зеркало из https://github.com/mozilla/gecko-dev.git
Try again to really back out everything from bug 431819 in order to fix bug 454406.
This commit is contained in:
Родитель
109b544036
Коммит
5b263e95c7
|
@ -1,257 +0,0 @@
|
||||||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
||||||
*
|
|
||||||
* ***** BEGIN LICENSE BLOCK *****
|
|
||||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
||||||
*
|
|
||||||
* The contents of this file are subject to the Mozilla Public License Version
|
|
||||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
||||||
* the License. You may obtain a copy of the License at
|
|
||||||
* http://www.mozilla.org/MPL/
|
|
||||||
*
|
|
||||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
||||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
||||||
* for the specific language governing rights and limitations under the
|
|
||||||
* License.
|
|
||||||
*
|
|
||||||
* The Original Code is mozilla.org code.
|
|
||||||
*
|
|
||||||
* The Initial Developer of the Original Code is
|
|
||||||
* Red Hat, Inc.
|
|
||||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
|
||||||
* the Initial Developer. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Contributor(s):
|
|
||||||
* Kai Engert <kengert@redhat.com>
|
|
||||||
*
|
|
||||||
* Alternatively, the contents of this file may be used under the terms of
|
|
||||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
||||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
||||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
||||||
* of those above. If you wish to allow use of your version of this file only
|
|
||||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
||||||
* use your version of this file under the terms of the MPL, indicate your
|
|
||||||
* decision by deleting the provisions above and replace them with the notice
|
|
||||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
||||||
* the provisions above, a recipient may use your version of this file under
|
|
||||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
||||||
*
|
|
||||||
* ***** END LICENSE BLOCK ***** */
|
|
||||||
|
|
||||||
#include "nsClientAuthRemember.h"
|
|
||||||
|
|
||||||
#include "nsIX509Cert.h"
|
|
||||||
#include "nsCRT.h"
|
|
||||||
#include "nsNetUtil.h"
|
|
||||||
#include "nsIObserverService.h"
|
|
||||||
#include "nsNetUtil.h"
|
|
||||||
#include "nsISupportsPrimitives.h"
|
|
||||||
#include "nsPromiseFlatString.h"
|
|
||||||
#include "nsProxiedService.h"
|
|
||||||
#include "nsStringBuffer.h"
|
|
||||||
#include "nsAutoLock.h"
|
|
||||||
#include "nspr.h"
|
|
||||||
#include "pk11pub.h"
|
|
||||||
#include "certdb.h"
|
|
||||||
#include "sechash.h"
|
|
||||||
#include "ssl.h" // For SSL_ClearSessionCache
|
|
||||||
|
|
||||||
#include "nsNSSCleaner.h"
|
|
||||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
|
||||||
|
|
||||||
NS_IMPL_THREADSAFE_ISUPPORTS2(nsClientAuthRememberService,
|
|
||||||
nsIObserver,
|
|
||||||
nsISupportsWeakReference)
|
|
||||||
|
|
||||||
nsClientAuthRememberService::nsClientAuthRememberService()
|
|
||||||
{
|
|
||||||
monitor = PR_NewMonitor();
|
|
||||||
}
|
|
||||||
|
|
||||||
nsClientAuthRememberService::~nsClientAuthRememberService()
|
|
||||||
{
|
|
||||||
RemoveAllFromMemory();
|
|
||||||
if (monitor)
|
|
||||||
PR_DestroyMonitor(monitor);
|
|
||||||
}
|
|
||||||
|
|
||||||
nsresult
|
|
||||||
nsClientAuthRememberService::Init()
|
|
||||||
{
|
|
||||||
if (!mSettingsTable.Init())
|
|
||||||
return NS_ERROR_OUT_OF_MEMORY;
|
|
||||||
|
|
||||||
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
|
|
||||||
if (!proxyman)
|
|
||||||
return NS_ERROR_FAILURE;
|
|
||||||
|
|
||||||
nsCOMPtr<nsIObserverService> observerService(do_GetService("@mozilla.org/observer-service;1"));
|
|
||||||
nsCOMPtr<nsIObserverService> proxiedObserver;
|
|
||||||
|
|
||||||
NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
|
|
||||||
NS_GET_IID(nsIObserverService),
|
|
||||||
observerService,
|
|
||||||
NS_PROXY_SYNC,
|
|
||||||
getter_AddRefs(proxiedObserver));
|
|
||||||
|
|
||||||
if (proxiedObserver) {
|
|
||||||
proxiedObserver->AddObserver(this, "profile-before-change", PR_TRUE);
|
|
||||||
}
|
|
||||||
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
NS_IMETHODIMP
|
|
||||||
nsClientAuthRememberService::Observe(nsISupports *aSubject,
|
|
||||||
const char *aTopic,
|
|
||||||
const PRUnichar *aData)
|
|
||||||
{
|
|
||||||
// check the topic
|
|
||||||
if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
|
|
||||||
// The profile is about to change,
|
|
||||||
// or is going away because the application is shutting down.
|
|
||||||
|
|
||||||
nsAutoMonitor lock(monitor);
|
|
||||||
RemoveAllFromMemory();
|
|
||||||
}
|
|
||||||
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
void nsClientAuthRememberService::ClearRememberedDecisions()
|
|
||||||
{
|
|
||||||
nsAutoMonitor lock(monitor);
|
|
||||||
RemoveAllFromMemory();
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
nsClientAuthRememberService::RemoveAllFromMemory()
|
|
||||||
{
|
|
||||||
mSettingsTable.Clear();
|
|
||||||
}
|
|
||||||
|
|
||||||
static nsresult
|
|
||||||
GetCertFingerprintByOidTag(CERTCertificate* nsscert,
|
|
||||||
SECOidTag aOidTag,
|
|
||||||
nsCString &fp)
|
|
||||||
{
|
|
||||||
unsigned int hash_len = HASH_ResultLenByOidTag(aOidTag);
|
|
||||||
nsRefPtr<nsStringBuffer> fingerprint = nsStringBuffer::Alloc(hash_len);
|
|
||||||
if (!fingerprint)
|
|
||||||
return NS_ERROR_OUT_OF_MEMORY;
|
|
||||||
|
|
||||||
PK11_HashBuf(aOidTag, (unsigned char*)fingerprint->Data(),
|
|
||||||
nsscert->derCert.data, nsscert->derCert.len);
|
|
||||||
|
|
||||||
SECItem fpItem;
|
|
||||||
fpItem.data = (unsigned char*)fingerprint->Data();
|
|
||||||
fpItem.len = hash_len;
|
|
||||||
|
|
||||||
fp.Adopt(CERT_Hexify(&fpItem, 1));
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
nsresult
|
|
||||||
nsClientAuthRememberService::RememberDecision(const nsACString & aHostName,
|
|
||||||
CERTCertificate *aServerCert, CERTCertificate *aClientCert)
|
|
||||||
{
|
|
||||||
// aClientCert == NULL means: remember that user does not want to use a cert
|
|
||||||
NS_ENSURE_ARG_POINTER(aServerCert);
|
|
||||||
if (aHostName.IsEmpty())
|
|
||||||
return NS_ERROR_INVALID_ARG;
|
|
||||||
|
|
||||||
nsCAutoString fpStr;
|
|
||||||
nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr);
|
|
||||||
if (NS_FAILED(rv))
|
|
||||||
return rv;
|
|
||||||
|
|
||||||
{
|
|
||||||
nsAutoMonitor lock(monitor);
|
|
||||||
if (aClientCert) {
|
|
||||||
AddEntryToList(aHostName, fpStr,
|
|
||||||
nsDependentCString(aClientCert->nickname));
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
nsCString empty;
|
|
||||||
AddEntryToList(aHostName, fpStr, empty);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
nsresult
|
|
||||||
nsClientAuthRememberService::HasRememberedDecision(const nsACString & aHostName,
|
|
||||||
CERTCertificate *aCert,
|
|
||||||
nsACString & aClientNickname,
|
|
||||||
PRBool *_retval)
|
|
||||||
{
|
|
||||||
if (aHostName.IsEmpty())
|
|
||||||
return NS_ERROR_INVALID_ARG;
|
|
||||||
|
|
||||||
NS_ENSURE_ARG_POINTER(aCert);
|
|
||||||
NS_ENSURE_ARG_POINTER(_retval);
|
|
||||||
*_retval = PR_FALSE;
|
|
||||||
|
|
||||||
nsresult rv;
|
|
||||||
nsCAutoString fpStr;
|
|
||||||
rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr);
|
|
||||||
if (NS_FAILED(rv))
|
|
||||||
return rv;
|
|
||||||
|
|
||||||
nsCAutoString hostCert;
|
|
||||||
GetHostWithCert(aHostName, fpStr, hostCert);
|
|
||||||
nsClientAuthRemember settings;
|
|
||||||
|
|
||||||
{
|
|
||||||
nsAutoMonitor lock(monitor);
|
|
||||||
nsClientAuthRememberEntry *entry = mSettingsTable.GetEntry(hostCert.get());
|
|
||||||
if (!entry)
|
|
||||||
return NS_OK;
|
|
||||||
settings = entry->mSettings; // copy
|
|
||||||
}
|
|
||||||
|
|
||||||
aClientNickname = settings.mClientNickname;
|
|
||||||
*_retval = PR_TRUE;
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
nsresult
|
|
||||||
nsClientAuthRememberService::AddEntryToList(const nsACString &aHostName,
|
|
||||||
const nsACString &fingerprint,
|
|
||||||
const nsACString &client_nickname)
|
|
||||||
|
|
||||||
{
|
|
||||||
nsCAutoString hostCert;
|
|
||||||
GetHostWithCert(aHostName, fingerprint, hostCert);
|
|
||||||
|
|
||||||
{
|
|
||||||
nsAutoMonitor lock(monitor);
|
|
||||||
nsClientAuthRememberEntry *entry = mSettingsTable.PutEntry(hostCert.get());
|
|
||||||
|
|
||||||
if (!entry) {
|
|
||||||
NS_ERROR("can't insert a null entry!");
|
|
||||||
return NS_ERROR_OUT_OF_MEMORY;
|
|
||||||
}
|
|
||||||
|
|
||||||
entry->mHostWithCert = hostCert;
|
|
||||||
|
|
||||||
nsClientAuthRemember &settings = entry->mSettings;
|
|
||||||
settings.mAsciiHost = aHostName;
|
|
||||||
settings.mFingerprint = fingerprint;
|
|
||||||
settings.mClientNickname = client_nickname;
|
|
||||||
}
|
|
||||||
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
void
|
|
||||||
nsClientAuthRememberService::GetHostWithCert(const nsACString & aHostName,
|
|
||||||
const nsACString & fingerprint,
|
|
||||||
nsACString& _retval)
|
|
||||||
{
|
|
||||||
nsCAutoString hostCert(aHostName);
|
|
||||||
hostCert.AppendLiteral(":");
|
|
||||||
hostCert.Append(fingerprint);
|
|
||||||
|
|
||||||
_retval.Assign(hostCert);
|
|
||||||
}
|
|
|
@ -1,174 +0,0 @@
|
||||||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
||||||
*
|
|
||||||
* ***** BEGIN LICENSE BLOCK *****
|
|
||||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
||||||
*
|
|
||||||
* The contents of this file are subject to the Mozilla Public License Version
|
|
||||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
||||||
* the License. You may obtain a copy of the License at
|
|
||||||
* http://www.mozilla.org/MPL/
|
|
||||||
*
|
|
||||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
||||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
||||||
* for the specific language governing rights and limitations under the
|
|
||||||
* License.
|
|
||||||
*
|
|
||||||
* The Original Code is mozilla.org code.
|
|
||||||
*
|
|
||||||
* The Initial Developer of the Original Code is
|
|
||||||
* Red Hat, Inc.
|
|
||||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
|
||||||
* the Initial Developer. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Contributor(s):
|
|
||||||
* Kai Engert <kengert@redhat.com>
|
|
||||||
*
|
|
||||||
* Alternatively, the contents of this file may be used under the terms of
|
|
||||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
||||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
||||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
||||||
* of those above. If you wish to allow use of your version of this file only
|
|
||||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
||||||
* use your version of this file under the terms of the MPL, indicate your
|
|
||||||
* decision by deleting the provisions above and replace them with the notice
|
|
||||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
||||||
* the provisions above, a recipient may use your version of this file under
|
|
||||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
||||||
*
|
|
||||||
* ***** END LICENSE BLOCK ***** */
|
|
||||||
|
|
||||||
#ifndef __NSCLIENTAUTHREMEMBER_H__
|
|
||||||
#define __NSCLIENTAUTHREMEMBER_H__
|
|
||||||
|
|
||||||
#include "nsTHashtable.h"
|
|
||||||
#include "nsIObserver.h"
|
|
||||||
#include "nsIX509Cert.h"
|
|
||||||
#include "nsAutoPtr.h"
|
|
||||||
#include "nsNSSCertificate.h"
|
|
||||||
#include "nsString.h"
|
|
||||||
#include "nsWeakReference.h"
|
|
||||||
#include "prmon.h"
|
|
||||||
|
|
||||||
class nsClientAuthRemember
|
|
||||||
{
|
|
||||||
public:
|
|
||||||
|
|
||||||
nsClientAuthRemember()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
nsClientAuthRemember(const nsClientAuthRemember &other)
|
|
||||||
{
|
|
||||||
this->operator=(other);
|
|
||||||
}
|
|
||||||
|
|
||||||
nsClientAuthRemember &operator=(const nsClientAuthRemember &other)
|
|
||||||
{
|
|
||||||
mAsciiHost = other.mAsciiHost;
|
|
||||||
mFingerprint = other.mFingerprint;
|
|
||||||
mClientNickname = other.mClientNickname;
|
|
||||||
return *this;
|
|
||||||
}
|
|
||||||
|
|
||||||
nsCString mAsciiHost;
|
|
||||||
nsCString mFingerprint;
|
|
||||||
nsCString mClientNickname;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
// hash entry class
|
|
||||||
class nsClientAuthRememberEntry : public PLDHashEntryHdr
|
|
||||||
{
|
|
||||||
public:
|
|
||||||
// Hash methods
|
|
||||||
typedef const char* KeyType;
|
|
||||||
typedef const char* KeyTypePointer;
|
|
||||||
|
|
||||||
// do nothing with aHost - we require mHead to be set before we're live!
|
|
||||||
nsClientAuthRememberEntry(KeyTypePointer aHostWithCertUTF8)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
nsClientAuthRememberEntry(const nsClientAuthRememberEntry& toCopy)
|
|
||||||
{
|
|
||||||
mSettings = toCopy.mSettings;
|
|
||||||
}
|
|
||||||
|
|
||||||
~nsClientAuthRememberEntry()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
KeyType GetKey() const
|
|
||||||
{
|
|
||||||
return HostWithCertPtr();
|
|
||||||
}
|
|
||||||
|
|
||||||
KeyTypePointer GetKeyPointer() const
|
|
||||||
{
|
|
||||||
return HostWithCertPtr();
|
|
||||||
}
|
|
||||||
|
|
||||||
PRBool KeyEquals(KeyTypePointer aKey) const
|
|
||||||
{
|
|
||||||
return !strcmp(HostWithCertPtr(), aKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
static KeyTypePointer KeyToPointer(KeyType aKey)
|
|
||||||
{
|
|
||||||
return aKey;
|
|
||||||
}
|
|
||||||
|
|
||||||
static PLDHashNumber HashKey(KeyTypePointer aKey)
|
|
||||||
{
|
|
||||||
// PL_DHashStringKey doesn't use the table parameter, so we can safely
|
|
||||||
// pass nsnull
|
|
||||||
return PL_DHashStringKey(nsnull, aKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
enum { ALLOW_MEMMOVE = PR_FALSE };
|
|
||||||
|
|
||||||
// get methods
|
|
||||||
inline const nsCString &HostWithCert() const { return mHostWithCert; }
|
|
||||||
|
|
||||||
inline KeyTypePointer HostWithCertPtr() const
|
|
||||||
{
|
|
||||||
return mHostWithCert.get();
|
|
||||||
}
|
|
||||||
|
|
||||||
nsClientAuthRemember mSettings;
|
|
||||||
nsCString mHostWithCert;
|
|
||||||
};
|
|
||||||
|
|
||||||
class nsClientAuthRememberService : public nsIObserver,
|
|
||||||
public nsSupportsWeakReference
|
|
||||||
{
|
|
||||||
public:
|
|
||||||
NS_DECL_ISUPPORTS
|
|
||||||
NS_DECL_NSIOBSERVER
|
|
||||||
|
|
||||||
nsClientAuthRememberService();
|
|
||||||
~nsClientAuthRememberService();
|
|
||||||
|
|
||||||
nsresult Init();
|
|
||||||
|
|
||||||
static void GetHostWithCert(const nsACString & aHostName,
|
|
||||||
const nsACString & nickname, nsACString& _retval);
|
|
||||||
|
|
||||||
nsresult RememberDecision(const nsACString & aHostName,
|
|
||||||
CERTCertificate *aServerCert, CERTCertificate *aClientCert);
|
|
||||||
nsresult HasRememberedDecision(const nsACString & aHostName,
|
|
||||||
CERTCertificate *aCert, nsACString & aClientNickname, PRBool *_retval);
|
|
||||||
|
|
||||||
void ClearRememberedDecisions();
|
|
||||||
|
|
||||||
protected:
|
|
||||||
PRMonitor *monitor;
|
|
||||||
nsTHashtable<nsClientAuthRememberEntry> mSettingsTable;
|
|
||||||
|
|
||||||
void RemoveAllFromMemory();
|
|
||||||
nsresult AddEntryToList(const nsACString &host,
|
|
||||||
const nsACString &server_fingerprint,
|
|
||||||
const nsACString &client_nickname);
|
|
||||||
};
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -296,10 +296,7 @@ nsNSSComponent::nsNSSComponent()
|
||||||
memset(&mIdentityInfoCallOnce, 0, sizeof(PRCallOnceType));
|
memset(&mIdentityInfoCallOnce, 0, sizeof(PRCallOnceType));
|
||||||
|
|
||||||
nsSSLIOLayerHelpers::Init();
|
nsSSLIOLayerHelpers::Init();
|
||||||
mClientAuthRememberService = new nsClientAuthRememberService;
|
|
||||||
if (mClientAuthRememberService)
|
|
||||||
mClientAuthRememberService->Init();
|
|
||||||
|
|
||||||
NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
|
NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
|
||||||
++mInstanceCount;
|
++mInstanceCount;
|
||||||
hashTableCerts = nsnull;
|
hashTableCerts = nsnull;
|
||||||
|
@ -1686,9 +1683,6 @@ nsNSSComponent::ShutdownNSS()
|
||||||
|
|
||||||
ShutdownSmartCardThreads();
|
ShutdownSmartCardThreads();
|
||||||
SSL_ClearSessionCache();
|
SSL_ClearSessionCache();
|
||||||
if (mClientAuthRememberService) {
|
|
||||||
mClientAuthRememberService->ClearRememberedDecisions();
|
|
||||||
}
|
|
||||||
UnloadLoadableRoots();
|
UnloadLoadableRoots();
|
||||||
CleanupIdentityInfo();
|
CleanupIdentityInfo();
|
||||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("evaporating psm resources\n"));
|
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("evaporating psm resources\n"));
|
||||||
|
@ -2147,9 +2141,6 @@ void nsNSSComponent::ShowAlert(AlertIdentifier ai)
|
||||||
|
|
||||||
nsresult nsNSSComponent::LogoutAuthenticatedPK11()
|
nsresult nsNSSComponent::LogoutAuthenticatedPK11()
|
||||||
{
|
{
|
||||||
if (mClientAuthRememberService) {
|
|
||||||
mClientAuthRememberService->ClearRememberedDecisions();
|
|
||||||
}
|
|
||||||
return mShutdownObjectList->doPK11Logout();
|
return mShutdownObjectList->doPK11Logout();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2410,14 +2401,6 @@ nsNSSComponent::DoProfileChangeNetRestore()
|
||||||
mIsNetworkDown = PR_FALSE;
|
mIsNetworkDown = PR_FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP
|
|
||||||
nsNSSComponent::GetClientAuthRememberService(nsClientAuthRememberService **cars)
|
|
||||||
{
|
|
||||||
NS_ENSURE_ARG_POINTER(cars);
|
|
||||||
NS_IF_ADDREF(*cars = mClientAuthRememberService);
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
//---------------------------------------------
|
//---------------------------------------------
|
||||||
// Implementing nsICryptoHash
|
// Implementing nsICryptoHash
|
||||||
//---------------------------------------------
|
//---------------------------------------------
|
||||||
|
@ -3187,3 +3170,4 @@ PSMContentListener::SetParentContentListener(nsIURIContentListener * aContentLis
|
||||||
mParentContentListener = aContentListener;
|
mParentContentListener = aContentListener;
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -69,7 +69,6 @@
|
||||||
#include "nsNSSCallbacks.h"
|
#include "nsNSSCallbacks.h"
|
||||||
|
|
||||||
#include "nsNSSHelper.h"
|
#include "nsNSSHelper.h"
|
||||||
#include "nsClientAuthRemember.h"
|
|
||||||
|
|
||||||
#define NS_NSSCOMPONENT_CID \
|
#define NS_NSSCOMPONENT_CID \
|
||||||
{0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
|
{0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
|
||||||
|
@ -172,8 +171,6 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
|
||||||
|
|
||||||
NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0;
|
NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0;
|
||||||
|
|
||||||
NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars) = 0;
|
|
||||||
|
|
||||||
NS_IMETHOD EnsureIdentityInfoLoaded() = 0;
|
NS_IMETHOD EnsureIdentityInfoLoaded() = 0;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -262,7 +259,6 @@ public:
|
||||||
NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
|
NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
|
||||||
NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
|
NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
|
||||||
NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
|
NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
|
||||||
NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars);
|
|
||||||
NS_IMETHOD EnsureIdentityInfoLoaded();
|
NS_IMETHOD EnsureIdentityInfoLoaded();
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
@ -328,7 +324,6 @@ private:
|
||||||
nsSSLThread *mSSLThread;
|
nsSSLThread *mSSLThread;
|
||||||
nsCertVerificationThread *mCertVerificationThread;
|
nsCertVerificationThread *mCertVerificationThread;
|
||||||
nsNSSHttpInterface mHttpForNSS;
|
nsNSSHttpInterface mHttpForNSS;
|
||||||
nsRefPtr<nsClientAuthRememberService> mClientAuthRememberService;
|
|
||||||
|
|
||||||
static PRStatus PR_CALLBACK IdentityInfoInit(void);
|
static PRStatus PR_CALLBACK IdentityInfoInit(void);
|
||||||
PRCallOnceType mIdentityInfoCallOnce;
|
PRCallOnceType mIdentityInfoCallOnce;
|
||||||
|
|
|
@ -58,7 +58,6 @@
|
||||||
#include "nsIDateTimeFormat.h"
|
#include "nsIDateTimeFormat.h"
|
||||||
#include "nsDateTimeFormatCID.h"
|
#include "nsDateTimeFormatCID.h"
|
||||||
#include "nsIClientAuthDialogs.h"
|
#include "nsIClientAuthDialogs.h"
|
||||||
#include "nsClientAuthRemember.h"
|
|
||||||
#include "nsICertOverrideService.h"
|
#include "nsICertOverrideService.h"
|
||||||
#include "nsIBadCertListener2.h"
|
#include "nsIBadCertListener2.h"
|
||||||
#include "nsISSLErrorListener.h"
|
#include "nsISSLErrorListener.h"
|
||||||
|
@ -239,7 +238,7 @@ void nsNSSSocketInfo::virtualDestroyNSSReference()
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSSocketInfo,
|
NS_IMPL_THREADSAFE_ISUPPORTS8(nsNSSSocketInfo,
|
||||||
nsITransportSecurityInfo,
|
nsITransportSecurityInfo,
|
||||||
nsISSLSocketControl,
|
nsISSLSocketControl,
|
||||||
nsIInterfaceRequestor,
|
nsIInterfaceRequestor,
|
||||||
|
@ -247,8 +246,7 @@ NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSSocketInfo,
|
||||||
nsIIdentityInfo,
|
nsIIdentityInfo,
|
||||||
nsIAssociatedContentSecurity,
|
nsIAssociatedContentSecurity,
|
||||||
nsISerializable,
|
nsISerializable,
|
||||||
nsIClassInfo,
|
nsIClassInfo)
|
||||||
nsIClientAuthUserDecision)
|
|
||||||
|
|
||||||
nsresult
|
nsresult
|
||||||
nsNSSSocketInfo::GetHandshakePending(PRBool *aHandshakePending)
|
nsNSSSocketInfo::GetHandshakePending(PRBool *aHandshakePending)
|
||||||
|
@ -302,19 +300,6 @@ PRBool nsNSSSocketInfo::GetCanceled()
|
||||||
return mCanceled;
|
return mCanceled;
|
||||||
}
|
}
|
||||||
|
|
||||||
NS_IMETHODIMP nsNSSSocketInfo::GetRememberClientAuthCertificate(PRBool *aRememberClientAuthCertificate)
|
|
||||||
{
|
|
||||||
NS_ENSURE_ARG_POINTER(aRememberClientAuthCertificate);
|
|
||||||
*aRememberClientAuthCertificate = mRememberClientAuthCertificate;
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
NS_IMETHODIMP nsNSSSocketInfo::SetRememberClientAuthCertificate(PRBool aRememberClientAuthCertificate)
|
|
||||||
{
|
|
||||||
mRememberClientAuthCertificate = aRememberClientAuthCertificate;
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
void nsNSSSocketInfo::SetHasCleartextPhase(PRBool aHasCleartextPhase)
|
void nsNSSSocketInfo::SetHasCleartextPhase(PRBool aHasCleartextPhase)
|
||||||
{
|
{
|
||||||
mHasCleartextPhase = aHasCleartextPhase;
|
mHasCleartextPhase = aHasCleartextPhase;
|
||||||
|
@ -2501,10 +2486,12 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
nsNSSShutDownPreventionLock locker;
|
nsNSSShutDownPreventionLock locker;
|
||||||
void* wincx = NULL;
|
void* wincx = NULL;
|
||||||
SECStatus ret = SECFailure;
|
SECStatus ret = SECFailure;
|
||||||
|
nsresult rv;
|
||||||
nsNSSSocketInfo* info = NULL;
|
nsNSSSocketInfo* info = NULL;
|
||||||
PRArenaPool* arena = NULL;
|
PRArenaPool* arena = NULL;
|
||||||
char** caNameStrings;
|
char** caNameStrings;
|
||||||
CERTCertificate* cert = NULL;
|
CERTCertificate* cert = NULL;
|
||||||
|
CERTCertificate* serverCert = NULL;
|
||||||
SECKEYPrivateKey* privKey = NULL;
|
SECKEYPrivateKey* privKey = NULL;
|
||||||
CERTCertList* certList = NULL;
|
CERTCertList* certList = NULL;
|
||||||
CERTCertListNode* node;
|
CERTCertListNode* node;
|
||||||
|
@ -2628,57 +2615,13 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
||||||
goto noCert;
|
goto noCert;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else { // Not Auto => ask
|
|
||||||
/* Get the SSL Certificate */
|
|
||||||
CERTCertificate* serverCert = NULL;
|
|
||||||
CERTCertificateCleaner serverCertCleaner(serverCert);
|
|
||||||
serverCert = SSL_PeerCertificate(socket);
|
|
||||||
if (serverCert == NULL) {
|
|
||||||
/* couldn't get the server cert: what do I do? */
|
|
||||||
goto loser;
|
|
||||||
}
|
|
||||||
|
|
||||||
nsXPIDLCString hostname;
|
|
||||||
info->GetHostName(getter_Copies(hostname));
|
|
||||||
|
|
||||||
nsresult rv;
|
|
||||||
NS_DEFINE_CID(nssComponentCID, NS_NSSCOMPONENT_CID);
|
|
||||||
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(nssComponentCID, &rv));
|
|
||||||
nsRefPtr<nsClientAuthRememberService> cars;
|
|
||||||
if (nssComponent) {
|
|
||||||
nssComponent->GetClientAuthRememberService(getter_AddRefs(cars));
|
|
||||||
}
|
|
||||||
|
|
||||||
PRBool hasRemembered = PR_FALSE;
|
|
||||||
nsCString rememberedNickname;
|
|
||||||
if (cars) {
|
|
||||||
PRBool found;
|
|
||||||
nsresult rv = cars->HasRememberedDecision(hostname,
|
|
||||||
serverCert,
|
|
||||||
rememberedNickname, &found);
|
|
||||||
if (NS_SUCCEEDED(rv) && found) {
|
|
||||||
hasRemembered = PR_TRUE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
PRBool canceled = PR_FALSE;
|
|
||||||
|
|
||||||
if (hasRemembered)
|
|
||||||
{
|
|
||||||
if (rememberedNickname.IsEmpty())
|
|
||||||
canceled = PR_TRUE;
|
|
||||||
else {
|
else {
|
||||||
char *const_nickname = const_cast<char*>(rememberedNickname.get());
|
|
||||||
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), const_nickname);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
/* user selects a cert to present */
|
/* user selects a cert to present */
|
||||||
nsIClientAuthDialogs *dialogs = NULL;
|
nsIClientAuthDialogs *dialogs = NULL;
|
||||||
PRInt32 selectedIndex = -1;
|
PRInt32 selectedIndex = -1;
|
||||||
PRUnichar **certNicknameList = NULL;
|
PRUnichar **certNicknameList = NULL;
|
||||||
PRUnichar **certDetailsList = NULL;
|
PRUnichar **certDetailsList = NULL;
|
||||||
|
PRBool canceled;
|
||||||
|
|
||||||
/* find all user certs that are for SSL */
|
/* find all user certs that are for SSL */
|
||||||
/* note that we are allowing expired certs in this list */
|
/* note that we are allowing expired certs in this list */
|
||||||
|
@ -2735,6 +2678,13 @@ else
|
||||||
|
|
||||||
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
|
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
|
||||||
|
|
||||||
|
/* Get the SSL Certificate */
|
||||||
|
serverCert = SSL_PeerCertificate(socket);
|
||||||
|
if (serverCert == NULL) {
|
||||||
|
/* couldn't get the server cert: what do I do? */
|
||||||
|
goto loser;
|
||||||
|
}
|
||||||
|
|
||||||
/* Get CN and O of the subject and O of the issuer */
|
/* Get CN and O of the subject and O of the issuer */
|
||||||
char *ccn = CERT_GetCommonName(&serverCert->subject);
|
char *ccn = CERT_GetCommonName(&serverCert->subject);
|
||||||
charCleaner ccnCleaner(ccn);
|
charCleaner ccnCleaner(ccn);
|
||||||
|
@ -2742,6 +2692,8 @@ else
|
||||||
|
|
||||||
PRInt32 port;
|
PRInt32 port;
|
||||||
info->GetPort(&port);
|
info->GetPort(&port);
|
||||||
|
char *hostname = SSL_RevealURL(socket);
|
||||||
|
charCleaner hostnameCleaner(hostname);
|
||||||
|
|
||||||
nsString cn_host_port;
|
nsString cn_host_port;
|
||||||
if (ccn && strcmp(ccn, hostname) == 0) {
|
if (ccn && strcmp(ccn, hostname) == 0) {
|
||||||
|
@ -2765,6 +2717,8 @@ else
|
||||||
NS_ConvertUTF8toUTF16 issuer(cissuer);
|
NS_ConvertUTF8toUTF16 issuer(cissuer);
|
||||||
if (cissuer) PORT_Free(cissuer);
|
if (cissuer) PORT_Free(cissuer);
|
||||||
|
|
||||||
|
CERT_DestroyCertificate(serverCert);
|
||||||
|
|
||||||
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
|
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
|
||||||
if (!certNicknameList)
|
if (!certNicknameList)
|
||||||
goto loser;
|
goto loser;
|
||||||
|
@ -2832,12 +2786,9 @@ else
|
||||||
|
|
||||||
if (NS_FAILED(rv)) goto loser;
|
if (NS_FAILED(rv)) goto loser;
|
||||||
|
|
||||||
// even if the user has canceled, we want to remember that, to avoid repeating prompts
|
if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
|
||||||
PRBool wantRemember = PR_FALSE;
|
|
||||||
info->GetRememberClientAuthCertificate(&wantRemember);
|
|
||||||
|
|
||||||
int i;
|
int i;
|
||||||
if (!canceled)
|
|
||||||
for (i = 0, node = CERT_LIST_HEAD(certList);
|
for (i = 0, node = CERT_LIST_HEAD(certList);
|
||||||
!CERT_LIST_END(node, certList);
|
!CERT_LIST_END(node, certList);
|
||||||
++i, node = CERT_LIST_NEXT(node)) {
|
++i, node = CERT_LIST_NEXT(node)) {
|
||||||
|
@ -2848,15 +2799,6 @@ else
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (cars && wantRemember) {
|
|
||||||
cars->RememberDecision(hostname,
|
|
||||||
serverCert,
|
|
||||||
canceled ? 0 : cert);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
|
|
||||||
|
|
||||||
if (cert == NULL) {
|
if (cert == NULL) {
|
||||||
goto loser;
|
goto loser;
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче