michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: const nsIX509Cert = Components.interfaces.nsIX509Cert;
michael@0: const nsIX509Cert3 = Components.interfaces.nsIX509Cert3;
michael@0: const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
michael@0: const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
michael@0: const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
michael@0: const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
michael@0: const nsIPKIParamBlock = Components.interfaces.nsIPKIParamBlock;
michael@0: const nsIASN1Object = Components.interfaces.nsIASN1Object;
michael@0: const nsIASN1Sequence = Components.interfaces.nsIASN1Sequence;
michael@0: const nsIASN1PrintableItem = Components.interfaces.nsIASN1PrintableItem;
michael@0: const nsIASN1Tree = Components.interfaces.nsIASN1Tree;
michael@0: const nsASN1Tree = "@mozilla.org/security/nsASN1Tree;1"
michael@0: 
michael@0: var bundle;
michael@0: 
michael@0: function doPrompt(msg)
michael@0: {
michael@0:   let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].
michael@0:     getService(Components.interfaces.nsIPromptService);
michael@0:   prompts.alert(window, null, msg);
michael@0: }
michael@0: 
michael@0: function AddCertChain(node, chain, idPrefix)
michael@0: {
michael@0:   var idfier = idPrefix+"chain_";
michael@0:   var child = document.getElementById(node);
michael@0:   var numCerts = chain.length;
michael@0:   var currCert;
michael@0:   var displayVal;
michael@0:   var addTwistie;
michael@0:   for (var i=numCerts-1; i>=0; i--) {
michael@0:     currCert = chain.queryElementAt(i, nsIX509Cert);
michael@0:     if (currCert.commonName) {
michael@0:       displayVal = currCert.commonName;
michael@0:     } else {
michael@0:       displayVal = currCert.windowTitle;
michael@0:     }
michael@0:     if (0 == i) {
michael@0:       addTwistie = false;
michael@0:     } else {
michael@0:       addTwistie = true;
michael@0:     }
michael@0:     child = addChildrenToTree(child, displayVal, currCert.dbKey,addTwistie);
michael@0:   }
michael@0: }
michael@0: 
michael@0: function AddUsage(usage,verifyInfoBox)
michael@0: {
michael@0:   var text  = document.createElement("textbox");
michael@0:   text.setAttribute("value", usage);
michael@0:   text.setAttribute("style", "margin: 2px 5px");
michael@0:   text.setAttribute("readonly", "true");
michael@0:   text.setAttribute("class", "scrollfield");
michael@0:   verifyInfoBox.appendChild(text);
michael@0: }
michael@0: 
michael@0: function setWindowName()
michael@0: {
michael@0:   //  Get the cert from the cert database
michael@0:   var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
michael@0:   var myName = self.name;
michael@0:   bundle = document.getElementById("pippki_bundle");
michael@0:   var cert;
michael@0: 
michael@0:   var certDetails = bundle.getString('certDetails');
michael@0:   if (myName != "") {
michael@0:     document.title = certDetails + '"' + myName + '"'; // XXX l10n?
michael@0:     //  Get the token
michael@0:     //  XXX ignore this for now.  NSS will find the cert on a token
michael@0:     //      by "tokenname:certname", which is what we have.
michael@0:     //var tokenName = "";
michael@0:     //var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
michael@0:     //var token = pk11db.findTokenByName(tokenName);
michael@0: 
michael@0:     //var cert = certdb.findCertByNickname(token, myName);
michael@0:     cert = certdb.findCertByNickname(null, myName);
michael@0:   } else {
michael@0:     var pkiParams = window.arguments[0].QueryInterface(nsIPKIParamBlock);
michael@0:     var isupport = pkiParams.getISupportAtIndex(1);
michael@0:     cert = isupport.QueryInterface(nsIX509Cert);
michael@0:     document.title = certDetails + '"' + cert.windowTitle + '"'; // XXX l10n?
michael@0:   }
michael@0: 
michael@0:   //
michael@0:   //  Set the cert attributes for viewing
michael@0:   //
michael@0: 
michael@0:   //  The chain of trust
michael@0:   var chain = cert.getChain();
michael@0:   AddCertChain("treesetDump", chain, "dump_");
michael@0:   DisplayGeneralDataFromCert(cert);
michael@0:   BuildPrettyPrint(cert);
michael@0:   
michael@0:   if (cert instanceof nsIX509Cert3)
michael@0:   {
michael@0:     cert.requestUsagesArrayAsync(new listener());
michael@0:   }
michael@0: }
michael@0: 
michael@0:  
michael@0: function addChildrenToTree(parentTree,label,value,addTwistie)
michael@0: {
michael@0:   var treeChild1 = document.createElement("treechildren");
michael@0:   var treeElement = addTreeItemToTreeChild(treeChild1,label,value,addTwistie);
michael@0:   parentTree.appendChild(treeChild1);
michael@0:   return treeElement;
michael@0: }
michael@0: 
michael@0: function addTreeItemToTreeChild(treeChild,label,value,addTwistie)
michael@0: {
michael@0:   var treeElem1 = document.createElement("treeitem");
michael@0:   if (addTwistie) {
michael@0:     treeElem1.setAttribute("container","true");
michael@0:     treeElem1.setAttribute("open","true");
michael@0:   }
michael@0:   var treeRow = document.createElement("treerow");
michael@0:   var treeCell = document.createElement("treecell");
michael@0:   treeCell.setAttribute("label",label);
michael@0:   if (value)
michael@0:     treeCell.setAttribute("display",value);
michael@0:   treeRow.appendChild(treeCell);
michael@0:   treeElem1.appendChild(treeRow);
michael@0:   treeChild.appendChild(treeElem1);
michael@0:   return treeElem1;
michael@0: }
michael@0: 
michael@0: function displaySelected() {
michael@0:   var asn1Tree = document.getElementById('prettyDumpTree').
michael@0:                      treeBoxObject.view.QueryInterface(nsIASN1Tree);
michael@0:   var items = asn1Tree.selection;
michael@0:   var certDumpVal = document.getElementById('certDumpVal');
michael@0:   if (items.currentIndex != -1) {
michael@0:     var value = asn1Tree.getDisplayData(items.currentIndex);
michael@0:     certDumpVal.value = value;
michael@0:   } else {
michael@0:     certDumpVal.value ="";
michael@0:   }
michael@0: }
michael@0: 
michael@0: function BuildPrettyPrint(cert)
michael@0: {
michael@0:   var certDumpTree = Components.classes[nsASN1Tree].
michael@0:                           createInstance(nsIASN1Tree);
michael@0:   certDumpTree.loadASN1Structure(cert.ASN1Structure);
michael@0:   document.getElementById('prettyDumpTree').
michael@0:            treeBoxObject.view =  certDumpTree;
michael@0: }
michael@0: 
michael@0: function addAttributeFromCert(nodeName, value)
michael@0: {
michael@0:   var node = document.getElementById(nodeName);
michael@0:   if (!value) {
michael@0:     value = bundle.getString('notPresent');
michael@0:   }
michael@0:   node.setAttribute('value', value);
michael@0: }
michael@0: 
michael@0: 
michael@0: 
michael@0: function listener() {
michael@0: }
michael@0: 
michael@0: listener.prototype.QueryInterface =
michael@0:   function(iid) {
michael@0:     if (iid.equals(Components.interfaces.nsISupports) ||
michael@0:         iid.equals(Components.interfaces.nsICertVerificationListener))
michael@0:         return this;
michael@0: 
michael@0:     throw Components.results.NS_ERROR_NO_INTERFACE;
michael@0:   }
michael@0: 
michael@0: listener.prototype.notify =
michael@0:   function(cert, result) {
michael@0:     DisplayVerificationData(cert, result);
michael@0:   }
michael@0: 
michael@0: function DisplayVerificationData(cert, result)
michael@0: {
michael@0:   document.getElementById("verify_pending").setAttribute("hidden", "true");
michael@0: 
michael@0:   if (!result || !cert)
michael@0:     return; // no results could be produced
michael@0: 
michael@0:   if (!(cert instanceof Components.interfaces.nsIX509Cert))
michael@0:     return;
michael@0: 
michael@0:   //  Verification and usage
michael@0:   var verifystr = "";
michael@0:   var o1 = {};
michael@0:   var o2 = {};
michael@0:   var o3 = {};
michael@0: 
michael@0:   if (!(result instanceof Components.interfaces.nsICertVerificationResult))
michael@0:     return;
michael@0: 
michael@0:   result.getUsagesArrayResult(o1, o2, o3);
michael@0: 
michael@0:   var verifystate = o1.value;
michael@0:   var count = o2.value;
michael@0:   var usageList = o3.value;
michael@0:   if (verifystate == cert.VERIFIED_OK) {
michael@0:     verifystr = bundle.getString('certVerified');
michael@0:   } else if (verifystate == cert.CERT_REVOKED) {
michael@0:     verifystr = bundle.getString('certNotVerified_CertRevoked');
michael@0:   } else if (verifystate == cert.CERT_EXPIRED) {
michael@0:     verifystr = bundle.getString('certNotVerified_CertExpired');
michael@0:   } else if (verifystate == cert.CERT_NOT_TRUSTED) {
michael@0:     verifystr = bundle.getString('certNotVerified_CertNotTrusted');
michael@0:   } else if (verifystate == cert.ISSUER_NOT_TRUSTED) {
michael@0:     verifystr = bundle.getString('certNotVerified_IssuerNotTrusted');
michael@0:   } else if (verifystate == cert.ISSUER_UNKNOWN) {
michael@0:     verifystr = bundle.getString('certNotVerified_IssuerUnknown');
michael@0:   } else if (verifystate == cert.INVALID_CA) {
michael@0:     verifystr = bundle.getString('certNotVerified_CAInvalid');
michael@0:   } else if (verifystate == cert.SIGNATURE_ALGORITHM_DISABLED) {
michael@0:     verifystr = bundle.getString('certNotVerified_AlgorithmDisabled');
michael@0:   } else { /* if (verifystate == cert.NOT_VERIFIED_UNKNOWN || == USAGE_NOT_ALLOWED) */
michael@0:     verifystr = bundle.getString('certNotVerified_Unknown');
michael@0:   }
michael@0:   var verified=document.getElementById('verified');
michael@0:   verified.textContent = verifystr;
michael@0:   if (count > 0) {
michael@0:     var verifyInfoBox = document.getElementById('verify_info_box');
michael@0:     for (var i=0; i<count; i++) {
michael@0:       AddUsage(usageList[i],verifyInfoBox);
michael@0:     }
michael@0:   }
michael@0: }
michael@0: 
michael@0: function DisplayGeneralDataFromCert(cert)
michael@0: {
michael@0:   //  Common Name
michael@0:   addAttributeFromCert('commonname', cert.commonName);
michael@0:   //  Organization
michael@0:   addAttributeFromCert('organization', cert.organization);
michael@0:   //  Organizational Unit
michael@0:   addAttributeFromCert('orgunit', cert.organizationalUnit);
michael@0:   //  Serial Number
michael@0:   addAttributeFromCert('serialnumber',cert.serialNumber);
michael@0:   //  SHA1 Fingerprint
michael@0:   addAttributeFromCert('sha1fingerprint',cert.sha1Fingerprint);
michael@0:   //  MD5 Fingerprint
michael@0:   addAttributeFromCert('md5fingerprint',cert.md5Fingerprint);
michael@0:   // Validity start
michael@0:   addAttributeFromCert('validitystart', cert.validity.notBeforeLocalDay);
michael@0:   // Validity end
michael@0:   addAttributeFromCert('validityend', cert.validity.notAfterLocalDay);
michael@0:   
michael@0:   //Now to populate the fields that correspond to the issuer.
michael@0:   var issuerCommonname, issuerOrg, issuerOrgUnit;
michael@0:   issuerCommonname = cert.issuerCommonName;
michael@0:   issuerOrg = cert.issuerOrganization;
michael@0:   issuerOrgUnit = cert.issuerOrganizationUnit;
michael@0:   addAttributeFromCert('issuercommonname', issuerCommonname);
michael@0:   addAttributeFromCert('issuerorganization', issuerOrg);
michael@0:   addAttributeFromCert('issuerorgunit', issuerOrgUnit);
michael@0: }
michael@0: 
michael@0: function updateCertDump()
michael@0: {
michael@0:   var asn1Tree = document.getElementById('prettyDumpTree').
michael@0:                      treeBoxObject.view.QueryInterface(nsIASN1Tree);
michael@0: 
michael@0:   var tree = document.getElementById('treesetDump');
michael@0:   if (tree.currentIndex < 0) {
michael@0:     doPrompt("No items are selected."); //This should never happen.
michael@0:   } else {
michael@0:     var item = tree.contentView.getItemAtIndex(tree.currentIndex);
michael@0:     var dbKey = item.firstChild.firstChild.getAttribute('display');
michael@0:     //  Get the cert from the cert database
michael@0:     var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
michael@0:     var cert = certdb.findCertByDBKey(dbKey,null);
michael@0:     asn1Tree.loadASN1Structure(cert.ASN1Structure);
michael@0:   }
michael@0:   displaySelected();
michael@0: }
michael@0: 
michael@0: function getCurrentCert()
michael@0: {
michael@0:   var realIndex;
michael@0:   var tree = document.getElementById('treesetDump');
michael@0:   if (tree.view.selection.isSelected(tree.currentIndex)
michael@0:       && document.getElementById('prettyprint_tab').selected) {
michael@0:     /* if the user manually selected a cert on the Details tab,
michael@0:        then take that one  */
michael@0:     realIndex = tree.currentIndex;    
michael@0:   } else {
michael@0:     /* otherwise, take the one at the bottom of the chain
michael@0:        (i.e. the one of the end-entity, unless we're displaying
michael@0:        CA certs) */
michael@0:     realIndex = tree.view.rowCount - 1;
michael@0:   }
michael@0:   if (realIndex >= 0) {
michael@0:     var item = tree.contentView.getItemAtIndex(realIndex);
michael@0:     var dbKey = item.firstChild.firstChild.getAttribute('display');
michael@0:     var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
michael@0:     var cert = certdb.findCertByDBKey(dbKey,null);
michael@0:     return cert;
michael@0:   }
michael@0:   /* shouldn't really happen */
michael@0:   return null;
michael@0: }