/security/manager/ssl/src/nsNSSComponent.h
C Header | 407 lines | 281 code | 72 blank | 54 comment | 0 complexity | 40157741f8e2e18fa009ab2fa15e1c99 MD5 | raw file
1/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- 2 * 3 * ***** BEGIN LICENSE BLOCK ***** 4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * 6 * The contents of this file are subject to the Mozilla Public License Version 7 * 1.1 (the "License"); you may not use this file except in compliance with 8 * the License. You may obtain a copy of the License at 9 * http://www.mozilla.org/MPL/ 10 * 11 * Software distributed under the License is distributed on an "AS IS" basis, 12 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 13 * for the specific language governing rights and limitations under the 14 * License. 15 * 16 * The Original Code is mozilla.org code. 17 * 18 * The Initial Developer of the Original Code is 19 * Netscape Communications Corporation. 20 * Portions created by the Initial Developer are Copyright (C) 1998 21 * the Initial Developer. All Rights Reserved. 22 * 23 * Contributor(s): 24 * Hubbie Shaw 25 * Doug Turner <dougt@netscape.com> 26 * Brian Ryner <bryner@brianryner.com> 27 * Kai Engert <kaie@netscape.com> 28 * Kai Engert <kengert@redhat.com> 29 * 30 * Alternatively, the contents of this file may be used under the terms of 31 * either the GNU General Public License Version 2 or later (the "GPL"), or 32 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 33 * in which case the provisions of the GPL or the LGPL are applicable instead 34 * of those above. If you wish to allow use of your version of this file only 35 * under the terms of either the GPL or the LGPL, and not to allow others to 36 * use your version of this file under the terms of the MPL, indicate your 37 * decision by deleting the provisions above and replace them with the notice 38 * and other provisions required by the GPL or the LGPL. If you do not delete 39 * the provisions above, a recipient may use your version of this file under 40 * the terms of any one of the MPL, the GPL or the LGPL. 41 * 42 * ***** END LICENSE BLOCK ***** */ 43 44#ifndef _nsNSSComponent_h_ 45#define _nsNSSComponent_h_ 46 47#include "mozilla/Mutex.h" 48#include "nsCOMPtr.h" 49#include "nsISignatureVerifier.h" 50#include "nsIURIContentListener.h" 51#include "nsIStreamListener.h" 52#include "nsIEntropyCollector.h" 53#include "nsString.h" 54#include "nsIStringBundle.h" 55#include "nsIDOMEventTarget.h" 56#include "nsIPrefBranch.h" 57#include "nsIObserver.h" 58#include "nsIObserverService.h" 59#include "nsWeakReference.h" 60#include "nsIScriptSecurityManager.h" 61#include "nsSmartCardMonitor.h" 62#include "nsINSSErrorsService.h" 63#include "nsITimer.h" 64#include "nsNetUtil.h" 65#include "nsHashtable.h" 66#include "nsICryptoHash.h" 67#include "nsICryptoHMAC.h" 68#include "hasht.h" 69#include "nsNSSCallbacks.h" 70#include "nsNSSShutDown.h" 71 72#include "nsNSSHelper.h" 73#include "nsClientAuthRemember.h" 74#include "nsCERTValInParamWrapper.h" 75 76#define NS_NSSCOMPONENT_CID \ 77{0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}} 78 79#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1" 80#define PSM_COMPONENT_CLASSNAME "Mozilla PSM Component" 81 82//Define an interface that we can use to look up from the 83//callbacks passed to NSS. 84 85#define NS_INSSCOMPONENT_IID_STR "6ffbb526-205b-49c5-ae3f-5959c084075e" 86#define NS_INSSCOMPONENT_IID \ 87 { 0x6ffbb526, 0x205b, 0x49c5, \ 88 { 0xae, 0x3f, 0x59, 0x59, 0xc0, 0x84, 0x7, 0x5e } } 89 90#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}} 91#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1" 92 93#define NS_CRYPTO_HASH_CLASSNAME "Mozilla Crypto Hash Function Component" 94#define NS_CRYPTO_HASH_CID {0x36a1d3b3, 0xd886, 0x4317, {0x96, 0xff, 0x87, 0xb0, 0x00, 0x5c, 0xfe, 0xf7}} 95 96#define NS_CRYPTO_HMAC_CLASSNAME "Mozilla Crypto HMAC Function Component" 97#define NS_CRYPTO_HMAC_CID {0xa496d0a2, 0xdff7, 0x4e23, {0xbd, 0x65, 0x1c, 0xa7, 0x42, 0xfa, 0x17, 0x8a}} 98 99enum EnsureNSSOperator 100{ 101 nssLoadingComponent = 0, 102 nssInitSucceeded = 1, 103 nssInitFailed = 2, 104 nssShutdown = 3, 105 nssEnsure = 100, 106 nssEnsureOnChromeOnly = 101 107}; 108 109extern bool EnsureNSSInitialized(EnsureNSSOperator op); 110 111//-------------------------------------------- 112// Now we need a content listener to register 113//-------------------------------------------- 114class PSMContentDownloader : public nsIStreamListener 115{ 116public: 117 PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); } 118 PSMContentDownloader(PRUint32 type); 119 virtual ~PSMContentDownloader(); 120 void setSilentDownload(bool flag); 121 void setCrlAutodownloadKey(nsAutoString key); 122 123 NS_DECL_ISUPPORTS 124 NS_DECL_NSIREQUESTOBSERVER 125 NS_DECL_NSISTREAMLISTENER 126 127 enum {UNKNOWN_TYPE = 0}; 128 enum {X509_CA_CERT = 1}; 129 enum {X509_USER_CERT = 2}; 130 enum {X509_EMAIL_CERT = 3}; 131 enum {X509_SERVER_CERT = 4}; 132 enum {PKCS7_CRL = 5}; 133 134protected: 135 char* mByteData; 136 PRInt32 mBufferOffset; 137 PRInt32 mBufferSize; 138 PRUint32 mType; 139 bool mDoSilentDownload; 140 nsString mCrlAutoDownloadKey; 141 nsCOMPtr<nsIURI> mURI; 142 nsresult handleContentDownloadError(nsresult errCode); 143}; 144 145class nsNSSComponent; 146 147class NS_NO_VTABLE nsINSSComponent : public nsISupports { 148 public: 149 NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID) 150 151 NS_IMETHOD ShowAlertFromStringBundle(const char * messageID) = 0; 152 153 NS_IMETHOD GetPIPNSSBundleString(const char *name, 154 nsAString &outString) = 0; 155 NS_IMETHOD PIPBundleFormatStringFromName(const char *name, 156 const PRUnichar **params, 157 PRUint32 numParams, 158 nsAString &outString) = 0; 159 160 NS_IMETHOD GetNSSBundleString(const char *name, 161 nsAString &outString) = 0; 162 NS_IMETHOD NSSBundleFormatStringFromName(const char *name, 163 const PRUnichar **params, 164 PRUint32 numParams, 165 nsAString &outString) = 0; 166 167 // This method will just disable OCSP in NSS, it will not 168 // alter the respective pref values. 169 NS_IMETHOD SkipOcsp() = 0; 170 171 // This method will set the OCSP value according to the 172 // values in the preferences. 173 NS_IMETHOD SkipOcspOff() = 0; 174 175 NS_IMETHOD RememberCert(CERTCertificate *cert) = 0; 176 177 NS_IMETHOD RemoveCrlFromList(nsAutoString) = 0; 178 179 NS_IMETHOD DefineNextTimer() = 0; 180 181 NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0; 182 183 NS_IMETHOD LogoutAuthenticatedPK11() = 0; 184 185 NS_IMETHOD LaunchSmartCardThread(SECMODModule *module) = 0; 186 187 NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module) = 0; 188 189 NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token) = 0; 190 191 NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0; 192 193 NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars) = 0; 194 195 NS_IMETHOD EnsureIdentityInfoLoaded() = 0; 196 197 NS_IMETHOD IsNSSInitialized(bool *initialized) = 0; 198 199 NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out) = 0; 200 NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out) = 0; 201}; 202 203NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID) 204 205class nsCryptoHash : public nsICryptoHash, public nsNSSShutDownObject 206{ 207public: 208 NS_DECL_ISUPPORTS 209 NS_DECL_NSICRYPTOHASH 210 211 nsCryptoHash(); 212 213private: 214 ~nsCryptoHash(); 215 216 HASHContext* mHashContext; 217 bool mInitialized; 218 219 virtual void virtualDestroyNSSReference(); 220 void destructorSafeDestroyNSSReference(); 221}; 222 223class nsCryptoHMAC : public nsICryptoHMAC, public nsNSSShutDownObject 224{ 225public: 226 NS_DECL_ISUPPORTS 227 NS_DECL_NSICRYPTOHMAC 228 229 nsCryptoHMAC(); 230 231private: 232 ~nsCryptoHMAC(); 233 PK11Context* mHMACContext; 234 235 virtual void virtualDestroyNSSReference(); 236 void destructorSafeDestroyNSSReference(); 237}; 238 239class nsNSSShutDownList; 240class nsCertVerificationThread; 241 242// Implementation of the PSM component interface. 243class nsNSSComponent : public nsISignatureVerifier, 244 public nsIEntropyCollector, 245 public nsINSSComponent, 246 public nsIObserver, 247 public nsSupportsWeakReference, 248 public nsITimerCallback 249{ 250 typedef mozilla::Mutex Mutex; 251 252public: 253 NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID ) 254 255 nsNSSComponent(); 256 virtual ~nsNSSComponent(); 257 258 NS_DECL_ISUPPORTS 259 NS_DECL_NSISIGNATUREVERIFIER 260 NS_DECL_NSIENTROPYCOLLECTOR 261 NS_DECL_NSIOBSERVER 262 NS_DECL_NSITIMERCALLBACK 263 264 NS_METHOD Init(); 265 266 static nsresult GetNewPrompter(nsIPrompt ** result); 267 static nsresult ShowAlertWithConstructedString(const nsString & message); 268 NS_IMETHOD ShowAlertFromStringBundle(const char * messageID); 269 270 NS_IMETHOD GetPIPNSSBundleString(const char *name, 271 nsAString &outString); 272 NS_IMETHOD PIPBundleFormatStringFromName(const char *name, 273 const PRUnichar **params, 274 PRUint32 numParams, 275 nsAString &outString); 276 NS_IMETHOD GetNSSBundleString(const char *name, 277 nsAString &outString); 278 NS_IMETHOD NSSBundleFormatStringFromName(const char *name, 279 const PRUnichar **params, 280 PRUint32 numParams, 281 nsAString &outString); 282 NS_IMETHOD SkipOcsp(); 283 NS_IMETHOD SkipOcspOff(); 284 nsresult InitializeCRLUpdateTimer(); 285 nsresult StopCRLUpdateTimer(); 286 NS_IMETHOD RemoveCrlFromList(nsAutoString); 287 NS_IMETHOD DefineNextTimer(); 288 NS_IMETHOD LogoutAuthenticatedPK11(); 289 NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString); 290 NS_IMETHOD RememberCert(CERTCertificate *cert); 291 292 NS_IMETHOD LaunchSmartCardThread(SECMODModule *module); 293 NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module); 294 NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token); 295 NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token); 296 NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars); 297 NS_IMETHOD EnsureIdentityInfoLoaded(); 298 NS_IMETHOD IsNSSInitialized(bool *initialized); 299 300 NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out); 301 NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out); 302private: 303 304 nsresult InitializeNSS(bool showWarningBox); 305 nsresult ShutdownNSS(); 306 307#ifdef XP_MACOSX 308 void TryCFM2MachOMigration(nsIFile *cfmPath, nsIFile *machoPath); 309#endif 310 311 void InstallLoadableRoots(); 312 void UnloadLoadableRoots(); 313 void LaunchSmartCardThreads(); 314 void ShutdownSmartCardThreads(); 315 void CleanupIdentityInfo(); 316 void setValidationOptions(nsIPrefBranch * pref); 317 nsresult InitializePIPNSSBundle(); 318 nsresult ConfigureInternalPKCS11Token(); 319 nsresult RegisterPSMContentListener(); 320 nsresult RegisterObservers(); 321 nsresult DeregisterObservers(); 322 nsresult DownloadCrlSilently(); 323 nsresult PostCRLImportEvent(const nsCSubstring &urlString, nsIStreamListener *psmDownloader); 324 nsresult getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key); 325 nsresult DispatchEventToWindow(nsIDOMWindow *domWin, const nsAString &eventType, const nsAString &token); 326 327 // Methods that we use to handle the profile change notifications (and to 328 // synthesize a full profile change when we're just doing a profile startup): 329 void DoProfileApproveChange(nsISupports* aSubject); 330 void DoProfileChangeNetTeardown(); 331 void DoProfileChangeTeardown(nsISupports* aSubject); 332 void DoProfileBeforeChange(nsISupports* aSubject); 333 void DoProfileChangeNetRestore(); 334 335 Mutex mutex; 336 337 nsCOMPtr<nsIScriptSecurityManager> mScriptSecurityManager; 338 nsCOMPtr<nsIStringBundle> mPIPNSSBundle; 339 nsCOMPtr<nsIStringBundle> mNSSErrorsBundle; 340 nsCOMPtr<nsIURIContentListener> mPSMContentListener; 341 nsCOMPtr<nsIPrefBranch> mPrefBranch; 342 nsCOMPtr<nsITimer> mTimer; 343 bool mNSSInitialized; 344 bool mObserversRegistered; 345 PLHashTable *hashTableCerts; 346 nsAutoString mDownloadURL; 347 nsAutoString mCrlUpdateKey; 348 Mutex mCrlTimerLock; 349 nsHashtable *crlsScheduledForDownload; 350 bool crlDownloadTimerOn; 351 bool mUpdateTimerInitialized; 352 static int mInstanceCount; 353 nsNSSShutDownList *mShutdownObjectList; 354 SmartCardThreadList *mThreadList; 355 bool mIsNetworkDown; 356 357 void deleteBackgroundThreads(); 358 void createBackgroundThreads(); 359 nsCertVerificationThread *mCertVerificationThread; 360 361 nsNSSHttpInterface mHttpForNSS; 362 nsRefPtr<nsClientAuthRememberService> mClientAuthRememberService; 363 nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParam; 364 nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParamLocalOnly; 365 366 static PRStatus PR_CALLBACK IdentityInfoInit(void); 367 PRCallOnceType mIdentityInfoCallOnce; 368 369public: 370 static bool globalConstFlagUsePKIXVerification; 371}; 372 373class PSMContentListener : public nsIURIContentListener, 374 public nsSupportsWeakReference { 375public: 376 PSMContentListener(); 377 virtual ~PSMContentListener(); 378 nsresult init(); 379 380 NS_DECL_ISUPPORTS 381 NS_DECL_NSIURICONTENTLISTENER 382private: 383 nsCOMPtr<nsISupports> mLoadCookie; 384 nsCOMPtr<nsIURIContentListener> mParentContentListener; 385}; 386 387class nsNSSErrors 388{ 389public: 390 static const char *getDefaultErrorStringName(PRInt32 err); 391 static const char *getOverrideErrorStringName(PRInt32 aErrorCode); 392 static nsresult getErrorMessageFromCode(PRInt32 err, 393 nsINSSComponent *component, 394 nsString &returnedMessage); 395}; 396 397class nsPSMInitPanic 398{ 399private: 400 static bool isPanic; 401public: 402 static void SetPanic() {isPanic = true;} 403 static bool GetPanic() {return isPanic;} 404}; 405 406#endif // _nsNSSComponent_h_ 407