зеркало из https://github.com/mozilla/pjs.git
Reorganize password callback context (uses nsIInterfaceRequestor).
Fix several bugs in the SDR implementation.
This commit is contained in:
Родитель
1a4cebe15b
Коммит
4dea78ce93
|
@ -73,6 +73,7 @@ CPPSRCS = \
|
|||
nsSSLSocketProvider.cpp \
|
||||
nsSecureBrowserUIImpl.cpp \
|
||||
nsTLSSocketProvider.cpp \
|
||||
nsSDR.cpp \
|
||||
$(NULL)
|
||||
|
||||
REQUIRES = nspr security
|
||||
|
|
|
@ -57,6 +57,7 @@ LLIBS = \
|
|||
$(DIST)/lib/ssl.lib \
|
||||
$(DIST)/lib/certhi.lib \
|
||||
$(DIST)/lib/cryptohi.lib \
|
||||
$(DIST)/lib/ssl.lib \
|
||||
$(DIST)/lib/pk11wrap.lib \
|
||||
$(DIST)/lib/certdb.lib \
|
||||
$(DIST)/lib/softoken.lib \
|
||||
|
@ -78,8 +79,13 @@ OBJS = \
|
|||
.\$(OBJDIR)\nsSSLSocketProvider.obj \
|
||||
.\$(OBJDIR)\nsSecureBrowserUIImpl.obj \
|
||||
.\$(OBJDIR)\nsTLSSocketProvider.obj \
|
||||
.\$(OBJDIR)\nsSDR.obj \
|
||||
$(NULL)
|
||||
|
||||
!ifdef USE_NSCERTIFICATEDB
|
||||
OBJS = $(OBJS) .\$(OBJDIR)\nsCertificateDB.obj
|
||||
!endif
|
||||
|
||||
include <$(DEPTH)\config\rules.mak>
|
||||
|
||||
install:: $(DLL)
|
||||
|
|
|
@ -45,37 +45,39 @@ char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
|
|||
nsresult rv = NS_OK;
|
||||
PRUnichar *password = nsnull;
|
||||
PRBool value = PR_FALSE;
|
||||
nsIInterfaceRequestor *ir = NS_STATIC_CAST(nsIInterfaceRequestor*, arg);
|
||||
nsCOMPtr<nsIPrompt> proxyPrompt;
|
||||
|
||||
if (retry)
|
||||
// If no context is provided, no prompt is possible.
|
||||
if (!ir)
|
||||
return nsnull;
|
||||
|
||||
nsIChannelSecurityInfo* csi = NS_STATIC_CAST(nsIChannelSecurityInfo*, arg);
|
||||
nsCOMPtr<nsIChannel> channel;
|
||||
csi->GetChannel(getter_AddRefs(channel));
|
||||
if (!channel) return nsnull;
|
||||
/* TODO: Retry should generate a different dialog message */
|
||||
/*
|
||||
if (retry)
|
||||
return nsnull;
|
||||
*/
|
||||
|
||||
nsCOMPtr<nsIInterfaceRequestor> callbacks;
|
||||
channel->GetNotificationCallbacks(getter_AddRefs(callbacks));
|
||||
if (!callbacks) return nsnull;
|
||||
|
||||
// The notification callbacks object may not be safe, so
|
||||
// The interface requestor object may not be safe, so
|
||||
// proxy the call to get the nsIPrompt.
|
||||
|
||||
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
|
||||
if (!proxyman) return nsnull;
|
||||
|
||||
nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks;
|
||||
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
|
||||
NS_GET_IID(nsIInterfaceRequestor),
|
||||
callbacks,
|
||||
ir,
|
||||
PROXY_SYNC,
|
||||
getter_AddRefs(proxiedCallbacks));
|
||||
|
||||
// Get the desired interface
|
||||
nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks));
|
||||
if (!prompt) return nsnull;
|
||||
|
||||
// Finally, get a proxy for the nsIPrompt
|
||||
|
||||
nsCOMPtr<nsIPrompt> proxyPrompt;
|
||||
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
|
||||
NS_GET_IID(nsIPrompt),
|
||||
NS_GET_IID(nsIPrompt),
|
||||
prompt,
|
||||
PROXY_SYNC,
|
||||
getter_AddRefs(proxyPrompt));
|
||||
|
|
|
@ -71,9 +71,10 @@ nsNSSSocketInfo::~nsNSSSocketInfo()
|
|||
{
|
||||
}
|
||||
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS2(nsNSSSocketInfo,
|
||||
NS_IMPL_THREADSAFE_ISUPPORTS3(nsNSSSocketInfo,
|
||||
nsIChannelSecurityInfo,
|
||||
nsISSLSocketControl)
|
||||
nsISSLSocketControl,
|
||||
nsIInterfaceRequestor)
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSSocketInfo::GetHostName(char * *aHostName)
|
||||
|
@ -185,6 +186,21 @@ nsNSSSocketInfo::SetShortSecurityDescription(const PRUnichar* aText) {
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
|
||||
NS_IMETHODIMP nsNSSSocketInfo::GetInterface(const nsIID & uuid, void * *result)
|
||||
{
|
||||
if (!mChannel) return NS_ERROR_FAILURE;
|
||||
|
||||
nsCOMPtr<nsIInterfaceRequestor> callbacks;
|
||||
mChannel->GetNotificationCallbacks(getter_AddRefs(callbacks));
|
||||
if (!callbacks) return NS_ERROR_FAILURE;
|
||||
|
||||
// Proxy of the channel callbacks should probably go here, rather
|
||||
// than in the password callback code
|
||||
|
||||
return callbacks->GetInterface(uuid, result);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSSocketInfo::GetForceHandshake(PRBool* forceHandshake)
|
||||
{
|
||||
|
@ -492,7 +508,7 @@ nsSSLIOLayerAddToSocket(const char* host,
|
|||
goto loser;
|
||||
}
|
||||
|
||||
SSL_SetPKCS11PinArg(sslSock, infoObject);
|
||||
SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*)infoObject);
|
||||
SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject);
|
||||
SSL_GetClientAuthDataHook(sslSock, (SSLGetClientAuthData)NSS_GetClientAuthData,
|
||||
nsnull);
|
||||
|
|
|
@ -27,13 +27,15 @@
|
|||
#include "prtypes.h"
|
||||
#include "prio.h"
|
||||
#include "nsString.h"
|
||||
#include "nsIInterfaceRequestor.h"
|
||||
#include "nsIChannelSecurityInfo.h"
|
||||
#include "nsISSLSocketControl.h"
|
||||
|
||||
class nsIChannel;
|
||||
|
||||
class nsNSSSocketInfo : public nsIChannelSecurityInfo,
|
||||
public nsISSLSocketControl
|
||||
public nsISSLSocketControl,
|
||||
public nsIInterfaceRequestor
|
||||
{
|
||||
public:
|
||||
nsNSSSocketInfo();
|
||||
|
@ -42,6 +44,7 @@ public:
|
|||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSICHANNELSECURITYINFO
|
||||
NS_DECL_NSISSLSOCKETCONTROL
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
|
||||
nsresult SetHostName(const char *aHostName);
|
||||
nsresult SetProxyName(const char *aName);
|
||||
|
|
|
@ -33,10 +33,20 @@
|
|||
|
||||
#include "nsCURILoader.h"
|
||||
|
||||
#include "nsSDR.h"
|
||||
|
||||
#ifdef USE_NSCERTIFICATEDB
|
||||
#include "nsCertificateDB.h"
|
||||
#endif
|
||||
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider)
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing)
|
||||
#ifdef USE_NSCERTIFICATEDB
|
||||
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificateDB)
|
||||
#endif
|
||||
|
||||
static nsModuleComponentInfo components[] =
|
||||
{
|
||||
|
@ -110,6 +120,22 @@ static nsModuleComponentInfo components[] =
|
|||
nsSSLSocketProviderConstructor
|
||||
},
|
||||
|
||||
{
|
||||
NS_SDR_CLASSNAME,
|
||||
NS_SDR_CID,
|
||||
NS_SDR_CONTRACTID,
|
||||
nsSecretDecoderRingConstructor
|
||||
},
|
||||
|
||||
#ifdef USE_NSCERTIFICATEDB
|
||||
{
|
||||
"Certificate Database",
|
||||
NS_CERTIFICATEDB_CID,
|
||||
NS_CERTIFICATEDB_CONTRACTID,
|
||||
nsCertificateDBConstructor
|
||||
},
|
||||
#endif
|
||||
|
||||
{
|
||||
"Entropy Collector",
|
||||
NS_ENTROPYCOLLECTOR_CID,
|
||||
|
|
|
@ -23,21 +23,69 @@
|
|||
|
||||
#include "stdlib.h"
|
||||
#include "plstr.h"
|
||||
#include "nsMemory.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIServiceManager.h"
|
||||
|
||||
#include "plbase64.h"
|
||||
|
||||
#include "nsMemory.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsISupports.h"
|
||||
#include "nsIInterfaceRequestor.h"
|
||||
#include "nsIServiceManager.h"
|
||||
#include "nsISecurityManagerComponent.h"
|
||||
#include "nsINetSupportDialogService.h"
|
||||
#include "nsProxiedService.h"
|
||||
|
||||
#include "nsISecretDecoderRing.h"
|
||||
#include "nsSDR.h"
|
||||
|
||||
// Import PK11_* functions
|
||||
#include "pk11func.h"
|
||||
#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
|
||||
|
||||
// Import PK11SDR_Encrypt and PK11SDR_Decrypt
|
||||
#include "pk11sdr.h"
|
||||
static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID);
|
||||
|
||||
//
|
||||
// Implementation of an nsIInterfaceRequestor for use
|
||||
// as context for NSS calls
|
||||
//
|
||||
class nsSDRContext : public nsIInterfaceRequestor
|
||||
{
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
|
||||
nsSDRContext();
|
||||
virtual ~nsSDRContext();
|
||||
|
||||
};
|
||||
|
||||
NS_IMPL_ISUPPORTS1(nsSDRContext, nsIInterfaceRequestor)
|
||||
|
||||
nsSDRContext::nsSDRContext()
|
||||
{
|
||||
NS_INIT_ISUPPORTS();
|
||||
}
|
||||
|
||||
nsSDRContext::~nsSDRContext()
|
||||
{
|
||||
}
|
||||
|
||||
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
|
||||
NS_IMETHODIMP nsSDRContext::GetInterface(const nsIID & uuid, void * *result)
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
if (uuid.Equals(NS_GET_IID(nsIPrompt))) {
|
||||
NS_WITH_PROXIED_SERVICE(nsIPrompt, dialog, kNetSupportDialogCID,
|
||||
NS_UI_THREAD_EVENTQ, &rv);
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
*result = dialog;
|
||||
NS_ADDREF(dialog);
|
||||
} else {
|
||||
rv = NS_ERROR_NO_INTERFACE;
|
||||
}
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
// Standard ISupports implementation
|
||||
// NOTE: Should these be the thread-safe versions?
|
||||
|
@ -49,6 +97,8 @@ nsSecretDecoderRing::nsSecretDecoderRing()
|
|||
// initialize superclass
|
||||
NS_INIT_ISUPPORTS();
|
||||
|
||||
// (Possibly) create the Security Manager component to get things
|
||||
// initialized
|
||||
nsCOMPtr<nsISecurityManagerComponent> nss = do_GetService(PSM_COMPONENT_CONTRACTID);
|
||||
}
|
||||
|
||||
|
@ -67,6 +117,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
|
|||
SECItem request;
|
||||
SECItem reply;
|
||||
SECStatus s;
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsSDRContext();
|
||||
|
||||
slot = PK11_GetInternalKeySlot();
|
||||
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
|
||||
|
@ -74,7 +125,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
|
|||
/* Make sure token is initialized. FIX THIS: needs UI */
|
||||
if (PK11_NeedUserInit(slot)) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
|
||||
|
||||
s = PK11_Authenticate(slot, PR_TRUE, 0);
|
||||
s = PK11_Authenticate(slot, PR_TRUE, ctx);
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
|
||||
|
||||
/* Use default key id */
|
||||
|
@ -82,7 +133,9 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
|
|||
keyid.len = 0;
|
||||
request.data = data;
|
||||
request.len = dataLen;
|
||||
s= PK11SDR_Encrypt(&keyid, &request, &reply, 0);
|
||||
reply.data = 0;
|
||||
reply.len = 0;
|
||||
s= PK11SDR_Encrypt(&keyid, &request, &reply, ctx);
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
|
||||
|
||||
*result = reply.data;
|
||||
|
@ -102,6 +155,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
|
|||
SECStatus s;
|
||||
SECItem request;
|
||||
SECItem reply;
|
||||
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsSDRContext();
|
||||
|
||||
*result = 0;
|
||||
*_retval = 0;
|
||||
|
@ -111,7 +165,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
|
|||
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
|
||||
|
||||
/* Force authentication */
|
||||
if (PK11_Authenticate(slot, PR_TRUE, 0) != SECSuccess)
|
||||
if (PK11_Authenticate(slot, PR_TRUE, ctx) != SECSuccess)
|
||||
{
|
||||
rv = NS_ERROR_NOT_AVAILABLE;
|
||||
goto loser;
|
||||
|
@ -119,7 +173,9 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
|
|||
|
||||
request.data = data;
|
||||
request.len = dataLen;
|
||||
s = PK11SDR_Decrypt(&request, &reply, 0);
|
||||
reply.data = 0;
|
||||
reply.len = 0;
|
||||
s = PK11SDR_Decrypt(&request, &reply, ctx);
|
||||
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
|
||||
|
||||
*result = reply.data;
|
||||
|
|
Загрузка…
Ссылка в новой задаче