/security/manager/ssl/src/nsCERTValInParamWrapper.h

http://github.com/zpao/v8monkey · C Header · 102 lines · 31 code · 9 blank · 62 comment · 0 complexity · 95d6acaeb03cf46cc7b7acc77a0ec881 MD5 · raw file 

    

  1. /* ***** BEGIN LICENSE BLOCK *****
    2. 

  2.  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
    3. 

  3.  *
    4. 

  4.  * The contents of this file are subject to the Mozilla Public License Version
    5. 

  5.  * 1.1 (the "License"); you may not use this file except in compliance with
    6. 

  6.  * the License. You may obtain a copy of the License at
    7. 

  7.  * http://www.mozilla.org/MPL/
    8. 

  8.  *
    9. 

  9.  * Software distributed under the License is distributed on an "AS IS" basis,
    10. 

  10.  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    11. 

  11.  * for the specific language governing rights and limitations under the
    12. 

  12.  * License.
    13. 

  13.  *
    14. 

  14.  * The Original Code is mozilla.org code.
    15. 

  15.  *
    16. 

  16.  * The Initial Developer of the Original Code is
    17. 

  17.  * Red Hat, Inc.
    18. 

  18.  * Portions created by the Initial Developer are Copyright (C) 2011
    19. 

  19.  * the Initial Developer. All Rights Reserved.
    20. 

  20.  *
    21. 

  21.  * Contributor(s):
    22. 

  22.  *   Kai Engert <kengert@redhat.com>
    23. 

  23.  *
    24. 

  24.  * Alternatively, the contents of this file may be used under the terms of
    25. 

  25.  * either the GNU General Public License Version 2 or later (the "GPL"), or
    26. 

  26.  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
    27. 

  27.  * in which case the provisions of the GPL or the LGPL are applicable instead
    28. 

  28.  * of those above. If you wish to allow use of your version of this file only
    29. 

  29.  * under the terms of either the GPL or the LGPL, and not to allow others to
    30. 

  30.  * use your version of this file under the terms of the MPL, indicate your
    31. 

  31.  * decision by deleting the provisions above and replace them with the notice
    32. 

  32.  * and other provisions required by the GPL or the LGPL. If you do not delete
    33. 

  33.  * the provisions above, a recipient may use your version of this file under
    34. 

  34.  * the terms of any one of the MPL, the GPL or the LGPL.
    35. 

  35.  *
    36. 

  36.  * ***** END LICENSE BLOCK ***** */
    37. 

  37. 

  38. #ifndef _nsCERTValInParamWrapper_H
    39. 

  39. #define _nsCERTValInParamWrapper_H
    40. 

  40. 

  41. #include "nsISupports.h"
    42. 

  42. #include "cert.h"
    43. 

  43. 

  44. /*
    45. 

  45.  * This is a wrapper around type
    46. 

  46.  * CERTValInParam is a nested input parameter type for CERT_PKIXVerifyCert.
    47. 

  47.  * The values inside this type depend on application preferences,
    48. 

  48.  * as a consequence it's expensive to construct this object.
    49. 

  49.  * (and we shall avoid to access prefs from secondary threads anyway).
    50. 

  50.  * We want to create an instance of that input type once, and use as long as possible.
    51. 

  51.  * Every time the preferences change, we will create a new default object.
    52. 

  52.  *
    53. 

  53.  * A race is possible between "verification function is active and object in use"
    54. 

  54.  * and "must switch to new defaults".
    55. 

  55.  *
    56. 

  56.  * The global default object may be replaced at any time with a new object.
    57. 

  57.  * The contents of inner CERTValInParam are supposed to be stable (const).
    58. 

  58.  *
    59. 

  59.  * In order to protect against the race, we use a reference counted wrapper.
    60. 

  60.  * Each user of a foreign nsCERTValInParamWrapper object
    61. 

  61.  * (e.g. the current global default object)
    62. 

  62.  * must use nsRefPtr<nsCERTValInParamWrapper> = other-object
    63. 

  63.  * prior to calling CERT_PKIXVerifyCert.
    64. 

  64.  * 
    65. 

  65.  * This guarantees the object will still be alive after the call,
    66. 

  66.  * and if the default object has been replaced in the meantime,
    67. 

  67.  * the reference counter will go to zero, and the old default
    68. 

  68.  * object will get destroyed automatically.
    69. 

  69.  */
    70. 

  70. class nsCERTValInParamWrapper
    71. 

  71. {
    72. 

  72.  public:
    73. 

  73.     NS_IMETHOD_(nsrefcnt) AddRef();
    74. 

  74.     NS_IMETHOD_(nsrefcnt) Release();
    75. 

  75. 

  76. public:
    77. 

  77.   nsCERTValInParamWrapper();
    78. 

  78.   virtual ~nsCERTValInParamWrapper();
    79. 

  79. 

  80.   enum missing_cert_download_config { missing_cert_download_off = 0, missing_cert_download_on };
    81. 

  81.   enum crl_download_config { crl_local_only = 0, crl_download_allowed };
    82. 

  82.   enum ocsp_download_config { ocsp_off = 0, ocsp_on };
    83. 

  83.   enum ocsp_strict_config { ocsp_relaxed = 0, ocsp_strict };
    84. 

  84.   enum any_revo_fresh_config { any_revo_relaxed = 0, any_revo_strict };
    85. 

  85. 

  86.   nsresult Construct(missing_cert_download_config ac, crl_download_config cdc,
    87. 

  87.                      ocsp_download_config odc, ocsp_strict_config osc,
    88. 

  88.                      any_revo_fresh_config arfc,
    89. 

  89.                      const char *firstNetworkRevocationMethod);
    90. 

  90. 

  91. private:
    92. 

  92.   nsAutoRefCnt mRefCnt;
    93. 

  93.   NS_DECL_OWNINGTHREAD
    94. 

  94.   bool mAlreadyConstructed;
    95. 

  95.   CERTValInParam *mCVIN;
    96. 

  96.   CERTRevocationFlags *mRev;
    97. 

  97.   
    98. 

  98. public:
    99. 

  99.   CERTValInParam *GetRawPointerForNSS() { return mCVIN; }
    100. 

  100. };
    101. 

  101. 

  102. #endif
    103.