| blob | 11f7e45b5bfde90fde1513485c84066bcdc47a64 |
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 "use strict";
6 const { XPCOMUtils } = ChromeUtils.importESModule(
7 "resource://gre/modules/XPCOMUtils.sys.mjs"
8 );
10 ChromeUtils.defineLazyGetter(
11 this,
12 "l10n",
13 () => new Localization(["security/pippki/pippki.ftl"], true)
14 );
16 var params;
17 var token;
18 var pw1;
20 function doPrompt(messageL10nId) {
21 let msg = l10n.formatValueSync(messageL10nId);
22 Services.prompt.alert(window, null, msg);
23 }
25 function onLoad() {
26 document.getElementById("set_password").getButton("accept").disabled = true;
27 document.addEventListener("dialogaccept", setPassword);
29 pw1 = document.getElementById("pw1");
30 params = window.arguments[0].QueryInterface(Ci.nsIDialogParamBlock);
31 token = params.objects.GetElementAt(0).QueryInterface(Ci.nsIPK11Token);
33 document.l10n.setAttributes(
34 document.getElementById("tokenName"),
35 "change-password-token",
36 { tokenName: token.tokenName }
37 );
38 process();
39 }
41 function process() {
42 let bundle = document.getElementById("pippki_bundle");
43 let oldpwbox = document.getElementById("oldpw");
44 let msgBox = document.getElementById("message");
45 // If the token is unitialized, don't use the old password box.
46 // Otherwise, do.
47 if ((token.needsLogin() && token.needsUserInit) || !token.needsLogin()) {
48 oldpwbox.hidden = true;
49 msgBox.setAttribute("value", bundle.getString("password_not_set"));
50 msgBox.hidden = false;
52 if (!token.needsLogin()) {
53 oldpwbox.setAttribute("inited", "empty");
54 } else {
55 oldpwbox.setAttribute("inited", "true");
56 }
58 // Select first password field
59 document.getElementById("pw1").focus();
60 } else {
61 // Select old password field
62 oldpwbox.hidden = false;
63 msgBox.hidden = true;
64 oldpwbox.setAttribute("inited", "false");
65 oldpwbox.focus();
66 }
68 // Return value 0 means "canceled"
69 params.SetInt(1, 0);
71 checkPasswords();
72 }
74 function setPassword(event) {
75 var oldpwbox = document.getElementById("oldpw");
76 var initpw = oldpwbox.getAttribute("inited");
78 var success = false;
80 if (initpw == "false" || initpw == "empty") {
81 try {
82 var oldpw = "";
83 var passok = 0;
85 if (initpw == "empty") {
86 passok = 1;
87 } else {
88 oldpw = oldpwbox.value;
89 passok = token.checkPassword(oldpw);
90 }
92 if (passok) {
93 if (initpw == "empty" && pw1.value == "") {
94 // checkPasswords() should have prevented this path from being reached.
95 } else {
96 if (pw1.value == "") {
97 var secmoddb = Cc[
98 "@mozilla.org/security/pkcs11moduledb;1"
99 ].getService(Ci.nsIPKCS11ModuleDB);
100 if (secmoddb.isFIPSEnabled) {
101 // empty passwords are not allowed in FIPS mode
102 doPrompt("pippki-pw-change2empty-in-fips-mode");
103 passok = 0;
104 }
105 }
106 if (passok) {
107 token.changePassword(oldpw, pw1.value);
108 if (pw1.value == "") {
109 doPrompt("pippki-pw-erased-ok");
110 } else {
111 doPrompt("pippki-pw-change-ok");
112 }
113 success = true;
114 }
115 }
116 } else {
117 oldpwbox.focus();
118 oldpwbox.setAttribute("value", "");
119 doPrompt("pippki-incorrect-pw");
120 }
121 } catch (e) {
122 doPrompt("pippki-failed-pw-change");
123 }
124 } else {
125 token.initPassword(pw1.value);
126 if (pw1.value == "") {
127 doPrompt("pippki-pw-not-wanted");
128 }
129 success = true;
130 }
132 if (success && params) {
133 // Return value 1 means "successfully executed ok"
134 params.SetInt(1, 1);
135 }
137 // Terminate dialog
138 if (!success) {
139 event.preventDefault();
140 }
141 }
143 function setPasswordStrength() {
144 // We weigh the quality of the password by checking the number of:
145 // - Characters
146 // - Numbers
147 // - Non-alphanumeric chars
148 // - Upper and lower case characters
150 let pw = document.getElementById("pw1").value;
152 let pwlength = pw.length;
153 if (pwlength > 5) {
154 pwlength = 5;
155 }
157 let numnumeric = pw.replace(/[0-9]/g, "");
158 let numeric = pw.length - numnumeric.length;
159 if (numeric > 3) {
160 numeric = 3;
161 }
163 let symbols = pw.replace(/\W/g, "");
164 let numsymbols = pw.length - symbols.length;
165 if (numsymbols > 3) {
166 numsymbols = 3;
167 }
169 let numupper = pw.replace(/[A-Z]/g, "");
170 let upper = pw.length - numupper.length;
171 if (upper > 3) {
172 upper = 3;
173 }
175 let pwstrength =
176 pwlength * 10 - 20 + numeric * 10 + numsymbols * 15 + upper * 10;
178 // Clamp strength to [0, 100].
179 if (pwstrength < 0) {
180 pwstrength = 0;
181 }
182 if (pwstrength > 100) {
183 pwstrength = 100;
184 }
186 let meter = document.getElementById("pwmeter");
187 meter.setAttribute("value", pwstrength);
188 }
190 function checkPasswords() {
191 let pw1 = document.getElementById("pw1").value;
192 let pw2 = document.getElementById("pw2").value;
194 var oldpwbox = document.getElementById("oldpw");
195 if (oldpwbox) {
196 var initpw = oldpwbox.getAttribute("inited");
198 if (initpw == "empty" && pw1 == "") {
199 // The token has already been initialized, therefore this dialog
200 // was called with the intention to change the password.
201 // The token currently uses an empty password.
202 // We will not allow changing the password from empty to empty.
203 document.getElementById("set_password").getButton("accept").disabled =
204 true;
205 return;
206 }
207 }
209 document.getElementById("set_password").getButton("accept").disabled =
210 pw1 != pw2;
211 }