PageRenderTime 49ms CodeModel.GetById 18ms app.highlight 27ms RepoModel.GetById 1ms app.codeStats 1ms

/security/manager/ssl/src/nsNSSComponent.h

http://github.com/zpao/v8monkey
C Header | 407 lines | 281 code | 72 blank | 54 comment | 0 complexity | 40157741f8e2e18fa009ab2fa15e1c99 MD5 | raw file
  1/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
  2 *
  3 * ***** BEGIN LICENSE BLOCK *****
  4 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  5 *
  6 * The contents of this file are subject to the Mozilla Public License Version
  7 * 1.1 (the "License"); you may not use this file except in compliance with
  8 * the License. You may obtain a copy of the License at
  9 * http://www.mozilla.org/MPL/
 10 *
 11 * Software distributed under the License is distributed on an "AS IS" basis,
 12 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 13 * for the specific language governing rights and limitations under the
 14 * License.
 15 *
 16 * The Original Code is mozilla.org code.
 17 *
 18 * The Initial Developer of the Original Code is
 19 * Netscape Communications Corporation.
 20 * Portions created by the Initial Developer are Copyright (C) 1998
 21 * the Initial Developer. All Rights Reserved.
 22 *
 23 * Contributor(s):
 24 *   Hubbie Shaw
 25 *   Doug Turner <dougt@netscape.com>
 26 *   Brian Ryner <bryner@brianryner.com>
 27 *   Kai Engert <kaie@netscape.com>
 28 *   Kai Engert <kengert@redhat.com>
 29 *
 30 * Alternatively, the contents of this file may be used under the terms of
 31 * either the GNU General Public License Version 2 or later (the "GPL"), or
 32 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 33 * in which case the provisions of the GPL or the LGPL are applicable instead
 34 * of those above. If you wish to allow use of your version of this file only
 35 * under the terms of either the GPL or the LGPL, and not to allow others to
 36 * use your version of this file under the terms of the MPL, indicate your
 37 * decision by deleting the provisions above and replace them with the notice
 38 * and other provisions required by the GPL or the LGPL. If you do not delete
 39 * the provisions above, a recipient may use your version of this file under
 40 * the terms of any one of the MPL, the GPL or the LGPL.
 41 *
 42 * ***** END LICENSE BLOCK ***** */
 43
 44#ifndef _nsNSSComponent_h_
 45#define _nsNSSComponent_h_
 46
 47#include "mozilla/Mutex.h"
 48#include "nsCOMPtr.h"
 49#include "nsISignatureVerifier.h"
 50#include "nsIURIContentListener.h"
 51#include "nsIStreamListener.h"
 52#include "nsIEntropyCollector.h"
 53#include "nsString.h"
 54#include "nsIStringBundle.h"
 55#include "nsIDOMEventTarget.h"
 56#include "nsIPrefBranch.h"
 57#include "nsIObserver.h"
 58#include "nsIObserverService.h"
 59#include "nsWeakReference.h"
 60#include "nsIScriptSecurityManager.h"
 61#include "nsSmartCardMonitor.h"
 62#include "nsINSSErrorsService.h"
 63#include "nsITimer.h"
 64#include "nsNetUtil.h"
 65#include "nsHashtable.h"
 66#include "nsICryptoHash.h"
 67#include "nsICryptoHMAC.h"
 68#include "hasht.h"
 69#include "nsNSSCallbacks.h"
 70#include "nsNSSShutDown.h"
 71
 72#include "nsNSSHelper.h"
 73#include "nsClientAuthRemember.h"
 74#include "nsCERTValInParamWrapper.h"
 75
 76#define NS_NSSCOMPONENT_CID \
 77{0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
 78
 79#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
 80#define PSM_COMPONENT_CLASSNAME "Mozilla PSM Component"
 81
 82//Define an interface that we can use to look up from the
 83//callbacks passed to NSS.
 84
 85#define NS_INSSCOMPONENT_IID_STR "6ffbb526-205b-49c5-ae3f-5959c084075e"
 86#define NS_INSSCOMPONENT_IID \
 87  { 0x6ffbb526, 0x205b, 0x49c5, \
 88    { 0xae, 0x3f, 0x59, 0x59, 0xc0, 0x84, 0x7, 0x5e } }
 89
 90#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
 91#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
 92
 93#define NS_CRYPTO_HASH_CLASSNAME "Mozilla Crypto Hash Function Component"
 94#define NS_CRYPTO_HASH_CID {0x36a1d3b3, 0xd886, 0x4317, {0x96, 0xff, 0x87, 0xb0, 0x00, 0x5c, 0xfe, 0xf7}}
 95
 96#define NS_CRYPTO_HMAC_CLASSNAME "Mozilla Crypto HMAC Function Component"
 97#define NS_CRYPTO_HMAC_CID {0xa496d0a2, 0xdff7, 0x4e23, {0xbd, 0x65, 0x1c, 0xa7, 0x42, 0xfa, 0x17, 0x8a}}
 98
 99enum EnsureNSSOperator
100{
101  nssLoadingComponent = 0,
102  nssInitSucceeded = 1,
103  nssInitFailed = 2,
104  nssShutdown = 3,
105  nssEnsure = 100,
106  nssEnsureOnChromeOnly = 101
107};
108
109extern bool EnsureNSSInitialized(EnsureNSSOperator op);
110
111//--------------------------------------------
112// Now we need a content listener to register 
113//--------------------------------------------
114class PSMContentDownloader : public nsIStreamListener
115{
116public:
117  PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); }
118  PSMContentDownloader(PRUint32 type);
119  virtual ~PSMContentDownloader();
120  void setSilentDownload(bool flag);
121  void setCrlAutodownloadKey(nsAutoString key);
122
123  NS_DECL_ISUPPORTS
124  NS_DECL_NSIREQUESTOBSERVER
125  NS_DECL_NSISTREAMLISTENER
126
127  enum {UNKNOWN_TYPE = 0};
128  enum {X509_CA_CERT  = 1};
129  enum {X509_USER_CERT  = 2};
130  enum {X509_EMAIL_CERT  = 3};
131  enum {X509_SERVER_CERT  = 4};
132  enum {PKCS7_CRL = 5};
133
134protected:
135  char* mByteData;
136  PRInt32 mBufferOffset;
137  PRInt32 mBufferSize;
138  PRUint32 mType;
139  bool mDoSilentDownload;
140  nsString mCrlAutoDownloadKey;
141  nsCOMPtr<nsIURI> mURI;
142  nsresult handleContentDownloadError(nsresult errCode);
143};
144
145class nsNSSComponent;
146
147class NS_NO_VTABLE nsINSSComponent : public nsISupports {
148 public:
149  NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
150
151  NS_IMETHOD ShowAlertFromStringBundle(const char * messageID) = 0;
152
153  NS_IMETHOD GetPIPNSSBundleString(const char *name,
154                                   nsAString &outString) = 0;
155  NS_IMETHOD PIPBundleFormatStringFromName(const char *name,
156                                           const PRUnichar **params,
157                                           PRUint32 numParams,
158                                           nsAString &outString) = 0;
159
160  NS_IMETHOD GetNSSBundleString(const char *name,
161                                nsAString &outString) = 0;
162  NS_IMETHOD NSSBundleFormatStringFromName(const char *name,
163                                           const PRUnichar **params,
164                                           PRUint32 numParams,
165                                           nsAString &outString) = 0;
166
167  // This method will just disable OCSP in NSS, it will not
168  // alter the respective pref values.
169  NS_IMETHOD SkipOcsp() = 0;
170
171  // This method will set the OCSP value according to the 
172  // values in the preferences.
173  NS_IMETHOD SkipOcspOff() = 0;
174
175  NS_IMETHOD RememberCert(CERTCertificate *cert) = 0;
176
177  NS_IMETHOD RemoveCrlFromList(nsAutoString) = 0;
178
179  NS_IMETHOD DefineNextTimer() = 0;
180
181  NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
182  
183  NS_IMETHOD LogoutAuthenticatedPK11() = 0;
184
185  NS_IMETHOD LaunchSmartCardThread(SECMODModule *module) = 0;
186
187  NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module) = 0;
188
189  NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token) = 0;
190
191  NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0;
192  
193  NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars) = 0;
194
195  NS_IMETHOD EnsureIdentityInfoLoaded() = 0;
196
197  NS_IMETHOD IsNSSInitialized(bool *initialized) = 0;
198
199  NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
200  NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
201};
202
203NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
204
205class nsCryptoHash : public nsICryptoHash, public nsNSSShutDownObject
206{
207public:
208  NS_DECL_ISUPPORTS
209  NS_DECL_NSICRYPTOHASH
210
211  nsCryptoHash();
212
213private:
214  ~nsCryptoHash();
215
216  HASHContext* mHashContext;
217  bool mInitialized;
218
219  virtual void virtualDestroyNSSReference();
220  void destructorSafeDestroyNSSReference();
221};
222
223class nsCryptoHMAC : public nsICryptoHMAC, public nsNSSShutDownObject
224{
225public:
226  NS_DECL_ISUPPORTS
227  NS_DECL_NSICRYPTOHMAC
228
229  nsCryptoHMAC();
230
231private:
232  ~nsCryptoHMAC();
233  PK11Context* mHMACContext;
234
235  virtual void virtualDestroyNSSReference();
236  void destructorSafeDestroyNSSReference();
237};
238
239class nsNSSShutDownList;
240class nsCertVerificationThread;
241
242// Implementation of the PSM component interface.
243class nsNSSComponent : public nsISignatureVerifier,
244                       public nsIEntropyCollector,
245                       public nsINSSComponent,
246                       public nsIObserver,
247                       public nsSupportsWeakReference,
248                       public nsITimerCallback
249{
250  typedef mozilla::Mutex Mutex;
251
252public:
253  NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
254
255  nsNSSComponent();
256  virtual ~nsNSSComponent();
257
258  NS_DECL_ISUPPORTS
259  NS_DECL_NSISIGNATUREVERIFIER
260  NS_DECL_NSIENTROPYCOLLECTOR
261  NS_DECL_NSIOBSERVER
262  NS_DECL_NSITIMERCALLBACK
263
264  NS_METHOD Init();
265
266  static nsresult GetNewPrompter(nsIPrompt ** result);
267  static nsresult ShowAlertWithConstructedString(const nsString & message);
268  NS_IMETHOD ShowAlertFromStringBundle(const char * messageID);
269
270  NS_IMETHOD GetPIPNSSBundleString(const char *name,
271                                   nsAString &outString);
272  NS_IMETHOD PIPBundleFormatStringFromName(const char *name,
273                                           const PRUnichar **params,
274                                           PRUint32 numParams,
275                                           nsAString &outString);
276  NS_IMETHOD GetNSSBundleString(const char *name,
277                               nsAString &outString);
278  NS_IMETHOD NSSBundleFormatStringFromName(const char *name,
279                                           const PRUnichar **params,
280                                           PRUint32 numParams,
281                                           nsAString &outString);
282  NS_IMETHOD SkipOcsp();
283  NS_IMETHOD SkipOcspOff();
284  nsresult InitializeCRLUpdateTimer();
285  nsresult StopCRLUpdateTimer();
286  NS_IMETHOD RemoveCrlFromList(nsAutoString);
287  NS_IMETHOD DefineNextTimer();
288  NS_IMETHOD LogoutAuthenticatedPK11();
289  NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString);
290  NS_IMETHOD RememberCert(CERTCertificate *cert);
291
292  NS_IMETHOD LaunchSmartCardThread(SECMODModule *module);
293  NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
294  NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
295  NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
296  NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars);
297  NS_IMETHOD EnsureIdentityInfoLoaded();
298  NS_IMETHOD IsNSSInitialized(bool *initialized);
299
300  NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out);
301  NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out);
302private:
303
304  nsresult InitializeNSS(bool showWarningBox);
305  nsresult ShutdownNSS();
306
307#ifdef XP_MACOSX
308  void TryCFM2MachOMigration(nsIFile *cfmPath, nsIFile *machoPath);
309#endif
310  
311  void InstallLoadableRoots();
312  void UnloadLoadableRoots();
313  void LaunchSmartCardThreads();
314  void ShutdownSmartCardThreads();
315  void CleanupIdentityInfo();
316  void setValidationOptions(nsIPrefBranch * pref);
317  nsresult InitializePIPNSSBundle();
318  nsresult ConfigureInternalPKCS11Token();
319  nsresult RegisterPSMContentListener();
320  nsresult RegisterObservers();
321  nsresult DeregisterObservers();
322  nsresult DownloadCrlSilently();
323  nsresult PostCRLImportEvent(const nsCSubstring &urlString, nsIStreamListener *psmDownloader);
324  nsresult getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key);
325  nsresult DispatchEventToWindow(nsIDOMWindow *domWin, const nsAString &eventType, const nsAString &token);
326
327  // Methods that we use to handle the profile change notifications (and to
328  // synthesize a full profile change when we're just doing a profile startup):
329  void DoProfileApproveChange(nsISupports* aSubject);
330  void DoProfileChangeNetTeardown();
331  void DoProfileChangeTeardown(nsISupports* aSubject);
332  void DoProfileBeforeChange(nsISupports* aSubject);
333  void DoProfileChangeNetRestore();
334  
335  Mutex mutex;
336  
337  nsCOMPtr<nsIScriptSecurityManager> mScriptSecurityManager;
338  nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
339  nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
340  nsCOMPtr<nsIURIContentListener> mPSMContentListener;
341  nsCOMPtr<nsIPrefBranch> mPrefBranch;
342  nsCOMPtr<nsITimer> mTimer;
343  bool mNSSInitialized;
344  bool mObserversRegistered;
345  PLHashTable *hashTableCerts;
346  nsAutoString mDownloadURL;
347  nsAutoString mCrlUpdateKey;
348  Mutex mCrlTimerLock;
349  nsHashtable *crlsScheduledForDownload;
350  bool crlDownloadTimerOn;
351  bool mUpdateTimerInitialized;
352  static int mInstanceCount;
353  nsNSSShutDownList *mShutdownObjectList;
354  SmartCardThreadList *mThreadList;
355  bool mIsNetworkDown;
356
357  void deleteBackgroundThreads();
358  void createBackgroundThreads();
359  nsCertVerificationThread *mCertVerificationThread;
360
361  nsNSSHttpInterface mHttpForNSS;
362  nsRefPtr<nsClientAuthRememberService> mClientAuthRememberService;
363  nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParam;
364  nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParamLocalOnly;
365
366  static PRStatus PR_CALLBACK IdentityInfoInit(void);
367  PRCallOnceType mIdentityInfoCallOnce;
368
369public:
370  static bool globalConstFlagUsePKIXVerification;
371};
372
373class PSMContentListener : public nsIURIContentListener,
374                            public nsSupportsWeakReference {
375public:
376  PSMContentListener();
377  virtual ~PSMContentListener();
378  nsresult init();
379
380  NS_DECL_ISUPPORTS
381  NS_DECL_NSIURICONTENTLISTENER
382private:
383  nsCOMPtr<nsISupports> mLoadCookie;
384  nsCOMPtr<nsIURIContentListener> mParentContentListener;
385};
386
387class nsNSSErrors
388{
389public:
390  static const char *getDefaultErrorStringName(PRInt32 err);
391  static const char *getOverrideErrorStringName(PRInt32 aErrorCode);
392  static nsresult getErrorMessageFromCode(PRInt32 err,
393                                          nsINSSComponent *component,
394                                          nsString &returnedMessage);
395};
396
397class nsPSMInitPanic
398{
399private:
400  static bool isPanic;
401public:
402  static void SetPanic() {isPanic = true;}
403  static bool GetPanic() {return isPanic;}
404};
405
406#endif // _nsNSSComponent_h_
407