Bug 703834 - Part 1 - Factor TransportSecurityInfo base class out of nsNSSIOLayer, r=honzab

--HG--
rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/src/TransportSecurityInfo.cpp
rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/src/TransportSecurityInfo.h

security/manager/ssl/src/Makefile.in

@@ -67,6 +67,7 @@ CPPSRCS = 				\
 	nsNSSErrors.cpp			\
 	nsNSSIOLayer.cpp		\
 	SSLServerCertVerification.cpp   \
+	TransportSecurityInfo.cpp       \
 	nsSSLStatus.cpp		\
 	nsNSSModule.cpp			\
 	nsSSLSocketProvider.cpp		\

security/manager/ssl/src/SSLServerCertVerification.cpp

@@ -958,12 +958,12 @@ AuthCertificate(nsNSSSocketInfo * socketInfo, CERTCertificate * cert)
     if (rv == SECSuccess) {
       // Certificate verification succeeded delete any potential record
       // of certificate error bits.
-      nsSSLIOLayerHelpers::mHostsWithCertErrors->RememberCertHasError(
-        socketInfo, nsnull, rv);
+      RememberCertErrorsTable::GetInstance().RememberCertHasError(socketInfo,
+                                                                  nsnull, rv);
     }
     else {
       // Certificate verification failed, update the status' bits.
-      nsSSLIOLayerHelpers::mHostsWithCertErrors->LookupCertErrorBits(
+      RememberCertErrorsTable::GetInstance().LookupCertErrorBits(
         socketInfo, status);
     }
 

security/manager/ssl/src/TransportSecurityInfo.h

@@ -0,0 +1,194 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1998
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Brian Ryner <bryner@brianryner.com>
+ *   Kai Engert <kengert@redhat.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#ifndef _MOZILLA_PSM_TRANSPORTSECURITYINFO_H
+#define _MOZILLA_PSM_TRANSPORTSECURITYINFO_H
+
+#include "certt.h"
+#include "mozilla/Mutex.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsSSLStatus.h"
+#include "nsISSLStatusProvider.h"
+#include "nsIAssociatedContentSecurity.h"
+#include "nsNSSShutDown.h"
+#include "nsDataHashtable.h"
+
+namespace mozilla { namespace psm {
+
+enum SSLErrorMessageType {
+  OverridableCertErrorMessage  = 1, // for *overridable* certificate errors
+  PlainErrorMessage = 2             // all other errors (or "no error")
+};
+
+class TransportSecurityInfo : public nsITransportSecurityInfo,
+                              public nsIInterfaceRequestor,
+                              public nsISSLStatusProvider,
+                              public nsIAssociatedContentSecurity,
+                              public nsISerializable,
+                              public nsIClassInfo,
+                              public nsNSSShutDownObject,
+                              public nsOnPK11LogoutCancelObject
+{
+public:
+  TransportSecurityInfo();
+  virtual ~TransportSecurityInfo();
+  
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSITRANSPORTSECURITYINFO
+  NS_DECL_NSIINTERFACEREQUESTOR
+  NS_DECL_NSISSLSTATUSPROVIDER
+  NS_DECL_NSIASSOCIATEDCONTENTSECURITY
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsresult SetSecurityState(PRUint32 aState);
+  nsresult SetShortSecurityDescription(const PRUnichar *aText);
+
+  const char * GetHostName() const {
+    return mHostName.get();
+  }
+  nsresult GetHostName(char **aHostName);
+  nsresult SetHostName(const char *aHostName);
+
+  PRInt32 GetPort() const { return mPort; }
+  nsresult GetPort(PRInt32 *aPort);
+  nsresult SetPort(PRInt32 aPort);
+
+  PRErrorCode GetErrorCode() const;
+  void SetCanceled(PRErrorCode errorCode,
+                   ::mozilla::psm::SSLErrorMessageType errorMessageType);
+  
+  /* Set SSL Status values */
+  nsresult SetSSLStatus(nsSSLStatus *aSSLStatus);
+  nsSSLStatus* SSLStatus() { return mSSLStatus; }
+  void SetStatusErrorBits(nsIX509Cert & cert, PRUint32 collected_errors);
+
+  bool IsCertIssuerBlacklisted() const {
+    return mIsCertIssuerBlacklisted;
+  }
+  void SetCertIssuerBlacklisted() {
+    mIsCertIssuerBlacklisted = true;
+  }
+
+private:
+  mutable ::mozilla::Mutex mMutex;
+
+protected:
+  nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
+
+private:
+  PRUint32 mSecurityState;
+  PRInt32 mSubRequestsHighSecurity;
+  PRInt32 mSubRequestsLowSecurity;
+  PRInt32 mSubRequestsBrokenSecurity;
+  PRInt32 mSubRequestsNoSecurity;
+  nsString mShortDesc;
+
+  PRErrorCode mErrorCode;
+  ::mozilla::psm::SSLErrorMessageType mErrorMessageType;
+  nsString mErrorMessageCached;
+  nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock);
+
+  PRInt32 mPort;
+  nsXPIDLCString mHostName;
+  PRErrorCode mIsCertIssuerBlacklisted;
+
+  /* SSL Status */
+  nsRefPtr<nsSSLStatus> mSSLStatus;
+
+  virtual void virtualDestroyNSSReference();
+  void destructorSafeDestroyNSSReference();
+};
+
+class RememberCertErrorsTable
+{
+private:
+  RememberCertErrorsTable();
+
+  struct CertStateBits
+  {
+    bool mIsDomainMismatch;
+    bool mIsNotValidAtThisTime;
+    bool mIsUntrusted;
+  };
+  nsDataHashtableMT<nsCStringHashKey, CertStateBits> mErrorHosts;
+
+public:
+  void RememberCertHasError(TransportSecurityInfo * infoobject,
+                            nsSSLStatus * status,
+                            SECStatus certVerificationResult);
+  void LookupCertErrorBits(TransportSecurityInfo * infoObject,
+                           nsSSLStatus* status);
+
+  static nsresult Init()
+  {
+    sInstance = new RememberCertErrorsTable();
+    if (!sInstance->mErrorHosts.IsInitialized())
+      return NS_ERROR_OUT_OF_MEMORY;
+
+    return NS_OK;
+  }
+
+  static RememberCertErrorsTable & GetInstance()
+  {
+    MOZ_ASSERT(sInstance);
+    return *sInstance;
+  }
+
+  static void Cleanup()
+  {
+    delete sInstance;
+    sInstance = nsnull;
+  }
+private:
+  Mutex mMutex;
+
+  static RememberCertErrorsTable * sInstance;
+};
+
+} } // namespace mozilla::psm
+
+// 16786594-0296-4471-8096-8f84497ca428
+#define TRANSPORTSECURITYINFO_CID \
+{ 0x16786594, 0x0296, 0x4471, \
+    { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }
+
+#endif /* _MOZILLA_PSM_TRANSPORTSECURITYINFO_H */

security/manager/ssl/src/nsIdentityChecking.cpp

@@ -47,7 +47,7 @@
 #include "cert.h"
 #include "base64.h"
 #include "nsNSSComponent.h"
-#include "nsNSSIOLayer.h"
+#include "nsSSLStatus.h"
 #include "nsNSSCertificate.h"
 #include "nsNSSCleaner.h"
 

security/manager/ssl/src/nsNSSCallbacks.cpp

@@ -910,8 +910,8 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
       infoObject->SetSSLStatus(status);
     }
 
-    nsSSLIOLayerHelpers::mHostsWithCertErrors->LookupCertErrorBits(
-      infoObject, status);
+    RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject,
+                                                               status);
 
     CERTCertificate *serverCert = SSL_PeerCertificate(fd);
     if (serverCert) {

security/manager/ssl/src/nsNSSComponent.cpp

@@ -124,6 +124,7 @@ extern "C" {
 }
 
 using namespace mozilla;
+using namespace mozilla::psm;
 
 #ifdef PR_LOGGING
 PRLogModuleInfo* gPIPNSSLog = nsnull;
@@ -437,6 +438,7 @@ nsNSSComponent::~nsNSSComponent()
 
   ShutdownNSS();
   nsSSLIOLayerHelpers::Cleanup();
+  RememberCertErrorsTable::Cleanup();
   --mInstanceCount;
   delete mShutdownObjectList;
 
@@ -2028,6 +2030,7 @@ nsNSSComponent::Init()
     return rv;
   }
 
+  RememberCertErrorsTable::Init();
   nsSSLIOLayerHelpers::Init();
   char *unrestricted_hosts=nsnull;
   mPrefBranch->GetCharPref("security.ssl.renego_unrestricted_hosts", &unrestricted_hosts);

security/manager/ssl/src/nsNSSIOLayer.h

@@ -41,67 +41,25 @@
 #ifndef _NSNSSIOLAYER_H
 #define _NSNSSIOLAYER_H
 
-#include "prtypes.h"
-#include "prio.h"
-#include "certt.h"
-#include "mozilla/Mutex.h"
-#include "nsString.h"
-#include "nsIInterfaceRequestor.h"
-#include "nsIInterfaceRequestorUtils.h"
-#include "nsITransportSecurityInfo.h"
+#include "TransportSecurityInfo.h"
 #include "nsISSLSocketControl.h"
-#include "nsSSLStatus.h"
-#include "nsISSLStatusProvider.h"
-#include "nsIAssociatedContentSecurity.h"
-#include "nsXPIDLString.h"
-#include "nsNSSShutDown.h"
 #include "nsIClientAuthDialogs.h"
 #include "nsAutoPtr.h"
 #include "nsNSSCertificate.h"
 #include "nsDataHashtable.h"
 #include "nsTHashtable.h"
 
-namespace mozilla {
-
-namespace psm {
-
-enum SSLErrorMessageType {
-  OverridableCertErrorMessage  = 1, // for *overridable* certificate errors
-  PlainErrorMessage = 2             // all other errors (or "no error")
-};
-
-} // namespace psm
-
-} // namespace mozilla
-
-class nsNSSSocketInfo : public nsITransportSecurityInfo,
+class nsNSSSocketInfo : public mozilla::psm::TransportSecurityInfo,
                         public nsISSLSocketControl,
-                        public nsIInterfaceRequestor,
-                        public nsISSLStatusProvider,
-                        public nsIAssociatedContentSecurity,
-                        public nsISerializable,
-                        public nsIClassInfo,
-                        public nsIClientAuthUserDecision,
-                        public nsNSSShutDownObject,
-                        public nsOnPK11LogoutCancelObject
+                        public nsIClientAuthUserDecision
 {
 public:
   nsNSSSocketInfo();
-  virtual ~nsNSSSocketInfo();
   
-  NS_DECL_ISUPPORTS
-  NS_DECL_NSITRANSPORTSECURITYINFO
+  NS_DECL_ISUPPORTS_INHERITED
   NS_DECL_NSISSLSOCKETCONTROL
-  NS_DECL_NSIINTERFACEREQUESTOR
-  NS_DECL_NSISSLSTATUSPROVIDER
-  NS_DECL_NSIASSOCIATEDCONTENTSECURITY
-  NS_DECL_NSISERIALIZABLE
-  NS_DECL_NSICLASSINFO
   NS_DECL_NSICLIENTAUTHUSERDECISION
-
-  nsresult SetSecurityState(PRUint32 aState);
-  nsresult SetShortSecurityDescription(const PRUnichar *aText);
-
+ 
   nsresult SetForSTARTTLS(bool aForSTARTTLS);
   nsresult GetForSTARTTLS(bool *aForSTARTTLS);
 
@@ -111,20 +69,7 @@ public:
   nsresult GetHandshakePending(bool *aHandshakePending);
   nsresult SetHandshakePending(bool aHandshakePending);
 
-  const char * GetHostName() const {
-    return mHostName.get();
-  }
-  nsresult GetHostName(char **aHostName);
-  nsresult SetHostName(const char *aHostName);
-
-  nsresult GetPort(PRInt32 *aPort);
-  nsresult SetPort(PRInt32 aPort);
-
   void GetPreviousCert(nsIX509Cert** _result);
-
-  PRErrorCode GetErrorCode() const;
-  void SetCanceled(PRErrorCode errorCode,
-                   ::mozilla::psm::SSLErrorMessageType errorMessageType);
   
   void SetHasCleartextPhase(bool aHasCleartextPhase);
   bool GetHasCleartextPhase();
@@ -135,23 +80,9 @@ public:
 
   void SetAllowTLSIntoleranceTimeout(bool aAllow);
 
-  nsresult RememberCAChain(CERTCertList *aCertList);
-
-  /* Set SSL Status values */
-  nsresult SetSSLStatus(nsSSLStatus *aSSLStatus);
-  nsSSLStatus* SSLStatus() { return mSSLStatus; }
-  void SetStatusErrorBits(nsIX509Cert & cert, PRUint32 collected_errors);
-
   PRStatus CloseSocketAndDestroy(
                 const nsNSSShutDownPreventionLock & proofOfLock);
   
-  bool IsCertIssuerBlacklisted() const {
-    return mIsCertIssuerBlacklisted;
-  }
-  void SetCertIssuerBlacklisted() {
-    mIsCertIssuerBlacklisted = true;
-  }
-
   void SetNegotiatedNPN(const char *value, PRUint32 length);
   void SetHandshakeCompleted() { mHandshakeCompleted = true; }
 
@@ -180,28 +111,13 @@ public:
   void SetSSL3Enabled(bool enabled) { mSSL3Enabled = enabled; }
   bool IsTLSEnabled() const { return mTLSEnabled; }
   void SetTLSEnabled(bool enabled) { mTLSEnabled = enabled; }
-protected:
-  mutable ::mozilla::Mutex mMutex;
-
-  nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
+private:
   PRFileDesc* mFd;
+
   CertVerificationState mCertVerificationState;
   PRIntervalTime mCertVerificationStarted;
   PRIntervalTime mCertVerificationEnded;
-  PRUint32 mSecurityState;
-  PRInt32 mSubRequestsHighSecurity;
-  PRInt32 mSubRequestsLowSecurity;
-  PRInt32 mSubRequestsBrokenSecurity;
-  PRInt32 mSubRequestsNoSecurity;
-  nsString mShortDesc;
 
-  PRErrorCode mErrorCode;
-  ::mozilla::psm::SSLErrorMessageType mErrorMessageType;
-  nsString mErrorMessageCached;
-  nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock);
-
-  bool mDocShellDependentStuffKnown;
-  bool mExternalErrorReporting; // DocShellDependent
   bool mForSTARTTLS;
   bool mSSL3Enabled;
   bool mTLSEnabled;
@@ -211,9 +127,6 @@ protected:
   bool mAllowTLSIntoleranceTimeout;
   bool mRememberClientAuthCertificate;
   PRIntervalTime mHandshakeStartTime;
-  PRInt32 mPort;
-  nsXPIDLCString mHostName;
-  PRErrorCode mIsCertIssuerBlacklisted;
 
   /* SSL Status */
   nsRefPtr<nsSSLStatus> mSSLStatus;
@@ -225,35 +138,6 @@ protected:
   bool      mHandshakeCompleted;
   bool      mJoined;
   bool      mSentClientCert;
-
-private:
-  virtual void virtualDestroyNSSReference();
-  void destructorSafeDestroyNSSReference();
-};
-
-class nsSSLStatus;
-class nsNSSSocketInfo;
-
-class nsPSMRememberCertErrorsTable
-{
-private:
-  struct CertStateBits
-  {
-    bool mIsDomainMismatch;
-    bool mIsNotValidAtThisTime;
-    bool mIsUntrusted;
-  };
-  nsDataHashtableMT<nsCStringHashKey, CertStateBits> mErrorHosts;
-  nsresult GetHostPortKey(nsNSSSocketInfo* infoObject, nsCAutoString& result);
-
-public:
-  friend class nsSSLIOLayerHelpers;
-  nsPSMRememberCertErrorsTable();
-  void RememberCertHasError(nsNSSSocketInfo* infoObject,
-                           nsSSLStatus* status,
-                           SECStatus certVerificationResult);
-  void LookupCertErrorBits(nsNSSSocketInfo* infoObject,
-                           nsSSLStatus* status);
 };
 
 class nsSSLIOLayerHelpers
@@ -269,7 +153,6 @@ public:
   static mozilla::Mutex *mutex;
   static nsTHashtable<nsCStringHashKey> *mTLSIntolerantSites;
   static nsTHashtable<nsCStringHashKey> *mTLSTolerantSites;
-  static nsPSMRememberCertErrorsTable* mHostsWithCertErrors;
 
   static nsTHashtable<nsCStringHashKey> *mRenegoUnrestrictedSites;
   static bool mTreatUnsafeNegotiationAsBroken;
@@ -316,10 +199,4 @@ nsresult nsSSLIOLayerAddToSocket(PRInt32 family,
 nsresult nsSSLIOLayerFreeTLSIntolerantSites();
 nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo *infoObject, int error);
 
-// 16786594-0296-4471-8096-8f84497ca428
-#define NS_NSSSOCKETINFO_CID \
-{ 0x16786594, 0x0296, 0x4471, \
-    { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }
-
-
 #endif /* _NSNSSIOLAYER_H */

security/manager/ssl/src/nsNSSModule.cpp

@@ -76,7 +76,7 @@
 #include "nsRandomGenerator.h"
 #include "nsRecentBadCerts.h"
 #include "nsSSLStatus.h"
-#include "nsNSSIOLayer.h"
+#include "TransportSecurityInfo.h"
 #include "NSSErrorsService.h"
 #include "nsNSSVersion.h"
 
@@ -211,6 +211,10 @@ _InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID,         \
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssLoadingComponent, nsNSSComponent,
                                         Init)
 
+using namespace mozilla::psm;
+  
+namespace {
+
 // Use the special factory constructor for everything this module implements,
 // because all code could potentially require the NSS library.
 // Our factory constructor takes an additional boolean parameter.
@@ -250,7 +254,7 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsCertOverrideService, Init)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsRandomGenerator)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsRecentBadCertsService, Init)
 NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus)
-NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsNSSSocketInfo)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo)
 
 typedef mozilla::psm::NSSErrorsService NSSErrorsService;
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init)
@@ -289,7 +293,7 @@ NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
 NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
 NS_DEFINE_NAMED_CID(NS_RECENTBADCERTS_CID);
 NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
-NS_DEFINE_NAMED_CID(NS_NSSSOCKETINFO_CID);
+NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
 NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
 NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
 
@@ -327,7 +331,7 @@ static const mozilla::Module::CIDEntry kNSSCIDs[] = {
   { &kNS_RANDOMGENERATOR_CID, false, NULL, nsRandomGeneratorConstructor },
   { &kNS_RECENTBADCERTS_CID, false, NULL, nsRecentBadCertsServiceConstructor },
   { &kNS_SSLSTATUS_CID, false, NULL, nsSSLStatusConstructor },
-  { &kNS_NSSSOCKETINFO_CID, false, NULL, nsNSSSocketInfoConstructor },
+  { &kTRANSPORTSECURITYINFO_CID, false, NULL, TransportSecurityInfoConstructor },
   { &kNS_NSSERRORSSERVICE_CID, false, NULL, NSSErrorsServiceConstructor },
   { &kNS_NSSVERSION_CID, false, NULL, nsNSSVersionConstructor },
   { NULL }
@@ -390,4 +394,6 @@ static const mozilla::Module kNSSModule = {
   kNSSCategories
 };
 
+} // unnamed namespace
+
 NSMODULE_DEFN(NSS) = &kNSSModule;