diff options
author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
---|---|---|
committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
tree | 10027f336435511475e392454359edea8e25895d /security/manager/pki/resources/content/certViewer.js | |
parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip |
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/manager/pki/resources/content/certViewer.js')
-rw-r--r-- | security/manager/pki/resources/content/certViewer.js | 354 |
1 files changed, 354 insertions, 0 deletions
diff --git a/security/manager/pki/resources/content/certViewer.js b/security/manager/pki/resources/content/certViewer.js new file mode 100644 index 000000000..c62507694 --- /dev/null +++ b/security/manager/pki/resources/content/certViewer.js @@ -0,0 +1,354 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +/** + * @file Implements functionality for certViewer.xul and its tabs certDump.xul + * and viewCertDetails.xul: a dialog that allows various attributes of a + * certificate to be viewed. + * @argument {nsISupports} window.arguments[0] + * The cert to view, queryable to nsIX509Cert. + */ + +const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components; +const { Services } = Cu.import("resource://gre/modules/Services.jsm", {}); + +const nsIX509Cert = Ci.nsIX509Cert; +const nsX509CertDB = "@mozilla.org/security/x509certdb;1"; +const nsIX509CertDB = Ci.nsIX509CertDB; +const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1"; +const nsIPK11TokenDB = Ci.nsIPK11TokenDB; +const nsIASN1Object = Ci.nsIASN1Object; +const nsIASN1Sequence = Ci.nsIASN1Sequence; +const nsIASN1PrintableItem = Ci.nsIASN1PrintableItem; +const nsIASN1Tree = Ci.nsIASN1Tree; +const nsASN1Tree = "@mozilla.org/security/nsASN1Tree;1"; + +var bundle; + +function doPrompt(msg) +{ + let prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]. + getService(Components.interfaces.nsIPromptService); + prompts.alert(window, null, msg); +} + +/** + * Fills out the "Certificate Hierarchy" tree of the cert viewer "Details" tab. + * + * @param {tree} node + * Parent tree node to append to. + * @param {nsIArray<nsIX509Cert>} chain + * Chain where cert element n is issued by cert element n + 1. + */ +function AddCertChain(node, chain) +{ + var child = document.getElementById(node); + var currCert; + var displayVal; + for (let i = chain.length - 1; i >= 0; i--) { + currCert = chain.queryElementAt(i, nsIX509Cert); + if (currCert.commonName) { + displayVal = currCert.commonName; + } else { + displayVal = currCert.windowTitle; + } + let addTwistie = i != 0; + child = addChildrenToTree(child, displayVal, currCert.dbKey, addTwistie); + } +} + +/** + * Adds a "verified usage" of a cert to the "General" tab of the cert viewer. + * + * @param {String} usage + * Verified usage to add. + */ +function AddUsage(usage) +{ + let verifyInfoBox = document.getElementById("verify_info_box"); + let text = document.createElement("textbox"); + text.setAttribute("value", usage); + text.setAttribute("style", "margin: 2px 5px"); + text.setAttribute("readonly", "true"); + text.setAttribute("class", "scrollfield"); + verifyInfoBox.appendChild(text); +} + +function setWindowName() +{ + bundle = document.getElementById("pippki_bundle"); + + let cert = window.arguments[0].QueryInterface(Ci.nsIX509Cert); + document.title = bundle.getFormattedString("certViewerTitle", + [cert.windowTitle]); + + // + // Set the cert attributes for viewing + // + + // The chain of trust + AddCertChain("treesetDump", cert.getChain()); + DisplayGeneralDataFromCert(cert); + BuildPrettyPrint(cert); + + asyncDetermineUsages(cert); +} + +// Certificate usages we care about in the certificate viewer. +const certificateUsageSSLClient = 0x0001; +const certificateUsageSSLServer = 0x0002; +const certificateUsageSSLCA = 0x0008; +const certificateUsageEmailSigner = 0x0010; +const certificateUsageEmailRecipient = 0x0020; +const certificateUsageObjectSigner = 0x0040; + +// A map from the name of a certificate usage to the value of the usage. +// Useful for printing debugging information and for enumerating all supported +// usages. +const certificateUsages = { + certificateUsageSSLClient, + certificateUsageSSLServer, + certificateUsageSSLCA, + certificateUsageEmailSigner, + certificateUsageEmailRecipient, + certificateUsageObjectSigner, +}; + +// Map of certificate usage name to localization identifier. +const certificateUsageToStringBundleName = { + certificateUsageSSLClient: "VerifySSLClient", + certificateUsageSSLServer: "VerifySSLServer", + certificateUsageSSLCA: "VerifySSLCA", + certificateUsageEmailSigner: "VerifyEmailSigner", + certificateUsageEmailRecipient: "VerifyEmailRecip", + certificateUsageObjectSigner: "VerifyObjSign", +}; + +const PRErrorCodeSuccess = 0; + +const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE; +const SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11; +const SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12; +const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13; +const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20; +const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21; +const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30; +const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176; + +/** + * Kicks off asynchronous verifications of the given certificate to determine + * what usages it is currently valid for. Updates the usage display area when + * complete. + * + * @param {nsIX509Cert} cert + * The certificate to determine valid usages for. + */ +function asyncDetermineUsages(cert) { + let promises = []; + let now = Date.now() / 1000; + let certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + Object.keys(certificateUsages).forEach(usageString => { + promises.push(new Promise((resolve, reject) => { + let usage = certificateUsages[usageString]; + certdb.asyncVerifyCertAtTime(cert, usage, 0, null, now, + (aPRErrorCode, aVerifiedChain, aHasEVPolicy) => { + resolve({ usageString: usageString, errorCode: aPRErrorCode }); + }); + })); + }); + Promise.all(promises).then(displayUsages); +} + +/** + * Updates the usage display area given the results from asyncDetermineUsages. + * + * @param {Array} results + * An array of objects with the properties "usageString" and "errorCode". + * usageString is a string that is a key in the certificateUsages map. + * errorCode is either an NSPR error code or PRErrorCodeSuccess (which is + * a pseudo-NSPR error code with the value 0 that indicates success). + */ +function displayUsages(results) { + document.getElementById("verify_pending").setAttribute("hidden", "true"); + let verified = document.getElementById("verified"); + let someSuccess = results.some(result => + result.errorCode == PRErrorCodeSuccess + ); + if (someSuccess) { + let verifystr = bundle.getString("certVerified"); + verified.textContent = verifystr; + let pipnssBundle = Services.strings.createBundle( + "chrome://pipnss/locale/pipnss.properties"); + results.forEach(result => { + if (result.errorCode != PRErrorCodeSuccess) { + return; + } + let bundleName = certificateUsageToStringBundleName[result.usageString]; + let usage = pipnssBundle.GetStringFromName(bundleName); + AddUsage(usage); + }); + } else { + const errorRankings = [ + { error: SEC_ERROR_REVOKED_CERTIFICATE, + bundleString: "certNotVerified_CertRevoked" }, + { error: SEC_ERROR_UNTRUSTED_CERT, + bundleString: "certNotVerified_CertNotTrusted" }, + { error: SEC_ERROR_UNTRUSTED_ISSUER, + bundleString: "certNotVerified_IssuerNotTrusted" }, + { error: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED, + bundleString: "certNotVerified_AlgorithmDisabled" }, + { error: SEC_ERROR_EXPIRED_CERTIFICATE, + bundleString: "certNotVerified_CertExpired" }, + { error: SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE, + bundleString: "certNotVerified_CAInvalid" }, + { error: SEC_ERROR_UNKNOWN_ISSUER, + bundleString: "certNotVerified_IssuerUnknown" }, + ]; + let verifystr; + for (let errorRanking of errorRankings) { + let errorPresent = results.some(result => + result.errorCode == errorRanking.error + ); + if (errorPresent) { + verifystr = bundle.getString(errorRanking.bundleString); + break; + } + } + if (!verifystr) { + verifystr = bundle.getString("certNotVerified_Unknown"); + } + verified.textContent = verifystr; + } + // Notify that we are done determining the certificate's valid usages (this + // should be treated as an implementation detail that enables tests to run + // efficiently - other code in the browser probably shouldn't rely on this). + Services.obs.notifyObservers(window, "ViewCertDetails:CertUsagesDone", null); +} + +function addChildrenToTree(parentTree, label, value, addTwistie) +{ + let treeChild1 = document.createElement("treechildren"); + let treeElement = addTreeItemToTreeChild(treeChild1, label, value, + addTwistie); + parentTree.appendChild(treeChild1); + return treeElement; +} + +function addTreeItemToTreeChild(treeChild, label, value, addTwistie) +{ + let treeElem1 = document.createElement("treeitem"); + if (addTwistie) { + treeElem1.setAttribute("container", "true"); + treeElem1.setAttribute("open", "true"); + } + let treeRow = document.createElement("treerow"); + let treeCell = document.createElement("treecell"); + treeCell.setAttribute("label", label); + if (value) { + treeCell.setAttribute("display", value); + } + treeRow.appendChild(treeCell); + treeElem1.appendChild(treeRow); + treeChild.appendChild(treeElem1); + return treeElem1; +} + +function displaySelected() { + var asn1Tree = document.getElementById('prettyDumpTree') + .view.QueryInterface(nsIASN1Tree); + var items = asn1Tree.selection; + var certDumpVal = document.getElementById('certDumpVal'); + if (items.currentIndex != -1) { + var value = asn1Tree.getDisplayData(items.currentIndex); + certDumpVal.value = value; + } else { + certDumpVal.value = ""; + } +} + +function BuildPrettyPrint(cert) +{ + var certDumpTree = Components.classes[nsASN1Tree]. + createInstance(nsIASN1Tree); + certDumpTree.loadASN1Structure(cert.ASN1Structure); + document.getElementById('prettyDumpTree').view = certDumpTree; +} + +function addAttributeFromCert(nodeName, value) +{ + var node = document.getElementById(nodeName); + if (!value) { + value = bundle.getString('notPresent'); + } + node.setAttribute('value', value); +} + +/** + * Displays information about a cert in the "General" tab of the cert viewer. + * + * @param {nsIX509Cert} cert + * Cert to display information about. + */ +function DisplayGeneralDataFromCert(cert) +{ + addAttributeFromCert("commonname", cert.commonName); + addAttributeFromCert("organization", cert.organization); + addAttributeFromCert("orgunit", cert.organizationalUnit); + addAttributeFromCert("serialnumber", cert.serialNumber); + addAttributeFromCert("sha256fingerprint", cert.sha256Fingerprint); + addAttributeFromCert("sha1fingerprint", cert.sha1Fingerprint); + addAttributeFromCert("validitystart", cert.validity.notBeforeLocalDay); + addAttributeFromCert("validityend", cert.validity.notAfterLocalDay); + + addAttributeFromCert("issuercommonname", cert.issuerCommonName); + addAttributeFromCert("issuerorganization", cert.issuerOrganization); + addAttributeFromCert("issuerorgunit", cert.issuerOrganizationUnit); +} + +function updateCertDump() +{ + var asn1Tree = document.getElementById('prettyDumpTree') + .view.QueryInterface(nsIASN1Tree); + + var tree = document.getElementById('treesetDump'); + if (tree.currentIndex < 0) { + doPrompt("No items are selected."); //This should never happen. + } else { + var item = tree.contentView.getItemAtIndex(tree.currentIndex); + var dbKey = item.firstChild.firstChild.getAttribute('display'); + // Get the cert from the cert database + var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB); + var cert = certdb.findCertByDBKey(dbKey); + asn1Tree.loadASN1Structure(cert.ASN1Structure); + } + displaySelected(); +} + +function getCurrentCert() +{ + var realIndex; + var tree = document.getElementById('treesetDump'); + if (tree.view.selection.isSelected(tree.currentIndex) + && document.getElementById('prettyprint_tab').selected) { + /* if the user manually selected a cert on the Details tab, + then take that one */ + realIndex = tree.currentIndex; + } else { + /* otherwise, take the one at the bottom of the chain + (i.e. the one of the end-entity, unless we're displaying + CA certs) */ + realIndex = tree.view.rowCount - 1; + } + if (realIndex >= 0) { + var item = tree.contentView.getItemAtIndex(realIndex); + var dbKey = item.firstChild.firstChild.getAttribute('display'); + var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB); + var cert = certdb.findCertByDBKey(dbKey); + return cert; + } + /* shouldn't really happen */ + return null; +} |