mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 15:25:52 +00:00
ae04912e48
--HG-- rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h
303 lines
6.8 KiB
C++
303 lines
6.8 KiB
C++
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsSSLStatus.h"
|
|
#include "plstr.h"
|
|
#include "nsIClassInfoImpl.h"
|
|
#include "nsIObjectOutputStream.h"
|
|
#include "nsIObjectInputStream.h"
|
|
#include "ssl.h"
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetServerCert(nsIX509Cert** aServerCert)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aServerCert);
|
|
|
|
nsCOMPtr<nsIX509Cert> cert = mServerCert;
|
|
cert.forget(aServerCert);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetKeyLength(uint32_t* aKeyLength)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aKeyLength);
|
|
if (!mHaveCipherSuiteAndProtocol) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
SSLCipherSuiteInfo cipherInfo;
|
|
if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
|
|
sizeof(cipherInfo)) != SECSuccess) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
*aKeyLength = cipherInfo.symKeyBits;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetSecretKeyLength(uint32_t* aSecretKeyLength)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aSecretKeyLength);
|
|
if (!mHaveCipherSuiteAndProtocol) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
SSLCipherSuiteInfo cipherInfo;
|
|
if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
|
|
sizeof(cipherInfo)) != SECSuccess) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
*aSecretKeyLength = cipherInfo.effectiveKeyBits;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetCipherName(nsACString& aCipherName)
|
|
{
|
|
if (!mHaveCipherSuiteAndProtocol) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
SSLCipherSuiteInfo cipherInfo;
|
|
if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
|
|
sizeof(cipherInfo)) != SECSuccess) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
aCipherName.Assign(cipherInfo.cipherSuiteName);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetProtocolVersion(uint16_t* aProtocolVersion)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aProtocolVersion);
|
|
if (!mHaveCipherSuiteAndProtocol) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
*aProtocolVersion = mProtocolVersion;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetIsDomainMismatch(bool* aIsDomainMismatch)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aIsDomainMismatch);
|
|
|
|
*aIsDomainMismatch = mHaveCertErrorBits && mIsDomainMismatch;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetIsNotValidAtThisTime(bool* aIsNotValidAtThisTime)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aIsNotValidAtThisTime);
|
|
|
|
*aIsNotValidAtThisTime = mHaveCertErrorBits && mIsNotValidAtThisTime;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetIsUntrusted(bool* aIsUntrusted)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aIsUntrusted);
|
|
|
|
*aIsUntrusted = mHaveCertErrorBits && mIsUntrusted;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetIsExtendedValidation(bool* aIsEV)
|
|
{
|
|
NS_ENSURE_ARG_POINTER(aIsEV);
|
|
*aIsEV = false;
|
|
|
|
// Never allow bad certs for EV, regardless of overrides.
|
|
if (mHaveCertErrorBits) {
|
|
return NS_OK;
|
|
}
|
|
|
|
if (mHasIsEVStatus) {
|
|
*aIsEV = mIsEV;
|
|
return NS_OK;
|
|
}
|
|
|
|
#ifdef MOZ_NO_EV_CERTS
|
|
return NS_OK;
|
|
#else
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
#endif
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::Read(nsIObjectInputStream* aStream)
|
|
{
|
|
nsCOMPtr<nsISupports> cert;
|
|
nsresult rv = aStream->ReadObject(true, getter_AddRefs(cert));
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
mServerCert = do_QueryInterface(cert);
|
|
if (!mServerCert) {
|
|
return NS_NOINTERFACE;
|
|
}
|
|
|
|
rv = aStream->Read16(&mCipherSuite);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->Read16(&mProtocolVersion);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
rv = aStream->ReadBoolean(&mIsDomainMismatch);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->ReadBoolean(&mIsNotValidAtThisTime);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->ReadBoolean(&mIsUntrusted);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->ReadBoolean(&mIsEV);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
rv = aStream->ReadBoolean(&mHasIsEVStatus);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->ReadBoolean(&mHaveCipherSuiteAndProtocol);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->ReadBoolean(&mHaveCertErrorBits);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::Write(nsIObjectOutputStream* aStream)
|
|
{
|
|
nsresult rv = aStream->WriteCompoundObject(mServerCert,
|
|
NS_GET_IID(nsIX509Cert),
|
|
true);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
rv = aStream->Write16(mCipherSuite);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->Write16(mProtocolVersion);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
rv = aStream->WriteBoolean(mIsDomainMismatch);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->WriteBoolean(mIsNotValidAtThisTime);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->WriteBoolean(mIsUntrusted);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->WriteBoolean(mIsEV);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
rv = aStream->WriteBoolean(mHasIsEVStatus);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->WriteBoolean(mHaveCipherSuiteAndProtocol);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
rv = aStream->WriteBoolean(mHaveCertErrorBits);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetInterfaces(uint32_t* aCount, nsIID*** aArray)
|
|
{
|
|
*aCount = 0;
|
|
*aArray = nullptr;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetScriptableHelper(nsIXPCScriptable** aHelper)
|
|
{
|
|
*aHelper = nullptr;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetContractID(char** aContractID)
|
|
{
|
|
*aContractID = nullptr;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetClassDescription(char** aClassDescription)
|
|
{
|
|
*aClassDescription = nullptr;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetClassID(nsCID** aClassID)
|
|
{
|
|
*aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
|
|
if (!*aClassID) {
|
|
return NS_ERROR_OUT_OF_MEMORY;
|
|
}
|
|
return GetClassIDNoAlloc(*aClassID);
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetFlags(uint32_t* aFlags)
|
|
{
|
|
*aFlags = 0;
|
|
return NS_OK;
|
|
}
|
|
|
|
static NS_DEFINE_CID(kSSLStatusCID, NS_SSLSTATUS_CID);
|
|
|
|
NS_IMETHODIMP
|
|
nsSSLStatus::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
|
|
{
|
|
*aClassIDNoAlloc = kSSLStatusCID;
|
|
return NS_OK;
|
|
}
|
|
|
|
nsSSLStatus::nsSSLStatus()
|
|
: mCipherSuite(0)
|
|
, mProtocolVersion(0)
|
|
, mIsDomainMismatch(false)
|
|
, mIsNotValidAtThisTime(false)
|
|
, mIsUntrusted(false)
|
|
, mIsEV(false)
|
|
, mHasIsEVStatus(false)
|
|
, mHaveCipherSuiteAndProtocol(false)
|
|
, mHaveCertErrorBits(false)
|
|
{
|
|
}
|
|
|
|
NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
|
|
|
|
nsSSLStatus::~nsSSLStatus()
|
|
{
|
|
}
|
|
|
|
void
|
|
nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert,
|
|
nsNSSCertificate::EVStatus aEVStatus)
|
|
{
|
|
mServerCert = aServerCert;
|
|
|
|
if (aEVStatus != nsNSSCertificate::ev_status_unknown) {
|
|
mIsEV = (aEVStatus == nsNSSCertificate::ev_status_valid);
|
|
mHasIsEVStatus = true;
|
|
return;
|
|
}
|
|
|
|
#ifndef MOZ_NO_EV_CERTS
|
|
if (aServerCert) {
|
|
nsresult rv = aServerCert->GetIsExtendedValidation(&mIsEV);
|
|
if (NS_FAILED(rv)) {
|
|
return;
|
|
}
|
|
mHasIsEVStatus = true;
|
|
}
|
|
#endif
|
|
}
|