4

I'm trying to replace the nsICertificateDialogs dialog with my own implementation. I already have an extension that handles smime mails from webmail. I want to be able to use the Mozilla cert store with my extension. The only possibility I've found to export smime certs/keys (to use it in my extension) is via exporting a pfx file.

I unregistered the original certifica tedialog and registered mine as described here Failure while calling nsIX509CertDB.nsIX509CertDB from command line (unregister the old factory and register mine with the correct contractID). When I call Cc[@mozilla.org/nsCertificateDialogs;1].getService(Ci.nsICertificateDialogs); my class gets instantiated. When calling certDB.importPKCS12File(null, certfile) I get an NS_ERROR_FAILURE and my dialog class is not instantiated.

What is the difference when FF instantiates the certificate dialog. How can I test it? What am I missing?

edit: my certificate dialog class does not get instanciated by ff - even when called with a valid token certDB.importPKCS12File(token, certfile); In change calling var certdialogInterface = Cc[sMimeCertificateDialog.mozillaContractID] .getService(Ci.nsICertificateDialogs); correctly instanciates my class (followed by some QueryInterface calls)

edit: I uploaded a (hopefully) simple reproducer to http://www.sodgeit.de/dialog_reproducer.zip Look at src/chrome/components/smime_certificate_dialog.js and at src/tests/smime_certificate_dialog_test.js

Community
  • 1
  • 1
David Feurle
  • 2,687
  • 22
  • 38
  • Are you calling `certDB.importPKCS12File(null, certfile)` after calling `getService` yourself? Then it isn't surprising that this call doesn't result in instantiation - services are only instantiated once. – Wladimir Palant Aug 20 '12 at 07:27
  • @WladimirPalant This is a hint. It is the same xpcshell that executes both unit tests. I will check this when I have the source at hand. Still this would explain the missing constructor call - but not the NS_ERROR_FAILURE - since my implementation of nsICertificateDialogs unconditionally allows all operations. – David Feurle Aug 20 '12 at 07:35
  • Is there a related XUL file you can inject to? – Kernel James Aug 25 '12 at 05:03
  • in the testcode no - in the final plugin yes. I want to be able to export the key without interacting with the user. – David Feurle Aug 25 '12 at 09:01

1 Answers1

3

What is the difference when FF instantiates the certificate dialog.

No difference actually. When Firefox need the file password it will call getNSSDialogs() function and that one will do the moral equivalent of your getService() call. However, getService() only instantiates the component the first time, subsequent calls would not cause instantiation again - this might be the explanation why you don't see any coming from Firefox code.

The other potential issue is that you are not passing any token to the function. This means that Firefox will try to determine the token itself and call GetSlotWithMechanism(). In case of multiple available tokens it will display a selection dialog, it will basically call Cc["@mozilla.org/nsTokenDialogs;1"].getService(Ci.nsITokenDialogs).ChooseToken(). So maybe it errors out because this component isn't usable in your xpcshell - meaning that you would have to either replace it as well or specify a token explicitly.

Wladimir Palant
  • 56,865
  • 12
  • 98
  • 126
  • I will check this when I have the code available. But sounds like an explanation. – David Feurle Aug 20 '12 at 07:54
  • If this is true the documentation is a bit misleading: "aToken Optionally limits the scope of this function to a token device. Can be null to mean any token.". I wouldn't expect any User Interface if all tokens where choosen. – David Feurle Aug 20 '12 at 08:10
  • my class does not get instanciated even if I don't call Cc[@mozilla.org/nsCertificateDialogs;1].getService(Ci.nsICertificateDialogs); before :S – David Feurle Aug 20 '12 at 16:37
  • @DavidFeurle: If Firefox tries to show the token dialog then it will fail before getting to the certificate dialogs... – Wladimir Palant Aug 20 '12 at 19:27
  • my certificate dialog class does not get instanciated by ff - even when called with a valid token certDB.importPKCS12File(token, certfile); In change calling var certdialogInterface = Cc[sMimeCertificateDialog.mozillaContractID] .getService(Ci.nsICertificateDialogs); correctly instanciates my class (followed by some QueryInterface calls) – David Feurle Aug 20 '12 at 19:40
  • I uploaded a (hopefully) simple reproducer to http://www.sodgeit.de/dialog_reproducer.zip – David Feurle Aug 21 '12 at 04:16
  • @DavidFeurle may no longer be relevant (almost 3 years later), but I was able to get this working with your sample project as-is on FF 33.0.3. Thank you for your help as well as Wladimir as I have the exact same requirements. – makdad May 31 '15 at 06:54