gecko-dev/security/manager/ssl/nsKeygenHandler.h

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsKeygenHandler_h
#define nsKeygenHandler_h

#include "ScopedNSSTypes.h"
#include "keythi.h"
#include "nsCOMPtr.h"
#include "nsError.h"
#include "nsIFormProcessor.h"
#include "nsIInterfaceRequestor.h"
#include "nsString.h"
#include "nsTArray.h"
#include "secmodt.h"

nsresult GetSlotWithMechanism(uint32_t mechanism,
                              nsIInterfaceRequestor* ctx,
                              PK11SlotInfo** retSlot);

#define DEFAULT_RSA_KEYGEN_PE 65537L
#define DEFAULT_RSA_KEYGEN_ALG SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION

mozilla::UniqueSECItem DecodeECParams(const char* curve);

class nsKeygenFormProcessor : public nsIFormProcessor
{
public:
  nsKeygenFormProcessor();
  nsresult Init();

  virtual nsresult ProcessValue(mozilla::dom::Element* aElement,
                                const nsAString& aName,
                                nsAString& aValue) override;

  virtual nsresult ProcessValueIPC(const nsAString& aOldValue,
                                   const nsAString& aChallenge,
                                   const nsAString& aKeyType,
                                   const nsAString& aKeyParams,
                                   nsAString& aNewValue) override;

  virtual nsresult ProvideContent(const nsAString& aFormType,
                                  nsTArray<nsString>& aContent,
                                  nsAString& aAttribute) override;
  NS_DECL_THREADSAFE_ISUPPORTS

  static nsresult Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult);

  static void ExtractParams(mozilla::dom::Element* aElement,
                            nsAString& challengeValue,
                            nsAString& keyTypeValue,
                            nsAString& keyParamsValue);

protected:
  virtual ~nsKeygenFormProcessor() {}

  nsresult GetPublicKey(const nsAString& aValue, const nsAString& aChallenge,
                        const nsString& akeyType, nsAString& aOutPublicKey,
                        const nsAString& aPqg);
  nsresult GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot);
private:
  nsCOMPtr<nsIInterfaceRequestor> m_ctx;

  typedef struct SECKeySizeChoiceInfoStr {
      nsString name;
      int size;
  } SECKeySizeChoiceInfo;

  enum { number_of_key_size_choices = 2 };

  SECKeySizeChoiceInfo mSECKeySizeChoiceList[number_of_key_size_choices];
};

#endif // nsKeygenHandler_h
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00			`/* -- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 --`
			`*`
Bug 759095 - upgrade license to MPL 2, and other licensing cleanups. 2012-05-31 13:33:35 +04:00			`* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00
Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler MozReview-Commit-ID: 430uuWHIZjC --HG-- extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb 2016-04-28 04:16:48 +03:00			`#ifndef nsKeygenHandler_h`
			`#define nsKeygenHandler_h`

Bug 1294011 - Obviate manual calls to SECITEM_FreeItem() in PSM. r=keeler MozReview-Commit-ID: 7RNV0YNraBx --HG-- extra : rebase_source : bd4c8981b52e3f5a504fc09958872415cf757eff 2016-08-13 16:45:00 +03:00			`#include "ScopedNSSTypes.h"`
Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler MozReview-Commit-ID: 430uuWHIZjC --HG-- extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb 2016-04-28 04:16:48 +03:00			`#include "keythi.h"`
			`#include "nsCOMPtr.h"`
			`#include "nsError.h"`
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00			`#include "nsIFormProcessor.h"`
Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler MozReview-Commit-ID: 430uuWHIZjC --HG-- extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb 2016-04-28 04:16:48 +03:00			`#include "nsIInterfaceRequestor.h"`
Bug 1338897 - Avoid using NSS Base64 functions in PSM. r=keeler The NSS Base64 functions are less safe and convenient to use than the XPCOM ones. They're also an unnecessary dependency on NSS. The NSS Base64 functions behave slightly differently than the XPCOM ones: 1. ATOB_ConvertAsciiToItem() / NSSBase64_DecodeBuffer() silently ignore invalid characters like CRLF, space and so on. Base64Decode() will return an error if these characters are encountered. 2. BTOA_DataToAscii() will produce output that has CRLF inserted every 64 characters. Base64Encode() doesn't do this. For the reasons listed below, no unexpected compatibility issues should arise: 1. AppSignatureVerification.cpp already filters out CRLF and spaces for Manifest and Signature values before decoding. 2. ExtendedValidation.cpp is only given what should be valid hard-coded input to decode. 3. ContentSignatureVerifier.cpp already splits on CRLF for when it needs to decode PEM certs. Spaces shouldn't be likely. For Content-Signature header verification, examination of real input to a running instance of Firefox suggests CRLF and spaces will not be present in the header to decode. 4. nsCryptoHash.cpp encode is affected, but we actually don't want the CRLF behaviour. 5. nsDataSignatureVerifier.cpp decode is affected, but we add whitespace stripping to maintain backwards compatibility. 6. nsKeygenHandler.cpp encode is affected, but the previous CRLF behaviour was arguably a bug, since neither WHATWG or W3C specs specified this. MozReview-Commit-ID: IWMFxqVZMeX --HG-- extra : rebase_source : 4863b2e5eabef0555e8e1ebe39216d0d9393f3e9 2017-03-17 18:31:40 +03:00			`#include "nsString.h"`
Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler MozReview-Commit-ID: 430uuWHIZjC --HG-- extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb 2016-04-28 04:16:48 +03:00			`#include "nsTArray.h"`
			`#include "secmodt.h"`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "nsprpub" \ ! -wholename "security/nss" \ ! -wholename "/.hg" \ ! -wholename "obj-ff-dbg" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname ".cpp" \ -o -iname ".h" \ -o -iname ".c" \ -o -iname ".cc" \ -o -iname ".idl" \ -o -iname ".ipdl" \ -o -iname ".ipdlh" \ -o -iname "*.mm" \) \| \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double 2012-08-22 19:56:38 +04:00			`nsresult GetSlotWithMechanism(uint32_t mechanism,`
bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin nsPSMUITracker was problematic. Apparently it was originally intended to prevent NSS shutdown while NSS-related UI operations were going on (such as choosing a client certificate). However, when nsNSSComponent would receive the event that told it to shutdown NSS, it would attempt to call mShutdownObjectList->evaporateAllNSSResources(), which would call mActivityState.restrictActivityToCurrentThread(), which failed if such a UI operation was in progress. This actually prevented the important part of evaporateAllNSSResources, which is the releasing of all NSS objects in use by PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where it thought it was okay to keep using the NSS objects it had when in fact it wasn't. In any case, nsPSMUITracker isn't really necessary as long as we have the nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should use instead (or not at all, if no such lock is needed for the operation being performed (for example, if no NSS functions are being called)). 2015-10-17 00:31:57 +03:00			`nsIInterfaceRequestor* ctx,`
bug 1421084 - part 1/4 - remove now-unnecessary nsNSSShutDownPreventionLock r=mt,ttaubert As of bug 1417680, the NSS shutdown tracking infrastructure is unnecessary (and does nothing anyway). This series of changesets removes the remaining pieces in a way that is hopefully easy to confirm is correct. MozReview-Commit-ID: 8Y5wpsyNlGc --HG-- extra : rebase_source : ef6b481510d949e404a4ef5615097d66e566c947 2018-01-23 21:37:47 +03:00			`PK11SlotInfo** retSlot);`
Fix for Bug 74340 r=mcgreer, sr=blizzard Add the crypto object back to PSM 2. 2001-05-16 03:15:12 +04:00
			`#define DEFAULT_RSA_KEYGEN_PE 65537L`
			`#define DEFAULT_RSA_KEYGEN_ALG SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION`

Bug 1294011 - Obviate manual calls to SECITEM_FreeItem() in PSM. r=keeler MozReview-Commit-ID: 7RNV0YNraBx --HG-- extra : rebase_source : bd4c8981b52e3f5a504fc09958872415cf757eff 2016-08-13 16:45:00 +03:00			`mozilla::UniqueSECItem DecodeECParams(const char* curve);`
Fix for Bug 74340 r=mcgreer, sr=blizzard Add the crypto object back to PSM 2. 2001-05-16 03:15:12 +04:00
bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin nsPSMUITracker was problematic. Apparently it was originally intended to prevent NSS shutdown while NSS-related UI operations were going on (such as choosing a client certificate). However, when nsNSSComponent would receive the event that told it to shutdown NSS, it would attempt to call mShutdownObjectList->evaporateAllNSSResources(), which would call mActivityState.restrictActivityToCurrentThread(), which failed if such a UI operation was in progress. This actually prevented the important part of evaporateAllNSSResources, which is the releasing of all NSS objects in use by PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where it thought it was okay to keep using the NSS objects it had when in fact it wasn't. In any case, nsPSMUITracker isn't really necessary as long as we have the nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should use instead (or not at all, if no such lock is needed for the operation being performed (for example, if no NSS functions are being called)). 2015-10-17 00:31:57 +03:00			`class nsKeygenFormProcessor : public nsIFormProcessor`
			`{`
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00			`public:`
			`nsKeygenFormProcessor();`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00			`nsresult Init();`

Bug 1432944 part 12. Change nsIFormProcessor to pass Element, not nsIDOMHTMLElement, for elements. r=mccr8 MozReview-Commit-ID: K6w7FR254UC 2018-01-30 07:29:11 +03:00			`virtual nsresult ProcessValue(mozilla::dom::Element* aElement,`
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00			`const nsAString& aName,`
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj This patch was automatically generated using the following script: function convert() { echo "Converting $1 to $2..." find . \ ! -wholename "/.git" \ ! -wholename "obj-ff-dbg" \ -type f \ \( -iname ".cpp" \ -o -iname ".h" \ -o -iname ".c" \ -o -iname ".cc" \ -o -iname ".idl" \ -o -iname ".ipdl" \ -o -iname ".ipdlh" \ -o -iname "*.mm" \) \| \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert MOZ_OVERRIDE override convert MOZ_FINAL final 2015-03-21 19:28:04 +03:00			`nsAString& aValue) override;`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00			`virtual nsresult ProcessValueIPC(const nsAString& aOldValue,`
			`const nsAString& aChallenge,`
			`const nsAString& aKeyType,`
			`const nsAString& aKeyParams,`
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj This patch was automatically generated using the following script: function convert() { echo "Converting $1 to $2..." find . \ ! -wholename "/.git" \ ! -wholename "obj-ff-dbg" \ -type f \ \( -iname ".cpp" \ -o -iname ".h" \ -o -iname ".c" \ -o -iname ".cc" \ -o -iname ".idl" \ -o -iname ".ipdl" \ -o -iname ".ipdlh" \ -o -iname "*.mm" \) \| \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert MOZ_OVERRIDE override convert MOZ_FINAL final 2015-03-21 19:28:04 +03:00			`nsAString& aNewValue) override;`
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00
			`virtual nsresult ProvideContent(const nsAString& aFormType,`
			`nsTArray<nsString>& aContent,`
Bug 1145631 - Part 1: Replace MOZ_OVERRIDE and MOZ_FINAL with override and final in the tree; r=froydnj This patch was automatically generated using the following script: function convert() { echo "Converting $1 to $2..." find . \ ! -wholename "/.git" \ ! -wholename "obj-ff-dbg" \ -type f \ \( -iname ".cpp" \ -o -iname ".h" \ -o -iname ".c" \ -o -iname ".cc" \ -o -iname ".idl" \ -o -iname ".ipdl" \ -o -iname ".ipdlh" \ -o -iname "*.mm" \) \| \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert MOZ_OVERRIDE override convert MOZ_FINAL final 2015-03-21 19:28:04 +03:00			`nsAString& aAttribute) override;`
Bug 884061 - Part 3s: Use NS_DECL_THREADSAFE_ISUPPORTS in security/, r=bsmith --HG-- extra : rebase_source : 2b3329c361a71c49ef7c0793006c7dbb6f855e28 2013-07-19 06:24:14 +04:00			`NS_DECL_THREADSAFE_ISUPPORTS`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00
Bug 568691 part B - mechanical changes to in-tree binary modules needed to get them building and registering correctly. After this patch, xpcshell appears to work. 2010-06-10 22:11:40 +04:00			`static nsresult Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult);`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00
Bug 1432944 part 12. Change nsIFormProcessor to pass Element, not nsIDOMHTMLElement, for elements. r=mccr8 MozReview-Commit-ID: K6w7FR254UC 2018-01-30 07:29:11 +03:00			`static void ExtractParams(mozilla::dom::Element* aElement,`
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00			`nsAString& challengeValue,`
			`nsAString& keyTypeValue,`
			`nsAString& keyParamsValue);`

Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00			`protected:`
bug 1421084 - part 3/4 - remove nsNSSShutDownObject::shutdown and virtualDestroyNSSReference r=mt,ttaubert MozReview-Commit-ID: ErL7ZjAGVVC --HG-- extra : rebase_source : 2869aafaef729f0ad190f957919e8b9c40700477 2018-01-25 01:29:08 +03:00			`virtual ~nsKeygenFormProcessor() {}`
Bug 1028588 - Fix dangerous public destructors in security/ - r=bsmith 2014-06-24 02:40:03 +04:00
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00			`nsresult GetPublicKey(const nsAString& aValue, const nsAString& aChallenge,`
Bug 1374580 (part 2) - Remove nsAFlat{,C}String typedefs. r=froydnj. All the instances are converted as follows. - nsAFlatString --> nsString - nsAFlatCString --> nsCString --HG-- extra : rebase_source : b37350642c58a85a08363df2e7c610873faa6e41 2017-06-20 12:19:05 +03:00			`const nsString& akeyType, nsAString& aOutPublicKey,`
Bug 582297 - Make <keygen> work in e10s. r=billm/dkeeler 2014-11-27 01:28:28 +03:00			`const nsAString& aPqg);`
Bug 579517 - Part 1: Automated conversion of NSPR numeric types to stdint types in Gecko; r=bsmedberg This patch was generated by a script. Here's the source of the script for future reference: function convert() { echo "Converting $1 to $2..." find . ! -wholename "nsprpub" \ ! -wholename "security/nss" \ ! -wholename "/.hg" \ ! -wholename "obj-ff-dbg" \ ! -name nsXPCOMCID.h \ ! -name prtypes.h \ -type f \ \( -iname ".cpp" \ -o -iname ".h" \ -o -iname ".c" \ -o -iname ".cc" \ -o -iname ".idl" \ -o -iname ".ipdl" \ -o -iname ".ipdlh" \ -o -iname "*.mm" \) \| \ xargs -n 1 sed -i -e "s/\b$1\b/$2/g" } convert PRInt8 int8_t convert PRUint8 uint8_t convert PRInt16 int16_t convert PRUint16 uint16_t convert PRInt32 int32_t convert PRUint32 uint32_t convert PRInt64 int64_t convert PRUint64 uint64_t convert PRIntn int convert PRUintn unsigned convert PRSize size_t convert PROffset32 int32_t convert PROffset64 int64_t convert PRPtrdiff ptrdiff_t convert PRFloat64 double 2012-08-22 19:56:38 +04:00			`nsresult GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot);`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00			`private:`
			`nsCOMPtr<nsIInterfaceRequestor> m_ctx;`

Bug 399318, Fix 2 one time leaks in nsKeygenHandler r=rrelyea, a=mtschrep 2007-11-13 03:31:23 +03:00			`typedef struct SECKeySizeChoiceInfoStr {`
			`nsString name;`
			`int size;`
			`} SECKeySizeChoiceInfo;`

			`enum { number_of_key_size_choices = 2 };`

			`SECKeySizeChoiceInfo mSECKeySizeChoiceList[number_of_key_size_choices];`
			`};`
Fix for bug 77983, keygen tag. r=javi@netscape.com, sr=blizzard@mozilla.org 2001-05-03 05:00:56 +04:00
Bug 1265164 - Always use nsCOMPtrs with getNSSDialogs(). r=keeler MozReview-Commit-ID: 430uuWHIZjC --HG-- extra : rebase_source : 3192e40558ac36a3a8bf6ff3c1399be1196f8dcb 2016-04-28 04:16:48 +03:00			`#endif // nsKeygenHandler_h`