Architecture card viewer extended
Un article de Milimail.
Sommaire |
Technical documentation - Display certificate of a contact
Functionalities
This extension allows to display the certificate of a contact. This certificate may be either the one in the local store or the one stored in the LDAP directory. In both case, the key used to retrieve the certificate is the contact's email address. When a certificate is found in the LDAP directory, he's added to the local store in order to be used later. For example, when sending an encrypted message.
Implementation
Specifications
There is no specific specification for this extension.
Architecture
Synthetic presentation of the architecture of the extension
This functionality is developped in the form of a Thunderbird extension.
The heart of implementation add a button allowing to display the certificate from the card contact.
GUI files
On the level of the GUI only the card contact is modified by overlay to add a button allowing to display the corresponding certificate.
XPCOM files
We must distinguish two types of certificate: local certificate, stored in the mail client and a remote certificate, stored in the LDAP server. Indeed, the mode to recover both types is different. In all cases, the key used to retrieve the certifcate for a contact is the mail address. The card of a local or remote contact is displayed by the same file XUL. This one manage these two cases differently: for example fields éditables or not... The LDAP attribute read to get a certificate is "userCertificate". This attribute is binary data.
local Certificate
The nsIX509CertDB service recover a local certificate using an address mail as a key with the following method :
nsIX509Cert findCertByEmailAddress(nsISupports token , char* emailAddress)
This certificate object must be passed to this nsICertificateDialogs service, which will be given entirely the responsability to display the certificate in a dedicated window. The Javascript code to be implemented can be taken from the existing file pippki.js:
const nsICertificateDialogs = Components.interfaces.nsICertificateDialogs;
const nsCertificateDialogs = "@mozilla.org/nsCertificateDialogs;1"
function viewCertHelper(parent, cert) {
if (!cert) {
return;
}
var cd = Components.classes[nsCertificateDialogs].getService(nsICertificateDialogs);
cd.viewCert(parent, cert);
}
It will be better to duplicate this code in a dedicated file abCardOverlay_overlay.js, to be sure that the evolutions of the file pippki.js does not make a regression.
Remote Certificate
To communicate with LDAP directory, the XPCOM API provide an interface nsILDAPOperation and the methode :
void searchExt( AUTF8String baseDn , PRInt32 scope , AUTF8String filter , PRUint32 attrCount , arrayof char* attributes , PRIntervalTime timeOut , PRInt32 sizeLimit )
The LDAP attribute read to get a certificate is "userCertificate". During the read, it is needed to use the following attribute "userCertificate;binary" to specify that this attribute is binaire. A sample to get a certificate from a LDAP directory is available in the library certFetchingStatus.js. The request is in the methode kickOffSearch() is a good entry point to understand how it works. This functionality to communicate with a LDAP directory is also used in the extension that manage the email formats from LDAP
