Line data Source code
1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 : *
3 : * This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 : #include "CertBlocklist.h"
8 : #include "ContentSignatureVerifier.h"
9 : #include "NSSErrorsService.h"
10 : #include "PKCS11.h"
11 : #include "PSMContentListener.h"
12 : #include "SecretDecoderRing.h"
13 : #include "TransportSecurityInfo.h"
14 : #include "mozilla/ModuleUtils.h"
15 : #include "nsCURILoader.h"
16 : #include "nsCertOverrideService.h"
17 : #include "nsCryptoHash.h"
18 : #include "nsDataSignatureVerifier.h"
19 : #include "nsICategoryManager.h"
20 : #include "nsKeyModule.h"
21 : #include "nsKeygenHandler.h"
22 : #include "nsNSSCertificate.h"
23 : #include "nsNSSCertificateDB.h"
24 : #include "nsNSSComponent.h"
25 : #include "nsNSSU2FToken.h"
26 : #include "nsNSSVersion.h"
27 : #include "nsNTLMAuthModule.h"
28 : #include "nsNetCID.h"
29 : #include "nsPK11TokenDB.h"
30 : #include "nsPKCS11Slot.h"
31 : #include "nsRandomGenerator.h"
32 : #include "nsSSLSocketProvider.h"
33 : #include "nsSSLStatus.h"
34 : #include "nsSecureBrowserUIImpl.h"
35 : #include "nsSiteSecurityService.h"
36 : #include "nsTLSSocketProvider.h"
37 : #include "nsXULAppAPI.h"
38 :
39 : #ifdef MOZ_XUL
40 : #include "nsCertTree.h"
41 : #endif
42 :
43 : namespace mozilla { namespace psm {
44 :
45 : // Many of the implementations in this module call NSS functions and as a result
46 : // require that PSM has successfully initialized NSS before being used.
47 : // Additionally, some of the implementations have various restrictions on which
48 : // process and threads they can be used on (e.g. some can only be used in the
49 : // parent process and some must be initialized only on the main thread).
50 : // The following initialization framework allows these requirements to be
51 : // succinctly expressed and implemented.
52 :
53 : template<class InstanceClass, nsresult (InstanceClass::*InitMethod)()>
54 : MOZ_ALWAYS_INLINE static nsresult
55 18 : Instantiate(REFNSIID aIID, void** aResult)
56 : {
57 18 : InstanceClass* inst = new InstanceClass();
58 18 : NS_ADDREF(inst);
59 18 : nsresult rv = InitMethod != nullptr ? (inst->*InitMethod)() : NS_OK;
60 18 : if (NS_SUCCEEDED(rv)) {
61 18 : rv = inst->QueryInterface(aIID, aResult);
62 : }
63 18 : NS_RELEASE(inst);
64 18 : return rv;
65 : }
66 :
67 : enum class ThreadRestriction {
68 : // must be initialized on the main thread (but can be used on any thread)
69 : MainThreadOnly,
70 : // can be initialized and used on any thread
71 : AnyThread,
72 : };
73 :
74 : enum class ProcessRestriction {
75 : ParentProcessOnly,
76 : AnyProcess,
77 : };
78 :
79 : template<class InstanceClass, nsresult (InstanceClass::*InitMethod)() = nullptr,
80 : ProcessRestriction processRestriction = ProcessRestriction::ParentProcessOnly,
81 : ThreadRestriction threadRestriction = ThreadRestriction::AnyThread>
82 : static nsresult
83 18 : Constructor(nsISupports* aOuter, REFNSIID aIID, void** aResult)
84 : {
85 18 : *aResult = nullptr;
86 18 : if (aOuter != nullptr) {
87 0 : return NS_ERROR_NO_AGGREGATION;
88 : }
89 :
90 18 : if (processRestriction == ProcessRestriction::ParentProcessOnly &&
91 1 : !XRE_IsParentProcess()) {
92 0 : return NS_ERROR_NOT_AVAILABLE;
93 : }
94 :
95 18 : if (!EnsureNSSInitializedChromeOrContent()) {
96 0 : return NS_ERROR_FAILURE;
97 : }
98 :
99 18 : if (threadRestriction == ThreadRestriction::MainThreadOnly &&
100 2 : !NS_IsMainThread()) {
101 :
102 0 : nsCOMPtr<nsIThread> mainThread;
103 0 : nsresult rv = NS_GetMainThread(getter_AddRefs(mainThread));
104 0 : if (NS_FAILED(rv)) {
105 0 : return rv;
106 : }
107 :
108 : // Forward to the main thread synchronously.
109 0 : mozilla::SyncRunnable::DispatchToThread(
110 : mainThread,
111 0 : new SyncRunnable(NS_NewRunnableFunction("psm::Constructor", [&]() {
112 0 : rv = Instantiate<InstanceClass, InitMethod>(aIID, aResult);
113 0 : })));
114 :
115 0 : return rv;
116 : }
117 :
118 18 : return Instantiate<InstanceClass, InitMethod>(aIID, aResult);
119 : }
120 :
121 : } } // namespace mozilla::psm
122 :
123 : using namespace mozilla::psm;
124 :
125 : namespace {
126 :
127 0 : NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init)
128 :
129 : typedef mozilla::psm::NSSErrorsService NSSErrorsService;
130 2 : NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init)
131 0 : NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSVersion)
132 4 : NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
133 2 : NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
134 :
135 : NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID);
136 : NS_DEFINE_NAMED_CID(NS_SSLSOCKETPROVIDER_CID);
137 : NS_DEFINE_NAMED_CID(NS_STARTTLSSOCKETPROVIDER_CID);
138 : NS_DEFINE_NAMED_CID(NS_SECRETDECODERRING_CID);
139 : NS_DEFINE_NAMED_CID(NS_PK11TOKENDB_CID);
140 : NS_DEFINE_NAMED_CID(NS_PKCS11MODULEDB_CID);
141 : NS_DEFINE_NAMED_CID(NS_PSMCONTENTLISTEN_CID);
142 : NS_DEFINE_NAMED_CID(NS_X509CERT_CID);
143 : NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID);
144 : NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID);
145 : NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID);
146 : #ifdef MOZ_XUL
147 : NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
148 : #endif
149 : NS_DEFINE_NAMED_CID(NS_PKCS11_CID);
150 : NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
151 : NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
152 : NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
153 : NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
154 : NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
155 : NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
156 : NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
157 : NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
158 : NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
159 : NS_DEFINE_NAMED_CID(NS_NSSU2FTOKEN_CID);
160 : NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
161 : NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
162 : NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
163 : NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
164 : NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
165 : NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
166 : NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
167 :
168 : static const mozilla::Module::CIDEntry kNSSCIDs[] = {
169 : { &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor },
170 : { &kNS_SSLSOCKETPROVIDER_CID, false, nullptr,
171 : Constructor<nsSSLSocketProvider> },
172 : { &kNS_STARTTLSSOCKETPROVIDER_CID, false, nullptr,
173 : Constructor<nsTLSSocketProvider> },
174 : { &kNS_SECRETDECODERRING_CID, false, nullptr,
175 : Constructor<SecretDecoderRing> },
176 : { &kNS_PK11TOKENDB_CID, false, nullptr, Constructor<nsPK11TokenDB> },
177 : { &kNS_PKCS11MODULEDB_CID, false, nullptr, Constructor<nsPKCS11ModuleDB> },
178 : { &kNS_PSMCONTENTLISTEN_CID, false, nullptr, PSMContentListenerConstructor },
179 : { &kNS_X509CERT_CID, false, nullptr,
180 : Constructor<nsNSSCertificate, nullptr, ProcessRestriction::AnyProcess> },
181 : { &kNS_X509CERTDB_CID, false, nullptr, Constructor<nsNSSCertificateDB> },
182 : { &kNS_X509CERTLIST_CID, false, nullptr,
183 : Constructor<nsNSSCertList, nullptr, ProcessRestriction::AnyProcess> },
184 : { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
185 : #ifdef MOZ_XUL
186 : { &kNS_CERTTREE_CID, false, nullptr, Constructor<nsCertTree> },
187 : #endif
188 : { &kNS_PKCS11_CID, false, nullptr, Constructor<PKCS11> },
189 : { &kNS_CRYPTO_HASH_CID, false, nullptr,
190 : Constructor<nsCryptoHash, nullptr, ProcessRestriction::AnyProcess> },
191 : { &kNS_CRYPTO_HMAC_CID, false, nullptr,
192 : Constructor<nsCryptoHMAC, nullptr, ProcessRestriction::AnyProcess> },
193 : { &kNS_NTLMAUTHMODULE_CID, false, nullptr,
194 : Constructor<nsNTLMAuthModule, &nsNTLMAuthModule::InitTest> },
195 : { &kNS_KEYMODULEOBJECT_CID, false, nullptr,
196 : Constructor<nsKeyObject, nullptr, ProcessRestriction::AnyProcess> },
197 : { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr,
198 : Constructor<nsKeyObjectFactory, nullptr, ProcessRestriction::AnyProcess> },
199 : { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr,
200 : Constructor<nsDataSignatureVerifier> },
201 : { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr,
202 : Constructor<ContentSignatureVerifier> },
203 : { &kNS_CERTOVERRIDE_CID, false, nullptr,
204 : Constructor<nsCertOverrideService, &nsCertOverrideService::Init,
205 : ProcessRestriction::ParentProcessOnly,
206 : ThreadRestriction::MainThreadOnly> },
207 : { &kNS_RANDOMGENERATOR_CID, false, nullptr,
208 : Constructor<nsRandomGenerator, nullptr, ProcessRestriction::AnyProcess> },
209 : { &kNS_NSSU2FTOKEN_CID, false, nullptr,
210 : Constructor<nsNSSU2FToken, &nsNSSU2FToken::Init> },
211 : { &kNS_SSLSTATUS_CID, false, nullptr,
212 : Constructor<nsSSLStatus, nullptr, ProcessRestriction::AnyProcess> },
213 : { &kTRANSPORTSECURITYINFO_CID, false, nullptr,
214 : Constructor<TransportSecurityInfo, nullptr,
215 : ProcessRestriction::AnyProcess> },
216 : { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor },
217 : { &kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor },
218 : { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
219 : { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr,
220 : Constructor<nsSiteSecurityService, &nsSiteSecurityService::Init,
221 : ProcessRestriction::AnyProcess,
222 : ThreadRestriction::MainThreadOnly> },
223 : { &kNS_CERT_BLOCKLIST_CID, false, nullptr,
224 : Constructor<CertBlocklist, &CertBlocklist::Init,
225 : ProcessRestriction::ParentProcessOnly,
226 : ThreadRestriction::MainThreadOnly> },
227 : { nullptr }
228 : };
229 :
230 : static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
231 : { PSM_COMPONENT_CONTRACTID, &kNS_NSSCOMPONENT_CID },
232 : { NS_NSS_ERRORS_SERVICE_CONTRACTID, &kNS_NSSERRORSSERVICE_CID },
233 : { NS_NSSVERSION_CONTRACTID, &kNS_NSSVERSION_CID },
234 : { NS_SSLSOCKETPROVIDER_CONTRACTID, &kNS_SSLSOCKETPROVIDER_CID },
235 : { NS_STARTTLSSOCKETPROVIDER_CONTRACTID, &kNS_STARTTLSSOCKETPROVIDER_CID },
236 : { NS_SECRETDECODERRING_CONTRACTID, &kNS_SECRETDECODERRING_CID },
237 : { NS_PK11TOKENDB_CONTRACTID, &kNS_PK11TOKENDB_CID },
238 : { NS_PKCS11MODULEDB_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
239 : { NS_PSMCONTENTLISTEN_CONTRACTID, &kNS_PSMCONTENTLISTEN_CID },
240 : { NS_X509CERTDB_CONTRACTID, &kNS_X509CERTDB_CID },
241 : { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID },
242 : { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID },
243 : #ifdef MOZ_XUL
244 : { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID },
245 : #endif
246 : { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID },
247 : { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
248 : { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
249 : { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
250 : { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
251 : { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
252 : { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
253 : { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
254 : { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },
255 : { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
256 : { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
257 : { NS_NSSU2FTOKEN_CONTRACTID, &kNS_NSSU2FTOKEN_CID },
258 : { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
259 : { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
260 : { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
261 : { nullptr }
262 : };
263 :
264 : static const mozilla::Module::CategoryEntry kNSSCategories[] = {
265 : { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-ca-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
266 : { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-server-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
267 : { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
268 : { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
269 : { nullptr }
270 : };
271 :
272 : static const mozilla::Module kNSSModule = {
273 : mozilla::Module::kVersion,
274 : kNSSCIDs,
275 : kNSSContracts,
276 : kNSSCategories
277 : };
278 :
279 : } // unnamed namespace
280 :
281 : NSMODULE_DEFN(NSS) = &kNSSModule;
|
