mozilla
/
mozilla-history
зеркало из https://github.com/mozilla/mozilla-history.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Initial check-in of PIP (PSM 2.0) 

Code almost entirely based on contribution
  from Brain Ryner (bryner@netscape.com)
This commit is contained in:
javi%netscape.com 2001-01-10 01:32:29 +00:00
Родитель 35ce2738e0
Коммит 34f0ae7938
16 изменённых файлов: 2575 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

105
security/manager/Makefile.in Normal file
Просмотреть файл

@ -0,0 +1,105 @@
#
# The contents of this file are subject to the Netscape Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/NPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is mozilla.org code.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
# Brian Ryner <bryner@netscape.com>
#
DEPTH = ../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
CORE_DEPTH=$(topsrcdir)/security
include $(CORE_DEPTH)/coreconf/arch.mk
ifeq (,$(filter-out NetBSD,$(OS_TARGET)))
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
else
include $(CORE_DEPTH)/coreconf/$(OS_CONFIG).mk
endif
include $(CORE_DEPTH)/coreconf/prefix.mk
CPU_TAG = _$(CPU_ARCH)
LOADABLE_ROOT_MODULE = $(DLL_PREFIX)nssckbi$(DLL_SUFFIX)
CORECONF_OBJDIR=$(OBJDIR_NAME)
include $(DEPTH)/config/autoconf.mk
ifndef MOZ_DEBUG
OPT_GMAKE_FLAGS = BUILD_OPT=1
BUILD_OPT=1
OBJDIR_TAG=_OPT
endif
DEFAULT_GMAKE_FLAGS = -f Makefile $(OPT_GMAKE_FLAGS)
CORECONF_INSTALL = $(DIST)/$(CORECONF_OBJDIR)
CORECONF_DIST = $(MOZ_BUILD_ROOT)/dist/$(CORECONF_OBJDIR)
DEFAULT_GMAKE_FLAGS += DIST=$(CORECONF_DIST)
DEFAULT_GMAKE_FLAGS += SOURCE_LIB_DIR=$(CORECONF_DIST)/lib
DEFAULT_GMAKE_FLAGS += SOURCE_BIN_DIR=$(CORECONF_DIST)/bin
DEFAULT_GMAKE_FLAGS += SOURCE_XP_DIR=$(CORECONF_DIST)
DIRS = ssl
include $(topsrcdir)/config/rules.mk
ABS_topsrcdir := $(shell cd $(topsrcdir); pwd)
export::
ifneq ($(ABS_topsrcdir),$(MOZ_BUILD_ROOT))
if test ! -d $(MOZ_BUILD_ROOT)/security/nss; then \
cp -r $(topsrcdir)/security/nss $(MOZ_BUILD_ROOT)/security; \
fi;
if test ! -d $(MOZ_BUILD_ROOT)/security/coreconf; then \
cp -r $(topsrcdir)/security/coreconf $(MOZ_BUILD_ROOT)/security; \
fi;
endif
cd $(MOZ_BUILD_ROOT)/security/coreconf; gmake $(DEFAULT_GMAKE_FLAGS)
cd $(MOZ_BUILD_ROOT)/security/nss; gmake $(DEFAULT_GMAKE_FLAGS) moz_import
cd $(MOZ_BUILD_ROOT)/security/nss/lib; gmake $(DEFAULT_GMAKE_FLAGS)
$(INSTALL) -m 755 $(CORECONF_INSTALL)/lib/$(LOADABLE_ROOT_MODULE) $(DIST)/bin
clean clobber clobber_all realclean distclean::
ifeq ($(ABS_topsrcdir),$(MOZ_BUILD_ROOT))
cd $(MOZ_BUILD_ROOT)/security/coreconf; gmake $(DEFAULT_GMAKE_FLAGS) clean
cd $(MOZ_BUILD_ROOT)/security/nss; gmake $(DEFAULT_GMAKE_FLAGS) clean
cd $(MOZ_BUILD_ROOT)/security/psm/ui; gmake $(DEFAULT_GMAKE_FLAGS) clean
cd $(MOZ_BUILD_ROOT)/security/psm/server; gmake $(DEFAULT_GMAKE_FLAGS) clean
else
if test -d $(MOZ_BUILD_ROOT)/security/nss; then \
rm -rf $(MOZ_BUILD_ROOT)/security/nss; \
fi;
if test -d $(MOZ_BUILD_ROOT)/security/coreconf; then \
rm -rf $(MOZ_BUILD_ROOT)/security/coreconf; \
fi;
if test -d $(MOZ_BUILD_ROOT)/security/psm/server; then \
rm -rf $(MOZ_BUILD_ROOT)/security/psm/server; \
fi;
if test -d $(MOZ_BUILD_ROOT)/security/psm/ui; then \
rm -rf $(MOZ_BUILD_ROOT)/security/psm/ui; \
fi;
if test -d $(MOZ_BUILD_ROOT)/security/psm/doc; then \
rm -rf $(MOZ_BUILD_ROOT)/security/psm/doc; \
fi;
if test -d $(MOZ_BUILD_ROOT)/dist/$(CORECONF_OBJDIR); then \
rm -rf $(MOZ_BUILD_ROOT)/dist/$(CORECONF_OBJDIR); \
fi;
endif

30
security/manager/ssl/Makefile.in Normal file
Просмотреть файл

@ -0,0 +1,30 @@
#
# The contents of this file are subject to the Netscape Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/NPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is mozilla.org code.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
# Brian Ryner <bryner@netscape.com>
#
DEPTH = ../../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
DIRS = src
include $(topsrcdir)/config/rules.mk

110
security/manager/ssl/src/Makefile.in Normal file
Просмотреть файл

@ -0,0 +1,110 @@
#! gmake
#
# The contents of this file are subject to the Mozilla Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is the Netscape security libraries.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1994-2000 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
# Alternatively, the contents of this file may be used under the
# terms of the GNU General Public License Version 2 or later (the
# "GPL"), in which case the provisions of the GPL are applicable
# instead of those above. If you wish to allow use of your
# version of this file only under the terms of the GPL and not to
# allow others to use your version of this file under the MPL,
# indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by
# the GPL. If you do not delete the provisions above, a recipient
# may use your version of this file under either the MPL or the
# GPL.
#
DEPTH = ../../../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
CORE_DEPTH=$(topsrcdir)/security
include $(CORE_DEPTH)/coreconf/arch.mk
ifeq (,$(filter-out NetBSD,$(OS_TARGET)))
include $(CORE_DEPTH)/coreconf/$(OS_TARGET).mk
else
include $(CORE_DEPTH)/coreconf/$(OS_CONFIG).mk
endif
include $(CORE_DEPTH)/coreconf/prefix.mk
CPU_TAG = _$(CPU_ARCH)
CORECONF_OBJDIR=$(OBJDIR_NAME)
include $(DEPTH)/config/autoconf.mk
ifndef MOZ_DEBUG
OBJDIR_TAG=_OPT
endif
CORECONF_DIST=$(DIST)/$(CORECONF_OBJDIR)
MODULE = pipnss
LIBRARY_NAME = pipnss
IS_COMPONENT = 1
EXPORTS = \
$(NULL)
CPPSRCS = \
nsNSSCallbacks.cpp \
nsNSSComponent.cpp \
nsNSSIOLayer.cpp \
nsNSSModule.cpp \
nsSSLSocketProvider.cpp \
nsSecureBrowserUIImpl.cpp \
nsTLSSocketProvider.cpp \
$(NULL)
REQUIRES = nspr security
include $(topsrcdir)/config/rules.mk
INCLUDES += \
-I$(CORECONF_DIST)/public/security \
$(NULL)
EXTRA_DSO_LDOPTS = \
$(MOZ_COMPONENT_LIBS) \
$(NULL)
EXTRA_LIBS += \
$(CORECONF_DIST)/lib/libssl.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libnss.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libssl.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libpkcs7.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libcerthi.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libpk11wrap.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libcryptohi.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libcerthi.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libpk11wrap.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libsoftoken.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libcertdb.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libswfci.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libfreebl.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libsecutil.$(LIB_SUFFIX) \
$(CORECONF_DIST)/lib/libdbm.$(LIB_SUFFIX) \
$(NULL)
OUR_CC = $(shell which $(CCC))
libs::
echo We used c++ at $(OUR_CC)

32
security/manager/ssl/src/nsNSSCallbacks.cpp Normal file
Просмотреть файл

@ -0,0 +1,32 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#include "nsNSSCallbacks.h"
char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
return NULL;
}

34
security/manager/ssl/src/nsNSSCallbacks.h Normal file
Просмотреть файл

@ -0,0 +1,34 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#ifndef _NSNSSCALLBACKS_H_
#define _NSNSSCALLBACKS_H_
#include "pk11func.h"
#include "nspr.h"
char* PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
#endif

343
security/manager/ssl/src/nsNSSComponent.cpp Normal file
Просмотреть файл

@ -0,0 +1,343 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Mitch Stoltz <mstoltz@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#include "nsProxiedService.h"
#include "VerReg.h"
#include "nspr.h"
#include "nsNSSComponent.h"
#include "nsNSSCallbacks.h"
#include "nsCRT.h"
#include "nsNetUtil.h"
#include "nsIURI.h"
#include "nsIChannel.h"
#include "nsIInputStream.h"
#include "nsIStreamListener.h"
#include "nsIPref.h"
#include "nsIProfile.h"
#include "nsILocalFile.h"
#include "nsAppDirectoryServiceDefs.h"
#include "nsDirectoryService.h"
#include "nss.h"
#include "pk11func.h"
#include "ssl.h"
#include "sslproto.h"
#include "nsISecureBrowserUI.h"
#include "nsIDocumentLoaderObserver.h"
#include "nsIScriptSecurityManager.h"
#include "nsICertificatePrincipal.h"
#include "nsIProtocolProxyService.h"
//#define DEBUG_SSL
static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
static NS_DEFINE_CID(kProfileCID, NS_PROFILE_CID);
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
static NS_DEFINE_CID(kProtocolProxyServiceCID, NS_PROTOCOLPROXYSERVICE_CID);
nsNSSComponent* nsNSSComponent::mInstance = nsnull;
nsNSSComponent::nsNSSComponent()
{
NS_INIT_REFCNT();
}
nsNSSComponent::~nsNSSComponent()
{
}
NS_IMETHODIMP
nsNSSComponent::CreateNSSComponent(nsISupports* aOuter, REFNSIID aIID,
void **aResult)
{
if (!aResult) {
return NS_ERROR_INVALID_POINTER;
}
if (aOuter) {
*aResult = nsnull;
return NS_ERROR_NO_AGGREGATION;
}
if (mInstance == nsnull) {
mInstance = new nsNSSComponent();
}
if (mInstance == nsnull)
return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = mInstance->QueryInterface(aIID, aResult);
if (NS_FAILED(rv)) {
*aResult = nsnull;
return rv;
}
#ifdef DEBUG_SSL
printf("NSS: **** Beginning NSS initialization\n");
#endif
nsXPIDLCString profileStr;
nsCOMPtr<nsIFile> profilePath;
rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
getter_AddRefs(profilePath));
if (NS_FAILED(rv)) {
printf("NSS: Unable to get profile directory\n");
return rv;
}
rv = profilePath->GetPath(getter_Copies(profileStr));
if (NS_FAILED(rv)) return rv;
PK11_SetPasswordFunc(PK11PasswordPrompt);
NSS_InitReadWrite(profileStr);
NSS_SetDomesticPolicy();
// SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
SSL_EnableDefault(SSL_ENABLE_SSL2, PR_TRUE);
SSL_EnableDefault(SSL_ENABLE_SSL3, PR_TRUE);
SSL_EnableDefault(SSL_ENABLE_TLS, PR_TRUE);
#ifdef DEBUG_SSL
printf("NSS: NSS Initialized\n");
#endif
return rv;
}
/* nsISupports Implementation for the class */
NS_IMPL_THREADSAFE_ISUPPORTS3(nsNSSComponent,
nsISecurityManagerComponent,
nsIContentHandler,
nsISignatureVerifier);
#define INIT_NUM_PREFS 100
/* preference types */
#define STRING_PREF 0
#define BOOL_PREF 1
#define INT_PREF 2
NS_IMETHODIMP
nsNSSComponent::DisplaySecurityAdvisor()
{
return NS_ERROR_FAILURE; // not implemented
}
class CertDownloader : public nsIStreamListener
{
public:
CertDownloader() {NS_ASSERTION(PR_FALSE, "don't use this constructor."); }
CertDownloader(PRInt32 type);
virtual ~CertDownloader();
NS_DECL_ISUPPORTS
NS_DECL_NSISTREAMOBSERVER
NS_DECL_NSISTREAMLISTENER
protected:
char* mByteData;
PRInt32 mBufferOffset;
PRInt32 mContentLength;
PRInt32 mType;
};
CertDownloader::CertDownloader(PRInt32 type)
{
NS_INIT_REFCNT();
mByteData = nsnull;
mType = type;
}
CertDownloader::~CertDownloader()
{
if (mByteData)
nsMemory::Free(mByteData);
}
NS_IMPL_ISUPPORTS(CertDownloader,NS_GET_IID(nsIStreamListener));
NS_IMETHODIMP
CertDownloader::OnStartRequest(nsIChannel* channel, nsISupports* context)
{
channel->GetContentLength(&mContentLength);
if (mContentLength == -1)
return NS_ERROR_FAILURE;
mBufferOffset = 0;
mByteData = (char*) nsMemory::Alloc(mContentLength);
if (!mByteData)
return NS_ERROR_OUT_OF_MEMORY;
return NS_OK;
}
NS_IMETHODIMP
CertDownloader::OnDataAvailable(nsIChannel* channel,
nsISupports* context,
nsIInputStream *aIStream,
PRUint32 aSourceOffset,
PRUint32 aLength)
{
if (!mByteData)
return NS_ERROR_OUT_OF_MEMORY;
PRUint32 amt;
nsresult err;
do {
err = aIStream->Read(mByteData+mBufferOffset,
mContentLength-mBufferOffset, &amt);
if (amt == 0) break;
if (NS_FAILED(err)) return err;
aLength -= amt;
mBufferOffset += amt;
} while (aLength > 0);
return NS_OK;
}
NS_IMETHODIMP
CertDownloader::OnStopRequest(nsIChannel* channel,
nsISupports* context,
nsresult aStatus,
const PRUnichar* aMsg)
{
return NS_OK;
}
/* other mime types that we should handle sometime:
application/x-pkcs7-crl
application/x-pkcs7-mime
application/pkcs7-signature
application/pre-encrypted
*/
NS_IMETHODIMP
nsNSSComponent::HandleContent(const char * aContentType,
const char * aCommand,
const char * aWindowTarget,
nsISupports* aWindowContext,
nsIChannel * aChannel)
{
// We were called via CI. We better protect ourselves and addref.
NS_ADDREF_THIS();
nsresult rv = NS_OK;
if (!aChannel) return NS_ERROR_NULL_POINTER;
PRUint32 type = (PRUint32) -1;
if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
type = 1; //CA cert
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
type = 2; //Server cert
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
type = 3; //User cert
else if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
type = 4; //Someone else's email cert
if (type != (PRUint32) -1) {
// I can't directly open the passed channel cause it fails :-(
nsCOMPtr<nsIURI> uri;
rv = aChannel->GetURI(getter_AddRefs(uri));
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIChannel> channel;
rv = NS_OpenURI(getter_AddRefs(channel), uri);
if (NS_FAILED(rv)) return rv;
return channel->AsyncRead(new CertDownloader(type),
NS_STATIC_CAST(nsISecurityManagerComponent*,this));
}
return NS_ERROR_NOT_IMPLEMENTED;
}
//---------------------------------------------
// Functions Implenenting NSISignatureVerifier
//---------------------------------------------
NS_IMETHODIMP
nsNSSComponent::HashBegin(PRUint32 alg, PRUint32* id)
{
return NS_OK; /* not sure what the implications of this are */
}
NS_IMETHODIMP
nsNSSComponent::HashUpdate(PRUint32 id, const char* buf, PRUint32 buflen)
{
return NS_OK; /* not sure what the implications of this are */
}
NS_IMETHODIMP
nsNSSComponent::HashEnd(PRUint32 id, unsigned char** hash,
PRUint32* hashLen, PRUint32 maxLen)
{
return NS_OK; /* not sure what the implications of this are */
}
NS_IMETHODIMP
nsNSSComponent::CreatePrincipalFromSignature(const char* aRSABuf,
PRUint32 aRSABufLen,
nsIPrincipal** aPrincipal)
{
PRInt32 errorCode;
return VerifySignature(aRSABuf, aRSABufLen, nsnull, 0, &errorCode,
aPrincipal);
}
NS_IMETHODIMP
nsNSSComponent::GetPassword(char **aRet)
{
// We currently don't use a password
*aRet = nsnull;
return NS_OK;
}
NS_IMETHODIMP
nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
const char* aPlaintext, PRUint32 aPlaintextLen,
PRInt32* aErrorCode,
nsIPrincipal** aPrincipal)
{
return NS_OK;
}

63
security/manager/ssl/src/nsNSSComponent.h Normal file
Просмотреть файл

@ -0,0 +1,63 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#include "nscore.h"
//#include "nsINSSComponent.h"
#include "nsISecurityManagerComponent.h"
#include "nsISignatureVerifier.h"
#include "nsIStringBundle.h"
#include "nsIContentHandler.h"
#define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties"
#define NS_NSSCOMPONENT_CID \
{0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
// Implementation of the PSM component interface.
class nsNSSComponent : public nsISecurityManagerComponent,
public nsIContentHandler,
public nsISignatureVerifier
{
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_NSSCOMPONENT_CID);
nsNSSComponent();
virtual ~nsNSSComponent();
NS_DECL_ISUPPORTS
NS_DECL_NSISECURITYMANAGERCOMPONENT
// NS_DECL_NSINSSCOMPONENT
NS_DECL_NSICONTENTHANDLER
NS_DECL_NSISIGNATUREVERIFIER
static NS_METHOD CreateNSSComponent(nsISupports* aOuter, REFNSIID aIID,
void **aResult);
private:
nsCOMPtr<nsISupports> mSecureBrowserUI;
static nsNSSComponent* mInstance;
};

411
security/manager/ssl/src/nsNSSIOLayer.cpp Normal file
Просмотреть файл

@ -0,0 +1,411 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#include "nspr.h"
#include "nsString.h"
#include "nsISecurityManagerComponent.h"
#include "nsISecureSocketInfo.h"
#include "nsIServiceManager.h"
#include "nsNSSIOLayer.h"
#include "ssl.h"
//#define DEBUG_SSL
//#define DEBUG_SSL_VERBOSE
static nsISecurityManagerComponent* gNSSService = nsnull;
static PRBool firstTime = PR_TRUE;
static PRDescIdentity nsSSLIOLayerIdentity;
static PRIOMethods nsSSLIOLayerMethods;
class nsNSSSocketInfo : public nsISecureSocketInfo
{
public:
nsNSSSocketInfo();
virtual ~nsNSSSocketInfo();
NS_DECL_ISUPPORTS
NS_DECL_NSISECURESOCKETINFO
nsresult SetHostName(const char *aHostName);
nsresult SetProxyName(const char *aName);
nsresult SetHostPort(PRInt32 aPort);
nsresult SetProxyPort(PRInt32 aPort);
nsresult SetUseTLS(PRBool useTLS);
nsresult GetUseTLS(PRBool *useTLS);
protected:
nsString mHostName;
PRInt32 mHostPort;
nsString mProxyName;
PRInt32 mProxyPort;
PRBool mForceHandshake;
PRBool mUseTLS;
};
nsNSSSocketInfo::nsNSSSocketInfo()
{
NS_INIT_REFCNT();
mForceHandshake = PR_FALSE;
mUseTLS = PR_FALSE;
}
nsNSSSocketInfo::~nsNSSSocketInfo()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS1(nsNSSSocketInfo, nsISecureSocketInfo)
NS_IMETHODIMP
nsNSSSocketInfo::GetHostName(char * *aHostName)
{
if (mHostName.IsEmpty())
*aHostName = nsnull;
else
*aHostName = mHostName.ToNewCString();
return NS_OK;
}
nsresult
nsNSSSocketInfo::SetHostName(const char *aHostName)
{
mHostName.AssignWithConversion(aHostName);
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetHostPort(PRInt32 *aPort)
{
*aPort = mHostPort;
return NS_OK;
}
nsresult
nsNSSSocketInfo::SetHostPort(PRInt32 aPort)
{
mHostPort = aPort;
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetProxyName(char** aName)
{
if (mProxyName.IsEmpty())
*aName = nsnull;
else
*aName = mProxyName.ToNewCString();
return NS_OK;
}
nsresult
nsNSSSocketInfo::SetProxyName(const char* aName)
{
mProxyName.AssignWithConversion(aName);
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetProxyPort(PRInt32* aPort)
{
*aPort = mProxyPort;
return NS_OK;
}
nsresult
nsNSSSocketInfo::SetProxyPort(PRInt32 aPort)
{
mProxyPort = aPort;
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetForceHandshake(PRBool* forceHandshake)
{
*forceHandshake = mForceHandshake;
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::SetForceHandshake(PRBool forceHandshake)
{
mForceHandshake = forceHandshake;
return NS_OK;
}
nsresult
nsNSSSocketInfo::GetUseTLS(PRBool* aResult)
{
*aResult = mUseTLS;
return NS_OK;
}
nsresult
nsNSSSocketInfo::SetUseTLS(PRBool useTLS)
{
mUseTLS = useTLS;
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::ProxyStepUp()
{
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::TLSStepUp()
{
return NS_OK;
}
static PRStatus PR_CALLBACK
nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
PRIntervalTime timeout)
{
if (!fd || !addr)
return PR_FAILURE;
PRStatus status = PR_SUCCESS;
// Due to limitations in NSPR 4.0, we must execute this entire connect
// as a blocking operation.
PRSocketOptionData sockopt;
sockopt.option = PR_SockOpt_Nonblocking;
PR_GetSocketOption(fd, &sockopt);
PRBool nonblock = sockopt.value.non_blocking;
sockopt.option = PR_SockOpt_Nonblocking;
sockopt.value.non_blocking = PR_FALSE;
PR_SetSocketOption(fd, &sockopt);
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->secret;
status = fd->lower->methods->connect(fd->lower, addr,
PR_INTERVAL_NO_TIMEOUT);
if (status != PR_SUCCESS) {
printf("NSS: [%p] lower layer connect error: %d\n", (void*)fd,
PR_GetError());
goto loser;
}
PRBool forceHandshake, useTLS;
infoObject->GetForceHandshake(&forceHandshake);
infoObject->GetUseTLS(&useTLS);
#ifdef DEBUG_SSL
printf("NSS: [%p] Connect: forceHandshake = %d, useTLS = %d\n", (void*)fd,
forceHandshake, useTLS);
#endif
if (!useTLS && forceHandshake) {
PRInt32 res = SSL_ForceHandshake(fd);
if (res == -1) {
printf("NSS: [%p] ForceHandshake failure -- error %d\n", (void*)fd,
PR_GetError());
status = PR_FAILURE;
}
}
loser:
sockopt.option = PR_SockOpt_Nonblocking;
sockopt.value.non_blocking = nonblock;
PR_SetSocketOption(fd, &sockopt);
return status;
}
static PRStatus PR_CALLBACK
nsSSLIOLayerClose(PRFileDesc *fd)
{
if (!fd)
return PR_FAILURE;
#ifdef DEBUG_SSL
printf("NSS: [%p] Shutting down socket\n", (void*)fd);
#endif
PRFileDesc* popped = PR_PopIOLayer(fd, PR_TOP_IO_LAYER);
PRStatus status = fd->methods->close(fd);
if (status != PR_SUCCESS) return status;
popped->identity = PR_INVALID_IO_LAYER;
nsNSSSocketInfo *infoObject = (nsNSSSocketInfo*) popped->secret;
NS_RELEASE(infoObject);
return status;
}
static PRInt32 PR_CALLBACK
nsSSLIOLayerRead(PRFileDesc* fd, void* buf, PRInt32 amount)
{
if (!fd || !buf)
return PR_FAILURE;
#ifdef DEBUG_SSL_VERBOSE
PRInt32 bytesRead = fd->lower->methods->read(fd->lower, buf, amount);
printf("NSS: [%p] read %d bytes:\n%s\n", (void*)fd, bytesRead, buf);
return bytesRead;
#else
return fd->lower->methods->read(fd->lower, buf, amount);
#endif
}
static PRInt32 PR_CALLBACK
nsSSLIOLayerWrite(PRFileDesc* fd, const void* buf, PRInt32 amount)
{
if (!fd || !buf)
return PR_FAILURE;
#ifdef DEBUG_SSL_VERBOSE
PRInt32 bytesWritten = fd->lower->methods->write(fd->lower, buf, amount);
printf("NSS: [%p] wrote %d bytes:\n%s\n", (void*)fd, bytesWritten, buf);
return bytesWritten;
#else
return fd->lower->methods->write(fd->lower, buf, amount);
#endif
}
nsresult InitNSSMethods()
{
nsSSLIOLayerIdentity = PR_GetUniqueIdentity("NSS layer");
nsSSLIOLayerMethods = *PR_GetDefaultIOMethods();
nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect;
nsSSLIOLayerMethods.close = nsSSLIOLayerClose;
nsSSLIOLayerMethods.read = nsSSLIOLayerRead;
nsSSLIOLayerMethods.write = nsSSLIOLayerWrite;
nsresult rv;
/* This performs NSS initialization for us */
rv = nsServiceManager::GetService(PSM_COMPONENT_CONTRACTID,
NS_GET_IID(nsISecurityManagerComponent),
(nsISupports**)&gNSSService);
return rv;
}
nsresult
nsSSLIOLayerNewSocket(const char *host,
PRInt32 port,
const char *proxyHost,
PRInt32 proxyPort,
PRFileDesc **fd,
nsISupports** info,
PRBool useTLS)
{
if (firstTime) {
nsresult rv = InitNSSMethods();
if (NS_FAILED(rv)) return rv;
firstTime = PR_FALSE;
}
PRFileDesc* sock = PR_OpenTCPSocket(PR_AF_INET6);
if (!sock) return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = nsSSLIOLayerAddToSocket(host, port, proxyHost, proxyPort,
sock, info, useTLS);
if (NS_FAILED(rv)) {
PR_Close(sock);
return rv;
}
*fd = sock;
return NS_OK;
}
nsresult
nsSSLIOLayerAddToSocket(const char* host,
PRInt32 port,
const char* proxyHost,
PRInt32 proxyPort,
PRFileDesc* fd,
nsISupports** info,
PRBool useTLS)
{
if (firstTime) {
nsresult rv = InitNSSMethods();
if (NS_FAILED(rv)) return rv;
firstTime = PR_FALSE;
}
PRFileDesc* sslSock = SSL_ImportFD(NULL, fd);
if (!sslSock) {
NS_ASSERTION(PR_FALSE, "NSS: Error importing socket");
return NS_ERROR_FAILURE;
}
SSL_SetPKCS11PinArg(sslSock, NULL);
PRInt32 ret = SSL_SetURL(sslSock, host);
if (ret == -1) {
NS_ASSERTION(PR_FALSE, "NSS: Error setting server name");
return NS_ERROR_FAILURE;
}
nsNSSSocketInfo* infoObject = new nsNSSSocketInfo();
if (!infoObject) return NS_ERROR_FAILURE;
NS_ADDREF(infoObject);
infoObject->SetHostName(host);
infoObject->SetHostPort(port);
infoObject->SetProxyName(proxyHost);
infoObject->SetProxyPort(proxyPort);
infoObject->SetUseTLS(useTLS);
/* Now, layer ourselves on top of the SSL socket... */
PRFileDesc* layer = PR_CreateIOLayerStub(nsSSLIOLayerIdentity,
&nsSSLIOLayerMethods);
if (!layer)
return NS_ERROR_FAILURE;
layer->secret = (PRFilePrivate*) infoObject;
nsresult rv = PR_PushIOLayer(sslSock, PR_GetLayersIdentity(sslSock), layer);
if (NS_FAILED(rv)) {
NS_RELEASE(infoObject);
PR_DELETE(layer);
return NS_ERROR_FAILURE;
}
#ifdef DEBUG_SSL
printf("NSS: [%p] Socket set up\n", (void*)sslSock);
#endif
*info = infoObject;
NS_ADDREF(*info);
return NS_OK;
}

45
security/manager/ssl/src/nsNSSIOLayer.h Normal file
Просмотреть файл

@ -0,0 +1,45 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#ifndef _NSNSSIOLAYER_H
#define _NSNSSIOLAYER_H
#include "prtypes.h"
#include "prio.h"
nsresult nsSSLIOLayerNewSocket(const char *host,
PRInt32 port,
const char *proxyHost,
PRInt32 proxyPort,
PRFileDesc **fd,
nsISupports **securityInfo,
PRBool useTLS);
nsresult nsSSLIOLayerAddToSocket(const char *host,
PRInt32 port,
const char *proxyHost,
PRInt32 proxyPort,
PRFileDesc *fd,
nsISupports **securityInfo,
PRBool useTLS);
#endif /* _NSNSSIOLAYER_H */

160
security/manager/ssl/src/nsNSSModule.cpp Normal file
Просмотреть файл

@ -0,0 +1,160 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#include "nsIModule.h"
#include "nsIGenericFactory.h"
//#include "nsPSMUICallbacks.h"
#include "nsNSSComponent.h"
#include "nsISecureBrowserUI.h"
#include "nsSecureBrowserUIImpl.h"
#include "nsSSLSocketProvider.h"
#include "nsTLSSocketProvider.h"
//#include "nsSDR.h"
//#include "nsFSDR.h"
//#include "nsCrypto.h"
//#include "nsKeygenHandler.h"
//For the NS_CRYPTO_CONTRACTID define
#include "nsDOMCID.h"
#include "nsCURILoader.h"
#include "nsISupportsUtils.h"
// Define SDR object constructor
//static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
//static NS_DEFINE_IID(kFormProcessorCID, NS_IFORMPROCESSOR_CID);
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecretDecoderRing, init)
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsFSecretDecoderRing, init)
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCrypto, init)
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsPkcs11, init)
static nsModuleComponentInfo components[] =
{
{
PSM_COMPONENT_CLASSNAME,
NS_NSSCOMPONENT_CID,
PSM_COMPONENT_CONTRACTID,
nsNSSComponent::CreateNSSComponent
},
{
"NSS Content Handler - application/x-x509-ca-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-ca-cert",
nsNSSComponent::CreateNSSComponent
},
{
"NSS Content Handler - application/x-x509-server-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-server-cert",
nsNSSComponent::CreateNSSComponent
},
{
"NSS Content Handler - application/x-x509-user-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-user-cert",
nsNSSComponent::CreateNSSComponent
},
{
"NSS Content Handler - application/x-x509-email-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-email-cert",
nsNSSComponent::CreateNSSComponent
},
{
NS_SECURE_BROWSER_UI_CLASSNAME,
NS_SECURE_BROWSER_UI_CID,
NS_SECURE_BROWSER_UI_CONTRACTID,
nsSecureBrowserUIImpl::Create
},
{
NS_SECURE_BROWSER_DOCOBSERVER_CLASSNAME,
NS_SECURE_BROWSER_DOCOBSERVER_CID,
NS_SECURE_BROWSER_DOCOBSERVER_CONTRACTID,
nsSecureBrowserUIImpl::Create
},
{
NS_ISSLSOCKETPROVIDER_CLASSNAME,
NS_SSLSOCKETPROVIDER_CID,
NS_ISSLSOCKETPROVIDER_CONTRACTID,
nsSSLSocketProvider::Create
},
{
NS_TLSSOCKETPROVIDER_CLASSNAME,
NS_TLSSOCKETPROVIDER_CID,
NS_TLSSOCKETPROVIDER_CONTRACTID,
nsTLSSocketProvider::Create
},
{
NS_ISSLFHSOCKETPROVIDER_CLASSNAME,
NS_SSLSOCKETPROVIDER_CID,
NS_ISSLFHSOCKETPROVIDER_CONTRACTID,
nsSSLSocketProvider::Create
},
#if 0
{
NS_SDR_CLASSNAME,
NS_SDR_CID,
NS_SDR_CONTRACTID,
nsSecretDecoderRingConstructor
},
{
NS_FSDR_CLASSNAME,
NS_FSDR_CID,
NS_FSDR_CONTRACTID,
nsFSecretDecoderRingConstructor
},
{
NS_CRYPTO_CLASSNAME,
NS_CRYPTO_CID,
NS_CRYPTO_CONTRACTID,
nsCryptoConstructor
},
{
NS_PKCS11_CLASSNAME,
NS_PKCS11_CID,
NS_PKCS11_CONTRACTID,
nsPkcs11Constructor
}
#endif
};
NS_IMPL_NSGETMODULE("NSS", components);

113
security/manager/ssl/src/nsSSLSocketProvider.cpp Normal file
Просмотреть файл

@ -0,0 +1,113 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsSSLSocketProvider.h"
#include "nsNSSIOLayer.h"
nsSSLSocketProvider::nsSSLSocketProvider()
{
NS_INIT_REFCNT();
}
nsresult
nsSSLSocketProvider::Init()
{
nsresult rv = NS_OK;
return rv;
}
nsSSLSocketProvider::~nsSSLSocketProvider()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS2(nsSSLSocketProvider, nsISocketProvider,
nsISSLSocketProvider);
NS_METHOD
nsSSLSocketProvider::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult)
{
nsresult rv;
nsSSLSocketProvider* inst;
if (!aResult) {
rv = NS_ERROR_NULL_POINTER;
return rv;
}
*aResult = nsnull;
if (aOuter) {
rv = NS_ERROR_NO_AGGREGATION;
return rv;
}
NS_NEWXPCOM(inst, nsSSLSocketProvider);
if (!inst) {
rv = NS_ERROR_OUT_OF_MEMORY;
return rv;
}
NS_ADDREF(inst);
rv = inst->QueryInterface(aIID, aResult);
NS_RELEASE(inst);
return rv;
}
NS_IMETHODIMP
nsSSLSocketProvider::NewSocket(const char *host,
PRInt32 port,
const char *proxyHost,
PRInt32 proxyPort,
PRFileDesc **_result,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerNewSocket(host,
port,
proxyHost,
proxyPort,
_result,
securityInfo,
PR_FALSE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}
// Add the SSL IO layer to an existing socket
NS_IMETHODIMP
nsSSLSocketProvider::AddToSocket(const char *host,
PRInt32 port,
const char *proxyHost,
PRInt32 proxyPort,
PRFileDesc *aSocket,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerAddToSocket(host,
port,
proxyHost,
proxyPort,
aSocket,
securityInfo,
PR_FALSE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}

52
security/manager/ssl/src/nsSSLSocketProvider.h Normal file
Просмотреть файл

@ -0,0 +1,52 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#ifndef _NSSSLSOCKETPROVIDER_H_
#define _NSSSLSOCKETPROVIDER_H_
#include "nsISSLSocketProvider.h"
/* 217d014a-1dd2-11b2-999c-b0c4df79b324 */
#define NS_SSLSOCKETPROVIDER_CID \
{ 0x217d014a, 0x1dd2, 0x11b2, {0x99, 0x9c, 0xb0, 0xc4, 0xdf, 0x79, 0xb3, 0x24}}
class nsSSLSocketProvider : public nsISSLSocketProvider
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSISOCKETPROVIDER
NS_DECL_NSISSLSOCKETPROVIDER
// nsSSLSocketProvider methods:
nsSSLSocketProvider();
virtual ~nsSSLSocketProvider();
static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
nsresult Init();
protected:
};
#endif /* _NSSSLSOCKETPROVIDER_H_ */

799
security/manager/ssl/src/nsSecureBrowserUIImpl.cpp Normal file
Просмотреть файл

@ -0,0 +1,799 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Stuart Parmenter <pavlov@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#define FORCE_PR_LOG
#include "nspr.h"
#include "prlog.h"
#include "nsISecureBrowserUI.h"
#include "nsSecureBrowserUIImpl.h"
#include "nsNSSComponent.h"
#include "nsCOMPtr.h"
#include "nsIInterfaceRequestor.h"
#include "nsIServiceManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsIObserverService.h"
#include "nsIDocumentLoader.h"
#include "nsCURILoader.h"
#include "nsIDocShell.h"
#include "nsIDocumentViewer.h"
#include "nsCURILoader.h"
#include "nsIDocument.h"
#include "nsIDOMHTMLDocument.h"
#include "nsIDOMXULDocument.h"
#include "nsIDOMElement.h"
#include "nsIDOMWindowInternal.h"
#include "nsIContent.h"
#include "nsIWebProgress.h"
#include "nsIChannel.h"
#include "nsISecureSocketInfo.h"
#include "nsIURI.h"
#include "prmem.h"
#include "nsISecurityEventSink.h"
#include "nsINetSupportDialogService.h"
#include "nsIPrompt.h"
#include "nsICommonDialogs.h"
#include "nsIPref.h"
#include "nsIFormSubmitObserver.h"
static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
static NS_DEFINE_CID(kCommonDialogsCID, NS_CommonDialog_CID );
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
#define ENTER_SITE_PREF "security.warn_entering_secure"
#define LEAVE_SITE_PREF "security.warn_leaving_secure"
#define MIXEDCONTENT_PREF "security.warn_viewing_mixed"
#define INSECURE_SUBMIT_PREF "security.warn_submit_insecure"
#define CERT_PREFIX_STR "Signed by "
#define CERT_PREFIX_STR_LENGTH 10
#if defined(PR_LOGGING)
//
// Log module for nsSecureBroswerUI logging...
//
// To enable logging (see prlog.h for full details):
//
// set NSPR_LOG_MODULES=nsSecureBroswerUI:5
// set NSPR_LOG_FILE=nspr.log
//
// this enables PR_LOG_DEBUG level information and places all output in
// the file nspr.log
//
PRLogModuleInfo* gSecureDocLog = nsnull;
#endif /* PR_LOGGING */
NS_IMETHODIMP
nsSecureBrowserUIImpl::Create(nsISupports *aOuter, REFNSIID aIID,
void **aResult)
{
nsresult rv;
nsSecureBrowserUIImpl * inst;
if (!aResult) {
rv = NS_ERROR_NULL_POINTER;
return rv;
}
*aResult = NULL;
if (aOuter) {
rv = NS_ERROR_NO_AGGREGATION;
return rv;
}
NS_NEWXPCOM(inst, nsSecureBrowserUIImpl);
if (!inst) {
rv = NS_ERROR_OUT_OF_MEMORY;
return rv;
}
NS_ADDREF(inst);
rv = inst->QueryInterface(aIID, aResult);
NS_RELEASE(inst);
return rv;
}
nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
{
NS_INIT_REFCNT();
#if defined(PR_LOGGING)
if (!gSecureDocLog) {
gSecureDocLog = PR_NewLogModule("nsSecureBrowserUI");
}
#endif /* PR_LOGGING */
mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
mLastPSMStatus = nsnull;
mCurrentURI = nsnull;
mSecurityButton = nsnull;
}
nsSecureBrowserUIImpl::~nsSecureBrowserUIImpl()
{
PR_FREEIF(mLastPSMStatus);
}
NS_IMPL_ISUPPORTS4(nsSecureBrowserUIImpl,
nsSecureBrowserUI,
nsIWebProgressListener,
nsIFormSubmitObserver,
nsIObserver);
NS_IMETHODIMP
nsSecureBrowserUIImpl::Init(nsIDOMWindowInternal *window,
nsIDOMElement *button)
{
mSecurityButton = button;
mWindow = window;
nsresult rv = nsServiceManager::GetService(kPrefCID,
NS_GET_IID(nsIPref),
getter_AddRefs(mPref));
if (NS_FAILED(rv)) return rv;
NS_WITH_SERVICE(nsIStringBundleService, service, kCStringBundleServiceCID,
&rv);
if (NS_FAILED(rv)) return rv;
nsILocale* locale = nsnull;
rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL, locale,
getter_AddRefs(mStringBundle));
if (NS_FAILED(rv)) return rv;
// hook up to the form post notifications:
nsIObserverService *svc = nsnull;
rv = nsServiceManager::GetService(NS_OBSERVERSERVICE_CONTRACTID,
NS_GET_IID(nsIObserverService),
(nsISupports**)&svc);
if (NS_SUCCEEDED(rv) && svc) {
nsString topic; topic.AssignWithConversion(NS_FORMSUBMIT_SUBJECT);
rv = svc->AddObserver(this, topic.GetUnicode());
nsServiceManager::ReleaseService(NS_OBSERVERSERVICE_CONTRACTID, svc);
}
// hook up to the webprogress notifications.
nsCOMPtr<nsIDocShell> docShell;
nsCOMPtr<nsIScriptGlobalObject> sgo = do_QueryInterface(window);
if (!sgo) return NS_ERROR_NULL_POINTER;
sgo->GetDocShell(getter_AddRefs(docShell));
if (!docShell) return NS_ERROR_NULL_POINTER;
nsCOMPtr<nsIWebProgress> wp = do_GetInterface(docShell);
if (!wp) return NS_ERROR_NULL_POINTER;
wp->AddProgressListener(NS_STATIC_CAST(nsIWebProgressListener*,this));
mInitByLocationChange = PR_TRUE;
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::DisplayPageInfoUI()
{
nsresult res;
NS_WITH_SERVICE(nsISecurityManagerComponent, psm, PSM_COMPONENT_CONTRACTID,
&res);
if (NS_FAILED(res))
return res;
nsXPIDLCString host;
if (mCurrentURI)
mCurrentURI->GetHost(getter_Copies(host));
// return psm->DisplayPSMAdvisor(mLastPSMStatus, host);
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::Observe(nsISupports*, const PRUnichar*,
const PRUnichar*)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child,
PRBool* value)
{
*value = PR_FALSE;
if (parent == child) {
*value = PR_TRUE;
return NS_OK;
}
nsCOMPtr<nsIDOMWindow> childsParent;
child->GetParent(getter_AddRefs(childsParent));
if (childsParent && childsParent.get() != child)
IsChildOfDomWindow(parent, childsParent, value);
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
nsIDOMWindowInternal* window, nsIURI* actionURL,
PRBool* cancelSubmit)
{
// Return NS_OK unless we want to prevent this form from submitting.
*cancelSubmit = PR_FALSE;
if (!window || !actionURL || !formNode) {
return NS_OK;
}
nsCOMPtr<nsIDocument> document;
formNode->GetDocument(*getter_AddRefs(document));
if (!document) return NS_OK;
nsCOMPtr<nsIScriptGlobalObject> globalObject;
document->GetScriptGlobalObject(getter_AddRefs(globalObject));
nsCOMPtr<nsIDOMWindowInternal> postingWindow = do_QueryInterface(globalObject);
PRBool isChild;
IsChildOfDomWindow(mWindow, postingWindow, &isChild);
// This notify call is not for our window, ignore it.
if (!isChild)
return NS_OK;
PRBool okayToPost;
nsresult res = CheckPost(actionURL, &okayToPost);
if (NS_SUCCEEDED(res) && !okayToPost)
*cancelSubmit = PR_TRUE;
return res;
}
// nsIWebProgressListener
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
PRInt32 aCurSelfProgress,
PRInt32 aMaxSelfProgress,
PRInt32 aCurTotalProgress,
PRInt32 aMaxTotalProgress)
{
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
PRInt32 aProgressStateFlags,
nsresult aStatus)
{
nsresult res = NS_OK;
if (aRequest == nsnull || !mPref)
return NS_ERROR_NULL_POINTER;
// Get the channel from the request...
// If the request is not network based, then ignore it.
nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest, &res);
if (NS_FAILED(res))
return NS_OK;
nsCOMPtr<nsIInterfaceRequestor> requestor;
nsCOMPtr<nsISecurityEventSink> eventSink;
channel->GetNotificationCallbacks(getter_AddRefs(requestor));
if (requestor)
eventSink = do_GetInterface(requestor);
nsCOMPtr<nsIURI> loadingURI;
channel->GetURI(getter_AddRefs(loadingURI));
NS_ASSERTION(NS_SUCCEEDED(res),"GetURI failed");
#if defined(DEBUG)
if (loadingURI) {
nsXPIDLCString temp;
loadingURI->GetSpec(getter_Copies(temp));
PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
("SecureUI:%p: OnStateChange: %x :%s\n", this,
aProgressStateFlags,(const char*)temp));
}
#endif
// A Document is starting to load...
if ((aProgressStateFlags & STATE_START) &&
(aProgressStateFlags & STATE_IS_NETWORK)) {
// starting to load a webpage
PR_FREEIF(mLastPSMStatus); mLastPSMStatus = nsnull;
mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
if (mSecurityButton)
mSecurityButton->RemoveAttribute(NS_ConvertASCIItoUCS2("level"));
if (eventSink)
eventSink->OnSecurityChange(aRequest, STATE_IS_INSECURE);
res = CheckProtocolContextSwitch(eventSink, aRequest, loadingURI,
mCurrentURI);
return res;
}
// A document has finished loading
if ((aProgressStateFlags & STATE_STOP) &&
(aProgressStateFlags & STATE_IS_NETWORK) &&
mIsSecureDocument) {
if (!mIsDocumentBroken) { // and status is okay FIX
// qi for the psm information about this channel load.
nsCOMPtr<nsISupports> info;
channel->GetSecurityInfo(getter_AddRefs(info));
nsCOMPtr<nsISecureSocketInfo> secInfo = do_QueryInterface(info);
if (secInfo) {
// Everything looks okay. Lets stash the picked status.
PR_FREEIF(mLastPSMStatus);
// res = psmInfo->GetPickledStatus(&mLastPSMStatus);
// XXX figure out exactly what should be going on here
res = NS_OK;
if (NS_SUCCEEDED(res)) {
PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
("SecureUI:%p: Icon set to lock\n", this));
if (mSecurityButton)
res = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("level"),
NS_ConvertASCIItoUCS2("high"));
if (eventSink)
eventSink->OnSecurityChange(aRequest, (STATE_IS_SECURE));
if (!mSecurityButton)
return res;
// Do we really need to look at res here?
// What happens if there's an error?
// We should still set the certificate authority display.
#if 0
// XXX implement cert signer tooltip
CMTItem caName;
CMT_CONTROL *control;
CMTItem pickledResource = {0, NULL, 0};
CMUint32 socketStatus = 0;
pickledResource.len = *(int*)(mLastPSMStatus);
pickledResource.data = NS_REINTERPRET_POINTER_CAST(unsigned char*, nsMemory::Alloc(SSMSTRING_PADDED_LENGTH(pickledResource.len)));
if (!pickledResource.data) return NS_ERROR_FAILURE;
memcpy(pickledResource.data, mLastPSMStatus+sizeof(int),
pickledResource.len);
psmInfo->GetControlPtr(&control);
if (CMT_UnpickleResource(control,
SSM_RESTYPE_SSL_SOCKET_STATUS,
pickledResource,
&socketStatus) == CMTSuccess) {
if (CMT_GetStringAttribute(control, socketStatus,
SSM_FID_SSS_CA_NAME,
&caName) == CMTSuccess) {
// Create space for "Signed by %s" display string
char *str = NS_REINTERPRET_POINTER_CAST(char*, nsMemory::Alloc(CERT_PREFIX_STR_LENGTH + 1 + caName.len));
if (str) {
*str = '\0';
strcat(str, CERT_PREFIX_STR);
// will memcpy just return if size == 0?
memcpy(str + CERT_PREFIX_STR_LENGTH, caName.data, caName.len);
*(str + CERT_PREFIX_STR_LENGTH + caName.len) = '\0';
res = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("tooltiptext"), NS_ConvertASCIItoUCS2(str));
nsMemory::Free(str);
}
}
}
nsMemory::Free(pickledResource.data);
#endif
return res;
}
}
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to broken\n",
this));
mIsDocumentBroken = PR_TRUE;
SetBrokenLockIcon(eventSink, aRequest);
return res;
}
/// if (aProgressStateFlags == nsIWebProgress::flag_net_redirecting)
/// {
/// // need to implmentent.
/// }
// don't need to do anything more if the page is broken or not secure...
if (!mIsSecureDocument || mIsDocumentBroken)
return NS_OK;
// A URL is starting to load...
if ((aProgressStateFlags & STATE_START) &&
(aProgressStateFlags & STATE_IS_NETWORK)) {
// check to see if we are going to mix content.
return CheckMixedContext(eventSink, aRequest, loadingURI);
}
// A URL has finished loading...
if ((aProgressStateFlags & STATE_STOP) &&
(aProgressStateFlags & STATE_IS_NETWORK)) {
if (1) {
// FIX status from the flag...
nsCOMPtr<nsISupports> info;
channel->GetSecurityInfo(getter_AddRefs(info));
nsCOMPtr<nsISecureSocketInfo> secInfo = do_QueryInterface(info, &res);
// qi for the psm information about this channel load.
if (secInfo) {
return NS_OK;
}
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
("SecureUI:%p: OnStateChange - Icon set to broken\n", this));
SetBrokenLockIcon(eventSink, aRequest);
mIsDocumentBroken = PR_TRUE;
}
return res;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
nsIURI* aLocation)
{
mCurrentURI = aLocation;
if (mInitByLocationChange) {
IsURLHTTPS(mCurrentURI, &mIsSecureDocument);
mInitByLocationChange = PR_FALSE;
}
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnStatusChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
nsresult aStatus,
const PRUnichar* aMessage)
{
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress *aWebProgress,
nsIRequest *aRequest,
PRInt32 state)
{
// I am the guy that created this notification - do nothing
#if defined(DEBUG_dougt)
nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
if (!channel)
return NS_ERROR_FAILURE;
nsCOMPtr<nsIURI> aURI;
channel->GetURI(getter_AddRefs(aURI));
nsXPIDLCString temp;
aURI->GetSpec(getter_Copies(temp));
printf("OnSecurityChange: (%x) %s\n", state, (const char*)temp);
#endif
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::IsURLHTTPS(nsIURI* aURL, PRBool* value)
{
*value = PR_FALSE;
if (!aURL)
return NS_OK;
char* scheme;
aURL->GetScheme(&scheme);
// If no scheme, it's not an https url - not necessarily an error.
// See bugs 54845 and 54966
if (!scheme)
return NS_OK;
if (!PL_strncasecmp(scheme, "https", 5))
*value = PR_TRUE;
nsMemory::Free(scheme);
return NS_OK;
}
void
nsSecureBrowserUIImpl::GetBundleString(const nsString& name,
nsString &outString)
{
if (mStringBundle && name.Length() > 0) {
PRUnichar *ptrv = nsnull;
if (NS_SUCCEEDED(mStringBundle->GetStringFromName(name.GetUnicode(),
&ptrv)))
outString = ptrv;
else
outString.SetLength(0);
nsMemory::Free(ptrv);
} else {
outString.SetLength(0);
}
}
nsresult
nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSink,
nsIRequest* aRequest,
nsIURI* newURI,
nsIURI* oldURI)
{
nsresult res;
PRBool isNewSchemeSecure, isOldSchemeSecure, boolpref;
res = IsURLHTTPS(oldURI, &isOldSchemeSecure);
if (NS_FAILED(res))
return res;
res = IsURLHTTPS(newURI, &isNewSchemeSecure);
if (NS_FAILED(res))
return res;
// Check to see if we are going from a secure page to an insecure page
if (!isNewSchemeSecure && isOldSchemeSecure) {
SetBrokenLockIcon(eventSink, aRequest, PR_TRUE);
if ((mPref->GetBoolPref(LEAVE_SITE_PREF, &boolpref) != 0))
boolpref = PR_TRUE;
if (boolpref) {
nsCOMPtr<nsIPrompt> dialog;
mWindow->GetPrompter(getter_AddRefs(dialog));
if (!dialog)
return NS_ERROR_FAILURE;
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("LeaveSiteMessage"), message);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
PRBool outCheckValue = PR_TRUE;
res = dialog->AlertCheck(windowTitle.GetUnicode(),
message.GetUnicode(),
dontShowAgain.GetUnicode(),
&outCheckValue);
if (NS_FAILED(res))
return res;
if (!outCheckValue) {
mPref->SetBoolPref(LEAVE_SITE_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &res);
if (NS_FAILED(res))
return res;
// psm->PassPrefs();
}
}
}
// check to see if we are going from an insecure page to a secure one.
else if (isNewSchemeSecure && !isOldSchemeSecure) {
if ((mPref->GetBoolPref(ENTER_SITE_PREF, &boolpref) != 0))
boolpref = PR_TRUE;
if (boolpref) {
nsCOMPtr<nsIPrompt> dialog;
mWindow->GetPrompter(getter_AddRefs(dialog));
if (!dialog)
return NS_ERROR_FAILURE;
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("EnterSiteMessage"), message);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
PRBool outCheckValue = PR_TRUE;
res = dialog->AlertCheck(windowTitle.GetUnicode(),
message.GetUnicode(),
dontShowAgain.GetUnicode(),
&outCheckValue);
if (NS_FAILED(res))
return res;
if (!outCheckValue) {
mPref->SetBoolPref(ENTER_SITE_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &res);
if (NS_FAILED(res))
return res;
// psm->PassPrefs();
}
}
}
mIsSecureDocument = isNewSchemeSecure;
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink,
nsIRequest* aRequest, nsIURI* nextURI)
{
PRBool secure;
nsresult rv = IsURLHTTPS(nextURI, &secure);
if (NS_FAILED(rv))
return rv;
if (!secure && mIsSecureDocument) {
mIsDocumentBroken = PR_TRUE;
SetBrokenLockIcon(eventSink, aRequest);
if (!mPref) return NS_ERROR_NULL_POINTER;
PRBool boolpref;
if ((mPref->GetBoolPref(MIXEDCONTENT_PREF, &boolpref) != 0))
boolpref = PR_TRUE;
if (boolpref && !mMixContentAlertShown) {
nsCOMPtr<nsIPrompt> dialog;
mWindow->GetPrompter(getter_AddRefs(dialog));
if (!dialog)
return NS_ERROR_FAILURE;
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("MixedContentMessage"), message);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
PRBool outCheckValue = PR_TRUE;
rv = dialog->AlertCheck(windowTitle.GetUnicode(),
message.GetUnicode(),
dontShowAgain.GetUnicode(),
&outCheckValue);
if (NS_FAILED(rv))
return rv;
if (!outCheckValue) {
mPref->SetBoolPref(MIXEDCONTENT_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &rv);
if (NS_FAILED(rv))
return rv;
// psm->PassPrefs();
}
mMixContentAlertShown = PR_TRUE;
}
}
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
{
PRBool secure;
nsresult rv = IsURLHTTPS(actionURL, &secure);
if (NS_FAILED(rv))
return rv;
// if we are posting to a secure link from a secure page, all is okay.
if (secure && mIsSecureDocument)
return NS_OK;
PRBool boolpref = PR_TRUE;
// posting to a non https URL.
mPref->GetBoolPref(INSECURE_SUBMIT_PREF, &boolpref);
if (boolpref) {
nsCOMPtr<nsIPrompt> dialog;
mWindow->GetPrompter(getter_AddRefs(dialog));
if (!dialog)
return NS_ERROR_FAILURE;
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
// posting to insecure webpage from a secure webpage.
if (!secure && mIsSecureDocument && !mIsDocumentBroken) {
GetBundleString(NS_ConvertASCIItoUCS2("PostToInsecure"), message);
} else { // anything else, post generic warning
GetBundleString(NS_ConvertASCIItoUCS2("PostToInsecureFromInsecure"),
message);
}
PRBool outCheckValue = PR_TRUE;
rv = dialog->ConfirmCheck(windowTitle.GetUnicode(),
message.GetUnicode(),
dontShowAgain.GetUnicode(),
&outCheckValue,
okayToPost);
if (NS_FAILED(rv))
return rv;
if (!outCheckValue) {
mPref->SetBoolPref(INSECURE_SUBMIT_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &rv);
if (NS_FAILED(rv))
return rv;
// psm->PassPrefs();
}
} else {
*okayToPost = PR_TRUE;
}
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::SetBrokenLockIcon(nsISecurityEventSink *eventSink,
nsIRequest* aRequest,
PRBool removeValue)
{
nsresult rv = NS_OK;
if (removeValue) {
if (mSecurityButton)
rv = mSecurityButton->RemoveAttribute(NS_ConvertASCIItoUCS2("level"));
if (eventSink)
(void) eventSink->OnSecurityChange(aRequest, STATE_IS_INSECURE);
} else {
if (mSecurityButton)
rv = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("level"),
NS_ConvertASCIItoUCS2("broken"));
if (eventSink)
(void) eventSink->OnSecurityChange(aRequest, (STATE_IS_BROKEN));
}
nsAutoString tooltiptext;
GetBundleString(NS_ConvertASCIItoUCS2("SecurityButtonTooltipText"),
tooltiptext);
if (mSecurityButton)
rv = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("tooltiptext"),
tooltiptext);
return rv;
}

108
security/manager/ssl/src/nsSecureBrowserUIImpl.h Normal file
Просмотреть файл

@ -0,0 +1,108 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#ifndef nsSecureBrowserUIImpl_h_
#define nsSecureBrowserUIImpl_h_
#include "nsCOMPtr.h"
#include "nsXPIDLString.h"
#include "nsString.h"
#include "nsIObserver.h"
#include "nsIDocumentLoaderObserver.h"
#include "nsIDOMElement.h"
#include "nsIDOMWindowInternal.h"
#include "nsIStringBundle.h"
#include "nsISecureBrowserUI.h"
#include "nsIDocShell.h"
#include "nsIPref.h"
#include "nsIWebProgressListener.h"
#include "nsIFormSubmitObserver.h"
#include "nsIURI.h"
#include "nsISecurityEventSink.h"
#define NS_SECURE_BROWSER_DOCOBSERVER_CLASSNAME "Mozilla Secure Browser Doc Observer"
#define NS_SECURE_BROWSER_DOCOBSERVER_CID \
{0x91003b94, 0x1dd2, 0x11b2, \
{0xaf, 0xc1, 0xc2, 0xc9, 0xc2, 0x15, 0x98, 0xf0}}
#define NS_SECURE_BROWSER_DOCOBSERVER_CONTRACTID "@mozilla.org/secure_browser_docobserver;1"
class nsSecureBrowserUIImpl : public nsSecureBrowserUI,
public nsIWebProgressListener,
public nsIFormSubmitObserver,
public nsIObserver
{
public:
nsSecureBrowserUIImpl();
virtual ~nsSecureBrowserUIImpl();
static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
NS_DECL_ISUPPORTS
NS_DECL_NSIWEBPROGRESSLISTENER
NS_DECL_NSSECUREBROWSERUI
// nsIObserver
NS_DECL_NSIOBSERVER
NS_IMETHOD Notify(nsIContent* formNode, nsIDOMWindowInternal* window,
nsIURI *actionURL, PRBool* cancelSubmit);
protected:
nsCOMPtr<nsIDOMWindowInternal> mWindow;
nsCOMPtr<nsIDOMElement> mSecurityButton;
nsCOMPtr<nsIDocumentLoaderObserver> mOldWebShellObserver;
nsCOMPtr<nsIPref> mPref;
nsCOMPtr<nsIStringBundle> mStringBundle;
nsCOMPtr<nsIURI> mCurrentURI;
PRBool mIsSecureDocument;
PRBool mIsDocumentBroken;
PRBool mMixContentAlertShown;
PRBool mInitByLocationChange;
char* mLastPSMStatus;
void GetBundleString(const nsString& name, nsString &outString);
nsresult CheckProtocolContextSwitch(nsISecurityEventSink* sink,
nsIRequest* request, nsIURI* newURI,
nsIURI* oldURI);
nsresult CheckMixedContext(nsISecurityEventSink* sink, nsIRequest* request,
nsIURI* nextURI);
nsresult CheckPost(nsIURI *actionURL, PRBool *okayToPost);
nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value);
nsresult SetBrokenLockIcon(nsISecurityEventSink* sink, nsIRequest* request,
PRBool removeValue = PR_FALSE);
};
#endif /* nsSecureBrowserUIImpl_h_ */

114
security/manager/ssl/src/nsTLSSocketProvider.cpp Normal file
Просмотреть файл

@ -0,0 +1,114 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsTLSSocketProvider.h"
#include "nsNSSIOLayer.h"
nsTLSSocketProvider::nsTLSSocketProvider()
{
NS_INIT_REFCNT();
}
nsresult
nsTLSSocketProvider::Init()
{
nsresult rv = NS_OK;
return rv;
}
nsTLSSocketProvider::~nsTLSSocketProvider()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS2(nsTLSSocketProvider, nsISocketProvider,
nsISSLSocketProvider);
NS_METHOD
nsTLSSocketProvider::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult)
{
nsresult rv;
nsTLSSocketProvider* inst;
if (!aResult) {
rv = NS_ERROR_NULL_POINTER;
return rv;
}
*aResult = nsnull;
if (aOuter) {
rv = NS_ERROR_NO_AGGREGATION;
return rv;
}
NS_NEWXPCOM(inst, nsTLSSocketProvider);
if (!inst) {
rv = NS_ERROR_OUT_OF_MEMORY;
return rv;
}
NS_ADDREF(inst);
rv = inst->QueryInterface(aIID, aResult);
NS_RELEASE(inst);
return rv;
}
NS_IMETHODIMP
nsTLSSocketProvider::NewSocket(const char *host,
PRInt32 port,
const char *proxyHost,
PRInt32 proxyPort,
PRFileDesc **_result,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerNewSocket(host,
port,
proxyHost,
proxyPort,
_result,
securityInfo,
PR_TRUE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}
// Add the SSL IO layer to an existing socket
NS_IMETHODIMP
nsTLSSocketProvider::AddToSocket(const char *host,
PRInt32 port,
const char *proxyHost,
PRInt32 proxyPort,
PRFileDesc *aSocket,
nsISupports **securityInfo)
{
nsresult rv = nsSSLIOLayerAddToSocket(host,
port,
proxyHost,
proxyPort,
aSocket,
securityInfo,
PR_TRUE);
return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
}

56
security/manager/ssl/src/nsTLSSocketProvider.h Normal file
Просмотреть файл

@ -0,0 +1,56 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Brian Ryner <bryner@netscape.com>
*/
#ifndef _NSTLSSOCKETPROVIDER_H_
#define _NSTLSSOCKETPROVIDER_H_
#include "nsISSLSocketProvider.h"
#define NS_TLSSOCKETPROVIDER_CID \
{ /* b9507aec-1dd1-11b2-8cd5-c48ee0c50307 */ \
0xb9507aec, \
0x1dd1, \
0x11b2, \
{0x8c, 0xd5, 0xc4, 0x8e, 0xe0, 0xc5, 0x03, 0x07} \
}
class nsTLSSocketProvider : public nsISSLSocketProvider
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSISOCKETPROVIDER
NS_DECL_NSISSLSOCKETPROVIDER
// nsTLSSocketProvider methods:
nsTLSSocketProvider();
virtual ~nsTLSSocketProvider();
static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
nsresult Init();
protected:
};
#endif /* _NSTLSSOCKETPROVIDER_H_ */