1 : /* ***** BEGIN LICENSE BLOCK *****
2 : * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 : *
4 : * The contents of this file are subject to the Mozilla Public License Version
5 : * 1.1 (the "License"); you may not use this file except in compliance with
6 : * the License. You may obtain a copy of the License at
7 : * http://www.mozilla.org/MPL/
8 : *
9 : * Software distributed under the License is distributed on an "AS IS" basis,
10 : * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 : * for the specific language governing rights and limitations under the
12 : * License.
13 : *
14 : * The Original Code is mozilla.org code.
15 : *
16 : * The Initial Developer of the Original Code is
17 : * Red Hat, Inc.
18 : * Portions created by the Initial Developer are Copyright (C) 2011
19 : * the Initial Developer. All Rights Reserved.
20 : *
21 : * Contributor(s):
22 : * Kai Engert <kengert@redhat.com>
23 : *
24 : * Alternatively, the contents of this file may be used under the terms of
25 : * either the GNU General Public License Version 2 or later (the "GPL"), or
26 : * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 : * in which case the provisions of the GPL or the LGPL are applicable instead
28 : * of those above. If you wish to allow use of your version of this file only
29 : * under the terms of either the GPL or the LGPL, and not to allow others to
30 : * use your version of this file under the terms of the MPL, indicate your
31 : * decision by deleting the provisions above and replace them with the notice
32 : * and other provisions required by the GPL or the LGPL. If you do not delete
33 : * the provisions above, a recipient may use your version of this file under
34 : * the terms of any one of the MPL, the GPL or the LGPL.
35 : *
36 : * ***** END LICENSE BLOCK ***** */
37 :
38 : #ifndef _nsCERTValInParamWrapper_H
39 : #define _nsCERTValInParamWrapper_H
40 :
41 : #include "nsISupports.h"
42 : #include "cert.h"
43 :
44 : /*
45 : * This is a wrapper around type
46 : * CERTValInParam is a nested input parameter type for CERT_PKIXVerifyCert.
47 : * The values inside this type depend on application preferences,
48 : * as a consequence it's expensive to construct this object.
49 : * (and we shall avoid to access prefs from secondary threads anyway).
50 : * We want to create an instance of that input type once, and use as long as possible.
51 : * Every time the preferences change, we will create a new default object.
52 : *
53 : * A race is possible between "verification function is active and object in use"
54 : * and "must switch to new defaults".
55 : *
56 : * The global default object may be replaced at any time with a new object.
57 : * The contents of inner CERTValInParam are supposed to be stable (const).
58 : *
59 : * In order to protect against the race, we use a reference counted wrapper.
60 : * Each user of a foreign nsCERTValInParamWrapper object
61 : * (e.g. the current global default object)
62 : * must use nsRefPtr<nsCERTValInParamWrapper> = other-object
63 : * prior to calling CERT_PKIXVerifyCert.
64 : *
65 : * This guarantees the object will still be alive after the call,
66 : * and if the default object has been replaced in the meantime,
67 : * the reference counter will go to zero, and the old default
68 : * object will get destroyed automatically.
69 : */
70 : class nsCERTValInParamWrapper
71 : {
72 : public:
73 : NS_IMETHOD_(nsrefcnt) AddRef();
74 : NS_IMETHOD_(nsrefcnt) Release();
75 :
76 : public:
77 : nsCERTValInParamWrapper();
78 : virtual ~nsCERTValInParamWrapper();
79 :
80 : enum missing_cert_download_config { missing_cert_download_off = 0, missing_cert_download_on };
81 : enum crl_download_config { crl_local_only = 0, crl_download_allowed };
82 : enum ocsp_download_config { ocsp_off = 0, ocsp_on };
83 : enum ocsp_strict_config { ocsp_relaxed = 0, ocsp_strict };
84 : enum any_revo_fresh_config { any_revo_relaxed = 0, any_revo_strict };
85 :
86 : nsresult Construct(missing_cert_download_config ac, crl_download_config cdc,
87 : ocsp_download_config odc, ocsp_strict_config osc,
88 : any_revo_fresh_config arfc,
89 : const char *firstNetworkRevocationMethod);
90 :
91 : private:
92 : nsAutoRefCnt mRefCnt;
93 : NS_DECL_OWNINGTHREAD
94 : bool mAlreadyConstructed;
95 : CERTValInParam *mCVIN;
96 : CERTRevocationFlags *mRev;
97 :
98 : public:
99 0 : CERTValInParam *GetRawPointerForNSS() { return mCVIN; }
100 : };
101 :
102 : #endif
|