mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-06 17:16:12 +00:00
128f004a1f
ScopedCERTCertList is based on Scoped.h, which is deprecated in favour of the standardised UniquePtr. Also changes CERTCertList parameters of various functions to make ownership more explicit. MozReview-Commit-ID: EXqxTK6inqy --HG-- extra : transplant_source : %9B%A9a%94%D1%7E%2BTa%9E%9Fu%9F%02%B3%1AT%1B%F1%F6
165 lines
4.8 KiB
C++
165 lines
4.8 KiB
C++
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef TransportSecurityInfo_h
|
|
#define TransportSecurityInfo_h
|
|
|
|
#include "ScopedNSSTypes.h"
|
|
#include "certt.h"
|
|
#include "mozilla/Mutex.h"
|
|
#include "mozilla/RefPtr.h"
|
|
#include "nsDataHashtable.h"
|
|
#include "nsIAssociatedContentSecurity.h"
|
|
#include "nsIInterfaceRequestor.h"
|
|
#include "nsISSLStatusProvider.h"
|
|
#include "nsITransportSecurityInfo.h"
|
|
#include "nsNSSShutDown.h"
|
|
#include "nsSSLStatus.h"
|
|
#include "pkix/pkixtypes.h"
|
|
|
|
namespace mozilla { namespace psm {
|
|
|
|
enum SSLErrorMessageType {
|
|
OverridableCertErrorMessage = 1, // for *overridable* certificate errors
|
|
PlainErrorMessage = 2 // all other errors (or "no error")
|
|
};
|
|
|
|
class TransportSecurityInfo : public nsITransportSecurityInfo,
|
|
public nsIInterfaceRequestor,
|
|
public nsISSLStatusProvider,
|
|
public nsIAssociatedContentSecurity,
|
|
public nsISerializable,
|
|
public nsIClassInfo,
|
|
public nsNSSShutDownObject,
|
|
public nsOnPK11LogoutCancelObject
|
|
{
|
|
protected:
|
|
virtual ~TransportSecurityInfo();
|
|
public:
|
|
TransportSecurityInfo();
|
|
|
|
NS_DECL_THREADSAFE_ISUPPORTS
|
|
NS_DECL_NSITRANSPORTSECURITYINFO
|
|
NS_DECL_NSIINTERFACEREQUESTOR
|
|
NS_DECL_NSISSLSTATUSPROVIDER
|
|
NS_DECL_NSIASSOCIATEDCONTENTSECURITY
|
|
NS_DECL_NSISERIALIZABLE
|
|
NS_DECL_NSICLASSINFO
|
|
|
|
nsresult SetSecurityState(uint32_t aState);
|
|
nsresult SetShortSecurityDescription(const char16_t *aText);
|
|
|
|
const nsACString & GetHostName() const { return mHostName; }
|
|
const char * GetHostNameRaw() const { return mHostName.get(); }
|
|
|
|
nsresult GetHostName(char **aHostName);
|
|
nsresult SetHostName(const char *aHostName);
|
|
|
|
int32_t GetPort() const { return mPort; }
|
|
nsresult GetPort(int32_t *aPort);
|
|
nsresult SetPort(int32_t aPort);
|
|
|
|
PRErrorCode GetErrorCode() const;
|
|
|
|
void GetErrorLogMessage(PRErrorCode errorCode,
|
|
::mozilla::psm::SSLErrorMessageType errorMessageType,
|
|
nsString &result);
|
|
|
|
void SetCanceled(PRErrorCode errorCode,
|
|
::mozilla::psm::SSLErrorMessageType errorMessageType);
|
|
|
|
/* Set SSL Status values */
|
|
nsresult SetSSLStatus(nsSSLStatus *aSSLStatus);
|
|
nsSSLStatus* SSLStatus() { return mSSLStatus; }
|
|
void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors);
|
|
|
|
nsresult SetFailedCertChain(UniqueCERTCertList certList);
|
|
|
|
private:
|
|
mutable ::mozilla::Mutex mMutex;
|
|
|
|
protected:
|
|
nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
|
|
|
|
private:
|
|
uint32_t mSecurityState;
|
|
int32_t mSubRequestsBrokenSecurity;
|
|
int32_t mSubRequestsNoSecurity;
|
|
|
|
PRErrorCode mErrorCode;
|
|
::mozilla::psm::SSLErrorMessageType mErrorMessageType;
|
|
nsString mErrorMessageCached;
|
|
nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock,
|
|
PRErrorCode errorCode,
|
|
::mozilla::psm::SSLErrorMessageType errorMessageType,
|
|
bool wantsHtml, bool suppressPort443,
|
|
nsString &result);
|
|
|
|
int32_t mPort;
|
|
nsXPIDLCString mHostName;
|
|
|
|
/* SSL Status */
|
|
RefPtr<nsSSLStatus> mSSLStatus;
|
|
|
|
/* Peer cert chain for failed connections (for error reporting) */
|
|
nsCOMPtr<nsIX509CertList> mFailedCertChain;
|
|
|
|
virtual void virtualDestroyNSSReference() override;
|
|
void destructorSafeDestroyNSSReference();
|
|
};
|
|
|
|
class RememberCertErrorsTable
|
|
{
|
|
private:
|
|
RememberCertErrorsTable();
|
|
|
|
struct CertStateBits
|
|
{
|
|
bool mIsDomainMismatch;
|
|
bool mIsNotValidAtThisTime;
|
|
bool mIsUntrusted;
|
|
};
|
|
nsDataHashtable<nsCStringHashKey, CertStateBits> mErrorHosts;
|
|
|
|
public:
|
|
void RememberCertHasError(TransportSecurityInfo * infoobject,
|
|
nsSSLStatus * status,
|
|
SECStatus certVerificationResult);
|
|
void LookupCertErrorBits(TransportSecurityInfo * infoObject,
|
|
nsSSLStatus* status);
|
|
|
|
static nsresult Init()
|
|
{
|
|
sInstance = new RememberCertErrorsTable();
|
|
return NS_OK;
|
|
}
|
|
|
|
static RememberCertErrorsTable & GetInstance()
|
|
{
|
|
MOZ_ASSERT(sInstance);
|
|
return *sInstance;
|
|
}
|
|
|
|
static void Cleanup()
|
|
{
|
|
delete sInstance;
|
|
sInstance = nullptr;
|
|
}
|
|
private:
|
|
Mutex mMutex;
|
|
|
|
static RememberCertErrorsTable * sInstance;
|
|
};
|
|
|
|
} } // namespace mozilla::psm
|
|
|
|
// 16786594-0296-4471-8096-8f84497ca428
|
|
#define TRANSPORTSECURITYINFO_CID \
|
|
{ 0x16786594, 0x0296, 0x4471, \
|
|
{ 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }
|
|
|
|
#endif // TransportSecurityInfo_h
|