Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Functions
nsNSSCallbacks.cpp File Reference
#include "nsNSSComponent.h"
#include "nsNSSCallbacks.h"
#include "nsNSSCertificate.h"
#include "nsISSLStatus.h"
#include "nsNSSIOLayer.h"
#include "nsIWebProgressListener.h"
#include "nsIStringBundle.h"
#include "nsXPIDLString.h"
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "nsReadableUtils.h"
#include "nsIPrompt.h"
#include "nsProxiedService.h"
#include "nsIInterfaceRequestor.h"
#include "nsIInterfaceRequestorUtils.h"
#include "nsCRT.h"
#include "nsNSSShutDown.h"
#include "nsNSSEvent.h"
#include "nsIUploadChannel.h"
#include "nsSSLThread.h"
#include "nsAutoLock.h"
#include "nsIThread.h"
#include "nsIWindowWatcher.h"
#include "ssl.h"
#include "cert.h"
#include "ocsp.h"

Go to the source code of this file.

Classes

struct  nsHTTPDownloadEvent
struct  nsCancelHTTPDownloadEvent
class  nsSSLStatus

Defines

#define CONDITION_WAIT_TIME   PR_MillisecondsToInterval(250)

Functions

static NS_DEFINE_CID (kNSSComponentCID, NS_NSSCOMPONENT_CID)
static void PR_CALLBACK HandleHTTPDownloadPLEvent (nsHTTPDownloadEvent *aEvent)
static void PR_CALLBACK DestroyHTTPDownloadPLEvent (nsHTTPDownloadEvent *aEvent)
static void PR_CALLBACK HandleCancelHTTPDownloadPLEvent (nsCancelHTTPDownloadEvent *aEvent)
static void PR_CALLBACK DestroyCancelHTTPDownloadPLEvent (nsCancelHTTPDownloadEvent *aEvent)
char *PR_CALLBACK PK11PasswordPrompt (PK11SlotInfo *slot, PRBool retry, void *arg)
void PR_CALLBACK HandshakeCallback (PRFileDesc *fd, void *client_data)
SECStatus PR_CALLBACK AuthCertificateCallback (void *client_data, PRFileDesc *fd, PRBool checksig, PRBool isServer)

Define Documentation

#define CONDITION_WAIT_TIME   PR_MillisecondsToInterval(250)

Definition at line 262 of file nsNSSCallbacks.cpp.


Function Documentation

SECStatus PR_CALLBACK AuthCertificateCallback ( void client_data,
PRFileDesc fd,
PRBool  checksig,
PRBool  isServer 
)

Definition at line 878 of file nsNSSCallbacks.cpp.

                                                                                {
  nsNSSShutDownPreventionLock locker;

  // first the default action
  SECStatus rv = SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);

  // We want to remember the CA certs in the temp db, so that the application can find the
  // complete chain at any time it might need it.
  // But we keep only those CA certs in the temp db, that we didn't already know.
  
  if (SECSuccess == rv) {
    CERTCertificate *serverCert = SSL_PeerCertificate(fd);
    if (serverCert) {
      CERTCertList *certList = CERT_GetCertChainFromCert(serverCert, PR_Now(), certUsageSSLCA);

      nsCOMPtr<nsINSSComponent> nssComponent;
      
      for (CERTCertListNode *node = CERT_LIST_HEAD(certList);
           !CERT_LIST_END(node, certList);
           node = CERT_LIST_NEXT(node)) {

        if (node->cert->slot) {
          // This cert was found on a token, no need to remember it in the temp db.
          continue;
        }

        if (node->cert->isperm) {
          // We don't need to remember certs already stored in perm db.
          continue;
        }
        
        if (node->cert == serverCert) {
          // We don't want to remember the server cert, 
          // the code that cares for displaying page info does this already.
          continue;
        }
        
        // We have found a signer cert that we want to remember.

        if (!nssComponent) {
          // delay getting the service until we really need it
          nsresult rv;
          nssComponent = do_GetService(kNSSComponentCID, &rv);
        }
        
        if (nssComponent) {
          nssComponent->RememberCert(node->cert);
        }
      }

      CERT_DestroyCertList(certList);
      CERT_DestroyCertificate(serverCert);
    }
  }

  return rv;
}

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 178 of file nsNSSCallbacks.cpp.

{
  delete aEvent;
}

Here is the caller graph for this function:

Definition at line 165 of file nsNSSCallbacks.cpp.

{
  delete aEvent;
}

Here is the caller graph for this function:

Definition at line 173 of file nsNSSCallbacks.cpp.

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 97 of file nsNSSCallbacks.cpp.

{
  if((!aEvent) || (!aEvent->mListener))
    return;

  nsresult rv;
  nsCOMPtr<nsIIOService> ios = do_GetIOService(&rv);
  if (NS_FAILED(rv))
    return;

  nsCOMPtr<nsIChannel> chan;
  ios->NewChannel(aEvent->mRequestSession->mURL, nsnull, nsnull, getter_AddRefs(chan));
  if (NS_FAILED(rv))
    return;

  // Create a loadgroup for this new channel.  This way if the channel
  // is redirected, we'll have a way to cancel the resulting channel.
  nsCOMPtr<nsILoadGroup> loadGroup =
    do_CreateInstance(NS_LOADGROUP_CONTRACTID);
  chan->SetLoadGroup(loadGroup);

  if (aEvent->mRequestSession->mHasPostData)
  {
    nsCOMPtr<nsIInputStream> uploadStream;
    rv = NS_NewPostDataStream(getter_AddRefs(uploadStream),
                              PR_FALSE,
                              aEvent->mRequestSession->mPostData,
                              0, ios);
    if (NS_FAILED(rv))
      return;

    nsCOMPtr<nsIUploadChannel> uploadChannel(do_QueryInterface(chan, &rv));
    if (NS_FAILED(rv))
      return;

    rv = uploadChannel->SetUploadStream(uploadStream, 
                                        aEvent->mRequestSession->mPostContentType,
                                        -1);
    if (NS_FAILED(rv))
      return;
  }

  nsCOMPtr<nsIHttpChannel> hchan = do_QueryInterface(chan, &rv);
  if (NS_FAILED(rv))
    return;

  rv = hchan->SetRequestMethod(aEvent->mRequestSession->mRequestMethod);
  if (NS_FAILED(rv))
    return;

  nsSSLThread::rememberPendingHTTPRequest(loadGroup);

  aEvent->mResponsibleForDoneSignal = PR_FALSE;
  aEvent->mListener->mResponsibleForDoneSignal = PR_TRUE;

  rv = NS_NewStreamLoader(getter_AddRefs(aEvent->mListener->mLoader), 
                          hchan, 
                          aEvent->mListener, 
                          nsnull);

  if (NS_FAILED(rv)) {
    aEvent->mListener->mResponsibleForDoneSignal = PR_FALSE;
    aEvent->mResponsibleForDoneSignal = PR_TRUE;
    
    nsSSLThread::rememberPendingHTTPRequest(nsnull);
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

void PR_CALLBACK HandshakeCallback ( PRFileDesc fd,
void client_data 
)

Definition at line 799 of file nsNSSCallbacks.cpp.

                                                                      {
  nsNSSShutDownPreventionLock locker;
  PRInt32 sslStatus;
  char* signer = nsnull;
  char* cipherName = nsnull;
  PRInt32 keyLength;
  nsresult rv;
  PRInt32 encryptBits;

  if (SECSuccess != SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
                                       &encryptBits, &signer, nsnull)) {
    return;
  }

  PRInt32 secStatus;
  if (sslStatus == SSL_SECURITY_STATUS_OFF)
    secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
  else if (encryptBits >= 90)
    secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
                 nsIWebProgressListener::STATE_SECURE_HIGH);
  else
    secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
                 nsIWebProgressListener::STATE_SECURE_LOW);

  CERTCertificate *peerCert = SSL_PeerCertificate(fd);
  char* caName = CERT_GetOrgName(&peerCert->issuer);
  CERT_DestroyCertificate(peerCert);
  if (!caName) {
    caName = signer;
  }

  // If the CA name is RSA Data Security, then change the name to the real
  // name of the company i.e. VeriSign, Inc.
  if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
    // In this case, caName != signer since the logic implies signer
    // would be at minimal "O=RSA Data Security, Inc" because caName
    // is what comes after to O=.  So we're OK just freeing this memory
    // without checking to see if it's equal to signer;
    NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
    PR_Free(caName);
    caName = PL_strdup("Verisign, Inc.");
  }

  nsAutoString shortDesc;
  const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(caName)) };
  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
  if (NS_SUCCEEDED(rv)) {
    rv = nssComponent->PIPBundleFormatStringFromName("SignedBy",
                                                   formatStrings, 1,
                                                   shortDesc);

    nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));

    nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
    infoObject->SetSecurityState(secStatus);
    infoObject->SetShortSecurityDescription(shortDesc.get());

    /* Set the SSL Status information */
    nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();

    CERTCertificate *serverCert = SSL_PeerCertificate(fd);
    if (serverCert) {
      status->mServerCert = new nsNSSCertificate(serverCert);
      CERT_DestroyCertificate(serverCert);
    }

    status->mKeyLength = keyLength;
    status->mSecretKeyLength = encryptBits;
    status->mCipherName.Adopt(cipherName);

    infoObject->SetSSLStatus(status);
  }

  if (caName != signer) {
    PR_Free(caName);
  }
  PR_Free(signer);
}

Here is the caller graph for this function:

static NS_DEFINE_CID ( kNSSComponentCID  ,
NS_NSSCOMPONENT_CID   
) [static]
char* PR_CALLBACK PK11PasswordPrompt ( PK11SlotInfo *  slot,
PRBool  retry,
void arg 
)

Definition at line 718 of file nsNSSCallbacks.cpp.

                                                                {
  nsNSSShutDownPreventionLock locker;
  nsresult rv = NS_OK;
  PRUnichar *password = nsnull;
  PRBool value = PR_FALSE;
  nsIInterfaceRequestor *ir = NS_STATIC_CAST(nsIInterfaceRequestor*, arg);
  nsCOMPtr<nsIPrompt> proxyPrompt;

  // If no context is provided, no prompt is possible.
  if (!ir)
    return nsnull;

  /* TODO: Retry should generate a different dialog message */
/*
  if (retry)
    return nsnull;
*/

  // The interface requestor object may not be safe, so
  // proxy the call to get the nsIPrompt.

  nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
  if (!proxyman) return nsnull;

  nsCOMPtr<nsIInterfaceRequestor> proxiedCallbacks;
  proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
                              NS_GET_IID(nsIInterfaceRequestor),
                              ir,
                              PROXY_SYNC,
                              getter_AddRefs(proxiedCallbacks));

  // Get the desired interface
  nsCOMPtr<nsIPrompt> prompt(do_GetInterface(proxiedCallbacks));
  if (!prompt) {
    NS_ASSERTION(PR_FALSE, "callbacks does not implement nsIPrompt");
    return nsnull;
  }

  // Finally, get a proxy for the nsIPrompt
  proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ,
                             NS_GET_IID(nsIPrompt),
                              prompt,
                              PROXY_SYNC,
                              getter_AddRefs(proxyPrompt));


  nsAutoString promptString;
  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));

  if (NS_FAILED(rv))
    return nsnull; 

  const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(PK11_GetTokenName(slot))) };
  rv = nssComponent->PIPBundleFormatStringFromName("CertPassPrompt",
                                      formatStrings, 1,
                                      promptString);
  nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));

  if (NS_FAILED(rv))
    return nsnull;

  {
    nsPSMUITracker tracker;
    if (tracker.isUIForbidden()) {
      rv = NS_ERROR_NOT_AVAILABLE;
    }
    else {
      rv = proxyPrompt->PromptPassword(nsnull, promptString.get(),
                                       &password, nsnull, nsnull, &value);
    }
  }
  
  if (NS_SUCCEEDED(rv) && value) {
    char* str = ToNewUTF8String(nsDependentString(password));
    Recycle(password);
    return str;
  }

  return nsnull;
}

Here is the call graph for this function:

Here is the caller graph for this function: