Back to index

lightning-sunbird  0.9+nobinonly
nsNSSIOLayer.h
Go to the documentation of this file.
00001 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
00002  *
00003  * ***** BEGIN LICENSE BLOCK *****
00004  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00005  *
00006  * The contents of this file are subject to the Mozilla Public License Version
00007  * 1.1 (the "License"); you may not use this file except in compliance with
00008  * the License. You may obtain a copy of the License at
00009  * http://www.mozilla.org/MPL/
00010  *
00011  * Software distributed under the License is distributed on an "AS IS" basis,
00012  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00013  * for the specific language governing rights and limitations under the
00014  * License.
00015  *
00016  * The Original Code is mozilla.org code.
00017  *
00018  * The Initial Developer of the Original Code is
00019  * Netscape Communications Corporation.
00020  * Portions created by the Initial Developer are Copyright (C) 1998
00021  * the Initial Developer. All Rights Reserved.
00022  *
00023  * Contributor(s):
00024  *   Brian Ryner <bryner@brianryner.com>
00025  *   Kai Engert <kengert@redhat.com>
00026  *
00027  * Alternatively, the contents of this file may be used under the terms of
00028  * either the GNU General Public License Version 2 or later (the "GPL"), or
00029  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00030  * in which case the provisions of the GPL or the LGPL are applicable instead
00031  * of those above. If you wish to allow use of your version of this file only
00032  * under the terms of either the GPL or the LGPL, and not to allow others to
00033  * use your version of this file under the terms of the MPL, indicate your
00034  * decision by deleting the provisions above and replace them with the notice
00035  * and other provisions required by the GPL or the LGPL. If you do not delete
00036  * the provisions above, a recipient may use your version of this file under
00037  * the terms of any one of the MPL, the GPL or the LGPL.
00038  *
00039  * ***** END LICENSE BLOCK ***** */
00040 
00041 #ifndef _NSNSSIOLAYER_H
00042 #define _NSNSSIOLAYER_H
00043 
00044 #include "prtypes.h"
00045 #include "prio.h"
00046 #include "certt.h"
00047 #include "nsString.h"
00048 #include "nsIInterfaceRequestor.h"
00049 #include "nsIInterfaceRequestorUtils.h"
00050 #include "nsITransportSecurityInfo.h"
00051 #include "nsISSLSocketControl.h"
00052 #include "nsISSLStatus.h"
00053 #include "nsISSLStatusProvider.h"
00054 #include "nsXPIDLString.h"
00055 #include "nsNSSShutDown.h"
00056 #include "nsIClientAuthDialogs.h"
00057 
00058 class nsIChannel;
00059 class nsSSLThread;
00060 
00061 /*
00062  * This class is used to store SSL socket I/O state information,
00063  * that is not being executed directly, but defered to 
00064  * the separate SSL thread.
00065  */
00066 class nsSSLSocketThreadData
00067 {
00068 public:
00069   nsSSLSocketThreadData();
00070   ~nsSSLSocketThreadData();
00071 
00072   PRBool ensure_buffer_size(PRInt32 amount);
00073   
00074   enum ssl_state { 
00075     ssl_idle,          // not in use by SSL thread, no activity pending
00076     ssl_pending_write, // waiting for SSL thread to complete writing
00077     ssl_pending_read,  // waiting for SSL thread to complete reading
00078     ssl_writing_done,  // SSL write completed, results are ready
00079     ssl_reading_done   // SSL read completed, results are ready
00080   };
00081   
00082   ssl_state mSSLState;
00083 
00084   // Used to transport I/O error codes between SSL thread
00085   // and initial caller thread.
00086   PRErrorCode mPRErrorCode;
00087 
00088   // A buffer used to transfer I/O data between threads
00089   char *mSSLDataBuffer;
00090   PRInt32 mSSLDataBufferAllocatedSize;
00091 
00092   // The amount requested to read or write by the caller.
00093   PRInt32 mSSLRequestedTransferAmount;
00094 
00095   // A pointer into our buffer, to the first byte
00096   // that has not yet been delivered to the caller.
00097   // Necessary, as the caller of the read function
00098   // might request smaller chunks.
00099   const char *mSSLRemainingReadResultData;
00100   
00101   // The caller previously requested to read or write.
00102   // As the initial request to read or write is defered,
00103   // the caller might (in theory) request smaller chunks
00104   // in subsequent calls.
00105   // This variable stores the amount of bytes successfully
00106   // transfered, that have not yet been reported to the caller.
00107   PRInt32 mSSLResultRemainingBytes;
00108 
00109   // When defering SSL read/write activity to another thread,
00110   // we switch the SSL level file descriptor of the original
00111   // layered file descriptor to a pollable event,
00112   // so we can wake up the original caller of the I/O function
00113   // as soon as data is ready.
00114   // This variable is used to save the SSL level file descriptor,
00115   // to allow us to restore the original file descriptor layering.
00116   PRFileDesc *mReplacedSSLFileDesc;
00117 
00118   PRBool mOneBytePendingFromEarlierWrite;
00119   unsigned char mThePendingByte;
00120   PRInt32 mOriginalRequestedTransferAmount;
00121 };
00122 
00123 class nsNSSSocketInfo : public nsITransportSecurityInfo,
00124                         public nsISSLSocketControl,
00125                         public nsIInterfaceRequestor,
00126                         public nsISSLStatusProvider,
00127                         public nsIClientAuthUserDecision,
00128                         public nsNSSShutDownObject,
00129                         public nsOnPK11LogoutCancelObject
00130 {
00131 public:
00132   nsNSSSocketInfo();
00133   virtual ~nsNSSSocketInfo();
00134   
00135   NS_DECL_ISUPPORTS
00136   NS_DECL_NSITRANSPORTSECURITYINFO
00137   NS_DECL_NSISSLSOCKETCONTROL
00138   NS_DECL_NSIINTERFACEREQUESTOR
00139   NS_DECL_NSISSLSTATUSPROVIDER
00140   NS_DECL_NSICLIENTAUTHUSERDECISION
00141 
00142   nsresult SetSecurityState(PRUint32 aState);
00143   nsresult SetShortSecurityDescription(const PRUnichar *aText);
00144 
00145   nsresult SetForSTARTTLS(PRBool aForSTARTTLS);
00146   nsresult GetForSTARTTLS(PRBool *aForSTARTTLS);
00147 
00148   nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
00149   nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
00150 
00151   nsresult GetHandshakePending(PRBool *aHandshakePending);
00152   nsresult SetHandshakePending(PRBool aHandshakePending);
00153 
00154   nsresult GetHostName(char **aHostName);
00155   nsresult SetHostName(const char *aHostName);
00156 
00157   nsresult GetPort(PRInt32 *aPort);
00158   nsresult SetPort(PRInt32 aPort);
00159 
00160   void SetCanceled(PRBool aCanceled);
00161   PRBool GetCanceled();
00162   
00163   void SetHasCleartextPhase(PRBool aHasCleartextPhase);
00164   PRBool GetHasCleartextPhase();
00165   
00166   void SetHandshakeInProgress(PRBool aIsIn);
00167   PRBool GetHandshakeInProgress() { return mHandshakeInProgress; }
00168   PRBool HandshakeTimeout();
00169 
00170   void SetAllowTLSIntoleranceTimeout(PRBool aAllow);
00171 
00172   enum BadCertUIStatusType {
00173     bcuis_not_shown, bcuis_active, bcuis_was_shown
00174   };
00175 
00176   void SetBadCertUIStatus(BadCertUIStatusType aNewStatus);
00177   BadCertUIStatusType GetBadCertUIStatus() { return mBadCertUIStatus; }
00178 
00179   nsresult RememberCAChain(CERTCertList *aCertList);
00180 
00181   /* Set SSL Status values */
00182   nsresult SetSSLStatus(nsISSLStatus *aSSLStatus);  
00183   
00184   PRStatus CloseSocketAndDestroy();
00185   
00186 protected:
00187   nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
00188   PRFileDesc* mFd;
00189   PRUint32 mSecurityState;
00190   nsString mShortDesc;
00191   PRPackedBool mForSTARTTLS;
00192   PRPackedBool mHandshakePending;
00193   PRPackedBool mCanceled;
00194   PRPackedBool mHasCleartextPhase;
00195   PRPackedBool mHandshakeInProgress;
00196   PRPackedBool mAllowTLSIntoleranceTimeout;
00197   PRPackedBool mRememberClientAuthCertificate;
00198   BadCertUIStatusType mBadCertUIStatus;
00199   PRIntervalTime mHandshakeStartTime;
00200   PRInt32 mPort;
00201   nsXPIDLCString mHostName;
00202   CERTCertList *mCAChain;
00203 
00204   /* SSL Status */
00205   nsCOMPtr<nsISSLStatus> mSSLStatus;
00206 
00207   nsresult ActivateSSL();
00208 
00209   nsSSLSocketThreadData *mThreadData;
00210 
00211 private:
00212   virtual void virtualDestroyNSSReference();
00213   void destructorSafeDestroyNSSReference();
00214 
00215 friend class nsSSLThread;
00216 };
00217 
00218 class nsCStringHashSet;
00219 
00220 class nsSSLIOLayerHelpers
00221 {
00222 public:
00223   static nsresult Init();
00224   static void Cleanup();
00225 
00226   static PRDescIdentity nsSSLIOLayerIdentity;
00227   static PRIOMethods nsSSLIOLayerMethods;
00228 
00229   static PRLock *mutex;
00230   static nsCStringHashSet *mTLSIntolerantSites;
00231   
00232   static PRBool rememberPossibleTLSProblemSite(PRFileDesc* fd, nsNSSSocketInfo *socketInfo);
00233 
00234   static void addIntolerantSite(const nsCString &str);
00235   static PRBool isKnownAsIntolerantSite(const nsCString &str);
00236   
00237   static PRFileDesc *mSharedPollableEvent;
00238   static nsNSSSocketInfo *mSocketOwningPollableEvent;
00239   
00240   static PRBool mPollableEventCurrentlySet;
00241 };
00242 
00243 nsresult nsSSLIOLayerNewSocket(PRInt32 family,
00244                                const char *host,
00245                                PRInt32 port,
00246                                const char *proxyHost,
00247                                PRInt32 proxyPort,
00248                                PRFileDesc **fd,
00249                                nsISupports **securityInfo,
00250                                PRBool forSTARTTLS);
00251 
00252 nsresult nsSSLIOLayerAddToSocket(PRInt32 family,
00253                                  const char *host,
00254                                  PRInt32 port,
00255                                  const char *proxyHost,
00256                                  PRInt32 proxyPort,
00257                                  PRFileDesc *fd,
00258                                  nsISupports **securityInfo,
00259                                  PRBool forSTARTTLS);
00260 
00261 nsresult nsSSLIOLayerFreeTLSIntolerantSites();
00262 nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo *infoObject, int error);
00263  
00264 #endif /* _NSNSSIOLAYER_H */