/security/manager/ssl/src/nsNSSComponent.h

http://github.com/zpao/v8monkey · C Header · 407 lines · 281 code · 72 blank · 54 comment · 0 complexity · 40157741f8e2e18fa009ab2fa15e1c99 MD5 · raw file

  1. /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  2. *
  3. * ***** BEGIN LICENSE BLOCK *****
  4. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  5. *
  6. * The contents of this file are subject to the Mozilla Public License Version
  7. * 1.1 (the "License"); you may not use this file except in compliance with
  8. * the License. You may obtain a copy of the License at
  9. * http://www.mozilla.org/MPL/
  10. *
  11. * Software distributed under the License is distributed on an "AS IS" basis,
  12. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  13. * for the specific language governing rights and limitations under the
  14. * License.
  15. *
  16. * The Original Code is mozilla.org code.
  17. *
  18. * The Initial Developer of the Original Code is
  19. * Netscape Communications Corporation.
  20. * Portions created by the Initial Developer are Copyright (C) 1998
  21. * the Initial Developer. All Rights Reserved.
  22. *
  23. * Contributor(s):
  24. * Hubbie Shaw
  25. * Doug Turner <dougt@netscape.com>
  26. * Brian Ryner <bryner@brianryner.com>
  27. * Kai Engert <kaie@netscape.com>
  28. * Kai Engert <kengert@redhat.com>
  29. *
  30. * Alternatively, the contents of this file may be used under the terms of
  31. * either the GNU General Public License Version 2 or later (the "GPL"), or
  32. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  33. * in which case the provisions of the GPL or the LGPL are applicable instead
  34. * of those above. If you wish to allow use of your version of this file only
  35. * under the terms of either the GPL or the LGPL, and not to allow others to
  36. * use your version of this file under the terms of the MPL, indicate your
  37. * decision by deleting the provisions above and replace them with the notice
  38. * and other provisions required by the GPL or the LGPL. If you do not delete
  39. * the provisions above, a recipient may use your version of this file under
  40. * the terms of any one of the MPL, the GPL or the LGPL.
  41. *
  42. * ***** END LICENSE BLOCK ***** */
  43. #ifndef _nsNSSComponent_h_
  44. #define _nsNSSComponent_h_
  45. #include "mozilla/Mutex.h"
  46. #include "nsCOMPtr.h"
  47. #include "nsISignatureVerifier.h"
  48. #include "nsIURIContentListener.h"
  49. #include "nsIStreamListener.h"
  50. #include "nsIEntropyCollector.h"
  51. #include "nsString.h"
  52. #include "nsIStringBundle.h"
  53. #include "nsIDOMEventTarget.h"
  54. #include "nsIPrefBranch.h"
  55. #include "nsIObserver.h"
  56. #include "nsIObserverService.h"
  57. #include "nsWeakReference.h"
  58. #include "nsIScriptSecurityManager.h"
  59. #include "nsSmartCardMonitor.h"
  60. #include "nsINSSErrorsService.h"
  61. #include "nsITimer.h"
  62. #include "nsNetUtil.h"
  63. #include "nsHashtable.h"
  64. #include "nsICryptoHash.h"
  65. #include "nsICryptoHMAC.h"
  66. #include "hasht.h"
  67. #include "nsNSSCallbacks.h"
  68. #include "nsNSSShutDown.h"
  69. #include "nsNSSHelper.h"
  70. #include "nsClientAuthRemember.h"
  71. #include "nsCERTValInParamWrapper.h"
  72. #define NS_NSSCOMPONENT_CID \
  73. {0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
  74. #define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
  75. #define PSM_COMPONENT_CLASSNAME "Mozilla PSM Component"
  76. //Define an interface that we can use to look up from the
  77. //callbacks passed to NSS.
  78. #define NS_INSSCOMPONENT_IID_STR "6ffbb526-205b-49c5-ae3f-5959c084075e"
  79. #define NS_INSSCOMPONENT_IID \
  80. { 0x6ffbb526, 0x205b, 0x49c5, \
  81. { 0xae, 0x3f, 0x59, 0x59, 0xc0, 0x84, 0x7, 0x5e } }
  82. #define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
  83. #define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
  84. #define NS_CRYPTO_HASH_CLASSNAME "Mozilla Crypto Hash Function Component"
  85. #define NS_CRYPTO_HASH_CID {0x36a1d3b3, 0xd886, 0x4317, {0x96, 0xff, 0x87, 0xb0, 0x00, 0x5c, 0xfe, 0xf7}}
  86. #define NS_CRYPTO_HMAC_CLASSNAME "Mozilla Crypto HMAC Function Component"
  87. #define NS_CRYPTO_HMAC_CID {0xa496d0a2, 0xdff7, 0x4e23, {0xbd, 0x65, 0x1c, 0xa7, 0x42, 0xfa, 0x17, 0x8a}}
  88. enum EnsureNSSOperator
  89. {
  90. nssLoadingComponent = 0,
  91. nssInitSucceeded = 1,
  92. nssInitFailed = 2,
  93. nssShutdown = 3,
  94. nssEnsure = 100,
  95. nssEnsureOnChromeOnly = 101
  96. };
  97. extern bool EnsureNSSInitialized(EnsureNSSOperator op);
  98. //--------------------------------------------
  99. // Now we need a content listener to register
  100. //--------------------------------------------
  101. class PSMContentDownloader : public nsIStreamListener
  102. {
  103. public:
  104. PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); }
  105. PSMContentDownloader(PRUint32 type);
  106. virtual ~PSMContentDownloader();
  107. void setSilentDownload(bool flag);
  108. void setCrlAutodownloadKey(nsAutoString key);
  109. NS_DECL_ISUPPORTS
  110. NS_DECL_NSIREQUESTOBSERVER
  111. NS_DECL_NSISTREAMLISTENER
  112. enum {UNKNOWN_TYPE = 0};
  113. enum {X509_CA_CERT = 1};
  114. enum {X509_USER_CERT = 2};
  115. enum {X509_EMAIL_CERT = 3};
  116. enum {X509_SERVER_CERT = 4};
  117. enum {PKCS7_CRL = 5};
  118. protected:
  119. char* mByteData;
  120. PRInt32 mBufferOffset;
  121. PRInt32 mBufferSize;
  122. PRUint32 mType;
  123. bool mDoSilentDownload;
  124. nsString mCrlAutoDownloadKey;
  125. nsCOMPtr<nsIURI> mURI;
  126. nsresult handleContentDownloadError(nsresult errCode);
  127. };
  128. class nsNSSComponent;
  129. class NS_NO_VTABLE nsINSSComponent : public nsISupports {
  130. public:
  131. NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
  132. NS_IMETHOD ShowAlertFromStringBundle(const char * messageID) = 0;
  133. NS_IMETHOD GetPIPNSSBundleString(const char *name,
  134. nsAString &outString) = 0;
  135. NS_IMETHOD PIPBundleFormatStringFromName(const char *name,
  136. const PRUnichar **params,
  137. PRUint32 numParams,
  138. nsAString &outString) = 0;
  139. NS_IMETHOD GetNSSBundleString(const char *name,
  140. nsAString &outString) = 0;
  141. NS_IMETHOD NSSBundleFormatStringFromName(const char *name,
  142. const PRUnichar **params,
  143. PRUint32 numParams,
  144. nsAString &outString) = 0;
  145. // This method will just disable OCSP in NSS, it will not
  146. // alter the respective pref values.
  147. NS_IMETHOD SkipOcsp() = 0;
  148. // This method will set the OCSP value according to the
  149. // values in the preferences.
  150. NS_IMETHOD SkipOcspOff() = 0;
  151. NS_IMETHOD RememberCert(CERTCertificate *cert) = 0;
  152. NS_IMETHOD RemoveCrlFromList(nsAutoString) = 0;
  153. NS_IMETHOD DefineNextTimer() = 0;
  154. NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
  155. NS_IMETHOD LogoutAuthenticatedPK11() = 0;
  156. NS_IMETHOD LaunchSmartCardThread(SECMODModule *module) = 0;
  157. NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module) = 0;
  158. NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token) = 0;
  159. NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0;
  160. NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars) = 0;
  161. NS_IMETHOD EnsureIdentityInfoLoaded() = 0;
  162. NS_IMETHOD IsNSSInitialized(bool *initialized) = 0;
  163. NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
  164. NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
  165. };
  166. NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
  167. class nsCryptoHash : public nsICryptoHash, public nsNSSShutDownObject
  168. {
  169. public:
  170. NS_DECL_ISUPPORTS
  171. NS_DECL_NSICRYPTOHASH
  172. nsCryptoHash();
  173. private:
  174. ~nsCryptoHash();
  175. HASHContext* mHashContext;
  176. bool mInitialized;
  177. virtual void virtualDestroyNSSReference();
  178. void destructorSafeDestroyNSSReference();
  179. };
  180. class nsCryptoHMAC : public nsICryptoHMAC, public nsNSSShutDownObject
  181. {
  182. public:
  183. NS_DECL_ISUPPORTS
  184. NS_DECL_NSICRYPTOHMAC
  185. nsCryptoHMAC();
  186. private:
  187. ~nsCryptoHMAC();
  188. PK11Context* mHMACContext;
  189. virtual void virtualDestroyNSSReference();
  190. void destructorSafeDestroyNSSReference();
  191. };
  192. class nsNSSShutDownList;
  193. class nsCertVerificationThread;
  194. // Implementation of the PSM component interface.
  195. class nsNSSComponent : public nsISignatureVerifier,
  196. public nsIEntropyCollector,
  197. public nsINSSComponent,
  198. public nsIObserver,
  199. public nsSupportsWeakReference,
  200. public nsITimerCallback
  201. {
  202. typedef mozilla::Mutex Mutex;
  203. public:
  204. NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
  205. nsNSSComponent();
  206. virtual ~nsNSSComponent();
  207. NS_DECL_ISUPPORTS
  208. NS_DECL_NSISIGNATUREVERIFIER
  209. NS_DECL_NSIENTROPYCOLLECTOR
  210. NS_DECL_NSIOBSERVER
  211. NS_DECL_NSITIMERCALLBACK
  212. NS_METHOD Init();
  213. static nsresult GetNewPrompter(nsIPrompt ** result);
  214. static nsresult ShowAlertWithConstructedString(const nsString & message);
  215. NS_IMETHOD ShowAlertFromStringBundle(const char * messageID);
  216. NS_IMETHOD GetPIPNSSBundleString(const char *name,
  217. nsAString &outString);
  218. NS_IMETHOD PIPBundleFormatStringFromName(const char *name,
  219. const PRUnichar **params,
  220. PRUint32 numParams,
  221. nsAString &outString);
  222. NS_IMETHOD GetNSSBundleString(const char *name,
  223. nsAString &outString);
  224. NS_IMETHOD NSSBundleFormatStringFromName(const char *name,
  225. const PRUnichar **params,
  226. PRUint32 numParams,
  227. nsAString &outString);
  228. NS_IMETHOD SkipOcsp();
  229. NS_IMETHOD SkipOcspOff();
  230. nsresult InitializeCRLUpdateTimer();
  231. nsresult StopCRLUpdateTimer();
  232. NS_IMETHOD RemoveCrlFromList(nsAutoString);
  233. NS_IMETHOD DefineNextTimer();
  234. NS_IMETHOD LogoutAuthenticatedPK11();
  235. NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString);
  236. NS_IMETHOD RememberCert(CERTCertificate *cert);
  237. NS_IMETHOD LaunchSmartCardThread(SECMODModule *module);
  238. NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
  239. NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
  240. NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
  241. NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars);
  242. NS_IMETHOD EnsureIdentityInfoLoaded();
  243. NS_IMETHOD IsNSSInitialized(bool *initialized);
  244. NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out);
  245. NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out);
  246. private:
  247. nsresult InitializeNSS(bool showWarningBox);
  248. nsresult ShutdownNSS();
  249. #ifdef XP_MACOSX
  250. void TryCFM2MachOMigration(nsIFile *cfmPath, nsIFile *machoPath);
  251. #endif
  252. void InstallLoadableRoots();
  253. void UnloadLoadableRoots();
  254. void LaunchSmartCardThreads();
  255. void ShutdownSmartCardThreads();
  256. void CleanupIdentityInfo();
  257. void setValidationOptions(nsIPrefBranch * pref);
  258. nsresult InitializePIPNSSBundle();
  259. nsresult ConfigureInternalPKCS11Token();
  260. nsresult RegisterPSMContentListener();
  261. nsresult RegisterObservers();
  262. nsresult DeregisterObservers();
  263. nsresult DownloadCrlSilently();
  264. nsresult PostCRLImportEvent(const nsCSubstring &urlString, nsIStreamListener *psmDownloader);
  265. nsresult getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key);
  266. nsresult DispatchEventToWindow(nsIDOMWindow *domWin, const nsAString &eventType, const nsAString &token);
  267. // Methods that we use to handle the profile change notifications (and to
  268. // synthesize a full profile change when we're just doing a profile startup):
  269. void DoProfileApproveChange(nsISupports* aSubject);
  270. void DoProfileChangeNetTeardown();
  271. void DoProfileChangeTeardown(nsISupports* aSubject);
  272. void DoProfileBeforeChange(nsISupports* aSubject);
  273. void DoProfileChangeNetRestore();
  274. Mutex mutex;
  275. nsCOMPtr<nsIScriptSecurityManager> mScriptSecurityManager;
  276. nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
  277. nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
  278. nsCOMPtr<nsIURIContentListener> mPSMContentListener;
  279. nsCOMPtr<nsIPrefBranch> mPrefBranch;
  280. nsCOMPtr<nsITimer> mTimer;
  281. bool mNSSInitialized;
  282. bool mObserversRegistered;
  283. PLHashTable *hashTableCerts;
  284. nsAutoString mDownloadURL;
  285. nsAutoString mCrlUpdateKey;
  286. Mutex mCrlTimerLock;
  287. nsHashtable *crlsScheduledForDownload;
  288. bool crlDownloadTimerOn;
  289. bool mUpdateTimerInitialized;
  290. static int mInstanceCount;
  291. nsNSSShutDownList *mShutdownObjectList;
  292. SmartCardThreadList *mThreadList;
  293. bool mIsNetworkDown;
  294. void deleteBackgroundThreads();
  295. void createBackgroundThreads();
  296. nsCertVerificationThread *mCertVerificationThread;
  297. nsNSSHttpInterface mHttpForNSS;
  298. nsRefPtr<nsClientAuthRememberService> mClientAuthRememberService;
  299. nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParam;
  300. nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParamLocalOnly;
  301. static PRStatus PR_CALLBACK IdentityInfoInit(void);
  302. PRCallOnceType mIdentityInfoCallOnce;
  303. public:
  304. static bool globalConstFlagUsePKIXVerification;
  305. };
  306. class PSMContentListener : public nsIURIContentListener,
  307. public nsSupportsWeakReference {
  308. public:
  309. PSMContentListener();
  310. virtual ~PSMContentListener();
  311. nsresult init();
  312. NS_DECL_ISUPPORTS
  313. NS_DECL_NSIURICONTENTLISTENER
  314. private:
  315. nsCOMPtr<nsISupports> mLoadCookie;
  316. nsCOMPtr<nsIURIContentListener> mParentContentListener;
  317. };
  318. class nsNSSErrors
  319. {
  320. public:
  321. static const char *getDefaultErrorStringName(PRInt32 err);
  322. static const char *getOverrideErrorStringName(PRInt32 aErrorCode);
  323. static nsresult getErrorMessageFromCode(PRInt32 err,
  324. nsINSSComponent *component,
  325. nsString &returnedMessage);
  326. };
  327. class nsPSMInitPanic
  328. {
  329. private:
  330. static bool isPanic;
  331. public:
  332. static void SetPanic() {isPanic = true;}
  333. static bool GetPanic() {return isPanic;}
  334. };
  335. #endif // _nsNSSComponent_h_