diff --git a/mozilla/security/manager/pki/src/nsNSSDialogs.cpp b/mozilla/security/manager/pki/src/nsNSSDialogs.cpp index c761c9b7d2e..277c3b2afd1 100644 --- a/mozilla/security/manager/pki/src/nsNSSDialogs.cpp +++ b/mozilla/security/manager/pki/src/nsNSSDialogs.cpp @@ -118,7 +118,9 @@ nsNSSDialogs::~nsNSSDialogs() { } -NS_IMPL_ISUPPORTS1(nsNSSDialogs, nsINSSDialogs) +NS_IMPL_ISUPPORTS3(nsNSSDialogs, nsINSSDialogs, + nsITokenPasswordDialogs, + nsIBadCertListener) nsresult nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx, @@ -147,3 +149,30 @@ nsNSSDialogs::SetPassword(nsIInterfaceRequestor *ctx, return rv; } + +/* boolean unknownIssuer (in nsIChannelSecurityInfo socketInfo, + in nsIX509Cert cert); */ +NS_IMETHODIMP +nsNSSDialogs::UnknownIssuer(nsIChannelSecurityInfo *socketInfo, + nsIX509Cert *cert, PRBool *_retval) +{ + return NS_ERROR_NOT_IMPLEMENTED; +} + +/* boolean mismatchDomain (in nsIChannelSecurityInfo socketInfo, + in nsIX509Cert cert); */ +NS_IMETHODIMP +nsNSSDialogs::MismatchDomain(nsIChannelSecurityInfo *socketInfo, + nsIX509Cert *cert, PRBool *_retval) +{ + return NS_ERROR_NOT_IMPLEMENTED; +} + +/* boolean certExpired (in nsIChannelSecurityInfo socketInfo, + in nsIX509Cert cert); */ +NS_IMETHODIMP +nsNSSDialogs::CertExpired(nsIChannelSecurityInfo *socketInfo, + nsIX509Cert *cert, PRBool *_retval) +{ + return NS_ERROR_NOT_IMPLEMENTED; +} diff --git a/mozilla/security/manager/pki/src/nsNSSDialogs.h b/mozilla/security/manager/pki/src/nsNSSDialogs.h index ca9641656d8..0d19dce7e86 100644 --- a/mozilla/security/manager/pki/src/nsNSSDialogs.h +++ b/mozilla/security/manager/pki/src/nsNSSDialogs.h @@ -25,17 +25,22 @@ #define __NS_NSSDIALOGS_H__ #include "nsINSSDialogs.h" +#include "nsIBadCertListener.h" #define NS_NSSDIALOGS_CID \ { 0x518e071f, 0x1dd2, 0x11b2, \ { 0x93, 0x7e, 0xc4, 0x5f, 0x14, 0xde, 0xf7, 0x78 }} class nsNSSDialogs -: public nsINSSDialogs +: public nsINSSDialogs, + public nsITokenPasswordDialogs, + public nsIBadCertListener { public: NS_DECL_ISUPPORTS NS_DECL_NSINSSDIALOGS + NS_DECL_NSITOKENPASSWORDDIALOGS + NS_DECL_NSIBADCERTLISTENER nsNSSDialogs(); virtual ~nsNSSDialogs(); diff --git a/mozilla/security/manager/ssl/public/nsINSSDialogs.idl b/mozilla/security/manager/ssl/public/nsINSSDialogs.idl index 1fe39b97126..fed1a4126c8 100644 --- a/mozilla/security/manager/ssl/public/nsINSSDialogs.idl +++ b/mozilla/security/manager/ssl/public/nsINSSDialogs.idl @@ -25,12 +25,12 @@ interface nsIInterfaceRequestor; /** - * nsINSSDialogs - a collection of functions that - * implement activities that may require interaction - * with the user. + * nsITokenPasswordDialogs + * This is the interface for setting and changin password + * on a PKCS11 token. */ -[scriptable, uuid(4a8c5584-1dd2-11b2-bfff-f232dbfab27e)] -interface nsINSSDialogs : nsISupports +[scriptable, uuid(be26b580-1dd1-11b2-9946-c598d0d07727)] +interface nsITokenPasswordDialogs : nsISupports { /** * setPassword - sets the password/PIN on the named token. @@ -41,6 +41,23 @@ interface nsINSSDialogs : nsISupports out boolean canceled); }; + +/** + * nsINSSDialogs - a collection of functions that + * implement activities that may require interaction + * with the user. + */ +[scriptable, uuid(4a8c5584-1dd2-11b2-bfff-f232dbfab27e)] +interface nsINSSDialogs : nsISupports +{ + /** + * This is the base class for NSSDialogs. It must support all + * the interfaces for dialogs that it wants to support. + * + * nsITokenPasswordDialogs is one such implementation. + */ +}; + /** * NS_NSSDIALOGS_CONTRACTID - contract id of a service that * implements nsINSSDialogs (and possibly other interfaces) diff --git a/mozilla/security/manager/ssl/src/nsNSSComponent.cpp b/mozilla/security/manager/ssl/src/nsNSSComponent.cpp index 482eb77cb9d..3466734da67 100644 --- a/mozilla/security/manager/ssl/src/nsNSSComponent.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSComponent.cpp @@ -34,6 +34,7 @@ #include "nsIStringBundle.h" #include "nsIDirectoryService.h" #include "nsDirectoryServiceDefs.h" +#include "nsINSSDialogs.h" #include "prlog.h" #include "nss.h" @@ -495,3 +496,23 @@ nsNSSComponent::RandomUpdate(void *entropy, PRInt32 bufLen) PK11_RandomUpdate(entropy, bufLen); return NS_OK; } + +static const char *kNSSDialogsContractId = NS_NSSDIALOGS_CONTRACTID; + +nsresult +getNSSDialogs(void **_result, REFNSIID aIID) +{ + nsresult rv; + nsISupports *result; + + rv = nsServiceManager::GetService(kNSSDialogsContractId, + NS_GET_IID(nsINSSDialogs), + &result); + if (NS_FAILED(rv)) return rv; + + rv = result->QueryInterface(aIID, _result); + + NS_RELEASE(result); + + return rv; +} diff --git a/mozilla/security/manager/ssl/src/nsNSSComponent.h b/mozilla/security/manager/ssl/src/nsNSSComponent.h index 8316d6b6265..bfe0b5fcf87 100644 --- a/mozilla/security/manager/ssl/src/nsNSSComponent.h +++ b/mozilla/security/manager/ssl/src/nsNSSComponent.h @@ -34,6 +34,8 @@ #include "nsString.h" #include "nsIStringBundle.h" +#include "nsNSSHelper.h" + #define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties" #define NS_NSSCOMPONENT_CID \ diff --git a/mozilla/security/manager/ssl/src/nsNSSHelper.h b/mozilla/security/manager/ssl/src/nsNSSHelper.h new file mode 100644 index 00000000000..c6dedf84cb6 --- /dev/null +++ b/mozilla/security/manager/ssl/src/nsNSSHelper.h @@ -0,0 +1,46 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * The contents of this file are subject to the Mozilla Public + * License Version 1.1 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS + * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or + * implied. See the License for the specific language governing + * rights and limitations under the License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is Netscape + * Communications Corporation. Portions created by Netscape are + * Copyright (C) 1998 Netscape Communications Corporation. All + * Rights Reserved. + * + * Contributor(s): + * Javier Delgadillo + * + * Alternatively, the contents of this file may be used under the + * terms of the GNU General Public License Version 2 or later (the + * "GPL"), in which case the provisions of the GPL are applicable + * instead of those above. If you wish to allow use of your + * version of this file only under the terms of the GPL and not to + * allow others to use your version of this file under the MPL, + * indicate your decision by deleting the provisions above and + * replace them with the notice and other provisions required by + * the GPL. If you do not delete the provisions above, a recipient + * may use your version of this file under either the MPL or the + * GPL. + */ + +#ifndef NSS_HELPER_ +#define NSS_HELPER_ +// +// Function to get the implementor for a certain set of NSS +// specific dialogs. +// + +nsresult +getNSSDialogs(void **_result, REFNSIID aIID); +#endif + diff --git a/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp b/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp index 320215d8d81..09776e7ef8a 100644 --- a/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp @@ -42,6 +42,9 @@ #include "nsIServiceManager.h" #include "nsIWebProgressListener.h" #include "nsIChannel.h" +#include "nsIBadCertListener.h" + +#include "nsNSSHelper.h" #include "ssl.h" #include "secerr.h" @@ -423,54 +426,44 @@ nsCertErrorNeedsDialog(int error) (error == SEC_ERROR_EXPIRED_CERTIFICATE)); } -static PRBool -nsUnknownIssuerDialog(nsNSSSocketInfo *infoObject, - PRFileDesc *socket) -{ - return PR_FALSE; -} - -static PRBool -nsBadCertDomainDialog(nsNSSSocketInfo *infoObject, - PRFileDesc *socket) -{ - return PR_FALSE; -} - -static PRBool -nsExpiredCertDialog(nsNSSSocketInfo *infoObject, - PRFileDesc *socket) -{ - return PR_FALSE; -} - - static PRBool nsContinueDespiteCertError(nsNSSSocketInfo *infoObject, - PRFileDesc *socket, + PRFileDesc *sslSocket, int error) { PRBool retVal = PR_FALSE; + nsIBadCertListener *badCertHandler; + nsresult rv; + + rv = getNSSDialogs((void**)&badCertHandler, + NS_GET_IID(nsIBadCertListener)); + if (NS_FAILED(rv)) + return PR_FALSE; + nsIChannelSecurityInfo *csi = NS_STATIC_CAST(nsIChannelSecurityInfo*, + infoObject); + switch (error) { case SEC_ERROR_UNKNOWN_ISSUER: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNTRUSTED_ISSUER: - retVal = nsUnknownIssuerDialog(infoObject, socket); + rv = badCertHandler->UnknownIssuer(csi, nsnull, &retVal); break; case SSL_ERROR_BAD_CERT_DOMAIN: - retVal = nsBadCertDomainDialog(infoObject, socket); + rv = badCertHandler->MismatchDomain(csi, nsnull, &retVal); break; case SEC_ERROR_EXPIRED_CERTIFICATE: - retVal = nsExpiredCertDialog(infoObject, socket); + rv = badCertHandler->CertExpired(csi, nsnull, & retVal); break; default: + rv = NS_ERROR_FAILURE; break; } - return retVal; + NS_RELEASE(badCertHandler); + return NS_FAILED(rv) ? PR_FALSE : retVal; } static SECStatus -nsNSSBadCertHandler(void *arg, PRFileDesc *socket) +nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket) { SECStatus rv = SECFailure; int error; @@ -482,7 +475,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *socket) // Some weird error we don't really know how to handle. break; } - if (!nsContinueDespiteCertError(infoObject, socket, error)) { + if (!nsContinueDespiteCertError(infoObject, sslSocket, error)) { break; } rv = SECSuccess; //This will eventually re-verify the cert to diff --git a/mozilla/security/manager/ssl/src/nsSDR.cpp b/mozilla/security/manager/ssl/src/nsSDR.cpp index 7ebfc33c0ec..6773a423998 100644 --- a/mozilla/security/manager/ssl/src/nsSDR.cpp +++ b/mozilla/security/manager/ssl/src/nsSDR.cpp @@ -38,6 +38,7 @@ #include "nsISecretDecoderRing.h" #include "nsSDR.h" +#include "nsNSSComponent.h" #include "pk11func.h" #include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt @@ -126,16 +127,19 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 /* Make sure token is initialized. */ if (PK11_NeedUserInit(slot)) { - nsCOMPtr dialogs; + nsITokenPasswordDialogs *dialogs; PRBool canceled; NS_ConvertUTF8toUCS2 tokenName(PK11_GetTokenName(slot)); - rv = getNSSDialogs(getter_AddRefs(dialogs)); + rv = getNSSDialogs((void**)&dialogs, + NS_GET_IID(nsITokenPasswordDialogs)); + if (NS_FAILED(rv)) goto loser; rv = dialogs->SetPassword(ctx, tokenName, &canceled); + NS_RELEASE(dialogs); if (NS_FAILED(rv)) goto loser; if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } @@ -336,21 +340,3 @@ decode(const char *data, unsigned char **result, PRInt32 * _retval) loser: return rv; } - -static const char *kNSSDialogsContractId = NS_NSSDIALOGS_CONTRACTID; - -nsresult nsSecretDecoderRing:: -getNSSDialogs(nsINSSDialogs* *_result) -{ - nsresult rv; - nsISupports *result; - - rv = nsServiceManager::GetService(kNSSDialogsContractId, - NS_GET_IID(nsINSSDialogs), - &result); - if (NS_FAILED(rv)) return rv; - - *_result = NS_STATIC_CAST(nsINSSDialogs*, result); - - return rv; -} diff --git a/mozilla/security/manager/ssl/src/nsSDR.h b/mozilla/security/manager/ssl/src/nsSDR.h index 7e1cb16b090..307c425da12 100644 --- a/mozilla/security/manager/ssl/src/nsSDR.h +++ b/mozilla/security/manager/ssl/src/nsSDR.h @@ -71,11 +71,6 @@ private: nsresult encode(const unsigned char *data, PRInt32 dataLen, char **_retval); nsresult decode(const char *data, unsigned char **result, PRInt32 * _retval); - /** - * getNSSDialogs - gets an implementation of the nsINSSIDialogs - * interface. - */ - nsresult getNSSDialogs(nsINSSDialogs* *_result); }; #endif /* _NSSDR_H_ */