backing out all my patches from yesterday, 399043 398549 399022 399045 345665

This commit is contained in:
kaie%kuix.de 2007-10-17 00:18:58 +00:00
Родитель 8faef64631
Коммит 34f7df5e51
15 изменённых файлов: 35 добавлений и 478 удалений

Просмотреть файл

@ -38,17 +38,17 @@
<!ENTITY certmgr.title "Certificate Manager">
<!ENTITY certmgr.tab.mine "Your Certificates">
<!ENTITY certmgr.tab.others2 "People">
<!ENTITY certmgr.tab.others "Other People's">
<!ENTITY certmgr.tab.websites3 "Servers">
<!ENTITY certmgr.tab.ca "Authorities">
<!ENTITY certmgr.tab.orphan2 "Others">
<!ENTITY certmgr.tab.orphan "Extra">
<!ENTITY certmgr.ca.builtins "Built-in CAs">
<!ENTITY certmgr.ca.mycas "CAs Managed By You">
<!ENTITY certmgr.mine "You have certificates from these organizations that identify you:">
<!ENTITY certmgr.others "You have certificates on file that identify these people:">
<!ENTITY certmgr.websites2 "You have certificates on file that identify these servers:">
<!ENTITY certmgr.websites "You have certificates on file that identify these web sites:">
<!ENTITY certmgr.cas "You have certificates on file that identify these certificate authorities:">
<!ENTITY certmgr.orphans "You have certificates on file that do not fit in any of the other categories:">

Просмотреть файл

@ -48,7 +48,7 @@
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<vbox id="webCerts">
<description>&certmgr.websites2;</description>
<description>&certmgr.websites;</description>
<separator class="thin"/>
<tree id="server-tree" flex="1" enableColumnDrag="true"
onselect="websites_enableButtons()">

Просмотреть файл

@ -64,11 +64,11 @@
<tabbox id="certmanagertabs" flex="1" style="margin:5px" persist="selectedIndex">
<tabs id="certMgrTabbox">
<tab id="mine_tab" label="&certmgr.tab.mine;"/>
<tab id="others_tab" label="&certmgr.tab.others2;"/>
<tab id="others_tab" label="&certmgr.tab.others;"/>
<tab id="websites_tab" label="&certmgr.tab.websites3;"/>
<!-- FIXME Add selected="true" to ca_tab when 373525 gets fixed. -->
<tab id="ca_tab" label="&certmgr.tab.ca;"/>
<tab id="orphan_tab" label="&certmgr.tab.orphan2;"/>
<tab id="orphan_tab" label="&certmgr.tab.orphan;"/>
</tabs>
<tabpanels flex="1">
<vbox id="myCerts" flex="1"/>

Просмотреть файл

@ -83,32 +83,6 @@ function initExceptionDialog() {
gDialog.getButton("extra1").disabled = true;
}
// returns true if found and global status could be set
function findRecentBadCert(uri) {
try {
var recentCertsSvc = Components.classes["@mozilla.org/security/recentbadcerts;1"]
.getService(Components.interfaces.nsIRecentBadCertsService);
if (!recentCertsSvc)
return false;
var hostWithPort = uri.host + ":" + uri.port;
gSSLStatus = recentCertsSvc.getRecentBadCert(hostWithPort);
if (!gSSLStatus)
return false;
gCert = gSSLStatus.QueryInterface(Components.interfaces.nsISSLStatus).serverCert;
if (!gCert)
return false;
gBroken = true;
}
catch (e) {
return false;
}
updateCertStatus();
return true;
}
/**
* Attempt to download the certificate for the location specified, and populate
* the Certificate Status section with the result.
@ -121,13 +95,8 @@ function checkCert() {
gBroken = false;
updateCertStatus();
var uri = getURI();
// Is the cert already known in the list of recently seen bad certs?
if (findRecentBadCert(uri) == true)
return;
var req = new XMLHttpRequest();
var uri = getURI();
try {
if(uri) {
req.open('GET', uri.prePath, false);

Просмотреть файл

@ -62,7 +62,6 @@ SDK_XPIDLSRCS = \
XPIDLSRCS = \
nsICertOverrideService.idl \
nsIRecentBadCertsService.idl \
nsIFormSigningDialog.idl \
nsIX509Cert2.idl \
nsIX509Cert3.idl \

Просмотреть файл

@ -1,79 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Red Hat, Inc.
* Portions created by the Initial Developer are Copyright (C) 2006
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kengert@redhat.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
interface nsIArray;
interface nsIX509Cert;
interface nsISSLStatus;
%{C++
#define NS_RECENTBADCERTS_CONTRACTID "@mozilla.org/security/recentbadcerts;1"
%}
/**
* This represents a global list of recently seen bad ssl status
* including the bad cert.
* The implementation will decide how many entries it will hold,
* the number is expected to be small.
*/
[scriptable, uuid(a5ae8b05-a76e-408f-b0ba-02a831265749)]
interface nsIRecentBadCertsService : nsISupports {
/**
* Retrieve the recently seen bad ssl status for the given hostname:port.
* If no SSL cert was recently seen for the given hostname:port, return null.
* If a good cert was seen for the given hostname:port, return null.
*
* @param aHostNameWithPort The host:port whose entry should be tested
* @return null or a recently seen bad ssl status with cert
*/
nsISSLStatus getRecentBadCert(in AString aHostNameWithPort);
/**
* A bad certificate that should be remembered by the service.
* Will be added as the most recently seen cert.
* The service may forget older entries to make room for the new one.
*
* @param aHostNameWithPort The host:port whose entry should be tested
* @param aCert The bad ssl status with certificate
*/
void addBadCert(in AString aHostNameWithPort,
in nsISSLStatus aStatus);
};

Просмотреть файл

@ -59,7 +59,6 @@ PACKAGE_FILE = pipnss.pkg
CPPSRCS = \
nsNSSCleaner.cpp \
nsCertOverrideService.cpp \
nsRecentBadCerts.cpp \
nsPSMBackgroundThread.cpp \
nsSSLThread.cpp \
nsCertVerificationThread.cpp \

Просмотреть файл

@ -291,11 +291,11 @@ nsCertTree::GetThreadDescAtIndex(PRInt32 index)
// GetCertAtIndex
//
// If the row at index is a cert, return that cert. Otherwise, return null.
already_AddRefed<nsIX509Cert>
nsIX509Cert *
nsCertTree::GetCertAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset)
{
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(index, outAbsoluteCertOffset);
getter_AddRefs(GetDispInfoAtIndex(index, outAbsoluteCertOffset));
if (!certdi)
return nsnull;
@ -308,7 +308,7 @@ nsCertTree::GetCertAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset)
}
// If the row at index is a cert, return that cert. Otherwise, return null.
already_AddRefed<nsCertTreeDispInfo>
nsCertTreeDispInfo *
nsCertTree::GetDispInfoAtIndex(PRInt32 index,
PRInt32 *outAbsoluteCertOffset)
{
@ -606,6 +606,7 @@ nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
certdi->mTypeOfEntry = nsCertTreeDispInfo::direct_db;
// not necessary: certdi->mHostWithPort.Clear();
certdi->mOverrideBits = nsCertOverride::ob_None;
NS_IF_ADDREF(certdi);
mDispInfo.InsertElementAt(InsertPosition, certdi);
++count;
++InsertPosition;
@ -833,7 +834,10 @@ nsCertTree::DeleteEntryObject(PRUint32 index)
}
}
nsCertTreeDispInfo *certdi2 = mDispInfo.ElementAt(certIndex);
mDispInfo.RemoveElementAt(certIndex);
NS_IF_RELEASE(certdi2);
certdi2 = 0;
if (canRemoveEntry) {
RemoveCacheEntry(cert);
@ -864,7 +868,7 @@ NS_IMETHODIMP
nsCertTree::GetCert(PRUint32 aIndex, nsIX509Cert **_cert)
{
NS_ENSURE_ARG(_cert);
*_cert = GetCertAtIndex(aIndex).get();
*_cert = GetCertAtIndex(aIndex);
return NS_OK;
}
@ -874,7 +878,7 @@ nsCertTree::GetTreeItem(PRUint32 aIndex, nsICertTreeItem **_treeitem)
NS_ENSURE_ARG(_treeitem);
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(aIndex);
getter_AddRefs(GetDispInfoAtIndex(aIndex));
if (!certdi)
return NS_ERROR_FAILURE;
@ -889,7 +893,7 @@ nsCertTree::IsHostPortOverride(PRUint32 aIndex, PRBool *_retval)
NS_ENSURE_ARG(_retval);
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(aIndex);
getter_AddRefs(GetDispInfoAtIndex(aIndex));
if (!certdi)
return NS_ERROR_FAILURE;
@ -1110,7 +1114,7 @@ nsCertTree::GetCellText(PRInt32 row, nsITreeColumn* col,
PRInt32 absoluteCertOffset;
nsRefPtr<nsCertTreeDispInfo> certdi =
GetDispInfoAtIndex(row, &absoluteCertOffset);
getter_AddRefs(GetDispInfoAtIndex(row, &absoluteCertOffset));
if (!certdi)
return NS_ERROR_FAILURE;
@ -1392,7 +1396,7 @@ nsCertTree::dumpMap()
nsAutoString td(el->orgName);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("thread desc[%d]: %s", i, NS_LossyConvertUTF16toASCII(td).get()));
}
nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
nsCOMPtr<nsIX509Cert> ct = getter_AddRefs(GetCertAtIndex(i));
if (ct != nsnull) {
PRUnichar *goo;
ct->GetCommonName(&goo);

Просмотреть файл

@ -154,10 +154,9 @@ private:
nsCOMPtr<nsICertOverrideService> mOverrideService;
treeArrayEl *GetThreadDescAtIndex(PRInt32 _index);
already_AddRefed<nsIX509Cert>
GetCertAtIndex(PRInt32 _index, PRInt32 *outAbsoluteCertOffset = nsnull);
already_AddRefed<nsCertTreeDispInfo>
GetDispInfoAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset = nsnull);
nsIX509Cert *GetCertAtIndex(PRInt32 _index, PRInt32 *outAbsoluteCertOffset = nsnull);
nsCertTreeDispInfo *GetDispInfoAtIndex(PRInt32 index,
PRInt32 *outAbsoluteCertOffset = nsnull);
void FreeCertArray();
nsresult UpdateUIContents();

Просмотреть файл

@ -478,7 +478,7 @@ GetSlotWithMechanism(PRUint32 aMechanism,
rv = NS_ERROR_NOT_AVAILABLE;
}
else {
rv = dialogs->ChooseToken(m_ctx, (const PRUnichar**)tokenNameList, numSlots, &unicodeTokenChosen, &canceled);
rv = dialogs->ChooseToken(nsnull, (const PRUnichar**)tokenNameList, numSlots, &unicodeTokenChosen, &canceled);
}
}
NS_RELEASE(dialogs);

Просмотреть файл

@ -837,17 +837,17 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
// the code that cares for displaying page info does this already.
continue;
}
// We have found a signer cert that we want to remember.
nsCAutoString nickname;
nickname = nsNSSCertificate::defaultServerNickname(node->cert);
if (!nickname.IsEmpty()) {
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
if (slot) {
PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE,
const_cast<char*>(nickname.get()), PR_FALSE);
PK11_FreeSlot(slot);
}
if (!nssComponent) {
// delay getting the service until we really need it
nsresult rv;
nssComponent = do_GetService(kNSSComponentCID, &rv);
}
if (nssComponent) {
nssComponent->RememberCert(node->cert);
}
}

Просмотреть файл

@ -60,7 +60,6 @@
#include "nsIClientAuthDialogs.h"
#include "nsICertOverrideService.h"
#include "nsIBadCertListener2.h"
#include "nsRecentBadCerts.h"
#include "nsXPIDLString.h"
#include "nsReadableUtils.h"
@ -2343,8 +2342,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
nsCString hostWithPortString = hostString;
hostWithPortString.AppendLiteral(":");
hostWithPortString.AppendInt(port);
NS_ConvertUTF8toUTF16 hostWithPortStringUTF16(hostWithPortString);
// Check the name field against the desired hostname.
if (hostname && hostname[0] &&
@ -2446,7 +2444,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
{
PRBool haveStoredOverride;
nsrv = overrideService->HasMatchingOverride(hostWithPortStringUTF16,
nsrv = overrideService->HasMatchingOverride(NS_ConvertUTF8toUTF16(hostWithPortString),
ix509,
&storedOverrideBits,
&haveStoredOverride);
@ -2489,13 +2487,6 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
}
}
nsCOMPtr<nsIRecentBadCertsService> recentBadCertsService =
do_GetService(NS_RECENTBADCERTS_CONTRACTID);
if (recentBadCertsService) {
recentBadCertsService->AddBadCert(hostWithPortStringUTF16, status);
}
PR_SetError(errorCodeToReport, 0);
if (!suppressMessage) {
nsHandleInvalidCertError(infoObject,
@ -2505,7 +2496,6 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
errorCodeToReport,
ix509);
}
return cancel_and_failure(infoObject);
}

Просмотреть файл

@ -24,7 +24,6 @@
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@brianryner.com>
* Kai Engert <kengert@redhat.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
@ -75,7 +74,6 @@
#include "nsDataSignatureVerifier.h"
#include "nsCertOverrideService.h"
#include "nsRandomGenerator.h"
#include "nsRecentBadCerts.h"
// We must ensure that the nsNSSComponent has been loaded before
// creating any other components.
@ -198,7 +196,6 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsKeyObjectFactory)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsDataSignatureVerifier)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_FALSE, nsCertOverrideService, Init)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsRandomGenerator)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_FALSE, nsRecentBadCertsService, Init)
static NS_METHOD RegisterPSMContentListeners(
nsIComponentManager *aCompMgr,
@ -475,13 +472,6 @@ static const nsModuleComponentInfo components[] =
NS_RANDOMGENERATOR_CID,
NS_RANDOMGENERATOR_CONTRACTID,
nsRandomGeneratorConstructor
},
{
"PSM Recent Bad Certs Service",
NS_RECENTBADCERTS_CID,
NS_RECENTBADCERTS_CONTRACTID,
nsRecentBadCertsServiceConstructor
}
};

Просмотреть файл

@ -1,190 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Red Hat, Inc.
* Portions created by the Initial Developer are Copyright (C) 2006
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kengert@redhat.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsRecentBadCerts.h"
#include "nsIX509Cert.h"
#include "nsSSLStatus.h"
#include "nsCOMPtr.h"
#include "nsNSSCertificate.h"
#include "nsCRT.h"
#include "nsPromiseFlatString.h"
#include "nsStringBuffer.h"
#include "nsAutoLock.h"
#include "nsAutoPtr.h"
#include "nspr.h"
#include "pk11pub.h"
#include "certdb.h"
#include "sechash.h"
#include "nsNSSCleaner.h"
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
NS_IMPL_THREADSAFE_ISUPPORTS1(nsRecentBadCertsService,
nsIRecentBadCertsService)
nsRecentBadCertsService::nsRecentBadCertsService()
:mNextStorePosition(0)
{
monitor = PR_NewMonitor();
}
nsRecentBadCertsService::~nsRecentBadCertsService()
{
if (monitor)
PR_DestroyMonitor(monitor);
}
nsresult
nsRecentBadCertsService::Init()
{
return NS_OK;
}
NS_IMETHODIMP
nsRecentBadCertsService::GetRecentBadCert(const nsAString & aHostNameWithPort,
nsISSLStatus **aStatus)
{
NS_ENSURE_ARG_POINTER(aStatus);
if (!aHostNameWithPort.Length())
return NS_ERROR_INVALID_ARG;
*aStatus = nsnull;
nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
if (!status)
return NS_ERROR_OUT_OF_MEMORY;
SECItem foundDER;
foundDER.len = 0;
foundDER.data = nsnull;
PRBool isDomainMismatch;
PRBool isNotValidAtThisTime;
PRBool isUntrusted;
{
nsAutoMonitor lock(monitor);
for (size_t i=0; i<const_recently_seen_list_size; ++i) {
if (mCerts[i].mHostWithPort.Equals(aHostNameWithPort)) {
SECStatus srv = SECITEM_CopyItem(nsnull, &foundDER, &mCerts[i].mDERCert);
if (srv != SECSuccess)
return NS_ERROR_OUT_OF_MEMORY;
isDomainMismatch = mCerts[i].isDomainMismatch;
isNotValidAtThisTime = mCerts[i].isNotValidAtThisTime;
isUntrusted = mCerts[i].isUntrusted;
}
}
}
if (foundDER.len) {
CERTCertificate *nssCert;
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
nssCert = CERT_FindCertByDERCert(certdb, &foundDER);
if (!nssCert)
nssCert = CERT_NewTempCertificate(certdb, &foundDER,
nsnull, // no nickname
PR_FALSE, // not perm
PR_TRUE); // copy der
SECITEM_FreeItem(&foundDER, PR_FALSE);
if (!nssCert)
return NS_ERROR_FAILURE;
status->mServerCert = new nsNSSCertificate(nssCert);
CERT_DestroyCertificate(nssCert);
status->mHaveCertStatus = PR_TRUE;
status->mIsDomainMismatch = isDomainMismatch;
status->mIsNotValidAtThisTime = isNotValidAtThisTime;
status->mIsUntrusted = isUntrusted;
*aStatus = status;
NS_IF_ADDREF(*aStatus);
}
return NS_OK;
}
NS_IMETHODIMP
nsRecentBadCertsService::AddBadCert(const nsAString &hostWithPort,
nsISSLStatus *aStatus)
{
NS_ENSURE_ARG(aStatus);
nsCOMPtr<nsIX509Cert> cert;
nsresult rv;
rv = aStatus->GetServerCert(getter_AddRefs(cert));
NS_ENSURE_SUCCESS(rv, rv);
PRBool isDomainMismatch;
PRBool isNotValidAtThisTime;
PRBool isUntrusted;
rv = aStatus->GetIsDomainMismatch(&isDomainMismatch);
NS_ENSURE_SUCCESS(rv, rv);
rv = aStatus->GetIsNotValidAtThisTime(&isNotValidAtThisTime);
NS_ENSURE_SUCCESS(rv, rv);
rv = aStatus->GetIsUntrusted(&isUntrusted);
NS_ENSURE_SUCCESS(rv, rv);
SECItem tempItem;
rv = cert->GetRawDER(&tempItem.len, (PRUint8 **)&tempItem.data);
NS_ENSURE_SUCCESS(rv, rv);
{
nsAutoMonitor lock(monitor);
RecentBadCert &updatedEntry = mCerts[mNextStorePosition];
++mNextStorePosition;
if (mNextStorePosition == const_recently_seen_list_size)
mNextStorePosition = 0;
updatedEntry.Clear();
updatedEntry.mHostWithPort = hostWithPort;
updatedEntry.mDERCert = tempItem; // consume
updatedEntry.isDomainMismatch = isDomainMismatch;
updatedEntry.isNotValidAtThisTime = isNotValidAtThisTime;
updatedEntry.isUntrusted = isUntrusted;
}
return NS_OK;
}

Просмотреть файл

@ -1,124 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is
* Red Hat, Inc.
* Portions created by the Initial Developer are Copyright (C) 2006
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kengert@redhat.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef __RECENTBADCERTS_H__
#define __RECENTBADCERTS_H__
#include "nsIRecentBadCertsService.h"
#include "nsTHashtable.h"
#include "nsString.h"
#include "prmon.h"
#include "secitem.h"
class RecentBadCert
{
public:
RecentBadCert()
{
mDERCert.len = 0;
mDERCert.data = nsnull;
isDomainMismatch = PR_FALSE;
isNotValidAtThisTime = PR_FALSE;
isUntrusted = PR_FALSE;
}
~RecentBadCert()
{
Clear();
}
void Clear()
{
mHostWithPort.Truncate();
if (mDERCert.len)
nsMemory::Free(mDERCert.data);
mDERCert.len = 0;
mDERCert.data = nsnull;
}
nsString mHostWithPort;
SECItem mDERCert;
PRBool isDomainMismatch;
PRBool isNotValidAtThisTime;
PRBool isUntrusted;
private:
RecentBadCert(const RecentBadCert &other)
{
NS_NOTREACHED("RecentBadCert(const RecentBadCert &other) not implemented");
this->operator=(other);
}
RecentBadCert &operator=(const RecentBadCert &other)
{
NS_NOTREACHED("RecentBadCert &operator=(const RecentBadCert &other) not implemented");
return *this;
}
};
class nsRecentBadCertsService : public nsIRecentBadCertsService
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIRECENTBADCERTSSERVICE
nsRecentBadCertsService();
~nsRecentBadCertsService();
nsresult Init();
protected:
PRMonitor *monitor;
enum {const_recently_seen_list_size = 5};
RecentBadCert mCerts[const_recently_seen_list_size];
// will be in the range of 0 to list_size-1
PRUint32 mNextStorePosition;
};
#define NS_RECENTBADCERTS_CID { /* e7caf8c0-3570-47fe-aa1b-da47539b5d07 */ \
0xe7caf8c0, \
0x3570, \
0x47fe, \
{0xaa, 0x1b, 0xda, 0x47, 0x53, 0x9b, 0x5d, 0x07} \
}
#endif