aboutsummaryrefslogtreecommitdiffstats
path: root/embed/xulrunner/embed/GtkNSSDialogs.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'embed/xulrunner/embed/GtkNSSDialogs.cpp')
-rw-r--r--embed/xulrunner/embed/GtkNSSDialogs.cpp1694
1 files changed, 0 insertions, 1694 deletions
diff --git a/embed/xulrunner/embed/GtkNSSDialogs.cpp b/embed/xulrunner/embed/GtkNSSDialogs.cpp
deleted file mode 100644
index 25b99d141..000000000
--- a/embed/xulrunner/embed/GtkNSSDialogs.cpp
+++ /dev/null
@@ -1,1694 +0,0 @@
-/*
- * Copyright © 2003 Crispin Flowerday <gnome@flowerday.cx>
- * Copyright © 2006 Christian Persch
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- *
- * $Id$
- */
-
-/*
- * This file provides Gtk implementations of the mozilla Certificate dialogs
- * such as the ones displayed when connecting to a site with a self-signed
- * or expired certificate.
- */
-
-#include "mozilla-config.h"
-#include "config.h"
-
-#include <time.h>
-
-#include <glib/gi18n.h>
-#include <gtk/gtkalignment.h>
-#include <gtk/gtkbutton.h>
-#include <gtk/gtkcellrenderertext.h>
-#include <gtk/gtkcheckbutton.h>
-#include <gtk/gtkdialog.h>
-#include <gtk/gtkeditable.h>
-#include <gtk/gtkentry.h>
-#include <gtk/gtkhbox.h>
-#include <gtk/gtkimage.h>
-#include <gtk/gtklabel.h>
-#include <gtk/gtkmessagedialog.h>
-#include <gtk/gtkprogressbar.h>
-#include <gtk/gtksizegroup.h>
-#include <gtk/gtkstock.h>
-#include <gtk/gtktable.h>
-#include <gtk/gtktextbuffer.h>
-#include <gtk/gtktextview.h>
-#include <gtk/gtktogglebutton.h>
-#include <gtk/gtktreeselection.h>
-#include <gtk/gtktreestore.h>
-#include <gtk/gtktreeview.h>
-#include <gtk/gtkvbox.h>
-#include <gtk/gtkcombobox.h>
-#include <gconf/gconf-client.h>
-#include <glade/glade-xml.h>
-
-#include <nsStringAPI.h>
-
-#include <nsCOMPtr.h>
-#include <nsIArray.h>
-#include <nsIASN1Object.h>
-#include <nsIASN1Sequence.h>
-#include <nsICRLInfo.h>
-#include <nsIDOMWindow.h>
-#include <nsIInterfaceRequestor.h>
-#include <nsIInterfaceRequestorUtils.h>
-#include <nsIPKCS11ModuleDB.h>
-#include <nsIPKCS11Slot.h>
-#include <nsIPK11Token.h>
-#include <nsIPK11TokenDB.h>
-#include <nsIServiceManager.h>
-#include <nsISimpleEnumerator.h>
-#include <nsIX509CertDB.h>
-#include <nsIX509Cert.h>
-#include <nsIX509CertValidity.h>
-#include <nsMemory.h>
-#include <nsServiceManagerUtils.h>
-
-#ifdef HAVE_NSIMUTABLEARRAY_H
-#include <nsIMutableArray.h>
-#endif
-
-#include "ephy-file-helpers.h"
-#include "ephy-gui.h"
-#include "ephy-password-dialog.h"
-#include "ephy-stock-icons.h"
-
-#include "AutoJSContextStack.h"
-#include "AutoWindowModalState.h"
-#include "EphyUtils.h"
-
-#include "GtkNSSDialogs.h"
-
-NS_DEFINE_CID (kX509CertCID, NS_IX509CERT_IID);
-NS_DEFINE_CID (kASN1ObjectCID, NS_IASN1OBJECT_IID);
-
-enum
-{
- NSSDIALOG_RESPONSE_VIEW_CERT = 10
-};
-
-GtkNSSDialogs::GtkNSSDialogs ()
-{
-}
-
-GtkNSSDialogs::~GtkNSSDialogs ()
-{
-}
-
-NS_IMPL_THREADSAFE_ISUPPORTS5 (GtkNSSDialogs,
- nsICertificateDialogs,
- nsIBadCertListener,
- nsITokenPasswordDialogs,
- nsITokenDialogs,
- nsIDOMCryptoDialogs)
-
-/* There's also nsICertPickDialogs which is implemented in mozilla
- * but has no callers. So we don't implement it.
- * Same for nsIUserCertPicker which is only used in mailnews.
- */
-
-/**
- * Call the mozilla service to display a certificate
- */
-static void
-view_certificate (nsIInterfaceRequestor *ctx, nsIX509Cert *cert)
-{
- nsresult rv;
- nsCOMPtr<nsICertificateDialogs> certDialogs =
- do_GetService (NS_CERTIFICATEDIALOGS_CONTRACTID, &rv);
- NS_ENSURE_SUCCESS (rv, );
-
- certDialogs->ViewCert (ctx, cert);
-}
-
-/**
- * Indent a widget according the HIG
- *
- * @returns: The new indented widget
- */
-static GtkWidget*
-higgy_indent_widget (GtkWidget *widget)
-{
- GtkWidget *hbox;
- GtkWidget *label;
-
- hbox = gtk_hbox_new (FALSE, 6);
-
- label = gtk_label_new (NULL);
- gtk_box_pack_start (GTK_BOX(hbox), label, FALSE, TRUE, 6);
- gtk_widget_show (label);
-
- gtk_box_pack_start (GTK_BOX(hbox), widget, TRUE, TRUE, 0);
-
- return hbox;
-}
-
-/**
- * Setup up a dialog with the correct HIG'gy spacings, adding the content_widget
- */
-static void
-higgy_setup_dialog (GtkDialog *dialog, const gchar *stock_icon,
- GtkWidget **content_label,
- GtkWidget **content_vbox)
-{
- GtkWidget *hbox, *label, *image, *vbox;
-
- g_return_if_fail (GTK_IS_DIALOG (dialog));
- g_return_if_fail (content_label);
-
- gtk_dialog_set_has_separator (dialog, FALSE);
- gtk_window_set_resizable (GTK_WINDOW (dialog), FALSE);
- gtk_container_set_border_width (GTK_CONTAINER (dialog), 5);
-
- hbox = gtk_hbox_new (FALSE, 12);
- gtk_container_set_border_width (GTK_CONTAINER (hbox), 5);
- gtk_container_add (GTK_CONTAINER (GTK_DIALOG (dialog)->vbox), hbox);
-
- image = gtk_image_new_from_stock (stock_icon, GTK_ICON_SIZE_DIALOG);
- gtk_misc_set_alignment (GTK_MISC (image), 0.5, 0.0);
- gtk_box_pack_start (GTK_BOX (hbox), image, FALSE, FALSE, 0);
-
- vbox = gtk_vbox_new (FALSE, 12);
- gtk_box_pack_start (GTK_BOX (hbox), vbox, TRUE, TRUE, 0);
-
- label = gtk_label_new (NULL);
- gtk_label_set_use_markup (GTK_LABEL (label), TRUE);
- gtk_label_set_line_wrap (GTK_LABEL (label), TRUE);
- gtk_label_set_selectable (GTK_LABEL (label), TRUE);
- gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.0);
-
- gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
-
- gtk_widget_show (image);
- gtk_widget_show (vbox);
- gtk_widget_show (hbox);
- gtk_widget_show (label);
-
- /* Set up the spacing for the dialog internal widgets */
- gtk_box_set_spacing (GTK_BOX(dialog->vbox), 14); /* 24 = 2 * 5 + 14 */
-
- *content_label = label;
- if (content_vbox)
- {
- *content_vbox = vbox;
- }
-}
-
-
-/**
- * Display a dialog box, showing 'View Certificate', 'Cancel',
- * and 'Accept' buttons. Optionally a checkbox can be shown,
- * or the text can be NULL to avoid it being displayed
- *
- * @returns: GTK_RESPONSE_ACCEPT if the user clicked Accept
- */
-static gint
-display_cert_warning_box (nsIInterfaceRequestor *ctx,
- nsIX509Cert *cert,
- const char *markup_text,
- const char *checkbox_text,
- gboolean *checkbox_value,
- const char *affirmative_text)
-{
- GtkWidget *dialog, *label, *checkbox, *vbox, *button;
- int res;
-
- g_return_val_if_fail (markup_text, GTK_RESPONSE_CANCEL);
- g_return_val_if_fail (!checkbox_text || checkbox_value, GTK_RESPONSE_CANCEL);
-
- nsresult rv;
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- /* NOTE: Due to a mozilla bug [https://bugzilla.mozilla.org/show_bug.cgi?id=306288],
- * we will always end up without a parent!
- */
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
- GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
-
- AutoWindowModalState modalState (parent);
-
- dialog = gtk_dialog_new_with_buttons ("", gparent,
- GTK_DIALOG_DESTROY_WITH_PARENT,
- (char *) NULL);
- if (gparent)
- {
- gtk_window_group_add_window (ephy_gui_ensure_window_group (gparent),
- GTK_WINDOW (dialog));
- }
-
- gtk_dialog_set_has_separator (GTK_DIALOG (dialog), FALSE);
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
-
- higgy_setup_dialog (GTK_DIALOG (dialog),
- GTK_STOCK_DIALOG_WARNING, &label, &vbox);
-
- /* Add the buttons */
- gtk_dialog_add_button (GTK_DIALOG (dialog), _("_View Certificate"),
- NSSDIALOG_RESPONSE_VIEW_CERT);
-
- gtk_dialog_add_button (GTK_DIALOG (dialog), GTK_STOCK_CANCEL,
- GTK_RESPONSE_CANCEL);
-
- if (affirmative_text == NULL)
- {
- affirmative_text = _("_Accept");
- }
-
- button = gtk_dialog_add_button (GTK_DIALOG (dialog),
- affirmative_text,
- GTK_RESPONSE_ACCEPT);
- gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_ACCEPT);
-
- if (checkbox_text)
- {
- checkbox = gtk_check_button_new_with_mnemonic (checkbox_text);
- gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (checkbox),
- *checkbox_value);
-
- gtk_box_pack_start (GTK_BOX (vbox), checkbox, TRUE, TRUE, 0);
- }
- else
- {
- checkbox = 0;
- }
-
- /* We don't want focus on the checkbox */
- gtk_widget_grab_focus (button);
-
- gtk_label_set_markup (GTK_LABEL (label), markup_text);
- gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_ACCEPT);
- gtk_widget_show_all (dialog);
-
- while (1)
- {
- res = gtk_dialog_run (GTK_DIALOG (dialog));
- if (res == NSSDIALOG_RESPONSE_VIEW_CERT)
- {
- view_certificate (ctx, cert);
- continue;
- }
-
- break;
- }
-
- if (res == GTK_RESPONSE_ACCEPT && checkbox)
- {
- *checkbox_value = gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (checkbox));
- }
-
- gtk_widget_destroy (dialog);
- return res;
-}
-
-
-/* Helper functions */
-
-nsresult
-GtkNSSDialogs::GetTokenAndSlotFromName (const PRUnichar *aName,
- nsIPK11Token **aToken,
- nsIPKCS11Slot **aSlot)
-{
- nsresult rv = NS_ERROR_FAILURE;
- *aToken = nsnull;
- *aSlot = nsnull;
-
- nsCOMPtr<nsIPK11TokenDB> tokenDB = do_GetService("@mozilla.org/security/pk11tokendb;1");
- nsCOMPtr<nsIPKCS11ModuleDB> pkcs11DB = do_GetService("@mozilla.org/security/pkcs11moduledb;1");
- if (!tokenDB || !pkcs11DB) return rv;
-
- rv = tokenDB->FindTokenByName (aName, aToken);
- NS_ENSURE_TRUE (NS_SUCCEEDED (rv) && *aToken, rv);
-
- pkcs11DB->FindSlotByName (aName, aSlot);
-
- NS_ENSURE_TRUE (*aSlot, NS_ERROR_FAILURE);
-
-#ifdef GNOME_ENABLE_DEBUG
- /* Dump some info about this token */
- nsIPK11Token *token = *aToken;
- PRUnichar *tName, *tLabel, *tManID, *tHWVersion, *tFWVersion, *tSN;
- PRInt32 minPwdLen;
- PRBool needsInit, isHW, needsLogin, isFriendly;
-
- token->GetTokenName(&tName);
- token->GetTokenLabel(&tLabel);
- token->GetTokenManID(&tManID);
- token->GetTokenHWVersion(&tHWVersion);
- token->GetTokenFWVersion(&tFWVersion);
- token->GetTokenSerialNumber(&tSN);
- token->GetMinimumPasswordLength(&minPwdLen);
- token->GetNeedsUserInit(&needsInit);
- token->IsHardwareToken(&isHW);
- token->NeedsLogin(&needsLogin);
- token->IsFriendly(&isFriendly);
-
- g_print ("Token '%s' has \nName: %s\nLabel: %s\nManID: %s\nHWversion: %s\nFWVersion: %s\nSN: %s\n"
- "MinPwdLen: %d\nNeedsUserInit: %d\nIsHWToken: %d\nNeedsLogin: %d\nIsFriendly: %d\n\n",
- NS_ConvertUTF16toUTF8(aName).get(),
-
- NS_ConvertUTF16toUTF8(tName).get(),
- NS_ConvertUTF16toUTF8(tLabel).get(),
- NS_ConvertUTF16toUTF8(tManID).get(),
- NS_ConvertUTF16toUTF8(tHWVersion).get(),
- NS_ConvertUTF16toUTF8(tFWVersion).get(),
- NS_ConvertUTF16toUTF8(tSN).get(),
- minPwdLen,
- needsInit,
- isHW,
- needsLogin,
- isFriendly);
-
- nsIPKCS11Slot *slot = *aSlot;
- PRUnichar*slDesc;
- slot->GetDesc(&slDesc);
- g_print ("Slot description: %s\n", NS_ConvertUTF16toUTF8 (slDesc).get());
-#endif
-
- return NS_OK;
-}
-
-/* nsICertificateDialogs */
-
-NS_IMETHODIMP
-GtkNSSDialogs::ConfirmMismatchDomain (nsIInterfaceRequestor *ctx,
- const nsACString &targetURL,
- nsIX509Cert *cert, PRBool *_retval)
-{
- char *first, *second, *msg;
- int res;
-
- nsString commonName;
- cert->GetCommonName (commonName);
-
- NS_ConvertUTF16toUTF8 cCommonName (commonName);
-
- nsCString cTargetUrl (targetURL);
-
- first = g_markup_printf_escaped (_("The site “%s” returned security information for "
- "“%s”. It is possible that someone is intercepting "
- "your communication to obtain your confidential "
- "information."),
- cTargetUrl.get(), cCommonName.get());
-
- second = g_markup_printf_escaped (_("You should only accept the security information if you "
- "trust “%s” and “%s”."),
- cTargetUrl.get(), cCommonName.get());
-
- msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s\n\n%s",
- _("Accept incorrect security information?"),
- first, second);
-
- res = display_cert_warning_box (ctx, cert, msg, NULL, NULL, NULL);
-
- g_free (second);
- g_free (first);
- g_free (msg);
-
- *_retval = (res == GTK_RESPONSE_ACCEPT);
- return NS_OK;
-}
-
-
-NS_IMETHODIMP
-GtkNSSDialogs::ConfirmUnknownIssuer (nsIInterfaceRequestor *ctx,
- nsIX509Cert *cert, PRInt16 *outAddType,
- PRBool *_retval)
-{
- gboolean accept_perm = FALSE;
- char *secondary, *tertiary, *msg;
- int res;
-
- nsString commonName;
- cert->GetCommonName (commonName);
-
- NS_ConvertUTF16toUTF8 cCommonName (commonName);
-
- secondary = g_markup_printf_escaped
- (_("It was not possible to automatically trust “%s”. "
- "It is possible that someone is intercepting your "
- "communication to obtain your confidential information."),
- cCommonName.get());
-
- tertiary = g_markup_printf_escaped
- (_("You should only connect to the site if you are certain "
- "you are connected to “%s”."),
- cCommonName.get());
-
- msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s\n\n%s",
- _("Connect to untrusted site?"),
- secondary, tertiary);
-
- res = display_cert_warning_box (ctx, cert, msg,
- _("_Trust this security information from now on"),
- &accept_perm, _("Co_nnect"));
- g_free (tertiary);
- g_free (secondary);
- g_free (msg);
-
- if (res != GTK_RESPONSE_ACCEPT)
- {
- *_retval = PR_FALSE;
- *outAddType = UNINIT_ADD_FLAG;
- }
- else
- {
- if (accept_perm)
- {
- *_retval = PR_TRUE;
- *outAddType = ADD_TRUSTED_PERMANENTLY;
- }
- else
- {
- *_retval = PR_TRUE;
- *outAddType = ADD_TRUSTED_FOR_SESSION;
- }
- }
-
- return NS_OK;
-}
-
-
-/* boolean confirmCertExpired (in nsIInterfaceRequestor socketInfo,
- in nsIX509Cert cert); */
-NS_IMETHODIMP
-GtkNSSDialogs::ConfirmCertExpired (nsIInterfaceRequestor *ctx,
- nsIX509Cert *cert, PRBool *_retval)
-{
- nsresult rv;
- PRTime now = PR_Now();
- PRTime notAfter, notBefore, timeToUse;
- PRInt64 normalizedTime;
- time_t t;
- struct tm tm;
- char formattedDate[128];
- char *fdate;
- const char *primary, *text;
- char *secondary, *msg;
-
- *_retval = PR_FALSE;
-
- nsCOMPtr<nsIX509CertValidity> validity;
- rv = cert->GetValidity (getter_AddRefs(validity));
- if (NS_FAILED(rv)) return rv;
-
- rv = validity->GetNotAfter (&notAfter);
- if (NS_FAILED(rv)) return rv;
-
- rv = validity->GetNotBefore (&notBefore);
- if (NS_FAILED(rv)) return rv;
-
- if (LL_CMP(now, >, notAfter))
- {
- primary = _("Accept expired security information?");
- /* Translators: first %s is a hostname, second %s is a time/date */
- text = _("The security information for “%s” "
- "expired on %s.");
- timeToUse = notAfter;
- }
- else
- {
- primary = _("Accept not yet valid security information?");
- /* Translators: first %s is a hostname, second %s is a time/date */
- text = _("The security information for “%s” isn't valid until %s.");
- timeToUse = notBefore;
- }
-
- nsString commonName;
- cert->GetCommonName (commonName);
-
- NS_ConvertUTF16toUTF8 cCommonName (commonName);
-
- LL_DIV (normalizedTime, timeToUse, PR_USEC_PER_SEC);
- LL_L2UI (t, normalizedTime);
- /* To translators: this a time format that is used while displaying the
- * expiry or start date of an SSL certificate, for the format see
- * strftime(3) */
- strftime (formattedDate, sizeof(formattedDate), _("%a %d %b %Y"),
- localtime_r (&t, &tm));
- /* FIXME! this isn't actually correct, LC_CTIME codeset could be different than locale codeset! */
- fdate = g_locale_to_utf8 (formattedDate, -1, NULL, NULL, NULL);
-
- secondary = g_markup_printf_escaped (text, cCommonName.get(), fdate);
-
- msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s\n\n%s",
- primary, secondary,
- _("You should ensure that your computer's time is correct."));
-
- int res = display_cert_warning_box (ctx, cert, msg, NULL, NULL, NULL);
-
- g_free (fdate);
- g_free (msg);
- g_free (secondary);
-
- *_retval = (res == GTK_RESPONSE_ACCEPT);
-
- return NS_OK;
-}
-
-/* void notifyCrlNextupdate (in nsIInterfaceRequestor socketInfo,
- in AUTF8String targetURL,
- in nsIX509Cert cert); */
-NS_IMETHODIMP
-GtkNSSDialogs::NotifyCrlNextupdate (nsIInterfaceRequestor *ctx,
- const nsACString & targetURL,
- nsIX509Cert *cert)
-{
- nsCOMPtr<nsIDOMWindow> parent = do_GetInterface (ctx);
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- nsCString cTargetUrl (targetURL);
-
- nsString commonName;
- cert->GetCommonName (commonName);
-
- GtkWidget *dialog = gtk_message_dialog_new
- (GTK_WINDOW (gparent),
- GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_MESSAGE_ERROR,
- GTK_BUTTONS_OK,
- _("Cannot establish connection to “%s”"),
- cTargetUrl.get ());
-
- gtk_message_dialog_format_secondary_text
- (GTK_MESSAGE_DIALOG (dialog),
- _("The certificate revocation list (CRL) from “%s” "
- "needs to be updated.\n\n"
- "Please ask your system administrator for assistance."),
- NS_ConvertUTF16toUTF8 (commonName).get ());
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
-
- g_signal_connect (dialog, "response",
- (GCallback) gtk_widget_destroy, NULL);
-
- gtk_widget_show_all (dialog);
- return NS_OK;
-}
-
-NS_IMETHODIMP
-GtkNSSDialogs::ConfirmDownloadCACert(nsIInterfaceRequestor *ctx,
- nsIX509Cert *cert,
- PRUint32 *_trust,
- PRBool *_retval)
-{
- GtkWidget *dialog, *label;
- char *msg, *primary;
-
- nsresult rv;
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
- GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
-
- AutoWindowModalState modalState (parent);
-
- dialog = gtk_dialog_new_with_buttons (_("Trust new Certificate Authority?"), gparent,
- GTK_DIALOG_DESTROY_WITH_PARENT,
- _("_View Certificate"),
- NSSDIALOG_RESPONSE_VIEW_CERT,
- GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL,
- _("_Trust CA"), GTK_RESPONSE_ACCEPT,
- (char *) NULL);
-
- if (gparent)
- {
- gtk_window_group_add_window (ephy_gui_ensure_window_group (gparent),
- GTK_WINDOW (dialog));
- }
-
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
-
- higgy_setup_dialog (GTK_DIALOG (dialog), GTK_STOCK_DIALOG_WARNING,
- &label, NULL);
- gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_ACCEPT);
-
- nsString commonName;
- cert->GetCommonName (commonName);
-
- NS_ConvertUTF16toUTF8 cCommonName (commonName);
-
- primary = g_markup_printf_escaped (_("Trust new Certificate Authority “%s” to identify web sites?"),
- cCommonName.get());
-
- msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s",
- primary,
- _("Before trusting a Certificate Authority (CA) you should "
- "verify the certificate is authentic."));
- gtk_label_set_markup (GTK_LABEL (label), msg);
- g_free (primary);
- g_free (msg);
-
- gtk_widget_show_all (dialog);
- int ret;
-
- while (1)
- {
- ret = gtk_dialog_run (GTK_DIALOG (dialog));
- if (ret == NSSDIALOG_RESPONSE_VIEW_CERT)
- {
- view_certificate (ctx, cert);
- continue;
- }
-
- break;
- }
-
- if (ret != GTK_RESPONSE_ACCEPT)
- {
- *_retval = PR_FALSE;
- }
- else
- {
- if (ret == GTK_RESPONSE_ACCEPT)
- {
- *_trust |= nsIX509CertDB::TRUSTED_SSL;
- }
- else
- {
- *_trust = nsIX509CertDB::UNTRUSTED;
- }
-
- *_retval = PR_TRUE;
- }
- gtk_widget_destroy (dialog);
-
- return NS_OK;
-}
-
-
-NS_IMETHODIMP
-GtkNSSDialogs::NotifyCACertExists (nsIInterfaceRequestor *ctx)
-{
- GtkWidget *dialog, *label;
- char * msg;
-
- nsCOMPtr<nsIDOMWindow> parent = do_GetInterface (ctx);
- GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
-
- dialog = gtk_dialog_new_with_buttons ("", gparent,
- GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_OK,
- GTK_RESPONSE_OK,
- (char *) NULL);
-
- if (gparent)
- {
- gtk_window_group_add_window (ephy_gui_ensure_window_group (gparent),
- GTK_WINDOW (dialog));
- }
-
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
-
- higgy_setup_dialog (GTK_DIALOG (dialog), GTK_STOCK_DIALOG_ERROR,
- &label, NULL);
-
- msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>\n\n%s",
- _("Certificate already exists."),
- _("The certificate has already been imported."));
- gtk_label_set_markup (GTK_LABEL (label), msg);
- g_free (msg);
-
- g_signal_connect (G_OBJECT (dialog),
- "response",
- (GCallback)gtk_widget_destroy, NULL);
-
- gtk_widget_show_all (dialog);
- return NS_OK;
-}
-
-/* FIXME: This interface sucks! There is way to know the name of the certificate! */
-NS_IMETHODIMP
-GtkNSSDialogs::SetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
- nsAString &_password,
- PRBool *_retval)
-{
- GtkWidget *dialog;
- char *msg;
-
- nsresult rv;
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- AutoWindowModalState modalState (parent);
-
- dialog = ephy_password_dialog_new (gparent,
- _("Select Password"),
- EphyPasswordDialogFlags(EPHY_PASSWORD_DIALOG_FLAGS_SHOW_NEW_PASSWORD |
- EPHY_PASSWORD_DIALOG_FLAGS_SHOW_QUALITY_METER));
- gtk_window_set_modal (GTK_WINDOW (dialog), TRUE);
- gtk_window_set_destroy_with_parent (GTK_WINDOW (dialog), TRUE);
-
- /* FIXME: set accept button text to (_("_Back Up Certificate") ?
- * That's not actually correct, since this function is also called from other places!
- */
-
- msg = g_markup_printf_escaped (_("Select a password to protect this certificate"));
- gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog), msg);
- g_free (msg);
-
- int response = gtk_dialog_run (GTK_DIALOG (dialog));
- gtk_widget_hide (dialog);
-
- if (response == GTK_RESPONSE_ACCEPT)
- {
- const char *text = ephy_password_dialog_get_new_password (EPHY_PASSWORD_DIALOG (dialog));
- g_return_val_if_fail (text != NULL, NS_ERROR_FAILURE);
- NS_CStringToUTF16 (nsDependentCString (text),
- NS_CSTRING_ENCODING_UTF8, _password);
- }
-
- *_retval = response == GTK_RESPONSE_ACCEPT;
-
- gtk_widget_destroy (dialog);
-
- return NS_OK;
-}
-
-NS_IMETHODIMP
-GtkNSSDialogs::GetPKCS12FilePassword(nsIInterfaceRequestor *ctx,
- nsAString &_password,
- PRBool *_retval)
-{
- g_print ("GtkNSSDialogs::GetPKCS12FilePassword\n");
-
- nsresult rv;
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- AutoWindowModalState modalState (parent);
-
- GtkWidget *dialog = ephy_password_dialog_new
- (gparent,
- "",
- EphyPasswordDialogFlags (EPHY_PASSWORD_DIALOG_FLAGS_SHOW_PASSWORD));
- EphyPasswordDialog *password_dialog = EPHY_PASSWORD_DIALOG (dialog);
- /* FIXME: set accept button text to _("I_mport Certificate") ? */
-
- gtk_window_set_destroy_with_parent (GTK_WINDOW (dialog), TRUE);
-
- /* FIXME: mozilla sucks, no way to get the name of the certificate / cert file! */
- char *msg = g_markup_printf_escaped (_("Enter the password for this certificate"));
- gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog), msg);
- g_free (msg);
-
- int response = gtk_dialog_run (GTK_DIALOG (dialog));
-
- if (response == GTK_RESPONSE_ACCEPT)
- {
- const char *pwd = ephy_password_dialog_get_password (password_dialog);
- NS_CStringToUTF16 (nsDependentCString (pwd),
- NS_CSTRING_ENCODING_UTF8, _password);
- }
-
- *_retval = response == GTK_RESPONSE_ACCEPT;
-
- gtk_widget_destroy (dialog);
-
- return NS_OK;
-}
-
-
-static void
-set_table_row (GtkWidget *table,
- int& row,
- const char *title,
- const char *text)
-{
- GtkWidget *header, *label;
- char *bold;
-
- if (text == NULL || text[0] == 0) return;
-
- bold = g_markup_printf_escaped ("<b>%s</b>", title);
- header = gtk_label_new (bold);
- g_free (bold);
-
- gtk_label_set_use_markup (GTK_LABEL (header), TRUE);
- gtk_misc_set_alignment (GTK_MISC (header), 0, 0);
- gtk_widget_show (header);
- gtk_table_attach (GTK_TABLE (table), header, 0, 1, row, row+1,
- GTK_FILL, GTK_FILL, 0, 0);
-
- label = gtk_label_new (text);
- gtk_misc_set_alignment (GTK_MISC (label), 0, 0);
- gtk_label_set_selectable (GTK_LABEL (label), TRUE);
- gtk_label_set_ellipsize (GTK_LABEL (label), PANGO_ELLIPSIZE_END);
- gtk_label_set_max_width_chars (GTK_LABEL (label), 48);
- gtk_widget_show (label);
- gtk_table_attach_defaults (GTK_TABLE (table), label, 1, 2, row, row+1);
-
- row++;
-}
-
-NS_IMETHODIMP
-GtkNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICRLInfo *crl)
-{
-
- GtkWidget *dialog, *label, *table, *vbox;
- nsresult rv;
- char *msg;
-
- nsCOMPtr<nsIDOMWindow> parent = do_GetInterface (ctx);
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- dialog = gtk_dialog_new_with_buttons ("",
- GTK_WINDOW (gparent),
- GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_OK, GTK_RESPONSE_OK,
- (char *) NULL);
-
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
- gtk_window_set_title (GTK_WINDOW (dialog), _("Certificate Revocation List Imported"));
-
- /* Needed because gparent == NULL always because of mozilla sucks */
- gtk_window_set_skip_pager_hint (GTK_WINDOW (dialog), TRUE);
- gtk_window_set_skip_taskbar_hint (GTK_WINDOW (dialog), TRUE);
-
- higgy_setup_dialog (GTK_DIALOG (dialog), GTK_STOCK_DIALOG_INFO,
- &label, &vbox);
-
- msg = g_strdup_printf ("<span weight=\"bold\" size=\"larger\">%s</span>",
- _("Certificate Revocation List (CRL) successfully imported"));
- gtk_label_set_markup (GTK_LABEL (label), msg);
- g_free (msg);
-
- table = gtk_table_new (2, 3, FALSE);
- gtk_table_set_row_spacings (GTK_TABLE (table), 6);
- gtk_table_set_col_spacings (GTK_TABLE (table), 12);
-
- nsString org, orgUnit, nextUpdate;
- rv = crl->GetOrganization (org);
- if (NS_FAILED(rv)) return rv;
-
- rv = crl->GetOrganizationalUnit (orgUnit);
- if (NS_FAILED(rv)) return rv;
-
- rv = crl->GetNextUpdateLocale (nextUpdate);
- if (NS_FAILED(rv)) return rv;
-
- int row = 0;
- set_table_row (table, row, _("Organization:"), NS_ConvertUTF16toUTF8 (org).get ());
-
- set_table_row (table, row, _("Unit:"), NS_ConvertUTF16toUTF8 (orgUnit).get ());
-
- set_table_row (table, row, _("Next Update:"), NS_ConvertUTF16toUTF8 (nextUpdate).get ());
-
- gtk_box_pack_start (GTK_BOX (vbox), table, FALSE, FALSE, 0);
-
- gtk_widget_show_all (dialog);
- g_signal_connect (G_OBJECT (dialog),
- "response",
- (GCallback)gtk_widget_destroy, NULL);
-
- gtk_widget_show_all (dialog);
- return NS_OK;
-}
-
-/**
- * Help function to fill in the labels on the General tab
- */
-static void
-set_label_cert_attribute (GladeXML* gxml, const char* label_id, nsAString &value)
-{
- GtkWidget *label;
- label = glade_xml_get_widget (gxml, label_id);
-
- g_return_if_fail (GTK_IS_LABEL (label));
-
- if (!value.Length()) {
- gtk_label_set_use_markup (GTK_LABEL (label), TRUE);
- char *msg = g_strdup_printf ("<i>&lt;%s&gt;</i>",
- _("Not part of certificate"));
- gtk_label_set_markup (GTK_LABEL (label), msg);
- g_free (msg);
- }
- else
- {
- gtk_label_set_use_markup (GTK_LABEL (label), FALSE);
- gtk_label_set_text (GTK_LABEL (label), NS_ConvertUTF16toUTF8 (value).get());
- }
-}
-
-
-/**
- * Do that actual filling in of the certificate tree
- */
-static gboolean
-fill_cert_chain_tree (GtkTreeView *treeview, nsIArray *certChain)
-{
- nsresult rv;
- GtkTreeModel * model = gtk_tree_view_get_model (treeview);
-
- GtkTreeIter parent;
- PRUint32 numCerts;
- rv = certChain->GetLength (&numCerts);
- if (NS_FAILED(rv) || numCerts < 1) return FALSE;
-
- for (int i = (int)numCerts-1 ; i >= 0; i--)
- {
- nsCOMPtr<nsIX509Cert> nsCert;
- rv = certChain->QueryElementAt (i, kX509CertCID,
- getter_AddRefs(nsCert));
- if (NS_FAILED(rv)) return FALSE;
-
- GtkTreeIter iter;
- gtk_tree_store_append (GTK_TREE_STORE (model), &iter,
- (i == (int)numCerts-1) ? NULL : &parent);
-
- nsString value;
- rv = nsCert->GetCommonName (value);
- if (NS_FAILED(rv)) return FALSE;
-
- NS_ConvertUTF16toUTF8 cValue (value);
-
- nsIX509Cert *nsCertP = nsCert;
- if (value.Length())
- {
- gtk_tree_store_set (GTK_TREE_STORE(model), &iter,
- 0, cValue.get(),
- 1, nsCertP,
- -1);
- }
- else
- {
- char * title;
- rv = nsCert->GetWindowTitle (&title);
- if (NS_FAILED(rv)) return FALSE;
-
- gtk_tree_store_set (GTK_TREE_STORE(model),
- &iter, 0, title, 1, nsCertP, -1);
- nsMemory::Free (title);
- }
- parent = iter;
- }
- gtk_tree_view_expand_all (GTK_TREE_VIEW (treeview));
-
- /* And select the last entry, and scroll the view so it's visible */
- GtkTreeSelection *select = gtk_tree_view_get_selection (treeview);
- GtkTreePath *path = gtk_tree_model_get_path (model, &parent);
- gtk_tree_selection_select_path (select, path);
- gtk_tree_view_scroll_to_cell (treeview, path, NULL, TRUE, 0.5, 0.0);
- gtk_tree_path_free (path);
-
- return TRUE;
-}
-
-/**
- * Add an ASN object to the treeview, recursing if the object was a
- * sequence
- */
-static void
-add_asn1_object_to_tree(GtkTreeModel *model, nsIASN1Object *object, GtkTreeIter *parent)
-{
- nsString dispNameU;
- object->GetDisplayName(dispNameU);
-
- GtkTreeIter iter;
- gtk_tree_store_append (GTK_TREE_STORE (model), &iter, parent);
-
- gtk_tree_store_set (GTK_TREE_STORE(model), &iter,
- 0, NS_ConvertUTF16toUTF8 (dispNameU).get(),
- 1, object,
- -1);
-
- nsCOMPtr<nsIASN1Sequence> sequence(do_QueryInterface(object));
- if (!sequence) return;
-
- nsCOMPtr<nsIMutableArray> asn1Objects;
- sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
-
- PRUint32 numObjects;
- asn1Objects->GetLength(&numObjects);
- if (!asn1Objects) return;
-
- for (PRUint32 i = 0; i < numObjects ; i++)
- {
- nsCOMPtr<nsIASN1Object> currObject;
- asn1Objects->QueryElementAt (i, kASN1ObjectCID,
- getter_AddRefs (currObject));
- add_asn1_object_to_tree (model, currObject, &iter);
- }
-}
-
-
-/**
- * Update the "Certificate Fields" treeview when a different cert
- * is selected in the hierarchy text view
- */
-static void
-cert_chain_tree_view_selection_changed_cb (GtkTreeSelection *selection,
- GtkWidget* tree_view)
-{
- GtkTreeIter iter;
- nsIX509Cert *nsCert;
- nsresult rv;
- GtkTreeModel * model;
-
- if (gtk_tree_selection_get_selected (selection, &model, &iter))
- {
- gtk_tree_model_get (model, &iter, 1, &nsCert, -1);
-
- nsCOMPtr<nsIASN1Object> object;
- rv = nsCert->GetASN1Structure (getter_AddRefs(object));
- if (NS_FAILED(rv)) return;
-
- model = gtk_tree_view_get_model (GTK_TREE_VIEW (tree_view));
- gtk_tree_store_clear (GTK_TREE_STORE (model));
- add_asn1_object_to_tree (model, object, NULL);
-
- gtk_tree_view_expand_all (GTK_TREE_VIEW (tree_view));
- }
-}
-
-/**
- * When the "Certificate Field" treeview is changed, update the
- * text_view to display the value of the currently selected field
- */
-static void
-field_tree_view_selection_changed_cb (GtkTreeSelection *selection,
- GtkWidget* text_view)
-{
- GtkTreeIter iter;
- GtkTreeModel *model;
- GtkTextBuffer * text_buffer =
- gtk_text_view_get_buffer (GTK_TEXT_VIEW (text_view));
-
- if (gtk_tree_selection_get_selected (selection, &model, &iter))
- {
- nsIASN1Object *object;
-
- gtk_tree_model_get (model, &iter, 1, &object, -1);
-
- nsString dispValU;
- object->GetDisplayValue(dispValU);
-
- gtk_text_buffer_set_text (text_buffer, NS_ConvertUTF16toUTF8 (dispValU).get(), -1);
- }
- else
- {
- gtk_text_buffer_set_text (text_buffer, "", 0);
- }
-}
-
-/**
- * Setup the various treeviews, the textview, and fill the treeviews
- */
-static gboolean
-setup_view_cert_tree (GtkWidget *dialog, GladeXML*gxml, nsIArray *certChain)
-{
- GtkCellRenderer *renderer;
- GtkWidget *chain_tree_view, *field_tree_view, *text_view;
- PangoFontDescription *monospace_font_desc;
- GConfClient *conf_client;
- char *monospace_font;
-
- chain_tree_view = glade_xml_get_widget (gxml, "treeview_cert_chain");
- field_tree_view = glade_xml_get_widget (gxml, "treeview_cert_info");
- text_view = glade_xml_get_widget (gxml, "textview_field_value");
-
- /* Setup the certificate chain view */
- GtkTreeStore *store = gtk_tree_store_new (2,
- G_TYPE_STRING,
- G_TYPE_POINTER);
- gtk_tree_view_set_model (GTK_TREE_VIEW (chain_tree_view), GTK_TREE_MODEL (store));
- g_object_unref (store);
-
-
- renderer = gtk_cell_renderer_text_new ();
- gtk_tree_view_insert_column_with_attributes (GTK_TREE_VIEW (chain_tree_view),
- 0, "Certificate",
- renderer,
- "text", 0,
- (char *) NULL);
-
- GtkTreeSelection *select = gtk_tree_view_get_selection (GTK_TREE_VIEW (chain_tree_view));
- gtk_tree_selection_set_mode (select, GTK_SELECTION_SINGLE);
-
- g_signal_connect (G_OBJECT (select), "changed",
- G_CALLBACK (cert_chain_tree_view_selection_changed_cb),
- field_tree_view);
-
- /* Setup the certificate field view */
- store = gtk_tree_store_new (2,
- G_TYPE_STRING,
- G_TYPE_POINTER);
- gtk_tree_view_set_model (GTK_TREE_VIEW (field_tree_view), GTK_TREE_MODEL (store));
- g_object_unref (store);
-
-
- gtk_tree_view_insert_column_with_attributes (GTK_TREE_VIEW (field_tree_view),
- 0, "Certificate Field",
- renderer,
- "text", 0,
- (char *) NULL);
-
- select = gtk_tree_view_get_selection (GTK_TREE_VIEW (field_tree_view));
- gtk_tree_selection_set_mode (select, GTK_SELECTION_SINGLE);
-
- g_signal_connect (G_OBJECT (select), "changed",
- G_CALLBACK (field_tree_view_selection_changed_cb),
- text_view);
-
- /* Get the text_view displaying a propertional font
- *
- * Pick up the monospace font from desktop preferences */
- conf_client = gconf_client_get_default ();
- monospace_font = gconf_client_get_string (conf_client,
- "/desktop/gnome/interface/monospace_font_name", NULL);
- if (monospace_font)
- {
- monospace_font_desc = pango_font_description_from_string (monospace_font);
- gtk_widget_modify_font (text_view, monospace_font_desc);
- pango_font_description_free (monospace_font_desc);
- }
- g_object_unref (conf_client);
-
- /* And fill the certificate chain tree */
- return fill_cert_chain_tree (GTK_TREE_VIEW (chain_tree_view), certChain);
-}
-
-/* void viewCert (in nsIX509Cert cert); */
-NS_IMETHODIMP
-GtkNSSDialogs::ViewCert(nsIInterfaceRequestor *ctx,
- nsIX509Cert *cert)
-{
- GtkWidget *dialog, *widget;
- GladeXML *gxml;
- nsString value;
- PRUint32 verifystate, count;
- PRUnichar ** usage;
- GtkSizeGroup * sizegroup;
-
- nsresult rv;
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- gxml = glade_xml_new (ephy_file ("certificate-dialogs.glade"),
- "viewcert_dialog", NULL);
- g_return_val_if_fail (gxml != NULL, NS_ERROR_FAILURE);
-
- dialog = glade_xml_get_widget (gxml, "viewcert_dialog");
- g_return_val_if_fail (dialog != NULL, NS_ERROR_FAILURE);
-
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (ctx));
- GtkWindow *gparent = GTK_WINDOW (EphyUtils::FindGtkParent (parent));
-
- AutoWindowModalState modalState (parent);
-
- if (gparent)
- {
- gtk_window_set_transient_for (GTK_WINDOW(dialog), GTK_WINDOW(gparent));
- gtk_window_group_add_window (ephy_gui_ensure_window_group (GTK_WINDOW (gparent)),
- GTK_WINDOW (dialog));
- gtk_window_set_destroy_with_parent (GTK_WINDOW (dialog), TRUE);
- }
-
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
-
- gtk_window_set_title (GTK_WINDOW (dialog), _("Certificate Properties"));
- gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_CLOSE);
-
- /* Set up the GtkSizeGroup so that the columns line up */
- sizegroup = gtk_size_group_new (GTK_SIZE_GROUP_HORIZONTAL);
- widget = glade_xml_get_widget (gxml, "label_size1");
- gtk_size_group_add_widget (sizegroup, widget);
- widget = glade_xml_get_widget (gxml, "label_size2");
- gtk_size_group_add_widget (sizegroup, widget);
- widget = glade_xml_get_widget (gxml, "label_size3");
- gtk_size_group_add_widget (sizegroup, widget);
- widget = glade_xml_get_widget (gxml, "label_size4");
- gtk_size_group_add_widget (sizegroup, widget);
- g_object_unref (sizegroup);
-
- rv = cert->GetUsagesArray (FALSE, &verifystate, &count, &usage);
- if (NS_FAILED(rv)) return rv;
-
- const char * text;
- switch (verifystate)
- {
- case nsIX509Cert::VERIFIED_OK:
- text = _("This certificate has been verified for the following uses:");
- break;
- case nsIX509Cert::CERT_REVOKED:
- text = _("Could not verify this certificate because it has been revoked.");
- break;
- case nsIX509Cert::CERT_EXPIRED:
- text = _("Could not verify this certificate because it has expired.");
- break;
- case nsIX509Cert::CERT_NOT_TRUSTED:
- text = _("Could not verify this certificate because it is not trusted.");
- break;
- case nsIX509Cert::ISSUER_NOT_TRUSTED:
- text = _("Could not verify this certificate because the issuer is not trusted.");
- break;
- case nsIX509Cert::ISSUER_UNKNOWN:
- text = _("Could not verify this certificate because the issuer is unknown.");
- break;
- case nsIX509Cert::INVALID_CA:
- text = _("Could not verify this certificate because the CA certificate is invalid.");
- break;
- case nsIX509Cert::NOT_VERIFIED_UNKNOWN:
- case nsIX509Cert::USAGE_NOT_ALLOWED:
- default:
- text = _("Could not verify this certificate for unknown reasons.");
- }
-
- char *vmsg = g_strdup_printf ("<b>%s</b>", text);
- widget = glade_xml_get_widget (gxml, "label_verify_text");
- g_return_val_if_fail (GTK_IS_LABEL (widget), NS_ERROR_FAILURE);
- gtk_label_set_markup (GTK_LABEL (widget), vmsg);
- g_free (vmsg);
-
- if (count > 0)
- {
- GtkWidget *vbox = gtk_vbox_new (FALSE, 3);
- GtkWidget *indent;
- for (PRUint32 i = 0 ; i < count ; i++)
- {
- GtkWidget *label = gtk_label_new (NS_ConvertUTF16toUTF8 (usage[i]).get());
- gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5);
- gtk_box_pack_start (GTK_BOX (vbox), label, FALSE, FALSE, 0);
- nsMemory::Free (usage[i]);
- }
- nsMemory::Free (usage);
- indent = higgy_indent_widget (vbox);
- widget = glade_xml_get_widget (gxml, "vbox_validity");
- g_return_val_if_fail (GTK_IS_BOX (widget), NS_ERROR_FAILURE);
-
- gtk_box_pack_start (GTK_BOX (widget), indent, FALSE, FALSE, 0);
- }
-
- cert->GetCommonName (value);
- set_label_cert_attribute (gxml, "label_cn", value);
-
- cert->GetOrganization (value);
- set_label_cert_attribute (gxml, "label_o", value);
-
- cert->GetOrganizationalUnit (value);
- set_label_cert_attribute (gxml, "label_ou", value);
-
- cert->GetSerialNumber (value);
- set_label_cert_attribute (gxml, "label_serial", value);
-
- rv = cert->GetIssuerCommonName (value);
- if (NS_FAILED(rv)) return rv;
- set_label_cert_attribute (gxml, "label_issuer_cn", value);
-
- cert->GetIssuerOrganization (value);
- set_label_cert_attribute (gxml, "label_issuer_o", value);
-
- cert->GetIssuerOrganizationUnit (value);
- set_label_cert_attribute (gxml, "label_issuer_ou", value);
-
- nsCOMPtr<nsIX509CertValidity> validity;
- rv = cert->GetValidity (getter_AddRefs(validity));
- if (NS_FAILED(rv)) return rv;
-
- rv = validity->GetNotAfterLocalDay (value);
- if (NS_FAILED(rv)) return rv;
- set_label_cert_attribute (gxml, "label_notafter", value);
-
- rv = validity->GetNotBeforeLocalDay (value);
- if (NS_FAILED(rv)) return rv;
- set_label_cert_attribute (gxml, "label_notbefore", value);
-
- cert->GetSha1Fingerprint (value);
- set_label_cert_attribute (gxml, "label_sha_print", value);
-
- cert->GetMd5Fingerprint (value);
- set_label_cert_attribute (gxml, "label_md5_print", value);
-
- /* Hold a reference to each certificate in the chain while the
- * dialog is displayed, this holds the reference for the ASN
- * objects as well */
-
- nsCOMPtr<nsIArray> certChain;
- rv = cert->GetChain (getter_AddRefs(certChain));
- if (NS_FAILED(rv)) return rv;
-
- gboolean ret = setup_view_cert_tree (dialog, gxml, certChain);
- if (ret == FALSE) return NS_ERROR_FAILURE;
-
- g_object_unref (gxml);
-
- gtk_widget_show_all (dialog);
-
- int res;
- while (1)
- {
- res = gtk_dialog_run (GTK_DIALOG (dialog));
- if (res == GTK_RESPONSE_HELP)
- {
- ephy_gui_help (GTK_WINDOW (dialog), "epiphany", "using-certificate-viewer");
- continue;
- }
- break;
- }
-
- gtk_widget_destroy (dialog);
- return NS_OK;
-}
-
-/* nsITokenPasswordDialogs */
-
-/* NOTE: This interface totally sucks, see https://bugzilla.mozilla.org/show_bug.cgi?id=306993 */
-
-/* void setPassword (in nsIInterfaceRequestor ctx, in wstring tokenName, out boolean canceled); */
-NS_IMETHODIMP
-GtkNSSDialogs::SetPassword(nsIInterfaceRequestor *aCtx,
- const PRUnichar *aTokenName,
- PRBool *aCancelled)
-{
- NS_ENSURE_ARG_POINTER(aCancelled);
-
- nsresult rv;
- nsCOMPtr<nsIPK11Token> token;
- nsCOMPtr<nsIPKCS11Slot> slot;
- rv = GetTokenAndSlotFromName (aTokenName, getter_AddRefs (token),
- getter_AddRefs (slot));
- NS_ENSURE_SUCCESS (rv, rv);
- NS_ENSURE_TRUE (token && slot, NS_ERROR_FAILURE);
-
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- PRUint32 status = nsIPKCS11Slot::SLOT_UNINITIALIZED;
- slot->GetStatus (&status);
-
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aCtx));
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- AutoWindowModalState modalState (parent);
-
- EphyPasswordDialogFlags flags =
- EphyPasswordDialogFlags (EPHY_PASSWORD_DIALOG_FLAGS_SHOW_NEW_PASSWORD |
- EPHY_PASSWORD_DIALOG_FLAGS_SHOW_QUALITY_METER);
- if (status != nsIPKCS11Slot::SLOT_UNINITIALIZED)
- flags = EphyPasswordDialogFlags (flags | EPHY_PASSWORD_DIALOG_FLAGS_SHOW_PASSWORD);
-
- GtkWidget *dialog = ephy_password_dialog_new
- (gparent,
- _("Change Token Password"),
- flags);
- EphyPasswordDialog *password_dialog = EPHY_PASSWORD_DIALOG (dialog);
-
- char *message;
- if (status == nsIPKCS11Slot::SLOT_UNINITIALIZED) {
- message = g_markup_printf_escaped (_("Choose a password for the “%s” token"),
- NS_ConvertUTF16toUTF8 (aTokenName).get ());
- } else {
- message = g_markup_printf_escaped (_("Change the password for the “%s” token"),
- NS_ConvertUTF16toUTF8 (aTokenName).get ());
- }
-
- gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog),
- message);
- g_free (message);
-
- int response;
- nsString oldPassword;
- PRBool pwdOk, needsLogin;
- do {
- response = gtk_dialog_run (GTK_DIALOG (dialog));
-
- if (status != nsIPKCS11Slot::SLOT_UNINITIALIZED)
- {
- const char *pwd = ephy_password_dialog_get_password (password_dialog);
- oldPassword = NS_ConvertUTF8toUTF16 (pwd);
- }
- } while (response == GTK_RESPONSE_OK &&
- status != nsIPKCS11Slot::SLOT_UNINITIALIZED &&
- NS_SUCCEEDED (token->NeedsLogin (&needsLogin)) && needsLogin &&
- NS_SUCCEEDED (token->CheckPassword (oldPassword.get (), &pwdOk) &&
- !pwdOk));
-
- if (response == GTK_RESPONSE_ACCEPT)
- {
- const char *pwd = ephy_password_dialog_get_new_password (password_dialog);
-
- NS_ConvertUTF8toUTF16 newPassword (pwd);
-
- if (status == nsIPKCS11Slot::SLOT_UNINITIALIZED)
- {
- rv = token->InitPassword (newPassword.get ());
- }
- else
- {
- rv = token->ChangePassword (oldPassword.get (),
- newPassword.get ());
- }
- }
- else
- {
- rv = NS_OK;
- }
-
- gtk_widget_destroy (GTK_WIDGET (dialog));
-
- *aCancelled = response != GTK_RESPONSE_ACCEPT;
-
- return rv;
-}
-
-/* void getPassword (in nsIInterfaceRequestor ctx, in wstring tokenName, out wstring password, out boolean canceled); */
-NS_IMETHODIMP
-GtkNSSDialogs::GetPassword(nsIInterfaceRequestor *aCtx,
- const PRUnichar *aTokenName,
- PRUnichar **aPassword,
- PRBool *aCancelled)
-{
- NS_ENSURE_ARG_POINTER(aCancelled);
-
- nsresult rv;
- nsCOMPtr<nsIPK11Token> token;
- nsCOMPtr<nsIPKCS11Slot> slot;
- rv = GetTokenAndSlotFromName (aTokenName, getter_AddRefs (token),
- getter_AddRefs (slot));
- NS_ENSURE_SUCCESS (rv, rv);
- NS_ENSURE_TRUE (token && slot, NS_ERROR_FAILURE);
-
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aCtx));
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- AutoWindowModalState modalState (parent);
-
- EphyPasswordDialogFlags flags =
- EphyPasswordDialogFlags (EPHY_PASSWORD_DIALOG_FLAGS_SHOW_PASSWORD);
-
- GtkWidget *dialog = ephy_password_dialog_new
- (gparent,
- _("Get Token Password"), /* FIXME */
- flags);
- EphyPasswordDialog *password_dialog = EPHY_PASSWORD_DIALOG (dialog);
-
- /* Translators: A "token" is something that enables the user to authenticate himself or
- * prove his credentials. This can be either a hardware device (e.g. a smart-card), or
- * a data file (e.g. a cryptographic certificate).
- */
- char *message = g_markup_printf_escaped (_("Please enter the password for the “%s” token"),
- NS_ConvertUTF16toUTF8 (aTokenName).get ());
- gtk_message_dialog_set_markup (GTK_MESSAGE_DIALOG (dialog),
- message);
- g_free (message);
-
- int response = gtk_dialog_run (GTK_DIALOG (dialog));
-
- if (response == GTK_RESPONSE_ACCEPT)
- {
- const char *pwd = ephy_password_dialog_get_password (password_dialog);
- *aPassword = NS_StringCloneData (NS_ConvertUTF8toUTF16 (pwd));
- }
-
- gtk_widget_destroy (GTK_WIDGET (dialog));
-
- *aCancelled = response != GTK_RESPONSE_ACCEPT;
-
- return NS_OK;
-}
-
-/* nsITokenDialogs */
-
-static void
-SelectionChangedCallback (GtkComboBox *combo,
- GtkDialog *dialog)
-{
- int active = gtk_combo_box_get_active (combo);
- gtk_dialog_set_response_sensitive (dialog, GTK_RESPONSE_ACCEPT, active >= 0);
-}
-
-/* void ChooseToken (in nsIInterfaceRequestor ctx,
- [array, size_is (count)] in wstring tokenNameList,
- in unsigned long count,
- out wstring tokenName,
- out boolean canceled); */
-NS_IMETHODIMP
-GtkNSSDialogs::ChooseToken (nsIInterfaceRequestor *aContext,
- const PRUnichar **tokenNameList,
- PRUint32 count,
- PRUnichar **_tokenName,
- PRBool *_cancelled)
-{
- NS_ENSURE_ARG (tokenNameList);
- NS_ENSURE_ARG (count);
-
- nsresult rv;
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
- /* Didn't you know it? MOZILLA SUCKS! ChooseToken is always called with |aContext| == NULL! See
- * http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/ssl/src/nsKeygenHandler.cpp&rev=1.39&mark=346#346
- * Need to investigate if we it's always called directly from code called from JS, in which case we
- * can use EphyJSUtils::GetDOMWindowFromCallContext.
- */
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aContext));
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- AutoWindowModalState modalState (parent);
-
- GtkWidget *dialog = gtk_message_dialog_new
- (GTK_WINDOW (gparent),
- GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_MESSAGE_OTHER,
- GTK_BUTTONS_CANCEL,
- _("Please select a token:"));
-
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
-
- GtkWidget *combo = gtk_combo_box_new_text ();
- for (PRUint32 i = 0; i < count; ++i) {
- gtk_combo_box_append_text (GTK_COMBO_BOX (combo),
- NS_ConvertUTF16toUTF8 (tokenNameList[i]).get ());
- }
- gtk_combo_box_set_active (GTK_COMBO_BOX (combo), -1);
- g_signal_connect (combo, "changed",
- G_CALLBACK (SelectionChangedCallback), dialog);
-
- /* FIXME: View Cert button? */
-
- GtkWidget *vbox = GTK_MESSAGE_DIALOG (dialog)->label->parent;
- gtk_box_pack_start (GTK_BOX (vbox), combo, FALSE, FALSE, 0);
-
- gtk_dialog_add_button (GTK_DIALOG (dialog),
- _("_Select"),
- GTK_RESPONSE_ACCEPT);
-
- gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_REJECT);
-
- int response = gtk_dialog_run (GTK_DIALOG (dialog));
- int selected = gtk_combo_box_get_active (GTK_COMBO_BOX (combo));
-
- gtk_widget_destroy (dialog);
-
- *_cancelled = response != GTK_RESPONSE_ACCEPT;
-
- if (response == GTK_RESPONSE_ACCEPT) {
- NS_ENSURE_TRUE (selected >= 0 && selected < (int) count, NS_ERROR_FAILURE);
- *_tokenName = NS_StringCloneData (nsDependentString (tokenNameList[selected]));
- }
-
- return NS_OK;
-}
-
-/* nsIDOMCryptoDialogs */
-
-/* Note: this interface sucks! See https://bugzilla.mozilla.org/show_bug.cgi?id=341914 */
-
-/* boolean ConfirmKeyEscrow (in nsIX509Cert escrowAuthority); */
-NS_IMETHODIMP
-GtkNSSDialogs::ConfirmKeyEscrow (nsIX509Cert *aEscrowAuthority,
- PRBool *_retval)
-{
- NS_ENSURE_ARG (aEscrowAuthority);
-
- nsresult rv;
- AutoJSContextStack stack;
- rv = stack.Init ();
- if (NS_FAILED (rv)) return rv;
-
-#if 0
- nsCOMPtr<nsIDOMWindow> parent (do_GetInterface (aCtx));
-#endif
- nsCOMPtr<nsIDOMWindow> parent (EphyJSUtils::GetDOMWindowFromCallContext ());
- GtkWidget *gparent = EphyUtils::FindGtkParent (parent);
-
- AutoWindowModalState modalState (parent);
-
- /* FIXME: is that guaranteed to be non-empty? */
- nsString commonName;
- aEscrowAuthority->GetCommonName (commonName);
-
- GtkWidget *dialog = gtk_message_dialog_new
- (GTK_WINDOW (gparent),
- GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_MESSAGE_WARNING /* QUESTION really but it's also a strong warnings... */,
- GTK_BUTTONS_NONE,
- _("Escrow the secret key?"));
-
- /* FIXME: If I understand the documentation of generateCRMFRequest
- * correctly, key escrow is never used for signing keys (if it were,
- * we'd have to warn that the cert authority can forge your signature
- * too).
- */
- gtk_message_dialog_format_secondary_text
- (GTK_MESSAGE_DIALOG (dialog),
- _("The certificate authority “%s” requests that you give it a copy "
- "of the newly generated secret key.\n\n"
- "This will enable the certificate authority read any "
- "communications encrypted with this key "
- "without your knowledge or consent.\n\n"
- "It is strongly recommended not to allow it."),
- NS_ConvertUTF16toUTF8 (commonName).get ());
-
- gtk_window_set_icon_name (GTK_WINDOW (dialog), EPHY_STOCK_EPHY);
-
- GtkWidget *button = gtk_dialog_add_button (GTK_DIALOG (dialog),
- _("_Reject"),
- GTK_RESPONSE_REJECT);
- gtk_dialog_add_button (GTK_DIALOG (dialog),
- _("_Allow"),
- GTK_RESPONSE_ACCEPT);
- /* FIXME: View Cert button? */
-
- gtk_dialog_set_default_response (GTK_DIALOG (dialog), GTK_RESPONSE_REJECT);
- gtk_widget_grab_focus (button);
-
- int response = gtk_dialog_run (GTK_DIALOG (dialog));
- gtk_widget_destroy (dialog);
-
- *_retval = response == GTK_RESPONSE_ACCEPT;
-
- return NS_OK;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 13:17:02 +0800