michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: const nsIX509Cert = Components.interfaces.nsIX509Cert; michael@0: const nsX509CertDB = "@mozilla.org/security/x509certdb;1"; michael@0: const nsIX509CertDB = Components.interfaces.nsIX509CertDB; michael@0: const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock; michael@0: michael@0: var certdb; michael@0: var cert; michael@0: michael@0: function doPrompt(msg) michael@0: { michael@0: let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]. michael@0: getService(Components.interfaces.nsIPromptService); michael@0: prompts.alert(window, null, msg); michael@0: } michael@0: michael@0: function setWindowName() michael@0: { michael@0: var dbkey = self.name; michael@0: michael@0: // Get the cert from the cert database michael@0: certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB); michael@0: cert = certdb.findCertByDBKey(dbkey, null); michael@0: michael@0: var bundle = document.getElementById("pippki_bundle"); michael@0: michael@0: var message1 = bundle.getFormattedString("editTrustCA", [cert.commonName]); michael@0: setText("certmsg", message1); michael@0: michael@0: var ssl = document.getElementById("trustSSL"); michael@0: if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, michael@0: nsIX509CertDB.TRUSTED_SSL)) { michael@0: ssl.setAttribute("checked", "true"); michael@0: } else { michael@0: ssl.setAttribute("checked", "false"); michael@0: } michael@0: var email = document.getElementById("trustEmail"); michael@0: if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, michael@0: nsIX509CertDB.TRUSTED_EMAIL)) { michael@0: email.setAttribute("checked", "true"); michael@0: } else { michael@0: email.setAttribute("checked", "false"); michael@0: } michael@0: var objsign = document.getElementById("trustObjSign"); michael@0: if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, michael@0: nsIX509CertDB.TRUSTED_OBJSIGN)) { michael@0: objsign.setAttribute("checked", "true"); michael@0: } else { michael@0: objsign.setAttribute("checked", "false"); michael@0: } michael@0: } michael@0: michael@0: function doOK() michael@0: { michael@0: var ssl = document.getElementById("trustSSL"); michael@0: var email = document.getElementById("trustEmail"); michael@0: var objsign = document.getElementById("trustObjSign"); michael@0: var trustssl = (ssl.checked) ? nsIX509CertDB.TRUSTED_SSL : 0; michael@0: var trustemail = (email.checked) ? nsIX509CertDB.TRUSTED_EMAIL : 0; michael@0: var trustobjsign = (objsign.checked) ? nsIX509CertDB.TRUSTED_OBJSIGN : 0; michael@0: // michael@0: // Set the cert trust michael@0: // michael@0: certdb.setCertTrust(cert, nsIX509Cert.CA_CERT, michael@0: trustssl | trustemail | trustobjsign); michael@0: return true; michael@0: } michael@0: michael@0: function doLoadForEmailCert() michael@0: { michael@0: var dbkey = self.name; michael@0: michael@0: // Get the cert from the cert database michael@0: certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB); michael@0: cert = certdb.findCertByDBKey(dbkey, null); michael@0: michael@0: var bundle = document.getElementById("pippki_bundle"); michael@0: michael@0: var message1 = bundle.getFormattedString("editTrustEmail", [cert.commonName]); michael@0: setText("certmsg", message1); michael@0: michael@0: setText("issuer", cert.issuerName); michael@0: michael@0: var cacert = getCaCertForEntityCert(cert); michael@0: if(cacert == null) michael@0: { michael@0: setText("explanations", bundle.getString("issuerNotKnown")); michael@0: } michael@0: else if(certdb.isCertTrusted(cacert, nsIX509Cert.CA_CERT, michael@0: nsIX509CertDB.TRUSTED_EMAIL)) michael@0: { michael@0: setText("explanations", bundle.getString("issuerTrusted")); michael@0: } michael@0: else michael@0: { michael@0: setText("explanations", bundle.getString("issuerNotTrusted")); michael@0: } michael@0: var sslTrust = document.getElementById("sslTrustGroup"); michael@0: sslTrust.value = certdb.isCertTrusted(cert, nsIX509Cert.EMAIL_CERT, michael@0: nsIX509CertDB.TRUSTED_EMAIL); michael@0: } michael@0: michael@0: function doEmailOK() michael@0: { michael@0: var sslTrust = document.getElementById("sslTrustGroup"); michael@0: var trustemail = sslTrust.value == "true" michael@0: ? nsIX509CertDB.TRUSTED_EMAIL michael@0: : nsIX509CertDB.UNTRUSTED; michael@0: // michael@0: // Set the cert trust michael@0: // michael@0: certdb.setCertTrust(cert, nsIX509Cert.EMAIL_CERT, trustemail); michael@0: return true; michael@0: } michael@0: michael@0: function editCaTrust() michael@0: { michael@0: var cacert = getCaCertForEntityCert(cert); michael@0: if(cacert != null) michael@0: { michael@0: window.openDialog('chrome://pippki/content/editcacert.xul', cacert.dbKey, michael@0: 'chrome,centerscreen,modal'); michael@0: } michael@0: else michael@0: { michael@0: var bundle = document.getElementById("pippki_bundle"); michael@0: doPrompt(bundle.getString("issuerCertNotFound")); michael@0: } michael@0: } michael@0: michael@0: function getCaCertForEntityCert(cert) michael@0: { michael@0: var nextCertInChain; michael@0: nextCertInChain = cert; michael@0: var lastSubjectName=""; michael@0: while(true) michael@0: { michael@0: if(nextCertInChain == null) michael@0: { michael@0: return null; michael@0: } michael@0: if((nextCertInChain.type == nsIX509Cert.CA_CERT) || michael@0: (nextCertInChain.subjectName == lastSubjectName)) michael@0: { michael@0: break; michael@0: } michael@0: michael@0: lastSubjectName = nextCertInChain.subjectName; michael@0: nextCertInChain = nextCertInChain.issuer; michael@0: } michael@0: michael@0: return nextCertInChain; michael@0: }