Reorganize password callback context (uses nsIInterfaceRequestor).

Fix several bugs in the SDR implementation.
This commit is contained in:
thayes%netscape.com 2001-01-31 18:03:49 +00:00
Родитель 1a4cebe15b
Коммит 4dea78ce93
7 изменённых файлов: 139 добавлений и 29 удалений

Просмотреть файл

@ -73,6 +73,7 @@ CPPSRCS = \
nsSSLSocketProvider.cpp \ nsSSLSocketProvider.cpp \
nsSecureBrowserUIImpl.cpp \ nsSecureBrowserUIImpl.cpp \
nsTLSSocketProvider.cpp \ nsTLSSocketProvider.cpp \
nsSDR.cpp \
$(NULL) $(NULL)
REQUIRES = nspr security REQUIRES = nspr security

Просмотреть файл

@ -57,6 +57,7 @@ LLIBS = \
$(DIST)/lib/ssl.lib \ $(DIST)/lib/ssl.lib \
$(DIST)/lib/certhi.lib \ $(DIST)/lib/certhi.lib \
$(DIST)/lib/cryptohi.lib \ $(DIST)/lib/cryptohi.lib \
$(DIST)/lib/ssl.lib \
$(DIST)/lib/pk11wrap.lib \ $(DIST)/lib/pk11wrap.lib \
$(DIST)/lib/certdb.lib \ $(DIST)/lib/certdb.lib \
$(DIST)/lib/softoken.lib \ $(DIST)/lib/softoken.lib \
@ -78,8 +79,13 @@ OBJS = \
.\$(OBJDIR)\nsSSLSocketProvider.obj \ .\$(OBJDIR)\nsSSLSocketProvider.obj \
.\$(OBJDIR)\nsSecureBrowserUIImpl.obj \ .\$(OBJDIR)\nsSecureBrowserUIImpl.obj \
.\$(OBJDIR)\nsTLSSocketProvider.obj \ .\$(OBJDIR)\nsTLSSocketProvider.obj \
.\$(OBJDIR)\nsSDR.obj \
$(NULL) $(NULL)
!ifdef USE_NSCERTIFICATEDB
OBJS = $(OBJS) .\$(OBJDIR)\nsCertificateDB.obj
!endif
include <$(DEPTH)\config\rules.mak> include <$(DEPTH)\config\rules.mak>
install:: $(DLL) install:: $(DLL)

Просмотреть файл

@ -45,35 +45,37 @@ char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
nsresult rv = NS_OK; nsresult rv = NS_OK;
PRUnichar *password = nsnull; PRUnichar *password = nsnull;
PRBool value = PR_FALSE; PRBool value = PR_FALSE;
nsIInterfaceRequestor *ir = NS_STATIC_CAST(nsIInterfaceRequestor*, arg);
nsCOMPtr<nsIPrompt> proxyPrompt;
if (retry) // If no context is provided, no prompt is possible.
if (!ir)
return nsnull; return nsnull;
nsIChannelSecurityInfo* csi = NS_STATIC_CAST(nsIChannelSecurityInfo*, arg); /* TODO: Retry should generate a different dialog message */
nsCOMPtr<nsIChannel> channel; /*
csi->GetChannel(getter_AddRefs(channel)); if (retry)
if (!channel) return nsnull; return nsnull;
*/
nsCOMPtr<nsIInterfaceRequestor> callbacks; // The interface requestor object may not be safe, so
channel->GetNotificationCallbacks(getter_AddRefs(callbacks));
if (!callbacks) return nsnull;
// The notification callbacks object may not be safe, so
// proxy the call to get the nsIPrompt. // proxy the call to get the nsIPrompt.
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID)); nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
if (!proxyman) return nsnull;
nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks; nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks;
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
NS_GET_IID(nsIInterfaceRequestor), NS_GET_IID(nsIInterfaceRequestor),
callbacks, ir,
PROXY_SYNC, PROXY_SYNC,
getter_AddRefs(proxiedCallbacks)); getter_AddRefs(proxiedCallbacks));
// Get the desired interface
nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks)); nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks));
if (!prompt) return nsnull;
// Finally, get a proxy for the nsIPrompt // Finally, get a proxy for the nsIPrompt
nsCOMPtr<nsIPrompt> proxyPrompt;
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
NS_GET_IID(nsIPrompt), NS_GET_IID(nsIPrompt),
prompt, prompt,

Просмотреть файл

@ -71,9 +71,10 @@ nsNSSSocketInfo::~nsNSSSocketInfo()
{ {
} }
NS_IMPL_THREADSAFE_ISUPPORTS2(nsNSSSocketInfo, NS_IMPL_THREADSAFE_ISUPPORTS3(nsNSSSocketInfo,
nsIChannelSecurityInfo, nsIChannelSecurityInfo,
nsISSLSocketControl) nsISSLSocketControl,
nsIInterfaceRequestor)
NS_IMETHODIMP NS_IMETHODIMP
nsNSSSocketInfo::GetHostName(char * *aHostName) nsNSSSocketInfo::GetHostName(char * *aHostName)
@ -185,6 +186,21 @@ nsNSSSocketInfo::SetShortSecurityDescription(const PRUnichar* aText) {
return NS_OK; return NS_OK;
} }
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
NS_IMETHODIMP nsNSSSocketInfo::GetInterface(const nsIID & uuid, void * *result)
{
if (!mChannel) return NS_ERROR_FAILURE;
nsCOMPtr<nsIInterfaceRequestor> callbacks;
mChannel->GetNotificationCallbacks(getter_AddRefs(callbacks));
if (!callbacks) return NS_ERROR_FAILURE;
// Proxy of the channel callbacks should probably go here, rather
// than in the password callback code
return callbacks->GetInterface(uuid, result);
}
NS_IMETHODIMP NS_IMETHODIMP
nsNSSSocketInfo::GetForceHandshake(PRBool* forceHandshake) nsNSSSocketInfo::GetForceHandshake(PRBool* forceHandshake)
{ {
@ -492,7 +508,7 @@ nsSSLIOLayerAddToSocket(const char* host,
goto loser; goto loser;
} }
SSL_SetPKCS11PinArg(sslSock, infoObject); SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*)infoObject);
SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject); SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject);
SSL_GetClientAuthDataHook(sslSock, (SSLGetClientAuthData)NSS_GetClientAuthData, SSL_GetClientAuthDataHook(sslSock, (SSLGetClientAuthData)NSS_GetClientAuthData,
nsnull); nsnull);

Просмотреть файл

@ -27,13 +27,15 @@
#include "prtypes.h" #include "prtypes.h"
#include "prio.h" #include "prio.h"
#include "nsString.h" #include "nsString.h"
#include "nsIInterfaceRequestor.h"
#include "nsIChannelSecurityInfo.h" #include "nsIChannelSecurityInfo.h"
#include "nsISSLSocketControl.h" #include "nsISSLSocketControl.h"
class nsIChannel; class nsIChannel;
class nsNSSSocketInfo : public nsIChannelSecurityInfo, class nsNSSSocketInfo : public nsIChannelSecurityInfo,
public nsISSLSocketControl public nsISSLSocketControl,
public nsIInterfaceRequestor
{ {
public: public:
nsNSSSocketInfo(); nsNSSSocketInfo();
@ -42,6 +44,7 @@ public:
NS_DECL_ISUPPORTS NS_DECL_ISUPPORTS
NS_DECL_NSICHANNELSECURITYINFO NS_DECL_NSICHANNELSECURITYINFO
NS_DECL_NSISSLSOCKETCONTROL NS_DECL_NSISSLSOCKETCONTROL
NS_DECL_NSIINTERFACEREQUESTOR
nsresult SetHostName(const char *aHostName); nsresult SetHostName(const char *aHostName);
nsresult SetProxyName(const char *aName); nsresult SetProxyName(const char *aName);

Просмотреть файл

@ -33,10 +33,20 @@
#include "nsCURILoader.h" #include "nsCURILoader.h"
#include "nsSDR.h"
#ifdef USE_NSCERTIFICATEDB
#include "nsCertificateDB.h"
#endif
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init) NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl) NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider) NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider) NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing)
#ifdef USE_NSCERTIFICATEDB
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificateDB)
#endif
static nsModuleComponentInfo components[] = static nsModuleComponentInfo components[] =
{ {
@ -110,6 +120,22 @@ static nsModuleComponentInfo components[] =
nsSSLSocketProviderConstructor nsSSLSocketProviderConstructor
}, },
{
NS_SDR_CLASSNAME,
NS_SDR_CID,
NS_SDR_CONTRACTID,
nsSecretDecoderRingConstructor
},
#ifdef USE_NSCERTIFICATEDB
{
"Certificate Database",
NS_CERTIFICATEDB_CID,
NS_CERTIFICATEDB_CONTRACTID,
nsCertificateDBConstructor
},
#endif
{ {
"Entropy Collector", "Entropy Collector",
NS_ENTROPYCOLLECTOR_CID, NS_ENTROPYCOLLECTOR_CID,

Просмотреть файл

@ -23,21 +23,69 @@
#include "stdlib.h" #include "stdlib.h"
#include "plstr.h" #include "plstr.h"
#include "nsMemory.h"
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "plbase64.h" #include "plbase64.h"
#include "nsMemory.h"
#include "nsCOMPtr.h"
#include "nsISupports.h"
#include "nsIInterfaceRequestor.h"
#include "nsIServiceManager.h"
#include "nsISecurityManagerComponent.h" #include "nsISecurityManagerComponent.h"
#include "nsINetSupportDialogService.h"
#include "nsProxiedService.h"
#include "nsISecretDecoderRing.h" #include "nsISecretDecoderRing.h"
#include "nsSDR.h" #include "nsSDR.h"
// Import PK11_* functions
#include "pk11func.h" #include "pk11func.h"
#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
// Import PK11SDR_Encrypt and PK11SDR_Decrypt static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID);
#include "pk11sdr.h"
//
// Implementation of an nsIInterfaceRequestor for use
// as context for NSS calls
//
class nsSDRContext : public nsIInterfaceRequestor
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIINTERFACEREQUESTOR
nsSDRContext();
virtual ~nsSDRContext();
};
NS_IMPL_ISUPPORTS1(nsSDRContext, nsIInterfaceRequestor)
nsSDRContext::nsSDRContext()
{
NS_INIT_ISUPPORTS();
}
nsSDRContext::~nsSDRContext()
{
}
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
NS_IMETHODIMP nsSDRContext::GetInterface(const nsIID & uuid, void * *result)
{
nsresult rv;
if (uuid.Equals(NS_GET_IID(nsIPrompt))) {
NS_WITH_PROXIED_SERVICE(nsIPrompt, dialog, kNetSupportDialogCID,
NS_UI_THREAD_EVENTQ, &rv);
if (NS_FAILED(rv)) return rv;
*result = dialog;
NS_ADDREF(dialog);
} else {
rv = NS_ERROR_NO_INTERFACE;
}
return rv;
}
// Standard ISupports implementation // Standard ISupports implementation
// NOTE: Should these be the thread-safe versions? // NOTE: Should these be the thread-safe versions?
@ -49,6 +97,8 @@ nsSecretDecoderRing::nsSecretDecoderRing()
// initialize superclass // initialize superclass
NS_INIT_ISUPPORTS(); NS_INIT_ISUPPORTS();
// (Possibly) create the Security Manager component to get things
// initialized
nsCOMPtr<nsISecurityManagerComponent> nss = do_GetService(PSM_COMPONENT_CONTRACTID); nsCOMPtr<nsISecurityManagerComponent> nss = do_GetService(PSM_COMPONENT_CONTRACTID);
} }
@ -67,6 +117,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
SECItem request; SECItem request;
SECItem reply; SECItem reply;
SECStatus s; SECStatus s;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsSDRContext();
slot = PK11_GetInternalKeySlot(); slot = PK11_GetInternalKeySlot();
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
@ -74,7 +125,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
/* Make sure token is initialized. FIX THIS: needs UI */ /* Make sure token is initialized. FIX THIS: needs UI */
if (PK11_NeedUserInit(slot)) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } if (PK11_NeedUserInit(slot)) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
s = PK11_Authenticate(slot, PR_TRUE, 0); s = PK11_Authenticate(slot, PR_TRUE, ctx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; } if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
/* Use default key id */ /* Use default key id */
@ -82,7 +133,9 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
keyid.len = 0; keyid.len = 0;
request.data = data; request.data = data;
request.len = dataLen; request.len = dataLen;
s= PK11SDR_Encrypt(&keyid, &request, &reply, 0); reply.data = 0;
reply.len = 0;
s= PK11SDR_Encrypt(&keyid, &request, &reply, ctx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; } if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
*result = reply.data; *result = reply.data;
@ -102,6 +155,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
SECStatus s; SECStatus s;
SECItem request; SECItem request;
SECItem reply; SECItem reply;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsSDRContext();
*result = 0; *result = 0;
*_retval = 0; *_retval = 0;
@ -111,7 +165,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
/* Force authentication */ /* Force authentication */
if (PK11_Authenticate(slot, PR_TRUE, 0) != SECSuccess) if (PK11_Authenticate(slot, PR_TRUE, ctx) != SECSuccess)
{ {
rv = NS_ERROR_NOT_AVAILABLE; rv = NS_ERROR_NOT_AVAILABLE;
goto loser; goto loser;
@ -119,7 +173,9 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32
request.data = data; request.data = data;
request.len = dataLen; request.len = dataLen;
s = PK11SDR_Decrypt(&request, &reply, 0); reply.data = 0;
reply.len = 0;
s = PK11SDR_Decrypt(&request, &reply, ctx);
if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; } if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; }
*result = reply.data; *result = reply.data;