firemail

标题: 登录相关问题(安全例外等) [打印本页]

作者: hechengjin    时间: 2016-3-27 22:29
标题: 登录相关问题(安全例外等)
本帖最后由 hechengjin 于 2016-3-27 22:35 编辑

通过添加例外的方式解决:

imap.firemail.com.cn:993
smtp.firemail.com.cn:465
192.168.9.31


imap.firemail.com.cn:443 使用了无效的安全证书。

该证书因为未提供证书颁发链而不被信任。
The certificate is only valid for *.firemail.com

(错误码: sec_error_unknown_issuer)





ssl安装连接证书问题:


https://support.mozilla.org/zh-CN/kb/configuring-certificates

证书类似于身份证,被用来加密或解密两站点之间传输的信息。配置如下:


个人证书可能包含个人标志信息,如你的名字和地址等。选择 自动选择,将不能控制谁有权访问你的证书。



https://support.mozilla.org/zh-CN/kb/add-security-exception



加密传输过程
采用SSL (Secure Sockets Layer)or  TLS (Transport Layer Security) 协议
如果程序不能确认证书的合法性,则会弹出 "Add Security Exception"对话框。

明文传输
不使用上面的传输协议时, 程序和邮件服务器之间的通信是不加密的消息,并因此可以被第三方截获和读取。


exceptionDialog.xul


certViewer.xul




作者: hechengjin    时间: 2016-3-27 22:29
  1. //针对私有协议的配置思路:
  2. 1.继续时,直接调用接口,获取到账号所对应的imap地址、端口、加密方式的设置,然后直接在界面上显示设置,就不用再做猜测式匹配。
  3. 2.上面配置完成后,直接进行登录验证(不安全的证书提示一下)。


  4. 3.控制安全例外的触发和弹出活动
  5. 触发:进行用户名和密码验证时,imap可通过verifyConfig函数触发,而smtp的js调用没有调通,只有发邮件时才触发。参考
  6. //this.validate4badCert_IN();          //this.validate4badCert_OUT();
  7. 弹出窗口的控制:

  8. verifyConfig.js
  9. notifyCertProblem: function(socketInfo, status, targetSite) {
  10. me.informUserOfCertError(socketInfo, targetSite);
  11. }
  12. informUserOfCertError : function(socketInfo, targetSite) {
  13. window.openDialog("chrome://pippki/content/exceptionDialog.xul",
  14.                       "","chrome,centerscreen,modal", params);
  15. }


  16. // called by onHalfManualTest()
  17.   validate4badCert_IN : function()
  18.   {
  19.     var configFilledIn = this.getConcreteConfig();


  20.     var self = this;
  21.     // logic function defined in verifyConfig.js
  22.     verifyConfig(
  23.       configFilledIn,
  24.       // guess login config?
  25.       configFilledIn.source != AccountConfig.kSourceXML,
  26.       // TODO Instead, the following line would be correct, but I cannot use it,
  27.       // because some other code doesn't adhere to the expectations/specs.
  28.       // Find out what it was and fix it.
  29.       //concreteConfig.source == AccountConfig.kSourceGuess,
  30.       this._parentMsgWindow,
  31.       function(successfulConfig) // success
  32.       {
  33.                  setTimeout(self.onHalfManualTest2(), 5000);
  34.               
  35.        /* self.stopSpinner(successfulConfig.incoming.password ?
  36.                          "password_ok" : null);

  37.         // the auth might have changed, so we
  38.         // should back-port it to the current config.
  39.         self._currentConfig.incoming.auth = successfulConfig.incoming.auth;
  40.         self._currentConfig.outgoing.auth = successfulConfig.outgoing.auth;
  41.         self._currentConfig.incoming.username = successfulConfig.incoming.username;
  42.         self._currentConfig.outgoing.username = successfulConfig.outgoing.username;
  43.         self.finish();*/
  44.       },
  45.       function(e) // failed
  46.       {
  47.               /*
  48.         self.showErrorStatus("config_unverifiable");
  49.         // TODO bug 555448: wrong error msg, there may be a 1000 other
  50.         // reasons why this failed, and this is misleading users.
  51.        // self.setError("passworderror", "user_pass_invalid");
  52.         // TODO use switchToMode(), see above
  53.         // give user something to proceed after fixing
  54.         _enable("create_button");
  55.         // hidden in non-manual mode, so it's fine to enable
  56.         _enable("half-manual-test_button");
  57.         _enable("advanced-setup_button");
  58.         */
  59.       });
  60.   },

  61.   validate4badCert_OUT : function()
  62.   {
  63.    // var configFilledIn = this.getConcreteConfig();
  64. var configFilledIn = this.getUserConfig();
  65.     var self = this;
  66.     // logic function defined in verifyConfig.js
  67.     verifyConfig_smtp(
  68.       configFilledIn,
  69.       // guess login config?
  70.       configFilledIn.source != AccountConfig.kSourceXML,
  71.       // TODO Instead, the following line would be correct, but I cannot use it,
  72.       // because some other code doesn't adhere to the expectations/specs.
  73.       // Find out what it was and fix it.
  74.       //concreteConfig.source == AccountConfig.kSourceGuess,
  75.       this._parentMsgWindow,
  76.       function(successfulConfig) // success
  77.       {
  78.               alert("success");
  79.                  //setTimeout(self.onHalfManualTest2(), 5000);
  80.               
  81.        /* self.stopSpinner(successfulConfig.incoming.password ?
  82.                          "password_ok" : null);

  83.         // the auth might have changed, so we
  84.         // should back-port it to the current config.
  85.         self._currentConfig.incoming.auth = successfulConfig.incoming.auth;
  86.         self._currentConfig.outgoing.auth = successfulConfig.outgoing.auth;
  87.         self._currentConfig.incoming.username = successfulConfig.incoming.username;
  88.         self._currentConfig.outgoing.username = successfulConfig.outgoing.username;
  89.         self.finish();*/
  90.       },
  91.       function(e) // failed
  92.       {
  93.               /*
  94.         self.showErrorStatus("config_unverifiable");
  95.         // TODO bug 555448: wrong error msg, there may be a 1000 other
  96.         // reasons why this failed, and this is misleading users.
  97.        // self.setError("passworderror", "user_pass_invalid");
  98.         // TODO use switchToMode(), see above
  99.         // give user something to proceed after fixing
  100.         _enable("create_button");
  101.         // hidden in non-manual mode, so it's fine to enable
  102.         _enable("half-manual-test_button");
  103.         _enable("advanced-setup_button");
  104.         */
  105.       });
  106.   },


  107. function verifyConfig_smtp(config, alter, msgWindow, successCallback, errorCallback)
  108. {
  109.   //config.outgoing.auth = 3;
  110.   alert("verifyConfig_smtp");
  111.   ddump(debugObject(config, "config", 3));
  112.   assert(config instanceof AccountConfig,
  113.          "BUG: Arg 'config' needs to be an AccountConfig object");
  114.   assert(typeof(alter) == "boolean");
  115.   assert(typeof(successCallback) == "function");
  116.   assert(typeof(errorCallback) == "function");

  117.   var smtpManager = Cc["@mozilla.org/messengercompose/smtp;1"].getService(Ci.nsISmtpService);
  118.   //let username = config.outgoing.auth > 1 ? config.outgoing.username : null;
  119.   let username = config.outgoing.username ;
  120.    let outServer = smtpManager.findServer(username, config.outgoing.hostname);
  121.    if (outServer)
  122.    {
  123.     errorCallback("outServer  exists");
  124.     alert("outServer  exists");
  125.     return;
  126.   }
  127.   outServer = smtpManager.createSmtpServer();
  128.    outServer.hostname = config.outgoing.hostname;
  129.   outServer.port = config.outgoing.port;
  130.   outServer.authMethod = config.outgoing.auth;
  131.    //if (config.outgoing.auth > 1)
  132.   // {
  133.   //  alert(222222);
  134.      outServer.username = username;
  135.      outServer.password = config.incoming.password;
  136.      if (config.rememberPassword && config.incoming.password.length)
  137.        rememberPassword(outServer, config.incoming.password);
  138. //  }

  139.    if (config.outgoing.socketType == 1) // no SSL
  140.      outServer.socketType = Ci.nsMsgSocketType.plain;
  141.    else if (config.outgoing.socketType == 2) // SSL / TLS
  142.      outServer.socketType = Ci.nsMsgSocketType.SSL;
  143.    else if (config.outgoing.socketType == 3) // STARTTLS
  144.      outServer.socketType = Ci.nsMsgSocketType.alwaysSTARTTLS;

  145.    // API problem: <http://mxr.mozilla.org/seamonkey ... tpServer.idl#93>
  146.    outServer.description = config.displayName;
  147.    if (config.password)
  148.      outServer.password = config.outgoing.password;
  149.   // hack - save away the old callbacks.
  150.   let saveCallbacks = msgWindow.notificationCallbacks;
  151.   // set our own callbacks - this works because verifyLogon will
  152.   // synchronously create the transport and use the notification callbacks.
  153.   let listener = new urlListener(config, outServer, alter, msgWindow,
  154.                                  successCallback, errorCallback);

  155.   // our listener listens both for the url and cert errors.
  156.   msgWindow.notificationCallbacks = listener;
  157.   // try to work around bug where backend is clearing password.
  158.   try {
  159.     outServer.password = config.outgoing.password;
  160.     let uri = outServer.verifyLogon(listener, msgWindow);
  161.     //smtpManager.verifyLogon(outServer, listener, msgWindow);
  162.     // clear msgWindow so url won't prompt for passwords.
  163.     //uri.QueryInterface(Ci.nsIMsgMailNewsUrl).msgWindow = null;
  164.   }
  165.   finally {
  166.     // restore them
  167.     msgWindow.notificationCallbacks = saveCallbacks;
  168.   }

  169. };
复制代码





欢迎光临 firemail (http://firemail.wang:8088/) Powered by Discuz! X3