle.getString("devinfo_hwversion"),
michael@0:              selected_token.tokenHWVersion, "tok_hwv");
michael@0:   AddInfoRow(bundle.getString("devinfo_fwversion"),
michael@0:              selected_token.tokenFWVersion, "tok_fwv");
michael@0: }
michael@0: 
michael@0: function toggleFIPS()
michael@0: {
michael@0:   if (!secmoddb.isFIPSEnabled) {
michael@0:     // A restriction of FIPS mode is, the password must be set
michael@0:     // In FIPS mode the password must be non-empty.
michael@0:     // This is different from what we allow in NON-Fips mode.
michael@0: 
michael@0:     var tokendb = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
michael@0:     var internal_token = tokendb.getInternalKeyToken(); // nsIPK11Token
michael@0:     var slot = secmoddb.findSlotByName(internal_token.tokenName);
michael@0:     switch (slot.status) {
michael@0:       case nsIPKCS11Slot.SLOT_UNINITIALIZED:
michael@0:       case nsIPKCS11Slot.SLOT_READY:
michael@0:         // Token has either no or an empty password.
michael@0:         doPrompt(bundle.getString("fips_nonempty_password_required"));
michael@0:         return;
michael@0:     }
michael@0:   }
michael@0: 
michael@0:   try {
michael@0:     secmoddb.toggleFIPSMode();
michael@0:   }
michael@0:   catch (e) {
michael@0:     doPrompt(bundle.getString("unable_to_toggle_FIPS"));
michael@0:     return;
michael@0:   }
michael@0: 
michael@0:   //Remove the existing listed modules so that re-fresh doesn't 
michael@0:   //display the module that just changed.
michael@0:   ClearDeviceList();
michael@0: 
michael@0:   RefreshDeviceList();
michael@0: }