Back to index

lightning-sunbird  0.9+nobinonly
Public Member Functions | Static Public Member Functions | Public Attributes | Private Types | Private Member Functions | Private Attributes | Static Private Attributes
nsNSSComponent Class Reference

#include <nsNSSComponent.h>

Inheritance diagram for nsNSSComponent:
Inheritance graph
[legend]
Collaboration diagram for nsNSSComponent:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 NS_DEFINE_STATIC_CID_ACCESSOR (NS_NSSCOMPONENT_CID)
 nsNSSComponent ()
virtual ~nsNSSComponent ()
NS_DECL_ISUPPORTS
NS_DECL_NSISIGNATUREVERIFIER
NS_DECL_NSIENTROPYCOLLECTOR
NS_DECL_NSIOBSERVER
NS_DECL_NSITIMERCALLBACK
NS_METHOD 
Init ()
NS_IMETHOD GetPIPNSSBundleString (const char *name, nsAString &outString)
NS_IMETHOD PIPBundleFormatStringFromName (const char *name, const PRUnichar **params, PRUint32 numParams, nsAString &outString)
NS_IMETHOD SkipOcsp ()
NS_IMETHOD SkipOcspOff ()
nsresult InitializeCRLUpdateTimer ()
nsresult StopCRLUpdateTimer ()
NS_IMETHOD RemoveCrlFromList (nsAutoString)
NS_IMETHOD DefineNextTimer ()
NS_IMETHOD LogoutAuthenticatedPK11 ()
NS_IMETHOD DownloadCRLDirectly (nsAutoString, nsAutoString)
NS_IMETHOD RememberCert (CERTCertificate *cert)
NS_IMETHOD LaunchSmartCardThread (SECMODModule *module)
NS_IMETHOD ShutdownSmartCardThread (SECMODModule *module)
NS_IMETHOD PostEvent (const nsAString &eventType, const nsAString &token)
NS_IMETHOD DispatchEvent (const nsAString &eventType, const nsAString &token)
NS_IMETHOD GetClientAuthRememberService (nsClientAuthRememberService **cars)
nsIPrincipal verifySignature (in string aSignature, in unsigned long aSignatureLen, in string plaintext, in unsigned long plaintextLen, out long errorCode)
void randomUpdate (in buffer entropy, in long bufLen)
 Add the following bytes to the pool of data to be used in gathering entropy.
void observe (in nsISupports aSubject, in string aTopic, in wstring aData)
 Observe will be called when there is a notification for the topic |aTopic|.
void notify (in nsITimer timer)

Static Public Member Functions

static nsresult GetNSSCipherIDFromPrefString (const nsACString &aPrefString, PRUint16 &aCipherId)

Public Attributes

const long VERIFY_OK = 0
const long VERIFY_ERROR_UNKNOWN_CA = -8172

Private Types

enum  AlertIdentifier { ai_nss_init_problem, ai_sockets_still_active, ai_crypto_ui_active, ai_incomplete_logout }

Private Member Functions

nsresult InitializeNSS (PRBool showWarningBox)
nsresult ShutdownNSS ()
void ShowAlert (AlertIdentifier ai)
void InstallLoadableRoots ()
void LaunchSmartCardThreads ()
void ShutdownSmartCardThreads ()
nsresult InitializePIPNSSBundle ()
nsresult ConfigureInternalPKCS11Token ()
nsresult RegisterPSMContentListener ()
nsresult RegisterObservers ()
nsresult DownloadCrlSilently ()
nsresult PostCRLImportEvent (nsCAutoString *urlString, PSMContentDownloader *psmDownloader)
nsresult getParamsForNextCrlToDownload (nsAutoString *url, PRTime *time, nsAutoString *key)
nsresult DispatchEventToWindow (nsIDOMWindow *domWin, const nsAString &eventType, const nsAString &token)

Private Attributes

PRLockmutex
nsCOMPtr
< nsIScriptSecurityManager
mScriptSecurityManager
nsCOMPtr< nsIStringBundlemPIPNSSBundle
nsCOMPtr< nsIURIContentListenermPSMContentListener
nsCOMPtr< nsIPrefBranchmPrefBranch
nsCOMPtr< nsITimermTimer
PRBool mNSSInitialized
PRBool mObserversRegistered
PLHashTablehashTableCerts
nsAutoString mDownloadURL
nsAutoString mCrlUpdateKey
PRLockmCrlTimerLock
nsHashtable * crlsScheduledForDownload
PRBool crlDownloadTimerOn
PRBool mUpdateTimerInitialized
nsNSSShutDownListmShutdownObjectList
SmartCardThreadListmThreadList
PRBool mIsNetworkDown
nsSSLThreadmSSLThread
nsCertVerificationThreadmCertVerificationThread
nsNSSHttpInterface mHttpForNSS
nsRefPtr
< nsClientAuthRememberService
mClientAuthRememberService

Static Private Attributes

static int mInstanceCount = 0

Detailed Description

Definition at line 186 of file nsNSSComponent.h.


Member Enumeration Documentation

Enumerator:
ai_nss_init_problem 
ai_sockets_still_active 
ai_crypto_ui_active 
ai_incomplete_logout 

Definition at line 239 of file nsNSSComponent.h.


Constructor & Destructor Documentation

Definition at line 310 of file nsNSSComponent.cpp.

Here is the call graph for this function:


Member Function Documentation

Definition at line 751 of file nsNSSComponent.cpp.

{
  nsNSSShutDownPreventionLock locker;
  nsAutoString manufacturerID;
  nsAutoString libraryDescription;
  nsAutoString tokenDescription;
  nsAutoString privateTokenDescription;
  nsAutoString slotDescription;
  nsAutoString privateSlotDescription;
  nsAutoString fipsSlotDescription;
  nsAutoString fipsPrivateSlotDescription;

  nsresult rv;
  rv = GetPIPNSSBundleString("ManufacturerID", manufacturerID);
  if (NS_FAILED(rv)) return rv;

  rv = GetPIPNSSBundleString("LibraryDescription", libraryDescription);
  if (NS_FAILED(rv)) return rv;

  rv = GetPIPNSSBundleString("TokenDescription", tokenDescription);
  if (NS_FAILED(rv)) return rv;

  rv = GetPIPNSSBundleString("PrivateTokenDescription", privateTokenDescription);
  if (NS_FAILED(rv)) return rv;

  rv = GetPIPNSSBundleString("SlotDescription", slotDescription);
  if (NS_FAILED(rv)) return rv;

  rv = GetPIPNSSBundleString("PrivateSlotDescription", privateSlotDescription);
  if (NS_FAILED(rv)) return rv;

  rv = GetPIPNSSBundleString("FipsSlotDescription", fipsSlotDescription);
  if (NS_FAILED(rv)) return rv;

  rv = GetPIPNSSBundleString("FipsPrivateSlotDescription", fipsPrivateSlotDescription);
  if (NS_FAILED(rv)) return rv;

  PK11_ConfigurePKCS11(NS_ConvertUCS2toUTF8(manufacturerID).get(),
                       NS_ConvertUCS2toUTF8(libraryDescription).get(),
                       NS_ConvertUCS2toUTF8(tokenDescription).get(),
                       NS_ConvertUCS2toUTF8(privateTokenDescription).get(),
                       NS_ConvertUCS2toUTF8(slotDescription).get(),
                       NS_ConvertUCS2toUTF8(privateSlotDescription).get(),
                       NS_ConvertUCS2toUTF8(fipsSlotDescription).get(),
                       NS_ConvertUCS2toUTF8(fipsPrivateSlotDescription).get(),
                       0, 0);
  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1118 of file nsNSSComponent.cpp.

{
  PRTime nextFiring;
  PRTime now = PR_Now();
  PRUint64 diff;
  PRUint32 interval;
  PRUint32 primaryDelay = CRL_AUTOUPDATE_DEFAULT_DELAY;
  nsresult rv;

  if(!mTimer){
    mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
    if(NS_FAILED(rv))
      return rv;
  }

  //If some timer is already running, cancel it. Thus, the request that came last,
  //wins. This would ensure that in no way we end up setting two different timers
  //This part should be synchronized because this function might be called from separate
  //threads

  //Lock the lock
  PR_Lock(mCrlTimerLock);

  if(crlDownloadTimerOn == PR_TRUE){
    mTimer->Cancel();
  }

  rv = getParamsForNextCrlToDownload(&mDownloadURL, &nextFiring, &mCrlUpdateKey);
  //If there are no more crls to be updated any time in future
  if(NS_FAILED(rv)){
    //Free the lock and return - no error - just implies nothing to schedule
    PR_Unlock(mCrlTimerLock);
    return NS_OK;
  }
     
  //Define the firing interval, from NOW
  if ( now < nextFiring) {
    LL_SUB(diff,nextFiring,now);
    LL_L2UI(interval, diff);
    //Now, we are doing 32 operations - so, don't need LL_ functions...
    interval = interval/PR_USEC_PER_MSEC;
  }else {
    interval = primaryDelay;
  }
  
  mTimer->InitWithCallback(NS_STATIC_CAST(nsITimerCallback*, this), 
                           interval,
                           nsITimer::TYPE_ONE_SHOT);
  crlDownloadTimerOn = PR_TRUE;
  //Release
  PR_Unlock(mCrlTimerLock);

  return NS_OK;

}

Here is the call graph for this function:

Here is the caller graph for this function:

NS_IMETHODIMP nsNSSComponent::DispatchEvent ( const nsAString &  eventType,
const nsAString &  token 
)

Definition at line 379 of file nsNSSComponent.cpp.

{
  // 'Dispatch' the event to all the windows. 'DispatchEventToWindow()' will
  // first check to see if a given window has requested crypto events.
  nsresult rv;
  nsCOMPtr<nsIWindowWatcher> windowWatcher =
                            do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv);

  if (NS_FAILED(rv)) {
    return rv;
  }

  nsCOMPtr<nsISimpleEnumerator> enumerator;
  rv = windowWatcher->GetWindowEnumerator(getter_AddRefs(enumerator));
  if (NS_FAILED(rv)) {
    return rv;
  }

  PRBool hasMoreWindows;

  while (NS_SUCCEEDED(enumerator->HasMoreElements(&hasMoreWindows))
         && hasMoreWindows) {
    nsCOMPtr<nsISupports> supports;
    enumerator->GetNext(getter_AddRefs(supports));
    nsCOMPtr<nsIDOMWindow> domWin(do_QueryInterface(supports));
    if (domWin) {
      nsresult rv2 = DispatchEventToWindow(domWin, eventType, tokenName);
      if (NS_FAILED(rv2)) {
        // return the last failure, don't let a single failure prevent
        // continued delivery of events.
        rv = rv2;
      }
    }
  }
  return rv;
}

Here is the call graph for this function:

nsresult nsNSSComponent::DispatchEventToWindow ( nsIDOMWindow domWin,
const nsAString &  eventType,
const nsAString &  token 
) [private]

Definition at line 418 of file nsNSSComponent.cpp.

{
  // first walk the children and dispatch their events 
  {
    nsresult rv;
    nsCOMPtr<nsIDOMWindowCollection> frames;
    rv = domWin->GetFrames(getter_AddRefs(frames));
    if (NS_FAILED(rv)) {
      return rv;
    }

    PRUint32 length;
    frames->GetLength(&length);
    PRUint32 i;
    for (i = 0; i < length; i++) {
      nsCOMPtr<nsIDOMWindow> childWin;
      frames->Item(i, getter_AddRefs(childWin));
      DispatchEventToWindow(childWin, eventType, tokenName);
    }
  }

  // check if we've enabled smart card events on this window
  // NOTE: it's not an error to say that we aren't going to dispatch
  // the event.
  {
    nsCOMPtr<nsIDOMWindowInternal> intWindow = do_QueryInterface(domWin);
    if (!intWindow) {
      return NS_OK; // nope, it's not an internal window
    }

    nsCOMPtr<nsIDOMCrypto> crypto;
    intWindow->GetCrypto(getter_AddRefs(crypto));
    if (!crypto) {
      return NS_OK; // nope, it doesn't have a crypto property
    }

    PRBool boolrv;
    crypto->GetEnableSmartCardEvents(&boolrv);
    if (!boolrv) {
      return NS_OK; // nope, it's not enabled.
    }
  }

  // dispatch the event ...

  nsresult rv;
  // find the document
  nsCOMPtr<nsIDOMDocument> doc;
  rv = domWin->GetDocument(getter_AddRefs(doc));
  if (doc == nsnull) {
    return NS_FAILED(rv) ? rv : NS_ERROR_FAILURE;
  }

  // create the event
  nsCOMPtr<nsIDOMDocumentEvent> docEvent = do_QueryInterface(doc, &rv);
  if (NS_FAILED(rv)) {
    return rv;
  }

  nsCOMPtr<nsIDOMEvent> event;
  rv = docEvent->CreateEvent(NS_LITERAL_STRING("Events"), 
                             getter_AddRefs(event));
  if (NS_FAILED(rv)) {
    return rv;
  }

  event->InitEvent(eventType, false, true);

  // create the Smart Card Event;
  nsCOMPtr<nsIDOMSmartCardEvent> smartCardEvent = 
                                          new nsSmartCardEvent(tokenName);
  // init the smart card event, fail here if we can't complete the 
  // initialization.
  if (!smartCardEvent) {
    return NS_ERROR_OUT_OF_MEMORY;
  }

  rv = smartCardEvent->Init(event);
  if (NS_FAILED(rv)) {
    return rv;
  }

  // Send it 
  nsCOMPtr<nsIDOMEventTarget> target = do_QueryInterface(doc, &rv);
  if (NS_FAILED(rv)) {
    return rv;
  }

  PRBool boolrv;
  rv = target->DispatchEvent(smartCardEvent, &boolrv);
  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 970 of file nsNSSComponent.cpp.

{
  //This api is meant to support direct interactive update of crl from the crl manager
  //or other such ui.
  PSMContentDownloader *psmDownloader = new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL);
  
  nsCAutoString *urlString = new nsCAutoString();
  urlString->AssignWithConversion(url.get());
    
  return PostCRLImportEvent(urlString, psmDownloader);
}

Here is the call graph for this function:

Definition at line 982 of file nsNSSComponent.cpp.

{
  //Add this attempt to the hashtable
  nsStringKey hashKey(mCrlUpdateKey.get());
  crlsScheduledForDownload->Put(&hashKey,(void *)nsnull);
    
  //Set up the download handler
  PSMContentDownloader *psmDownloader = new PSMContentDownloader(PSMContentDownloader::PKCS7_CRL);
  psmDownloader->setSilentDownload(PR_TRUE);
  psmDownloader->setCrlAutodownloadKey(mCrlUpdateKey);
  
  //Now get the url string
  nsCAutoString *urlString = new nsCAutoString();
  urlString->AssignWithConversion(mDownloadURL);

  return PostCRLImportEvent(urlString, psmDownloader);
}

Here is the call graph for this function:

Definition at line 2121 of file nsNSSComponent.cpp.

nsresult nsNSSComponent::GetNSSCipherIDFromPrefString ( const nsACString &  aPrefString,
PRUint16 aCipherId 
) [static]

Definition at line 901 of file nsNSSComponent.cpp.

{
  for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
    if (nsDependentCString(cp->pref) == aPrefString) {
      aCipherId = cp->id;
      return NS_OK;
    }
  }
  
  return NS_ERROR_NOT_AVAILABLE;
}

Definition at line 1000 of file nsNSSComponent.cpp.

{
  const char *updateEnabledPref = CRL_AUTOUPDATE_ENABLED_PREF;
  const char *updateTimePref = CRL_AUTOUPDATE_TIME_PREF;
  const char *updateURLPref = CRL_AUTOUPDATE_URL_PREF;
  char **allCrlsToBeUpdated;
  PRUint32 noOfCrls;
  PRTime nearestUpdateTime = 0;
  nsAutoString crlKey;
  char *tempUrl;
  nsresult rv;
  
  nsCOMPtr<nsIPrefBranch> pref = do_GetService(NS_PREFSERVICE_CONTRACTID,&rv);
  if(NS_FAILED(rv)){
    return rv;
  }

  rv = pref->GetChildList(updateEnabledPref, &noOfCrls, &allCrlsToBeUpdated);
  if ( (NS_FAILED(rv)) || (noOfCrls==0) ){
    return NS_ERROR_FAILURE;
  }

  for(PRUint32 i=0;i<noOfCrls;i++) {
    PRBool autoUpdateEnabled;
    nsAutoString tempCrlKey;
  
    //First check if update pref is enabled for this crl
    rv = pref->GetBoolPref(*(allCrlsToBeUpdated+i), &autoUpdateEnabled);
    if( (NS_FAILED(rv)) || (autoUpdateEnabled==PR_FALSE) ){
      continue;
    }

    //Now, generate the crl key. Same key would be used as hashkey as well
    nsCAutoString enabledPrefCString(*(allCrlsToBeUpdated+i));
    enabledPrefCString.ReplaceSubstring(updateEnabledPref,".");
    tempCrlKey.AssignWithConversion(enabledPrefCString.get());
      
    //Check if this crl has already been scheduled. Its presence in the hashtable
    //implies that it has been scheduled already this client session, and
    //is either in the process of being downloaded, or its download failed
    //for some reason. In the second case, we will not retry in the current client session
    nsStringKey hashKey(tempCrlKey.get());
    if(crlsScheduledForDownload->Exists(&hashKey)){
      continue;
    }

    char *tempTimeString;
    PRTime tempTime;
    nsCAutoString timingPrefCString(updateTimePref);
    timingPrefCString.AppendWithConversion(tempCrlKey);
    rv = pref->GetCharPref(timingPrefCString.get(), &tempTimeString);
    if (NS_FAILED(rv)){
      continue;
    }
    rv = PR_ParseTimeString(tempTimeString,PR_TRUE, &tempTime);
    nsMemory::Free(tempTimeString);
    if (NS_FAILED(rv)){
      continue;
    }

    if(nearestUpdateTime == 0 || tempTime < nearestUpdateTime){
      nsCAutoString urlPrefCString(updateURLPref);
      urlPrefCString.AppendWithConversion(tempCrlKey);
      rv = pref->GetCharPref(urlPrefCString.get(), &tempUrl);
      if (NS_FAILED(rv) || (!tempUrl)){
        continue;
      }
      nearestUpdateTime = tempTime;
      crlKey = tempCrlKey;
    }
  }

  if(noOfCrls > 0)
    NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(noOfCrls, allCrlsToBeUpdated);

  if(nearestUpdateTime > 0){
    *time = nearestUpdateTime;
    url->AssignWithConversion((const char *)tempUrl);
    nsMemory::Free(tempUrl);
    *key = crlKey;
    rv = NS_OK;
  } else{
    rv = NS_ERROR_FAILURE;
  }

  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NS_IMETHODIMP nsNSSComponent::GetPIPNSSBundleString ( const char *  name,
nsAString &  outString 
)

Definition at line 536 of file nsNSSComponent.cpp.

{
  nsresult rv = NS_ERROR_FAILURE;

  outString.SetLength(0);
  if (mPIPNSSBundle && name) {
    nsXPIDLString result;
    rv = mPIPNSSBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(),
                                          getter_Copies(result));
    if (NS_SUCCEEDED(rv)) {
      outString = result;
      rv = NS_OK;
    }
  }

  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1577 of file nsNSSComponent.cpp.

{
  // No mutex protection.
  // Assume Init happens before any concurrency on "this" can start.

  nsresult rv = NS_OK;

  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Beginning NSS initialization\n"));

  if (!mutex || !mShutdownObjectList || 
      !mSSLThread || !mCertVerificationThread)
  {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS init, out of memory in constructor\n"));
    return NS_ERROR_OUT_OF_MEMORY;
  }

  rv = InitializePIPNSSBundle();
  if (NS_FAILED(rv)) {
    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to create pipnss bundle.\n"));
    return rv;
  }      

  if (!mPrefBranch) {
    mPrefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
    NS_ASSERTION(mPrefBranch, "Unable to get pref service");
  }

  // Do that before NSS init, to make sure we won't get unloaded.
  RegisterObservers();

  rv = InitializeNSS(PR_TRUE); // ok to show a warning box on failure
  if (NS_FAILED(rv)) {
    PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS.\n"));
    return rv;
  }

  InitializeCRLUpdateTimer();
  RegisterPSMContentListener();

  nsCOMPtr<nsIEntropyCollector> ec
      = do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID);

  nsCOMPtr<nsIBufEntropyCollector> bec;

  if (ec) {
    bec = do_QueryInterface(ec);
  }

  NS_ASSERTION(bec, "No buffering entropy collector.  "
                    "This means no entropy will be collected.");
  if (bec) {
    bec->ForwardTo(this);
  }

  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1204 of file nsNSSComponent.cpp.

{
  nsresult rv;
    
  //First check if this is already initialized. Then we stop it.
  if(mUpdateTimerInitialized == PR_FALSE){
    mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
    if(NS_FAILED(rv)){
      return rv;
    }
    crlsScheduledForDownload = new nsHashtable(16, PR_TRUE);
    mCrlTimerLock = PR_NewLock();
    DefineNextTimer();
    mUpdateTimerInitialized = PR_TRUE;  
  } 

  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

nsresult nsNSSComponent::InitializeNSS ( PRBool  showWarningBox) [private]

Definition at line 1333 of file nsNSSComponent.cpp.

{
  // Can be called both during init and profile change.
  // Needs mutex protection.

  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::InitializeNSS\n"));

  // variables used for flow control within this function

  enum { problem_none, problem_no_rw, problem_no_security_at_all }
    which_nss_problem = problem_none;

  {
    nsAutoLock lock(mutex);

    // Init phase 1, prepare own variables used for NSS

    if (mNSSInitialized) {
      PR_ASSERT(!"Trying to initialize NSS twice"); // We should never try to 
                                                    // initialize NSS more than
                                                    // once in a process.
      return NS_ERROR_FAILURE;
    }
    
    hashTableCerts = PL_NewHashTable( 0, certHashtable_keyHash, certHashtable_keyCompare, 
      certHashtable_valueCompare, 0, 0 );

    nsresult rv;
    nsCAutoString profileStr;
    nsCOMPtr<nsIFile> profilePath;

    rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
                                getter_AddRefs(profilePath));
    if (NS_FAILED(rv)) {
      PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to get profile directory\n"));
      return rv;
    }

  // XP_MAC == CFM
  // XP_MACOSX == MachO

  #if defined(XP_MAC) && defined(XP_MACOSX)
  #error "This code assumes XP_MAC and XP_MACOSX will never be defined at the same time"
  #endif

  #if defined(XP_MAC) || defined(XP_MACOSX)
    // On Mac CFM we place all NSS DBs in the Security
    // Folder in the profile directory.
    nsCOMPtr<nsIFile> cfmSecurityPath;
    cfmSecurityPath = profilePath; // alias for easier code reading
    cfmSecurityPath->AppendNative(NS_LITERAL_CSTRING("Security"));
  #endif

  #if defined(XP_MAC)
    // on CFM, cfmSecurityPath and profilePath point to the same oject
    profilePath->Create(nsIFile::DIRECTORY_TYPE, 0); //This is for Mac, don't worry about
                                                     //permissions.
  #elif defined(XP_MACOSX)
    // On MachO, we need to access both directories,
    // and therefore need separate nsIFile instances.
    // Keep cfmSecurityPath instance, obtain new instance for MachO profilePath.
    rv = cfmSecurityPath->GetParent(getter_AddRefs(profilePath));
    if (NS_FAILED(rv))
      return rv;
  #endif

    rv = profilePath->GetNativePath(profileStr);
    if (NS_FAILED(rv)) 
      return rv;

  #if defined(XP_MACOSX)
    // function may modify the parameters
    // ignore return code from conversion, we continue anyway
    TryCFM2MachOMigration(cfmSecurityPath, profilePath);
  #endif

    PRBool supress_warning_preference = PR_FALSE;
    rv = mPrefBranch->GetBoolPref("security.suppress_nss_rw_impossible_warning", &supress_warning_preference);

    if (NS_FAILED(rv)) {
      supress_warning_preference = PR_FALSE;
    }

    // init phase 2, init calls to NSS library

    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization beginning\n"));

    // The call to ConfigureInternalPKCS11Token needs to be done before NSS is initialized, 
    // but affects only static data.
    // If we could assume i18n will not change between profiles, one call per application
    // run were sufficient. As I can't predict what happens in the future, let's repeat
    // this call for every re-init of NSS.

    ConfigureInternalPKCS11Token();

    SECStatus init_rv = ::NSS_InitReadWrite(profileStr.get());

    if (init_rv != SECSuccess) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init NSS r/w in %s\n", profileStr.get()));

      if (supress_warning_preference) {
        which_nss_problem = problem_none;
      }
      else {
        which_nss_problem = problem_no_rw;
      }

      // try to init r/o
      init_rv = NSS_Init(profileStr.get());

      if (init_rv != SECSuccess) {
        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can not init in r/o either\n"));
        which_nss_problem = problem_no_security_at_all;

        NSS_NoDB_Init(profileStr.get());
      }
    }

    // init phase 3, only if phase 2 was successful

    if (problem_no_security_at_all != which_nss_problem) {

      mNSSInitialized = PR_TRUE;

      ::NSS_SetDomesticPolicy();
      //  SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
      //  SSL_EnableCipher(SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED);

      PK11_SetPasswordFunc(PK11PasswordPrompt);

      // Register an observer so we can inform NSS when these prefs change
      nsCOMPtr<nsIPrefBranch2> pbi = do_QueryInterface(mPrefBranch);
      pbi->AddObserver("security.", this, PR_FALSE);

      PRBool enabled;
      mPrefBranch->GetBoolPref("security.enable_ssl2", &enabled);
      SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
      SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, enabled);
      mPrefBranch->GetBoolPref("security.enable_ssl3", &enabled);
      SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
      mPrefBranch->GetBoolPref("security.enable_tls", &enabled);
      SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);

      // Disable any ciphers that NSS might have enabled by default
      for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i)
      {
        PRUint16 cipher_id = SSL_ImplementedCiphers[i];
        SSL_CipherPrefSetDefault(cipher_id, PR_FALSE);
      }

      // Now only set SSL/TLS ciphers we knew about at compile time
      for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
        mPrefBranch->GetBoolPref(cp->pref, &enabled);

        SSL_CipherPrefSetDefault(cp->id, enabled);
      }

      // Enable ciphers for PKCS#12
      SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
      SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
      SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
      SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
      SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
      SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
      SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
      PORT_SetUCS2_ASCIIConversionFunction(pip_ucs2_ascii_conversion_fn);

      // Set up OCSP //
      setOCSPOptions(mPrefBranch);

      mHttpForNSS.initTable();
      mHttpForNSS.registerHttpClient();

      InstallLoadableRoots();

      LaunchSmartCardThreads();

      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
    }
  }

  if (problem_none != which_nss_problem) {
    nsString message;

    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS problem, trying to bring up GUI error message\n"));

    // We might want to use different messages, depending on what failed.
    // For now, let's use the same message.
    if (showWarningBox) {
      ShowAlert(ai_nss_init_problem);
    }
  }

  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 801 of file nsNSSComponent.cpp.

{
  // Called during init only, no mutex required.

  nsresult rv;
  nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
  if (NS_FAILED(rv) || !bundleService) 
    return NS_ERROR_FAILURE;
  
  bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL,
                              getter_AddRefs(mPIPNSSBundle));
  if (!mPIPNSSBundle)
    rv = NS_ERROR_FAILURE;

  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 630 of file nsNSSComponent.cpp.

{
  nsNSSShutDownPreventionLock locker;
  SECMODModule *RootsModule = nsnull;

  {
    // Find module containing root certs

    SECMODModuleList *list = SECMOD_GetDefaultModuleList();
    SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
    SECMOD_GetReadLock(lock);

    while (!RootsModule && list) {
      SECMODModule *module = list->module;

      for (int i=0; i < module->slotCount; i++) {
        PK11SlotInfo *slot = module->slots[i];
        if (PK11_IsPresent(slot)) {
          if (PK11_HasRootCerts(slot)) {
            RootsModule = SECMOD_ReferenceModule(module);
            break;
          }
        }
      }

      list = list->next;
    }
    SECMOD_ReleaseReadLock(lock);
  }

  if (RootsModule) {
    // Check version, and unload module if it is too old

    CK_INFO info;
    if (SECSuccess != PK11_GetModInfo(RootsModule, &info)) {
      // Do not use this module
      SECMOD_DestroyModule(RootsModule);
      RootsModule = nsnull;
    }
    else {
      // NSS_BUILTINS_LIBRARY_VERSION_MAJOR and NSS_BUILTINS_LIBRARY_VERSION_MINOR
      // define the version we expect to have.
      // Later version are fine.
      // Older versions are not ok, and we will replace with our own version.

      if (
            (info.libraryVersion.major < NSS_BUILTINS_LIBRARY_VERSION_MAJOR)
          || 
            (info.libraryVersion.major == NSS_BUILTINS_LIBRARY_VERSION_MAJOR
             && info.libraryVersion.minor < NSS_BUILTINS_LIBRARY_VERSION_MINOR)
         ) {
        PRInt32 modType;
        SECMOD_DeleteModule(RootsModule->commonName, &modType);
        SECMOD_DestroyModule(RootsModule);

        RootsModule = nsnull;
      }
    }
  }

  if (RootsModule) {
    SECMOD_DestroyModule(RootsModule);
  } else { /* !RootsModule */
    // Load roots module from our installation path
  
    nsresult rv;
    nsAutoString modName;
    rv = GetPIPNSSBundleString("RootCertModuleName", modName);
    if (NS_FAILED(rv)) return;

    nsCOMPtr<nsIProperties> directoryService(do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID));
    if (!directoryService)
      return;

    const char *possible_ckbi_locations[] = {
      NS_GRE_DIR,
      NS_XPCOM_CURRENT_PROCESS_DIR,
      0 // This special value means: 
        //   search for ckbi in the directories on the shared
        //   library/DLL search path
    };

    for (size_t il = 0; il < sizeof(possible_ckbi_locations)/sizeof(const char*); ++il) {
      nsCOMPtr<nsILocalFile> mozFile;
      char *fullModuleName = nsnull;

      if (!possible_ckbi_locations[il])
      {
        fullModuleName = PR_GetLibraryName(nsnull, "nssckbi");
      }
      else
      {
        directoryService->Get( possible_ckbi_locations[il],
                               NS_GET_IID(nsILocalFile), 
                               getter_AddRefs(mozFile));
    
        if (!mozFile) {
          continue;
        }

        nsCAutoString processDir;
        mozFile->GetNativePath(processDir);
        fullModuleName = PR_GetLibraryName(processDir.get(), "nssckbi");
      }

      /* If a module exists with the same name, delete it. */
      NS_ConvertUCS2toUTF8 modNameUTF8(modName);
      int modType;
      SECMOD_DeleteModule(NS_CONST_CAST(char*, modNameUTF8.get()), &modType);
      SECStatus rv_add = 
        SECMOD_AddNewModule(NS_CONST_CAST(char*, modNameUTF8.get()), fullModuleName, 0, 0);
      PR_FreeLibraryName(fullModuleName); // allocated by NSPR
      if (SECSuccess == rv_add) {
        // found a module, no need to try other directories
        break;
      }
    }
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 592 of file nsNSSComponent.cpp.

{
  SmartCardMonitoringThread *newThread;
  if (SECMOD_HasRemovableSlots(module)) {
    if (mThreadList == nsnull) {
      mThreadList = new SmartCardThreadList();
      if (!mThreadList) {
        return NS_ERROR_OUT_OF_MEMORY;
      }
    }
    newThread = new SmartCardMonitoringThread(module);
    if (!newThread) {
       return NS_ERROR_OUT_OF_MEMORY;
    }
    // newThread is adopted by the add.
    return mThreadList->Add(newThread);
  }
  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 574 of file nsNSSComponent.cpp.

{
  nsNSSShutDownPreventionLock locker;
  {
    SECMODModuleList *list = SECMOD_GetDefaultModuleList();
    SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
    SECMOD_GetReadLock(lock);

    while (list) {
      SECMODModule *module = list->module;
      LaunchSmartCardThread(module);
      list = list->next;
    }
    SECMOD_ReleaseReadLock(lock);
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 2049 of file nsNSSComponent.cpp.

{
  if (mClientAuthRememberService) {
    mClientAuthRememberService->ClearRememberedDecisions();
  }
  return mShutdownObjectList->doPK11Logout();
}

Here is the call graph for this function:

void nsITimerCallback::notify ( in nsITimer  timer) [inherited]
Parameters:
aTimerthe timer which has expired
void nsIObserver::observe ( in nsISupports  aSubject,
in string  aTopic,
in wstring  aData 
) [inherited]

Observe will be called when there is a notification for the topic |aTopic|.

This assumes that the object implementing this interface has been registered with an observer service such as the nsIObserverService.

If you expect multiple topics/subjects, the impl is responsible for filtering.

You should not modify, add, remove, or enumerate notifications in the implemention of observe.

Parameters:
aSubject: Notification specific interface pointer.
aTopic: The notification topic or subject.
aData: Notification specific wide string. subject event.
NS_IMETHODIMP nsNSSComponent::PIPBundleFormatStringFromName ( const char *  name,
const PRUnichar **  params,
PRUint32  numParams,
nsAString &  outString 
)

Definition at line 516 of file nsNSSComponent.cpp.

{
  nsresult rv = NS_ERROR_FAILURE;

  if (mPIPNSSBundle && name) {
    nsXPIDLString result;
    rv = mPIPNSSBundle->FormatStringFromName(NS_ConvertASCIItoUTF16(name).get(),
                                             params, numParams,
                                             getter_Copies(result));
    if (NS_SUCCEEDED(rv)) {
      outString = result;
    }
  }
  return rv;
}

Here is the call graph for this function:

nsresult nsNSSComponent::PostCRLImportEvent ( nsCAutoString urlString,
PSMContentDownloader psmDownloader 
) [private]

Definition at line 949 of file nsNSSComponent.cpp.

{
  //Create the event
  CRLDownloadEvent *event = new CRLDownloadEvent;
  PL_InitEvent(event, this, (PLHandleEventProc)HandleCRLImportPLEvent, (PLDestroyEventProc)DestroyCRLImportPLEvent);
  event->urlString = urlString;
  event->psmDownloader = (nsIStreamListener *)psmDownloader;
  
  //Get a handle to the ui event queue
  
  nsCOMPtr<nsIEventQueue>uiQueue = nsNSSEventGetUIEventQueue();

  if (!uiQueue) {
    return NS_ERROR_FAILURE;
  }

  //Post the event
  return uiQueue->PostEvent(event);
}

Here is the call graph for this function:

Here is the caller graph for this function:

NS_IMETHODIMP nsNSSComponent::PostEvent ( const nsAString &  eventType,
const nsAString &  token 
)

Definition at line 360 of file nsNSSComponent.cpp.

{
  nsresult rv;
  nsTokenEventRunnable *runnable = 
                               new nsTokenEventRunnable(eventType, tokenName);
  if (!runnable) {
    return NS_ERROR_OUT_OF_MEMORY;
  }

  rv = nsNSSEventPostToUIEventQueue(runnable);
  if (NS_FAILED(rv))
    delete runnable;

  return rv;
}

Here is the call graph for this function:

void nsIEntropyCollector::randomUpdate ( in buffer  entropy,
in long  bufLen 
) [inherited]

Add the following bytes to the pool of data to be used in gathering entropy.

Definition at line 2058 of file nsNSSComponent.cpp.

{
  // Happens once during init only, no mutex protection.

  nsCOMPtr<nsIObserverService> observerService(do_GetService("@mozilla.org/observer-service;1"));
  NS_ASSERTION(observerService, "could not get observer service");
  if (observerService) {
    mObserversRegistered = PR_TRUE;
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent: adding observers\n"));

    // We are a service.
    // Once we are loaded, don't allow being removed from memory.
    // This makes sense, as initializing NSS is expensive.

    // By using PR_FALSE for parameter ownsWeak in AddObserver,
    // we make sure that we won't get unloaded until the application shuts down.

    observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, PR_FALSE);

    observerService->AddObserver(this, PROFILE_APPROVE_CHANGE_TOPIC, PR_FALSE);
    observerService->AddObserver(this, PROFILE_CHANGE_TEARDOWN_TOPIC, PR_FALSE);
    observerService->AddObserver(this, PROFILE_CHANGE_TEARDOWN_VETO_TOPIC, PR_FALSE);
    observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, PR_FALSE);
    observerService->AddObserver(this, PROFILE_AFTER_CHANGE_TOPIC, PR_FALSE);
    observerService->AddObserver(this, SESSION_LOGOUT_TOPIC, PR_FALSE);
    observerService->AddObserver(this, PROFILE_CHANGE_NET_TEARDOWN_TOPIC, PR_FALSE);
    observerService->AddObserver(this, PROFILE_CHANGE_NET_RESTORE_TOPIC, PR_FALSE);
  }
  return NS_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 819 of file nsNSSComponent.cpp.

{
  // Called during init only, no mutex required.

  nsresult rv = NS_OK;
  if (!mPSMContentListener) {
    nsCOMPtr<nsIURILoader> dispatcher(do_GetService(NS_URI_LOADER_CONTRACTID));
    if (dispatcher) {
      mPSMContentListener = do_CreateInstance(NS_PSMCONTENTLISTEN_CONTRACTID);
      rv = dispatcher->RegisterContentListener(mPSMContentListener);
    }
  }
  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

NS_IMETHODIMP nsNSSComponent::RememberCert ( CERTCertificate *  cert)

Definition at line 2090 of file nsNSSComponent.cpp.

{
  nsNSSShutDownPreventionLock locker;

  // Must not interfere with init / shutdown / profile switch.

  nsAutoLock lock(mutex);

  if (!hashTableCerts || !cert)
    return NS_OK;
  
  void *found = PL_HashTableLookup(hashTableCerts, (void*)&cert->certKey);
  
  if (found) {
    // we remember that cert already
    return NS_OK;
  }
  
  CERTCertificate *myDupCert = CERT_DupCertificate(cert);
  
  if (!myDupCert)
    return NS_ERROR_OUT_OF_MEMORY;
  
  if (!PL_HashTableAdd(hashTableCerts, (void*)&myDupCert->certKey, myDupCert)) {
    CERT_DestroyCertificate(myDupCert);
  }
  
  return NS_OK;
}

Here is the call graph for this function:

Definition at line 1108 of file nsNSSComponent.cpp.

{
  nsStringKey hashKey(key.get());
  if(crlsScheduledForDownload->Exists(&hashKey)){
    crlsScheduledForDownload->Remove(&hashKey);
  }
  return NS_OK;
}

Here is the call graph for this function:

Definition at line 1994 of file nsNSSComponent.cpp.

{
  nsString message;
  nsresult rv;

  switch (ai) {
    case ai_nss_init_problem:
      rv = GetPIPNSSBundleString("NSSInitProblem", message);
      break;
    case ai_sockets_still_active:
      rv = GetPIPNSSBundleString("ProfileSwitchSocketsStillActive", message);
      break;
    case ai_crypto_ui_active:
      rv = GetPIPNSSBundleString("ProfileSwitchCryptoUIActive", message);
      break;
    case ai_incomplete_logout:
      rv = GetPIPNSSBundleString("LogoutIncompleteUIActive", message);
      break;
    default:
      return;
  }
  
  if (NS_FAILED(rv))
    return;

  nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID));
  if (!wwatch) {
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get window watcher\n"));
  }
  else {
    nsCOMPtr<nsIPrompt> prompter;
    wwatch->GetNewPrompter(0, getter_AddRefs(prompter));
    if (!prompter) {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get window prompter\n"));
    }
    else {
      nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
      if (!proxyman) {
        PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get proxy manager\n"));
      }
      else {
        nsCOMPtr<nsIPrompt> proxyPrompt;
        proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, NS_GET_IID(nsIPrompt),
                                    prompter, PROXY_SYNC, getter_AddRefs(proxyPrompt));
        if (!proxyPrompt) {
          PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("can't get proxy for nsIPrompt\n"));
        }
        else {
          proxyPrompt->Alert(nsnull, message.get());
        }
      }
    }
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 1530 of file nsNSSComponent.cpp.

{
  // Can be called both during init and profile change,
  // needs mutex protection.
  
  PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::ShutdownNSS\n"));

  nsAutoLock lock(mutex);
  nsresult rv = NS_OK;

  if (hashTableCerts) {
    PL_HashTableEnumerateEntries(hashTableCerts, certHashtable_clearEntry, 0);
    PL_HashTableDestroy(hashTableCerts);
    hashTableCerts = nsnull;
  }

  if (mNSSInitialized) {
    mNSSInitialized = PR_FALSE;

    PK11_SetPasswordFunc((PK11PasswordFunc)nsnull);
    mHttpForNSS.unregisterHttpClient();

    if (mPrefBranch) {
      nsCOMPtr<nsIPrefBranch2> pbi = do_QueryInterface(mPrefBranch);
      pbi->RemoveObserver("security.", this);
    }

    ShutdownSmartCardThreads();
    SSL_ClearSessionCache();
    if (mClientAuthRememberService) {
      mClientAuthRememberService->ClearRememberedDecisions();
    }
    PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("evaporating psm resources\n"));
    mShutdownObjectList->evaporateAllNSSResources();
    if (SECSuccess != ::NSS_Shutdown()) {
      PR_LOG(gPIPNSSLog, PR_LOG_ALWAYS, ("NSS SHUTDOWN FAILURE\n"));
      rv = NS_ERROR_FAILURE;
    }
    else {
      PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS shutdown =====>> OK <<=====\n"));
    }
  }

  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 613 of file nsNSSComponent.cpp.

{
  if (!mThreadList) {
    return NS_OK;
  }
  mThreadList->Remove(module);
  return NS_OK;
}

Here is the call graph for this function:

Definition at line 623 of file nsNSSComponent.cpp.

Here is the caller graph for this function:

Definition at line 557 of file nsNSSComponent.cpp.

{
  nsNSSShutDownPreventionLock locker;
  CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();

  SECStatus rv = CERT_DisableOCSPChecking(certdb);
  return (rv == SECSuccess) ? NS_OK : NS_ERROR_FAILURE;
}

Here is the call graph for this function:

Definition at line 567 of file nsNSSComponent.cpp.

Here is the call graph for this function:

nsIPrincipal nsISignatureVerifier::verifySignature ( in string  aSignature,
in unsigned long  aSignatureLen,
in string  plaintext,
in unsigned long  plaintextLen,
out long  errorCode 
) [inherited]

Member Data Documentation

Definition at line 272 of file nsNSSComponent.h.

Definition at line 271 of file nsNSSComponent.h.

Definition at line 267 of file nsNSSComponent.h.

Definition at line 279 of file nsNSSComponent.h.

Definition at line 281 of file nsNSSComponent.h.

Definition at line 270 of file nsNSSComponent.h.

Definition at line 269 of file nsNSSComponent.h.

Definition at line 268 of file nsNSSComponent.h.

Definition at line 280 of file nsNSSComponent.h.

int nsNSSComponent::mInstanceCount = 0 [static, private]

Definition at line 274 of file nsNSSComponent.h.

Definition at line 277 of file nsNSSComponent.h.

Definition at line 265 of file nsNSSComponent.h.

Definition at line 266 of file nsNSSComponent.h.

Definition at line 261 of file nsNSSComponent.h.

Definition at line 263 of file nsNSSComponent.h.

Definition at line 262 of file nsNSSComponent.h.

Definition at line 260 of file nsNSSComponent.h.

Definition at line 275 of file nsNSSComponent.h.

Definition at line 278 of file nsNSSComponent.h.

Definition at line 276 of file nsNSSComponent.h.

Definition at line 264 of file nsNSSComponent.h.

Definition at line 273 of file nsNSSComponent.h.

Definition at line 258 of file nsNSSComponent.h.

Definition at line 47 of file nsISignatureVerifier.idl.

Definition at line 46 of file nsISignatureVerifier.idl.


The documentation for this class was generated from the following files: