Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-07 04:05:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
a560947174
gecko-dev/security/manager/ssl/nsPKCS12Blob.h
David Keeler 23a0cee1a8 bug 1215690 - remove nsPSMUITracker r=Cykesiopka r=mgoodwin 
nsPSMUITracker was problematic. Apparently it was originally intended to prevent
NSS shutdown while NSS-related UI operations were going on (such as choosing a
client certificate). However, when nsNSSComponent would receive the event that
told it to shutdown NSS, it would attempt to call
mShutdownObjectList->evaporateAllNSSResources(), which would call
mActivityState.restrictActivityToCurrentThread(), which failed if such a UI
operation was in progress. This actually prevented the important part of
evaporateAllNSSResources, which is the releasing of all NSS objects in use by
PSM objects. Importantly, nsNSSComponent didn't check for or handle this failure
and proceeded to call NSS_Shutdown(), leaving PSM in an inconsistent state where
it thought it was okay to keep using the NSS objects it had when in fact it
wasn't.
In any case, nsPSMUITracker isn't really necessary as long as we have the
nsNSSShutDownPreventionLock mechanism, which mostly works and is what we should
use instead (or not at all, if no such lock is needed for the operation being
performed (for example, if no NSS functions are being called)).
2015-10-16 14:31:57 -07:00

97 lines
3.1 KiB
C++
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* $Id: nsPKCS12Blob.h,v 1.16 2006/04/12 15:43:32 benjamin%smedbergs.us Exp $ */
#ifndef _NS_PKCS12BLOB_H_
#define _NS_PKCS12BLOB_H_
#include "nsCOMPtr.h"
#include "nsString.h"
#include "nsIFile.h"
#include "nsIPK11TokenDB.h"
#include "nsNSSHelper.h"
#include "nsIPK11Token.h"
#include "nsIMutableArray.h"
#include "nss.h"
#include "pkcs12.h"
#include "p12plcy.h"
class nsIX509Cert;
//
// nsPKCS12Blob
//
// Class for importing/exporting PKCS#12 blobs
//
class nsPKCS12Blob : public nsNSSShutDownObject
{
public:
nsPKCS12Blob();
virtual ~nsPKCS12Blob();
// Nothing to release.
virtual void virtualDestroyNSSReference() override {}
// Set the token to use (default is internal)
nsresult SetToken(nsIPK11Token *token);
// PKCS#12 Import
nsresult ImportFromFile(nsIFile *file);
// PKCS#12 Export
nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts);
private:
nsCOMPtr<nsIPK11Token> mToken;
nsCOMPtr<nsIMutableArray> mCertArray;
nsCOMPtr<nsIInterfaceRequestor> mUIContext;
// local helper functions
nsresult getPKCS12FilePassword(SECItem *);
nsresult newPKCS12FilePassword(SECItem *);
nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *);
void unicodeToItem(const char16_t *, SECItem *);
void handleError(int myerr = 0);
// RetryReason and ImportMode are used when importing a PKCS12 file.
// There are two reasons that cause us to retry:
// - When the password entered by the user is incorrect.
// The user will be prompted to try again.
// - When the user entered a zero length password.
// An empty password should be represented as an empty
// string (a SECItem that contains a single terminating
// null UTF16 character), but some applications use a
// zero length SECItem.
// We try both variations, zero length item and empty string,
// without giving a user prompt when trying the different empty password flavors.
enum RetryReason { rr_do_not_retry, rr_bad_password, rr_auto_retry_empty_password_flavors };
enum ImportMode { im_standard_prompt, im_try_zero_length_secitem };
nsresult ImportFromFileHelper(nsIFile *file, ImportMode aImportMode, RetryReason &aWantRetry);
// NSPR file I/O for export file
PRFileDesc *mTmpFile;
// simulated file I/O for "in memory" temporary digest data
nsCString *mDigest;
nsCString::const_iterator *mDigestIterator;
bool mTokenSet;
// C-style callback functions for the NSS PKCS#12 library
static SECStatus digest_open(void *, PRBool);
static SECStatus digest_close(void *, PRBool);
static int digest_read(void *, unsigned char *, unsigned long);
static int digest_write(void *, unsigned char *, unsigned long);
static SECItem * nickname_collision(SECItem *, PRBool *, void *);
static void write_export_file(void *arg, const char *buf, unsigned long len);
};
#endif /* _NS_PKCS12BLOB_H_ */
Reference in New Issue View Git Blame Copy Permalink