From b6f3861e4c1fb60288122bd4c79e86e0de209e46 Mon Sep 17 00:00:00 2001 From: Kris Maglione Date: Tue, 18 Dec 2018 18:55:40 -0800 Subject: [PATCH] Bug 1478124: Part 8f - Update NSS module to use a static component manifest. r=keeler Differential Revision: https://phabricator.services.mozilla.com/D15045 --HG-- extra : rebase_source : 47c36eb7349ab88b138ae3b12f62f45c5da7cb63 extra : absorb_source : 418e5b8b3e43e21c5e0523207f4174cdfbe857ed extra : histedit_source : 02aa49d053b8a3fdd5a47e46c0d59500d4558570 --- security/manager/ssl/components.conf | 187 +++++++++++++++++++ security/manager/ssl/moz.build | 4 + security/manager/ssl/nsNSSModule.cpp | 179 ++++-------------- security/manager/ssl/nsNSSModule.h | 23 +++ security/manager/ssl/nsSecureBrowserUIImpl.h | 1 + 5 files changed, 251 insertions(+), 143 deletions(-) create mode 100644 security/manager/ssl/components.conf create mode 100644 security/manager/ssl/nsNSSModule.h diff --git a/security/manager/ssl/components.conf b/security/manager/ssl/components.conf new file mode 100644 index 000000000000..6701e4512b80 --- /dev/null +++ b/security/manager/ssl/components.conf @@ -0,0 +1,187 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Headers = [ + '/security/manager/ssl/nsNSSModule.h', +] + +Classes = [ + { + 'cid': '{4cb64dfd-ca98-4e24-befd-0d9285a33bcb}', + 'contract_ids': ['@mozilla.org/psm;1'], + 'type': 'nsNSSComponent', + 'headers': ['nsNSSComponent.h'], + 'init_method': 'Init', + }, + { + 'cid': '{c94f4a30-64d7-11d4-9960-00b0d02354a0}', + 'contract_ids': [ + '@mozilla.org/security/psmdownload;1', + '@mozilla.org/uriloader/psm-external-content-listener;1', + ], + 'type': 'mozilla::psm::PSMContentListener', + 'headers': ['mozilla/psm/PSMContentListener.h'], + 'init_method': 'init', + 'categories': { + 'external-uricontentlisteners': [ + 'application/x-x509-ca-cert', + 'application/x-x509-email-cert', + 'application/x-x509-server-cert', + 'application/x-x509-user-cert', + ], + }, + }, + { + 'cid': '{9ef18451-a157-4d17-8132-47afef213689}', + 'contract_ids': ['@mozilla.org/nss_errors_service;1'], + 'type': 'mozilla::psm::NSSErrorsService', + 'headers': ['NSSErrorsService.h'], + 'init_method': 'Init', + }, + { + 'cid': '{23ad3531-11d2-4e8e-805a-6a752e91681a}', + 'contract_ids': ['@mozilla.org/security/nssversion;1'], + 'type': 'nsNSSVersion', + 'headers': ['/security/manager/ssl/nsNSSVersion.h'], + }, + { + 'cid': '{cc75499a-1dd1-11b2-8a82-ca410ac907b8}', + 'contract_ids': ['@mozilla.org/secure_browser_ui;1'], + 'type': 'nsSecureBrowserUIImpl', + 'headers': ['/security/manager/ssl/nsSecureBrowserUIImpl.h'], + }, + { + 'cid': '{47402be2-e653-45d0-8daa-9f0dce0ac148}', + 'contract_ids': ['@mozilla.org/security/local-cert-service;1'], + 'type': 'mozilla::LocalCertService', + 'headers': ['/security/manager/ssl/LocalCertService.h'], + }, + { + 'cid': '{0ae53c0f-8ea2-4916-bedc-717443c3e185}', + 'contract_ids': ['@mozilla.org/layout/form-processor;1'], + 'legacy_constructor': 'nsKeygenFormProcessor::Create', + 'headers': ['/security/manager/ssl/nsKeygenHandler.h'], + }, + { + 'cid': '{0c4f1ddc-1dd2-11b2-9d95-f2fdf113044b}', + 'contract_ids': ['@mozilla.org/security/sdr;1'], + 'type': 'SecretDecoderRing', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{b084a2ce-1dd1-11b2-bf10-8324f8e065cc}', + 'contract_ids': ['@mozilla.org/security/pk11tokendb;1'], + 'type': 'nsPK11TokenDB', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{ff9fbcd7-9517-4334-b97a-ceed78909974}', + 'contract_ids': ['@mozilla.org/security/pkcs11moduledb;1'], + 'type': 'mozilla::psm::PKCS11ModuleDB', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{660a3226-915c-4ffb-bb20-8985a632df05}', + 'contract_ids': [], + 'type': 'nsNSSCertificate', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{fb0bbc5c-452e-4783-b32c-80124693d871}', + 'contract_ids': ['@mozilla.org/security/x509certdb;1'], + 'type': 'nsNSSCertificateDB', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{959fb165-6517-487f-ab9b-d8913be53197}', + 'contract_ids': ['@mozilla.org/security/x509certlist;1'], + 'type': 'nsNSSCertList', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{36a1d3b3-d886-4317-96ff-87b0005cfef7}', + 'contract_ids': ['@mozilla.org/security/hash;1'], + 'type': 'nsCryptoHash', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{a496d0a2-dff7-4e23-bd65-1ca742fa178a}', + 'contract_ids': ['@mozilla.org/security/hmac;1'], + 'type': 'nsCryptoHMAC', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{9d383ddd-6856-4187-8485-f36195b29a0e}', + 'contract_ids': ['@mozilla.org/security/keyobject;1'], + 'type': 'nsKeyObject', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{2a35dd47-b026-4e8d-b6b7-5740f61ab902}', + 'contract_ids': ['@mozilla.org/security/keyobjectfactory;1'], + 'type': 'nsKeyObjectFactory', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{45a5fe2f-c350-4b86-962d-02d5aaaa955a}', + 'contract_ids': ['@mozilla.org/security/contentsignatureverifier;1'], + 'type': 'ContentSignatureVerifier', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{67ba681d-5485-4fff-952c-2ee337ffdcd6}', + 'contract_ids': ['@mozilla.org/security/certoverride;1'], + 'type': 'nsCertOverrideService', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{be65e2b7-fe46-4e0f-88e0-4b385db4d68a}', + 'contract_ids': ['@mozilla.org/security/random-generator;1'], + 'type': 'nsRandomGenerator', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{16786594-0296-4471-8096-8f84497ca428}', + 'contract_ids': [], + 'type': 'mozilla::psm::TransportSecurityInfo', + 'legacy_constructor': + 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{16955eee-6c48-4152-9309-c42a465138a1}', + 'contract_ids': ['@mozilla.org/ssservice;1'], + 'type': 'nsSiteSecurityService', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{11aefd53-2fbb-4c92-a0c1-053212ae42d0}', + 'contract_ids': ['@mozilla.org/security/certblocklist;1'], + 'type': 'CertBlocklist', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{57972956-5718-42d2-8070-b3fc72212eaf}', + 'contract_ids': ['@mozilla.org/security/oskeystore;1'], + 'type': 'OSKeyStore', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + { + 'cid': '{4fe082ae-6ff0-4b41-b24f-eaa664f6e46a}', + 'contract_ids': ['@mozilla.org/security/osreauthenticator;1'], + 'type': 'OSReauthenticator', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, +] + +if defined('MOZ_XUL'): + Classes += [ + { + 'cid': '{4ea60761-31d6-491d-9e34-4b53a26c416c}', + 'contract_ids': ['@mozilla.org/security/nsCertTree;1'], + 'type': 'nsCertTree', + 'legacy_constructor': 'mozilla::psm::NSSConstructor', + }, + ] diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build index 9a04c5a1f729..cf6625ef2790 100644 --- a/security/manager/ssl/moz.build +++ b/security/manager/ssl/moz.build @@ -51,6 +51,10 @@ if CONFIG['MOZ_XUL']: XPIDL_MODULE = 'pipnss' +XPCOM_MANIFESTS += [ + 'components.conf', +] + # These aren't actually used in production code yet, so we don't want to # ship them with the browser. TESTING_JS_MODULES.psm += [ diff --git a/security/manager/ssl/nsNSSModule.cpp b/security/manager/ssl/nsNSSModule.cpp index 5f8cd5f6305a..10506b7e8543 100644 --- a/security/manager/ssl/nsNSSModule.cpp +++ b/security/manager/ssl/nsNSSModule.cpp @@ -4,6 +4,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#include "nsNSSModule.h" + #include "CertBlocklist.h" #include "ContentSignatureVerifier.h" #include "NSSErrorsService.h" @@ -11,6 +13,7 @@ #include "PSMContentListener.h" #include "SecretDecoderRing.h" #include "TransportSecurityInfo.h" +#include "mozilla/MacroArgs.h" #include "mozilla/ModuleUtils.h" #include "mozilla/SyncRunnable.h" #include "nsCURILoader.h" @@ -114,154 +117,44 @@ static nsresult Constructor(nsISupports* aOuter, REFNSIID aIID, return Instantiate(aIID, aResult); } -} // namespace psm -} // namespace mozilla - -using namespace mozilla::psm; - -namespace { - -NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init) - -typedef mozilla::psm::NSSErrorsService NSSErrorsService; -NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init) -NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSVersion) -NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl) -NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init) - -NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID); -NS_DEFINE_NAMED_CID(NS_SECRETDECODERRING_CID); -NS_DEFINE_NAMED_CID(NS_PK11TOKENDB_CID); -NS_DEFINE_NAMED_CID(NS_PKCS11MODULEDB_CID); -NS_DEFINE_NAMED_CID(NS_PSMCONTENTLISTEN_CID); -NS_DEFINE_NAMED_CID(NS_X509CERT_CID); -NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID); -NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID); -NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID); -#ifdef MOZ_XUL -NS_DEFINE_NAMED_CID(NS_CERTTREE_CID); -#endif -NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID); -NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID); -NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID); -NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID); -NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID); -NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID); -NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID); -NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID); -NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID); -NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID); -NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID); -NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID); -NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID); -NS_DEFINE_NAMED_CID(NS_OSKEYSTORE_CID); -NS_DEFINE_NAMED_CID(NS_OSREAUTHENTICATOR_CID); +#define IMPL(...) \ + template <> \ + nsresult NSSConstructor( \ + nsISupports * aOuter, const nsIID& aIID, void** aResult) { \ + return Constructor<__VA_ARGS__>(aOuter, aIID, aResult); \ + } // Components that require main thread initialization could cause a deadlock // in necko code (bug 1418752). To prevent it we initialize all such components // on main thread in advance in net_EnsurePSMInit(). Update that function when // new component with ThreadRestriction::MainThreadOnly is added. -static const mozilla::Module::CIDEntry kNSSCIDs[] = { - {&kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor}, - {&kNS_SECRETDECODERRING_CID, false, nullptr, - Constructor}, - {&kNS_PK11TOKENDB_CID, false, nullptr, Constructor}, - {&kNS_PKCS11MODULEDB_CID, false, nullptr, Constructor}, - {&kNS_PSMCONTENTLISTEN_CID, false, nullptr, PSMContentListenerConstructor}, - {&kNS_X509CERT_CID, false, nullptr, - Constructor}, - {&kNS_X509CERTDB_CID, false, nullptr, Constructor}, - {&kNS_X509CERTLIST_CID, false, nullptr, - Constructor}, - {&kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create}, +IMPL(SecretDecoderRing) +IMPL(nsPK11TokenDB) +IMPL(PKCS11ModuleDB) +IMPL(nsNSSCertificate, nullptr, ProcessRestriction::AnyProcess) +IMPL(nsNSSCertificateDB) +IMPL(nsNSSCertList, nullptr, ProcessRestriction::AnyProcess) #ifdef MOZ_XUL - {&kNS_CERTTREE_CID, false, nullptr, Constructor}, +IMPL(nsCertTree) #endif - {&kNS_CRYPTO_HASH_CID, false, nullptr, - Constructor}, - {&kNS_CRYPTO_HMAC_CID, false, nullptr, - Constructor}, - {&kNS_KEYMODULEOBJECT_CID, false, nullptr, - Constructor}, - {&kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, - Constructor}, - {&kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr, - Constructor}, - {&kNS_CERTOVERRIDE_CID, false, nullptr, - Constructor}, - {&kNS_RANDOMGENERATOR_CID, false, nullptr, - Constructor}, - {&kTRANSPORTSECURITYINFO_CID, false, nullptr, - Constructor}, - {&kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor}, - {&kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor}, - {&kNS_SECURE_BROWSER_UI_CID, false, nullptr, - nsSecureBrowserUIImplConstructor}, - {&kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, - Constructor}, - {&kNS_CERT_BLOCKLIST_CID, false, nullptr, - Constructor}, - {&kNS_OSKEYSTORE_CID, false, nullptr, - Constructor}, - {&kNS_OSREAUTHENTICATOR_CID, false, nullptr, - Constructor}, - {nullptr}}; +IMPL(nsCryptoHash, nullptr, ProcessRestriction::AnyProcess) +IMPL(nsCryptoHMAC, nullptr, ProcessRestriction::AnyProcess) +IMPL(nsKeyObject, nullptr, ProcessRestriction::AnyProcess) +IMPL(nsKeyObjectFactory, nullptr, ProcessRestriction::AnyProcess) +IMPL(ContentSignatureVerifier) +IMPL(nsCertOverrideService, &nsCertOverrideService::Init, + ProcessRestriction::ParentProcessOnly, ThreadRestriction::MainThreadOnly) +IMPL(nsRandomGenerator, nullptr, ProcessRestriction::AnyProcess) +IMPL(TransportSecurityInfo, nullptr, ProcessRestriction::AnyProcess) +IMPL(nsSiteSecurityService, &nsSiteSecurityService::Init, + ProcessRestriction::AnyProcess, ThreadRestriction::MainThreadOnly) +IMPL(CertBlocklist, &CertBlocklist::Init, ProcessRestriction::ParentProcessOnly, + ThreadRestriction::MainThreadOnly) +IMPL(OSKeyStore, nullptr, ProcessRestriction::ParentProcessOnly, + ThreadRestriction::MainThreadOnly) +IMPL(OSReauthenticator, nullptr, ProcessRestriction::ParentProcessOnly, + ThreadRestriction::MainThreadOnly) +#undef IMPL -static const mozilla::Module::ContractIDEntry kNSSContracts[] = { - {PSM_COMPONENT_CONTRACTID, &kNS_NSSCOMPONENT_CID}, - {NS_NSS_ERRORS_SERVICE_CONTRACTID, &kNS_NSSERRORSSERVICE_CID}, - {NS_NSSVERSION_CONTRACTID, &kNS_NSSVERSION_CID}, - {NS_SECRETDECODERRING_CONTRACTID, &kNS_SECRETDECODERRING_CID}, - {NS_PK11TOKENDB_CONTRACTID, &kNS_PK11TOKENDB_CID}, - {NS_PKCS11MODULEDB_CONTRACTID, &kNS_PKCS11MODULEDB_CID}, - {NS_PSMCONTENTLISTEN_CONTRACTID, &kNS_PSMCONTENTLISTEN_CID}, - {NS_X509CERTDB_CONTRACTID, &kNS_X509CERTDB_CID}, - {NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID}, - {NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID}, -#ifdef MOZ_XUL - {NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID}, -#endif - {NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID}, - {NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID}, - {"@mozilla.org/uriloader/psm-external-content-listener;1", - &kNS_PSMCONTENTLISTEN_CID}, - {NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID}, - {NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID}, - {NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID}, - {NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID}, - {NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID}, - {NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID}, - {NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID}, - {NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID}, - {NS_OSKEYSTORE_CONTRACTID, &kNS_OSKEYSTORE_CID}, - {NS_OSREAUTHENTICATOR_CONTRACTID, &kNS_OSREAUTHENTICATOR_CID}, - {nullptr}}; - -static const mozilla::Module::CategoryEntry kNSSCategories[] = { - {NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-ca-cert", - "@mozilla.org/uriloader/psm-external-content-listener;1"}, - {NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, - "application/x-x509-server-cert", - "@mozilla.org/uriloader/psm-external-content-listener;1"}, - {NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", - "@mozilla.org/uriloader/psm-external-content-listener;1"}, - {NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", - "@mozilla.org/uriloader/psm-external-content-listener;1"}, - {nullptr}}; - -static const mozilla::Module kNSSModule = {mozilla::Module::kVersion, kNSSCIDs, - kNSSContracts, kNSSCategories}; - -} // unnamed namespace - -NSMODULE_DEFN(NSS) = &kNSSModule; +} // namespace psm +} // namespace mozilla diff --git a/security/manager/ssl/nsNSSModule.h b/security/manager/ssl/nsNSSModule.h new file mode 100644 index 000000000000..1f2024f5736c --- /dev/null +++ b/security/manager/ssl/nsNSSModule.h @@ -0,0 +1,23 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef nsNSSModule_h +#define nsNSSModule_h + +#include "nsID.h" + +class nsISupports; + +namespace mozilla { +namespace psm { +template +nsresult NSSConstructor(nsISupports* aOuter, const nsIID& aIID, + void** aInstancePtr); + +} +} // namespace mozilla + +#endif // nsNSSModule_h diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.h b/security/manager/ssl/nsSecureBrowserUIImpl.h index cc7827aa1906..8a2556723202 100644 --- a/security/manager/ssl/nsSecureBrowserUIImpl.h +++ b/security/manager/ssl/nsSecureBrowserUIImpl.h @@ -8,6 +8,7 @@ #include "nsCOMPtr.h" #include "nsISecureBrowserUI.h" +#include "nsITransportSecurityInfo.h" #include "nsIWebProgressListener.h" #include "nsWeakReference.h"