Ejemplo n.º 1
0
static nsresult
AppendErrorTextMismatch(const nsString& host, nsIX509Cert* ix509,
                        nsINSSComponent* component, bool wantsHtml,
                        nsString& returnedMessage)
{
  // Prepare a default "not valid for <hostname>" string in case anything
  // goes wrong (or in case the certificate is not valid for any hostnames).
  nsAutoString notValidForHostnameString;
  const char16_t* params[1];
  params[0] = host.get();
  nsresult rv = component->PIPBundleFormatStringFromName(
    "certErrorMismatch", params, 1, notValidForHostnameString);
  if (NS_FAILED(rv)) {
    return rv;
  }
  notValidForHostnameString.Append('\n');

  UniqueCERTCertificate nssCert(ix509->GetCert());
  if (!nssCert) {
    returnedMessage.Append(notValidForHostnameString);
    return NS_OK;
  }

  nsAutoString allNames;
  uint32_t nameCount = GetSubjectAltNames(nssCert.get(), allNames);
  if (nameCount == 0) {
    returnedMessage.Append(notValidForHostnameString);
  } else if (nameCount > 1) {
    nsString message;
    rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", message);
    if (NS_FAILED(rv)) {
      return rv;
    }
    returnedMessage.Append(message);
    returnedMessage.AppendLiteral("\n  ");
    returnedMessage.Append(allNames);
    returnedMessage.AppendLiteral("  \n");
  } else if (nameCount == 1) {
    params[0] = allNames.get();

    const char* stringID = wantsHtml ? "certErrorMismatchSingle2"
                                     : "certErrorMismatchSinglePlain";
    nsAutoString formattedString;
    rv = component->PIPBundleFormatStringFromName(stringID, params, 1,
                                                  formattedString);
    if (NS_FAILED(rv)) {
      return rv;
    }
    returnedMessage.Append(formattedString);
    returnedMessage.Append('\n');
  }

  return NS_OK;
}
Ejemplo n.º 2
0
static void
AppendErrorTextMismatch(const nsString &host,
                        nsIX509Cert* ix509,
                        nsINSSComponent *component,
                        bool wantsHtml,
                        nsString &returnedMessage)
{
    const char16_t *params[1];
    nsresult rv;

    ScopedCERTCertificate nssCert(ix509->GetCert());

    if (!nssCert) {
        // We are unable to extract the valid names, say "not valid for name".
        params[0] = host.get();
        nsString formattedString;
        rv = component->PIPBundleFormatStringFromName("certErrorMismatch",
                params, 1,
                formattedString);
        if (NS_SUCCEEDED(rv)) {
            returnedMessage.Append(formattedString);
            returnedMessage.Append('\n');
        }
        return;
    }

    nsString allNames;
    uint32_t nameCount = 0;
    bool useSAN = false;

    if (nssCert)
        useSAN = GetSubjectAltNames(nssCert.get(), component, allNames, nameCount);

    if (!useSAN) {
        char *certName = CERT_GetCommonName(&nssCert->subject);
        if (certName) {
            nsDependentCSubstring commonName(certName, strlen(certName));
            if (IsUTF8(commonName)) {
                // Bug 1024781
                // We should actually check that the common name is a valid dns name or
                // ip address and not any string value before adding it to the display
                // list.
                ++nameCount;
                allNames.Assign(NS_ConvertUTF8toUTF16(commonName));
            }
            PORT_Free(certName);
        }
    }

    if (nameCount > 1) {
        nsString message;
        rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple",
                                              message);
        if (NS_SUCCEEDED(rv)) {
            returnedMessage.Append(message);
            returnedMessage.AppendLiteral("\n  ");
            returnedMessage.Append(allNames);
            returnedMessage.AppendLiteral("  \n");
        }
    }
    else if (nameCount == 1) {
        const char16_t *params[1];
        params[0] = allNames.get();

        const char *stringID;
        if (wantsHtml)
            stringID = "certErrorMismatchSingle2";
        else
            stringID = "certErrorMismatchSinglePlain";

        nsString formattedString;
        rv = component->PIPBundleFormatStringFromName(stringID,
                params, 1,
                formattedString);
        if (NS_SUCCEEDED(rv)) {
            returnedMessage.Append(formattedString);
            returnedMessage.Append('\n');
        }
    }
    else { // nameCount == 0
        nsString message;
        nsresult rv = component->GetPIPNSSBundleString("certErrorMismatchNoNames",
                      message);
        if (NS_SUCCEEDED(rv)) {
            returnedMessage.Append(message);
            returnedMessage.Append('\n');
        }
    }
}
static void
AppendErrorTextMismatch(const nsString &host,
                        nsIX509Cert* ix509,
                        nsINSSComponent *component,
                        bool wantsHtml,
                        nsString &returnedMessage)
{
  const char16_t *params[1];
  nsresult rv;

  mozilla::pkix::ScopedCERTCertificate nssCert;

  nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(ix509, &rv);
  if (cert2)
    nssCert = cert2->GetCert();

  if (!nssCert) {
    // We are unable to extract the valid names, say "not valid for name".
    params[0] = host.get();
    nsString formattedString;
    rv = component->PIPBundleFormatStringFromName("certErrorMismatch", 
                                                  params, 1, 
                                                  formattedString);
    if (NS_SUCCEEDED(rv)) {
      returnedMessage.Append(formattedString);
      returnedMessage.Append(NS_LITERAL_STRING("\n"));
    }
    return;
  }

  nsString allNames;
  uint32_t nameCount = 0;
  bool useSAN = false;

  if (nssCert)
    useSAN = GetSubjectAltNames(nssCert.get(), component, allNames, nameCount);

  if (!useSAN) {
    char *certName = nullptr;
    // currently CERT_FindNSStringExtension is not being exported by NSS.
    // If it gets exported, enable the following line.
    //   certName = CERT_FindNSStringExtension(nssCert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME);
    // However, it has been discussed to treat the extension as obsolete and ignore it.
    if (!certName)
      certName = CERT_GetCommonName(&nssCert->subject);
    if (certName) {
      nsDependentCSubstring commonName(certName, strlen(certName));
      if (IsUTF8(commonName)) {
        // Bug 1024781
        // We should actually check that the common name is a valid dns name or
        // ip address and not any string value before adding it to the display
        // list.
        ++nameCount;
        allNames.Assign(NS_ConvertUTF8toUTF16(commonName));
      }
      PORT_Free(certName);
    }
  }

  if (nameCount > 1) {
    nsString message;
    rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", 
                                          message);
    if (NS_SUCCEEDED(rv)) {
      returnedMessage.Append(message);
      returnedMessage.Append(NS_LITERAL_STRING("\n  "));
      returnedMessage.Append(allNames);
      returnedMessage.Append(NS_LITERAL_STRING("  \n"));
    }
  }
  else if (nameCount == 1) {
    const char16_t *params[1];
    params[0] = allNames.get();
    
    const char *stringID;
    if (wantsHtml)
      stringID = "certErrorMismatchSingle2";
    else
      stringID = "certErrorMismatchSinglePlain";

    nsString formattedString;
    rv = component->PIPBundleFormatStringFromName(stringID, 
                                                  params, 1, 
                                                  formattedString);
    if (NS_SUCCEEDED(rv)) {
      returnedMessage.Append(formattedString);
      returnedMessage.Append(NS_LITERAL_STRING("\n"));
    }
  }
  else { // nameCount == 0
    nsString message;
    nsresult rv = component->GetPIPNSSBundleString("certErrorMismatchNoNames",
                                                   message);
    if (NS_SUCCEEDED(rv)) {
      returnedMessage.Append(message);
      returnedMessage.Append(NS_LITERAL_STRING("\n"));
    }
  }
}