1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 : *
3 : * ***** BEGIN LICENSE BLOCK *****
4 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
5 : *
6 : * The contents of this file are subject to the Mozilla Public License Version
7 : * 1.1 (the "License"); you may not use this file except in compliance with
8 : * the License. You may obtain a copy of the License at
9 : * http://www.mozilla.org/MPL/
10 : *
11 : * Software distributed under the License is distributed on an "AS IS" basis,
12 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13 : * for the specific language governing rights and limitations under the
14 : * License.
15 : *
16 : * The Original Code is mozilla.org code.
17 : *
18 : * The Initial Developer of the Original Code is
19 : * Netscape Communications Corporation.
20 : * Portions created by the Initial Developer are Copyright (C) 1998
21 : * the Initial Developer. All Rights Reserved.
22 : *
23 : * Contributor(s):
24 : * Hubbie Shaw
25 : * Doug Turner <dougt@netscape.com>
26 : * Brian Ryner <bryner@brianryner.com>
27 : * Kai Engert <kaie@netscape.com>
28 : * Kai Engert <kengert@redhat.com>
29 : *
30 : * Alternatively, the contents of this file may be used under the terms of
31 : * either the GNU General Public License Version 2 or later (the "GPL"), or
32 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
33 : * in which case the provisions of the GPL or the LGPL are applicable instead
34 : * of those above. If you wish to allow use of your version of this file only
35 : * under the terms of either the GPL or the LGPL, and not to allow others to
36 : * use your version of this file under the terms of the MPL, indicate your
37 : * decision by deleting the provisions above and replace them with the notice
38 : * and other provisions required by the GPL or the LGPL. If you do not delete
39 : * the provisions above, a recipient may use your version of this file under
40 : * the terms of any one of the MPL, the GPL or the LGPL.
41 : *
42 : * ***** END LICENSE BLOCK ***** */
43 :
44 : #ifndef _nsNSSComponent_h_
45 : #define _nsNSSComponent_h_
46 :
47 : #include "mozilla/Mutex.h"
48 : #include "nsCOMPtr.h"
49 : #include "nsISignatureVerifier.h"
50 : #include "nsIURIContentListener.h"
51 : #include "nsIStreamListener.h"
52 : #include "nsIEntropyCollector.h"
53 : #include "nsString.h"
54 : #include "nsIStringBundle.h"
55 : #include "nsIDOMEventTarget.h"
56 : #include "nsIPrefBranch.h"
57 : #include "nsIObserver.h"
58 : #include "nsIObserverService.h"
59 : #include "nsWeakReference.h"
60 : #include "nsIScriptSecurityManager.h"
61 : #include "nsSmartCardMonitor.h"
62 : #include "nsINSSErrorsService.h"
63 : #include "nsITimer.h"
64 : #include "nsNetUtil.h"
65 : #include "nsHashtable.h"
66 : #include "nsICryptoHash.h"
67 : #include "nsICryptoHMAC.h"
68 : #include "hasht.h"
69 : #include "nsNSSCallbacks.h"
70 : #include "nsNSSShutDown.h"
71 :
72 : #include "nsNSSHelper.h"
73 : #include "nsClientAuthRemember.h"
74 : #include "nsCERTValInParamWrapper.h"
75 :
76 : #define NS_NSSCOMPONENT_CID \
77 : {0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
78 :
79 : #define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
80 : #define PSM_COMPONENT_CLASSNAME "Mozilla PSM Component"
81 :
82 : //Define an interface that we can use to look up from the
83 : //callbacks passed to NSS.
84 :
85 : #define NS_INSSCOMPONENT_IID_STR "6ffbb526-205b-49c5-ae3f-5959c084075e"
86 : #define NS_INSSCOMPONENT_IID \
87 : { 0x6ffbb526, 0x205b, 0x49c5, \
88 : { 0xae, 0x3f, 0x59, 0x59, 0xc0, 0x84, 0x7, 0x5e } }
89 :
90 : #define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
91 : #define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
92 :
93 : #define NS_CRYPTO_HASH_CLASSNAME "Mozilla Crypto Hash Function Component"
94 : #define NS_CRYPTO_HASH_CID {0x36a1d3b3, 0xd886, 0x4317, {0x96, 0xff, 0x87, 0xb0, 0x00, 0x5c, 0xfe, 0xf7}}
95 :
96 : #define NS_CRYPTO_HMAC_CLASSNAME "Mozilla Crypto HMAC Function Component"
97 : #define NS_CRYPTO_HMAC_CID {0xa496d0a2, 0xdff7, 0x4e23, {0xbd, 0x65, 0x1c, 0xa7, 0x42, 0xfa, 0x17, 0x8a}}
98 :
99 : enum EnsureNSSOperator
100 : {
101 : nssLoadingComponent = 0,
102 : nssInitSucceeded = 1,
103 : nssInitFailed = 2,
104 : nssShutdown = 3,
105 : nssEnsure = 100,
106 : nssEnsureOnChromeOnly = 101
107 : };
108 :
109 : extern bool EnsureNSSInitialized(EnsureNSSOperator op);
110 :
111 : //--------------------------------------------
112 : // Now we need a content listener to register
113 : //--------------------------------------------
114 : class PSMContentDownloader : public nsIStreamListener
115 : {
116 : public:
117 : PSMContentDownloader() {NS_ASSERTION(false, "don't use this constructor."); }
118 : PSMContentDownloader(PRUint32 type);
119 : virtual ~PSMContentDownloader();
120 : void setSilentDownload(bool flag);
121 : void setCrlAutodownloadKey(nsAutoString key);
122 :
123 : NS_DECL_ISUPPORTS
124 : NS_DECL_NSIREQUESTOBSERVER
125 : NS_DECL_NSISTREAMLISTENER
126 :
127 : enum {UNKNOWN_TYPE = 0};
128 : enum {X509_CA_CERT = 1};
129 : enum {X509_USER_CERT = 2};
130 : enum {X509_EMAIL_CERT = 3};
131 : enum {X509_SERVER_CERT = 4};
132 : enum {PKCS7_CRL = 5};
133 :
134 : protected:
135 : char* mByteData;
136 : PRInt32 mBufferOffset;
137 : PRInt32 mBufferSize;
138 : PRUint32 mType;
139 : bool mDoSilentDownload;
140 : nsString mCrlAutoDownloadKey;
141 : nsCOMPtr<nsIURI> mURI;
142 : nsresult handleContentDownloadError(nsresult errCode);
143 : };
144 :
145 : class nsNSSComponent;
146 :
147 328 : class NS_NO_VTABLE nsINSSComponent : public nsISupports {
148 : public:
149 : NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
150 :
151 : NS_IMETHOD ShowAlertFromStringBundle(const char * messageID) = 0;
152 :
153 : NS_IMETHOD GetPIPNSSBundleString(const char *name,
154 : nsAString &outString) = 0;
155 : NS_IMETHOD PIPBundleFormatStringFromName(const char *name,
156 : const PRUnichar **params,
157 : PRUint32 numParams,
158 : nsAString &outString) = 0;
159 :
160 : NS_IMETHOD GetNSSBundleString(const char *name,
161 : nsAString &outString) = 0;
162 : NS_IMETHOD NSSBundleFormatStringFromName(const char *name,
163 : const PRUnichar **params,
164 : PRUint32 numParams,
165 : nsAString &outString) = 0;
166 :
167 : // This method will just disable OCSP in NSS, it will not
168 : // alter the respective pref values.
169 : NS_IMETHOD SkipOcsp() = 0;
170 :
171 : // This method will set the OCSP value according to the
172 : // values in the preferences.
173 : NS_IMETHOD SkipOcspOff() = 0;
174 :
175 : NS_IMETHOD RememberCert(CERTCertificate *cert) = 0;
176 :
177 : NS_IMETHOD RemoveCrlFromList(nsAutoString) = 0;
178 :
179 : NS_IMETHOD DefineNextTimer() = 0;
180 :
181 : NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
182 :
183 : NS_IMETHOD LogoutAuthenticatedPK11() = 0;
184 :
185 : NS_IMETHOD LaunchSmartCardThread(SECMODModule *module) = 0;
186 :
187 : NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module) = 0;
188 :
189 : NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token) = 0;
190 :
191 : NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token) = 0;
192 :
193 : NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars) = 0;
194 :
195 : NS_IMETHOD EnsureIdentityInfoLoaded() = 0;
196 :
197 : NS_IMETHOD IsNSSInitialized(bool *initialized) = 0;
198 :
199 : NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
200 : NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out) = 0;
201 : };
202 :
203 : NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
204 :
205 : class nsCryptoHash : public nsICryptoHash, public nsNSSShutDownObject
206 : {
207 : public:
208 : NS_DECL_ISUPPORTS
209 : NS_DECL_NSICRYPTOHASH
210 :
211 : nsCryptoHash();
212 :
213 : private:
214 : ~nsCryptoHash();
215 :
216 : HASHContext* mHashContext;
217 : bool mInitialized;
218 :
219 : virtual void virtualDestroyNSSReference();
220 : void destructorSafeDestroyNSSReference();
221 : };
222 :
223 : class nsCryptoHMAC : public nsICryptoHMAC, public nsNSSShutDownObject
224 : {
225 : public:
226 : NS_DECL_ISUPPORTS
227 : NS_DECL_NSICRYPTOHMAC
228 :
229 : nsCryptoHMAC();
230 :
231 : private:
232 : ~nsCryptoHMAC();
233 : PK11Context* mHMACContext;
234 :
235 : virtual void virtualDestroyNSSReference();
236 : void destructorSafeDestroyNSSReference();
237 : };
238 :
239 : class nsNSSShutDownList;
240 : class nsCertVerificationThread;
241 :
242 : // Implementation of the PSM component interface.
243 : class nsNSSComponent : public nsISignatureVerifier,
244 : public nsIEntropyCollector,
245 : public nsINSSComponent,
246 : public nsIObserver,
247 : public nsSupportsWeakReference,
248 : public nsITimerCallback
249 : {
250 : typedef mozilla::Mutex Mutex;
251 :
252 : public:
253 : NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
254 :
255 : nsNSSComponent();
256 : virtual ~nsNSSComponent();
257 :
258 : NS_DECL_ISUPPORTS
259 : NS_DECL_NSISIGNATUREVERIFIER
260 : NS_DECL_NSIENTROPYCOLLECTOR
261 : NS_DECL_NSIOBSERVER
262 : NS_DECL_NSITIMERCALLBACK
263 :
264 : NS_METHOD Init();
265 :
266 : static nsresult GetNewPrompter(nsIPrompt ** result);
267 : static nsresult ShowAlertWithConstructedString(const nsString & message);
268 : NS_IMETHOD ShowAlertFromStringBundle(const char * messageID);
269 :
270 : NS_IMETHOD GetPIPNSSBundleString(const char *name,
271 : nsAString &outString);
272 : NS_IMETHOD PIPBundleFormatStringFromName(const char *name,
273 : const PRUnichar **params,
274 : PRUint32 numParams,
275 : nsAString &outString);
276 : NS_IMETHOD GetNSSBundleString(const char *name,
277 : nsAString &outString);
278 : NS_IMETHOD NSSBundleFormatStringFromName(const char *name,
279 : const PRUnichar **params,
280 : PRUint32 numParams,
281 : nsAString &outString);
282 : NS_IMETHOD SkipOcsp();
283 : NS_IMETHOD SkipOcspOff();
284 : nsresult InitializeCRLUpdateTimer();
285 : nsresult StopCRLUpdateTimer();
286 : NS_IMETHOD RemoveCrlFromList(nsAutoString);
287 : NS_IMETHOD DefineNextTimer();
288 : NS_IMETHOD LogoutAuthenticatedPK11();
289 : NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString);
290 : NS_IMETHOD RememberCert(CERTCertificate *cert);
291 :
292 : NS_IMETHOD LaunchSmartCardThread(SECMODModule *module);
293 : NS_IMETHOD ShutdownSmartCardThread(SECMODModule *module);
294 : NS_IMETHOD PostEvent(const nsAString &eventType, const nsAString &token);
295 : NS_IMETHOD DispatchEvent(const nsAString &eventType, const nsAString &token);
296 : NS_IMETHOD GetClientAuthRememberService(nsClientAuthRememberService **cars);
297 : NS_IMETHOD EnsureIdentityInfoLoaded();
298 : NS_IMETHOD IsNSSInitialized(bool *initialized);
299 :
300 : NS_IMETHOD GetDefaultCERTValInParam(nsRefPtr<nsCERTValInParamWrapper> &out);
301 : NS_IMETHOD GetDefaultCERTValInParamLocalOnly(nsRefPtr<nsCERTValInParamWrapper> &out);
302 : private:
303 :
304 : nsresult InitializeNSS(bool showWarningBox);
305 : nsresult ShutdownNSS();
306 :
307 : #ifdef XP_MACOSX
308 : void TryCFM2MachOMigration(nsIFile *cfmPath, nsIFile *machoPath);
309 : #endif
310 :
311 : void InstallLoadableRoots();
312 : void UnloadLoadableRoots();
313 : void LaunchSmartCardThreads();
314 : void ShutdownSmartCardThreads();
315 : void CleanupIdentityInfo();
316 : void setValidationOptions(nsIPrefBranch * pref);
317 : nsresult InitializePIPNSSBundle();
318 : nsresult ConfigureInternalPKCS11Token();
319 : nsresult RegisterPSMContentListener();
320 : nsresult RegisterObservers();
321 : nsresult DeregisterObservers();
322 : nsresult DownloadCrlSilently();
323 : nsresult PostCRLImportEvent(const nsCSubstring &urlString, nsIStreamListener *psmDownloader);
324 : nsresult getParamsForNextCrlToDownload(nsAutoString *url, PRTime *time, nsAutoString *key);
325 : nsresult DispatchEventToWindow(nsIDOMWindow *domWin, const nsAString &eventType, const nsAString &token);
326 :
327 : // Methods that we use to handle the profile change notifications (and to
328 : // synthesize a full profile change when we're just doing a profile startup):
329 : void DoProfileApproveChange(nsISupports* aSubject);
330 : void DoProfileChangeNetTeardown();
331 : void DoProfileChangeTeardown(nsISupports* aSubject);
332 : void DoProfileBeforeChange(nsISupports* aSubject);
333 : void DoProfileChangeNetRestore();
334 :
335 : Mutex mutex;
336 :
337 : nsCOMPtr<nsIScriptSecurityManager> mScriptSecurityManager;
338 : nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
339 : nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
340 : nsCOMPtr<nsIURIContentListener> mPSMContentListener;
341 : nsCOMPtr<nsIPrefBranch> mPrefBranch;
342 : nsCOMPtr<nsITimer> mTimer;
343 : bool mNSSInitialized;
344 : bool mObserversRegistered;
345 : PLHashTable *hashTableCerts;
346 : nsAutoString mDownloadURL;
347 : nsAutoString mCrlUpdateKey;
348 : Mutex mCrlTimerLock;
349 : nsHashtable *crlsScheduledForDownload;
350 : bool crlDownloadTimerOn;
351 : bool mUpdateTimerInitialized;
352 : static int mInstanceCount;
353 : nsNSSShutDownList *mShutdownObjectList;
354 : SmartCardThreadList *mThreadList;
355 : bool mIsNetworkDown;
356 :
357 : void deleteBackgroundThreads();
358 : void createBackgroundThreads();
359 : nsCertVerificationThread *mCertVerificationThread;
360 :
361 : nsNSSHttpInterface mHttpForNSS;
362 : nsRefPtr<nsClientAuthRememberService> mClientAuthRememberService;
363 : nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParam;
364 : nsRefPtr<nsCERTValInParamWrapper> mDefaultCERTValInParamLocalOnly;
365 :
366 : static PRStatus PR_CALLBACK IdentityInfoInit(void);
367 : PRCallOnceType mIdentityInfoCallOnce;
368 :
369 : public:
370 : static bool globalConstFlagUsePKIXVerification;
371 : };
372 :
373 : class PSMContentListener : public nsIURIContentListener,
374 : public nsSupportsWeakReference {
375 : public:
376 : PSMContentListener();
377 : virtual ~PSMContentListener();
378 : nsresult init();
379 :
380 : NS_DECL_ISUPPORTS
381 : NS_DECL_NSIURICONTENTLISTENER
382 : private:
383 : nsCOMPtr<nsISupports> mLoadCookie;
384 : nsCOMPtr<nsIURIContentListener> mParentContentListener;
385 : };
386 :
387 : class nsNSSErrors
388 : {
389 : public:
390 : static const char *getDefaultErrorStringName(PRInt32 err);
391 : static const char *getOverrideErrorStringName(PRInt32 aErrorCode);
392 : static nsresult getErrorMessageFromCode(PRInt32 err,
393 : nsINSSComponent *component,
394 : nsString &returnedMessage);
395 : };
396 :
397 : class nsPSMInitPanic
398 : {
399 : private:
400 : static bool isPanic;
401 : public:
402 0 : static void SetPanic() {isPanic = true;}
403 9864 : static bool GetPanic() {return isPanic;}
404 : };
405 :
406 : #endif // _nsNSSComponent_h_
407 :
|