зеркало из https://github.com/mozilla/gecko-dev.git
Try again to really back out everything from bug 431819 in order to fix bug 454406.
This commit is contained in:
Родитель
109b544036
Коммит
5b263e95c7
|
@ -1,257 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||||
*
|
||||
* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Red Hat, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Kai Engert <kengert@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nsClientAuthRemember.h"
|
||||
|
||||
#include "nsIX509Cert.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsIObserverService.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsISupportsPrimitives.h"
|
||||
#include "nsPromiseFlatString.h"
|
||||
#include "nsProxiedService.h"
|
||||
#include "nsStringBuffer.h"
|
||||
#include "nsAutoLock.h"
|
||||
#include "nspr.h"
|
||||
#include "pk11pub.h"
|
||||
#include "certdb.h"
|
||||
#include "sechash.h"
|
||||
#include "ssl.h" // For SSL_ClearSessionCache
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS2(nsClientAuthRememberService,
|
||||
nsIObserver,
|
||||
nsISupportsWeakReference)
|
||||
|
||||
nsClientAuthRememberService::nsClientAuthRememberService()
|
||||
{
|
||||
monitor = PR_NewMonitor();
|
||||
}
|
||||
|
||||
nsClientAuthRememberService::~nsClientAuthRememberService()
|
||||
{
|
||||
RemoveAllFromMemory();
|
||||
if (monitor)
|
||||
PR_DestroyMonitor(monitor);
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsClientAuthRememberService::Init()
|
||||
{
|
||||
if (!mSettingsTable.Init())
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
|
||||
if (!proxyman)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIObserverService> observerService(do_GetService("@mozilla.org/observer-service;1"));
|
||||
nsCOMPtr<nsIObserverService> proxiedObserver;
|
||||
|
||||
NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
|
||||
NS_GET_IID(nsIObserverService),
|
||||
observerService,
|
||||
NS_PROXY_SYNC,
|
||||
getter_AddRefs(proxiedObserver));
|
||||
|
||||
if (proxiedObserver) {
|
||||
proxiedObserver->AddObserver(this, "profile-before-change", PR_TRUE);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsClientAuthRememberService::Observe(nsISupports *aSubject,
|
||||
const char *aTopic,
|
||||
const PRUnichar *aData)
|
||||
{
|
||||
// check the topic
|
||||
if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
|
||||
// The profile is about to change,
|
||||
// or is going away because the application is shutting down.
|
||||
|
||||
nsAutoMonitor lock(monitor);
|
||||
RemoveAllFromMemory();
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void nsClientAuthRememberService::ClearRememberedDecisions()
|
||||
{
|
||||
nsAutoMonitor lock(monitor);
|
||||
RemoveAllFromMemory();
|
||||
}
|
||||
|
||||
void
|
||||
nsClientAuthRememberService::RemoveAllFromMemory()
|
||||
{
|
||||
mSettingsTable.Clear();
|
||||
}
|
||||
|
||||
static nsresult
|
||||
GetCertFingerprintByOidTag(CERTCertificate* nsscert,
|
||||
SECOidTag aOidTag,
|
||||
nsCString &fp)
|
||||
{
|
||||
unsigned int hash_len = HASH_ResultLenByOidTag(aOidTag);
|
||||
nsRefPtr<nsStringBuffer> fingerprint = nsStringBuffer::Alloc(hash_len);
|
||||
if (!fingerprint)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
PK11_HashBuf(aOidTag, (unsigned char*)fingerprint->Data(),
|
||||
nsscert->derCert.data, nsscert->derCert.len);
|
||||
|
||||
SECItem fpItem;
|
||||
fpItem.data = (unsigned char*)fingerprint->Data();
|
||||
fpItem.len = hash_len;
|
||||
|
||||
fp.Adopt(CERT_Hexify(&fpItem, 1));
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsClientAuthRememberService::RememberDecision(const nsACString & aHostName,
|
||||
CERTCertificate *aServerCert, CERTCertificate *aClientCert)
|
||||
{
|
||||
// aClientCert == NULL means: remember that user does not want to use a cert
|
||||
NS_ENSURE_ARG_POINTER(aServerCert);
|
||||
if (aHostName.IsEmpty())
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
|
||||
nsCAutoString fpStr;
|
||||
nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
{
|
||||
nsAutoMonitor lock(monitor);
|
||||
if (aClientCert) {
|
||||
AddEntryToList(aHostName, fpStr,
|
||||
nsDependentCString(aClientCert->nickname));
|
||||
}
|
||||
else {
|
||||
nsCString empty;
|
||||
AddEntryToList(aHostName, fpStr, empty);
|
||||
}
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsClientAuthRememberService::HasRememberedDecision(const nsACString & aHostName,
|
||||
CERTCertificate *aCert,
|
||||
nsACString & aClientNickname,
|
||||
PRBool *_retval)
|
||||
{
|
||||
if (aHostName.IsEmpty())
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
|
||||
NS_ENSURE_ARG_POINTER(aCert);
|
||||
NS_ENSURE_ARG_POINTER(_retval);
|
||||
*_retval = PR_FALSE;
|
||||
|
||||
nsresult rv;
|
||||
nsCAutoString fpStr;
|
||||
rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr);
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
nsCAutoString hostCert;
|
||||
GetHostWithCert(aHostName, fpStr, hostCert);
|
||||
nsClientAuthRemember settings;
|
||||
|
||||
{
|
||||
nsAutoMonitor lock(monitor);
|
||||
nsClientAuthRememberEntry *entry = mSettingsTable.GetEntry(hostCert.get());
|
||||
if (!entry)
|
||||
return NS_OK;
|
||||
settings = entry->mSettings; // copy
|
||||
}
|
||||
|
||||
aClientNickname = settings.mClientNickname;
|
||||
*_retval = PR_TRUE;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsClientAuthRememberService::AddEntryToList(const nsACString &aHostName,
|
||||
const nsACString &fingerprint,
|
||||
const nsACString &client_nickname)
|
||||
|
||||
{
|
||||
nsCAutoString hostCert;
|
||||
GetHostWithCert(aHostName, fingerprint, hostCert);
|
||||
|
||||
{
|
||||
nsAutoMonitor lock(monitor);
|
||||
nsClientAuthRememberEntry *entry = mSettingsTable.PutEntry(hostCert.get());
|
||||
|
||||
if (!entry) {
|
||||
NS_ERROR("can't insert a null entry!");
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
entry->mHostWithCert = hostCert;
|
||||
|
||||
nsClientAuthRemember &settings = entry->mSettings;
|
||||
settings.mAsciiHost = aHostName;
|
||||
settings.mFingerprint = fingerprint;
|
||||
settings.mClientNickname = client_nickname;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void
|
||||
nsClientAuthRememberService::GetHostWithCert(const nsACString & aHostName,
|
||||
const nsACString & fingerprint,
|
||||
nsACString& _retval)
|
||||
{
|
||||
nsCAutoString hostCert(aHostName);
|
||||
hostCert.AppendLiteral(":");
|
||||
hostCert.Append(fingerprint);
|
||||
|
||||
_retval.Assign(hostCert);
|
||||
}
|
|
@ -1,174 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||||
*
|
||||
* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Red Hat, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2008
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Kai Engert <kengert@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef __NSCLIENTAUTHREMEMBER_H__
|
||||
#define __NSCLIENTAUTHREMEMBER_H__
|
||||
|
||||
#include "nsTHashtable.h"
|
||||
#include "nsIObserver.h"
|
||||
#include "nsIX509Cert.h"
|
||||
#include "nsAutoPtr.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsString.h"
|
||||
#include "nsWeakReference.h"
|
||||
#include "prmon.h"
|
||||
|
||||
class nsClientAuthRemember
|
||||
{
|
||||
public:
|
||||
|
||||
nsClientAuthRemember()
|
||||
{
|
||||
}
|
||||
|
||||
nsClientAuthRemember(const nsClientAuthRemember &other)
|
||||
{
|
||||
this->operator=(other);
|
||||
}
|
||||
|
||||
nsClientAuthRemember &operator=(const nsClientAuthRemember &other)
|
||||
{
|
||||
mAsciiHost = other.mAsciiHost;
|
||||
mFingerprint = other.mFingerprint;
|
||||
mClientNickname = other.mClientNickname;
|
||||
return *this;
|
||||
}
|
||||
|
||||
nsCString mAsciiHost;
|
||||
nsCString mFingerprint;
|
||||
nsCString mClientNickname;
|
||||
};
|
||||
|
||||
|
||||
// hash entry class
|
||||
class nsClientAuthRememberEntry : public PLDHashEntryHdr
|
||||
{
|
||||
public:
|
||||
// Hash methods
|
||||
typedef const char* KeyType;
|
||||
typedef const char* KeyTypePointer;
|
||||
|
||||
// do nothing with aHost - we require mHead to be set before we're live!
|
||||
nsClientAuthRememberEntry(KeyTypePointer aHostWithCertUTF8)
|
||||
{
|
||||
}
|
||||
|
||||
nsClientAuthRememberEntry(const nsClientAuthRememberEntry& toCopy)
|
||||
{
|
||||
mSettings = toCopy.mSettings;
|
||||
}
|
||||
|
||||
~nsClientAuthRememberEntry()
|
||||
{
|
||||
}
|
||||
|
||||
KeyType GetKey() const
|
||||
{
|
||||
return HostWithCertPtr();
|
||||
}
|
||||
|
||||
KeyTypePointer GetKeyPointer() const
|
||||
{
|
||||
return HostWithCertPtr();
|
||||
}
|
||||
|
||||
PRBool KeyEquals(KeyTypePointer aKey) const
|
||||
{
|
||||
return !strcmp(HostWithCertPtr(), aKey);
|
||||
}
|
||||
|
||||
static KeyTypePointer KeyToPointer(KeyType aKey)
|
||||
{
|
||||
return aKey;
|
||||
}
|
||||
|
||||
static PLDHashNumber HashKey(KeyTypePointer aKey)
|
||||
{
|
||||
// PL_DHashStringKey doesn't use the table parameter, so we can safely
|
||||
// pass nsnull
|
||||
return PL_DHashStringKey(nsnull, aKey);
|
||||
}
|
||||
|
||||
enum { ALLOW_MEMMOVE = PR_FALSE };
|
||||
|
||||
// get methods
|
||||
inline const nsCString &HostWithCert() const { return mHostWithCert; }
|
||||
|
||||
inline KeyTypePointer HostWithCertPtr() const
|
||||
{
|
||||
return mHostWithCert.get();
|
||||
}
|
||||
|
||||
nsClientAuthRemember mSettings;
|
||||
nsCString mHostWithCert;
|
||||
};
|
||||
|
||||
class nsClientAuthRememberService : public nsIObserver,
|
||||
public nsSupportsWeakReference
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSIOBSERVER
|
||||
|
||||
nsClientAuthRememberService();
|
||||
~nsClientAuthRememberService();
|
||||
|
||||
nsresult Init();
|
||||
|
||||
static void GetHostWithCert(const nsACString & aHostName,
|
||||
const nsACString & nickname, nsACString& _retval);
|
||||
|
||||
nsresult RememberDecision(const nsACString & aHostName,
|
||||
CERTCertificate *aServerCert, CERTCertificate *aClientCert);
|
||||
nsresult HasRememberedDecision(const nsACString & aHostName,
|
||||
CERTCertificate *aCert, nsACString & aClientNickname, PRBool *_retval);
|
||||
|
||||
void ClearRememberedDecisions();
|
||||
|
||||
protected:
|
||||
PRMonitor *monitor;
|
||||
nsTHashtable<nsClientAuthRememberEntry> mSettingsTable;
|
||||
|
||||
void RemoveAllFromMemory();
|
||||
nsresult AddEntryToList(const nsACString &host,
|
||||
const nsACString &server_fingerprint,
|
||||
const nsACString &client_nickname);
|
||||
};
|
||||
|
||||
#endif
|
|
@ -296,10 +296,7 @@ nsNSSComponent::nsNSSComponent()
|
|||
memset(&mIdentityInfoCallOnce, 0, sizeof(PRCallOnceType));
|
||||
|
||||
nsSSLIOLayerHelpers::Init();
|
||||
mClientAuthRememberService = new nsClientAuthRememberService;
|
||||
if (mClientAuthRememberService)
|
||||
mClientAuthRememberService->Init();
|
||||
|
||||
|
||||
NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
|
||||
++mInstanceCount;
|
||||
hashTableCerts = nsnull;
|
||||
|
@ -1686,9 +1683,6 @@ nsNSSComponent::ShutdownNSS()
|
|||
|
||||
ShutdownSmartCardThreads();
|
||||
SSL_ClearSessionCache();
|
||||
if (mClientAuthRememberService) {
|
||||
mClientAuthRememberService->ClearRememberedDecisions();
|
||||
}
|
||||
UnloadLoadableRoots();
|
||||
CleanupIdentityInfo();
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("evaporating psm resources\n"));
|
||||
|
@ -2147,9 +2141,6 @@ void nsNSSComponent::ShowAlert(AlertIdentifier ai)
|
|||
|
||||
nsresult nsNSSComponent::LogoutAuthenticatedPK11()
|
||||
{
|
||||
if (mClientAuthRememberService) {
|
||||
mClientAuthRememberService->ClearRememberedDecisions();
|
||||
}
|
||||
return mShutdownObjectList->doPK11Logout();
|
||||
}
|
||||
|
||||
|
@ -2410,14 +2401,6 @@ nsNSSComponent::DoProfileChangeNetRestore()
|
|||
mIsNetworkDown = PR_FALSE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSComponent::GetClientAuthRememberService(nsClientAuthRememberService **cars)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(cars);
|
||||
NS_IF_ADDREF(*cars = mClientAuthRememberService);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
//---------------------------------------------
|
||||
// Implementing nsICryptoHash
|
||||
//---------------------------------------------
|
||||
|
@ -3187,3 +3170,4 @@ PSMContentListener::SetParentContentListener(nsIURIContentListener * aContentLis
|
|||
mParentContentListener = aContentListener;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -69,7 +69,6 @@
|
|||
#include "nsNSSCallbacks.h"
|
||||
|
||||
#include "nsNSSHelper.h"
|
||||
#include "nsClientAuthRemember.h"
|
||||
|
||||
#define NS_NSSCOMPONENT_CID \
|
||||
{0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
|
||||
|
@ -172,8 +171,6 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
|
|||
|
||||
NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0;
|
||||
|
||||
NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars) = 0;
|
||||
|
||||
NS_IMETHOD EnsureIdentityInfoLoaded() = 0;
|
||||
};
|
||||
|
||||
|
@ -262,7 +259,6 @@ public:
|
|||
NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
|
||||
NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
|
||||
NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
|
||||
NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars);
|
||||
NS_IMETHOD EnsureIdentityInfoLoaded();
|
||||
|
||||
private:
|
||||
|
@ -328,7 +324,6 @@ private:
|
|||
nsSSLThread *mSSLThread;
|
||||
nsCertVerificationThread *mCertVerificationThread;
|
||||
nsNSSHttpInterface mHttpForNSS;
|
||||
nsRefPtr<nsClientAuthRememberService> mClientAuthRememberService;
|
||||
|
||||
static PRStatus PR_CALLBACK IdentityInfoInit(void);
|
||||
PRCallOnceType mIdentityInfoCallOnce;
|
||||
|
|
|
@ -58,7 +58,6 @@
|
|||
#include "nsIDateTimeFormat.h"
|
||||
#include "nsDateTimeFormatCID.h"
|
||||
#include "nsIClientAuthDialogs.h"
|
||||
#include "nsClientAuthRemember.h"
|
||||
#include "nsICertOverrideService.h"
|
||||
#include "nsIBadCertListener2.h"
|
||||
#include "nsISSLErrorListener.h"
|
||||
|
@ -239,7 +238,7 @@ void nsNSSSocketInfo::virtualDestroyNSSReference()
|
|||
{
|
||||
}
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSSocketInfo,
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS8(nsNSSSocketInfo,
|
||||
nsITransportSecurityInfo,
|
||||
nsISSLSocketControl,
|
||||
nsIInterfaceRequestor,
|
||||
|
@ -247,8 +246,7 @@ NS_IMPL_THREADSAFE_ISUPPORTS9(nsNSSSocketInfo,
|
|||
nsIIdentityInfo,
|
||||
nsIAssociatedContentSecurity,
|
||||
nsISerializable,
|
||||
nsIClassInfo,
|
||||
nsIClientAuthUserDecision)
|
||||
nsIClassInfo)
|
||||
|
||||
nsresult
|
||||
nsNSSSocketInfo::GetHandshakePending(PRBool *aHandshakePending)
|
||||
|
@ -302,19 +300,6 @@ PRBool nsNSSSocketInfo::GetCanceled()
|
|||
return mCanceled;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP nsNSSSocketInfo::GetRememberClientAuthCertificate(PRBool *aRememberClientAuthCertificate)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(aRememberClientAuthCertificate);
|
||||
*aRememberClientAuthCertificate = mRememberClientAuthCertificate;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP nsNSSSocketInfo::SetRememberClientAuthCertificate(PRBool aRememberClientAuthCertificate)
|
||||
{
|
||||
mRememberClientAuthCertificate = aRememberClientAuthCertificate;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void nsNSSSocketInfo::SetHasCleartextPhase(PRBool aHasCleartextPhase)
|
||||
{
|
||||
mHasCleartextPhase = aHasCleartextPhase;
|
||||
|
@ -2501,10 +2486,12 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
nsNSSShutDownPreventionLock locker;
|
||||
void* wincx = NULL;
|
||||
SECStatus ret = SECFailure;
|
||||
nsresult rv;
|
||||
nsNSSSocketInfo* info = NULL;
|
||||
PRArenaPool* arena = NULL;
|
||||
char** caNameStrings;
|
||||
CERTCertificate* cert = NULL;
|
||||
CERTCertificate* serverCert = NULL;
|
||||
SECKEYPrivateKey* privKey = NULL;
|
||||
CERTCertList* certList = NULL;
|
||||
CERTCertListNode* node;
|
||||
|
@ -2628,57 +2615,13 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
goto noCert;
|
||||
}
|
||||
}
|
||||
else { // Not Auto => ask
|
||||
/* Get the SSL Certificate */
|
||||
CERTCertificate* serverCert = NULL;
|
||||
CERTCertificateCleaner serverCertCleaner(serverCert);
|
||||
serverCert = SSL_PeerCertificate(socket);
|
||||
if (serverCert == NULL) {
|
||||
/* couldn't get the server cert: what do I do? */
|
||||
goto loser;
|
||||
}
|
||||
|
||||
nsXPIDLCString hostname;
|
||||
info->GetHostName(getter_Copies(hostname));
|
||||
|
||||
nsresult rv;
|
||||
NS_DEFINE_CID(nssComponentCID, NS_NSSCOMPONENT_CID);
|
||||
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(nssComponentCID, &rv));
|
||||
nsRefPtr<nsClientAuthRememberService> cars;
|
||||
if (nssComponent) {
|
||||
nssComponent->GetClientAuthRememberService(getter_AddRefs(cars));
|
||||
}
|
||||
|
||||
PRBool hasRemembered = PR_FALSE;
|
||||
nsCString rememberedNickname;
|
||||
if (cars) {
|
||||
PRBool found;
|
||||
nsresult rv = cars->HasRememberedDecision(hostname,
|
||||
serverCert,
|
||||
rememberedNickname, &found);
|
||||
if (NS_SUCCEEDED(rv) && found) {
|
||||
hasRemembered = PR_TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
PRBool canceled = PR_FALSE;
|
||||
|
||||
if (hasRemembered)
|
||||
{
|
||||
if (rememberedNickname.IsEmpty())
|
||||
canceled = PR_TRUE;
|
||||
else {
|
||||
char *const_nickname = const_cast<char*>(rememberedNickname.get());
|
||||
cert = CERT_FindCertByNickname(CERT_GetDefaultCertDB(), const_nickname);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* user selects a cert to present */
|
||||
nsIClientAuthDialogs *dialogs = NULL;
|
||||
PRInt32 selectedIndex = -1;
|
||||
PRUnichar **certNicknameList = NULL;
|
||||
PRUnichar **certDetailsList = NULL;
|
||||
PRBool canceled;
|
||||
|
||||
/* find all user certs that are for SSL */
|
||||
/* note that we are allowing expired certs in this list */
|
||||
|
@ -2735,6 +2678,13 @@ else
|
|||
|
||||
NS_ASSERTION(nicknames->numnicknames == NumberOfCerts, "nicknames->numnicknames != NumberOfCerts");
|
||||
|
||||
/* Get the SSL Certificate */
|
||||
serverCert = SSL_PeerCertificate(socket);
|
||||
if (serverCert == NULL) {
|
||||
/* couldn't get the server cert: what do I do? */
|
||||
goto loser;
|
||||
}
|
||||
|
||||
/* Get CN and O of the subject and O of the issuer */
|
||||
char *ccn = CERT_GetCommonName(&serverCert->subject);
|
||||
charCleaner ccnCleaner(ccn);
|
||||
|
@ -2742,6 +2692,8 @@ else
|
|||
|
||||
PRInt32 port;
|
||||
info->GetPort(&port);
|
||||
char *hostname = SSL_RevealURL(socket);
|
||||
charCleaner hostnameCleaner(hostname);
|
||||
|
||||
nsString cn_host_port;
|
||||
if (ccn && strcmp(ccn, hostname) == 0) {
|
||||
|
@ -2765,6 +2717,8 @@ else
|
|||
NS_ConvertUTF8toUTF16 issuer(cissuer);
|
||||
if (cissuer) PORT_Free(cissuer);
|
||||
|
||||
CERT_DestroyCertificate(serverCert);
|
||||
|
||||
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
|
||||
if (!certNicknameList)
|
||||
goto loser;
|
||||
|
@ -2832,12 +2786,9 @@ else
|
|||
|
||||
if (NS_FAILED(rv)) goto loser;
|
||||
|
||||
// even if the user has canceled, we want to remember that, to avoid repeating prompts
|
||||
PRBool wantRemember = PR_FALSE;
|
||||
info->GetRememberClientAuthCertificate(&wantRemember);
|
||||
if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
|
||||
|
||||
int i;
|
||||
if (!canceled)
|
||||
for (i = 0, node = CERT_LIST_HEAD(certList);
|
||||
!CERT_LIST_END(node, certList);
|
||||
++i, node = CERT_LIST_NEXT(node)) {
|
||||
|
@ -2848,15 +2799,6 @@ else
|
|||
}
|
||||
}
|
||||
|
||||
if (cars && wantRemember) {
|
||||
cars->RememberDecision(hostname,
|
||||
serverCert,
|
||||
canceled ? 0 : cert);
|
||||
}
|
||||
}
|
||||
|
||||
if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
|
||||
|
||||
if (cert == NULL) {
|
||||
goto loser;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче