зеркало из https://github.com/mozilla/pjs.git
backing out all my patches from yesterday, 399043 398549 399022 399045 345665
This commit is contained in:
Родитель
8faef64631
Коммит
34f7df5e51
|
@ -38,17 +38,17 @@
|
|||
<!ENTITY certmgr.title "Certificate Manager">
|
||||
|
||||
<!ENTITY certmgr.tab.mine "Your Certificates">
|
||||
<!ENTITY certmgr.tab.others2 "People">
|
||||
<!ENTITY certmgr.tab.others "Other People's">
|
||||
<!ENTITY certmgr.tab.websites3 "Servers">
|
||||
<!ENTITY certmgr.tab.ca "Authorities">
|
||||
<!ENTITY certmgr.tab.orphan2 "Others">
|
||||
<!ENTITY certmgr.tab.orphan "Extra">
|
||||
|
||||
<!ENTITY certmgr.ca.builtins "Built-in CAs">
|
||||
<!ENTITY certmgr.ca.mycas "CAs Managed By You">
|
||||
|
||||
<!ENTITY certmgr.mine "You have certificates from these organizations that identify you:">
|
||||
<!ENTITY certmgr.others "You have certificates on file that identify these people:">
|
||||
<!ENTITY certmgr.websites2 "You have certificates on file that identify these servers:">
|
||||
<!ENTITY certmgr.websites "You have certificates on file that identify these web sites:">
|
||||
<!ENTITY certmgr.cas "You have certificates on file that identify these certificate authorities:">
|
||||
<!ENTITY certmgr.orphans "You have certificates on file that do not fit in any of the other categories:">
|
||||
|
||||
|
|
|
@ -48,7 +48,7 @@
|
|||
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
|
||||
|
||||
<vbox id="webCerts">
|
||||
<description>&certmgr.websites2;</description>
|
||||
<description>&certmgr.websites;</description>
|
||||
<separator class="thin"/>
|
||||
<tree id="server-tree" flex="1" enableColumnDrag="true"
|
||||
onselect="websites_enableButtons()">
|
||||
|
|
|
@ -64,11 +64,11 @@
|
|||
<tabbox id="certmanagertabs" flex="1" style="margin:5px" persist="selectedIndex">
|
||||
<tabs id="certMgrTabbox">
|
||||
<tab id="mine_tab" label="&certmgr.tab.mine;"/>
|
||||
<tab id="others_tab" label="&certmgr.tab.others2;"/>
|
||||
<tab id="others_tab" label="&certmgr.tab.others;"/>
|
||||
<tab id="websites_tab" label="&certmgr.tab.websites3;"/>
|
||||
<!-- FIXME Add selected="true" to ca_tab when 373525 gets fixed. -->
|
||||
<tab id="ca_tab" label="&certmgr.tab.ca;"/>
|
||||
<tab id="orphan_tab" label="&certmgr.tab.orphan2;"/>
|
||||
<tab id="orphan_tab" label="&certmgr.tab.orphan;"/>
|
||||
</tabs>
|
||||
<tabpanels flex="1">
|
||||
<vbox id="myCerts" flex="1"/>
|
||||
|
|
|
@ -83,32 +83,6 @@ function initExceptionDialog() {
|
|||
gDialog.getButton("extra1").disabled = true;
|
||||
}
|
||||
|
||||
// returns true if found and global status could be set
|
||||
function findRecentBadCert(uri) {
|
||||
try {
|
||||
var recentCertsSvc = Components.classes["@mozilla.org/security/recentbadcerts;1"]
|
||||
.getService(Components.interfaces.nsIRecentBadCertsService);
|
||||
if (!recentCertsSvc)
|
||||
return false;
|
||||
|
||||
var hostWithPort = uri.host + ":" + uri.port;
|
||||
gSSLStatus = recentCertsSvc.getRecentBadCert(hostWithPort);
|
||||
if (!gSSLStatus)
|
||||
return false;
|
||||
|
||||
gCert = gSSLStatus.QueryInterface(Components.interfaces.nsISSLStatus).serverCert;
|
||||
if (!gCert)
|
||||
return false;
|
||||
|
||||
gBroken = true;
|
||||
}
|
||||
catch (e) {
|
||||
return false;
|
||||
}
|
||||
updateCertStatus();
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Attempt to download the certificate for the location specified, and populate
|
||||
* the Certificate Status section with the result.
|
||||
|
@ -121,13 +95,8 @@ function checkCert() {
|
|||
gBroken = false;
|
||||
updateCertStatus();
|
||||
|
||||
var uri = getURI();
|
||||
|
||||
// Is the cert already known in the list of recently seen bad certs?
|
||||
if (findRecentBadCert(uri) == true)
|
||||
return;
|
||||
|
||||
var req = new XMLHttpRequest();
|
||||
var uri = getURI();
|
||||
try {
|
||||
if(uri) {
|
||||
req.open('GET', uri.prePath, false);
|
||||
|
|
|
@ -62,7 +62,6 @@ SDK_XPIDLSRCS = \
|
|||
|
||||
XPIDLSRCS = \
|
||||
nsICertOverrideService.idl \
|
||||
nsIRecentBadCertsService.idl \
|
||||
nsIFormSigningDialog.idl \
|
||||
nsIX509Cert2.idl \
|
||||
nsIX509Cert3.idl \
|
||||
|
|
|
@ -1,79 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||||
*
|
||||
* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Red Hat, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2006
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Kai Engert <kengert@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
interface nsIArray;
|
||||
interface nsIX509Cert;
|
||||
interface nsISSLStatus;
|
||||
|
||||
%{C++
|
||||
#define NS_RECENTBADCERTS_CONTRACTID "@mozilla.org/security/recentbadcerts;1"
|
||||
%}
|
||||
|
||||
/**
|
||||
* This represents a global list of recently seen bad ssl status
|
||||
* including the bad cert.
|
||||
* The implementation will decide how many entries it will hold,
|
||||
* the number is expected to be small.
|
||||
*/
|
||||
[scriptable, uuid(a5ae8b05-a76e-408f-b0ba-02a831265749)]
|
||||
interface nsIRecentBadCertsService : nsISupports {
|
||||
|
||||
/**
|
||||
* Retrieve the recently seen bad ssl status for the given hostname:port.
|
||||
* If no SSL cert was recently seen for the given hostname:port, return null.
|
||||
* If a good cert was seen for the given hostname:port, return null.
|
||||
*
|
||||
* @param aHostNameWithPort The host:port whose entry should be tested
|
||||
* @return null or a recently seen bad ssl status with cert
|
||||
*/
|
||||
nsISSLStatus getRecentBadCert(in AString aHostNameWithPort);
|
||||
|
||||
/**
|
||||
* A bad certificate that should be remembered by the service.
|
||||
* Will be added as the most recently seen cert.
|
||||
* The service may forget older entries to make room for the new one.
|
||||
*
|
||||
* @param aHostNameWithPort The host:port whose entry should be tested
|
||||
* @param aCert The bad ssl status with certificate
|
||||
*/
|
||||
void addBadCert(in AString aHostNameWithPort,
|
||||
in nsISSLStatus aStatus);
|
||||
};
|
|
@ -59,7 +59,6 @@ PACKAGE_FILE = pipnss.pkg
|
|||
CPPSRCS = \
|
||||
nsNSSCleaner.cpp \
|
||||
nsCertOverrideService.cpp \
|
||||
nsRecentBadCerts.cpp \
|
||||
nsPSMBackgroundThread.cpp \
|
||||
nsSSLThread.cpp \
|
||||
nsCertVerificationThread.cpp \
|
||||
|
|
|
@ -291,11 +291,11 @@ nsCertTree::GetThreadDescAtIndex(PRInt32 index)
|
|||
// GetCertAtIndex
|
||||
//
|
||||
// If the row at index is a cert, return that cert. Otherwise, return null.
|
||||
already_AddRefed<nsIX509Cert>
|
||||
nsIX509Cert *
|
||||
nsCertTree::GetCertAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset)
|
||||
{
|
||||
nsRefPtr<nsCertTreeDispInfo> certdi =
|
||||
GetDispInfoAtIndex(index, outAbsoluteCertOffset);
|
||||
getter_AddRefs(GetDispInfoAtIndex(index, outAbsoluteCertOffset));
|
||||
if (!certdi)
|
||||
return nsnull;
|
||||
|
||||
|
@ -308,7 +308,7 @@ nsCertTree::GetCertAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset)
|
|||
}
|
||||
|
||||
// If the row at index is a cert, return that cert. Otherwise, return null.
|
||||
already_AddRefed<nsCertTreeDispInfo>
|
||||
nsCertTreeDispInfo *
|
||||
nsCertTree::GetDispInfoAtIndex(PRInt32 index,
|
||||
PRInt32 *outAbsoluteCertOffset)
|
||||
{
|
||||
|
@ -606,6 +606,7 @@ nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
|
|||
certdi->mTypeOfEntry = nsCertTreeDispInfo::direct_db;
|
||||
// not necessary: certdi->mHostWithPort.Clear();
|
||||
certdi->mOverrideBits = nsCertOverride::ob_None;
|
||||
NS_IF_ADDREF(certdi);
|
||||
mDispInfo.InsertElementAt(InsertPosition, certdi);
|
||||
++count;
|
||||
++InsertPosition;
|
||||
|
@ -833,7 +834,10 @@ nsCertTree::DeleteEntryObject(PRUint32 index)
|
|||
}
|
||||
}
|
||||
|
||||
nsCertTreeDispInfo *certdi2 = mDispInfo.ElementAt(certIndex);
|
||||
mDispInfo.RemoveElementAt(certIndex);
|
||||
NS_IF_RELEASE(certdi2);
|
||||
certdi2 = 0;
|
||||
|
||||
if (canRemoveEntry) {
|
||||
RemoveCacheEntry(cert);
|
||||
|
@ -864,7 +868,7 @@ NS_IMETHODIMP
|
|||
nsCertTree::GetCert(PRUint32 aIndex, nsIX509Cert **_cert)
|
||||
{
|
||||
NS_ENSURE_ARG(_cert);
|
||||
*_cert = GetCertAtIndex(aIndex).get();
|
||||
*_cert = GetCertAtIndex(aIndex);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -874,7 +878,7 @@ nsCertTree::GetTreeItem(PRUint32 aIndex, nsICertTreeItem **_treeitem)
|
|||
NS_ENSURE_ARG(_treeitem);
|
||||
|
||||
nsRefPtr<nsCertTreeDispInfo> certdi =
|
||||
GetDispInfoAtIndex(aIndex);
|
||||
getter_AddRefs(GetDispInfoAtIndex(aIndex));
|
||||
if (!certdi)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
@ -889,7 +893,7 @@ nsCertTree::IsHostPortOverride(PRUint32 aIndex, PRBool *_retval)
|
|||
NS_ENSURE_ARG(_retval);
|
||||
|
||||
nsRefPtr<nsCertTreeDispInfo> certdi =
|
||||
GetDispInfoAtIndex(aIndex);
|
||||
getter_AddRefs(GetDispInfoAtIndex(aIndex));
|
||||
if (!certdi)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
@ -1110,7 +1114,7 @@ nsCertTree::GetCellText(PRInt32 row, nsITreeColumn* col,
|
|||
|
||||
PRInt32 absoluteCertOffset;
|
||||
nsRefPtr<nsCertTreeDispInfo> certdi =
|
||||
GetDispInfoAtIndex(row, &absoluteCertOffset);
|
||||
getter_AddRefs(GetDispInfoAtIndex(row, &absoluteCertOffset));
|
||||
if (!certdi)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
|
@ -1392,7 +1396,7 @@ nsCertTree::dumpMap()
|
|||
nsAutoString td(el->orgName);
|
||||
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("thread desc[%d]: %s", i, NS_LossyConvertUTF16toASCII(td).get()));
|
||||
}
|
||||
nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
|
||||
nsCOMPtr<nsIX509Cert> ct = getter_AddRefs(GetCertAtIndex(i));
|
||||
if (ct != nsnull) {
|
||||
PRUnichar *goo;
|
||||
ct->GetCommonName(&goo);
|
||||
|
|
|
@ -154,10 +154,9 @@ private:
|
|||
nsCOMPtr<nsICertOverrideService> mOverrideService;
|
||||
|
||||
treeArrayEl *GetThreadDescAtIndex(PRInt32 _index);
|
||||
already_AddRefed<nsIX509Cert>
|
||||
GetCertAtIndex(PRInt32 _index, PRInt32 *outAbsoluteCertOffset = nsnull);
|
||||
already_AddRefed<nsCertTreeDispInfo>
|
||||
GetDispInfoAtIndex(PRInt32 index, PRInt32 *outAbsoluteCertOffset = nsnull);
|
||||
nsIX509Cert *GetCertAtIndex(PRInt32 _index, PRInt32 *outAbsoluteCertOffset = nsnull);
|
||||
nsCertTreeDispInfo *GetDispInfoAtIndex(PRInt32 index,
|
||||
PRInt32 *outAbsoluteCertOffset = nsnull);
|
||||
void FreeCertArray();
|
||||
nsresult UpdateUIContents();
|
||||
|
||||
|
|
|
@ -478,7 +478,7 @@ GetSlotWithMechanism(PRUint32 aMechanism,
|
|||
rv = NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
else {
|
||||
rv = dialogs->ChooseToken(m_ctx, (const PRUnichar**)tokenNameList, numSlots, &unicodeTokenChosen, &canceled);
|
||||
rv = dialogs->ChooseToken(nsnull, (const PRUnichar**)tokenNameList, numSlots, &unicodeTokenChosen, &canceled);
|
||||
}
|
||||
}
|
||||
NS_RELEASE(dialogs);
|
||||
|
|
|
@ -837,17 +837,17 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
|
|||
// the code that cares for displaying page info does this already.
|
||||
continue;
|
||||
}
|
||||
|
||||
|
||||
// We have found a signer cert that we want to remember.
|
||||
nsCAutoString nickname;
|
||||
nickname = nsNSSCertificate::defaultServerNickname(node->cert);
|
||||
if (!nickname.IsEmpty()) {
|
||||
PK11SlotInfo *slot = PK11_GetInternalKeySlot();
|
||||
if (slot) {
|
||||
PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE,
|
||||
const_cast<char*>(nickname.get()), PR_FALSE);
|
||||
PK11_FreeSlot(slot);
|
||||
}
|
||||
|
||||
if (!nssComponent) {
|
||||
// delay getting the service until we really need it
|
||||
nsresult rv;
|
||||
nssComponent = do_GetService(kNSSComponentCID, &rv);
|
||||
}
|
||||
|
||||
if (nssComponent) {
|
||||
nssComponent->RememberCert(node->cert);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -60,7 +60,6 @@
|
|||
#include "nsIClientAuthDialogs.h"
|
||||
#include "nsICertOverrideService.h"
|
||||
#include "nsIBadCertListener2.h"
|
||||
#include "nsRecentBadCerts.h"
|
||||
|
||||
#include "nsXPIDLString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
|
@ -2343,8 +2342,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
|
|||
nsCString hostWithPortString = hostString;
|
||||
hostWithPortString.AppendLiteral(":");
|
||||
hostWithPortString.AppendInt(port);
|
||||
|
||||
NS_ConvertUTF8toUTF16 hostWithPortStringUTF16(hostWithPortString);
|
||||
|
||||
|
||||
// Check the name field against the desired hostname.
|
||||
if (hostname && hostname[0] &&
|
||||
|
@ -2446,7 +2444,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
|
|||
{
|
||||
PRBool haveStoredOverride;
|
||||
|
||||
nsrv = overrideService->HasMatchingOverride(hostWithPortStringUTF16,
|
||||
nsrv = overrideService->HasMatchingOverride(NS_ConvertUTF8toUTF16(hostWithPortString),
|
||||
ix509,
|
||||
&storedOverrideBits,
|
||||
&haveStoredOverride);
|
||||
|
@ -2489,13 +2487,6 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
|
|||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIRecentBadCertsService> recentBadCertsService =
|
||||
do_GetService(NS_RECENTBADCERTS_CONTRACTID);
|
||||
|
||||
if (recentBadCertsService) {
|
||||
recentBadCertsService->AddBadCert(hostWithPortStringUTF16, status);
|
||||
}
|
||||
|
||||
PR_SetError(errorCodeToReport, 0);
|
||||
if (!suppressMessage) {
|
||||
nsHandleInvalidCertError(infoObject,
|
||||
|
@ -2505,7 +2496,6 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
|
|||
errorCodeToReport,
|
||||
ix509);
|
||||
}
|
||||
|
||||
return cancel_and_failure(infoObject);
|
||||
}
|
||||
|
||||
|
|
|
@ -24,7 +24,6 @@
|
|||
* Hubbie Shaw
|
||||
* Doug Turner <dougt@netscape.com>
|
||||
* Brian Ryner <bryner@brianryner.com>
|
||||
* Kai Engert <kengert@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
|
@ -75,7 +74,6 @@
|
|||
#include "nsDataSignatureVerifier.h"
|
||||
#include "nsCertOverrideService.h"
|
||||
#include "nsRandomGenerator.h"
|
||||
#include "nsRecentBadCerts.h"
|
||||
|
||||
// We must ensure that the nsNSSComponent has been loaded before
|
||||
// creating any other components.
|
||||
|
@ -198,7 +196,6 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsKeyObjectFactory)
|
|||
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsDataSignatureVerifier)
|
||||
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_FALSE, nsCertOverrideService, Init)
|
||||
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsRandomGenerator)
|
||||
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_FALSE, nsRecentBadCertsService, Init)
|
||||
|
||||
static NS_METHOD RegisterPSMContentListeners(
|
||||
nsIComponentManager *aCompMgr,
|
||||
|
@ -475,13 +472,6 @@ static const nsModuleComponentInfo components[] =
|
|||
NS_RANDOMGENERATOR_CID,
|
||||
NS_RANDOMGENERATOR_CONTRACTID,
|
||||
nsRandomGeneratorConstructor
|
||||
},
|
||||
|
||||
{
|
||||
"PSM Recent Bad Certs Service",
|
||||
NS_RECENTBADCERTS_CID,
|
||||
NS_RECENTBADCERTS_CONTRACTID,
|
||||
nsRecentBadCertsServiceConstructor
|
||||
}
|
||||
};
|
||||
|
||||
|
|
|
@ -1,190 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||||
*
|
||||
* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Red Hat, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2006
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Kai Engert <kengert@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#include "nsRecentBadCerts.h"
|
||||
#include "nsIX509Cert.h"
|
||||
#include "nsSSLStatus.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsCRT.h"
|
||||
#include "nsPromiseFlatString.h"
|
||||
#include "nsStringBuffer.h"
|
||||
#include "nsAutoLock.h"
|
||||
#include "nsAutoPtr.h"
|
||||
#include "nspr.h"
|
||||
#include "pk11pub.h"
|
||||
#include "certdb.h"
|
||||
#include "sechash.h"
|
||||
|
||||
#include "nsNSSCleaner.h"
|
||||
NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS1(nsRecentBadCertsService,
|
||||
nsIRecentBadCertsService)
|
||||
|
||||
nsRecentBadCertsService::nsRecentBadCertsService()
|
||||
:mNextStorePosition(0)
|
||||
{
|
||||
monitor = PR_NewMonitor();
|
||||
}
|
||||
|
||||
nsRecentBadCertsService::~nsRecentBadCertsService()
|
||||
{
|
||||
if (monitor)
|
||||
PR_DestroyMonitor(monitor);
|
||||
}
|
||||
|
||||
nsresult
|
||||
nsRecentBadCertsService::Init()
|
||||
{
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsRecentBadCertsService::GetRecentBadCert(const nsAString & aHostNameWithPort,
|
||||
nsISSLStatus **aStatus)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(aStatus);
|
||||
if (!aHostNameWithPort.Length())
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
|
||||
*aStatus = nsnull;
|
||||
nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
|
||||
if (!status)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
SECItem foundDER;
|
||||
foundDER.len = 0;
|
||||
foundDER.data = nsnull;
|
||||
|
||||
PRBool isDomainMismatch;
|
||||
PRBool isNotValidAtThisTime;
|
||||
PRBool isUntrusted;
|
||||
|
||||
{
|
||||
nsAutoMonitor lock(monitor);
|
||||
for (size_t i=0; i<const_recently_seen_list_size; ++i) {
|
||||
if (mCerts[i].mHostWithPort.Equals(aHostNameWithPort)) {
|
||||
SECStatus srv = SECITEM_CopyItem(nsnull, &foundDER, &mCerts[i].mDERCert);
|
||||
if (srv != SECSuccess)
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
isDomainMismatch = mCerts[i].isDomainMismatch;
|
||||
isNotValidAtThisTime = mCerts[i].isNotValidAtThisTime;
|
||||
isUntrusted = mCerts[i].isUntrusted;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (foundDER.len) {
|
||||
CERTCertificate *nssCert;
|
||||
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
|
||||
nssCert = CERT_FindCertByDERCert(certdb, &foundDER);
|
||||
if (!nssCert)
|
||||
nssCert = CERT_NewTempCertificate(certdb, &foundDER,
|
||||
nsnull, // no nickname
|
||||
PR_FALSE, // not perm
|
||||
PR_TRUE); // copy der
|
||||
|
||||
SECITEM_FreeItem(&foundDER, PR_FALSE);
|
||||
|
||||
if (!nssCert)
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
status->mServerCert = new nsNSSCertificate(nssCert);
|
||||
CERT_DestroyCertificate(nssCert);
|
||||
|
||||
status->mHaveCertStatus = PR_TRUE;
|
||||
status->mIsDomainMismatch = isDomainMismatch;
|
||||
status->mIsNotValidAtThisTime = isNotValidAtThisTime;
|
||||
status->mIsUntrusted = isUntrusted;
|
||||
|
||||
*aStatus = status;
|
||||
NS_IF_ADDREF(*aStatus);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsRecentBadCertsService::AddBadCert(const nsAString &hostWithPort,
|
||||
nsISSLStatus *aStatus)
|
||||
{
|
||||
NS_ENSURE_ARG(aStatus);
|
||||
|
||||
nsCOMPtr<nsIX509Cert> cert;
|
||||
nsresult rv;
|
||||
rv = aStatus->GetServerCert(getter_AddRefs(cert));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
PRBool isDomainMismatch;
|
||||
PRBool isNotValidAtThisTime;
|
||||
PRBool isUntrusted;
|
||||
|
||||
rv = aStatus->GetIsDomainMismatch(&isDomainMismatch);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStatus->GetIsNotValidAtThisTime(&isNotValidAtThisTime);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStatus->GetIsUntrusted(&isUntrusted);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
SECItem tempItem;
|
||||
rv = cert->GetRawDER(&tempItem.len, (PRUint8 **)&tempItem.data);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
{
|
||||
nsAutoMonitor lock(monitor);
|
||||
RecentBadCert &updatedEntry = mCerts[mNextStorePosition];
|
||||
|
||||
++mNextStorePosition;
|
||||
if (mNextStorePosition == const_recently_seen_list_size)
|
||||
mNextStorePosition = 0;
|
||||
|
||||
updatedEntry.Clear();
|
||||
updatedEntry.mHostWithPort = hostWithPort;
|
||||
updatedEntry.mDERCert = tempItem; // consume
|
||||
updatedEntry.isDomainMismatch = isDomainMismatch;
|
||||
updatedEntry.isNotValidAtThisTime = isNotValidAtThisTime;
|
||||
updatedEntry.isUntrusted = isUntrusted;
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
|
@ -1,124 +0,0 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||||
*
|
||||
* ***** BEGIN LICENSE BLOCK *****
|
||||
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
||||
*
|
||||
* The contents of this file are subject to the Mozilla Public License Version
|
||||
* 1.1 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
* http://www.mozilla.org/MPL/
|
||||
*
|
||||
* Software distributed under the License is distributed on an "AS IS" basis,
|
||||
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
||||
* for the specific language governing rights and limitations under the
|
||||
* License.
|
||||
*
|
||||
* The Original Code is mozilla.org code.
|
||||
*
|
||||
* The Initial Developer of the Original Code is
|
||||
* Red Hat, Inc.
|
||||
* Portions created by the Initial Developer are Copyright (C) 2006
|
||||
* the Initial Developer. All Rights Reserved.
|
||||
*
|
||||
* Contributor(s):
|
||||
* Kai Engert <kengert@redhat.com>
|
||||
*
|
||||
* Alternatively, the contents of this file may be used under the terms of
|
||||
* either the GNU General Public License Version 2 or later (the "GPL"), or
|
||||
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
||||
* in which case the provisions of the GPL or the LGPL are applicable instead
|
||||
* of those above. If you wish to allow use of your version of this file only
|
||||
* under the terms of either the GPL or the LGPL, and not to allow others to
|
||||
* use your version of this file under the terms of the MPL, indicate your
|
||||
* decision by deleting the provisions above and replace them with the notice
|
||||
* and other provisions required by the GPL or the LGPL. If you do not delete
|
||||
* the provisions above, a recipient may use your version of this file under
|
||||
* the terms of any one of the MPL, the GPL or the LGPL.
|
||||
*
|
||||
* ***** END LICENSE BLOCK ***** */
|
||||
|
||||
#ifndef __RECENTBADCERTS_H__
|
||||
#define __RECENTBADCERTS_H__
|
||||
|
||||
#include "nsIRecentBadCertsService.h"
|
||||
#include "nsTHashtable.h"
|
||||
#include "nsString.h"
|
||||
#include "prmon.h"
|
||||
#include "secitem.h"
|
||||
|
||||
class RecentBadCert
|
||||
{
|
||||
public:
|
||||
|
||||
RecentBadCert()
|
||||
{
|
||||
mDERCert.len = 0;
|
||||
mDERCert.data = nsnull;
|
||||
isDomainMismatch = PR_FALSE;
|
||||
isNotValidAtThisTime = PR_FALSE;
|
||||
isUntrusted = PR_FALSE;
|
||||
}
|
||||
|
||||
~RecentBadCert()
|
||||
{
|
||||
Clear();
|
||||
}
|
||||
|
||||
void Clear()
|
||||
{
|
||||
mHostWithPort.Truncate();
|
||||
if (mDERCert.len)
|
||||
nsMemory::Free(mDERCert.data);
|
||||
mDERCert.len = 0;
|
||||
mDERCert.data = nsnull;
|
||||
}
|
||||
|
||||
nsString mHostWithPort;
|
||||
SECItem mDERCert;
|
||||
PRBool isDomainMismatch;
|
||||
PRBool isNotValidAtThisTime;
|
||||
PRBool isUntrusted;
|
||||
|
||||
private:
|
||||
RecentBadCert(const RecentBadCert &other)
|
||||
{
|
||||
NS_NOTREACHED("RecentBadCert(const RecentBadCert &other) not implemented");
|
||||
this->operator=(other);
|
||||
}
|
||||
|
||||
RecentBadCert &operator=(const RecentBadCert &other)
|
||||
{
|
||||
NS_NOTREACHED("RecentBadCert &operator=(const RecentBadCert &other) not implemented");
|
||||
return *this;
|
||||
}
|
||||
};
|
||||
|
||||
class nsRecentBadCertsService : public nsIRecentBadCertsService
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSIRECENTBADCERTSSERVICE
|
||||
|
||||
nsRecentBadCertsService();
|
||||
~nsRecentBadCertsService();
|
||||
|
||||
nsresult Init();
|
||||
|
||||
protected:
|
||||
PRMonitor *monitor;
|
||||
|
||||
enum {const_recently_seen_list_size = 5};
|
||||
RecentBadCert mCerts[const_recently_seen_list_size];
|
||||
|
||||
// will be in the range of 0 to list_size-1
|
||||
PRUint32 mNextStorePosition;
|
||||
};
|
||||
|
||||
#define NS_RECENTBADCERTS_CID { /* e7caf8c0-3570-47fe-aa1b-da47539b5d07 */ \
|
||||
0xe7caf8c0, \
|
||||
0x3570, \
|
||||
0x47fe, \
|
||||
{0xaa, 0x1b, 0xda, 0x47, 0x53, 0x9b, 0x5d, 0x07} \
|
||||
}
|
||||
|
||||
#endif
|
Загрузка…
Ссылка в новой задаче