58
58
#include "nsIDateTimeFormat.h"
59
59
#include "nsDateTimeFormatCID.h"
60
60
#include "nsIClientAuthDialogs.h"
61
#include "nsClientAuthRemember.h"
62
63
#include "nsXPIDLString.h"
63
64
#include "nsReadableUtils.h"
228
NS_IMPL_THREADSAFE_ISUPPORTS4(nsNSSSocketInfo,
229
NS_IMPL_THREADSAFE_ISUPPORTS5(nsNSSSocketInfo,
229
230
nsITransportSecurityInfo,
230
231
nsISSLSocketControl,
231
232
nsIInterfaceRequestor,
232
nsISSLStatusProvider)
233
nsISSLStatusProvider,
234
nsIClientAuthUserDecision)
235
237
nsNSSSocketInfo::GetHandshakePending(PRBool *aHandshakePending)
283
285
return mCanceled;
288
NS_IMETHODIMP nsNSSSocketInfo::GetRememberClientAuthCertificate(PRBool *aRememberClientAuthCertificate)
290
NS_ENSURE_ARG_POINTER(aRememberClientAuthCertificate);
291
*aRememberClientAuthCertificate = mRememberClientAuthCertificate;
295
NS_IMETHODIMP nsNSSSocketInfo::SetRememberClientAuthCertificate(PRBool aRememberClientAuthCertificate)
297
mRememberClientAuthCertificate = aRememberClientAuthCertificate;
286
301
void nsNSSSocketInfo::SetHasCleartextPhase(PRBool aHasCleartextPhase)
288
303
mHasCleartextPhase = aHasCleartextPhase;
2249
2264
nsNSSShutDownPreventionLock locker;
2250
2265
void* wincx = NULL;
2251
2266
SECStatus ret = SECFailure;
2253
2267
nsNSSSocketInfo* info = NULL;
2254
2268
PRArenaPool* arena = NULL;
2255
2269
char** caNameStrings;
2256
2270
CERTCertificate* cert = NULL;
2257
CERTCertificate* serverCert = NULL;
2258
2271
SECKEYPrivateKey* privKey = NULL;
2259
2272
CERTCertList* certList = NULL;
2260
2273
CERTCertListNode* node;
2394
else { // Not Auto => ask
2395
/* Get the SSL Certificate */
2396
CERTCertificate* serverCert = NULL;
2397
CERTCertificateCleaner serverCertCleaner(serverCert);
2398
serverCert = SSL_PeerCertificate(socket);
2399
if (serverCert == NULL) {
2400
/* couldn't get the server cert: what do I do? */
2404
nsXPIDLCString hostname;
2405
info->GetHostName(getter_Copies(hostname));
2408
NS_DEFINE_CID(nssComponentCID, NS_NSSCOMPONENT_CID);
2409
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(nssComponentCID, &rv));
2410
nsRefPtr<nsClientAuthRememberService> cars;
2412
nssComponent->GetClientAuthRememberService(getter_AddRefs(cars));
2415
PRBool hasRemembered = PR_FALSE;
2416
nsCString rememberedNickname;
2419
nsresult rv = cars->HasRememberedDecision(hostname,
2421
rememberedNickname, &found);
2422
if (NS_SUCCEEDED(rv) && found) {
2423
hasRemembered = PR_TRUE;
2427
PRBool canceled = PR_FALSE;
2431
if (rememberedNickname.IsEmpty())
2434
char *const_nickname = const_cast<char*>(rememberedNickname.get());
2435
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), const_nickname);
2382
2440
/* user selects a cert to present */
2383
2441
nsIClientAuthDialogs *dialogs = NULL;
2384
2442
PRInt32 selectedIndex = -1;
2385
2443
PRUnichar **certNicknameList = NULL;
2386
2444
PRUnichar **certDetailsList = NULL;
2389
2446
/* find all user certs that are for SSL */
2390
2447
/* note that we are allowing expired certs in this list */
2442
2499
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
2444
/* Get the SSL Certificate */
2445
serverCert = SSL_PeerCertificate(socket);
2446
if (serverCert == NULL) {
2447
/* couldn't get the server cert: what do I do? */
2451
2501
/* Get CN and O of the subject and O of the issuer */
2452
2502
char *ccn = CERT_GetCommonName(&serverCert->subject);
2453
2503
NS_ConvertUTF8toUCS2 cn(ccn);
2461
2511
NS_ConvertUTF8toUCS2 issuer(cissuer);
2462
2512
if (cissuer) PORT_Free(cissuer);
2464
CERT_DestroyCertificate(serverCert);
2466
2514
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
2467
2515
if (!certNicknameList)
2534
2582
if (NS_FAILED(rv)) goto loser;
2536
if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
2584
// even if the user has canceled, we want to remember that, to avoid repeating prompts
2585
PRBool wantRemember = PR_FALSE;
2586
info->GetRememberClientAuthCertificate(&wantRemember);
2539
2590
for (i = 0, node = CERT_LIST_HEAD(certList);
2540
2591
!CERT_LIST_END(node, certList);
2541
2592
++i, node = CERT_LIST_NEXT(node)) {