summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsNSSComponent.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsNSSComponent.h')
-rw-r--r--security/manager/ssl/nsNSSComponent.h234
1 files changed, 234 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSComponent.h b/security/manager/ssl/nsNSSComponent.h
new file mode 100644
index 000000000..e510dd10f
--- /dev/null
+++ b/security/manager/ssl/nsNSSComponent.h
@@ -0,0 +1,234 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _nsNSSComponent_h_
+#define _nsNSSComponent_h_
+
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "nsIObserver.h"
+#include "nsIStringBundle.h"
+#include "nsNSSCallbacks.h"
+#include "prerror.h"
+#include "sslt.h"
+
+#ifdef XP_WIN
+#include "windows.h" // this needs to be before the following includes
+#include "wincrypt.h"
+#endif // XP_WIN
+
+class nsIDOMWindow;
+class nsIPrompt;
+class nsIX509CertList;
+class SmartCardThreadList;
+
+namespace mozilla { namespace psm {
+
+MOZ_MUST_USE
+ ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+ GetDefaultCertVerifier();
+
+} } // namespace mozilla::psm
+
+
+#define NS_NSSCOMPONENT_CID \
+{0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}}
+
+#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
+
+#define NS_INSSCOMPONENT_IID \
+ { 0xa0a8f52b, 0xea18, 0x4abc, \
+ { 0xa3, 0xca, 0xec, 0xcf, 0x70, 0x4f, 0xfe, 0x63 } }
+
+enum EnsureNSSOperator
+{
+ nssLoadingComponent = 0,
+ nssInitSucceeded = 1,
+ nssInitFailed = 2,
+ nssShutdown = 3,
+ nssEnsure = 100,
+ nssEnsureOnChromeOnly = 101,
+ nssEnsureChromeOrContent = 102,
+};
+
+extern bool EnsureNSSInitializedChromeOrContent();
+
+extern bool EnsureNSSInitialized(EnsureNSSOperator op);
+
+class NS_NO_VTABLE nsINSSComponent : public nsISupports
+{
+public:
+ NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
+
+ NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) = 0;
+
+ NS_IMETHOD GetPIPNSSBundleString(const char* name,
+ nsAString& outString) = 0;
+ NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
+ const char16_t** params,
+ uint32_t numParams,
+ nsAString& outString) = 0;
+
+ NS_IMETHOD GetNSSBundleString(const char* name,
+ nsAString& outString) = 0;
+
+ NS_IMETHOD LogoutAuthenticatedPK11() = 0;
+
+#ifndef MOZ_NO_SMART_CARDS
+ NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) = 0;
+
+ NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) = 0;
+#endif
+
+ NS_IMETHOD IsNSSInitialized(bool* initialized) = 0;
+
+#ifdef DEBUG
+ NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) = 0;
+#endif
+
+ NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) = 0;
+
+#ifdef XP_WIN
+ NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) = 0;
+#endif
+
+ virtual ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+ GetDefaultCertVerifier() = 0;
+};
+
+NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
+
+class nsNSSShutDownList;
+
+// Implementation of the PSM component interface.
+class nsNSSComponent final : public nsINSSComponent
+ , public nsIObserver
+{
+public:
+ NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
+
+ nsNSSComponent();
+
+ NS_DECL_THREADSAFE_ISUPPORTS
+ NS_DECL_NSIOBSERVER
+
+ nsresult Init();
+
+ static nsresult GetNewPrompter(nsIPrompt** result);
+ static nsresult ShowAlertWithConstructedString(const nsString& message);
+ NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) override;
+
+ NS_IMETHOD GetPIPNSSBundleString(const char* name,
+ nsAString& outString) override;
+ NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
+ const char16_t** params,
+ uint32_t numParams,
+ nsAString& outString) override;
+ NS_IMETHOD GetNSSBundleString(const char* name, nsAString& outString) override;
+ NS_IMETHOD LogoutAuthenticatedPK11() override;
+
+#ifndef MOZ_NO_SMART_CARDS
+ NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) override;
+ NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) override;
+ void LaunchSmartCardThreads();
+ void ShutdownSmartCardThreads();
+ nsresult DispatchEventToWindow(nsIDOMWindow* domWin,
+ const nsAString& eventType,
+ const nsAString& token);
+#endif
+
+ NS_IMETHOD IsNSSInitialized(bool* initialized) override;
+
+#ifdef DEBUG
+ NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) override;
+#endif
+
+ NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) override;
+
+#ifdef XP_WIN
+ NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) override;
+#endif
+
+ ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+ GetDefaultCertVerifier() override;
+
+ // The following two methods are thread-safe.
+ static bool AreAnyWeakCiphersEnabled();
+ static void UseWeakCiphersOnSocket(PRFileDesc* fd);
+
+ static void FillTLSVersionRange(SSLVersionRange& rangeOut,
+ uint32_t minFromPrefs,
+ uint32_t maxFromPrefs,
+ SSLVersionRange defaults);
+
+protected:
+ virtual ~nsNSSComponent();
+
+private:
+ nsresult InitializeNSS();
+ void ShutdownNSS();
+
+ void LoadLoadableRoots();
+ void UnloadLoadableRoots();
+ void setValidationOptions(bool isInitialSetting,
+ const mozilla::MutexAutoLock& lock);
+ nsresult setEnabledTLSVersions();
+ nsresult InitializePIPNSSBundle();
+ nsresult ConfigureInternalPKCS11Token();
+ nsresult RegisterObservers();
+
+ void DoProfileBeforeChange();
+
+ void MaybeEnableFamilySafetyCompatibility();
+ void MaybeImportEnterpriseRoots();
+#ifdef XP_WIN
+ void ImportEnterpriseRootsForLocation(DWORD locationFlag);
+ nsresult MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
+ bool& wasFamilySafetyRoot);
+ nsresult LoadFamilySafetyRoot();
+ void UnloadFamilySafetyRoot();
+
+ void UnloadEnterpriseRoots();
+
+ mozilla::UniqueCERTCertificate mFamilySafetyRoot;
+ mozilla::UniqueCERTCertList mEnterpriseRoots;
+#endif // XP_WIN
+
+ mozilla::Mutex mutex;
+
+ nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
+ nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
+ bool mNSSInitialized;
+ static int mInstanceCount;
+#ifndef MOZ_NO_SMART_CARDS
+ SmartCardThreadList* mThreadList;
+#endif
+
+#ifdef DEBUG
+ nsString mTestBuiltInRootHash;
+#endif
+ nsString mContentSigningRootHash;
+
+ nsNSSHttpInterface mHttpForNSS;
+ RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier;
+
+ static PRStatus IdentityInfoInit(void);
+};
+
+class nsNSSErrors
+{
+public:
+ static const char* getDefaultErrorStringName(PRErrorCode err);
+ static const char* getOverrideErrorStringName(PRErrorCode aErrorCode);
+ static nsresult getErrorMessageFromCode(PRErrorCode err,
+ nsINSSComponent* component,
+ nsString& returnedMessage);
+};
+
+#endif // _nsNSSComponent_h_