mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

PSM 2.0 work: 

- Split nsISecureSocketInfo into nsISSLSocketControl and nsIChannelSecurityInfo.
- Incorporate lock icon fixes from psm-glue into pipnss code.
- Implement password callback for client auth in pipnss.
- Locallize the lock icon tooltip.
- Lots of code cleanup.

r=javi, jgmyers, sr=ben.
This commit is contained in:
bryner%uiuc.edu 2001-01-19 01:12:10 +00:00
Родитель 6c7d977144
Коммит 91ec263c8e
30 изменённых файлов: 667 добавлений и 623 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
extensions/psm-glue/public/nsIPSMSocketInfo.idl
Просмотреть файл

@ -21,7 +21,7 @@
* Doug Turner <dougt@netscape.com>
*/
#include "nsISecureSocketInfo.idl"
#include "nsIChannelSecurityInfo.idl"
%{C++
#include "cmtcmn.h"
@ -33,14 +33,12 @@
[ptr] native nsFileDescStar(PRFileDesc);
[noscript, uuid(deeb8dfc-fb7a-11d3-ac84-00c04fa0d26b)]
interface nsIPSMSocketInfo : nsISecureSocketInfo {
interface nsIPSMSocketInfo : nsIChannelSecurityInfo {
readonly attribute psmtControlStar controlPtr;
readonly attribute cmSocketStar socketPtr;
readonly attribute nsFileDescStar fileDescPtr;
void getPickledStatus(out charPtr pickledStatus);
readonly attribute long securityState;
};

26
extensions/psm-glue/src/nsSSLIOLayer.cpp
Просмотреть файл

@ -30,6 +30,7 @@
#include "nsPSMShimLayer.h"
#include "nsSSLIOLayer.h"
#include "nsIWebProgressListener.h"
#include "nsISSLSocketControl.h"
static PRDescIdentity nsSSLIOLayerIdentity;
static PRIOMethods nsSSLIOLayerMethods;
@ -38,16 +39,18 @@ static PRBool firstTime = PR_TRUE;
class nsPSMSocketInfo : public nsIPSMSocketInfo
class nsPSMSocketInfo : public nsIPSMSocketInfo,
public nsISSLSocketControl
{
public:
nsPSMSocketInfo();
virtual ~nsPSMSocketInfo();
NS_DECL_ISUPPORTS
NS_DECL_NSISECURESOCKETINFO
NS_DECL_NSICHANNELSECURITYINFO
NS_DECL_NSIPSMSOCKETINFO
NS_DECL_NSISSLSOCKETCONTROL
// internal functions to psm-glue.
nsresult SetSocketPtr(CMSocket *socketPtr);
nsresult SetControlPtr(CMT_CONTROL *aControlPtr);
@ -350,8 +353,8 @@ nsPSMSocketInfo::~nsPSMSocketInfo()
PR_FREEIF(mPickledStatus);
}
NS_IMPL_THREADSAFE_ISUPPORTS2(nsPSMSocketInfo, nsISecureSocketInfo,
nsIPSMSocketInfo);
NS_IMPL_THREADSAFE_ISUPPORTS3(nsPSMSocketInfo, nsIChannelSecurityInfo,
nsIPSMSocketInfo, nsISSLSocketControl);
// if the connection was via a proxy, we need to have the
// ssl layer "step up" to take an active role in the connection
@ -506,6 +509,11 @@ nsPSMSocketInfo::SetUseTLS(PRBool useTLS)
return NS_OK;
}
nsresult
nsPSMSocketInfo::GetShortSecurityDescription(PRUnichar** aText)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
nsresult
nsPSMSocketInfo::SetPickledStatus()
@ -648,8 +656,7 @@ nsSSLIOLayerNewSocket( const char *host,
}
*fd = sock;
*info = infoObject;
NS_ADDREF(*info);
infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**) info);
return NS_OK;
}
@ -726,10 +733,7 @@ nsSSLIOLayerAddToSocket( const char *host,
return rv;
}
*info = infoObject;
NS_ADDREF(*info);
infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**) info);
return NS_OK;
}

8
mailnews/compose/src/nsSmtpProtocol.cpp
Просмотреть файл

@ -48,7 +48,7 @@
#include "plbase64.h"
#include "nsEscape.h"
#include "nsISecureSocketInfo.h"
#include "nsISSLSocketControl.h"
/* sigh, cmtcmn.h, included from nsIPSMSocketInfo.h, includes windows.h, which includes winuser.h,
which defines PostMessage to be either PostMessageA or PostMessageW... of course it does this
without using parameters, so any use of PostMessage now becomes PostMessageA...
@ -763,10 +763,10 @@ PRInt32 nsSmtpProtocol::SendTLSResponse()
rv = m_channel->GetSecurityInfo(getter_AddRefs(secInfo));
if (NS_SUCCEEDED(rv) && secInfo) {
nsCOMPtr<nsISecureSocketInfo> securityInfo = do_QueryInterface(secInfo, &rv);
nsCOMPtr<nsISSLSocketControl> sslControl = do_QueryInterface(secInfo, &rv);
if (NS_SUCCEEDED(rv) && securityInfo) {
rv = securityInfo->TLSStepUp();
if (NS_SUCCEEDED(rv) && sslControl) {
rv = sslControl->TLSStepUp();
}
}

11
netwerk/base/src/nsSocketTransport.cpp
Просмотреть файл

@ -39,7 +39,8 @@
#include "nsIProxyObjectManager.h"
#include "nsXPIDLString.h"
#include "nsNetUtil.h"
#include "nsISecureSocketInfo.h"
#include "nsISSLSocketControl.h"
#include "nsIChannelSecurityInfo.h"
#include "nsMemory.h"
static NS_DEFINE_CID(kSocketProviderService, NS_SOCKETPROVIDERSERVICE_CID);
@ -878,7 +879,7 @@ nsresult nsSocketTransport::doConnection(PRInt16 aSelectFlags)
}
else if (nsCRT::strcmp(mSocketTypes[type], "ssl-forcehandshake") == 0) {
mSecurityInfo = socketInfo;
nsCOMPtr<nsISecureSocketInfo> securityInfo = do_QueryInterface(mSecurityInfo, &rv);
nsCOMPtr<nsIChannelSecurityInfo> securityInfo(do_QueryInterface(mSecurityInfo, &rv));
if (NS_SUCCEEDED(rv) && securityInfo)
securityInfo->SetForceHandshake(PR_TRUE);
}
@ -996,9 +997,9 @@ nsresult nsSocketTransport::doConnection(PRInt16 aSelectFlags)
// has been pushed, and we were proxying (transparently; ie. nothing
// has to happen in the protocol layer above us), it's time
// for the ssl to "step up" and start doing it's thing.
nsCOMPtr<nsISecureSocketInfo> securityInfo = do_QueryInterface(mSecurityInfo, &rv);
if (NS_SUCCEEDED(rv) && securityInfo) {
securityInfo->ProxyStepUp();
nsCOMPtr<nsISSLSocketControl> sslControl(do_QueryInterface(mSecurityInfo, &rv));
if (NS_SUCCEEDED(rv) && sslControl) {
sslControl->ProxyStepUp();
}
}

6
netwerk/protocol/http/src/nsHTTPRequest.cpp
Просмотреть файл

@ -41,7 +41,7 @@
#include "nsAuthEngine.h"
#include "nsIServiceManager.h"
#include "nsISocketTransport.h"
#include "nsISecureSocketInfo.h"
#include "nsISSLSocketControl.h"
#include "plstr.h"
#if defined(PR_LOGGING)
@ -942,10 +942,10 @@ nsHTTPPipelinedRequest::RestartRequest(PRUint32 aType)
rval = mTransport->GetSecurityInfo(getter_AddRefs(securityInfo));
if (NS_FAILED(rval)) return rval;
nsCOMPtr<nsISecureSocketInfo> psmSocketInfo = do_QueryInterface(securityInfo, &rval);
nsCOMPtr<nsISSLSocketControl> sslControl(do_QueryInterface(securityInfo, &rval));
if (NS_FAILED(rval)) return rval;
rval = psmSocketInfo->ProxyStepUp();
rval = sslControl->ProxyStepUp();
if (NS_FAILED(rval)) return rval;
return WriteRequest(mInputStream);

4
netwerk/socket/base/MANIFEST_IDL
Просмотреть файл

@ -5,4 +5,6 @@
nsISocketProvider.idl
nsISocketProviderService.idl
nsISSLSocketProvider.idl
nsISecureSocketInfo.idl
nsIChannelSecurityInfo.idl
nsISSLSocketControl.idl

3
netwerk/socket/base/Makefile.in
Просмотреть файл

@ -39,7 +39,8 @@ XPIDLSRCS = \
nsISOCKSSocketProvider.idl \
nsISOCKSSocketInfo.idl \
nsISSLSocketProvider.idl \
nsISecureSocketInfo.idl \
nsIChannelSecurityInfo.idl \
nsISSLSocketControl.idl \
$(NULL)
# we don't want the shared lib, but we want to force the creation of a

3
netwerk/socket/base/makefile.win
Просмотреть файл

@ -55,7 +55,8 @@ XPIDLSRCS= \
.\nsISOCKSSocketProvider.idl \
.\nsISOCKSSocketInfo.idl \
.\nsISSLSocketProvider.idl \
.\nsISecureSocketInfo.idl \
.\nsIChannelSecurityInfo.idl \
.\nsISSLSocketControl.idl \
$(NULL)
NO_GEN_XPT=1

39
netwerk/socket/base/nsIChannelSecurityInfo.idl Normal file
Просмотреть файл

@ -0,0 +1,39 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#include "nsISupports.idl"
[noscript, uuid(98d9cc72-1dd1-11b2-9156-eaf4d18b60d1)]
interface nsIChannelSecurityInfo : nsISupports {
readonly attribute string hostName;
readonly attribute PRInt32 hostPort;
readonly attribute string proxyName;
readonly attribute PRInt32 proxyPort;
attribute boolean forceHandshake;
readonly attribute long securityState;
readonly attribute wstring shortSecurityDescription;
};

33
netwerk/socket/base/nsISSLSocketControl.idl Normal file
Просмотреть файл

@ -0,0 +1,33 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#include "nsISupports.idl"
[noscript, uuid(46235840-1dd2-11b2-846e-f26209b20804)]
interface nsISSLSocketControl : nsISupports {
void proxyStepUp();
void TLSStepUp();
};

0
netwerk/socket/base/nsISecureSocketInfo.idl
Просмотреть файл

2
security/manager/ssl/Makefile.in
Просмотреть файл

@ -25,6 +25,6 @@ topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
DIRS = src
DIRS = resources src
include $(topsrcdir)/config/rules.mk

1
security/manager/ssl/resources/.cvsignore Normal file
Просмотреть файл

@ -0,0 +1 @@
Makefile

33
security/manager/ssl/resources/Makefile.in Normal file
Просмотреть файл

@ -0,0 +1,33 @@
#
# The contents of this file are subject to the Netscape Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/NPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is mozilla.org code.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
# Brian Ryner <bryner@netscape.com>
#
DEPTH = ../../../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
include $(topsrcdir)/config/rules.mk
chrome::
$(REGCHROME) content pipnss pipnss.jar
$(REGCHROME) locale en-US/pipnss pipnss.jar

17
security/manager/ssl/resources/content/contents.rdf Normal file
Просмотреть файл

@ -0,0 +1,17 @@
<?xml version="1.0"?>
<RDF:RDF xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:chrome="http://www.mozilla.org/rdf/chrome#">
<!-- list all the packages being supplied by this jar -->
<RDF:Seq about="urn:mozilla:package:root">
<RDF:li resource="urn:mozilla:package:pipnss"/>
</RDF:Seq>
<!-- package information -->
<RDF:Description about="urn:mozilla:package:pipnss"
chrome:displayName="pipnss"
chrome:author="PSM Team"
chrome:name="pipnss">
</RDF:Description>
</RDF:RDF>

22
security/manager/ssl/resources/locale/en-US/contents.rdf Normal file
Просмотреть файл

@ -0,0 +1,22 @@
<?xml version="1.0"?>
<RDF:RDF xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:chrome="http://www.mozilla.org/rdf/chrome#">
<!-- list all the locales being supplied by this jar -->
<RDF:Seq about="urn:mozilla:locale:root">
<RDF:li resource="urn:mozilla:locale:en-US"/>
</RDF:Seq>
<!-- locale information -->
<RDF:Description about="urn:mozilla:locale:en-US"
chrome:displayName="English (US)"
chrome:author="PSM Team"
chrome:name="en-US">
<chrome:packages>
<RDF:Seq about="urn:mozilla:locale:en-US:packages">
<RDF:li resource="urn:mozilla:locale:en-US:pipnss"/>
</RDF:Seq>
</chrome:packages>
</RDF:Description>
</RDF:RDF>

24
security/manager/ssl/resources/locale/en-US/pipnss.properties Normal file
Просмотреть файл

@ -0,0 +1,24 @@
#
# The contents of this file are subject to the Netscape Public
# License Version 1.1 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of
# the License at http://www.mozilla.org/NPL/
#
# Software distributed under the License is distributed on an "AS
# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
# implied. See the License for the specific language governing
# rights and limitations under the License.
#
# The Original Code is mozilla.org code.
#
# The Initial Developer of the Original Code is Netscape
# Communications Corporation. Portions created by Netscape are
# Copyright (C) 1998 Netscape Communications Corporation. All
# Rights Reserved.
#
# Contributor(s):
#
SignedBy=Signed By %S
CertPassPrompt=Please enter the Personal Security Password for the PSM Private Keys security device.

97
security/manager/ssl/src/nsNSSCallbacks.cpp
Просмотреть файл

@ -22,11 +22,106 @@
*/
#include "nsNSSCallbacks.h"
#include "nsNSSIOLayer.h" // for nsNSSSocketInfo
#include "nsIWebProgressListener.h"
#include "nsIStringBundle.h"
#include "nsXPIDLString.h"
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "nsReadableUtils.h"
#include "nsINetSupportDialogService.h"
#include "nsIPrompt.h"
#include "nsProxiedService.h"
#include "ssl.h"
#include "cert.h"
static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID);
#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) {
nsresult rv = NS_OK;
PRUnichar *password = nsnull;
PRBool value = PR_FALSE;
return NULL;
if (retry)
return nsnull;
NS_WITH_PROXIED_SERVICE(nsIPrompt, dialog, kNetSupportDialogCID,
NS_UI_THREAD_EVENTQ, &rv);
if (NS_FAILED(rv)) return nsnull;
nsXPIDLString promptStr;
nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
if (NS_FAILED(rv) || !bundleService) return nsnull;
nsCOMPtr<nsIStringBundle> bundle;
bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL, nsnull,
getter_AddRefs(bundle));
if (!bundle) return nsnull;
bundle->GetStringFromName(NS_LITERAL_STRING("CertPassPrompt"),
getter_Copies(promptStr));
rv = dialog->PromptPassword(nsnull, promptStr,
NS_LITERAL_STRING(" "),
nsIPrompt::SAVE_PASSWORD_NEVER,
&password, &value);
if (NS_SUCCEEDED(rv) && value) {
char* str = nsString(password).ToNewCString();
Recycle(password);
return str;
}
return nsnull;
}
void HandshakeCallback(PRFileDesc* fd, void* client_data) {
PRInt32 sslStatus;
char* signer = nsnull;
nsresult rv;
if (SECSuccess == SSL_SecurityStatus(fd, &sslStatus, nsnull, nsnull,
nsnull, &signer, nsnull))
{
PRInt32 secStatus;
if (sslStatus == SSL_SECURITY_STATUS_OFF)
secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
else
secStatus = nsIWebProgressListener::STATE_IS_SECURE;
CERTName* certName = CERT_AsciiToName(signer);
char* caName = CERT_GetOrgName(certName);
// If the CA name is RSA Data Security, then change the name to the real
// name of the company i.e. VeriSign, Inc.
if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
PR_Free(caName);
caName = PL_strdup("Verisign, Inc.");
}
nsXPIDLString shortDesc;
nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
if (NS_SUCCEEDED(rv) && bundleService) {
nsCOMPtr<nsIStringBundle> bundle;
bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL, nsnull,
getter_AddRefs(bundle));
const PRUnichar* formatStrings[1] = { ToNewUnicode(nsLiteralCString(caName)) };
rv = bundle->FormatStringFromName(NS_LITERAL_STRING("SignedBy"),
formatStrings, 1,
getter_Copies(shortDesc));
nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));
}
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
infoObject->SetSecurityState(secStatus);
infoObject->SetShortSecurityDescription((const PRUnichar*)shortDesc);
PR_Free(caName);
CERT_DestroyName(certName);
PR_Free(signer);
}
}

4
security/manager/ssl/src/nsNSSCallbacks.h
Просмотреть файл

@ -28,7 +28,9 @@
#include "nspr.h"
char* PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
void HandshakeCallback(PRFileDesc *fd, void *client_data);
#endif // _NSNSSCALLBACKS_H_
#endif

107
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -24,51 +24,28 @@
* Brian Ryner <bryner@netscape.com>
*/
#include "nsProxiedService.h"
#include "VerReg.h"
#include "nspr.h"
#include "nsNSSComponent.h"
#include "nsNSSCallbacks.h"
#include "nsCRT.h"
#include "nsNetUtil.h"
#include "nsIURI.h"
#include "nsIChannel.h"
#include "nsIInputStream.h"
#include "nsIStreamListener.h"
#include "nsIPref.h"
#include "nsIProfile.h"
#include "nsILocalFile.h"
#include "nsAppDirectoryServiceDefs.h"
#include "nsDirectoryService.h"
#include "nsIStreamListener.h"
#include "prlog.h"
#include "nss.h"
#include "pk11func.h"
#include "ssl.h"
#include "sslproto.h"
#include "nsISecureBrowserUI.h"
#include "nsIDocumentLoaderObserver.h"
#include "nsIScriptSecurityManager.h"
#include "nsICertificatePrincipal.h"
#include "nsIProtocolProxyService.h"
#ifdef PR_LOGGING
PRLogModuleInfo* gPIPNSSLog = nsnull;
#endif
//#define DEBUG_SSL
static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
static NS_DEFINE_CID(kProfileCID, NS_PROFILE_CID);
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
static NS_DEFINE_CID(kProtocolProxyServiceCID, NS_PROTOCOLPROXYSERVICE_CID);
nsNSSComponent* nsNSSComponent::mInstance = nsnull;
nsNSSComponent::nsNSSComponent()
{
NS_INIT_REFCNT();
NS_INIT_ISUPPORTS();
}
nsNSSComponent::~nsNSSComponent()
@ -76,41 +53,22 @@ nsNSSComponent::~nsNSSComponent()
}
NS_IMETHODIMP
nsNSSComponent::CreateNSSComponent(nsISupports* aOuter, REFNSIID aIID,
void **aResult)
nsNSSComponent::Init()
{
if (!aResult) {
return NS_ERROR_INVALID_POINTER;
}
if (aOuter) {
*aResult = nsnull;
return NS_ERROR_NO_AGGREGATION;
}
if (mInstance == nsnull) {
mInstance = new nsNSSComponent();
}
if (mInstance == nsnull)
return NS_ERROR_OUT_OF_MEMORY;
nsresult rv = mInstance->QueryInterface(aIID, aResult);
if (NS_FAILED(rv)) {
*aResult = nsnull;
return rv;
}
#ifdef DEBUG_SSL
printf("NSS: **** Beginning NSS initialization\n");
#ifdef PR_LOGGING
if (!gPIPNSSLog)
gPIPNSSLog = PR_NewLogModule("pipnss");
#endif
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Beginning NSS initialization\n"));
nsXPIDLCString profileStr;
nsCOMPtr<nsIFile> profilePath;
rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
getter_AddRefs(profilePath));
nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
getter_AddRefs(profilePath));
if (NS_FAILED(rv)) {
printf("NSS: Unable to get profile directory\n");
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to get profile directory\n"));
return rv;
}
@ -121,14 +79,14 @@ nsNSSComponent::CreateNSSComponent(nsISupports* aOuter, REFNSIID aIID,
NSS_InitReadWrite(profileStr);
NSS_SetDomesticPolicy();
// SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
SSL_EnableDefault(SSL_ENABLE_SSL2, PR_TRUE);
SSL_EnableDefault(SSL_ENABLE_SSL3, PR_TRUE);
SSL_EnableDefault(SSL_ENABLE_TLS, PR_TRUE);
#ifdef DEBUG_SSL
printf("NSS: NSS Initialized\n");
#endif
// XXX should use prefs
SSL_OptionSetDefault(SSL_ENABLE_SSL2, PR_TRUE);
SSL_OptionSetDefault(SSL_ENABLE_SSL3, PR_TRUE);
SSL_OptionSetDefault(SSL_ENABLE_TLS, PR_TRUE);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
return rv;
}
@ -139,13 +97,6 @@ NS_IMPL_THREADSAFE_ISUPPORTS3(nsNSSComponent,
nsISignatureVerifier);
#define INIT_NUM_PREFS 100
/* preference types */
#define STRING_PREF 0
#define BOOL_PREF 1
#define INT_PREF 2
NS_IMETHODIMP
nsNSSComponent::DisplaySecurityAdvisor()
{
@ -171,10 +122,10 @@ protected:
CertDownloader::CertDownloader(PRInt32 type)
: mByteData(nsnull),
mType(type)
{
NS_INIT_REFCNT();
mByteData = nsnull;
mType = type;
NS_INIT_ISUPPORTS();
}
CertDownloader::~CertDownloader()
@ -183,8 +134,7 @@ CertDownloader::~CertDownloader()
nsMemory::Free(mByteData);
}
NS_IMPL_ISUPPORTS(CertDownloader,NS_GET_IID(nsIStreamListener));
NS_IMPL_ISUPPORTS1(CertDownloader, nsIStreamListener);
NS_IMETHODIMP
CertDownloader::OnStartRequest(nsIChannel* channel, nsISupports* context)
@ -328,7 +278,8 @@ nsNSSComponent::CreatePrincipalFromSignature(const char* aRSABuf,
NS_IMETHODIMP
nsNSSComponent::GetPassword(char **aRet)
{
// We currently don't use a password
// This functionality is only used in wallet.
// This interface can go away once we get rid of PSM 1.x.
*aRet = nsnull;
return NS_OK;
}

25
security/manager/ssl/src/nsNSSComponent.h
Просмотреть файл

@ -23,12 +23,11 @@
* Brian Ryner <bryner@netscape.com>
*/
#include "nscore.h"
//#include "nsINSSComponent.h"
#ifndef _nsNSSComponent_h_
#define _nsNSSComponent_h_
#include "nsISecurityManagerComponent.h"
#include "nsISignatureVerifier.h"
#include "nsIStringBundle.h"
#include "nsIContentHandler.h"
#define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties"
@ -42,22 +41,16 @@ class nsNSSComponent : public nsISecurityManagerComponent,
public nsISignatureVerifier
{
public:
NS_DEFINE_STATIC_CID_ACCESSOR(NS_NSSCOMPONENT_CID);
nsNSSComponent();
virtual ~nsNSSComponent();
NS_DECL_ISUPPORTS
NS_DECL_NSISECURITYMANAGERCOMPONENT
// NS_DECL_NSINSSCOMPONENT
NS_DECL_NSICONTENTHANDLER
NS_DECL_NSISIGNATUREVERIFIER
static NS_METHOD CreateNSSComponent(nsISupports* aOuter, REFNSIID aIID,
void **aResult);
private:
nsCOMPtr<nsISupports> mSecureBrowserUI;
static nsNSSComponent* mInstance;
NS_METHOD Init();
};
#endif // _nsNSSComponent_h_

152
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -21,17 +21,17 @@
* Brian Ryner <bryner@netscape.com>
*/
#include "nspr.h"
#include "nsString.h"
#include "nsISecurityManagerComponent.h"
#include "nsISecureSocketInfo.h"
#include "nsIServiceManager.h"
#include "nsNSSIOLayer.h"
#include "nsNSSCallbacks.h"
#include "nsString.h"
#include "prlog.h"
#include "nsISecurityManagerComponent.h"
#include "nsIServiceManager.h"
#include "nsIWebProgressListener.h"
#include "ssl.h"
//#define DEBUG_SSL
//#define DEBUG_SSL_VERBOSE
static nsISecurityManagerComponent* gNSSService = nsnull;
@ -39,47 +39,25 @@ static PRBool firstTime = PR_TRUE;
static PRDescIdentity nsSSLIOLayerIdentity;
static PRIOMethods nsSSLIOLayerMethods;
class nsNSSSocketInfo : public nsISecureSocketInfo
{
public:
nsNSSSocketInfo();
virtual ~nsNSSSocketInfo();
NS_DECL_ISUPPORTS
NS_DECL_NSISECURESOCKETINFO
nsresult SetHostName(const char *aHostName);
nsresult SetProxyName(const char *aName);
nsresult SetHostPort(PRInt32 aPort);
nsresult SetProxyPort(PRInt32 aPort);
nsresult SetUseTLS(PRBool useTLS);
nsresult GetUseTLS(PRBool *useTLS);
protected:
nsString mHostName;
PRInt32 mHostPort;
nsString mProxyName;
PRInt32 mProxyPort;
PRBool mForceHandshake;
PRBool mUseTLS;
};
#ifdef PR_LOGGING
extern PRLogModuleInfo* gPIPNSSLog;
#endif
nsNSSSocketInfo::nsNSSSocketInfo()
: mSecurityState(nsIWebProgressListener::STATE_IS_INSECURE),
mForceHandshake(PR_FALSE),
mUseTLS(PR_FALSE)
{
NS_INIT_REFCNT();
mForceHandshake = PR_FALSE;
mUseTLS = PR_FALSE;
NS_INIT_ISUPPORTS();
}
nsNSSSocketInfo::~nsNSSSocketInfo()
{
}
NS_IMPL_THREADSAFE_ISUPPORTS1(nsNSSSocketInfo, nsISecureSocketInfo)
NS_IMPL_THREADSAFE_ISUPPORTS2(nsNSSSocketInfo,
nsIChannelSecurityInfo,
nsISSLSocketControl)
NS_IMETHODIMP
nsNSSSocketInfo::GetHostName(char * *aHostName)
@ -147,6 +125,35 @@ nsNSSSocketInfo::SetProxyPort(PRInt32 aPort)
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetSecurityState(PRInt32* state)
{
*state = mSecurityState;
return NS_OK;
}
nsresult
nsNSSSocketInfo::SetSecurityState(PRInt32 aState)
{
mSecurityState = aState;
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetShortSecurityDescription(PRUnichar** aText) {
if (mShortDesc.IsEmpty())
*aText = nsnull;
else
*aText = mShortDesc.ToNewUnicode();
return NS_OK;
}
nsresult
nsNSSSocketInfo::SetShortSecurityDescription(const PRUnichar* aText) {
mShortDesc.Assign(aText);
return NS_OK;
}
NS_IMETHODIMP
nsNSSSocketInfo::GetForceHandshake(PRBool* forceHandshake)
{
@ -191,7 +198,7 @@ static PRStatus PR_CALLBACK
nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
PRIntervalTime timeout)
{
if (!fd || !addr)
if (!fd || !fd->lower)
return PR_FAILURE;
PRStatus status = PR_SUCCESS;
@ -213,26 +220,24 @@ nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
status = fd->lower->methods->connect(fd->lower, addr,
PR_INTERVAL_NO_TIMEOUT);
if (status != PR_SUCCESS) {
printf("NSS: [%p] lower layer connect error: %d\n", (void*)fd,
PR_GetError());
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] Lower layer connect error: %d\n",
(void*)fd, PR_GetError()));
goto loser;
}
PRBool forceHandshake, useTLS;
infoObject->GetForceHandshake(&forceHandshake);
infoObject->GetUseTLS(&useTLS);
#ifdef DEBUG_SSL
printf("NSS: [%p] Connect: forceHandshake = %d, useTLS = %d\n", (void*)fd,
forceHandshake, useTLS);
#endif
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%p] Connect: forceHandshake = %d, useTLS = %d\n",
(void*)fd, forceHandshake, useTLS));
if (!useTLS && forceHandshake) {
PRInt32 res = SSL_ForceHandshake(fd);
if (res == -1) {
printf("NSS: [%p] ForceHandshake failure -- error %d\n", (void*)fd,
PR_GetError());
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("[%p] ForceHandshake failure -- error %d\n",
(void*)fd, PR_GetError()));
status = PR_FAILURE;
}
}
@ -251,9 +256,7 @@ nsSSLIOLayerClose(PRFileDesc *fd)
if (!fd)
return PR_FAILURE;
#ifdef DEBUG_SSL
printf("NSS: [%p] Shutting down socket\n", (void*)fd);
#endif
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%p] Shutting down socket\n", (void*)fd));
PRFileDesc* popped = PR_PopIOLayer(fd, PR_TOP_IO_LAYER);
PRStatus status = fd->methods->close(fd);
@ -266,36 +269,32 @@ nsSSLIOLayerClose(PRFileDesc *fd)
return status;
}
#ifdef DEBUG_SSL_VERBOSE
static PRInt32 PR_CALLBACK
nsSSLIOLayerRead(PRFileDesc* fd, void* buf, PRInt32 amount)
{
if (!fd || !buf)
if (!fd || !fd->lower)
return PR_FAILURE;
#ifdef DEBUG_SSL_VERBOSE
PRInt32 bytesRead = fd->lower->methods->read(fd->lower, buf, amount);
printf("NSS: [%p] read %d bytes:\n%s\n", (void*)fd, bytesRead, buf);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%p] read %d bytes\n", (void*)fd, bytesRead));
return bytesRead;
#else
return fd->lower->methods->read(fd->lower, buf, amount);
#endif
}
static PRInt32 PR_CALLBACK
nsSSLIOLayerWrite(PRFileDesc* fd, const void* buf, PRInt32 amount)
{
if (!fd || !buf)
if (!fd || !fd->lower)
return PR_FAILURE;
#ifdef DEBUG_SSL_VERBOSE
PRInt32 bytesWritten = fd->lower->methods->write(fd->lower, buf, amount);
printf("NSS: [%p] wrote %d bytes:\n%s\n", (void*)fd, bytesWritten, buf);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%p] wrote %d bytes\n", (void*)fd, bytesWritten));
return bytesWritten;
#else
return fd->lower->methods->write(fd->lower, buf, amount);
#endif
}
#endif // DEBUG_SSL_VERBOSE
nsresult InitNSSMethods()
{
nsSSLIOLayerIdentity = PR_GetUniqueIdentity("NSS layer");
@ -303,8 +302,11 @@ nsresult InitNSSMethods()
nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect;
nsSSLIOLayerMethods.close = nsSSLIOLayerClose;
#ifdef DEBUG_SSL_VERBOSE
nsSSLIOLayerMethods.read = nsSSLIOLayerRead;
nsSSLIOLayerMethods.write = nsSSLIOLayerWrite;
#endif
nsresult rv;
/* This performs NSS initialization for us */
@ -359,14 +361,17 @@ nsSSLIOLayerAddToSocket(const char* host,
firstTime = PR_FALSE;
}
PRFileDesc* sslSock = SSL_ImportFD(NULL, fd);
PRFileDesc* sslSock = SSL_ImportFD(nsnull, fd);
if (!sslSock) {
NS_ASSERTION(PR_FALSE, "NSS: Error importing socket");
return NS_ERROR_FAILURE;
}
SSL_SetPKCS11PinArg(sslSock, NULL);
SSL_SetPKCS11PinArg(sslSock, nsnull);
SSL_HandshakeCallback(sslSock, HandshakeCallback, nsnull);
SSL_GetClientAuthDataHook(sslSock, (SSLGetClientAuthData)NSS_GetClientAuthData,
nsnull);
PRInt32 ret = SSL_SetURL(sslSock, host);
if (ret == -1) {
NS_ASSERTION(PR_FALSE, "NSS: Error setting server name");
@ -399,13 +404,8 @@ nsSSLIOLayerAddToSocket(const char* host,
return NS_ERROR_FAILURE;
}
#ifdef DEBUG_SSL
printf("NSS: [%p] Socket set up\n", (void*)sslSock);
#endif
*info = infoObject;
NS_ADDREF(*info);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("[%p] Socket set up\n", (void*)sslSock));
infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**) (info));
return NS_OK;
}

39
security/manager/ssl/src/nsNSSIOLayer.h
Просмотреть файл

@ -26,6 +26,45 @@
#include "prtypes.h"
#include "prio.h"
#include "nsIChannelSecurityInfo.h"
#include "nsISSLSocketControl.h"
#include "nsString.h"
class nsNSSSocketInfo : public nsIChannelSecurityInfo,
public nsISSLSocketControl
{
public:
nsNSSSocketInfo();
virtual ~nsNSSSocketInfo();
NS_DECL_ISUPPORTS
NS_DECL_NSICHANNELSECURITYINFO
NS_DECL_NSISSLSOCKETCONTROL
nsresult SetHostName(const char *aHostName);
nsresult SetProxyName(const char *aName);
nsresult SetHostPort(PRInt32 aPort);
nsresult SetProxyPort(PRInt32 aPort);
nsresult SetSecurityState(PRInt32 aState);
nsresult SetShortSecurityDescription(const PRUnichar *aText);
nsresult SetUseTLS(PRBool useTLS);
nsresult GetUseTLS(PRBool *useTLS);
protected:
nsString mHostName;
PRInt32 mHostPort;
nsString mProxyName;
PRInt32 mProxyPort;
PRInt32 mSecurityState;
nsString mShortDesc;
PRBool mForceHandshake;
PRBool mUseTLS;
};
nsresult nsSSLIOLayerNewSocket(const char *host,
PRInt32 port,

74
security/manager/ssl/src/nsNSSModule.cpp
Просмотреть файл

@ -26,33 +26,17 @@
#include "nsIModule.h"
#include "nsIGenericFactory.h"
//#include "nsPSMUICallbacks.h"
#include "nsNSSComponent.h"
#include "nsISecureBrowserUI.h"
#include "nsSecureBrowserUIImpl.h"
#include "nsSSLSocketProvider.h"
#include "nsTLSSocketProvider.h"
//#include "nsSDR.h"
//#include "nsFSDR.h"
//#include "nsCrypto.h"
//#include "nsKeygenHandler.h"
//For the NS_CRYPTO_CONTRACTID define
#include "nsDOMCID.h"
#include "nsCURILoader.h"
#include "nsISupportsUtils.h"
// Define SDR object constructor
//static NS_DEFINE_IID(kISupportsIID, NS_ISUPPORTS_IID);
//static NS_DEFINE_IID(kFormProcessorCID, NS_IFORMPROCESSOR_CID);
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecretDecoderRing, init)
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsFSecretDecoderRing, init)
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCrypto, init)
//NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsPkcs11, init)
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider)
static nsModuleComponentInfo components[] =
{
@ -60,101 +44,71 @@ static nsModuleComponentInfo components[] =
PSM_COMPONENT_CLASSNAME,
NS_NSSCOMPONENT_CID,
PSM_COMPONENT_CONTRACTID,
nsNSSComponent::CreateNSSComponent
nsNSSComponentConstructor
},
{
"NSS Content Handler - application/x-x509-ca-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-ca-cert",
nsNSSComponent::CreateNSSComponent
nsNSSComponentConstructor
},
{
"NSS Content Handler - application/x-x509-server-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-server-cert",
nsNSSComponent::CreateNSSComponent
nsNSSComponentConstructor
},
{
"NSS Content Handler - application/x-x509-user-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-user-cert",
nsNSSComponent::CreateNSSComponent
nsNSSComponentConstructor
},
{
"NSS Content Handler - application/x-x509-email-cert",
NS_NSSCOMPONENT_CID,
NS_CONTENT_HANDLER_CONTRACTID_PREFIX"application/x-x509-email-cert",
nsNSSComponent::CreateNSSComponent
nsNSSComponentConstructor
},
{
NS_SECURE_BROWSER_UI_CLASSNAME,
NS_SECURE_BROWSER_UI_CID,
NS_SECURE_BROWSER_UI_CONTRACTID,
nsSecureBrowserUIImpl::Create
nsSecureBrowserUIImplConstructor
},
{
NS_SECURE_BROWSER_DOCOBSERVER_CLASSNAME,
NS_SECURE_BROWSER_DOCOBSERVER_CID,
NS_SECURE_BROWSER_DOCOBSERVER_CONTRACTID,
nsSecureBrowserUIImpl::Create
nsSecureBrowserUIImplConstructor
},
{
NS_ISSLSOCKETPROVIDER_CLASSNAME,
NS_SSLSOCKETPROVIDER_CID,
NS_ISSLSOCKETPROVIDER_CONTRACTID,
nsSSLSocketProvider::Create
nsSSLSocketProviderConstructor
},
{
NS_TLSSOCKETPROVIDER_CLASSNAME,
NS_TLSSOCKETPROVIDER_CID,
NS_TLSSOCKETPROVIDER_CONTRACTID,
nsTLSSocketProvider::Create
nsTLSSocketProviderConstructor
},
{
NS_ISSLFHSOCKETPROVIDER_CLASSNAME,
NS_SSLSOCKETPROVIDER_CID,
NS_ISSLFHSOCKETPROVIDER_CONTRACTID,
nsSSLSocketProvider::Create
nsSSLSocketProviderConstructor
},
#if 0
{
NS_SDR_CLASSNAME,
NS_SDR_CID,
NS_SDR_CONTRACTID,
nsSecretDecoderRingConstructor
},
{
NS_FSDR_CLASSNAME,
NS_FSDR_CID,
NS_FSDR_CONTRACTID,
nsFSecretDecoderRingConstructor
},
{
NS_CRYPTO_CLASSNAME,
NS_CRYPTO_CID,
NS_CRYPTO_CONTRACTID,
nsCryptoConstructor
},
{
NS_PKCS11_CLASSNAME,
NS_PKCS11_CID,
NS_PKCS11_CONTRACTID,
nsPkcs11Constructor
}
#endif
};
NS_IMPL_NSGETMODULE("NSS", components);

40
security/manager/ssl/src/nsSSLSocketProvider.cpp
Просмотреть файл

@ -21,21 +21,12 @@
* Brian Ryner <bryner@netscape.com>
*/
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsSSLSocketProvider.h"
#include "nsNSSIOLayer.h"
nsSSLSocketProvider::nsSSLSocketProvider()
{
NS_INIT_REFCNT();
}
nsresult
nsSSLSocketProvider::Init()
{
nsresult rv = NS_OK;
return rv;
NS_INIT_ISUPPORTS();
}
nsSSLSocketProvider::~nsSSLSocketProvider()
@ -45,35 +36,6 @@ nsSSLSocketProvider::~nsSSLSocketProvider()
NS_IMPL_THREADSAFE_ISUPPORTS2(nsSSLSocketProvider, nsISocketProvider,
nsISSLSocketProvider);
NS_METHOD
nsSSLSocketProvider::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult)
{
nsresult rv;
nsSSLSocketProvider* inst;
if (!aResult) {
rv = NS_ERROR_NULL_POINTER;
return rv;
}
*aResult = nsnull;
if (aOuter) {
rv = NS_ERROR_NO_AGGREGATION;
return rv;
}
NS_NEWXPCOM(inst, nsSSLSocketProvider);
if (!inst) {
rv = NS_ERROR_OUT_OF_MEMORY;
return rv;
}
NS_ADDREF(inst);
rv = inst->QueryInterface(aIID, aResult);
NS_RELEASE(inst);
return rv;
}
NS_IMETHODIMP
nsSSLSocketProvider::NewSocket(const char *host,
PRInt32 port,

6
security/manager/ssl/src/nsSSLSocketProvider.h
Просмотреть файл

@ -41,12 +41,6 @@ public:
// nsSSLSocketProvider methods:
nsSSLSocketProvider();
virtual ~nsSSLSocketProvider();
static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
nsresult Init();
protected:
};
#endif /* _NSSSLSOCKETPROVIDER_H_ */

444
security/manager/ssl/src/nsSecureBrowserUIImpl.cpp
Просмотреть файл

@ -50,7 +50,7 @@
#include "nsIContent.h"
#include "nsIWebProgress.h"
#include "nsIChannel.h"
#include "nsISecureSocketInfo.h"
#include "nsIChannelSecurityInfo.h"
#include "nsIURI.h"
@ -60,13 +60,11 @@
#include "nsINetSupportDialogService.h"
#include "nsIPrompt.h"
#include "nsICommonDialogs.h"
#include "nsIPref.h"
#include "nsIFormSubmitObserver.h"
static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
static NS_DEFINE_CID(kCommonDialogsCID, NS_CommonDialog_CID );
static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
#define ENTER_SITE_PREF "security.warn_entering_secure"
@ -74,9 +72,6 @@ static NS_DEFINE_CID(kPrefCID, NS_PREF_CID);
#define MIXEDCONTENT_PREF "security.warn_viewing_mixed"
#define INSECURE_SUBMIT_PREF "security.warn_submit_insecure"
#define CERT_PREFIX_STR "Signed by "
#define CERT_PREFIX_STR_LENGTH 10
#if defined(PR_LOGGING)
//
// Log module for nsSecureBroswerUI logging...
@ -93,55 +88,20 @@ PRLogModuleInfo* gSecureDocLog = nsnull;
#endif /* PR_LOGGING */
NS_IMETHODIMP
nsSecureBrowserUIImpl::Create(nsISupports *aOuter, REFNSIID aIID,
void **aResult)
{
nsresult rv;
nsSecureBrowserUIImpl * inst;
if (!aResult) {
rv = NS_ERROR_NULL_POINTER;
return rv;
}
*aResult = NULL;
if (aOuter) {
rv = NS_ERROR_NO_AGGREGATION;
return rv;
}
NS_NEWXPCOM(inst, nsSecureBrowserUIImpl);
if (!inst) {
rv = NS_ERROR_OUT_OF_MEMORY;
return rv;
}
NS_ADDREF(inst);
rv = inst->QueryInterface(aIID, aResult);
NS_RELEASE(inst);
return rv;
}
nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
: mMixContentAlertShown(PR_FALSE),
mSecurityState(STATE_IS_INSECURE)
{
NS_INIT_REFCNT();
NS_INIT_ISUPPORTS();
#if defined(PR_LOGGING)
if (!gSecureDocLog) {
if (!gSecureDocLog)
gSecureDocLog = PR_NewLogModule("nsSecureBrowserUI");
}
#endif /* PR_LOGGING */
mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
mLastPSMStatus = nsnull;
mCurrentURI = nsnull;
mSecurityButton = nsnull;
}
nsSecureBrowserUIImpl::~nsSecureBrowserUIImpl()
{
PR_FREEIF(mLastPSMStatus);
}
NS_IMPL_ISUPPORTS4(nsSecureBrowserUIImpl,
@ -155,58 +115,49 @@ NS_IMETHODIMP
nsSecureBrowserUIImpl::Init(nsIDOMWindowInternal *window,
nsIDOMElement *button)
{
nsresult rv = NS_OK;
mSecurityButton = button;
mWindow = window;
nsresult rv = nsServiceManager::GetService(kPrefCID,
NS_GET_IID(nsIPref),
getter_AddRefs(mPref));
mPref = do_GetService(kPrefCID, &rv);
if (NS_FAILED(rv)) return rv;
nsCOMPtr<nsIStringBundleService> service(do_GetService(kCStringBundleServiceCID, &rv));
if (NS_FAILED(rv)) return rv;
NS_WITH_SERVICE(nsIStringBundleService, service, kCStringBundleServiceCID,
&rv);
if (NS_FAILED(rv)) return rv;
nsILocale* locale = nsnull;
rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL, locale,
rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL, nsnull,
getter_AddRefs(mStringBundle));
if (NS_FAILED(rv)) return rv;
// hook up to the form post notifications:
nsIObserverService *svc = nsnull;
rv = nsServiceManager::GetService(NS_OBSERVERSERVICE_CONTRACTID,
NS_GET_IID(nsIObserverService),
(nsISupports**)&svc);
if (NS_SUCCEEDED(rv) && svc) {
nsString topic; topic.AssignWithConversion(NS_FORMSUBMIT_SUBJECT);
rv = svc->AddObserver(this, topic.GetUnicode());
nsServiceManager::ReleaseService(NS_OBSERVERSERVICE_CONTRACTID, svc);
nsCOMPtr<nsIObserverService> svc(do_GetService(NS_OBSERVERSERVICE_CONTRACTID, &rv));
if (NS_SUCCEEDED(rv)) {
rv = svc->AddObserver(this, NS_ConvertASCIItoUCS2(NS_FORMSUBMIT_SUBJECT).get());
}
// hook up to the webprogress notifications.
nsCOMPtr<nsIScriptGlobalObject> sgo(do_QueryInterface(window));
if (!sgo) return NS_ERROR_FAILURE;
nsCOMPtr<nsIDocShell> docShell;
nsCOMPtr<nsIScriptGlobalObject> sgo = do_QueryInterface(window);
if (!sgo) return NS_ERROR_NULL_POINTER;
sgo->GetDocShell(getter_AddRefs(docShell));
if (!docShell) return NS_ERROR_NULL_POINTER;
if (!docShell) return NS_ERROR_FAILURE;
nsCOMPtr<nsIWebProgress> wp = do_GetInterface(docShell);
if (!wp) return NS_ERROR_NULL_POINTER;
nsCOMPtr<nsIWebProgress> wp(do_GetInterface(docShell));
if (!wp) return NS_ERROR_FAILURE;
wp->AddProgressListener(NS_STATIC_CAST(nsIWebProgressListener*,this));
mInitByLocationChange = PR_TRUE;
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::DisplayPageInfoUI()
{
nsresult res;
NS_WITH_SERVICE(nsISecurityManagerComponent, psm, PSM_COMPONENT_CONTRACTID,
&res);
#if 0
nsresult res = NS_OK;
nsCOMPtr<nsISecurityManagerComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID,
&res));
if (NS_FAILED(res))
return res;
@ -215,6 +166,7 @@ nsSecureBrowserUIImpl::DisplayPageInfoUI()
mCurrentURI->GetHost(getter_Copies(host));
// return psm->DisplayPSMAdvisor(mLastPSMStatus, host);
#endif
return NS_ERROR_NOT_IMPLEMENTED;
}
@ -245,6 +197,35 @@ static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child,
return NS_OK;
}
static PRInt16 GetSecurityStateFromChannel(nsIChannel* aChannel)
{
nsresult res;
PRInt32 securityState;
// qi for the psm information about this channel load.
nsCOMPtr<nsISupports> info;
aChannel->GetSecurityInfo(getter_AddRefs(info));
nsCOMPtr<nsIChannelSecurityInfo> psmInfo(do_QueryInterface(info));
if (!psmInfo) {
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - no nsIChannelSecurityInfo for %p\n",
aChannel, (nsISupports *)info));
return nsIWebProgressListener::STATE_IS_INSECURE;
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - info is %p\n", aChannel,
(nsISupports *)info));
res = psmInfo->GetSecurityState(&securityState);
if (!NS_SUCCEEDED(res)) {
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - GetSecurityState failed: %d\n",
aChannel, res));
securityState = nsIWebProgressListener::STATE_IS_BROKEN;
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - Returning %d\n", aChannel,
securityState));
return securityState;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
@ -253,9 +234,8 @@ nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
{
// Return NS_OK unless we want to prevent this form from submitting.
*cancelSubmit = PR_FALSE;
if (!window || !actionURL || !formNode) {
if (!window || !actionURL || !formNode)
return NS_OK;
}
nsCOMPtr<nsIDocument> document;
formNode->GetDocument(*getter_AddRefs(document));
@ -263,7 +243,7 @@ nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
nsCOMPtr<nsIScriptGlobalObject> globalObject;
document->GetScriptGlobalObject(getter_AddRefs(globalObject));
nsCOMPtr<nsIDOMWindowInternal> postingWindow = do_QueryInterface(globalObject);
nsCOMPtr<nsIDOMWindowInternal> postingWindow(do_QueryInterface(globalObject));
PRBool isChild;
IsChildOfDomWindow(mWindow, postingWindow, &isChild);
@ -301,12 +281,12 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
{
nsresult res = NS_OK;
if (aRequest == nsnull || !mPref)
if (!aRequest || !mPref)
return NS_ERROR_NULL_POINTER;
// Get the channel from the request...
// If the request is not network based, then ignore it.
nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest, &res);
nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest, &res));
if (NS_FAILED(res))
return NS_OK;
@ -316,11 +296,10 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
if (requestor)
eventSink = do_GetInterface(requestor);
nsCOMPtr<nsIURI> loadingURI;
channel->GetURI(getter_AddRefs(loadingURI));
NS_ASSERTION(NS_SUCCEEDED(res),"GetURI failed");
#if defined(DEBUG)
nsCOMPtr<nsIURI> loadingURI;
res = channel->GetURI(getter_AddRefs(loadingURI));
NS_ASSERTION(NS_SUCCEEDED(res), "GetURI failed");
if (loadingURI) {
nsXPIDLCString temp;
loadingURI->GetSpec(getter_Copies(temp));
@ -331,46 +310,31 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
#endif
// A Document is starting to load...
if ((aProgressStateFlags & STATE_START) &&
(aProgressStateFlags & STATE_IS_NETWORK)) {
if ((aProgressStateFlags & (STATE_TRANSFERRING|STATE_REDIRECTING)) &&
(aProgressStateFlags & STATE_IS_DOCUMENT)) {
// starting to load a webpage
PR_FREEIF(mLastPSMStatus); mLastPSMStatus = nsnull;
mIsSecureDocument = mMixContentAlertShown = mIsDocumentBroken = PR_FALSE;
if (mSecurityButton)
mSecurityButton->RemoveAttribute(NS_ConvertASCIItoUCS2("level"));
if (eventSink)
eventSink->OnSecurityChange(aRequest, STATE_IS_INSECURE);
res = CheckProtocolContextSwitch(eventSink, aRequest, loadingURI,
mCurrentURI);
return res;
mMixContentAlertShown = PR_FALSE;
return CheckProtocolContextSwitch(eventSink, aRequest, channel);
}
// A document has finished loading
if ((aProgressStateFlags & STATE_STOP) &&
(aProgressStateFlags & STATE_IS_NETWORK) &&
mIsSecureDocument) {
if (!mIsDocumentBroken) { // and status is okay FIX
// qi for the psm information about this channel load.
nsCOMPtr<nsISupports> info;
channel->GetSecurityInfo(getter_AddRefs(info));
nsCOMPtr<nsISecureSocketInfo> secInfo = do_QueryInterface(info);
if (secInfo) {
// Everything looks okay. Lets stash the picked status.
PR_FREEIF(mLastPSMStatus);
// res = psmInfo->GetPickledStatus(&mLastPSMStatus);
// XXX figure out exactly what should be going on here
res = NS_OK;
if (NS_SUCCEEDED(res)) {
PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
("SecureUI:%p: Icon set to lock\n", this));
(mSecurityState == STATE_IS_SECURE ||
mSecurityState == STATE_IS_BROKEN))
{
if (mSecurityState == STATE_IS_SECURE) {
// XXX Shouldn't we do this even if the state is broken?
// XXX Shouldn't we grab the pickled status at STATE_NET_TRANSFERRING?
if (GetSecurityStateFromChannel(channel) == STATE_IS_SECURE) {
// Everything looks okay.
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to lock\n", this));
if (mSecurityButton)
res = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("level"),
NS_ConvertASCIItoUCS2("high"));
res = mSecurityButton->SetAttribute(NS_LITERAL_STRING("level"),
NS_LITERAL_STRING("high"));
if (eventSink)
eventSink->OnSecurityChange(aRequest, (STATE_IS_SECURE));
@ -378,95 +342,45 @@ nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
if (!mSecurityButton)
return res;
// Do we really need to look at res here?
// What happens if there's an error?
// Do we really need to look at res here? What happens if there's an error?
// We should still set the certificate authority display.
#if 0
// XXX implement cert signer tooltip
CMTItem caName;
CMT_CONTROL *control;
CMTItem pickledResource = {0, NULL, 0};
CMUint32 socketStatus = 0;
pickledResource.len = *(int*)(mLastPSMStatus);
pickledResource.data = NS_REINTERPRET_POINTER_CAST(unsigned char*, nsMemory::Alloc(SSMSTRING_PADDED_LENGTH(pickledResource.len)));
if (!pickledResource.data) return NS_ERROR_FAILURE;
memcpy(pickledResource.data, mLastPSMStatus+sizeof(int),
pickledResource.len);
psmInfo->GetControlPtr(&control);
if (CMT_UnpickleResource(control,
SSM_RESTYPE_SSL_SOCKET_STATUS,
pickledResource,
&socketStatus) == CMTSuccess) {
if (CMT_GetStringAttribute(control, socketStatus,
SSM_FID_SSS_CA_NAME,
&caName) == CMTSuccess) {
// Create space for "Signed by %s" display string
char *str = NS_REINTERPRET_POINTER_CAST(char*, nsMemory::Alloc(CERT_PREFIX_STR_LENGTH + 1 + caName.len));
if (str) {
*str = '\0';
strcat(str, CERT_PREFIX_STR);
// will memcpy just return if size == 0?
memcpy(str + CERT_PREFIX_STR_LENGTH, caName.data, caName.len);
*(str + CERT_PREFIX_STR_LENGTH + caName.len) = '\0';
res = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("tooltiptext"), NS_ConvertASCIItoUCS2(str));
nsMemory::Free(str);
}
PRUnichar* tooltip = nsnull;
nsCOMPtr<nsISupports> info;
channel->GetSecurityInfo(getter_AddRefs(info));
if (info) {
nsCOMPtr<nsIChannelSecurityInfo> secInfo(do_QueryInterface(info));
if (secInfo &&
NS_SUCCEEDED(secInfo->GetShortSecurityDescription(&tooltip)) &&
tooltip) {
res = mSecurityButton->SetAttribute(NS_LITERAL_STRING("tooltiptext"),
nsString(tooltip));
PR_Free(tooltip);
}
}
nsMemory::Free(pickledResource.data);
#endif
return res;
}
mSecurityState = STATE_IS_BROKEN;
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to broken\n", this));
SetBrokenLockIcon(eventSink, aRequest);
return res;
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI:%p: Icon set to broken\n",
this));
mIsDocumentBroken = PR_TRUE;
SetBrokenLockIcon(eventSink, aRequest);
return res;
}
/// if (aProgressStateFlags == nsIWebProgress::flag_net_redirecting)
/// {
/// // need to implmentent.
/// }
// don't need to do anything more if the page is broken or not secure...
if (!mIsSecureDocument || mIsDocumentBroken)
if (mSecurityState != STATE_IS_SECURE)
return NS_OK;
// A URL is starting to load...
if ((aProgressStateFlags & STATE_START) &&
(aProgressStateFlags & STATE_IS_NETWORK)) {
if ((aProgressStateFlags & (STATE_TRANSFERRING | STATE_REDIRECTING)) &&
(aProgressStateFlags & STATE_IS_REQUEST)) {
// check to see if we are going to mix content.
return CheckMixedContext(eventSink, aRequest, loadingURI);
}
// A URL has finished loading...
if ((aProgressStateFlags & STATE_STOP) &&
(aProgressStateFlags & STATE_IS_NETWORK)) {
if (1) {
// FIX status from the flag...
nsCOMPtr<nsISupports> info;
channel->GetSecurityInfo(getter_AddRefs(info));
nsCOMPtr<nsISecureSocketInfo> secInfo = do_QueryInterface(info, &res);
// qi for the psm information about this channel load.
if (secInfo) {
return NS_OK;
}
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
("SecureUI:%p: OnStateChange - Icon set to broken\n", this));
SetBrokenLockIcon(eventSink, aRequest);
mIsDocumentBroken = PR_TRUE;
return CheckMixedContext(eventSink, aRequest, channel);
}
return res;
@ -478,12 +392,6 @@ nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
nsIURI* aLocation)
{
mCurrentURI = aLocation;
if (mInitByLocationChange) {
IsURLHTTPS(mCurrentURI, &mIsSecureDocument);
mInitByLocationChange = PR_FALSE;
}
return NS_OK;
}
@ -504,7 +412,7 @@ nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress *aWebProgress,
// I am the guy that created this notification - do nothing
#if defined(DEBUG_dougt)
nsCOMPtr<nsIChannel> channel = do_QueryInterface(aRequest);
nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
if (!channel)
return NS_ERROR_FAILURE;
@ -543,12 +451,12 @@ nsSecureBrowserUIImpl::IsURLHTTPS(nsIURI* aURL, PRBool* value)
}
void
nsSecureBrowserUIImpl::GetBundleString(const nsString& name,
nsSecureBrowserUIImpl::GetBundleString(const PRUnichar* name,
nsString &outString)
{
if (mStringBundle && name.Length() > 0) {
if (mStringBundle && name) {
PRUnichar *ptrv = nsnull;
if (NS_SUCCEEDED(mStringBundle->GetStringFromName(name.GetUnicode(),
if (NS_SUCCEEDED(mStringBundle->GetStringFromName(name,
&ptrv)))
outString = ptrv;
else
@ -564,22 +472,21 @@ nsSecureBrowserUIImpl::GetBundleString(const nsString& name,
nsresult
nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSink,
nsIRequest* aRequest,
nsIURI* newURI,
nsIURI* oldURI)
nsIChannel* aChannel)
{
nsresult res;
PRBool isNewSchemeSecure, isOldSchemeSecure, boolpref;
res = IsURLHTTPS(oldURI, &isOldSchemeSecure);
if (NS_FAILED(res))
return res;
res = IsURLHTTPS(newURI, &isNewSchemeSecure);
if (NS_FAILED(res))
return res;
PRInt32 newSecurityState, oldSecurityState = mSecurityState;
PRBool boolpref;
newSecurityState = GetSecurityStateFromChannel(aChannel);
// Check to see if we are going from a secure page to an insecure page
if (!isNewSchemeSecure && isOldSchemeSecure) {
if (newSecurityState == STATE_IS_INSECURE &&
(oldSecurityState == STATE_IS_SECURE ||
oldSecurityState == STATE_IS_BROKEN)) {
SetBrokenLockIcon(eventSink, aRequest, PR_TRUE);
if ((mPref->GetBoolPref(LEAVE_SITE_PREF, &boolpref) != 0))
boolpref = PR_TRUE;
@ -591,9 +498,9 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSin
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("LeaveSiteMessage"), message);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
GetBundleString(NS_LITERAL_STRING("Title").get(), windowTitle);
GetBundleString(NS_LITERAL_STRING("LeaveSiteMessage").get(), message);
GetBundleString(NS_LITERAL_STRING("DontShowAgain").get(), dontShowAgain);
PRBool outCheckValue = PR_TRUE;
res = dialog->AlertCheck(windowTitle.GetUnicode(),
@ -605,16 +512,20 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSin
if (!outCheckValue) {
mPref->SetBoolPref(LEAVE_SITE_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &res);
#if 0
nsCOMPtr<nsISecurityManagerComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID, &res));
if (NS_FAILED(res))
return res;
// psm->PassPrefs();
#endif
}
}
}
// check to see if we are going from an insecure page to a secure one.
else if (isNewSchemeSecure && !isOldSchemeSecure) {
else if ((newSecurityState == STATE_IS_SECURE ||
newSecurityState == STATE_IS_BROKEN) &&
oldSecurityState == STATE_IS_INSECURE) {
if ((mPref->GetBoolPref(ENTER_SITE_PREF, &boolpref) != 0))
boolpref = PR_TRUE;
if (boolpref) {
@ -625,9 +536,9 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSin
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("EnterSiteMessage"), message);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
GetBundleString(NS_LITERAL_STRING("Title").get(), windowTitle);
GetBundleString(NS_LITERAL_STRING("EnterSiteMessage").get(), message);
GetBundleString(NS_LITERAL_STRING("DontShowAgain").get(), dontShowAgain);
PRBool outCheckValue = PR_TRUE;
res = dialog->AlertCheck(windowTitle.GetUnicode(),
@ -639,31 +550,46 @@ nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSin
if (!outCheckValue) {
mPref->SetBoolPref(ENTER_SITE_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &res);
#if 0
nsCOMPtr<nsISecurityManageComponent> psm(do_getService(PSM_COMPONENT_CONTRACTID, &res));
if (NS_FAILED(res))
return res;
// psm->PassPrefs();
#endif
}
}
}
mIsSecureDocument = isNewSchemeSecure;
mSecurityState = newSecurityState;
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink,
nsIRequest* aRequest, nsIURI* nextURI)
nsIRequest* aRequest, nsIChannel* aChannel)
{
PRBool secure;
PRInt16 newSecurityState;
nsresult rv;
nsresult rv = IsURLHTTPS(nextURI, &secure);
if (NS_FAILED(rv))
return rv;
if (!secure && mIsSecureDocument) {
mIsDocumentBroken = PR_TRUE;
newSecurityState = GetSecurityStateFromChannel(aChannel);
if ((newSecurityState == STATE_IS_INSECURE ||
newSecurityState == STATE_IS_BROKEN) &&
mSecurityState == STATE_IS_SECURE) {
// work-around for bug 48515
nsCOMPtr<nsIURI> aURI;
aChannel->GetURI(getter_AddRefs(aURI));
nsXPIDLCString temp;
aURI->GetSpec(getter_Copies(temp));
if (!nsCRT::strncmp((const char*) temp, "file:", 5) ||
!nsCRT::strcmp((const char*) temp, "about:layout-dummy-request")) {
return NS_OK;
}
mSecurityState = STATE_IS_BROKEN;
SetBrokenLockIcon(eventSink, aRequest);
if (!mPref) return NS_ERROR_NULL_POINTER;
@ -680,9 +606,9 @@ nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink,
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("MixedContentMessage"), message);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
GetBundleString(NS_LITERAL_STRING("Title").get(), windowTitle);
GetBundleString(NS_LITERAL_STRING("MixedContentMessage").get(), message);
GetBundleString(NS_LITERAL_STRING("DontShowAgain").get(), dontShowAgain);
PRBool outCheckValue = PR_TRUE;
@ -695,11 +621,12 @@ nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink,
if (!outCheckValue) {
mPref->SetBoolPref(MIXEDCONTENT_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &rv);
#if 0
nsCOMptr<nsISecurityManagerComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID, &rv));
if (NS_FAILED(rv))
return rv;
// psm->PassPrefs();
#endif
}
mMixContentAlertShown = PR_TRUE;
@ -713,15 +640,19 @@ nsresult
nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
{
PRBool secure;
*okayToPost = PR_TRUE;
nsresult rv = IsURLHTTPS(actionURL, &secure);
if (NS_FAILED(rv))
return rv;
// if we are posting to a secure link from a secure page, all is okay.
if (secure && mIsSecureDocument)
// if we are posting to a secure link, all is okay
if (secure &&
(mSecurityState == STATE_IS_SECURE ||
mSecurityState == STATE_IS_BROKEN)) {
return NS_OK;
}
PRBool boolpref = PR_TRUE;
// posting to a non https URL.
@ -735,14 +666,14 @@ nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
nsAutoString windowTitle, message, dontShowAgain;
GetBundleString(NS_ConvertASCIItoUCS2("Title"), windowTitle);
GetBundleString(NS_ConvertASCIItoUCS2("DontShowAgain"), dontShowAgain);
GetBundleString(NS_LITERAL_STRING("Title").get(), windowTitle);
GetBundleString(NS_LITERAL_STRING("DontShowAgain").get(), dontShowAgain);
// posting to insecure webpage from a secure webpage.
if (!secure && mIsSecureDocument && !mIsDocumentBroken) {
GetBundleString(NS_ConvertASCIItoUCS2("PostToInsecure"), message);
if (!secure && mSecurityState == STATE_IS_SECURE) {
GetBundleString(NS_LITERAL_STRING("PostToInsecure").get(), message);
} else { // anything else, post generic warning
GetBundleString(NS_ConvertASCIItoUCS2("PostToInsecureFromInsecure"),
GetBundleString(NS_LITERAL_STRING("PostToInsecureFromInsecure").get(),
message);
}
@ -757,14 +688,14 @@ nsSecureBrowserUIImpl::CheckPost(nsIURI *actionURL, PRBool *okayToPost)
if (!outCheckValue) {
mPref->SetBoolPref(INSECURE_SUBMIT_PREF, PR_FALSE);
NS_WITH_SERVICE(nsISecurityManagerComponent, psm,
PSM_COMPONENT_CONTRACTID, &rv);
return NS_OK;
#if 0
nsCOMPtr<nsISecurityManagerComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID, &rv));
if (NS_FAILED(rv))
return rv;
// psm->PassPrefs();
#endif
}
} else {
*okayToPost = PR_TRUE;
}
return NS_OK;
@ -778,22 +709,23 @@ nsSecureBrowserUIImpl::SetBrokenLockIcon(nsISecurityEventSink *eventSink,
nsresult rv = NS_OK;
if (removeValue) {
if (mSecurityButton)
rv = mSecurityButton->RemoveAttribute(NS_ConvertASCIItoUCS2("level"));
rv = mSecurityButton->RemoveAttribute(NS_LITERAL_STRING("level"));
if (eventSink)
(void) eventSink->OnSecurityChange(aRequest, STATE_IS_INSECURE);
} else {
if (mSecurityButton)
rv = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("level"),
NS_ConvertASCIItoUCS2("broken"));
rv = mSecurityButton->SetAttribute(NS_LITERAL_STRING("level"),
NS_LITERAL_STRING("broken"));
if (eventSink)
(void) eventSink->OnSecurityChange(aRequest, (STATE_IS_BROKEN));
}
nsAutoString tooltiptext;
GetBundleString(NS_ConvertASCIItoUCS2("SecurityButtonTooltipText"),
GetBundleString(NS_LITERAL_STRING("SecurityButtonTooltipText").get(),
tooltiptext);
if (mSecurityButton)
rv = mSecurityButton->SetAttribute(NS_ConvertASCIItoUCS2("tooltiptext"),
rv = mSecurityButton->SetAttribute(NS_LITERAL_STRING("tooltiptext"),
tooltiptext);
return rv;
}

18
security/manager/ssl/src/nsSecureBrowserUIImpl.h
Просмотреть файл

@ -61,8 +61,6 @@ public:
nsSecureBrowserUIImpl();
virtual ~nsSecureBrowserUIImpl();
static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
NS_DECL_ISUPPORTS
NS_DECL_NSIWEBPROGRESSLISTENER
NS_DECL_NSSECUREBROWSERUI
@ -79,25 +77,17 @@ protected:
nsCOMPtr<nsIDocumentLoaderObserver> mOldWebShellObserver;
nsCOMPtr<nsIPref> mPref;
nsCOMPtr<nsIStringBundle> mStringBundle;
nsCOMPtr<nsIURI> mCurrentURI;
PRBool mIsSecureDocument;
PRBool mIsDocumentBroken;
PRBool mMixContentAlertShown;
PRBool mInitByLocationChange;
char* mLastPSMStatus;
PRInt32 mSecurityState;
void GetBundleString(const nsString& name, nsString &outString);
void GetBundleString(const PRUnichar* name, nsString &outString);
nsresult CheckProtocolContextSwitch(nsISecurityEventSink* sink,
nsIRequest* request, nsIURI* newURI,
nsIURI* oldURI);
nsIRequest* request, nsIChannel* aChannel);
nsresult CheckMixedContext(nsISecurityEventSink* sink, nsIRequest* request,
nsIURI* nextURI);
nsIChannel* aChannel);
nsresult CheckPost(nsIURI *actionURL, PRBool *okayToPost);
nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value);
nsresult SetBrokenLockIcon(nsISecurityEventSink* sink, nsIRequest* request,

40
security/manager/ssl/src/nsTLSSocketProvider.cpp
Просмотреть файл

@ -21,21 +21,12 @@
* Brian Ryner <bryner@netscape.com>
*/
#include "nsIComponentManager.h"
#include "nsIServiceManager.h"
#include "nsTLSSocketProvider.h"
#include "nsNSSIOLayer.h"
nsTLSSocketProvider::nsTLSSocketProvider()
{
NS_INIT_REFCNT();
}
nsresult
nsTLSSocketProvider::Init()
{
nsresult rv = NS_OK;
return rv;
NS_INIT_ISUPPORTS();
}
nsTLSSocketProvider::~nsTLSSocketProvider()
@ -45,35 +36,6 @@ nsTLSSocketProvider::~nsTLSSocketProvider()
NS_IMPL_THREADSAFE_ISUPPORTS2(nsTLSSocketProvider, nsISocketProvider,
nsISSLSocketProvider);
NS_METHOD
nsTLSSocketProvider::Create(nsISupports *aOuter, REFNSIID aIID, void **aResult)
{
nsresult rv;
nsTLSSocketProvider* inst;
if (!aResult) {
rv = NS_ERROR_NULL_POINTER;
return rv;
}
*aResult = nsnull;
if (aOuter) {
rv = NS_ERROR_NO_AGGREGATION;
return rv;
}
NS_NEWXPCOM(inst, nsTLSSocketProvider);
if (!inst) {
rv = NS_ERROR_OUT_OF_MEMORY;
return rv;
}
NS_ADDREF(inst);
rv = inst->QueryInterface(aIID, aResult);
NS_RELEASE(inst);
return rv;
}
NS_IMETHODIMP
nsTLSSocketProvider::NewSocket(const char *host,
PRInt32 port,

6
security/manager/ssl/src/nsTLSSocketProvider.h
Просмотреть файл

@ -45,12 +45,6 @@ public:
// nsTLSSocketProvider methods:
nsTLSSocketProvider();
virtual ~nsTLSSocketProvider();
static NS_METHOD Create(nsISupports *aOuter, REFNSIID aIID, void **aResult);
nsresult Init();
protected:
};
#endif /* _NSTLSSOCKETPROVIDER_H_ */