info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Clarification on nsHTMLInputElement/ certificates
11 views
Skip to first unread message
Anderson Walls
Apr 18, 2012, 9:23:18 AM4/18/12
to
I am currently working on a research project that requires me to
modify a browser in order to return a website's certificate (to
stdout/ stderr) when the user clicks into a password field.
As of right now I have added the following into the switch statement
(aVisitor.mEvent->message) in the PostHandleEvent method of
nsHTMLElement.
Case NS_FOCUS_CONTENT:{
// start of my addition
if( IsPasswordTextControl() ){
std::cerr << "Entered Password Field" << std::endl;
}
// continue mozilla source
So I now know when ever I have clicked into a password field which is
great but I have been trying for the last few weeks to sift through
the DOM in order to find where I can grab the certificate or determine
that there is not one for the document/tab/frame that the user is
currently in. Im sure there is a method out there that does exactly
this and can be added into the if statement just not sure what it is/
where to find it.
Hopefully this is explained clearly, any assistance would be greatly
appreciated.
modify a browser in order to return a website's certificate (to
stdout/ stderr) when the user clicks into a password field.
As of right now I have added the following into the switch statement
(aVisitor.mEvent->message) in the PostHandleEvent method of
nsHTMLElement.
Case NS_FOCUS_CONTENT:{
// start of my addition
if( IsPasswordTextControl() ){
std::cerr << "Entered Password Field" << std::endl;
}
// continue mozilla source
So I now know when ever I have clicked into a password field which is
great but I have been trying for the last few weeks to sift through
the DOM in order to find where I can grab the certificate or determine
that there is not one for the document/tab/frame that the user is
currently in. Im sure there is a method out there that does exactly
this and can be added into the if statement just not sure what it is/
where to find it.
Hopefully this is explained clearly, any assistance would be greatly
appreciated.
Boris Zbarsky
Apr 18, 2012, 10:59:23 AM4/18/12
to
On 4/18/12 9:23 AM, Anderson Walls wrote:
> // start of my addition
> if( IsPasswordTextControl() ){
> std::cerr<< "Entered Password Field"<< std::endl;
> }
>
> // continue mozilla source
>
> So I now know when ever I have clicked into a password field which is
> great but I have been trying for the last few weeks to sift through
> the DOM in order to find where I can grab the certificate or determine
> that there is not one for the document/tab/frame that the user is
> currently in
Getting a representation of the certificate for the "tab" is a bit of work.
> // start of my addition
> if( IsPasswordTextControl() ){
> std::cerr<< "Entered Password Field"<< std::endl;
> }
>
> // continue mozilla source
>
> So I now know when ever I have clicked into a password field which is
> great but I have been trying for the last few weeks to sift through
> the DOM in order to find where I can grab the certificate or determine
> that there is not one for the document/tab/frame that the user is
> currently in
Getting it for the document the <input> is in goes like this:
nsCOMPtr<nsISupports> cert;
NodePrincipal()->GetCertificate(getter_AddRefs(cert));
if (cert) {
// Can now QI cert to nsIX509Cert, nsIX509Cert2, nsIX509Cert3,
// extract whatever you want.
}
-Boris
Anderson Walls
Apr 19, 2012, 3:10:15 PM4/19/12
to
Would you be able to tell me how to take cert and literally print out
the x509 cert to stderr, PEM, DEM, doesn't matter the format I can
script it pem with openssl. Been looking through the security
directory trying to figure out the mozilla query interface and it is
giving me some trouble and you would look like the guy who could tell
me where to go.
My use for Mozilla in my project is very simple, I need the browser to
just give me the x509 cert as is when I click into a password field,
from there the rest of my project is set up to do various other things
with cert verification fully independent for mozilla. This is the last
piece of project that needs to come together.
If you could please reply it would be greatly appreciated, I am
definitely on the right path to where I need to be now.
-Anderson
Boris Zbarsky
Apr 19, 2012, 3:30:24 PM4/19/12
to
On 4/19/12 3:10 PM, Anderson Walls wrote:
>> Getting it for the document the<input> is in goes like this:
>>
>> nsCOMPtr<nsISupports> cert;
>> NodePrincipal()->GetCertificate(getter_AddRefs(cert));
>> if (cert) {
>> // Can now QI cert to nsIX509Cert, nsIX509Cert2, nsIX509Cert3,
>> // extract whatever you want.
>> }
>>
>> -Boris
>
> Thanks for the helpful reply Boris.
>
> Would you be able to tell me how to take cert and literally print out
> the x509 cert to stderr, PEM, DEM, doesn't matter the format I can
> script it pem with openssl.
I can get you DER. Would that be good enough?
>> Getting it for the document the<input> is in goes like this:
>>
>> nsCOMPtr<nsISupports> cert;
>> NodePrincipal()->GetCertificate(getter_AddRefs(cert));
>> if (cert) {
>> // Can now QI cert to nsIX509Cert, nsIX509Cert2, nsIX509Cert3,
>> // extract whatever you want.
>> }
>>
>> -Boris
>
> Thanks for the helpful reply Boris.
>
> Would you be able to tell me how to take cert and literally print out
> the x509 cert to stderr, PEM, DEM, doesn't matter the format I can
> script it pem with openssl.
Starting with the above code:
nsCOMPtr<nsIX509Cert> c = do_QueryInterface(cert);
PRUint32 length;
PRUint8* data;
c->GetRawDER(&length, &data);
// Do whatever you want with the data; write it to files, whatever
NS_Free(data);
-Boris
Anderson Walls
Apr 19, 2012, 9:42:34 PM4/19/12
to
will do just fine, converting is simple with openssl. Thank you so
much for your assistance sir.
-Anderson Walls
Boris Zbarsky
Apr 19, 2012, 10:53:29 PM4/19/12
to
On 4/19/12 9:42 PM, Anderson Walls wrote:
> Boris once again thank you so much, that is exactly what I needed. DER
> will do just fine, converting is simple with openssl. Thank you so
> much for your assistance sir.
You're very welcome!
> Boris once again thank you so much, that is exactly what I needed. DER
> will do just fine, converting is simple with openssl. Thank you so
> much for your assistance sir.
-Boris
Anderson Walls
Apr 23, 2012, 10:45:53 AM4/23/12
to
header files in order to get this all to work properly would you? I
have included the NSIx509Cert.h and the whole thing complies but never
enters the if statement, I'm assuming because I do not have the
correct headers for the nsISupports cert part.
Hope to have this thing running by this afternoon! Just as a reminder
here is what I have inserted into the nsHTMLInputElement.cpp
postHandleEvent method:
if(IsPasswordTextControl()){
std::cerr << "This is a password" << std::endl;
nsCOMPtr<nsISupports> cert;
NodePrincipal()->GetCertificate(getter_AddRefs(cert));
if(cert){
std::cerr << "CERT" << std::endl;
NodePrincipal()->GetCertificate(getter_AddRefs(cert));
if(cert){
nsCOMPtr<nsIX059Cert> c = do_QueryInterface(cert);
PRUint32 = length;
PRUint8* data;
c->GetRawDER(&length,&data);
std::cerr << data << std::endl;
NS_Free(data);
}
}
if I try to take out the if part and just let it run I segfault when I
go into a password field, which obviously is bad. The site I have been
testing on is Navy Federal's web page so I know they do have a cert. I
have a feeling I am just missing some headers or something pretty
basic. Any ideas?
-Anderson
Boris Zbarsky
Apr 23, 2012, 1:08:01 PM4/23/12
to
On 4/23/12 10:45 AM, Anderson Walls wrote:
> Boris you wouldn't happen to be able to direct me to the correct
> header files in order to get this all to work properly would you?
Just nsIX509Cert.h should be enough
> Boris you wouldn't happen to be able to direct me to the correct
> header files in order to get this all to work properly would you?
> if(IsPasswordTextControl()){
> std::cerr<< "This is a password"<< std::endl;
> nsCOMPtr<nsISupports> cert;
> NodePrincipal()->GetCertificate(getter_AddRefs(cert));
> if(cert){
> std::cerr<< "CERT"<< std::endl;
> nsCOMPtr<nsIX059Cert> c = do_QueryInterface(cert);
> PRUint32 = length;
PRUint32 length;
Are you sure this compiled?
> if I try to take out the if part and just let it run I segfault when I
> go into a password field, which obviously is bad. The site I have been
> testing on is Navy Federal's web page so I know they do have a cert.
the page itself is signed.... Come to think of it, almost certainly
true. :(
Maybe what would work better is something like this:
if(IsPasswordTextControl()){
nsIChannel* chan = OwnerDoc()->GetChannel();
if (chan) {
nsCOMPtr<nsISupports> securityInfo;
chan->GetSecurityInfo(getter_AddRefs(securityInfo));
nsCOMPtr<nsISSLStatusProvider> provider =
do_QueryInterface(securityInfo);
if (provider) {
nsCOMPtr<nsISSLStatus> status;
provider->GetSSLStatus(getter_AddRefs(status));
if (status) {
nsCOMPtr<nsIX509Cert> cert;
status->GetServerCert(getter_AddRefs(cert));
if (cert) {
PRUint32 length;
PRUint8* data;
cert->GetRawDER(&length,&data);
// Whatever you want
NS_Free(data);
}
}
}
}
}
-Boris
Anderson Walls
Apr 23, 2012, 10:11:24 PM4/23/12
to
I just typo-ed in a '=', I would pray that g++ would not allow that. I
now have raw DER's going to a file so this last part of my project is
complete! Now just have to do a little gluing together and I should be
just fine.
Thank you for your continued help, I really appreciate it. I would
have spend weeks looking through Mozilla's DOM before I came to a
solution close to this. Have a good one sir, Go Navy.
- Anderson
USNA '13
0 new messages