Make the nsINSSDialogs a base class that we do a QI to

figure out if it implements the interface we want.

Change the implementation in pippki to register its UI handling
with this new method.


git-svn-id: svn://10.0.0.236/trunk@86741 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/security/manager/pki/src/nsNSSDialogs.cpp

@@ -118,7 +118,9 @@ nsNSSDialogs::~nsNSSDialogs()
 {
 }
 
-NS_IMPL_ISUPPORTS1(nsNSSDialogs, nsINSSDialogs)
+NS_IMPL_ISUPPORTS3(nsNSSDialogs, nsINSSDialogs, 
+                                 nsITokenPasswordDialogs,
+                                 nsIBadCertListener)
 
 nsresult
 nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx,
@@ -147,3 +149,30 @@ nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx,
 
   return rv;
 }
+
+/* boolean unknownIssuer (in nsIChannelSecurityInfo socketInfo, 
+                          in nsIX509Cert cert); */
+NS_IMETHODIMP 
+nsNSSDialogs::UnknownIssuer(nsIChannelSecurityInfo *socketInfo, 
+                            nsIX509Cert *cert, PRBool *_retval)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+/* boolean mismatchDomain (in nsIChannelSecurityInfo socketInfo, 
+                           in nsIX509Cert cert); */
+NS_IMETHODIMP 
+nsNSSDialogs::MismatchDomain(nsIChannelSecurityInfo *socketInfo, 
+                             nsIX509Cert *cert, PRBool *_retval)
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+/* boolean certExpired (in nsIChannelSecurityInfo socketInfo, 
+                        in nsIX509Cert cert); */
+NS_IMETHODIMP 
+nsNSSDialogs::CertExpired(nsIChannelSecurityInfo *socketInfo, 
+                          nsIX509Cert *cert, PRBool *_retval)
+{
+    return NS_ERROR_NOT_IMPLEMENTED;
+}

mozilla/security/manager/pki/src/nsNSSDialogs.h

@@ -25,17 +25,22 @@
 #define __NS_NSSDIALOGS_H__
 
 #include "nsINSSDialogs.h"
+#include "nsIBadCertListener.h"
 
 #define NS_NSSDIALOGS_CID \
   { 0x518e071f, 0x1dd2, 0x11b2, \
     { 0x93, 0x7e, 0xc4, 0x5f, 0x14, 0xde, 0xf7, 0x78 }}
 
 class nsNSSDialogs
-: public nsINSSDialogs
+: public nsINSSDialogs,
+  public nsITokenPasswordDialogs,
+  public nsIBadCertListener
 {
 public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSINSSDIALOGS
+  NS_DECL_NSITOKENPASSWORDDIALOGS
+  NS_DECL_NSIBADCERTLISTENER
 
   nsNSSDialogs();
   virtual ~nsNSSDialogs();

mozilla/security/manager/ssl/public/nsINSSDialogs.idl

@@ -25,12 +25,12 @@
 interface nsIInterfaceRequestor;
 
 /**
- * nsINSSDialogs - a collection of functions that
- *   implement activities that may require interaction
- *   with the user.
+ * nsITokenPasswordDialogs
+ *  This is the interface for setting and changin password
+ *  on a PKCS11 token.
  */
-[scriptable, uuid(4a8c5584-1dd2-11b2-bfff-f232dbfab27e)]
-interface nsINSSDialogs : nsISupports
+[scriptable, uuid(be26b580-1dd1-11b2-9946-c598d0d07727)]
+interface nsITokenPasswordDialogs : nsISupports
 {
   /**
    * setPassword - sets the password/PIN on the named token.
@@ -41,6 +41,23 @@ interface nsINSSDialogs : nsISupports
                    out boolean canceled);
 };
 
+
+/**
+ * nsINSSDialogs - a collection of functions that
+ *   implement activities that may require interaction
+ *   with the user.
+ */
+[scriptable, uuid(4a8c5584-1dd2-11b2-bfff-f232dbfab27e)]
+interface nsINSSDialogs : nsISupports
+{
+  /**
+   * This is the base class for NSSDialogs.  It must support all
+   * the interfaces for dialogs that it wants to support.
+   * 
+   * nsITokenPasswordDialogs is one such implementation.
+   */
+};
+
 /**
  * NS_NSSDIALOGS_CONTRACTID - contract id of a service that
  *   implements nsINSSDialogs (and possibly other interfaces)

mozilla/security/manager/ssl/src/nsNSSComponent.cpp

@@ -34,6 +34,7 @@
 #include "nsIStringBundle.h"
 #include "nsIDirectoryService.h"
 #include "nsDirectoryServiceDefs.h"
+#include "nsINSSDialogs.h"
 #include "prlog.h"
 
 #include "nss.h"
@@ -495,3 +496,23 @@ nsNSSComponent::RandomUpdate(void *entropy, PRInt32 bufLen)
   PK11_RandomUpdate(entropy, bufLen);
   return NS_OK;
 }
+
+static const char *kNSSDialogsContractId = NS_NSSDIALOGS_CONTRACTID;
+
+nsresult 
+getNSSDialogs(void **_result, REFNSIID aIID)
+{
+  nsresult rv;
+  nsISupports *result;
+
+  rv = nsServiceManager::GetService(kNSSDialogsContractId, 
+                                    NS_GET_IID(nsINSSDialogs),
+                                    &result);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = result->QueryInterface(aIID, _result);
+
+  NS_RELEASE(result);
+
+  return rv;
+}

mozilla/security/manager/ssl/src/nsNSSComponent.h

@@ -34,6 +34,8 @@
 #include "nsString.h"
 #include "nsIStringBundle.h"
 
+#include "nsNSSHelper.h"
+
 #define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties"
 
 #define NS_NSSCOMPONENT_CID \

mozilla/security/manager/ssl/src/nsNSSHelper.h

@@ -0,0 +1,46 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * The contents of this file are subject to the Mozilla Public
+ * License Version 1.1 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of
+ * the License at http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS
+ * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
+ * implied. See the License for the specific language governing
+ * rights and limitations under the License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is Netscape
+ * Communications Corporation.  Portions created by Netscape are
+ * Copyright (C) 1998 Netscape Communications Corporation. All
+ * Rights Reserved.
+ *
+ * Contributor(s):
+ *  Javier Delgadillo <javi@netscape.com>
+ *
+ * Alternatively, the contents of this file may be used under the
+ * terms of the GNU General Public License Version 2 or later (the
+ * "GPL"), in which case the provisions of the GPL are applicable 
+ * instead of those above.  If you wish to allow use of your 
+ * version of this file only under the terms of the GPL and not to
+ * allow others to use your version of this file under the MPL,
+ * indicate your decision by deleting the provisions above and
+ * replace them with the notice and other provisions required by
+ * the GPL.  If you do not delete the provisions above, a recipient
+ * may use your version of this file under either the MPL or the
+ * GPL.
+ */
+
+#ifndef NSS_HELPER_
+#define NSS_HELPER_
+//
+// Function to get the implementor for a certain set of NSS
+// specific dialogs.
+//
+
+nsresult 
+getNSSDialogs(void **_result, REFNSIID aIID);
+#endif
+

mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp

@@ -42,6 +42,9 @@
 #include "nsIServiceManager.h"
 #include "nsIWebProgressListener.h"
 #include "nsIChannel.h"
+#include "nsIBadCertListener.h"
+
+#include "nsNSSHelper.h"
 
 #include "ssl.h"
 #include "secerr.h"
@@ -423,54 +426,44 @@ nsCertErrorNeedsDialog(int error)
           (error == SEC_ERROR_EXPIRED_CERTIFICATE));
 }
 
-static PRBool
-nsUnknownIssuerDialog(nsNSSSocketInfo *infoObject, 
-                     PRFileDesc      *socket)
-{
-  return PR_FALSE;
-}
-
-static PRBool
-nsBadCertDomainDialog(nsNSSSocketInfo *infoObject, 
-                      PRFileDesc      *socket)
-{
-  return PR_FALSE;
-}
-
-static PRBool
-nsExpiredCertDialog(nsNSSSocketInfo *infoObject, 
-                    PRFileDesc      *socket)
-{
-  return PR_FALSE;
-}
-
-
 static PRBool
 nsContinueDespiteCertError(nsNSSSocketInfo *infoObject,
-                           PRFileDesc      *socket,
+                           PRFileDesc      *sslSocket,
                            int              error)
 {
   PRBool retVal = PR_FALSE;
+  nsIBadCertListener *badCertHandler;
+  nsresult rv;
+
+  rv = getNSSDialogs((void**)&badCertHandler, 
+                     NS_GET_IID(nsIBadCertListener));
+  if (NS_FAILED(rv)) 
+    return PR_FALSE;
+  nsIChannelSecurityInfo *csi =  NS_STATIC_CAST(nsIChannelSecurityInfo*,
+                                                infoObject);
+
   switch (error) {
   case SEC_ERROR_UNKNOWN_ISSUER:
   case SEC_ERROR_CA_CERT_INVALID:
   case SEC_ERROR_UNTRUSTED_ISSUER:
-    retVal = nsUnknownIssuerDialog(infoObject, socket);
+    rv = badCertHandler->UnknownIssuer(csi, nsnull, &retVal);
     break;
   case SSL_ERROR_BAD_CERT_DOMAIN:
-    retVal = nsBadCertDomainDialog(infoObject, socket);
+    rv = badCertHandler->MismatchDomain(csi, nsnull, &retVal);
     break;
   case SEC_ERROR_EXPIRED_CERTIFICATE:
-    retVal = nsExpiredCertDialog(infoObject, socket);
+    rv = badCertHandler->CertExpired(csi, nsnull, & retVal);
     break;
   default:
+    rv = NS_ERROR_FAILURE;
     break;
   }
-  return retVal;
+  NS_RELEASE(badCertHandler);
+  return NS_FAILED(rv) ? PR_FALSE : retVal;
 }
 
 static SECStatus
-nsNSSBadCertHandler(void *arg, PRFileDesc *socket)
+nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
 {
   SECStatus rv = SECFailure;
   int error;
@@ -482,7 +475,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *socket)
       // Some weird error we don't really know how to handle.
       break;
     }
-    if (!nsContinueDespiteCertError(infoObject, socket, error)) {
+    if (!nsContinueDespiteCertError(infoObject, sslSocket, error)) {
       break;
     }
     rv = SECSuccess; //This will eventually re-verify the cert to

mozilla/security/manager/ssl/src/nsSDR.cpp

@@ -38,6 +38,7 @@
 
 #include "nsISecretDecoderRing.h"
 #include "nsSDR.h"
+#include "nsNSSComponent.h"
 
 #include "pk11func.h"
 #include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
@@ -126,16 +127,19 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
 
   /* Make sure token is initialized. */
   if (PK11_NeedUserInit(slot)) { 
-    nsCOMPtr<nsINSSDialogs> dialogs;
+    nsITokenPasswordDialogs *dialogs;
     PRBool canceled;
     NS_ConvertUTF8toUCS2 tokenName(PK11_GetTokenName(slot));
 
-    rv = getNSSDialogs(getter_AddRefs(dialogs));
+    rv = getNSSDialogs((void**)&dialogs,
+                       NS_GET_IID(nsITokenPasswordDialogs));
+
     if (NS_FAILED(rv)) goto loser;
 
     rv = dialogs->SetPassword(ctx,
                               tokenName,
                               &canceled);
+    NS_RELEASE(dialogs);
     if (NS_FAILED(rv)) goto loser;
 
     if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
@@ -336,21 +340,3 @@ decode(const char *data, unsigned char **result, PRInt32 * _retval)
 loser:
     return rv;
 }
-
-static const char *kNSSDialogsContractId = NS_NSSDIALOGS_CONTRACTID;
-
-nsresult nsSecretDecoderRing::
-getNSSDialogs(nsINSSDialogs* *_result)
-{
-  nsresult rv;
-  nsISupports *result;
-
-  rv = nsServiceManager::GetService(kNSSDialogsContractId, 
-                                    NS_GET_IID(nsINSSDialogs),
-                                    &result);
-  if (NS_FAILED(rv)) return rv;
-
-  *_result = NS_STATIC_CAST(nsINSSDialogs*, result);
-
-  return rv;
-}

mozilla/security/manager/ssl/src/nsSDR.h

@@ -71,11 +71,6 @@ private:
   nsresult encode(const unsigned char *data, PRInt32 dataLen, char **_retval);
   nsresult decode(const char *data, unsigned char **result, PRInt32 * _retval);
 
-  /**
-   * getNSSDialogs - gets an implementation of the nsINSSIDialogs
-   *   interface.
-   */
-  nsresult getNSSDialogs(nsINSSDialogs* *_result);
 };
 
 #endif /* _NSSDR_H_ */