Line data Source code
1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 : *
3 : * This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 : #ifndef _nsNSSComponent_h_
8 : #define _nsNSSComponent_h_
9 :
10 : #include "ScopedNSSTypes.h"
11 : #include "SharedCertVerifier.h"
12 : #include "mozilla/Attributes.h"
13 : #include "mozilla/Mutex.h"
14 : #include "mozilla/RefPtr.h"
15 : #include "nsCOMPtr.h"
16 : #include "nsIObserver.h"
17 : #include "nsIStringBundle.h"
18 : #include "nsNSSCallbacks.h"
19 : #include "prerror.h"
20 : #include "sslt.h"
21 :
22 : #ifdef XP_WIN
23 : #include "windows.h" // this needs to be before the following includes
24 : #include "wincrypt.h"
25 : #endif // XP_WIN
26 :
27 : class nsIDOMWindow;
28 : class nsIPrompt;
29 : class nsIX509CertList;
30 : class SmartCardThreadList;
31 :
32 : namespace mozilla { namespace psm {
33 :
34 : MOZ_MUST_USE
35 : ::already_AddRefed<mozilla::psm::SharedCertVerifier>
36 : GetDefaultCertVerifier();
37 :
38 : } } // namespace mozilla::psm
39 :
40 :
41 : #define NS_NSSCOMPONENT_CID \
42 : {0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}}
43 :
44 : #define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
45 :
46 : #define NS_INSSCOMPONENT_IID \
47 : { 0xa0a8f52b, 0xea18, 0x4abc, \
48 : { 0xa3, 0xca, 0xec, 0xcf, 0x70, 0x4f, 0xfe, 0x63 } }
49 :
50 : extern bool EnsureNSSInitializedChromeOrContent();
51 :
52 1 : class NS_NO_VTABLE nsINSSComponent : public nsISupports
53 : {
54 : public:
55 : NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
56 :
57 : NS_IMETHOD GetPIPNSSBundleString(const char* name,
58 : nsAString& outString) = 0;
59 : NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
60 : const char16_t** params,
61 : uint32_t numParams,
62 : nsAString& outString) = 0;
63 :
64 : NS_IMETHOD GetNSSBundleString(const char* name,
65 : nsAString& outString) = 0;
66 :
67 : NS_IMETHOD LogoutAuthenticatedPK11() = 0;
68 :
69 : #ifndef MOZ_NO_SMART_CARDS
70 : NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) = 0;
71 :
72 : NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) = 0;
73 : #endif
74 :
75 : #ifdef DEBUG
76 : NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) = 0;
77 : #endif
78 :
79 : NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) = 0;
80 :
81 : #ifdef XP_WIN
82 : NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) = 0;
83 : #endif
84 :
85 : virtual ::already_AddRefed<mozilla::psm::SharedCertVerifier>
86 : GetDefaultCertVerifier() = 0;
87 : };
88 :
89 : NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
90 :
91 : class nsNSSShutDownList;
92 :
93 : // Implementation of the PSM component interface.
94 : class nsNSSComponent final : public nsINSSComponent
95 : , public nsIObserver
96 : {
97 : public:
98 : NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
99 :
100 : nsNSSComponent();
101 :
102 : NS_DECL_THREADSAFE_ISUPPORTS
103 : NS_DECL_NSIOBSERVER
104 :
105 : nsresult Init();
106 :
107 : static nsresult GetNewPrompter(nsIPrompt** result);
108 :
109 : NS_IMETHOD GetPIPNSSBundleString(const char* name,
110 : nsAString& outString) override;
111 : NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
112 : const char16_t** params,
113 : uint32_t numParams,
114 : nsAString& outString) override;
115 : NS_IMETHOD GetNSSBundleString(const char* name, nsAString& outString) override;
116 : NS_IMETHOD LogoutAuthenticatedPK11() override;
117 :
118 : #ifndef MOZ_NO_SMART_CARDS
119 : NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) override;
120 : NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) override;
121 : nsresult LaunchSmartCardThreads();
122 : void ShutdownSmartCardThreads();
123 : nsresult DispatchEventToWindow(nsIDOMWindow* domWin,
124 : const nsAString& eventType,
125 : const nsAString& token);
126 : #endif
127 :
128 : #ifdef DEBUG
129 : NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) override;
130 : #endif
131 :
132 : NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) override;
133 :
134 : #ifdef XP_WIN
135 : NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) override;
136 : #endif
137 :
138 : ::already_AddRefed<mozilla::psm::SharedCertVerifier>
139 : GetDefaultCertVerifier() override;
140 :
141 : // The following two methods are thread-safe.
142 : static bool AreAnyWeakCiphersEnabled();
143 : static void UseWeakCiphersOnSocket(PRFileDesc* fd);
144 :
145 : static void FillTLSVersionRange(SSLVersionRange& rangeOut,
146 : uint32_t minFromPrefs,
147 : uint32_t maxFromPrefs,
148 : SSLVersionRange defaults);
149 :
150 : protected:
151 : virtual ~nsNSSComponent();
152 :
153 : private:
154 : nsresult InitializeNSS();
155 : void ShutdownNSS();
156 :
157 : void LoadLoadableRoots();
158 : void UnloadLoadableRoots();
159 : void setValidationOptions(bool isInitialSetting);
160 : nsresult setEnabledTLSVersions();
161 : nsresult InitializePIPNSSBundle();
162 : nsresult ConfigureInternalPKCS11Token();
163 : nsresult RegisterObservers();
164 :
165 : void MaybeEnableFamilySafetyCompatibility();
166 : void MaybeImportEnterpriseRoots();
167 : #ifdef XP_WIN
168 : void ImportEnterpriseRootsForLocation(
169 : DWORD locationFlag, const mozilla::MutexAutoLock& proofOfLock);
170 : nsresult MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
171 : bool& wasFamilySafetyRoot);
172 : nsresult LoadFamilySafetyRoot();
173 : void UnloadFamilySafetyRoot();
174 :
175 : void UnloadEnterpriseRoots(const mozilla::MutexAutoLock& proofOfLock);
176 : #endif // XP_WIN
177 :
178 : // mMutex protects all members that are accessed from more than one thread.
179 : // While this lock is held, the same thread must not attempt to acquire a
180 : // nsNSSShutDownPreventionLock (acquiring a nsNSSShutDownPreventionLock and
181 : // then acquiring this lock is fine).
182 : mozilla::Mutex mMutex;
183 :
184 : // The following members are accessed from more than one thread:
185 : nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
186 : nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
187 : bool mNSSInitialized;
188 : #ifdef DEBUG
189 : nsString mTestBuiltInRootHash;
190 : #endif
191 : nsString mContentSigningRootHash;
192 : RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier;
193 : #ifdef XP_WIN
194 : mozilla::UniqueCERTCertificate mFamilySafetyRoot;
195 : mozilla::UniqueCERTCertList mEnterpriseRoots;
196 : #endif // XP_WIN
197 :
198 : // The following members are accessed only on the main thread:
199 : #ifndef MOZ_NO_SMART_CARDS
200 : SmartCardThreadList* mThreadList;
201 : #endif
202 : static int mInstanceCount;
203 : };
204 :
205 : class nsNSSErrors
206 : {
207 : public:
208 : static const char* getDefaultErrorStringName(PRErrorCode err);
209 : static const char* getOverrideErrorStringName(PRErrorCode aErrorCode);
210 : static nsresult getErrorMessageFromCode(PRErrorCode err,
211 : nsINSSComponent* component,
212 : nsString& returnedMessage);
213 : };
214 :
215 : #endif // _nsNSSComponent_h_
|
