2001-01-10 01:32:29 +00:00
|
|
|
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
|
|
*
|
2012-05-31 09:33:35 +00:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
2001-01-10 01:32:29 +00:00
|
|
|
|
|
|
|
#ifndef _NSNSSIOLAYER_H
|
|
|
|
#define _NSNSSIOLAYER_H
|
|
|
|
|
2012-04-30 04:00:22 +00:00
|
|
|
#include "TransportSecurityInfo.h"
|
2001-01-19 01:12:10 +00:00
|
|
|
#include "nsISSLSocketControl.h"
|
2009-05-20 22:21:51 +00:00
|
|
|
#include "nsIClientAuthDialogs.h"
|
2007-08-23 21:28:15 +00:00
|
|
|
#include "nsNSSCertificate.h"
|
2009-05-20 08:23:41 +00:00
|
|
|
#include "nsDataHashtable.h"
|
2011-11-08 20:24:09 +00:00
|
|
|
#include "nsTHashtable.h"
|
2012-11-22 20:36:59 +00:00
|
|
|
#include "mozilla/TimeStamp.h"
|
2001-01-30 02:12:53 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
namespace mozilla {
|
|
|
|
namespace psm {
|
|
|
|
class SharedSSLState;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
class nsIObserver;
|
|
|
|
|
2012-04-30 04:00:22 +00:00
|
|
|
class nsNSSSocketInfo : public mozilla::psm::TransportSecurityInfo,
|
2001-01-31 18:03:49 +00:00
|
|
|
public nsISSLSocketControl,
|
2012-04-30 04:00:22 +00:00
|
|
|
public nsIClientAuthUserDecision
|
2001-01-19 01:12:10 +00:00
|
|
|
{
|
|
|
|
public:
|
2012-12-07 03:05:27 +00:00
|
|
|
nsNSSSocketInfo(mozilla::psm::SharedSSLState& aState, uint32_t providerFlags);
|
2001-01-19 01:12:10 +00:00
|
|
|
|
2012-04-30 04:00:22 +00:00
|
|
|
NS_DECL_ISUPPORTS_INHERITED
|
2001-01-19 01:12:10 +00:00
|
|
|
NS_DECL_NSISSLSOCKETCONTROL
|
2009-05-20 22:21:51 +00:00
|
|
|
NS_DECL_NSICLIENTAUTHUSERDECISION
|
2012-04-30 04:00:22 +00:00
|
|
|
|
2011-09-29 06:19:26 +00:00
|
|
|
nsresult SetForSTARTTLS(bool aForSTARTTLS);
|
|
|
|
nsresult GetForSTARTTLS(bool *aForSTARTTLS);
|
2001-02-05 21:46:24 +00:00
|
|
|
|
|
|
|
nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
|
|
|
|
nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
|
2001-06-08 00:50:32 +00:00
|
|
|
|
2011-09-29 06:19:26 +00:00
|
|
|
nsresult GetHandshakePending(bool *aHandshakePending);
|
|
|
|
nsresult SetHandshakePending(bool aHandshakePending);
|
2001-06-08 00:50:32 +00:00
|
|
|
|
2011-11-03 04:01:47 +00:00
|
|
|
void GetPreviousCert(nsIX509Cert** _result);
|
2002-08-14 23:43:28 +00:00
|
|
|
|
2011-09-29 06:19:26 +00:00
|
|
|
void SetHasCleartextPhase(bool aHasCleartextPhase);
|
|
|
|
bool GetHasCleartextPhase();
|
2002-10-16 22:20:42 +00:00
|
|
|
|
2011-09-29 06:19:26 +00:00
|
|
|
void SetHandshakeInProgress(bool aIsIn);
|
|
|
|
bool GetHandshakeInProgress() { return mHandshakeInProgress; }
|
2012-05-28 05:03:04 +00:00
|
|
|
void SetFirstServerHelloReceived() { mFirstServerHelloReceived = true; }
|
2013-03-27 00:06:14 +00:00
|
|
|
bool GetFirstServerHelloReceived() { return mFirstServerHelloReceived; }
|
2011-09-29 06:19:26 +00:00
|
|
|
bool HandshakeTimeout();
|
2001-06-08 00:50:32 +00:00
|
|
|
|
2011-09-29 06:19:26 +00:00
|
|
|
void SetAllowTLSIntoleranceTimeout(bool aAllow);
|
2007-03-07 19:54:54 +00:00
|
|
|
|
2011-12-01 22:37:57 +00:00
|
|
|
PRStatus CloseSocketAndDestroy(
|
|
|
|
const nsNSSShutDownPreventionLock & proofOfLock);
|
2006-04-04 13:14:40 +00:00
|
|
|
|
2012-08-22 15:56:38 +00:00
|
|
|
void SetNegotiatedNPN(const char *value, uint32_t length);
|
2013-03-27 00:06:14 +00:00
|
|
|
void SetHandshakeCompleted(bool aResumedSession);
|
2013-06-28 20:58:28 +00:00
|
|
|
void NoteTimeUntilReady();
|
2011-12-13 15:55:50 +00:00
|
|
|
|
|
|
|
bool GetJoined() { return mJoined; }
|
|
|
|
void SetSentClientCert() { mSentClientCert = true; }
|
2012-12-07 22:57:53 +00:00
|
|
|
|
|
|
|
uint32_t GetProviderFlags() const { return mProviderFlags; }
|
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
mozilla::psm::SharedSSLState& SharedState();
|
|
|
|
|
2011-12-01 22:37:57 +00:00
|
|
|
// XXX: These are only used on for diagnostic purposes
|
|
|
|
enum CertVerificationState {
|
|
|
|
before_cert_verification,
|
|
|
|
waiting_for_cert_verification,
|
|
|
|
after_cert_verification
|
|
|
|
};
|
|
|
|
void SetCertVerificationWaiting();
|
|
|
|
// Use errorCode == 0 to indicate success; in that case, errorMessageType is
|
|
|
|
// ignored.
|
|
|
|
void SetCertVerificationResult(PRErrorCode errorCode,
|
|
|
|
::mozilla::psm::SSLErrorMessageType errorMessageType);
|
|
|
|
|
|
|
|
// for logging only
|
|
|
|
PRBool IsWaitingForCertVerification() const
|
|
|
|
{
|
|
|
|
return mCertVerificationState == waiting_for_cert_verification;
|
|
|
|
}
|
2012-06-30 14:34:17 +00:00
|
|
|
|
2012-01-31 13:19:25 +00:00
|
|
|
bool IsSSL3Enabled() const { return mSSL3Enabled; }
|
|
|
|
void SetSSL3Enabled(bool enabled) { mSSL3Enabled = enabled; }
|
|
|
|
bool IsTLSEnabled() const { return mTLSEnabled; }
|
|
|
|
void SetTLSEnabled(bool enabled) { mTLSEnabled = enabled; }
|
2013-03-27 00:06:15 +00:00
|
|
|
|
|
|
|
void AddPlaintextBytesRead(uint64_t val) { mPlaintextBytesRead += val; }
|
2013-06-28 20:58:28 +00:00
|
|
|
|
|
|
|
bool IsPreliminaryHandshakeDone() const { return mPreliminaryHandshakeDone; }
|
|
|
|
void SetPreliminaryHandshakeDone() { mPreliminaryHandshakeDone = true; }
|
|
|
|
|
|
|
|
void SetKEAUsed(PRUint16 kea) { mKEAUsed = kea; }
|
|
|
|
inline int16_t GetKEAExpected() // infallible in nsISSLSocketControl
|
|
|
|
{
|
|
|
|
int16_t result;
|
|
|
|
mozilla::DebugOnly<nsresult> rv = GetKEAExpected(&result);
|
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
void SetSymmetricCipherUsed(PRUint16 symmetricCipher)
|
|
|
|
{
|
|
|
|
mSymmetricCipherUsed = symmetricCipher;
|
|
|
|
}
|
|
|
|
inline int16_t GetSymmetricCipherExpected() // infallible in nsISSLSocketControl
|
|
|
|
{
|
|
|
|
int16_t result;
|
|
|
|
mozilla::DebugOnly<nsresult> rv = GetSymmetricCipherExpected(&result);
|
|
|
|
MOZ_ASSERT(NS_SUCCEEDED(rv));
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2012-04-30 04:00:22 +00:00
|
|
|
private:
|
2001-02-05 21:46:24 +00:00
|
|
|
PRFileDesc* mFd;
|
2012-04-30 04:00:22 +00:00
|
|
|
|
2011-12-01 22:37:57 +00:00
|
|
|
CertVerificationState mCertVerificationState;
|
2011-12-01 22:36:41 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
mozilla::psm::SharedSSLState& mSharedState;
|
2011-09-29 06:19:26 +00:00
|
|
|
bool mForSTARTTLS;
|
2012-01-31 13:19:25 +00:00
|
|
|
bool mSSL3Enabled;
|
|
|
|
bool mTLSEnabled;
|
2011-09-29 06:19:26 +00:00
|
|
|
bool mHandshakePending;
|
|
|
|
bool mHasCleartextPhase;
|
|
|
|
bool mHandshakeInProgress;
|
|
|
|
bool mAllowTLSIntoleranceTimeout;
|
|
|
|
bool mRememberClientAuthCertificate;
|
2013-06-28 20:58:28 +00:00
|
|
|
bool mPreliminaryHandshakeDone; // after false start items are complete
|
2006-08-24 18:14:40 +00:00
|
|
|
PRIntervalTime mHandshakeStartTime;
|
2012-05-28 05:03:04 +00:00
|
|
|
bool mFirstServerHelloReceived;
|
2001-05-03 00:36:48 +00:00
|
|
|
|
2002-08-14 23:43:28 +00:00
|
|
|
nsresult ActivateSSL();
|
2006-04-04 13:14:40 +00:00
|
|
|
|
2011-12-13 15:55:50 +00:00
|
|
|
nsCString mNegotiatedNPN;
|
|
|
|
bool mNPNCompleted;
|
|
|
|
bool mHandshakeCompleted;
|
|
|
|
bool mJoined;
|
|
|
|
bool mSentClientCert;
|
2013-06-28 20:58:28 +00:00
|
|
|
bool mNotedTimeUntilReady;
|
|
|
|
|
|
|
|
// mKEA* and mSymmetricCipher* are used in false start detetermination
|
|
|
|
// values are from nsISSLSocketControl
|
|
|
|
PRInt16 mKEAUsed;
|
|
|
|
PRInt16 mKEAExpected;
|
|
|
|
PRInt16 mSymmetricCipherUsed;
|
|
|
|
PRInt16 mSymmetricCipherExpected;
|
2012-06-30 14:34:17 +00:00
|
|
|
|
|
|
|
uint32_t mProviderFlags;
|
2012-11-22 20:36:59 +00:00
|
|
|
mozilla::TimeStamp mSocketCreationTimestamp;
|
2013-03-27 00:06:15 +00:00
|
|
|
uint64_t mPlaintextBytesRead;
|
2009-05-20 08:23:41 +00:00
|
|
|
};
|
|
|
|
|
2006-04-04 13:14:40 +00:00
|
|
|
class nsSSLIOLayerHelpers
|
|
|
|
{
|
|
|
|
public:
|
2012-12-07 03:05:27 +00:00
|
|
|
nsSSLIOLayerHelpers();
|
|
|
|
~nsSSLIOLayerHelpers();
|
|
|
|
|
|
|
|
nsresult Init();
|
|
|
|
void Cleanup();
|
2006-04-04 13:14:40 +00:00
|
|
|
|
2011-09-29 06:19:26 +00:00
|
|
|
static bool nsSSLIOLayerInitialized;
|
2006-04-04 13:14:40 +00:00
|
|
|
static PRDescIdentity nsSSLIOLayerIdentity;
|
2013-03-27 00:06:15 +00:00
|
|
|
static PRDescIdentity nsSSLPlaintextLayerIdentity;
|
2006-04-04 13:14:40 +00:00
|
|
|
static PRIOMethods nsSSLIOLayerMethods;
|
2013-03-27 00:06:15 +00:00
|
|
|
static PRIOMethods nsSSLPlaintextLayerMethods;
|
2006-04-04 13:14:40 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
mozilla::Mutex *mutex;
|
|
|
|
nsTHashtable<nsCStringHashKey> *mTLSIntolerantSites;
|
|
|
|
nsTHashtable<nsCStringHashKey> *mTLSTolerantSites;
|
2010-02-07 12:09:51 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
nsTHashtable<nsCStringHashKey> *mRenegoUnrestrictedSites;
|
|
|
|
bool mTreatUnsafeNegotiationAsBroken;
|
|
|
|
int32_t mWarnLevelMissingRFC5746;
|
2010-02-07 12:09:51 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
void setTreatUnsafeNegotiationAsBroken(bool broken);
|
|
|
|
bool treatUnsafeNegotiationAsBroken();
|
2010-02-07 12:09:51 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
void setWarnLevelMissingRFC5746(int32_t level);
|
|
|
|
int32_t getWarnLevelMissingRFC5746();
|
2010-05-03 11:34:16 +00:00
|
|
|
|
2009-07-20 15:25:04 +00:00
|
|
|
static void getSiteKey(nsNSSSocketInfo *socketInfo, nsCSubstring &key);
|
2012-12-07 03:05:27 +00:00
|
|
|
bool rememberPossibleTLSProblemSite(nsNSSSocketInfo *socketInfo);
|
|
|
|
void rememberTolerantSite(nsNSSSocketInfo *socketInfo);
|
|
|
|
|
|
|
|
void addIntolerantSite(const nsCString &str);
|
|
|
|
void removeIntolerantSite(const nsCString &str);
|
|
|
|
bool isKnownAsIntolerantSite(const nsCString &str);
|
2012-12-07 03:05:27 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
void setRenegoUnrestrictedSites(const nsCString &str);
|
|
|
|
bool isRenegoUnrestrictedSite(const nsCString &str);
|
2012-12-07 03:05:27 +00:00
|
|
|
|
2012-12-07 03:05:27 +00:00
|
|
|
void clearStoredData();
|
2013-06-28 20:58:28 +00:00
|
|
|
|
|
|
|
bool mFalseStartRequireNPN;
|
|
|
|
bool mFalseStartRequireForwardSecrecy;
|
2012-12-07 03:05:27 +00:00
|
|
|
private:
|
|
|
|
nsCOMPtr<nsIObserver> mPrefObserver;
|
2001-01-19 01:12:10 +00:00
|
|
|
};
|
2001-01-10 01:32:29 +00:00
|
|
|
|
2012-08-22 15:56:38 +00:00
|
|
|
nsresult nsSSLIOLayerNewSocket(int32_t family,
|
2003-09-11 20:32:33 +00:00
|
|
|
const char *host,
|
2012-08-22 15:56:38 +00:00
|
|
|
int32_t port,
|
2001-01-10 01:32:29 +00:00
|
|
|
const char *proxyHost,
|
2012-08-22 15:56:38 +00:00
|
|
|
int32_t proxyPort,
|
2001-01-10 01:32:29 +00:00
|
|
|
PRFileDesc **fd,
|
|
|
|
nsISupports **securityInfo,
|
2011-09-29 06:19:26 +00:00
|
|
|
bool forSTARTTLS,
|
2012-06-30 14:34:17 +00:00
|
|
|
uint32_t flags);
|
2001-01-10 01:32:29 +00:00
|
|
|
|
2012-08-22 15:56:38 +00:00
|
|
|
nsresult nsSSLIOLayerAddToSocket(int32_t family,
|
2003-09-11 20:32:33 +00:00
|
|
|
const char *host,
|
2012-08-22 15:56:38 +00:00
|
|
|
int32_t port,
|
2001-01-10 01:32:29 +00:00
|
|
|
const char *proxyHost,
|
2012-08-22 15:56:38 +00:00
|
|
|
int32_t proxyPort,
|
2001-01-10 01:32:29 +00:00
|
|
|
PRFileDesc *fd,
|
|
|
|
nsISupports **securityInfo,
|
2011-09-29 06:19:26 +00:00
|
|
|
bool forSTARTTLS,
|
2012-06-30 14:34:17 +00:00
|
|
|
uint32_t flags);
|
2001-07-24 00:42:52 +00:00
|
|
|
|
|
|
|
nsresult nsSSLIOLayerFreeTLSIntolerantSites();
|
2001-09-26 00:28:24 +00:00
|
|
|
nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo *infoObject, int error);
|
2007-11-30 18:05:54 +00:00
|
|
|
|
2001-01-10 01:32:29 +00:00
|
|
|
#endif /* _NSNSSIOLAYER_H */
|