distinguish weak crypto: bug 31896 r=ddrinan

git-svn-id: svn://10.0.0.236/trunk@91006 18797224-902f-48f8-a5cc-f745e15eee43
2001-04-01 19:38:12 +00:00 · 2001-04-01 19:38:12 +00:00 · 07b50ade19
commit 07b50ade19
parent d305166394
6 changed files with 77 additions and 19 deletions
--- a/mozilla/security/manager/pki/resources/content/pref-ssl.xul
+++ b/mozilla/security/manager/pki/resources/content/pref-ssl.xul
@ -36,7 +36,8 @@
  <script language="JavaScript">
  <![CDATA[
    _elementIDs = ["enableSSL2", "enableSSL3", "enableTLS", 
-        "warnEnteringSecure", "warnInsecurePost", "warnInsecurePostFromSecure",
+        "warnEnteringSecure", "warnEnteringWeak", 
+        "warnInsecurePost", "warnInsecurePostFromSecure",
        "warnSecureRedirect", "warnSecureRedirectToInsecure",
        "warnViewMixed", "certSelection" ];
  ]]>
@ -81,6 +82,10 @@ Set Netscape to show a warning and ask permission before:
      label="Entering a site that supports encryption"
              pref="true" preftype="bool" prefstring="security.warn_entering_secure"
              prefattribute="checked"/>
+    <checkbox id="warnEnteringWeak" 
+		  value="Entering a site that uses weak encryption"
+              pref="true" preftype="bool" prefstring="security.warn_entering_weak"
+              prefattribute="checked"/>
    <checkbox id="warnInsecurePost"
      label="Sending form data from an insecure page to an insecure page"
              pref="true" preftype="bool" prefstring="security.warn_submit_insecure"
--- a/mozilla/security/manager/pki/src/nsNSSDialogs.cpp
+++ b/mozilla/security/manager/pki/src/nsNSSDialogs.cpp
@ -55,6 +55,7 @@
 #define STRING_BUNDLE_URL    "chrome://communicator/locale/security.properties"

 #define ENTER_SITE_PREF      "security.warn_entering_secure"
+#define WEAK_SITE_PREF       "security.warn_entering_weak"
 #define LEAVE_SITE_PREF      "security.warn_leaving_secure"
 #define MIXEDCONTENT_PREF    "security.warn_viewing_mixed"
 #define INSECURE_SUBMIT_PREF "security.warn_submit_insecure"
@ -499,6 +500,16 @@ nsNSSDialogs::AlertEnteringSecure(nsIInterfaceRequestor *ctx)
  return rv;
 }

+nsresult
+nsNSSDialogs::AlertEnteringWeak(nsIInterfaceRequestor *ctx)
+{
+  nsresult rv;
+
+  rv = AlertDialog(ctx, WEAK_SITE_PREF,
+                   NS_LITERAL_STRING("WeakSiteMessage").get());
+
+  return rv;
+}

 nsresult
 nsNSSDialogs::AlertLeavingSecure(nsIInterfaceRequestor *ctx)
--- a/mozilla/security/manager/ssl/public/nsINSSDialogs.idl
+++ b/mozilla/security/manager/ssl/public/nsINSSDialogs.idl
@ -78,6 +78,11 @@ interface nsISecurityWarningDialogs : nsISupports
   */
  void alertEnteringSecure(in nsIInterfaceRequestor ctx);

+  /**
+   * alertEnteringWeak
+   */
+  void alertEnteringWeak(in nsIInterfaceRequestor ctx);
+
  /**
   * alertLeavingSecure
   */
--- a/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp
@ -118,15 +118,20 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
  PRInt32 sslStatus;
  char* signer = nsnull;
  nsresult rv;
+  PRInt32 encryptBits;

  if (SECSuccess == SSL_SecurityStatus(fd, &sslStatus, nsnull, nsnull,
-                                       nsnull, &signer, nsnull))
+                                       &encryptBits, &signer, nsnull))
    {
      PRInt32 secStatus;
      if (sslStatus == SSL_SECURITY_STATUS_OFF)
        secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
+      else if (encryptBits >= 90)
+        secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
+                     nsIWebProgressListener::STATE_SECURE_HIGH);
      else
-        secStatus = nsIWebProgressListener::STATE_IS_SECURE;
+        secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
+                     nsIWebProgressListener::STATE_SECURE_LOW);

      CERTName* certName = CERT_AsciiToName(signer);
      char* caName = CERT_GetOrgName(certName);
--- a/mozilla/security/manager/ssl/src/nsSecureBrowserUIImpl.cpp
+++ b/mozilla/security/manager/ssl/src/nsSecureBrowserUIImpl.cpp
@ -66,6 +66,8 @@

 static NS_DEFINE_CID(kCStringBundleServiceCID,  NS_STRINGBUNDLESERVICE_CID);

+#define IS_SECURE(state) ((state & 0xFFFF) == STATE_IS_SECURE)
+
 #if defined(PR_LOGGING)
 //
 // Log module for nsSecureBroswerUI logging...
@ -189,7 +191,7 @@ static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child,
  return NS_OK;
 }

-static PRInt16 GetSecurityStateFromChannel(nsIChannel* aChannel)
+static PRInt32 GetSecurityStateFromChannel(nsIChannel* aChannel)
 {
  nsresult res;
  PRInt32 securityState;
@ -313,23 +315,29 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
  // A document has finished loading
  if ((aProgressStateFlags & STATE_STOP) &&
      (aProgressStateFlags & STATE_IS_NETWORK) &&
-      (mSecurityState == STATE_IS_SECURE ||
+      (IS_SECURE(mSecurityState) ||
       mSecurityState == STATE_IS_BROKEN))
    {
-      if (mSecurityState == STATE_IS_SECURE) {
+      if (IS_SECURE(mSecurityState)) {
        // XXX Shouldn't we do this even if the state is broken?
        // XXX Shouldn't we grab the pickled status at STATE_NET_TRANSFERRING?
        
-        if (GetSecurityStateFromChannel(channel) == STATE_IS_SECURE) {
+        if (IS_SECURE(GetSecurityStateFromChannel(channel))) {
          // Everything looks okay.
          PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to lock\n", this));
          
-          if (mSecurityButton)
-            res = mSecurityButton->SetAttribute(NS_LITERAL_STRING("level"),
-                                                NS_LITERAL_STRING("high"));
+          if (mSecurityButton) {
+            if (mSecurityState == (STATE_IS_SECURE|STATE_SECURE_HIGH)) {
+              res = mSecurityButton->SetAttribute(NS_LITERAL_STRING("level"),
+                                                  NS_LITERAL_STRING("high"));
+            } else {
+              res = mSecurityButton->SetAttribute(NS_LITERAL_STRING("level"),
+                                                  NS_LITERAL_STRING("low"));
+            }
+          }
          
          if (eventSink)
-            eventSink->OnSecurityChange(aRequest, (STATE_IS_SECURE));
+            eventSink->OnSecurityChange(aRequest, mSecurityState);
          
          if (!mSecurityButton)
            return res;
@ -365,7 +373,7 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
  
  // don't need to do anything more if the page is broken or not secure...
  
-  if (mSecurityState != STATE_IS_SECURE)
+  if (!IS_SECURE(mSecurityState))
    return NS_OK;
  
  // A URL is starting to load...
@ -472,7 +480,7 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSin

  // Check to see if we are going from a secure page to an insecure page
  if (newSecurityState == STATE_IS_INSECURE &&
-      (oldSecurityState == STATE_IS_SECURE ||
+      (IS_SECURE(oldSecurityState) ||
       oldSecurityState == STATE_IS_BROKEN)) {

    SetBrokenLockIcon(eventSink, aRequest, PR_TRUE);
@ -481,12 +489,20 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSin

  }
  // check to see if we are going from an insecure page to a secure one.
-  else if ((newSecurityState == STATE_IS_SECURE ||
+  else if ((newSecurityState == (STATE_IS_SECURE|STATE_SECURE_HIGH) ||
            newSecurityState == STATE_IS_BROKEN) &&
           oldSecurityState == STATE_IS_INSECURE) {
-
    AlertEnteringSecure();
  }
+  // check to see if we are going from a strong or insecure page to a
+  // weak one.
+  else if ((IS_SECURE(newSecurityState) &&
+            newSecurityState != (STATE_IS_SECURE|STATE_SECURE_HIGH)) &&
+           (oldSecurityState == STATE_IS_INSECURE ||
+            oldSecurityState == (STATE_IS_SECURE|STATE_SECURE_HIGH))) {
+
+    AlertEnteringWeak();
+  }
  
  mSecurityState = newSecurityState;
  return NS_OK;
@ -496,13 +512,13 @@ nsresult
 nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink,
                                         nsIRequest* aRequest, nsIChannel* aChannel)
 {
-  PRInt16 newSecurityState;
+  PRInt32 newSecurityState;

  newSecurityState = GetSecurityStateFromChannel(aChannel);

  if ((newSecurityState == STATE_IS_INSECURE ||
       newSecurityState == STATE_IS_BROKEN) &&
-      mSecurityState == STATE_IS_SECURE) {
+      IS_SECURE(mSecurityState)) {
    
    // work-around for bug 48515
    nsCOMPtr<nsIURI> aURI;
@ -544,14 +560,14 @@ nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
  
  // if we are posting to a secure link from a secure page, all is okay.
  if (secure &&
-      (mSecurityState == STATE_IS_SECURE ||
+      (IS_SECURE(mSecurityState) ||
       mSecurityState == STATE_IS_BROKEN)) {
    return NS_OK;
  }
    
  // posting to insecure webpage from a secure webpage.
  // NOTE: This test is inconsistant with the one above
-  if (!secure  && (mSecurityState == STATE_IS_SECURE)) {
+  if (!secure && IS_SECURE(mSecurityState)) {
    *okayToPost = ConfirmPostToInsecureFromSecure();
  } else {
    *okayToPost = ConfirmPostToInsecure();
@ -671,6 +687,21 @@ AlertEnteringSecure()
  return;
 }

+void nsSecureBrowserUIImpl::
+AlertEnteringWeak()
+{
+  nsCOMPtr<nsISecurityWarningDialogs> dialogs;
+
+  GetNSSDialogs(NS_GET_IID(nsISecurityWarningDialogs), getter_AddRefs(dialogs));
+  if (!dialogs) return;
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
+
+  dialogs->AlertEnteringWeak(ctx);
+
+  return;
+}
+
 void nsSecureBrowserUIImpl::
 AlertLeavingSecure()
 {
--- a/mozilla/security/manager/ssl/src/nsSecureBrowserUIImpl.h
+++ b/mozilla/security/manager/ssl/src/nsSecureBrowserUIImpl.h
@ -90,6 +90,7 @@ protected:

  // Alerts for security transitions
  void AlertEnteringSecure();
+  void AlertEnteringWeak();
  void AlertLeavingSecure();
  void AlertMixedMode();
  PRBool ConfirmPostToInsecure();