static nsresult AppendErrorTextMismatch(const nsString& host, nsIX509Cert* ix509, nsINSSComponent* component, bool wantsHtml, nsString& returnedMessage) { // Prepare a default "not valid for <hostname>" string in case anything // goes wrong (or in case the certificate is not valid for any hostnames). nsAutoString notValidForHostnameString; const char16_t* params[1]; params[0] = host.get(); nsresult rv = component->PIPBundleFormatStringFromName( "certErrorMismatch", params, 1, notValidForHostnameString); if (NS_FAILED(rv)) { return rv; } notValidForHostnameString.Append('\n'); UniqueCERTCertificate nssCert(ix509->GetCert()); if (!nssCert) { returnedMessage.Append(notValidForHostnameString); return NS_OK; } nsAutoString allNames; uint32_t nameCount = GetSubjectAltNames(nssCert.get(), allNames); if (nameCount == 0) { returnedMessage.Append(notValidForHostnameString); } else if (nameCount > 1) { nsString message; rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", message); if (NS_FAILED(rv)) { return rv; } returnedMessage.Append(message); returnedMessage.AppendLiteral("\n "); returnedMessage.Append(allNames); returnedMessage.AppendLiteral(" \n"); } else if (nameCount == 1) { params[0] = allNames.get(); const char* stringID = wantsHtml ? "certErrorMismatchSingle2" : "certErrorMismatchSinglePlain"; nsAutoString formattedString; rv = component->PIPBundleFormatStringFromName(stringID, params, 1, formattedString); if (NS_FAILED(rv)) { return rv; } returnedMessage.Append(formattedString); returnedMessage.Append('\n'); } return NS_OK; }
static void AppendErrorTextMismatch(const nsString &host, nsIX509Cert* ix509, nsINSSComponent *component, bool wantsHtml, nsString &returnedMessage) { const char16_t *params[1]; nsresult rv; ScopedCERTCertificate nssCert(ix509->GetCert()); if (!nssCert) { // We are unable to extract the valid names, say "not valid for name". params[0] = host.get(); nsString formattedString; rv = component->PIPBundleFormatStringFromName("certErrorMismatch", params, 1, formattedString); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(formattedString); returnedMessage.Append('\n'); } return; } nsString allNames; uint32_t nameCount = 0; bool useSAN = false; if (nssCert) useSAN = GetSubjectAltNames(nssCert.get(), component, allNames, nameCount); if (!useSAN) { char *certName = CERT_GetCommonName(&nssCert->subject); if (certName) { nsDependentCSubstring commonName(certName, strlen(certName)); if (IsUTF8(commonName)) { // Bug 1024781 // We should actually check that the common name is a valid dns name or // ip address and not any string value before adding it to the display // list. ++nameCount; allNames.Assign(NS_ConvertUTF8toUTF16(commonName)); } PORT_Free(certName); } } if (nameCount > 1) { nsString message; rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", message); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(message); returnedMessage.AppendLiteral("\n "); returnedMessage.Append(allNames); returnedMessage.AppendLiteral(" \n"); } } else if (nameCount == 1) { const char16_t *params[1]; params[0] = allNames.get(); const char *stringID; if (wantsHtml) stringID = "certErrorMismatchSingle2"; else stringID = "certErrorMismatchSinglePlain"; nsString formattedString; rv = component->PIPBundleFormatStringFromName(stringID, params, 1, formattedString); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(formattedString); returnedMessage.Append('\n'); } } else { // nameCount == 0 nsString message; nsresult rv = component->GetPIPNSSBundleString("certErrorMismatchNoNames", message); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(message); returnedMessage.Append('\n'); } } }
static void AppendErrorTextMismatch(const nsString &host, nsIX509Cert* ix509, nsINSSComponent *component, bool wantsHtml, nsString &returnedMessage) { const char16_t *params[1]; nsresult rv; mozilla::pkix::ScopedCERTCertificate nssCert; nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(ix509, &rv); if (cert2) nssCert = cert2->GetCert(); if (!nssCert) { // We are unable to extract the valid names, say "not valid for name". params[0] = host.get(); nsString formattedString; rv = component->PIPBundleFormatStringFromName("certErrorMismatch", params, 1, formattedString); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(formattedString); returnedMessage.Append(NS_LITERAL_STRING("\n")); } return; } nsString allNames; uint32_t nameCount = 0; bool useSAN = false; if (nssCert) useSAN = GetSubjectAltNames(nssCert.get(), component, allNames, nameCount); if (!useSAN) { char *certName = nullptr; // currently CERT_FindNSStringExtension is not being exported by NSS. // If it gets exported, enable the following line. // certName = CERT_FindNSStringExtension(nssCert, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME); // However, it has been discussed to treat the extension as obsolete and ignore it. if (!certName) certName = CERT_GetCommonName(&nssCert->subject); if (certName) { nsDependentCSubstring commonName(certName, strlen(certName)); if (IsUTF8(commonName)) { // Bug 1024781 // We should actually check that the common name is a valid dns name or // ip address and not any string value before adding it to the display // list. ++nameCount; allNames.Assign(NS_ConvertUTF8toUTF16(commonName)); } PORT_Free(certName); } } if (nameCount > 1) { nsString message; rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", message); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(message); returnedMessage.Append(NS_LITERAL_STRING("\n ")); returnedMessage.Append(allNames); returnedMessage.Append(NS_LITERAL_STRING(" \n")); } } else if (nameCount == 1) { const char16_t *params[1]; params[0] = allNames.get(); const char *stringID; if (wantsHtml) stringID = "certErrorMismatchSingle2"; else stringID = "certErrorMismatchSinglePlain"; nsString formattedString; rv = component->PIPBundleFormatStringFromName(stringID, params, 1, formattedString); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(formattedString); returnedMessage.Append(NS_LITERAL_STRING("\n")); } } else { // nameCount == 0 nsString message; nsresult rv = component->GetPIPNSSBundleString("certErrorMismatchNoNames", message); if (NS_SUCCEEDED(rv)) { returnedMessage.Append(message); returnedMessage.Append(NS_LITERAL_STRING("\n")); } } }