Thanks Subrata, I'm doing it in a SWT browser widget, i.e. non-command line. mozilla 2/ XulRunner 1.8. The strange thing is the nsIX509CertDB.importPKCS12File comes up with the proper dialog window, as to do the notifications of entering an encrypted page and notifications if the URL doesn't equal the certificate subject.
Is there anything else which needs to be initialised before this method is called? Also I looked through all the nsIPK11* interfaces and could find no Authenticate() method? where is that one? Regardless, at worst I can use the nsIPK11Token.checkPassword(password) to login if I need to. Thus I roughly know how to check if a cert is present, import one if not and prompt the user for login if the cert is in the db. So the main hangup now is that I don't want to force the user to log in unless the cert is requested by a site. Any ideas on where/how I'd be able to listen for a user certificate request/failed connection because of lack of user certificate event? Then I could prompt the user and redirect them back to the site. Thanks again! Cheers, Will. On Sep 26, 3:35 am, Subrata Mazumdar <[EMAIL PROTECTED]> wrote: > Will, > I am cross posting m.d.t.crypto where it belongs. > > AFAIK, nsIPK11Token.login() expect that you are running within browser > because it prompts for password using XUL based dialog window. > If you are running in non-browsser environment (command-line) > then you have to supply your own password prompt using PK11_Authenticate() > method. > > -- > Subrata > > [EMAIL PROTECTED] wrote: > > Thanks for your reply Subrata, > > Unfortunately I get an error 0x80004005 at "login(false);" any idea > > why this would be happening? > > > Fortunately I found nsIPK11Token.checkPassword(String password) which > > seems to log me in if its passed the correct password. Is this > > intended behaviour, or a bug? Its hard to know what its supposed to do > > as the only doco I have is > > :http://www.xulplanet.com/references/xpcomref/ifaces/nsIPK11Token.html > > which doesn't specify what it does. > > > Anyway assuming I can use checkPassword to get the correct password, > > the trouble now is that I have to force the user to log in every time > > they use the browser regardless of if they are going to an SSL site or > > not just to make sure they can access the SSL sites. Is there any way > > to listen to the event of a SSL enabled site asking for the cert so I > > can request a password from the user at that point? > > > Any suggestions or snippets? > > > Thanks! > > Will. > > > On Sep 25, 5:17 am, Subrata Mazumdar <[EMAIL PROTECTED]> > > wrote: > > >> Hi Will, > >> you can try as follows: > >> var /* nsIPK11Token */ token = null; > >> try { > >> var tokendb = > >> Components.classes["@mozilla.org/security/pk11tokendb;1"] > > >> .getService(Components.interfaces.nsIPK11TokenDB); > >> token = tokendb.getInternalKeyToken(); > >> } catch (ex) {} > >> if (token) { > >> token.login(false); // will prompt for password only if the > >> token needs login > >> } > >> -- > >> Subrata > > >> [EMAIL PROTECTED] wrote: > > >>> Hi There, > >>> I'm working with the SWT Browser widget inside a Web Browser view I am > >>> creating and I am trying to get it to connect to a SSL enabled website > >>> that requests a clientside certificate. I'm using XulRunner 1.8 > >>> (Mozilla 2) in Java i.e JavaXPCOM. > > >>> I can use nsIX509CertDB to import the PKCS12 keystore that holds the > >>> client side certificate and so long as the browser then remains open I > >>> can connect to websites requesting my user cert without problem. > > >>> However, when I restart the browser I can no longer access the SSL > >>> enabled site, the client certificate is still in there (I can see that > >>> by calling findCertNicknames). It doesn't prompt me for a password for > >>> the keystore which I am guessing is the problem (i.e. the session > >>> where I import it the password I use on the keystore remains in memory > >>> to be accessed, when I shut it down and restart it the password isn't > >>> known, its not asking me for it and everything is failing quietly.) > >>> The only way I can then get it to work is to blow away the user > >>> profile and reimport the cert with password etc, not exactly a > >>> suitable solution. > > >>> Does anyone know how to get XPCOM to prompt the user for the password > >>> to mozillas user cert keystore? Or method by which I can provide the > >>> password to XPCOM programmatically? > > >>> Thanks! > >>> Will. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
