summaryrefslogtreecommitdiffstats
path: root/security/manager/pki
diff options
context:
space:
mode:
authorMoonchild <moonchild@palemoon.org>2019-11-08 10:54:10 +0100
committerGitHub <noreply@github.com>2019-11-08 10:54:10 +0100
commit8bb208397d2574ffcad436d23d3e8b87b3413141 (patch)
treed5a2249ace80f5e663b0b38b2d171c17c678185c /security/manager/pki
parenteb35cd10852cde613e6047220835cfa61eef6e01 (diff)
parent6df8aa4953f585887ef635ae4bcb0a6b83062789 (diff)
downloadUXP-8bb208397d2574ffcad436d23d3e8b87b3413141.tar
UXP-8bb208397d2574ffcad436d23d3e8b87b3413141.tar.gz
UXP-8bb208397d2574ffcad436d23d3e8b87b3413141.tar.lz
UXP-8bb208397d2574ffcad436d23d3e8b87b3413141.tar.xz
UXP-8bb208397d2574ffcad436d23d3e8b87b3413141.zip
Merge pull request #1214 from MoonchildProductions/certexception-work
Fix Certificate Exception dialog logic
Diffstat (limited to 'security/manager/pki')
-rw-r--r--security/manager/pki/resources/content/exceptionDialog.js116
1 files changed, 48 insertions, 68 deletions
diff --git a/security/manager/pki/resources/content/exceptionDialog.js b/security/manager/pki/resources/content/exceptionDialog.js
index c106cdbf5..1f719bc29 100644
--- a/security/manager/pki/resources/content/exceptionDialog.js
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@@ -13,34 +13,11 @@ var gChecking;
var gBroken;
var gNeedReset;
-Components.utils.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
-
-function badCertListener() {}
-badCertListener.prototype = {
- getInterface: function (aIID) {
- return this.QueryInterface(aIID);
- },
- QueryInterface: function(aIID) {
- if (aIID.equals(Components.interfaces.nsIBadCertListener2) ||
- aIID.equals(Components.interfaces.nsIInterfaceRequestor) ||
- aIID.equals(Components.interfaces.nsISupports)) {
- return this;
- }
+const {interfaces: Ci, classes: Cc, results: Cr, utils: Cu} = Components;
+
+Cu.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
+Cu.import("resource://gre/modules/Services.jsm");
- throw new Error(Components.results.NS_ERROR_NO_INTERFACE);
- },
- handle_test_result: function () {
- if (gSSLStatus) {
- gCert = gSSLStatus.QueryInterface(Components.interfaces.nsISSLStatus).serverCert;
- }
- },
- notifyCertProblem: function MSR_notifyCertProblem(socketInfo, sslStatus, targetHost) {
- gBroken = true;
- gSSLStatus = sslStatus;
- this.handle_test_result();
- return true; // suppress error UI
- }
-};
function initExceptionDialog() {
gNeedReset = false;
@@ -57,7 +34,7 @@ function initExceptionDialog() {
if (args[0].location) {
// We were pre-seeded with a location.
document.getElementById("locationTextBox").value = args[0].location;
- document.getElementById('checkCertButton').disabled = false;
+ document.getElementById("checkCertButton").disabled = false;
if (args[0].sslStatus) {
gSSLStatus = args[0].sslStatus;
@@ -85,6 +62,28 @@ function initExceptionDialog() {
}
/**
+ * Helper function for checkCert. Set as the onerror/onload callbacks for an
+ * XMLHttpRequest. Sets gSSLStatus, gCert, gBroken, and gChecking according to
+ * the load information from the request. Probably should not be used directly.
+ *
+ * @param {XMLHttpRequest} req
+ * The XMLHttpRequest created and sent by checkCert.
+ * @param {Event} evt
+ * The load or error event.
+ */
+function grabCert(req, evt) {
+ if (req.channel && req.channel.securityInfo) {
+ gSSLStatus = req.channel.securityInfo
+ .QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
+ gCert = gSSLStatus ? gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert
+ : null;
+ }
+ gBroken = evt.type == "error";
+ gChecking = false;
+ updateCertStatus();
+}
+
+/**
* Attempt to download the certificate for the location specified, and populate
* the Certificate Status section with the result.
*/
@@ -95,48 +94,34 @@ function checkCert() {
gBroken = false;
updateCertStatus();
- var uri = getURI();
+ let uri = getURI();
- var req = new XMLHttpRequest();
- try {
- if (uri) {
- req.open('GET', uri.prePath, false);
- req.channel.notificationCallbacks = new badCertListener();
- req.send(null);
- }
- } catch (e) {
- // We *expect* exceptions if there are problems with the certificate
- // presented by the site. Log it, just in case, but we can proceed here,
- // with appropriate sanity checks
- Components.utils.reportError("Attempted to connect to a site with a bad certificate in the add exception dialog. " +
- "This results in a (mostly harmless) exception being thrown. " +
- "Logged for information purposes only: " + e);
- } finally {
+ if (uri) {
+ let req = new XMLHttpRequest();
+ req.open("GET", uri.prePath);
+ req.onerror = grabCert.bind(this, req);
+ req.onload = grabCert.bind(this, req);
+ req.send(null);
+ } else {
gChecking = false;
+ updateCertStatus();
}
-
- if (req.channel && req.channel.securityInfo) {
- const Ci = Components.interfaces;
- gSSLStatus = req.channel.securityInfo
- .QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
- gCert = gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
- }
-
- updateCertStatus();
}
/**
* Build and return a URI, based on the information supplied in the
* Certificate Location fields
+ *
+ * @returns {nsIURI}
+ * URI constructed from the information supplied on success, null
+ * otherwise.
*/
function getURI() {
// Use fixup service instead of just ioservice's newURI since it's quite
// likely that the host will be supplied without a protocol prefix, resulting
// in malformed uri exceptions being thrown.
- let fus = Components.classes["@mozilla.org/docshell/urifixup;1"]
- .getService(Components.interfaces.nsIURIFixup);
let locationTextBox = document.getElementById("locationTextBox");
- let uri = fus.createFixupURI(locationTextBox.value, 0);
+ let uri = Services.uriFixup.createFixupURI(locationTextBox.value, 0);
if (!uri) {
return null;
@@ -170,7 +155,7 @@ function resetDialog() {
* Called by input textboxes to manage UI state
*/
function handleTextChange() {
- var checkCertButton = document.getElementById('checkCertButton');
+ var checkCertButton = document.getElementById("checkCertButton");
checkCertButton.disabled = !(document.getElementById("locationTextBox").value);
if (gNeedReset) {
gNeedReset = false;
@@ -238,8 +223,7 @@ function updateCertStatus() {
pe.checked = !inPrivateBrowsing;
setText("headerDescription", gPKIBundle.getString("addExceptionInvalidHeader"));
- }
- else {
+ } else {
shortDesc = "addExceptionValidShort";
longDesc = "addExceptionValidLong";
gDialog.getButton("extra1").disabled = true;
@@ -251,11 +235,8 @@ function updateCertStatus() {
document.getElementById("viewCertButton").disabled = false;
// Notify observers about the availability of the certificate
- Components.classes["@mozilla.org/observer-service;1"]
- .getService(Components.interfaces.nsIObserverService)
- .notifyObservers(null, "cert-exception-ui-ready", null);
- }
- else if (gChecking) {
+ Services.obs.notifyObservers(null, "cert-exception-ui-ready", null);
+ } else if (gChecking) {
shortDesc = "addExceptionCheckingShort";
longDesc = "addExceptionCheckingLong2";
// We're checking the certificate, so we disable the Get Certificate
@@ -265,8 +246,7 @@ function updateCertStatus() {
document.getElementById("viewCertButton").disabled = true;
gDialog.getButton("extra1").disabled = true;
document.getElementById("permanent").disabled = true;
- }
- else {
+ } else {
shortDesc = "addExceptionNoCertShort";
longDesc = "addExceptionNoCertLong2";
// We're done checking the certificate, so allow the user to check it again.
@@ -309,8 +289,8 @@ function addException() {
return;
}
- var overrideService = Components.classes["@mozilla.org/security/certoverride;1"]
- .getService(Components.interfaces.nsICertOverrideService);
+ var overrideService = Cc["@mozilla.org/security/certoverride;1"]
+ .getService(Ci.nsICertOverrideService);
var flags = 0;
if (gSSLStatus.isUntrusted) {
flags |= overrideService.ERROR_UNTRUSTED;