1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* ***** BEGIN LICENSE BLOCK *****
3 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 : *
5 : * The contents of this file are subject to the Mozilla Public License Version
6 : * 1.1 (the "License"); you may not use this file except in compliance with
7 : * the License. You may obtain a copy of the License at
8 : * http://www.mozilla.org/MPL/
9 : *
10 : * Software distributed under the License is distributed on an "AS IS" basis,
11 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 : * for the specific language governing rights and limitations under the
13 : * License.
14 : *
15 : * The Original Code is Mozilla Communicator.
16 : *
17 : * The Initial Developer of the Original Code is
18 : * Netscape Communications Corp..
19 : * Portions created by the Initial Developer are Copyright (C) 2001
20 : * the Initial Developer. All Rights Reserved.
21 : *
22 : * Contributor(s): Kai Engert <kaie@netscape.com>
23 : *
24 : * Alternatively, the contents of this file may be used under the terms of
25 : * either the GNU General Public License Version 2 or later (the "GPL"), or
26 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 : * in which case the provisions of the GPL or the LGPL are applicable instead
28 : * of those above. If you wish to allow use of your version of this file only
29 : * under the terms of either the GPL or the LGPL, and not to allow others to
30 : * use your version of this file under the terms of the MPL, indicate your
31 : * decision by deleting the provisions above and replace them with the notice
32 : * and other provisions required by the GPL or the LGPL. If you do not delete
33 : * the provisions above, a recipient may use your version of this file under
34 : * the terms of any one of the MPL, the GPL or the LGPL.
35 : *
36 : * ***** END LICENSE BLOCK ***** */
37 :
38 : #include "nsCertPicker.h"
39 : #include "nsMemory.h"
40 : #include "nsCOMPtr.h"
41 : #include "nsXPIDLString.h"
42 : #include "nsIServiceManager.h"
43 : #include "nsNSSComponent.h"
44 : #include "nsNSSCertificate.h"
45 : #include "nsReadableUtils.h"
46 : #include "nsNSSCleaner.h"
47 : #include "nsICertPickDialogs.h"
48 : #include "nsNSSShutDown.h"
49 : #include "nsNSSCertHelper.h"
50 :
51 0 : NSSCleanupAutoPtrClass(CERTCertNicknames, CERT_FreeNicknames)
52 0 : NSSCleanupAutoPtrClass(CERTCertList, CERT_DestroyCertList)
53 :
54 : #include "cert.h"
55 :
56 0 : NS_IMPL_ISUPPORTS1(nsCertPicker, nsIUserCertPicker)
57 :
58 0 : nsCertPicker::nsCertPicker()
59 : {
60 0 : }
61 :
62 0 : nsCertPicker::~nsCertPicker()
63 : {
64 0 : }
65 :
66 0 : NS_IMETHODIMP nsCertPicker::PickByUsage(nsIInterfaceRequestor *ctx,
67 : const PRUnichar *selectedNickname,
68 : PRInt32 certUsage,
69 : bool allowInvalid,
70 : bool allowDuplicateNicknames,
71 : bool *canceled,
72 : nsIX509Cert **_retval)
73 : {
74 0 : nsNSSShutDownPreventionLock locker;
75 0 : PRInt32 selectedIndex = -1;
76 0 : bool selectionFound = false;
77 0 : PRUnichar **certNicknameList = nsnull;
78 0 : PRUnichar **certDetailsList = nsnull;
79 0 : CERTCertListNode* node = nsnull;
80 0 : nsresult rv = NS_OK;
81 :
82 : {
83 : // Iterate over all certs. This assures that user is logged in to all hardware tokens.
84 0 : CERTCertList *allcerts = nsnull;
85 0 : nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
86 0 : allcerts = PK11_ListCerts(PK11CertListUnique, ctx);
87 0 : CERT_DestroyCertList(allcerts);
88 : }
89 :
90 : /* find all user certs that are valid and for SSL */
91 : /* note that we are allowing expired certs in this list */
92 :
93 : CERTCertList *certList =
94 : CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
95 : (SECCertUsage)certUsage,
96 0 : !allowDuplicateNicknames,
97 0 : !allowInvalid,
98 0 : ctx);
99 0 : CERTCertListCleaner clc(certList);
100 :
101 0 : if (!certList) {
102 0 : return NS_ERROR_NOT_AVAILABLE;
103 : }
104 :
105 0 : CERTCertNicknames *nicknames = getNSSCertNicknamesFromCertList(certList);
106 :
107 0 : CERTCertNicknamesCleaner cnc(nicknames);
108 :
109 0 : if (!nicknames) {
110 0 : return NS_ERROR_NOT_AVAILABLE;
111 : }
112 :
113 0 : certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
114 0 : certDetailsList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
115 :
116 0 : if (!certNicknameList || !certDetailsList) {
117 0 : nsMemory::Free(certNicknameList);
118 0 : nsMemory::Free(certDetailsList);
119 0 : return NS_ERROR_OUT_OF_MEMORY;
120 : }
121 :
122 : PRInt32 CertsToUse;
123 :
124 0 : for (CertsToUse = 0, node = CERT_LIST_HEAD(certList);
125 0 : !CERT_LIST_END(node, certList) && CertsToUse < nicknames->numnicknames;
126 : node = CERT_LIST_NEXT(node)
127 : )
128 : {
129 0 : nsNSSCertificate *tempCert = nsNSSCertificate::Create(node->cert);
130 :
131 0 : if (tempCert) {
132 :
133 : // XXX we really should be using an nsCOMPtr instead of manually add-refing,
134 : // but nsNSSCertificate does not have a default constructor.
135 :
136 0 : NS_ADDREF(tempCert);
137 :
138 0 : nsAutoString i_nickname(NS_ConvertUTF8toUTF16(nicknames->nicknames[CertsToUse]));
139 0 : nsAutoString nickWithSerial;
140 0 : nsAutoString details;
141 :
142 0 : if (!selectionFound) {
143 0 : if (i_nickname == nsDependentString(selectedNickname)) {
144 0 : selectedIndex = CertsToUse;
145 0 : selectionFound = true;
146 : }
147 : }
148 :
149 0 : if (NS_SUCCEEDED(tempCert->FormatUIStrings(i_nickname, nickWithSerial, details))) {
150 0 : certNicknameList[CertsToUse] = ToNewUnicode(nickWithSerial);
151 0 : certDetailsList[CertsToUse] = ToNewUnicode(details);
152 : }
153 : else {
154 0 : certNicknameList[CertsToUse] = nsnull;
155 0 : certDetailsList[CertsToUse] = nsnull;
156 : }
157 :
158 0 : NS_RELEASE(tempCert);
159 :
160 0 : ++CertsToUse;
161 : }
162 : }
163 :
164 0 : if (CertsToUse) {
165 0 : nsICertPickDialogs *dialogs = nsnull;
166 : rv = getNSSDialogs((void**)&dialogs,
167 : NS_GET_IID(nsICertPickDialogs),
168 0 : NS_CERTPICKDIALOGS_CONTRACTID);
169 :
170 0 : if (NS_SUCCEEDED(rv)) {
171 0 : nsPSMUITracker tracker;
172 0 : if (tracker.isUIForbidden()) {
173 0 : rv = NS_ERROR_NOT_AVAILABLE;
174 : }
175 : else {
176 : /* Throw up the cert picker dialog and get back the index of the selected cert */
177 : rv = dialogs->PickCertificate(ctx,
178 : (const PRUnichar**)certNicknameList, (const PRUnichar**)certDetailsList,
179 0 : CertsToUse, &selectedIndex, canceled);
180 : }
181 :
182 0 : NS_RELEASE(dialogs);
183 : }
184 : }
185 :
186 : PRInt32 i;
187 0 : for (i = 0; i < CertsToUse; ++i) {
188 0 : nsMemory::Free(certNicknameList[i]);
189 0 : nsMemory::Free(certDetailsList[i]);
190 : }
191 0 : nsMemory::Free(certNicknameList);
192 0 : nsMemory::Free(certDetailsList);
193 :
194 0 : if (!CertsToUse) {
195 0 : return NS_ERROR_NOT_AVAILABLE;
196 : }
197 :
198 0 : if (NS_SUCCEEDED(rv) && !*canceled) {
199 0 : for (i = 0, node = CERT_LIST_HEAD(certList);
200 0 : !CERT_LIST_END(node, certList);
201 : ++i, node = CERT_LIST_NEXT(node)) {
202 :
203 0 : if (i == selectedIndex) {
204 0 : nsNSSCertificate *cert = nsNSSCertificate::Create(node->cert);
205 0 : if (!cert) {
206 0 : rv = NS_ERROR_OUT_OF_MEMORY;
207 0 : break;
208 : }
209 :
210 0 : nsIX509Cert *x509 = 0;
211 0 : nsresult rv = cert->QueryInterface(NS_GET_IID(nsIX509Cert), (void**)&x509);
212 0 : if (NS_FAILED(rv)) {
213 0 : break;
214 : }
215 :
216 0 : NS_ADDREF(x509);
217 0 : *_retval = x509;
218 0 : NS_RELEASE(cert);
219 0 : break;
220 : }
221 : }
222 : }
223 :
224 0 : return rv;
225 : }
|