/*
* Copyright © 2003 Crispin Flowerday <gnome@flowerday.cx>
* Copyright © 2006 Christian Persch
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* $Id$
*/
/*
* This file provides Gtk implementations of the mozilla Certificate dialogs
* such as the ones displayed when connecting to a site with a self-signed
* or expired certificate.
*/
#include <xpcom-config.h>
#include "config.h"
#include <time.h>
#include <glib/gi18n.h>
#include <gtk/gtkalignment.h>
#include <gtk/gtkbutton.h>
#include <gtk/gtkcellrenderertext.h>
#include <gtk/gtkcheckbutton.h>
#include <gtk/gtkdialog.h>
#include <gtk/gtkeditable.h>
#include <gtk/gtkentry.h>
#include <gtk/gtkhbox.h>
#include <gtk/gtkimage.h>
#include <gtk/gtklabel.h>
#include <gtk/gtkmessagedialog.h>
#include <gtk/gtkprogressbar.h>
#include <gtk/gtksizegroup.h>
#include <gtk/gtkstock.h>
#include <gtk/gtktable.h>
#include <gtk/gtktextbuffer.h>
#include <gtk/gtktextview.h>
#include <gtk/gtktogglebutton.h>
#include <gtk/gtktreeselection.h>
#include <gtk/gtktreestore.h>
#include <gtk/gtktreeview.h>
#include <gtk/gtkvbox.h>
#include <gtk/gtkcombobox.h>
#include <gconf/gconf-client.h>
#include <glade/glade-xml.h>
#include <nsStringGlue.h>
#include <nsCOMPtr.h>
#include <nsIArray.h>
#include <nsIASN1Object.h>
#include <nsIASN1Sequence.h>
#include <nsICRLInfo.h>
#include <nsIDOMWindow.h>
#include <nsIInterfaceRequestor.h>
#include <nsIInterfaceRequestorUtils.h>
#include <nsIMutableArray.h>
#include <nsIPKCS11ModuleDB.h>
#include <nsIPKCS11Slot.h>
#include <nsIPK11Token.h>
#include <nsIPK11TokenDB.h>
#include <nsIServiceManager.h>
#include <nsISimpleEnumerator.h>
#include <nsIX509CertDB.h>
#include <nsIX509Cert.h>
#include <nsIX509CertValidity.h>
#include <nsMemory.h>
#include <nsServiceManagerUtils.h>
#ifdef HAVE_NSIMUTABLEARRAY_H
#include <nsIMutableArray.h>
#endif
#include "ephy-file-helpers.h"
#include "ephy-gui.h"
#include "ephy-password-dialog.h"
#include "ephy-stock-icons.h"
#include "AutoJSContextStack.h"
#include "AutoWindowModalState.h"
#include "EphyUtils.h"
#include "GtkNSSDialogs.h"
NS_DEFINE_CID (kX509CertCID, NS_IX509CERT_IID);
NS_DEFINE_CID (kASN1ObjectCID, NS_IASN1OBJECT_IID);
enum
{
NSSDIALOG_RESPONSE_VIEW_CERT = 10
};
GtkNSSDialogs::GtkNSSDialogs ()
{
}
GtkNSSDialogs::~GtkNSSDialogs ()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS5 (GtkNSSDialogs,
nsICertificateDialogs,
nsIBadCertListener,
nsITokenPasswordDialogs,
nsITokenDialogs,
nsIDOMCryptoDialogs)
/* There's also nsICertPickDialogs which is implemented in mozilla
* but has no callers. So we don't implement it.
* Same for nsIUserCertPicker which is only used in mailnews.
*/
/**
* Call the mozilla service to display a certificate
*/
static void
view_certificate (nsIInterfaceRequestor *ctx, nsIX509Cert *cert)
{
nsresult rv;
nsCOMPtr<nsICertificateDialogs> certDialogs =
do_GetService (NS_CERTIFICATEDIALOGS_CONTRACTID, &rv);
NS_ENSURE_SUCCESS (rv, );
certDialogs->ViewCert (ctx, cert);
}
/**
* Indent a widget according the HIG
*
* @returns: The new indented widget
*/
static GtkWidget*
higgy_indent_widget (GtkWidget *widget)
{
GtkWidget *hbox;
GtkWidget *label;
hbox = gtk_hbox_new (FALSE, 6);
label = gtk_label_new (NULL);
gtk_box_pack_start (GTK_BOX(hbox), label, FALSE, TRUE, 6);
gtk_widget_show (label);
gtk_box_pack_start (GTK_BOX(hbox), widget, TRUE, TRUE, 0);
return hbox;
}
/**
* Setup up a dialog with the correct HIG'gy spacings, adding the content_widget
*/
static void
higgy_setup_dialog (GtkDialog *dialog, const gchar *stock_icon,
GtkWidget **content_label,
GtkWidget **content_vbox)
{
GtkWidget *hbox, *label, *image, *vbox;
g_return_if_fail (GTK_IS_DIALOG (dialog));
g_return_if_fail (content_label);
gtk_dialog_set_has_separator (dialog, FALSE);
gtk_window_set_resizable (GTK_WINDOW (dialog), FALSE);
gtk_container_set_border_width (GTK_CONTAINER (dialog), 5);
hbox = gtk_hbox_new (FALSE, 12);
gtk_container_set_border_width (GTK_CONTAINER (hbox), 5);
gtk_container_add (GTK_CONTAINER (GTK_DIALOG (dialog)->vbox), hbox);
image = gtk_image_new_from_stock (stock_icon, GTK_ICON_SIZE_DIALOG);
gtk_misc_set_alignment (GTK_MISC (image), 0.5, 0.0);
gtk_box_pack_start (GTK_BOX (hbox), image, FALSE, FALSE, 0);
vbox = gtk_vbox_new (FALSE, 12);
gtk_box_pack_start (GTK_BOX (hbox), vbox, TRUE, TRUE, 0);
label = gtk_label_new (NULL);
gtk_label_set_use_markup (GTK_LABEL (label), TRUE);
gtk_label_set_line_wrap (GTK_LABEL (label), TRUE);
gtk_label_set_selectable (GTK_LABEL (label), TRUE);
gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.0);
gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
gtk_widget_show (image);
gtk_widget_show (vbox);
gtk_widget_show (hbox);
gtk_widget_show (label);
/* Set up the spacing for the dialog internal widgets */
gtk_box_set_spacing (GTK_BOX(dialog->vbox), 14); /* 24 = 2 * 5 + 14 */
*content_label = label;
if (content_vbox)
{
*content_vbox = vbox;
}
}
/**
* Display a dialog box, showing 'View Certificate', 'Cancel',
* and 'Accept' buttons. Optionally a checkbox can be shown,
* or the text can be NULL to avoid it being displayed
*
* @returns: GTK_RESPONSE_ACCEPT if the user clicked Accept
*/
static gint
display_cert_warning_box (nsIInterfaceRequestor *ctx,
nsIX509Cert *cert,
const char *markup_text,
const char *checkbox_text,
gboolean *checkbox_value,
const char *affirmative_text)
{
GtkWidget *dialog, *label, *checkbox, *vbox, *button;
int res;
g_return_val_if_fail (markup_text, GTK_RESPONSE_CANCEL);
g_return_val_if_fail (!checkbox_text || checkbox_value, GTK_RESPONSE_CANCEL);
nsresult rv;
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
/* NOTE: Due to a mozilla bug [https://bugzilla.mozilla.org/show_bug.cgi?id=306288],
* we will always end up without a parent!
*/
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
AutoWindowModalState modalState (parent);
dialog = gtk_dialog_new_with_buttons ("", gparent,
GTK_DIALOG_DESTROY_WITH_PARENT,
(char *) NULL);
if (gparent)
{
gtk_window_group_add_window (ephy_gui_ensure_window_group (gparent),
GTK_WINDOW (dialog));
}
gtk_dialog_set_has_separator (GTK_DIALOG (dialog), FALSE);
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
higgy_setup_dialog (GTK_DIALOG (dialog),
GTK_STOCK_DIALOG_WARNING, &label, &vbox);
/* Add the buttons */
gtk_dialog_add_button (GTK_DIALOG (dialog), _("_View Certificate"),
NSSDIALOG_RESPONSE_VIEW_CERT);
gtk_dialog_add_button (GTK_DIALOG (dialog), GTK_STOCK_CANCEL,
GTK_RESPONSE_CANCEL);
if (affirmative_text == NULL)
{
affirmative_text = _("_Accept");
}
button = gtk_dialog_add_button (GTK_DIALOG (dialog),
affirmative_text,
GTK_RESPONSE_ACCEPT);
gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_ACCEPT);
if (checkbox_text)
{
checkbox = gtk_check_button_new_with_mnemonic (checkbox_text);
gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (checkbox),
*checkbox_value);
gtk_box_pack_start (GTK_BOX (vbox), checkbox, TRUE, TRUE, 0);
}
else
{
checkbox = 0;
}
/* We don't want focus on the checkbox */
gtk_widget_grab_focus (button);
gtk_label_set_markup (GTK_LABEL (label), markup_text);
gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_ACCEPT);
gtk_widget_show_all (dialog);
while (1)
{
res = gtk_dialog_run (GTK_DIALOG (dialog));
if (res == NSSDIALOG_RESPONSE_VIEW_CERT)
{
view_certificate (ctx, cert);
continue;
}
break;
}
if (res == GTK_RESPONSE_ACCEPT && checkbox)
{
*checkbox_value = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (checkbox));
}
gtk_widget_destroy (dialog);
return res;
}
/* Helper functions */
nsresult
GtkNSSDialogs::GetTokenAndSlotFromName (const PRUnichar *aName,
nsIPK11Token **aToken,
nsIPKCS11Slot **aSlot)
{
nsresult rv = NS_ERROR_FAILURE;
*aToken = nsnull;
*aSlot = nsnull;
nsCOMPtr<nsIPK11TokenDB> tokenDB = do_GetService("@mozilla.org/security/pk11tokendb;1");
nsCOMPtr<nsIPKCS11ModuleDB> pkcs11DB = do_GetService("@mozilla.org/security/pkcs11moduledb;1");
if (!tokenDB || !pkcs11DB) return rv;
rv = tokenDB->FindTokenByName (aName, aToken);
NS_ENSURE_TRUE (NS_SUCCEEDED (rv) && *aToken, rv);
pkcs11DB->FindSlotByName (aName, aSlot);
NS_ENSURE_TRUE (*aSlot, NS_ERROR_FAILURE);
#ifdef GNOME_ENABLE_DEBUG
/* Dump some info about this token */
nsIPK11Token *token = *aToken;
PRUnichar *tName, *tLabel, *tManID, *tHWVersion, *tFWVersion, *tSN;
PRInt32 minPwdLen;
PRBool needsInit, isHW, needsLogin, isFriendly;
token->GetTokenName(&tName);
token->GetTokenLabel(&tLabel);
token->GetTokenManID(&tManID);
token->GetTokenHWVersion(&tHWVersion);
token->GetTokenFWVersion(&tFWVersion);
token->GetTokenSerialNumber(&tSN);
token->GetMinimumPasswordLength(&minPwdLen);
token->GetNeedsUserInit(&needsInit);
token->IsHardwareToken(&isHW);
token->NeedsLogin(&needsLogin);
token->IsFriendly(&isFriendly);
g_print ("Token '%s' has \nName: %s\nLabel: %s\nManID: %s\nHWversion: %s\nFWVersion: %s\nSN: %s\n"
"MinPwdLen: %d\nNeedsUserInit: %d\nIsHWToken: %d\nNeedsLogin: %d\nIsFriendly: %d\n\n",
NS_ConvertUTF16toUTF8(aName).get(),
NS_ConvertUTF16toUTF8(tName).get(),
NS_ConvertUTF16toUTF8(tLabel).get(),
NS_ConvertUTF16toUTF8(tManID).get(),
NS_ConvertUTF16toUTF8(tHWVersion).get(),
NS_ConvertUTF16toUTF8(tFWVersion).get(),
NS_ConvertUTF16toUTF8(tSN).get(),
minPwdLen,
needsInit,
isHW,
needsLogin,
isFriendly);
nsIPKCS11Slot *slot = *aSlot;
PRUnichar*slDesc;
slot->GetDesc(&slDesc);
g_print ("Slot description: %s\n", NS_ConvertUTF16toUTF8 (slDesc).get());
#endif
return NS_OK;
}
/* nsICertificateDialogs */
NS_IMETHODIMP
GtkNSSDialogs::ConfirmMismatchDomain (nsIInterfaceRequestor *ctx,
const nsACString &targetURL,
nsIX509Cert *cert, PRBool *_retval)
{
char *first, *second, *msg;
int res;
nsString commonName;
cert->GetCommonName (commonName);
NS_ConvertUTF16toUTF8 cCommonName (commonName);
nsCString cTargetUrl (targetURL);
first = g_markup_printf_escaped (_("The site “%s” returned security information for "
"“%s”. It is possible that someone is intercepting "
"your communication to obtain your confidential "
"information."),
cTargetUrl.get(), cCommonName.get());
second = g_markup_printf_escaped (_("You should only accept the security information if you "
"trust “%s” and “%s”."),
cTargetUrl.get(), cCommonName.get());
msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s\n\n%s",
_("Accept incorrect security information?"),
first, second);
res = display_cert_warning_box (ctx, cert, msg, NULL, NULL, NULL);
g_free (second);
g_free (first);
g_free (msg);
*_retval = (res == GTK_RESPONSE_ACCEPT);
return NS_OK;
}
NS_IMETHODIMP
GtkNSSDialogs::ConfirmUnknownIssuer (nsIInterfaceRequestor *ctx,
nsIX509Cert *cert, PRInt16 *outAddType,
PRBool *_retval)
{
gboolean accept_perm = FALSE;
char *secondary, *tertiary, *msg;
int res;
nsString commonName;
cert->GetCommonName (commonName);
NS_ConvertUTF16toUTF8 cCommonName (commonName);
secondary = g_markup_printf_escaped
(_("It was not possible to automatically trust “%s”. "
"It is possible that someone is intercepting your "
"communication to obtain your confidential information."),
cCommonName.get());
tertiary = g_markup_printf_escaped
(_("You should only connect to the site if you are certain "
"you are connected to “%s”."),
cCommonName.get());
msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s\n\n%s",
_("Connect to untrusted site?"),
secondary, tertiary);
res = display_cert_warning_box (ctx, cert, msg,
_("_Trust this security information from now on"),
&accept_perm, _("Co_nnect"));
g_free (tertiary);
g_free (secondary);
g_free (msg);
if (res != GTK_RESPONSE_ACCEPT)
{
*_retval = PR_FALSE;
*outAddType = UNINIT_ADD_FLAG;
}
else
{
if (accept_perm)
{
*_retval = PR_TRUE;
*outAddType = ADD_TRUSTED_PERMANENTLY;
}
else
{
*_retval = PR_TRUE;
*outAddType = ADD_TRUSTED_FOR_SESSION;
}
}
return NS_OK;
}
/* boolean confirmCertExpired (in nsIInterfaceRequestor socketInfo,
in nsIX509Cert cert); */
NS_IMETHODIMP
GtkNSSDialogs::ConfirmCertExpired (nsIInterfaceRequestor *ctx,
nsIX509Cert *cert, PRBool *_retval)
{
nsresult rv;
PRTime now = PR_Now();
PRTime notAfter, notBefore, timeToUse;
PRInt64 normalizedTime;
time_t t;
struct tm tm;
char formattedDate[128];
char *fdate;
const char *primary, *text;
char *secondary, *msg;
*_retval = PR_FALSE;
nsCOMPtr<nsIX509CertValidity> validity;
rv = cert->GetValidity (getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotAfter (¬After);
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotBefore (¬Before);
if (NS_FAILED(rv)) return rv;
if (LL_CMP(now, >, notAfter))
{
primary = _("Accept expired security information?");
/* Translators: first %s is a hostname, second %s is a time/date */
text = _("The security information for “%s” "
"expired on %s.");
timeToUse = notAfter;
}
else
{
primary = _("Accept not yet valid security information?");
/* Translators: first %s is a hostname, second %s is a time/date */
text = _("The security information for “%s” isn't valid until %s.");
timeToUse = notBefore;
}
nsString commonName;
cert->GetCommonName (commonName);
NS_ConvertUTF16toUTF8 cCommonName (commonName);
LL_DIV (normalizedTime, timeToUse, PR_USEC_PER_SEC);
LL_L2UI (t, normalizedTime);
/* To translators: this a time format that is used while displaying the
* expiry or start date of an SSL certificate, for the format see
* strftime(3) */
strftime (formattedDate, sizeof(formattedDate), _("%a %d %b %Y"),
localtime_r (&t, &tm));
/* FIXME! this isn't actually correct, LC_CTIME codeset could be different than locale codeset! */
fdate = g_locale_to_utf8 (formattedDate, -1, NULL, NULL, NULL);
secondary = g_markup_printf_escaped (text, cCommonName.get(), fdate);
msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s\n\n%s",
primary, secondary,
_("You should ensure that your computer's time is correct."));
int res = display_cert_warning_box (ctx, cert, msg, NULL, NULL, NULL);
g_free (fdate);
g_free (msg);
g_free (secondary);
*_retval = (res == GTK_RESPONSE_ACCEPT);
return NS_OK;
}
/* void notifyCrlNextupdate (in nsIInterfaceRequestor socketInfo,
in AUTF8String targetURL,
in nsIX509Cert cert); */
NS_IMETHODIMP
GtkNSSDialogs::NotifyCrlNextupdate (nsIInterfaceRequestor *ctx,
const nsACString & targetURL,
nsIX509Cert *cert)
{
nsCOMPtr<nsIDOMWindow> parent = do_GetInterface (ctx);
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
nsCString cTargetUrl (targetURL);
nsString commonName;
cert->GetCommonName (commonName);
GtkWidget *dialog = gtk_message_dialog_new
(GTK_WINDOW (gparent),
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_OK,
_("Cannot establish connection to “%s”"),
cTargetUrl.get ());
gtk_message_dialog_format_secondary_text
(GTK_MESSAGE_DIALOG (dialog),
_("The certificate revocation list (CRL) from “%s” "
"needs to be updated.\n\n"
"Please ask your system administrator for assistance."),
NS_ConvertUTF16toUTF8 (commonName).get ());
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
g_signal_connect (dialog, "response",
(GCallback) gtk_widget_destroy, NULL);
gtk_widget_show_all (dialog);
return NS_OK;
}
NS_IMETHODIMP
GtkNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor *ctx,
nsIX509Cert *cert,
PRUint32 *_trust,
PRBool *_retval)
{
GtkWidget *dialog, *label;
char *msg, *primary;
nsresult rv;
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
AutoWindowModalState modalState (parent);
dialog = gtk_dialog_new_with_buttons (_("Trust new Certificate Authority?"), gparent,
GTK_DIALOG_DESTROY_WITH_PARENT,
_("_View Certificate"),
NSSDIALOG_RESPONSE_VIEW_CERT,
GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
_("_Trust CA"), GTK_RESPONSE_ACCEPT,
(char *) NULL);
if (gparent)
{
gtk_window_group_add_window (ephy_gui_ensure_window_group (gparent),
GTK_WINDOW (dialog));
}
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
higgy_setup_dialog (GTK_DIALOG (dialog), GTK_STOCK_DIALOG_WARNING,
&label, NULL);
gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_ACCEPT);
nsString commonName;
cert->GetCommonName (commonName);
NS_ConvertUTF16toUTF8 cCommonName (commonName);
primary = g_markup_printf_escaped (_("Trust new Certificate Authority “%s” to identify web sites?"),
cCommonName.get());
msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s",
primary,
_("Before trusting a Certificate Authority (CA) you should "
"verify the certificate is authentic."));
gtk_label_set_markup (GTK_LABEL (label), msg);
g_free (primary);
g_free (msg);
gtk_widget_show_all (dialog);
int ret;
while (1)
{
ret = gtk_dialog_run (GTK_DIALOG (dialog));
if (ret == NSSDIALOG_RESPONSE_VIEW_CERT)
{
view_certificate (ctx, cert);
continue;
}
break;
}
if (ret != GTK_RESPONSE_ACCEPT)
{
*_retval = PR_FALSE;
}
else
{
if (ret == GTK_RESPONSE_ACCEPT)
{
*_trust |= nsIX509CertDB::TRUSTED_SSL;
}
else
{
*_trust = nsIX509CertDB::UNTRUSTED;
}
*_retval = PR_TRUE;
}
gtk_widget_destroy (dialog);
return NS_OK;
}
NS_IMETHODIMP
GtkNSSDialogs::NotifyCACertExists (nsIInterfaceRequestor *ctx)
{
GtkWidget *dialog, *label;
char * msg;
nsCOMPtr<nsIDOMWindow> parent = do_GetInterface (ctx);
GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
dialog = gtk_dialog_new_with_buttons ("", gparent,
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_STOCK_OK,
GTK_RESPONSE_OK,
(char *) NULL);
if (gparent)
{
gtk_window_group_add_window (ephy_gui_ensure_window_group (gparent),
GTK_WINDOW (dialog));
}
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
higgy_setup_dialog (GTK_DIALOG (dialog), GTK_STOCK_DIALOG_ERROR,
&label, NULL);
msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s",
_("Certificate already exists."),
_("The certificate has already been imported."));
gtk_label_set_markup (GTK_LABEL (label), msg);
g_free (msg);
g_signal_connect (G_OBJECT (dialog),
"response",
(GCallback)gtk_widget_destroy, NULL);
gtk_widget_show_all (dialog);
return NS_OK;
}
/* FIXME: This interface sucks! There is way to know the name of the certificate! */
NS_IMETHODIMP
GtkNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
nsAString &_password,
PRBool *_retval)
{
GtkWidget *dialog;
char *msg;
nsresult rv;
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
AutoWindowModalState modalState (parent);
dialog = ephy_password_dialog_new (gparent,
_("Select Password"),
EphyPasswordDialogFlags(EPHY_PASSWORD_DIALOG_FLAGS_SHOW_NEW_PASSWORD |
EPHY_PASSWORD_DIALOG_FLAGS_SHOW_QUALITY_METER));
gtk_window_set_modal (GTK_WINDOW (dialog), TRUE);
gtk_window_set_destroy_with_parent (GTK_WINDOW (dialog), TRUE);
/* FIXME: set accept button text to (_("_Back Up Certificate") ?
* That's not actually correct, since this function is also called from other places!
*/
msg = g_markup_printf_escaped (_("Select a password to protect this certificate"));
gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog), msg);
g_free (msg);
int response = gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_hide (dialog);
if (response == GTK_RESPONSE_ACCEPT)
{
const char *text = ephy_password_dialog_get_new_password (EPHY_PASSWORD_DIALOG (dialog));
g_return_val_if_fail (text != NULL, NS_ERROR_FAILURE);
NS_CStringToUTF16 (nsDependentCString (text),
NS_CSTRING_ENCODING_UTF8, _password);
}
*_retval = response == GTK_RESPONSE_ACCEPT;
gtk_widget_destroy (dialog);
return NS_OK;
}
NS_IMETHODIMP
GtkNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
nsAString &_password,
PRBool *_retval)
{
g_print ("GtkNSSDialogs::GetPKCS12FilePassword\n");
nsresult rv;
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
AutoWindowModalState modalState (parent);
GtkWidget *dialog = ephy_password_dialog_new
(gparent,
"",
EphyPasswordDialogFlags (EPHY_PASSWORD_DIALOG_FLAGS_SHOW_PASSWORD));
EphyPasswordDialog *password_dialog = EPHY_PASSWORD_DIALOG (dialog);
/* FIXME: set accept button text to _("I_mport Certificate") ? */
gtk_window_set_destroy_with_parent (GTK_WINDOW (dialog), TRUE);
/* FIXME: mozilla sucks, no way to get the name of the certificate / cert file! */
char *msg = g_markup_printf_escaped (_("Enter the password for this certificate"));
gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog), msg);
g_free (msg);
int response = gtk_dialog_run (GTK_DIALOG (dialog));
if (response == GTK_RESPONSE_ACCEPT)
{
const char *pwd = ephy_password_dialog_get_password (password_dialog);
NS_CStringToUTF16 (nsDependentCString (pwd),
NS_CSTRING_ENCODING_UTF8, _password);
}
*_retval = response == GTK_RESPONSE_ACCEPT;
gtk_widget_destroy (dialog);
return NS_OK;
}
static void
set_table_row (GtkWidget *table,
int& row,
const char *title,
const char *text)
{
GtkWidget *header, *label;
char *bold;
if (text == NULL || text[0] == 0) return;
bold = g_markup_printf_escaped ("<b>%s</b>", title);
header = gtk_label_new (bold);
g_free (bold);
gtk_label_set_use_markup (GTK_LABEL (header), TRUE);
gtk_misc_set_alignment (GTK_MISC (header), 0, 0);
gtk_widget_show (header);
gtk_table_attach (GTK_TABLE (table), header, 0, 1, row, row+1,
GTK_FILL, GTK_FILL, 0, 0);
label = gtk_label_new (text);
gtk_misc_set_alignment (GTK_MISC (label), 0, 0);
gtk_label_set_selectable (GTK_LABEL (label), TRUE);
gtk_label_set_ellipsize (GTK_LABEL (label), PANGO_ELLIPSIZE_END);
gtk_label_set_max_width_chars (GTK_LABEL (label), 48);
gtk_widget_show (label);
gtk_table_attach_defaults (GTK_TABLE (table), label, 1, 2, row, row+1);
row++;
}
NS_IMETHODIMP
GtkNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICRLInfo *crl)
{
GtkWidget *dialog, *label, *table, *vbox;
nsresult rv;
char *msg;
nsCOMPtr<nsIDOMWindow> parent = do_GetInterface (ctx);
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
dialog = gtk_dialog_new_with_buttons ("",
GTK_WINDOW (gparent),
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_STOCK_OK, GTK_RESPONSE_OK,
(char *) NULL);
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
gtk_window_set_title (GTK_WINDOW (dialog), _("Certificate Revocation List Imported"));
/* Needed because gparent == NULL always because of mozilla sucks */
gtk_window_set_skip_pager_hint (GTK_WINDOW (dialog), TRUE);
gtk_window_set_skip_taskbar_hint (GTK_WINDOW (dialog), TRUE);
higgy_setup_dialog (GTK_DIALOG (dialog), GTK_STOCK_DIALOG_INFO,
&label, &vbox);
msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>",
_("Certificate Revocation List (CRL) successfully imported"));
gtk_label_set_markup (GTK_LABEL (label), msg);
g_free (msg);
table = gtk_table_new (2, 3, FALSE);
gtk_table_set_row_spacings (GTK_TABLE (table), 6);
gtk_table_set_col_spacings (GTK_TABLE (table), 12);
nsString org, orgUnit, nextUpdate;
rv = crl->GetOrganization (org);
if (NS_FAILED(rv)) return rv;
rv = crl->GetOrganizationalUnit (orgUnit);
if (NS_FAILED(rv)) return rv;
rv = crl->GetNextUpdateLocale (nextUpdate);
if (NS_FAILED(rv)) return rv;
int row = 0;
set_table_row (table, row, _("Organization:"), NS_ConvertUTF16toUTF8 (org).get ());
set_table_row (table, row, _("Unit:"), NS_ConvertUTF16toUTF8 (orgUnit).get ());
set_table_row (table, row, _("Next Update:"), NS_ConvertUTF16toUTF8 (nextUpdate).get ());
gtk_box_pack_start (GTK_BOX (vbox), table, FALSE, FALSE, 0);
gtk_widget_show_all (dialog);
g_signal_connect (G_OBJECT (dialog),
"response",
(GCallback)gtk_widget_destroy, NULL);
gtk_widget_show_all (dialog);
return NS_OK;
}
/**
* Help function to fill in the labels on the General tab
*/
static void
set_label_cert_attribute (GladeXML* gxml, const char* label_id, nsAString &value)
{
GtkWidget *label;
label = glade_xml_get_widget (gxml, label_id);
g_return_if_fail (GTK_IS_LABEL (label));
if (!value.Length()) {
gtk_label_set_use_markup (GTK_LABEL (label), TRUE);
char *msg = g_strdup_printf ("<i><%s></i>",
_("Not part of certificate"));
gtk_label_set_markup (GTK_LABEL (label), msg);
g_free (msg);
}
else
{
gtk_label_set_use_markup (GTK_LABEL (label), FALSE);
gtk_label_set_text (GTK_LABEL (label), NS_ConvertUTF16toUTF8 (value).get());
}
}
/**
* Do that actual filling in of the certificate tree
*/
static gboolean
fill_cert_chain_tree (GtkTreeView *treeview, nsIArray *certChain)
{
nsresult rv;
GtkTreeModel * model = gtk_tree_view_get_model (treeview);
GtkTreeIter parent;
PRUint32 numCerts;
rv = certChain->GetLength (&numCerts);
if (NS_FAILED(rv) || numCerts < 1) return FALSE;
for (int i = (int)numCerts-1 ; i >= 0; i--)
{
nsCOMPtr<nsIX509Cert> nsCert;
rv = certChain->QueryElementAt (i, kX509CertCID,
getter_AddRefs(nsCert));
if (NS_FAILED(rv)) return FALSE;
GtkTreeIter iter;
gtk_tree_store_append (GTK_TREE_STORE (model), &iter,
(i == (int)numCerts-1) ? NULL : &parent);
nsString value;
rv = nsCert->GetCommonName (value);
if (NS_FAILED(rv)) return FALSE;
NS_ConvertUTF16toUTF8 cValue (value);
nsIX509Cert *nsCertP = nsCert;
if (value.Length())
{
gtk_tree_store_set (GTK_TREE_STORE(model), &iter,
0, cValue.get(),
1, nsCertP,
-1);
}
else
{
char * title;
rv = nsCert->GetWindowTitle (&title);
if (NS_FAILED(rv)) return FALSE;
gtk_tree_store_set (GTK_TREE_STORE(model),
&iter, 0, title, 1, nsCertP, -1);
nsMemory::Free (title);
}
parent = iter;
}
gtk_tree_view_expand_all (GTK_TREE_VIEW (treeview));
/* And select the last entry, and scroll the view so it's visible */
GtkTreeSelection *select = gtk_tree_view_get_selection (treeview);
GtkTreePath *path = gtk_tree_model_get_path (model, &parent);
gtk_tree_selection_select_path (select, path);
gtk_tree_view_scroll_to_cell (treeview, path, NULL, TRUE, 0.5, 0.0);
gtk_tree_path_free (path);
return TRUE;
}
/**
* Add an ASN object to the treeview, recursing if the object was a
* sequence
*/
static void
add_asn1_object_to_tree(GtkTreeModel *model, nsIASN1Object *object, GtkTreeIter *parent)
{
nsString dispNameU;
object->GetDisplayName(dispNameU);
GtkTreeIter iter;
gtk_tree_store_append (GTK_TREE_STORE (model), &iter, parent);
gtk_tree_store_set (GTK_TREE_STORE(model), &iter,
0, NS_ConvertUTF16toUTF8 (dispNameU).get(),
1, object,
-1);
nsCOMPtr<nsIASN1Sequence> sequence(do_QueryInterface(object));
if (!sequence) return;
nsCOMPtr<nsIMutableArray> asn1Objects;
sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
PRUint32 numObjects;
asn1Objects->GetLength(&numObjects);
if (!asn1Objects) return;
for (PRUint32 i = 0; i < numObjects ; i++)
{
nsCOMPtr<nsIASN1Object> currObject;
asn1Objects->QueryElementAt (i, kASN1ObjectCID,
getter_AddRefs (currObject));
add_asn1_object_to_tree (model, currObject, &iter);
}
}
/**
* Update the "Certificate Fields" treeview when a different cert
* is selected in the hierarchy text view
*/
static void
cert_chain_tree_view_selection_changed_cb (GtkTreeSelection *selection,
GtkWidget* tree_view)
{
GtkTreeIter iter;
nsIX509Cert *nsCert;
nsresult rv;
GtkTreeModel * model;
if (gtk_tree_selection_get_selected (selection, &model, &iter))
{
gtk_tree_model_get (model, &iter, 1, &nsCert, -1);
nsCOMPtr<nsIASN1Object> object;
rv = nsCert->GetASN1Structure (getter_AddRefs(object));
if (NS_FAILED(rv)) return;
model = gtk_tree_view_get_model (GTK_TREE_VIEW (tree_view));
gtk_tree_store_clear (GTK_TREE_STORE (model));
add_asn1_object_to_tree (model, object, NULL);
gtk_tree_view_expand_all (GTK_TREE_VIEW (tree_view));
}
}
/**
* When the "Certificate Field" treeview is changed, update the
* text_view to display the value of the currently selected field
*/
static void
field_tree_view_selection_changed_cb (GtkTreeSelection *selection,
GtkWidget* text_view)
{
GtkTreeIter iter;
GtkTreeModel *model;
GtkTextBuffer * text_buffer =
gtk_text_view_get_buffer (GTK_TEXT_VIEW (text_view));
if (gtk_tree_selection_get_selected (selection, &model, &iter))
{
nsIASN1Object *object;
gtk_tree_model_get (model, &iter, 1, &object, -1);
nsString dispValU;
object->GetDisplayValue(dispValU);
gtk_text_buffer_set_text (text_buffer, NS_ConvertUTF16toUTF8 (dispValU).get(), -1);
}
else
{
gtk_text_buffer_set_text (text_buffer, "", 0);
}
}
/**
* Setup the various treeviews, the textview, and fill the treeviews
*/
static gboolean
setup_view_cert_tree (GtkWidget *dialog, GladeXML*gxml, nsIArray *certChain)
{
GtkCellRenderer *renderer;
GtkWidget *chain_tree_view, *field_tree_view, *text_view;
PangoFontDescription *monospace_font_desc;
GConfClient *conf_client;
char *monospace_font;
chain_tree_view = glade_xml_get_widget (gxml, "treeview_cert_chain");
field_tree_view = glade_xml_get_widget (gxml, "treeview_cert_info");
text_view = glade_xml_get_widget (gxml, "textview_field_value");
/* Setup the certificate chain view */
GtkTreeStore *store = gtk_tree_store_new (2,
G_TYPE_STRING,
G_TYPE_POINTER);
gtk_tree_view_set_model (GTK_TREE_VIEW (chain_tree_view), GTK_TREE_MODEL (store));
g_object_unref (store);
renderer = gtk_cell_renderer_text_new ();
gtk_tree_view_insert_column_with_attributes (GTK_TREE_VIEW (chain_tree_view),
0, "Certificate",
renderer,
"text", 0,
(char *) NULL);
GtkTreeSelection *select = gtk_tree_view_get_selection (GTK_TREE_VIEW (chain_tree_view));
gtk_tree_selection_set_mode (select, GTK_SELECTION_SINGLE);
g_signal_connect (G_OBJECT (select), "changed",
G_CALLBACK (cert_chain_tree_view_selection_changed_cb),
field_tree_view);
/* Setup the certificate field view */
store = gtk_tree_store_new (2,
G_TYPE_STRING,
G_TYPE_POINTER);
gtk_tree_view_set_model (GTK_TREE_VIEW (field_tree_view), GTK_TREE_MODEL (store));
g_object_unref (store);
gtk_tree_view_insert_column_with_attributes (GTK_TREE_VIEW (field_tree_view),
0, "Certificate Field",
renderer,
"text", 0,
(char *) NULL);
select = gtk_tree_view_get_selection (GTK_TREE_VIEW (field_tree_view));
gtk_tree_selection_set_mode (select, GTK_SELECTION_SINGLE);
g_signal_connect (G_OBJECT (select), "changed",
G_CALLBACK (field_tree_view_selection_changed_cb),
text_view);
/* Get the text_view displaying a propertional font
*
* Pick up the monospace font from desktop preferences */
conf_client = gconf_client_get_default ();
monospace_font = gconf_client_get_string (conf_client,
"/desktop/gnome/interface/monospace_font_name", NULL);
if (monospace_font)
{
monospace_font_desc = pango_font_description_from_string (monospace_font);
gtk_widget_modify_font (text_view, monospace_font_desc);
pango_font_description_free (monospace_font_desc);
}
g_object_unref (conf_client);
/* And fill the certificate chain tree */
return fill_cert_chain_tree (GTK_TREE_VIEW (chain_tree_view), certChain);
}
/* void viewCert (in nsIX509Cert cert); */
NS_IMETHODIMP
GtkNSSDialogs::ViewCert(nsIInterfaceRequestor *ctx,
nsIX509Cert *cert)
{
GtkWidget *dialog, *widget;
GladeXML *gxml;
nsString value;
PRUint32 verifystate, count;
PRUnichar ** usage;
GtkSizeGroup * sizegroup;
nsresult rv;
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
gxml = glade_xml_new (ephy_file ("certificate-dialogs.glade"),
"viewcert_dialog", NULL);
g_return_val_if_fail (gxml != NULL, NS_ERROR_FAILURE);
dialog = glade_xml_get_widget (gxml, "viewcert_dialog");
g_return_val_if_fail (dialog != NULL, NS_ERROR_FAILURE);
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
AutoWindowModalState modalState (parent);
if (gparent)
{
gtk_window_set_transient_for (GTK_WINDOW(dialog), GTK_WINDOW(gparent));
gtk_window_group_add_window (ephy_gui_ensure_window_group (GTK_WINDOW (gparent)),
GTK_WINDOW (dialog));
gtk_window_set_destroy_with_parent (GTK_WINDOW (dialog), TRUE);
}
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
gtk_window_set_title (GTK_WINDOW (dialog), _("Certificate Properties"));
gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_CLOSE);
/* Set up the GtkSizeGroup so that the columns line up */
sizegroup = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
widget = glade_xml_get_widget (gxml, "label_size1");
gtk_size_group_add_widget (sizegroup, widget);
widget = glade_xml_get_widget (gxml, "label_size2");
gtk_size_group_add_widget (sizegroup, widget);
widget = glade_xml_get_widget (gxml, "label_size3");
gtk_size_group_add_widget (sizegroup, widget);
widget = glade_xml_get_widget (gxml, "label_size4");
gtk_size_group_add_widget (sizegroup, widget);
g_object_unref (sizegroup);
rv = cert->GetUsagesArray (FALSE, &verifystate, &count, &usage);
if (NS_FAILED(rv)) return rv;
const char * text;
switch (verifystate)
{
case nsIX509Cert::VERIFIED_OK:
text = _("This certificate has been verified for the following uses:");
break;
case nsIX509Cert::CERT_REVOKED:
text = _("Could not verify this certificate because it has been revoked.");
break;
case nsIX509Cert::CERT_EXPIRED:
text = _("Could not verify this certificate because it has expired.");
break;
case nsIX509Cert::CERT_NOT_TRUSTED:
text = _("Could not verify this certificate because it is not trusted.");
break;
case nsIX509Cert::ISSUER_NOT_TRUSTED:
text = _("Could not verify this certificate because the issuer is not trusted.");
break;
case nsIX509Cert::ISSUER_UNKNOWN:
text = _("Could not verify this certificate because the issuer is unknown.");
break;
case nsIX509Cert::INVALID_CA:
text = _("Could not verify this certificate because the CA certificate is invalid.");
break;
case nsIX509Cert::NOT_VERIFIED_UNKNOWN:
case nsIX509Cert::USAGE_NOT_ALLOWED:
default:
text = _("Could not verify this certificate for unknown reasons.");
}
char *vmsg = g_strdup_printf ("<b>%s</b>", text);
widget = glade_xml_get_widget (gxml, "label_verify_text");
g_return_val_if_fail (GTK_IS_LABEL (widget), NS_ERROR_FAILURE);
gtk_label_set_markup (GTK_LABEL (widget), vmsg);
g_free (vmsg);
if (count > 0)
{
GtkWidget *vbox = gtk_vbox_new (FALSE, 3);
GtkWidget *indent;
for (PRUint32 i = 0 ; i < count ; i++)
{
GtkWidget *label = gtk_label_new (NS_ConvertUTF16toUTF8 (usage[i]).get());
gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
nsMemory::Free (usage[i]);
}
nsMemory::Free (usage);
indent = higgy_indent_widget (vbox);
widget = glade_xml_get_widget (gxml, "vbox_validity");
g_return_val_if_fail (GTK_IS_BOX (widget), NS_ERROR_FAILURE);
gtk_box_pack_start (GTK_BOX (widget), indent, FALSE, FALSE, 0);
}
cert->GetCommonName (value);
set_label_cert_attribute (gxml, "label_cn", value);
cert->GetOrganization (value);
set_label_cert_attribute (gxml, "label_o", value);
cert->GetOrganizationalUnit (value);
set_label_cert_attribute (gxml, "label_ou", value);
cert->GetSerialNumber (value);
set_label_cert_attribute (gxml, "label_serial", value);
rv = cert->GetIssuerCommonName (value);
if (NS_FAILED(rv)) return rv;
set_label_cert_attribute (gxml, "label_issuer_cn", value);
cert->GetIssuerOrganization (value);
set_label_cert_attribute (gxml, "label_issuer_o", value);
cert->GetIssuerOrganizationUnit (value);
set_label_cert_attribute (gxml, "label_issuer_ou", value);
nsCOMPtr<nsIX509CertValidity> validity;
rv = cert->GetValidity (getter_AddRefs(validity));
if (NS_FAILED(rv)) return rv;
rv = validity->GetNotAfterLocalDay (value);
if (NS_FAILED(rv)) return rv;
set_label_cert_attribute (gxml, "label_notafter", value);
rv = validity->GetNotBeforeLocalDay (value);
if (NS_FAILED(rv)) return rv;
set_label_cert_attribute (gxml, "label_notbefore", value);
cert->GetSha1Fingerprint (value);
set_label_cert_attribute (gxml, "label_sha_print", value);
cert->GetMd5Fingerprint (value);
set_label_cert_attribute (gxml, "label_md5_print", value);
/* Hold a reference to each certificate in the chain while the
* dialog is displayed, this holds the reference for the ASN
* objects as well */
nsCOMPtr<nsIArray> certChain;
rv = cert->GetChain (getter_AddRefs(certChain));
if (NS_FAILED(rv)) return rv;
gboolean ret = setup_view_cert_tree (dialog, gxml, certChain);
if (ret == FALSE) return NS_ERROR_FAILURE;
g_object_unref (gxml);
gtk_widget_show_all (dialog);
int res;
while (1)
{
res = gtk_dialog_run (GTK_DIALOG (dialog));
if (res == GTK_RESPONSE_HELP)
{
ephy_gui_help (GTK_WINDOW (dialog), "epiphany", "using-certificate-viewer");
continue;
}
break;
}
gtk_widget_destroy (dialog);
return NS_OK;
}
/* nsITokenPasswordDialogs */
/* NOTE: This interface totally sucks, see https://bugzilla.mozilla.org/show_bug.cgi?id=306993 */
/* void setPassword (in nsIInterfaceRequestor ctx, in wstring tokenName, out boolean canceled); */
NS_IMETHODIMP
GtkNSSDialogs::SetPassword(nsIInterfaceRequestor *aCtx,
const PRUnichar *aTokenName,
PRBool *aCancelled)
{
NS_ENSURE_ARG_POINTER(aCancelled);
nsresult rv;
nsCOMPtr<nsIPK11Token> token;
nsCOMPtr<nsIPKCS11Slot> slot;
rv = GetTokenAndSlotFromName (aTokenName, getter_AddRefs (token),
getter_AddRefs (slot));
NS_ENSURE_SUCCESS (rv, rv);
NS_ENSURE_TRUE (token && slot, NS_ERROR_FAILURE);
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
PRUint32 status = nsIPKCS11Slot::SLOT_UNINITIALIZED;
slot->GetStatus (&status);
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aCtx));
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
AutoWindowModalState modalState (parent);
EphyPasswordDialogFlags flags =
EphyPasswordDialogFlags (EPHY_PASSWORD_DIALOG_FLAGS_SHOW_NEW_PASSWORD |
EPHY_PASSWORD_DIALOG_FLAGS_SHOW_QUALITY_METER);
if (status != nsIPKCS11Slot::SLOT_UNINITIALIZED)
flags = EphyPasswordDialogFlags (flags | EPHY_PASSWORD_DIALOG_FLAGS_SHOW_PASSWORD);
GtkWidget *dialog = ephy_password_dialog_new
(gparent,
_("Change Token Password"),
flags);
EphyPasswordDialog *password_dialog = EPHY_PASSWORD_DIALOG (dialog);
char *message;
if (status == nsIPKCS11Slot::SLOT_UNINITIALIZED) {
message = g_markup_printf_escaped (_("Choose a password for the “%s” token"),
NS_ConvertUTF16toUTF8 (aTokenName).get ());
} else {
message = g_markup_printf_escaped (_("Change the password for the “%s” token"),
NS_ConvertUTF16toUTF8 (aTokenName).get ());
}
gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog),
message);
g_free (message);
int response;
nsString oldPassword;
PRBool pwdOk, needsLogin;
do {
response = gtk_dialog_run (GTK_DIALOG (dialog));
if (status != nsIPKCS11Slot::SLOT_UNINITIALIZED)
{
const char *pwd = ephy_password_dialog_get_password (password_dialog);
oldPassword = NS_ConvertUTF8toUTF16 (pwd);
}
} while (response == GTK_RESPONSE_OK &&
status != nsIPKCS11Slot::SLOT_UNINITIALIZED &&
NS_SUCCEEDED (token->NeedsLogin (&needsLogin)) && needsLogin &&
NS_SUCCEEDED (token->CheckPassword (oldPassword.get (), &pwdOk) &&
!pwdOk));
if (response == GTK_RESPONSE_ACCEPT)
{
const char *pwd = ephy_password_dialog_get_new_password (password_dialog);
NS_ConvertUTF8toUTF16 newPassword (pwd);
if (status == nsIPKCS11Slot::SLOT_UNINITIALIZED)
{
rv = token->InitPassword (newPassword.get ());
}
else
{
rv = token->ChangePassword (oldPassword.get (),
newPassword.get ());
}
}
else
{
rv = NS_OK;
}
gtk_widget_destroy (GTK_WIDGET (dialog));
*aCancelled = response != GTK_RESPONSE_ACCEPT;
return rv;
}
/* void getPassword (in nsIInterfaceRequestor ctx, in wstring tokenName, out wstring password, out boolean canceled); */
NS_IMETHODIMP
GtkNSSDialogs::GetPassword(nsIInterfaceRequestor *aCtx,
const PRUnichar *aTokenName,
PRUnichar **aPassword,
PRBool *aCancelled)
{
NS_ENSURE_ARG_POINTER(aCancelled);
nsresult rv;
nsCOMPtr<nsIPK11Token> token;
nsCOMPtr<nsIPKCS11Slot> slot;
rv = GetTokenAndSlotFromName (aTokenName, getter_AddRefs (token),
getter_AddRefs (slot));
NS_ENSURE_SUCCESS (rv, rv);
NS_ENSURE_TRUE (token && slot, NS_ERROR_FAILURE);
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aCtx));
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
AutoWindowModalState modalState (parent);
EphyPasswordDialogFlags flags =
EphyPasswordDialogFlags (EPHY_PASSWORD_DIALOG_FLAGS_SHOW_PASSWORD);
GtkWidget *dialog = ephy_password_dialog_new
(gparent,
_("Get Token Password"), /* FIXME */
flags);
EphyPasswordDialog *password_dialog = EPHY_PASSWORD_DIALOG (dialog);
/* Translators: A "token" is something that enables the user to authenticate himself or
* prove his credentials. This can be either a hardware device (e.g. a smart-card), or
* a data file (e.g. a cryptographic certificate).
*/
char *message = g_markup_printf_escaped (_("Please enter the password for the “%s” token"),
NS_ConvertUTF16toUTF8 (aTokenName).get ());
gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog),
message);
g_free (message);
int response = gtk_dialog_run (GTK_DIALOG (dialog));
if (response == GTK_RESPONSE_ACCEPT)
{
const char *pwd = ephy_password_dialog_get_password (password_dialog);
*aPassword = NS_StringCloneData (NS_ConvertUTF8toUTF16 (pwd));
}
gtk_widget_destroy (GTK_WIDGET (dialog));
*aCancelled = response != GTK_RESPONSE_ACCEPT;
return NS_OK;
}
/* nsITokenDialogs */
static void
SelectionChangedCallback (GtkComboBox *combo,
GtkDialog *dialog)
{
int active = gtk_combo_box_get_active (combo);
gtk_dialog_set_response_sensitive (dialog, GTK_RESPONSE_ACCEPT, active >= 0);
}
/* void ChooseToken (in nsIInterfaceRequestor ctx,
[array, size_is (count)] in wstring tokenNameList,
in unsigned long count,
out wstring tokenName,
out boolean canceled); */
NS_IMETHODIMP
GtkNSSDialogs::ChooseToken (nsIInterfaceRequestor *aContext,
const PRUnichar **tokenNameList,
PRUint32 count,
PRUnichar **_tokenName,
PRBool *_cancelled)
{
NS_ENSURE_ARG (tokenNameList);
NS_ENSURE_ARG (count);
nsresult rv;
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
/* Didn't you know it? MOZILLA SUCKS! ChooseToken is always called with |aContext| == NULL! See
* http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/ssl/src/nsKeygenHandler.cpp&rev=1.39&mark=346#346
* Need to investigate if we it's always called directly from code called from JS, in which case we
* can use EphyJSUtils::GetDOMWindowFromCallContext.
*/
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aContext));
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
AutoWindowModalState modalState (parent);
GtkWidget *dialog = gtk_message_dialog_new
(GTK_WINDOW (gparent),
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_OTHER,
GTK_BUTTONS_CANCEL,
_("Please select a token:"));
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
GtkWidget *combo = gtk_combo_box_new_text ();
for (PRUint32 i = 0; i < count; ++i) {
gtk_combo_box_append_text (GTK_COMBO_BOX (combo),
NS_ConvertUTF16toUTF8 (tokenNameList[i]).get ());
}
gtk_combo_box_set_active (GTK_COMBO_BOX (combo), -1);
g_signal_connect (combo, "changed",
G_CALLBACK (SelectionChangedCallback), dialog);
/* FIXME: View Cert button? */
GtkWidget *vbox = GTK_MESSAGE_DIALOG (dialog)->label->parent;
gtk_box_pack_start (GTK_BOX (vbox), combo, FALSE, FALSE, 0);
gtk_dialog_add_button (GTK_DIALOG (dialog),
_("_Select"),
GTK_RESPONSE_ACCEPT);
gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_REJECT);
int response = gtk_dialog_run (GTK_DIALOG (dialog));
int selected = gtk_combo_box_get_active (GTK_COMBO_BOX (combo));
gtk_widget_destroy (dialog);
*_cancelled = response != GTK_RESPONSE_ACCEPT;
if (response == GTK_RESPONSE_ACCEPT) {
NS_ENSURE_TRUE (selected >= 0 && selected < (int) count, NS_ERROR_FAILURE);
*_tokenName = NS_StringCloneData (nsDependentString (tokenNameList[selected]));
}
return NS_OK;
}
/* nsIDOMCryptoDialogs */
/* Note: this interface sucks! See https://bugzilla.mozilla.org/show_bug.cgi?id=341914 */
/* boolean ConfirmKeyEscrow (in nsIX509Cert escrowAuthority); */
NS_IMETHODIMP
GtkNSSDialogs::ConfirmKeyEscrow (nsIX509Cert *aEscrowAuthority,
PRBool *_retval)
{
NS_ENSURE_ARG (aEscrowAuthority);
nsresult rv;
AutoJSContextStack stack;
rv = stack.Init ();
if (NS_FAILED (rv)) return rv;
#if 0
nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aCtx));
#endif
nsCOMPtr<nsIDOMWindow> parent (EphyJSUtils::GetDOMWindowFromCallContext ());
GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
AutoWindowModalState modalState (parent);
/* FIXME: is that guaranteed to be non-empty? */
nsString commonName;
aEscrowAuthority->GetCommonName (commonName);
GtkWidget *dialog = gtk_message_dialog_new
(GTK_WINDOW (gparent),
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_WARNING /* QUESTION really but it's also a strong warnings... */,
GTK_BUTTONS_NONE,
_("Escrow the secret key?"));
/* FIXME: If I understand the documentation of generateCRMFRequest
* correctly, key escrow is never used for signing keys (if it were,
* we'd have to warn that the cert authority can forge your signature
* too).
*/
gtk_message_dialog_format_secondary_text
(GTK_MESSAGE_DIALOG (dialog),
_("The certificate authority “%s” requests that you give it a copy "
"of the newly generated secret key.\n\n"
"This will enable the certificate authority read any "
"communications encrypted with this key "
"without your knowledge or consent.\n\n"
"It is strongly recommended not to allow it."),
NS_ConvertUTF16toUTF8 (commonName).get ());
gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
GtkWidget *button = gtk_dialog_add_button (GTK_DIALOG (dialog),
_("_Reject"),
GTK_RESPONSE_REJECT);
gtk_dialog_add_button (GTK_DIALOG (dialog),
_("_Allow"),
GTK_RESPONSE_ACCEPT);
/* FIXME: View Cert button? */
gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_REJECT);
gtk_widget_grab_focus (button);
int response = gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
*_retval = response == GTK_RESPONSE_ACCEPT;
return NS_OK;
}