LCOV - code coverage report
Current view: directory - security/manager/ssl/src - nsClientAuthRemember.cpp (source / functions) Found Hit Coverage
Test: app.info Lines: 101 26 25.7 %
Date: 2012-06-02 Functions: 14 9 64.3 %

       1                 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
       2                 :  *
       3                 :  * ***** BEGIN LICENSE BLOCK *****
       4                 :  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
       5                 :  *
       6                 :  * The contents of this file are subject to the Mozilla Public License Version
       7                 :  * 1.1 (the "License"); you may not use this file except in compliance with
       8                 :  * the License. You may obtain a copy of the License at
       9                 :  * http://www.mozilla.org/MPL/
      10                 :  *
      11                 :  * Software distributed under the License is distributed on an "AS IS" basis,
      12                 :  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
      13                 :  * for the specific language governing rights and limitations under the
      14                 :  * License.
      15                 :  *
      16                 :  * The Original Code is mozilla.org code.
      17                 :  *
      18                 :  * The Initial Developer of the Original Code is
      19                 :  * Red Hat, Inc.
      20                 :  * Portions created by the Initial Developer are Copyright (C) 2008
      21                 :  * the Initial Developer. All Rights Reserved.
      22                 :  *
      23                 :  * Contributor(s):
      24                 :  *   Kai Engert <kengert@redhat.com>
      25                 :  *
      26                 :  * Alternatively, the contents of this file may be used under the terms of
      27                 :  * either the GNU General Public License Version 2 or later (the "GPL"), or
      28                 :  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
      29                 :  * in which case the provisions of the GPL or the LGPL are applicable instead
      30                 :  * of those above. If you wish to allow use of your version of this file only
      31                 :  * under the terms of either the GPL or the LGPL, and not to allow others to
      32                 :  * use your version of this file under the terms of the MPL, indicate your
      33                 :  * decision by deleting the provisions above and replace them with the notice
      34                 :  * and other provisions required by the GPL or the LGPL. If you do not delete
      35                 :  * the provisions above, a recipient may use your version of this file under
      36                 :  * the terms of any one of the MPL, the GPL or the LGPL.
      37                 :  *
      38                 :  * ***** END LICENSE BLOCK ***** */
      39                 : 
      40                 : #include "nsClientAuthRemember.h"
      41                 : 
      42                 : #include "nsIX509Cert.h"
      43                 : #include "nsCRT.h"
      44                 : #include "nsNetUtil.h"
      45                 : #include "nsIObserverService.h"
      46                 : #include "nsNetUtil.h"
      47                 : #include "nsISupportsPrimitives.h"
      48                 : #include "nsPromiseFlatString.h"
      49                 : #include "nsThreadUtils.h"
      50                 : #include "nsStringBuffer.h"
      51                 : #include "nspr.h"
      52                 : #include "pk11pub.h"
      53                 : #include "certdb.h"
      54                 : #include "sechash.h"
      55                 : 
      56                 : #include "nsNSSCleaner.h"
      57                 : 
      58                 : using namespace mozilla;
      59                 : 
      60                 : NSSCleanupAutoPtrClass(CERTCertificate, CERT_DestroyCertificate)
      61                 : 
      62            4488 : NS_IMPL_THREADSAFE_ISUPPORTS2(nsClientAuthRememberService, 
      63                 :                               nsIObserver,
      64                 :                               nsISupportsWeakReference)
      65                 : 
      66             328 : nsClientAuthRememberService::nsClientAuthRememberService()
      67             328 :   : monitor("nsClientAuthRememberService.monitor")
      68                 : {
      69             328 : }
      70                 : 
      71             656 : nsClientAuthRememberService::~nsClientAuthRememberService()
      72                 : {
      73             328 :   RemoveAllFromMemory();
      74             328 : }
      75                 : 
      76                 : nsresult
      77             328 : nsClientAuthRememberService::Init()
      78                 : {
      79             328 :   if (!NS_IsMainThread()) {
      80               0 :     NS_ERROR("nsClientAuthRememberService::Init called off the main thread");
      81               0 :     return NS_ERROR_NOT_SAME_THREAD;
      82                 :   }
      83                 : 
      84             328 :   if (!mSettingsTable.Init())
      85               0 :     return NS_ERROR_OUT_OF_MEMORY;
      86                 : 
      87                 :   nsCOMPtr<nsIObserverService> observerService =
      88             656 :       mozilla::services::GetObserverService();
      89             328 :   if (observerService) {
      90             328 :     observerService->AddObserver(this, "profile-before-change", true);
      91                 :   }
      92                 : 
      93             328 :   return NS_OK;
      94                 : }
      95                 : 
      96                 : NS_IMETHODIMP
      97             315 : nsClientAuthRememberService::Observe(nsISupports     *aSubject,
      98                 :                                const char      *aTopic,
      99                 :                                const PRUnichar *aData)
     100                 : {
     101                 :   // check the topic
     102             315 :   if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
     103                 :     // The profile is about to change,
     104                 :     // or is going away because the application is shutting down.
     105                 : 
     106             630 :     ReentrantMonitorAutoEnter lock(monitor);
     107             315 :     RemoveAllFromMemory();
     108                 :   }
     109                 : 
     110             315 :   return NS_OK;
     111                 : }
     112                 : 
     113             470 : void nsClientAuthRememberService::ClearRememberedDecisions()
     114                 : {
     115             940 :   ReentrantMonitorAutoEnter lock(monitor);
     116             470 :   RemoveAllFromMemory();
     117             470 : }
     118                 : 
     119                 : void
     120            1113 : nsClientAuthRememberService::RemoveAllFromMemory()
     121                 : {
     122            1113 :   mSettingsTable.Clear();
     123            1113 : }
     124                 : 
     125                 : static nsresult
     126               0 : GetCertFingerprintByOidTag(CERTCertificate* nsscert,
     127                 :                            SECOidTag aOidTag, 
     128                 :                            nsCString &fp)
     129                 : {
     130               0 :   unsigned int hash_len = HASH_ResultLenByOidTag(aOidTag);
     131               0 :   nsRefPtr<nsStringBuffer> fingerprint = nsStringBuffer::Alloc(hash_len);
     132               0 :   if (!fingerprint)
     133               0 :     return NS_ERROR_OUT_OF_MEMORY;
     134                 : 
     135               0 :   PK11_HashBuf(aOidTag, (unsigned char*)fingerprint->Data(), 
     136               0 :                nsscert->derCert.data, nsscert->derCert.len);
     137                 : 
     138                 :   SECItem fpItem;
     139               0 :   fpItem.data = (unsigned char*)fingerprint->Data();
     140               0 :   fpItem.len = hash_len;
     141                 : 
     142               0 :   fp.Adopt(CERT_Hexify(&fpItem, 1));
     143               0 :   return NS_OK;
     144                 : }
     145                 : 
     146                 : nsresult
     147               0 : nsClientAuthRememberService::RememberDecision(const nsACString & aHostName, 
     148                 :                                               CERTCertificate *aServerCert, CERTCertificate *aClientCert)
     149                 : {
     150                 :   // aClientCert == NULL means: remember that user does not want to use a cert
     151               0 :   NS_ENSURE_ARG_POINTER(aServerCert);
     152               0 :   if (aHostName.IsEmpty())
     153               0 :     return NS_ERROR_INVALID_ARG;
     154                 : 
     155               0 :   nsCAutoString fpStr;
     156               0 :   nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr);
     157               0 :   if (NS_FAILED(rv))
     158               0 :     return rv;
     159                 : 
     160                 :   {
     161               0 :     ReentrantMonitorAutoEnter lock(monitor);
     162               0 :     if (aClientCert) {
     163               0 :       nsNSSCertificate pipCert(aClientCert);
     164               0 :       char *dbkey = NULL;
     165               0 :       rv = pipCert.GetDbKey(&dbkey);
     166               0 :       if (NS_SUCCEEDED(rv) && dbkey) {
     167                 :         AddEntryToList(aHostName, fpStr, 
     168               0 :                        nsDependentCString(dbkey));
     169                 :       }
     170               0 :       if (dbkey) {
     171               0 :         PORT_Free(dbkey);
     172                 :       }
     173                 :     }
     174                 :     else {
     175               0 :       nsCString empty;
     176               0 :       AddEntryToList(aHostName, fpStr, empty);
     177                 :     }
     178                 :   }
     179                 : 
     180               0 :   return NS_OK;
     181                 : }
     182                 : 
     183                 : nsresult
     184               0 : nsClientAuthRememberService::HasRememberedDecision(const nsACString & aHostName, 
     185                 :                                                    CERTCertificate *aCert, 
     186                 :                                                    nsACString & aCertDBKey,
     187                 :                                                    bool *_retval)
     188                 : {
     189               0 :   if (aHostName.IsEmpty())
     190               0 :     return NS_ERROR_INVALID_ARG;
     191                 : 
     192               0 :   NS_ENSURE_ARG_POINTER(aCert);
     193               0 :   NS_ENSURE_ARG_POINTER(_retval);
     194               0 :   *_retval = false;
     195                 : 
     196                 :   nsresult rv;
     197               0 :   nsCAutoString fpStr;
     198               0 :   rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr);
     199               0 :   if (NS_FAILED(rv))
     200               0 :     return rv;
     201                 : 
     202               0 :   nsCAutoString hostCert;
     203               0 :   GetHostWithCert(aHostName, fpStr, hostCert);
     204               0 :   nsClientAuthRemember settings;
     205                 : 
     206                 :   {
     207               0 :     ReentrantMonitorAutoEnter lock(monitor);
     208               0 :     nsClientAuthRememberEntry *entry = mSettingsTable.GetEntry(hostCert.get());
     209               0 :     if (!entry)
     210               0 :       return NS_OK;
     211               0 :     settings = entry->mSettings; // copy
     212                 :   }
     213                 : 
     214               0 :   aCertDBKey = settings.mDBKey;
     215               0 :   *_retval = true;
     216               0 :   return NS_OK;
     217                 : }
     218                 : 
     219                 : nsresult
     220               0 : nsClientAuthRememberService::AddEntryToList(const nsACString &aHostName, 
     221                 :                                       const nsACString &fingerprint,
     222                 :                                       const nsACString &db_key)
     223                 : 
     224                 : {
     225               0 :   nsCAutoString hostCert;
     226               0 :   GetHostWithCert(aHostName, fingerprint, hostCert);
     227                 : 
     228                 :   {
     229               0 :     ReentrantMonitorAutoEnter lock(monitor);
     230               0 :     nsClientAuthRememberEntry *entry = mSettingsTable.PutEntry(hostCert.get());
     231                 : 
     232               0 :     if (!entry) {
     233               0 :       NS_ERROR("can't insert a null entry!");
     234               0 :       return NS_ERROR_OUT_OF_MEMORY;
     235                 :     }
     236                 : 
     237               0 :     entry->mHostWithCert = hostCert;
     238                 : 
     239               0 :     nsClientAuthRemember &settings = entry->mSettings;
     240               0 :     settings.mAsciiHost = aHostName;
     241               0 :     settings.mFingerprint = fingerprint;
     242               0 :     settings.mDBKey = db_key;
     243                 :   }
     244                 : 
     245               0 :   return NS_OK;
     246                 : }
     247                 : 
     248                 : void
     249               0 : nsClientAuthRememberService::GetHostWithCert(const nsACString & aHostName, 
     250                 :                                              const nsACString & fingerprint, 
     251                 :                                              nsACString& _retval)
     252                 : {
     253               0 :   nsCAutoString hostCert(aHostName);
     254               0 :   hostCert.AppendLiteral(":");
     255               0 :   hostCert.Append(fingerprint);
     256                 :   
     257               0 :   _retval.Assign(hostCert);
     258               0 : }

Generated by: LCOV version 1.7