diff options
Diffstat (limited to 'security/manager/ssl/nsNSSModule.cpp')
-rw-r--r-- | security/manager/ssl/nsNSSModule.cpp | 348 |
1 files changed, 348 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSModule.cpp b/security/manager/ssl/nsNSSModule.cpp new file mode 100644 index 000000000..e43d7d23d --- /dev/null +++ b/security/manager/ssl/nsNSSModule.cpp @@ -0,0 +1,348 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "CertBlocklist.h" +#include "ContentSignatureVerifier.h" +#include "NSSErrorsService.h" +#include "PSMContentListener.h" +#include "SecretDecoderRing.h" +#include "TransportSecurityInfo.h" +#include "WeakCryptoOverride.h" +#include "mozilla/ModuleUtils.h" +#include "nsCURILoader.h" +#include "nsCertOverrideService.h" +#include "nsCrypto.h" +#include "nsCryptoHash.h" +#include "nsDOMCID.h" // For the NS_CRYPTO_CONTRACTID define +#include "nsDataSignatureVerifier.h" +#include "nsICategoryManager.h" +#include "nsKeyModule.h" +#include "nsKeygenHandler.h" +#include "nsNSSCertificate.h" +#include "nsNSSCertificateDB.h" +#include "nsNSSCertificateFakeTransport.h" +#include "nsNSSComponent.h" +#include "nsNSSU2FToken.h" +#include "nsNSSVersion.h" +#include "nsNTLMAuthModule.h" +#include "nsNetCID.h" +#include "nsPK11TokenDB.h" +#include "nsPKCS11Slot.h" +#include "nsRandomGenerator.h" +#include "nsSSLSocketProvider.h" +#include "nsSSLStatus.h" +#include "nsSecureBrowserUIImpl.h" +#include "nsSiteSecurityService.h" +#include "nsTLSSocketProvider.h" +#include "nsXULAppAPI.h" + +#ifdef MOZ_XUL +#include "nsCertTree.h" +#endif + +#define NS_IS_PROCESS_DEFAULT \ + (GeckoProcessType_Default == XRE_GetProcessType()) + +#define NS_NSS_INSTANTIATE(ensureOperator, _InstanceClass) \ + PR_BEGIN_MACRO \ + _InstanceClass * inst; \ + inst = new _InstanceClass(); \ + NS_ADDREF(inst); \ + rv = inst->QueryInterface(aIID, aResult); \ + NS_RELEASE(inst); \ + PR_END_MACRO + +#define NS_NSS_INSTANTIATE_INIT(ensureOperator, _InstanceClass, _InitMethod) \ + PR_BEGIN_MACRO \ + _InstanceClass * inst; \ + inst = new _InstanceClass(); \ + NS_ADDREF(inst); \ + rv = inst->_InitMethod(); \ + if(NS_SUCCEEDED(rv)) { \ + rv = inst->QueryInterface(aIID, aResult); \ + } \ + NS_RELEASE(inst); \ + PR_END_MACRO + + +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(ensureOperator, \ + _InstanceClass) \ + NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator, \ + _InstanceClass, \ + _InstanceClass) + +// These two macros are ripped off from nsIGenericFactory.h and slightly +// modified. +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator, \ + _InstanceClassChrome, \ + _InstanceClassContent) \ +static nsresult \ +_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID, \ + void **aResult) \ +{ \ + nsresult rv; \ + \ + *aResult = nullptr; \ + if (nullptr != aOuter) { \ + rv = NS_ERROR_NO_AGGREGATION; \ + return rv; \ + } \ + \ + if (!NS_IS_PROCESS_DEFAULT && \ + ensureOperator == nssEnsureChromeOrContent) { \ + if (!EnsureNSSInitializedChromeOrContent()) { \ + return NS_ERROR_FAILURE; \ + } \ + } else if (!EnsureNSSInitialized(ensureOperator)) { \ + return NS_ERROR_FAILURE; \ + } \ + \ + if (NS_IS_PROCESS_DEFAULT) \ + NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassChrome); \ + else \ + NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassContent); \ + \ + if (ensureOperator == nssLoadingComponent) \ + { \ + if (NS_SUCCEEDED(rv)) \ + EnsureNSSInitialized(nssInitSucceeded); \ + else \ + EnsureNSSInitialized(nssInitFailed); \ + } \ + \ + return rv; \ +} + + +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(ensureOperator, \ + _InstanceClass, \ + _InitMethod) \ + NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator, \ + _InstanceClass, \ + _InstanceClass, \ + _InitMethod) + +#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator, \ + _InstanceClassChrome, \ + _InstanceClassContent, \ + _InitMethod) \ +static nsresult \ +_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID, \ + void **aResult) \ +{ \ + nsresult rv; \ + \ + *aResult = nullptr; \ + if (nullptr != aOuter) { \ + rv = NS_ERROR_NO_AGGREGATION; \ + return rv; \ + } \ + \ + if (!NS_IS_PROCESS_DEFAULT && \ + ensureOperator == nssEnsureChromeOrContent) { \ + if (!EnsureNSSInitializedChromeOrContent()) { \ + return NS_ERROR_FAILURE; \ + } \ + } else if (!EnsureNSSInitialized(ensureOperator)) { \ + return NS_ERROR_FAILURE; \ + } \ + \ + if (NS_IS_PROCESS_DEFAULT) \ + NS_NSS_INSTANTIATE_INIT(ensureOperator, \ + _InstanceClassChrome, \ + _InitMethod); \ + else \ + NS_NSS_INSTANTIATE_INIT(ensureOperator, \ + _InstanceClassContent, \ + _InitMethod); \ + \ + if (ensureOperator == nssLoadingComponent) \ + { \ + if (NS_SUCCEEDED(rv)) \ + EnsureNSSInitialized(nssInitSucceeded); \ + else \ + EnsureNSSInitialized(nssInitFailed); \ + } \ + \ + return rv; \ +} + +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssLoadingComponent, nsNSSComponent, + Init) + +using namespace mozilla::psm; + +namespace { + +// Use the special factory constructor for everything this module implements, +// because all code could potentially require the NSS library. +// Our factory constructor takes an additional boolean parameter. +// Only for the nsNSSComponent, set this to true. +// All other classes must have this set to false. + +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsSSLSocketProvider) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsTLSSocketProvider) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, SecretDecoderRing) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPK11TokenDB) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPKCS11ModuleDB) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly, + nsNSSCertificate, + nsNSSCertificateFakeTransport) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertificateDB) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly, + nsNSSCertList, + nsNSSCertListFakeTransport) +#ifdef MOZ_XUL +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree) +#endif +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHMAC) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObject) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObjectFactory) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, ContentSignatureVerifier) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsRandomGenerator) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNSSU2FToken, Init) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus) +NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo) + +typedef mozilla::psm::NSSErrorsService NSSErrorsService; +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSVersion) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCertOverrideService, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init) +NS_GENERIC_FACTORY_CONSTRUCTOR(WeakCryptoOverride) + +NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID); +NS_DEFINE_NAMED_CID(NS_SSLSOCKETPROVIDER_CID); +NS_DEFINE_NAMED_CID(NS_STARTTLSSOCKETPROVIDER_CID); +NS_DEFINE_NAMED_CID(NS_SECRETDECODERRING_CID); +NS_DEFINE_NAMED_CID(NS_PK11TOKENDB_CID); +NS_DEFINE_NAMED_CID(NS_PKCS11MODULEDB_CID); +NS_DEFINE_NAMED_CID(NS_PSMCONTENTLISTEN_CID); +NS_DEFINE_NAMED_CID(NS_X509CERT_CID); +NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID); +NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID); +NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID); +#ifdef MOZ_XUL +NS_DEFINE_NAMED_CID(NS_CERTTREE_CID); +#endif +NS_DEFINE_NAMED_CID(NS_PKCS11_CID); +NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID); +NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID); +NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID); +NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID); +NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID); +NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID); +NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID); +NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID); +NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID); +NS_DEFINE_NAMED_CID(NS_NSSU2FTOKEN_CID); +NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID); +NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID); +NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID); +NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID); +NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID); +NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID); +NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID); +NS_DEFINE_NAMED_CID(NS_WEAKCRYPTOOVERRIDE_CID); + +static const mozilla::Module::CIDEntry kNSSCIDs[] = { + { &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor }, + { &kNS_SSLSOCKETPROVIDER_CID, false, nullptr, nsSSLSocketProviderConstructor }, + { &kNS_STARTTLSSOCKETPROVIDER_CID, false, nullptr, nsTLSSocketProviderConstructor }, + { &kNS_SECRETDECODERRING_CID, false, nullptr, SecretDecoderRingConstructor }, + { &kNS_PK11TOKENDB_CID, false, nullptr, nsPK11TokenDBConstructor }, + { &kNS_PKCS11MODULEDB_CID, false, nullptr, nsPKCS11ModuleDBConstructor }, + { &kNS_PSMCONTENTLISTEN_CID, false, nullptr, PSMContentListenerConstructor }, + { &kNS_X509CERT_CID, false, nullptr, nsNSSCertificateConstructor }, + { &kNS_X509CERTDB_CID, false, nullptr, nsNSSCertificateDBConstructor }, + { &kNS_X509CERTLIST_CID, false, nullptr, nsNSSCertListConstructor }, + { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create }, +#ifdef MOZ_XUL + { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor }, +#endif + { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor }, + { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor }, + { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor }, + { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor }, + { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor }, + { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor }, + { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor }, + { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr, ContentSignatureVerifierConstructor }, + { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor }, + { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor }, + { &kNS_NSSU2FTOKEN_CID, false, nullptr, nsNSSU2FTokenConstructor }, + { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor }, + { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor }, + { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor }, + { &kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor }, + { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor }, + { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor }, + { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor}, + { &kNS_WEAKCRYPTOOVERRIDE_CID, false, nullptr, WeakCryptoOverrideConstructor }, + { nullptr } +}; + +static const mozilla::Module::ContractIDEntry kNSSContracts[] = { + { PSM_COMPONENT_CONTRACTID, &kNS_NSSCOMPONENT_CID }, + { NS_NSS_ERRORS_SERVICE_CONTRACTID, &kNS_NSSERRORSSERVICE_CID }, + { NS_NSSVERSION_CONTRACTID, &kNS_NSSVERSION_CID }, + { NS_SSLSOCKETPROVIDER_CONTRACTID, &kNS_SSLSOCKETPROVIDER_CID }, + { NS_STARTTLSSOCKETPROVIDER_CONTRACTID, &kNS_STARTTLSSOCKETPROVIDER_CID }, + { NS_SECRETDECODERRING_CONTRACTID, &kNS_SECRETDECODERRING_CID }, + { NS_PK11TOKENDB_CONTRACTID, &kNS_PK11TOKENDB_CID }, + { NS_PKCS11MODULEDB_CONTRACTID, &kNS_PKCS11MODULEDB_CID }, + { NS_PSMCONTENTLISTEN_CONTRACTID, &kNS_PSMCONTENTLISTEN_CID }, + { NS_X509CERTDB_CONTRACTID, &kNS_X509CERTDB_CID }, + { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID }, + { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID }, +#ifdef MOZ_XUL + { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID }, +#endif + { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID }, + { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID }, + { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID }, + { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID }, + { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID }, + { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID }, + { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID }, + { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID }, + { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID }, + { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID }, + { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID }, + { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID }, + { NS_NSSU2FTOKEN_CONTRACTID, &kNS_NSSU2FTOKEN_CID }, + { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID }, + { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID }, + { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID }, + { NS_WEAKCRYPTOOVERRIDE_CONTRACTID, &kNS_WEAKCRYPTOOVERRIDE_CID }, + { nullptr } +}; + +static const mozilla::Module::CategoryEntry kNSSCategories[] = { + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-ca-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-server-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" }, + { nullptr } +}; + +static const mozilla::Module kNSSModule = { + mozilla::Module::kVersion, + kNSSCIDs, + kNSSContracts, + kNSSCategories +}; + +} // unnamed namespace + +NSMODULE_DEFN(NSS) = &kNSSModule; |