Reorganize password callback context (uses nsIInterfaceRequestor).

Fix several bugs in the SDR implementation.
This commit is contained in:
thayes%netscape.com 2001-01-31 18:03:49 +00:00
Родитель 1a4cebe15b
Коммит 4dea78ce93
7 изменённых файлов: 139 добавлений и 29 удалений

Просмотреть файл

@ -73,6 +73,7 @@ CPPSRCS = \
nsSSLSocketProvider.cpp \
nsSecureBrowserUIImpl.cpp \
nsTLSSocketProvider.cpp \
nsSDR.cpp \
$(NULL)
REQUIRES = nspr security

Просмотреть файл

@ -57,6 +57,7 @@ LLIBS = \
$(DIST)/lib/ssl.lib \
$(DIST)/lib/certhi.lib \
$(DIST)/lib/cryptohi.lib \
$(DIST)/lib/ssl.lib \
$(DIST)/lib/pk11wrap.lib \
$(DIST)/lib/certdb.lib \
$(DIST)/lib/softoken.lib \
@ -78,8 +79,13 @@ OBJS = \
.\$(OBJDIR)\nsSSLSocketProvider.obj \
.\$(OBJDIR)\nsSecureBrowserUIImpl.obj \
.\$(OBJDIR)\nsTLSSocketProvider.obj \
.\$(OBJDIR)\nsSDR.obj \
$(NULL)
!ifdef USE_NSCERTIFICATEDB
OBJS = $(OBJS) .\$(OBJDIR)\nsCertificateDB.obj
!endif
include <$(DEPTH)\config\rules.mak>
install:: $(DLL)

Просмотреть файл

@ -45,37 +45,39 @@ char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
nsresult rv = NS_OK;
PRUnichar *password = nsnull;
PRBool value = PR_FALSE;
nsIInterfaceRequestor *ir = NS_STATIC_CAST(nsIInterfaceRequestor*, arg);
nsCOMPtr<nsIPrompt> proxyPrompt;
if (retry)
// If no context is provided, no prompt is possible.
if (!ir)
return nsnull;
nsIChannelSecurityInfo* csi = NS_STATIC_CAST(nsIChannelSecurityInfo*, arg);
nsCOMPtr<nsIChannel> channel;
csi->GetChannel(getter_AddRefs(channel));
if (!channel) return nsnull;
/* TODO: Retry should generate a different dialog message */
/*
if (retry)
return nsnull;
*/
nsCOMPtr<nsIInterfaceRequestor> callbacks;
channel->GetNotificationCallbacks(getter_AddRefs(callbacks));
if (!callbacks) return nsnull;
// The notification callbacks object may not be safe, so
// The interface requestor object may not be safe, so
// proxy the call to get the nsIPrompt.
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
if (!proxyman) return nsnull;
nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks;
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
NS_GET_IID(nsIInterfaceRequestor),
callbacks,
ir,
PROXY_SYNC,
getter_AddRefs(proxiedCallbacks));
// Get the desired interface
nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks));
if (!prompt) return nsnull;
// Finally, get a proxy for the nsIPrompt
nsCOMPtr<nsIPrompt> proxyPrompt;
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
NS_GET_IID(nsIPrompt),
NS_GET_IID(nsIPrompt),
prompt,
PROXY_SYNC,
getter_AddRefs(proxyPrompt));

Просмотреть файл

@ -71,9 +71,10 @@ nsNSSSocketInfo::~nsNSSSocketInfo()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS2(nsNSSSocketInfo,
NS_IMPL_THREADSAFE_ISUPPORTS3(nsNSSSocketInfo,
nsIChannelSecurityInfo,
nsISSLSocketControl)
nsISSLSocketControl,
nsIInterfaceRequestor)
NS_IMETHODIMP
nsNSSSocketInfo::GetHostName(char * *aHostName)
@ -185,6 +186,21 @@ nsNSSSocketInfo::SetShortSecurityDescription(const PRUnichar* aText) {
return NS_OK;
}
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
NS_IMETHODIMP nsNSSSocketInfo::GetInterface(const nsIID & uuid, void * *result)
{
if (!mChannel) return NS_ERROR_FAILURE;
nsCOMPtr<nsIInterfaceRequestor> callbacks;
mChannel->GetNotificationCallbacks(getter_AddRefs(callbacks));
if (!callbacks) return NS_ERROR_FAILURE;
// Proxy of the channel callbacks should probably go here, rather
// than in the password callback code
return callbacks->GetInterface(uuid, result);
}
NS_IMETHODIMP
nsNSSSocketInfo::GetForceHandshake(PRBool* forceHandshake)
{
@ -492,7 +508,7 @@ nsSSLIOLayerAddToSocket(const char* host,
goto loser;
}
SSL_SetPKCS11PinArg(sslSock, infoObject);
SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*)infoObject);
SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject);
SSL_GetClientAuthDataHook(sslSock, (SSLGetClientAuthData)NSS_GetClientAuthData,
nsnull);

Просмотреть файл

@ -27,13 +27,15 @@
#include "prtypes.h"
#include "prio.h"
#include "nsString.h"
#include "nsIInterfaceRequestor.h"
#include "nsIChannelSecurityInfo.h"
#include "nsISSLSocketControl.h"
class nsIChannel;
class nsNSSSocketInfo : public nsIChannelSecurityInfo,
public nsISSLSocketControl
public nsISSLSocketControl,
public nsIInterfaceRequestor
{
public:
nsNSSSocketInfo();
@ -42,6 +44,7 @@ public:
NS_DECL_ISUPPORTS
NS_DECL_NSICHANNELSECURITYINFO
NS_DECL_NSISSLSOCKETCONTROL
NS_DECL_NSIINTERFACEREQUESTOR
nsresult SetHostName(const char *aHostName);
nsresult SetProxyName(const char *aName);

Просмотреть файл

@ -33,10 +33,20 @@
#include "nsCURILoader.h"
#include "nsSDR.h"
#ifdef USE_NSCERTIFICATEDB
#include "nsCertificateDB.h"
#endif
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing)
#ifdef USE_NSCERTIFICATEDB
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificateDB)
#endif
static nsModuleComponentInfo components[] =
{
@ -110,6 +120,22 @@ static nsModuleComponentInfo components[] =
nsSSLSocketProviderConstructor
},
{
NS_SDR_CLASSNAME,
NS_SDR_CID,
NS_SDR_CONTRACTID,
nsSecretDecoderRingConstructor
},
#ifdef USE_NSCERTIFICATEDB
{
"Certificate Database",
NS_CERTIFICATEDB_CID,
NS_CERTIFICATEDB_CONTRACTID,
nsCertificateDBConstructor
},
#endif
{
"Entropy Collector",
NS_ENTROPYCOLLECTOR_CID,

Просмотреть файл

@ -23,21 +23,69 @@
#include "stdlib.h"
#include "plstr.h"
#include "nsMemory.h"
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "plbase64.h"
#include "nsMemory.h"
#include "nsCOMPtr.h"
#include "nsISupports.h"
#include "nsIInterfaceRequestor.h"
#include "nsIServiceManager.h"
#include "nsISecurityManagerComponent.h"
#include "nsINetSupportDialogService.h"
#include "nsProxiedService.h"
#include "nsISecretDecoderRing.h"
#include "nsSDR.h"
// Import PK11_* functions
#include "pk11func.h"
#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
// Import PK11SDR_Encrypt and PK11SDR_Decrypt
#include "pk11sdr.h"
static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID);
//
// Implementation of an nsIInterfaceRequestor for use
// as context for NSS calls
//
class nsSDRContext : public nsIInterfaceRequestor
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIINTERFACEREQUESTOR
nsSDRContext();
virtual ~nsSDRContext();
};
NS_IMPL_ISUPPORTS1(nsSDRContext, nsIInterfaceRequestor)
nsSDRContext::nsSDRContext()
{
NS_INIT_ISUPPORTS();
}
nsSDRContext::~nsSDRContext()
{
}
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
NS_IMETHODIMP nsSDRContext::GetInterface(const nsIID & uuid, void * *result)
{
nsresult rv;
if (uuid.Equals(NS_GET_IID(nsIPrompt))) {
NS_WITH_PROXIED_SERVICE(nsIPrompt, dialog, kNetSupportDialogCID,
NS_UI_THREAD_EVENTQ, &rv);
if (NS_FAILED(rv)) return rv;
*result = dialog;
NS_ADDREF(dialog);
} else {
rv = NS_ERROR_NO_INTERFACE;
}
return rv;
}
// Standard ISupports implementation
// NOTE: Should these be the thread-safe versions?
@ -49,6 +97,8 @@ nsSecretDecoderRing::nsSecretDecoderRing()
// initialize superclass
NS_INIT_ISUPPORTS();
// (Possibly) create the Security Manager component to get things
// initialized
nsCOMPtr<nsISecurityManagerComponent> nss = do_GetService(PSM_COMPONENT_CONTRACTID);
}
@ -67,6 +117,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
SECItem request;
SECItem reply;
SECStatus s;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsSDRContext();
slot = PK11_GetInternalKeySlot();
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
@ -74,7 +125,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
/* Make sure token is initialized. FIX THIS: needs UI */
if (PK11_NeedUserInit(slot)) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
s = PK11_Authenticate(slot, PR_TRUE, 0);
s = PK11_Authenticate(slot, PR_TRUE, ctx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
/* Use default key id */
@ -82,7 +133,9 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
keyid.len = 0;
request.data = data;
request.len = dataLen;
s= PK11SDR_Encrypt(&keyid, &request, &reply, 0);
reply.data = 0;
reply.len = 0;
s= PK11SDR_Encrypt(&keyid, &request, &reply, ctx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
*result = reply.data;
@ -102,6 +155,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
SECStatus s;
SECItem request;
SECItem reply;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsSDRContext();
*result = 0;
*_retval = 0;
@ -111,7 +165,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
/* Force authentication */
if (PK11_Authenticate(slot, PR_TRUE, 0) != SECSuccess)
if (PK11_Authenticate(slot, PR_TRUE, ctx) != SECSuccess)
{
rv = NS_ERROR_NOT_AVAILABLE;
goto loser;
@ -119,7 +173,9 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
request.data = data;
request.len = dataLen;
s = PK11SDR_Decrypt(&request, &reply, 0);
reply.data = 0;
reply.len = 0;
s = PK11SDR_Decrypt(&request, &reply, ctx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
*result = reply.data;