From 40d3a042e502c359b5002b0991153a67fa3d6557 Mon Sep 17 00:00:00 2001 From: "kaie%netscape.com" Date: Thu, 29 Nov 2001 23:19:52 +0000 Subject: [PATCH] b=75947 Landing security startup performance improvement and related issues. r=javi sr=alecf b=109777 Make sure certificate downloading works immediately r=javi sr=mscott git-svn-id: svn://10.0.0.236/trunk@109264 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/manager/boot/Makefile.in | 45 + mozilla/security/manager/boot/makefile.win | 44 + .../security/manager/boot/public/Makefile.in | 53 ++ .../security/manager/boot/public/makefile.win | 55 ++ .../boot/public/nsIBufEntropyCollector.idl | 57 ++ .../boot/public/nsISSLStatusProvider.idl | 44 + .../boot/public/nsISecurityWarningDialogs.idl | 69 ++ mozilla/security/manager/boot/src/Makefile.in | 99 +++ .../security/manager/boot/src/makefile.win | 86 ++ .../manager/boot/src/nsBOOTModule.cpp | 53 ++ .../manager/boot/src/nsEntropyCollector.cpp | 131 +++ .../manager/boot/src/nsEntropyCollector.h | 70 ++ .../boot/src/nsSecureBrowserUIImpl.cpp | 834 ++++++++++++++++++ .../manager/boot/src/nsSecureBrowserUIImpl.h | 117 +++ 14 files changed, 1757 insertions(+) create mode 100644 mozilla/security/manager/boot/Makefile.in create mode 100644 mozilla/security/manager/boot/makefile.win create mode 100644 mozilla/security/manager/boot/public/Makefile.in create mode 100644 mozilla/security/manager/boot/public/makefile.win create mode 100644 mozilla/security/manager/boot/public/nsIBufEntropyCollector.idl create mode 100644 mozilla/security/manager/boot/public/nsISSLStatusProvider.idl create mode 100644 mozilla/security/manager/boot/public/nsISecurityWarningDialogs.idl create mode 100644 mozilla/security/manager/boot/src/Makefile.in create mode 100644 mozilla/security/manager/boot/src/makefile.win create mode 100644 mozilla/security/manager/boot/src/nsBOOTModule.cpp create mode 100644 mozilla/security/manager/boot/src/nsEntropyCollector.cpp create mode 100644 mozilla/security/manager/boot/src/nsEntropyCollector.h create mode 100644 mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.cpp create mode 100644 mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.h diff --git a/mozilla/security/manager/boot/Makefile.in b/mozilla/security/manager/boot/Makefile.in new file mode 100644 index 00000000000..f8ba923c24c --- /dev/null +++ b/mozilla/security/manager/boot/Makefile.in @@ -0,0 +1,45 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is mozilla.org code. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 2001 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Kai Engert +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +DEPTH = ../../.. +topsrcdir = @top_srcdir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +DIRS = public src + +include $(topsrcdir)/config/rules.mk diff --git a/mozilla/security/manager/boot/makefile.win b/mozilla/security/manager/boot/makefile.win new file mode 100644 index 00000000000..d997971786a --- /dev/null +++ b/mozilla/security/manager/boot/makefile.win @@ -0,0 +1,44 @@ +#!nmake +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is mozilla.org code. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 2001 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Kai Engert +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +DEPTH=..\..\.. +include <$(DEPTH)/config/config.mak> + +DIRS = public src + +include <$(DEPTH)\config\rules.mak> diff --git a/mozilla/security/manager/boot/public/Makefile.in b/mozilla/security/manager/boot/public/Makefile.in new file mode 100644 index 00000000000..0b55783e857 --- /dev/null +++ b/mozilla/security/manager/boot/public/Makefile.in @@ -0,0 +1,53 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is mozilla.org code. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 2001 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Kai Engert +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +MODULE = pipboot + +DEPTH = ../../../.. +topsrcdir = @top_srcdir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +include $(DEPTH)/config/autoconf.mk + +XPIDLSRCS = \ + nsISSLStatusProvider.idl \ + nsISecurityWarningDialogs.idl \ + nsIBufEntropyCollector.idl \ + $(NULL) + +include $(topsrcdir)/config/rules.mk diff --git a/mozilla/security/manager/boot/public/makefile.win b/mozilla/security/manager/boot/public/makefile.win new file mode 100644 index 00000000000..b9dd5ad83d0 --- /dev/null +++ b/mozilla/security/manager/boot/public/makefile.win @@ -0,0 +1,55 @@ +#!nmake +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is mozilla.org code. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 2001 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Kai Engert +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +MODULE = pipboot + +DEPTH=..\..\..\.. +IGNORE_MANIFEST=1 + +include <$(DEPTH)/config/config.mak> + +XPIDL_INCLUDES=-I$(DEPTH)\dist\idl + +XPIDLSRCS= \ + .\nsISSLStatusProvider.idl \ + .\nsISecurityWarningDialogs.idl \ + .\nsIBufEntropyCollector.idl \ + $(NULL) + + +include <$(DEPTH)\config\rules.mak> diff --git a/mozilla/security/manager/boot/public/nsIBufEntropyCollector.idl b/mozilla/security/manager/boot/public/nsIBufEntropyCollector.idl new file mode 100644 index 00000000000..b2a9ca62ab9 --- /dev/null +++ b/mozilla/security/manager/boot/public/nsIBufEntropyCollector.idl @@ -0,0 +1,57 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * L. David Baron (original author) + * Kai Engert + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "nsISupports.idl" +#include "nsIEntropyCollector.idl" + +[uuid(485b87a8-5dd7-4b8d-8ea8-dee53201f899)] +interface nsIBufEntropyCollector : nsIEntropyCollector +{ + /** + * Forward the entropy collected so far to |collector| and then + * continue forwarding new entropy as it arrives. + */ + void forwardTo(in nsIEntropyCollector collector); + + /** + * No longer forward to a (possibly) previously remembered collector. + * Do buffering again. + */ + void dontForward(); +}; diff --git a/mozilla/security/manager/boot/public/nsISSLStatusProvider.idl b/mozilla/security/manager/boot/public/nsISSLStatusProvider.idl new file mode 100644 index 00000000000..3f64c834766 --- /dev/null +++ b/mozilla/security/manager/boot/public/nsISSLStatusProvider.idl @@ -0,0 +1,44 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Terry Hayes + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "nsISupports.idl" + +[scriptable, uuid(8de811f0-1dd2-11b2-8bf1-e9aa324984b2)] +interface nsISSLStatusProvider : nsISupports { + readonly attribute nsISupports SSLStatus; +}; diff --git a/mozilla/security/manager/boot/public/nsISecurityWarningDialogs.idl b/mozilla/security/manager/boot/public/nsISecurityWarningDialogs.idl new file mode 100644 index 00000000000..c5eea8b023f --- /dev/null +++ b/mozilla/security/manager/boot/public/nsISecurityWarningDialogs.idl @@ -0,0 +1,69 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Terry Hayes + * + * ***** END LICENSE BLOCK ***** */ + +#include "nsISupports.idl" + +interface nsIInterfaceRequestor; + +/** + * nsISecurityWarningDialogs - functions that + * display warnings for transitions between secure + * and insecure pages, posts to insecure servers etc. + */ +[scriptable, uuid(1c399d06-1dd2-11b2-bc58-c87cbcacdb78)] +interface nsISecurityWarningDialogs : nsISupports +{ + /** + * alertEnteringSecure + */ + void alertEnteringSecure(in nsIInterfaceRequestor ctx); + + /** + * alertEnteringWeak + */ + void alertEnteringWeak(in nsIInterfaceRequestor ctx); + + /** + * alertLeavingSecure + */ + void alertLeavingSecure(in nsIInterfaceRequestor ctx); + + /** + * alertMixedMode + */ + void alertMixedMode(in nsIInterfaceRequestor ctx); + + /** + * confirmPostToInsecure + */ + boolean confirmPostToInsecure(in nsIInterfaceRequestor ctx); + + /** + * confirmPostToInsecureFromSecure + */ + boolean confirmPostToInsecureFromSecure(in nsIInterfaceRequestor ctx); +}; + diff --git a/mozilla/security/manager/boot/src/Makefile.in b/mozilla/security/manager/boot/src/Makefile.in new file mode 100644 index 00000000000..be85dc6eae1 --- /dev/null +++ b/mozilla/security/manager/boot/src/Makefile.in @@ -0,0 +1,99 @@ +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is mozilla.org code. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 2001 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Javier Delgadillo +# Terry Hayes +# Kai Engert +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +DEPTH = ../../../.. +topsrcdir = @top_srcdir@ +srcdir = @srcdir@ +VPATH = @srcdir@ + +include $(DEPTH)/config/autoconf.mk + +MODULE = pipboot +LIBRARY_NAME = pipboot +IS_COMPONENT = 1 +MODULE_NAME = BOOT +EXPORT_LIBRARY = 1 +META_COMPONENT = crypto + +EXPORTS = \ + $(NULL) + +CPPSRCS = \ + nsEntropyCollector.cpp \ + nsSecureBrowserUIImpl.cpp \ + nsBOOTModule.cpp \ + $(NULL) + +REQUIRES = nspr \ + xpcom \ + string \ + necko \ + uriloader \ + pref \ + caps \ + dom \ + intl \ + locale \ + profile \ + windowwatcher \ + js \ + docshell \ + widget \ + layout \ + content \ + pippki \ + xpconnect \ + jar \ + unicharutil \ + pipnss \ + $(NULL) + +include $(topsrcdir)/config/rules.mk + +INCLUDES += \ + -I$(DIST)/public/security \ + $(NULL) + +EXTRA_DSO_LDOPTS += \ + $(MOZ_COMPONENT_LIBS) \ + $(MOZ_JS_LIBS) \ + $(NULL) + +EXTRA_LIBS += \ + $(NULL) diff --git a/mozilla/security/manager/boot/src/makefile.win b/mozilla/security/manager/boot/src/makefile.win new file mode 100644 index 00000000000..5d3168a03f1 --- /dev/null +++ b/mozilla/security/manager/boot/src/makefile.win @@ -0,0 +1,86 @@ +#!nmake +# ***** BEGIN LICENSE BLOCK ***** +# Version: MPL 1.1/GPL 2.0/LGPL 2.1 +# +# The contents of this file are subject to the Mozilla Public License Version +# 1.1 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License +# for the specific language governing rights and limitations under the +# License. +# +# The Original Code is mozilla.org code. +# +# The Initial Developer of the Original Code is +# Netscape Communications Corporation. +# Portions created by the Initial Developer are Copyright (C) 2001 +# the Initial Developer. All Rights Reserved. +# +# Contributor(s): +# Terry Hayes +# Kai Engert +# +# Alternatively, the contents of this file may be used under the terms of +# either the GNU General Public License Version 2 or later (the "GPL"), or +# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), +# in which case the provisions of the GPL or the LGPL are applicable instead +# of those above. If you wish to allow use of your version of this file only +# under the terms of either the GPL or the LGPL, and not to allow others to +# use your version of this file under the terms of the MPL, indicate your +# decision by deleting the provisions above and replace them with the notice +# and other provisions required by the GPL or the LGPL. If you do not delete +# the provisions above, a recipient may use your version of this file under +# the terms of any one of the MPL, the GPL or the LGPL. +# +# ***** END LICENSE BLOCK ***** + +MODULE = pipboot + +DEPTH=..\..\..\.. +IGNORE_MANIFEST=1 + +LIBRARY_NAME = pipboot +PDBFILE = $(LIBRARY_NAME).pdb +MAPFILE = $(LIBRARY_NAME).map +MODULE_NAME = BOOT +META_COMPONENT = crypto + +REQUIRES = \ + xpcom \ + string \ + dom \ + pref \ + intl \ + locale \ + windowwatcher \ + necko \ + pipnss \ + layout \ + layout_xul \ + uriloader \ + docshell \ + widget \ + content \ + $(NULL) + +include <$(DEPTH)/config/config.mak> + +LLIBS = \ + $(DIST)/lib/js3250.lib \ + $(LIBNSPR) \ + $(DIST)\lib\xpcom.lib \ + $(NULL) + +EXPORTS = \ + $(NULL) + +OBJS = \ + .\$(OBJDIR)\nsEntropyCollector.obj \ + .\$(OBJDIR)\nsSecureBrowserUIImpl.obj \ + .\$(OBJDIR)\nsBOOTModule.obj \ + $(NULL) + +include <$(DEPTH)\config\rules.mak> diff --git a/mozilla/security/manager/boot/src/nsBOOTModule.cpp b/mozilla/security/manager/boot/src/nsBOOTModule.cpp new file mode 100644 index 00000000000..de4d921c159 --- /dev/null +++ b/mozilla/security/manager/boot/src/nsBOOTModule.cpp @@ -0,0 +1,53 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Terry Hayes + * + * ***** END LICENSE BLOCK ***** */ + +#include "nsIModule.h" +#include "nsIGenericFactory.h" + +#include "nsEntropyCollector.h" +#include "nsSecureBrowserUIImpl.h" + +NS_GENERIC_FACTORY_CONSTRUCTOR(nsEntropyCollector) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl) + +static nsModuleComponentInfo components[] = +{ + { + "Entropy Collector", + NS_ENTROPYCOLLECTOR_CID, + NS_ENTROPYCOLLECTOR_CONTRACTID, + nsEntropyCollectorConstructor + }, + + { + NS_SECURE_BROWSER_UI_CLASSNAME, + NS_SECURE_BROWSER_UI_CID, + NS_SECURE_BROWSER_UI_CONTRACTID, + nsSecureBrowserUIImplConstructor + } +}; + +NS_IMPL_NSGETMODULE(BOOT, components) diff --git a/mozilla/security/manager/boot/src/nsEntropyCollector.cpp b/mozilla/security/manager/boot/src/nsEntropyCollector.cpp new file mode 100644 index 00000000000..86adf7a00ac --- /dev/null +++ b/mozilla/security/manager/boot/src/nsEntropyCollector.cpp @@ -0,0 +1,131 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * L. David Baron (original author) + * Kai Engert + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "prlog.h" +#include "nsEntropyCollector.h" +#include "nsMemory.h" + +nsEntropyCollector::nsEntropyCollector() +:mBytesCollected(0), mWritePointer(mEntropyCache) +{ + NS_INIT_ISUPPORTS(); +} + +nsEntropyCollector::~nsEntropyCollector() +{ +} + +NS_IMPL_THREADSAFE_ISUPPORTS2(nsEntropyCollector, + nsIEntropyCollector, + nsIBufEntropyCollector) + +NS_IMETHODIMP +nsEntropyCollector::RandomUpdate(void *new_entropy, PRInt32 bufLen) +{ + if (bufLen > 0) { + if (mForwardTarget) { + return mForwardTarget->RandomUpdate(new_entropy, bufLen); + } + else { + const unsigned char *InputPointer = (const unsigned char *)new_entropy; + const unsigned char *PastEndPointer = mEntropyCache + entropy_buffer_size; + + // if the input is large, we only take as much as we can store + PRInt32 bytes_wanted = PR_MIN(bufLen, entropy_buffer_size); + + // remember the number of bytes we will have after storing new_entropy + mBytesCollected = PR_MIN(entropy_buffer_size, mBytesCollected + bytes_wanted); + + // as the above statements limit bytes_wanted to the entropy_buffer_size, + // this loop will iterate at most twice. + while (bytes_wanted > 0) { + + // how many bytes to end of cyclic buffer? + const PRInt32 space_to_end = PastEndPointer - mWritePointer; + + // how many bytes can we copy, not reaching the end of the buffer? + const PRInt32 this_time = PR_MIN(space_to_end, bytes_wanted); + + // copy at most to the end of the cyclic buffer + for (PRInt32 i = 0; i < this_time; ++i) { + + // accept the fact that we use our buffer's random uninitialized content + unsigned int old = *mWritePointer; + + // combine new and old value already stored in buffer + // this logic comes from PSM 1 + *mWritePointer++ = ((old << 1) | (old >> 7)) ^ *InputPointer++; + } + + PR_ASSERT(mWritePointer <= PastEndPointer); + PR_ASSERT(mWritePointer >= mEntropyCache); + + // have we arrived at the end of the buffer? + if (PastEndPointer == mWritePointer) { + // reset write pointer back to begining of our buffer + mWritePointer = mEntropyCache; + } + + // subtract the number of bytes we have already copied + bytes_wanted -= this_time; + } + } + } + + return NS_OK; +} + +NS_IMETHODIMP +nsEntropyCollector::ForwardTo(nsIEntropyCollector *aCollector) +{ + NS_PRECONDITION(!mForwardTarget, "|ForwardTo| should only be called once."); + + mForwardTarget = aCollector; + mForwardTarget->RandomUpdate(mEntropyCache, mBytesCollected); + mBytesCollected = 0; + + return NS_OK; +} + +NS_IMETHODIMP +nsEntropyCollector::DontForward() +{ + mForwardTarget = nsnull; + return NS_OK; +} diff --git a/mozilla/security/manager/boot/src/nsEntropyCollector.h b/mozilla/security/manager/boot/src/nsEntropyCollector.h new file mode 100644 index 00000000000..cebfa8b03de --- /dev/null +++ b/mozilla/security/manager/boot/src/nsEntropyCollector.h @@ -0,0 +1,70 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * L. David Baron (original author) + * Kai Engert + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#ifndef nsEntropyCollector_h___ +#define nsEntropyCollector_h___ + +#include "nsIEntropyCollector.h" +#include "nsIBufEntropyCollector.h" +#include "nsCOMPtr.h" + +#define NS_ENTROPYCOLLECTOR_CID \ + { /* 34587f4a-be18-43c0-9112-b782b08c0add */ \ + 0x34587f4a, 0xbe18, 0x43c0, \ + {0x91, 0x12, 0xb7, 0x82, 0xb0, 0x8c, 0x0a, 0xdd} } + +class nsEntropyCollector : public nsIBufEntropyCollector +{ + public: + nsEntropyCollector(); + virtual ~nsEntropyCollector(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIENTROPYCOLLECTOR + NS_DECL_NSIBUFENTROPYCOLLECTOR + + enum { entropy_buffer_size = 1024 }; + + protected: + unsigned char mEntropyCache[entropy_buffer_size]; + PRInt32 mBytesCollected; + unsigned char *mWritePointer; + nsCOMPtr mForwardTarget; +}; + +#endif /* !defined nsEntropyCollector_h__ */ diff --git a/mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.cpp b/mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.cpp new file mode 100644 index 00000000000..2106bef0ec7 --- /dev/null +++ b/mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.cpp @@ -0,0 +1,834 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1998-2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Hubbie Shaw + * Doug Turner + * Stuart Parmenter + * Brian Ryner + * Terry Hayes + * Kai Engert + * + * ***** END LICENSE BLOCK ***** */ + +#ifdef MOZ_LOGGING +#define FORCE_PR_LOG +#endif + +#include "nspr.h" +#include "prlog.h" +#include "prmem.h" + +#include "nsISecureBrowserUI.h" +#include "nsSecureBrowserUIImpl.h" +#include "nsCOMPtr.h" +#include "nsIInterfaceRequestor.h" +#include "nsIInterfaceRequestorUtils.h" +#include "nsIServiceManager.h" +#include "nsIScriptGlobalObject.h" +#include "nsIObserverService.h" +#include "nsIDocumentLoader.h" +#include "nsCURILoader.h" +#include "nsIDocShell.h" +#include "nsIDocumentViewer.h" +#include "nsIDocument.h" +#include "nsIDOMElement.h" +#include "nsIDOMWindowInternal.h" +#include "nsIContent.h" +#include "nsIWebProgress.h" +#include "nsIChannel.h" +#include "nsIHttpChannel.h" +#include "nsIFileChannel.h" +#include "nsITransportSecurityInfo.h" +#include "nsIURI.h" +#include "nsISecurityEventSink.h" +#include "nsIPrompt.h" +#include "nsIFormSubmitObserver.h" +#include "nsISecurityWarningDialogs.h" +#include "nsIProxyObjectManager.h" +#include "nsINSSDialogs.h" + +#define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties" + +static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID); +static const char *kNSSDialogsContractId = NS_NSSDIALOGS_CONTRACTID; + +#define IS_SECURE(state) ((state & 0xFFFF) == STATE_IS_SECURE) + +#if defined(PR_LOGGING) +// +// Log module for nsSecureBroswerUI logging... +// +// To enable logging (see prlog.h for full details): +// +// set NSPR_LOG_MODULES=nsSecureBroswerUI:5 +// set NSPR_LOG_FILE=nspr.log +// +// this enables PR_LOG_DEBUG level information and places all output in +// the file nspr.log +// +PRLogModuleInfo* gSecureDocLog = nsnull; +#endif /* PR_LOGGING */ + + +nsSecureBrowserUIImpl::nsSecureBrowserUIImpl() + : mMixContentAlertShown(PR_FALSE), + mSecurityState(STATE_IS_INSECURE) +{ + NS_INIT_ISUPPORTS(); + +#if defined(PR_LOGGING) + if (!gSecureDocLog) + gSecureDocLog = PR_NewLogModule("nsSecureBrowserUI"); +#endif /* PR_LOGGING */ +} + +nsSecureBrowserUIImpl::~nsSecureBrowserUIImpl() +{ + nsresult rv; + // remove self from form post notifications: + nsCOMPtr svc(do_GetService("@mozilla.org/observer-service;1", &rv)); + if (NS_SUCCEEDED(rv)) { + svc->RemoveObserver(this, NS_FORMSUBMIT_SUBJECT); + } +} + +NS_IMPL_ISUPPORTS6(nsSecureBrowserUIImpl, + nsISecureBrowserUI, + nsIWebProgressListener, + nsIFormSubmitObserver, + nsIObserver, + nsISupportsWeakReference, + nsISSLStatusProvider); + + +NS_IMETHODIMP +nsSecureBrowserUIImpl::Init(nsIDOMWindow *window, + nsIDOMElement *button) +{ + nsresult rv = NS_OK; + mSecurityButton = button; /* may be null */ + mWindow = window; + + nsCOMPtr service(do_GetService(kCStringBundleServiceCID, &rv)); + if (NS_FAILED(rv)) return rv; + + rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL, + getter_AddRefs(mStringBundle)); + if (NS_FAILED(rv)) return rv; + + // hook up to the form post notifications: + nsCOMPtr svc(do_GetService("@mozilla.org/observer-service;1", &rv)); + if (NS_SUCCEEDED(rv)) { + rv = svc->AddObserver(this, NS_FORMSUBMIT_SUBJECT, PR_TRUE); + } + + /* GetWebProgress(mWindow) */ + // hook up to the webprogress notifications. + nsCOMPtr sgo(do_QueryInterface(mWindow)); + if (!sgo) return NS_ERROR_FAILURE; + + nsCOMPtr docShell; + sgo->GetDocShell(getter_AddRefs(docShell)); + if (!docShell) return NS_ERROR_FAILURE; + + nsCOMPtr wp(do_GetInterface(docShell)); + if (!wp) return NS_ERROR_FAILURE; + /* end GetWebProgress */ + + wp->AddProgressListener(NS_STATIC_CAST(nsIWebProgressListener*,this)); + + return NS_OK; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::DisplayPageInfoUI() +{ +#if 0 + nsresult res = NS_OK; + nsCOMPtr psm(do_GetService(PSM_COMPONENT_CONTRACTID, + &res)); + if (NS_FAILED(res)) + return res; + + nsXPIDLCString host; + if (mCurrentURI) + mCurrentURI->GetHost(getter_Copies(host)); + + // return psm->DisplayPSMAdvisor(mLastPSMStatus, host); +#endif + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::Observe(nsISupports*, const char*, + const PRUnichar*) +{ + return NS_ERROR_NOT_IMPLEMENTED; +} + + +static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child, + PRBool* value) +{ + *value = PR_FALSE; + + if (parent == child) { + *value = PR_TRUE; + return NS_OK; + } + + nsCOMPtr childsParent; + child->GetParent(getter_AddRefs(childsParent)); + + if (childsParent && childsParent.get() != child) + IsChildOfDomWindow(parent, childsParent, value); + + return NS_OK; +} + +static PRInt32 GetSecurityStateFromChannel(nsIChannel* aChannel) +{ + nsresult res; + PRInt32 securityState; + + // qi for the psm information about this channel load. + nsCOMPtr info; + aChannel->GetSecurityInfo(getter_AddRefs(info)); + nsCOMPtr psmInfo(do_QueryInterface(info)); + if (!psmInfo) { + PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - no nsITransportSecurityInfo for %p\n", + aChannel, (nsISupports *)info)); + return nsIWebProgressListener::STATE_IS_INSECURE; + } + PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - info is %p\n", aChannel, + (nsISupports *)info)); + + res = psmInfo->GetSecurityState(&securityState); + if (!NS_SUCCEEDED(res)) { + PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - GetSecurityState failed: %d\n", + aChannel, res)); + securityState = nsIWebProgressListener::STATE_IS_BROKEN; + } + + PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - Returning %d\n", aChannel, + securityState)); + return securityState; +} + + +NS_IMETHODIMP +nsSecureBrowserUIImpl::Notify(nsIContent* formNode, + nsIDOMWindowInternal* window, nsIURI* actionURL, + PRBool* cancelSubmit) +{ + // Return NS_OK unless we want to prevent this form from submitting. + *cancelSubmit = PR_FALSE; + if (!window || !actionURL || !formNode) + return NS_OK; + + nsCOMPtr document; + formNode->GetDocument(*getter_AddRefs(document)); + if (!document) return NS_OK; + + nsCOMPtr formURL; + document->GetBaseURL(*getter_AddRefs(formURL)); + + nsCOMPtr globalObject; + document->GetScriptGlobalObject(getter_AddRefs(globalObject)); + nsCOMPtr postingWindow(do_QueryInterface(globalObject)); + + PRBool isChild; + IsChildOfDomWindow(mWindow, postingWindow, &isChild); + + // This notify call is not for our window, ignore it. + if (!isChild) + return NS_OK; + + PRBool okayToPost; + nsresult res = CheckPost(formURL, actionURL, &okayToPost); + + if (NS_SUCCEEDED(res) && !okayToPost) + *cancelSubmit = PR_TRUE; + + return res; +} + +// nsIWebProgressListener +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + PRInt32 aCurSelfProgress, + PRInt32 aMaxSelfProgress, + PRInt32 aCurTotalProgress, + PRInt32 aMaxTotalProgress) +{ + return NS_OK; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + PRInt32 aProgressStateFlags, + nsresult aStatus) +{ + nsresult res = NS_OK; + + if (!aRequest) + return NS_ERROR_NULL_POINTER; + + // Get the channel from the request... + // If the request is not network based, then ignore it. + nsCOMPtr channel(do_QueryInterface(aRequest, &res)); + if (NS_FAILED(res)) + return NS_OK; + + // We are only interested in HTTP and file requests. + nsCOMPtr httpRequest(do_QueryInterface(aRequest)); + nsCOMPtr fileRequest(do_QueryInterface(aRequest)); + if (!httpRequest && !fileRequest) { + return NS_OK; + } + + nsCOMPtr requestor; + nsCOMPtr eventSink; + channel->GetNotificationCallbacks(getter_AddRefs(requestor)); + if (requestor) + eventSink = do_GetInterface(requestor); + +#if defined(DEBUG) + nsCOMPtr loadingURI; + res = channel->GetURI(getter_AddRefs(loadingURI)); + NS_ASSERTION(NS_SUCCEEDED(res), "GetURI failed"); + if (loadingURI) { + nsXPIDLCString temp; + loadingURI->GetSpec(getter_Copies(temp)); + PR_LOG(gSecureDocLog, PR_LOG_DEBUG, + ("SecureUI:%p: OnStateChange: %x :%s\n", this, + aProgressStateFlags,(const char*)temp)); + } +#endif + + // First event when loading doc + if (aProgressStateFlags & STATE_START) { + if (aProgressStateFlags & STATE_IS_NETWORK) { + // Reset state variables used per doc loading + mMixContentAlertShown = PR_FALSE; + mFirstRequest = PR_TRUE; + mSSLStatus = nsnull; + } + } + + // A Document is starting to load... + if ((aProgressStateFlags & (STATE_STOP)) && + (aProgressStateFlags & STATE_IS_REQUEST)) { + + // work-around for bug 48515. + nsCOMPtr aURI; + channel->GetURI(getter_AddRefs(aURI)); + + // Sometimes URI is null, so ignore. + if (aURI == nsnull) { + return NS_OK; + } + + // If this is the first request, then do a protocol check + if (mFirstRequest) { + mFirstRequest = PR_FALSE; + return CheckProtocolContextSwitch(eventSink, aRequest, channel); + } + // Check that the request does not have mixed content. + return CheckMixedContext(eventSink, aRequest, channel); + } + + // A document has finished loading + if ((aProgressStateFlags & STATE_STOP) && + (aProgressStateFlags & STATE_IS_NETWORK)) { + + // Get SSL Status information if possible + nsCOMPtr info; + channel->GetSecurityInfo(getter_AddRefs(info)); + nsCOMPtr sp = do_QueryInterface(info); + if (sp) { + // Ignore result + sp->GetSSLStatus(getter_AddRefs(mSSLStatus)); + } + + if (eventSink) + eventSink->OnSecurityChange(aRequest, mSecurityState); + + if (!mSecurityButton) + return res; + + /* TNH - need event for changing the tooltip */ + + // Do we really need to look at res here? What happens if there's an error? + // We should still set the certificate authority display. + + nsXPIDLString tooltip; + if (info) { + nsCOMPtr secInfo(do_QueryInterface(info)); + if (secInfo && + NS_SUCCEEDED(secInfo->GetShortSecurityDescription(getter_Copies(tooltip))) && + tooltip) { + + res = mSecurityButton->SetAttribute(NS_LITERAL_STRING("tooltiptext"), + nsString(tooltip)); + + } + } + } + + return res; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + nsIURI* aLocation) +{ + mCurrentURI = aLocation; + return NS_OK; +} + +NS_IMETHODIMP +nsSecureBrowserUIImpl::OnStatusChange(nsIWebProgress* aWebProgress, + nsIRequest* aRequest, + nsresult aStatus, + const PRUnichar* aMessage) +{ + return NS_OK; +} + +nsresult +nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress *aWebProgress, + nsIRequest *aRequest, + PRInt32 state) +{ + nsresult res = NS_OK; + +#if defined(DEBUG_dougt) + nsCOMPtr channel(do_QueryInterface(aRequest)); + if (!channel) + return NS_ERROR_FAILURE; + + nsCOMPtr aURI; + channel->GetURI(getter_AddRefs(aURI)); + + nsXPIDLCString temp; + aURI->GetSpec(getter_Copies(temp)); + printf("OnSecurityChange: (%x) %s\n", state, (const char*)temp); +#endif + /* Deprecated support for mSecurityButton */ + if (mSecurityButton) { + NS_NAMED_LITERAL_STRING(level, "level"); + + if (state == (STATE_IS_SECURE|STATE_SECURE_HIGH)) { + res = mSecurityButton->SetAttribute(level, NS_LITERAL_STRING("high")); + } else if (state == (STATE_IS_SECURE|STATE_SECURE_LOW)) { + res = mSecurityButton->SetAttribute(level, NS_LITERAL_STRING("low")); + } else if (state == STATE_IS_BROKEN) { + res = mSecurityButton->SetAttribute(level, NS_LITERAL_STRING("broken")); + } else { + res = mSecurityButton->RemoveAttribute(level); + } + } + + return res; +} + +// nsISSLStatusProvider methods +NS_IMETHODIMP +nsSecureBrowserUIImpl::GetSSLStatus(nsISupports** _result) +{ + NS_ASSERTION(_result, "non-NULL destination required"); + + *_result = mSSLStatus; + NS_IF_ADDREF(*_result); + + return NS_OK; +} + +nsresult +nsSecureBrowserUIImpl::IsURLHTTPS(nsIURI* aURL, PRBool* value) +{ + *value = PR_FALSE; + + if (!aURL) + return NS_OK; + + char* scheme; + aURL->GetScheme(&scheme); + + // If no scheme, it's not an https url - not necessarily an error. + // See bugs 54845 and 54966 + if (!scheme) + return NS_OK; + + if (!PL_strncasecmp(scheme, "https", 5)) + *value = PR_TRUE; + + nsMemory::Free(scheme); + return NS_OK; +} + +void +nsSecureBrowserUIImpl::GetBundleString(const PRUnichar* name, + nsString &outString) +{ + if (mStringBundle && name) { + PRUnichar *ptrv = nsnull; + if (NS_SUCCEEDED(mStringBundle->GetStringFromName(name, + &ptrv))) + outString = ptrv; + else + outString.SetLength(0); + + nsMemory::Free(ptrv); + + } else { + outString.SetLength(0); + } +} + +nsresult +nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSink, + nsIRequest* aRequest, + nsIChannel* aChannel) +{ + PRInt32 newSecurityState, oldSecurityState = mSecurityState; + + newSecurityState = GetSecurityStateFromChannel(aChannel); + mSecurityState = newSecurityState; + + // Check to see if we are going from a secure page to an insecure page + if (newSecurityState == STATE_IS_INSECURE && + (IS_SECURE(oldSecurityState) || + oldSecurityState == STATE_IS_BROKEN)) { + + SetBrokenLockIcon(eventSink, aRequest, PR_TRUE); + + AlertLeavingSecure(); + + } + // check to see if we are going from an insecure page to a secure one. + else if ((newSecurityState == (STATE_IS_SECURE|STATE_SECURE_HIGH) || + newSecurityState == STATE_IS_BROKEN) && + oldSecurityState == STATE_IS_INSECURE) { + AlertEnteringSecure(); + } + // check to see if we are going from a strong or insecure page to a + // weak one. + else if ((IS_SECURE(newSecurityState) && + newSecurityState != (STATE_IS_SECURE|STATE_SECURE_HIGH)) && + (oldSecurityState == STATE_IS_INSECURE || + oldSecurityState == (STATE_IS_SECURE|STATE_SECURE_HIGH))) { + + AlertEnteringWeak(); + } + + mSecurityState = newSecurityState; + return NS_OK; +} + +nsresult +nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink, + nsIRequest* aRequest, nsIChannel* aChannel) +{ + PRInt32 newSecurityState; + + newSecurityState = GetSecurityStateFromChannel(aChannel); + + // Deal with http redirect to https // + if (mSecurityState == STATE_IS_INSECURE && newSecurityState != STATE_IS_INSECURE) { + return CheckProtocolContextSwitch(eventSink, aRequest, aChannel); + } + + if ((newSecurityState == STATE_IS_INSECURE || + newSecurityState == STATE_IS_BROKEN) && + IS_SECURE(mSecurityState)) { + + // work-around for bug 48515 + nsCOMPtr aURI; + aChannel->GetURI(getter_AddRefs(aURI)); + + nsXPIDLCString temp; + aURI->GetSpec(getter_Copies(temp)); + + if (!nsCRT::strncmp((const char*) temp, "file:", 5) || + !nsCRT::strcmp((const char*) temp, "about:layout-dummy-request")) { + return NS_OK; + } + + mSecurityState = STATE_IS_BROKEN; + SetBrokenLockIcon(eventSink, aRequest); + + // Show alert to user (first time only) + // NOTE: doesn't mSecurityState provide the correct + // one-time checking?? Why have mMixContentAlertShown + // as well? + if (!mMixContentAlertShown) { + AlertMixedMode(); + mMixContentAlertShown = PR_TRUE; + } + } + + return NS_OK; +} + +nsresult +nsSecureBrowserUIImpl::CheckPost(nsIURI *formURL, nsIURI *actionURL, PRBool *okayToPost) +{ + PRBool formSecure,actionSecure; + *okayToPost = PR_TRUE; + + nsresult rv = IsURLHTTPS(formURL, &formSecure); + if (NS_FAILED(rv)) + return rv; + + rv = IsURLHTTPS(actionURL, &actionSecure); + if (NS_FAILED(rv)) + return rv; + + // if we are posting to a secure link from a secure page, all is okay. + if (actionSecure && formSecure) { + return NS_OK; + } + + // posting to insecure webpage from a secure webpage. + if (!actionSecure && formSecure) { + *okayToPost = ConfirmPostToInsecureFromSecure(); + } else { + *okayToPost = ConfirmPostToInsecure(); + } + + return NS_OK; +} + +nsresult +nsSecureBrowserUIImpl::SetBrokenLockIcon(nsISecurityEventSink *eventSink, + nsIRequest* aRequest, + PRBool removeValue) +{ + nsresult rv = NS_OK; + if (removeValue) { + if (eventSink) + (void) eventSink->OnSecurityChange(aRequest, STATE_IS_INSECURE); + } else { + if (eventSink) + (void) eventSink->OnSecurityChange(aRequest, (STATE_IS_BROKEN)); + } + + nsAutoString tooltiptext; + GetBundleString(NS_LITERAL_STRING("SecurityButtonTooltipText").get(), + tooltiptext); + + /* TNH - need tooltip notification here */ + if (mSecurityButton) + rv = mSecurityButton->SetAttribute(NS_LITERAL_STRING("tooltiptext"), + tooltiptext); + return rv; +} + +// +// Implementation of an nsIInterfaceRequestor for use +// as context for NSS calls +// +class nsUIContext : public nsIInterfaceRequestor +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIINTERFACEREQUESTOR + + nsUIContext(nsIDOMWindow *window); + virtual ~nsUIContext(); + +private: + nsCOMPtr mWindow; +}; + +NS_IMPL_ISUPPORTS1(nsUIContext, nsIInterfaceRequestor) + +nsUIContext::nsUIContext(nsIDOMWindow *aWindow) +: mWindow(aWindow) +{ + NS_INIT_ISUPPORTS(); +} + +nsUIContext::~nsUIContext() +{ +} + +/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */ +NS_IMETHODIMP nsUIContext::GetInterface(const nsIID & uuid, void * *result) +{ + nsresult rv; + + if (uuid.Equals(NS_GET_IID(nsIPrompt))) { + nsCOMPtr internal = do_QueryInterface(mWindow, &rv); + if (NS_FAILED(rv)) return rv; + + nsIPrompt *prompt; + + rv = internal->GetPrompter(&prompt); + *result = prompt; + } else { + rv = NS_ERROR_NO_INTERFACE; + } + + return rv; +} + +nsresult nsSecureBrowserUIImpl:: +GetNSSDialogs(nsISecurityWarningDialogs **result) +{ + nsresult rv; + nsCOMPtr my_result(do_GetService(kNSSDialogsContractId, &rv)); + + if (NS_FAILED(rv)) + return rv; + + nsCOMPtr proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID)); + if (!proxyman) + return NS_ERROR_FAILURE; + + nsCOMPtr proxiedResult; + proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, + NS_GET_IID(nsISecurityWarningDialogs), + my_result, PROXY_SYNC, + getter_AddRefs(proxiedResult)); + + if (!proxiedResult) { + return NS_ERROR_FAILURE; + } + + return CallQueryInterface(proxiedResult, result); +} + +void nsSecureBrowserUIImpl:: +AlertEnteringSecure() +{ + nsCOMPtr dialogs; + + GetNSSDialogs(getter_AddRefs(dialogs)); + if (!dialogs) return; + + nsCOMPtr ctx = new nsUIContext(mWindow); + + dialogs->AlertEnteringSecure(ctx); + + return; +} + +void nsSecureBrowserUIImpl:: +AlertEnteringWeak() +{ + nsCOMPtr dialogs; + + GetNSSDialogs(getter_AddRefs(dialogs)); + if (!dialogs) return; + + nsCOMPtr ctx = new nsUIContext(mWindow); + + dialogs->AlertEnteringWeak(ctx); + + return; +} + +void nsSecureBrowserUIImpl:: +AlertLeavingSecure() +{ + nsCOMPtr dialogs; + + GetNSSDialogs(getter_AddRefs(dialogs)); + if (!dialogs) return; + + nsCOMPtr ctx = new nsUIContext(mWindow); + + dialogs->AlertLeavingSecure(ctx); + + return; +} + +void nsSecureBrowserUIImpl:: +AlertMixedMode() +{ + nsCOMPtr dialogs; + + GetNSSDialogs(getter_AddRefs(dialogs)); + if (!dialogs) return; + + nsCOMPtr ctx = new nsUIContext(mWindow); + + dialogs->AlertMixedMode(ctx); + + return; +} + +/** + * ConfirmPostToInsecure - returns PR_TRUE if + * the user approves the submit (or doesn't care). + * returns PR_FALSE on errors. + */ +PRBool nsSecureBrowserUIImpl:: +ConfirmPostToInsecure() +{ + nsresult rv; + + nsCOMPtr dialogs; + + GetNSSDialogs(getter_AddRefs(dialogs)); + if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented? + + nsCOMPtr ctx = new nsUIContext(mWindow); + + PRBool result; + + rv = dialogs->ConfirmPostToInsecure(ctx, &result); + if (NS_FAILED(rv)) return PR_FALSE; + + return result; +} + +/** + * ConfirmPostToInsecureFromSecure - returns PR_TRUE if + * the user approves the submit (or doesn't care). + * returns PR_FALSE on errors. + */ +PRBool nsSecureBrowserUIImpl:: +ConfirmPostToInsecureFromSecure() +{ + nsresult rv; + + nsCOMPtr dialogs; + + GetNSSDialogs(getter_AddRefs(dialogs)); + if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented? + + nsCOMPtr ctx = new nsUIContext(mWindow); + + PRBool result; + + rv = dialogs->ConfirmPostToInsecureFromSecure(ctx, &result); + if (NS_FAILED(rv)) return PR_FALSE; + + return result; +} diff --git a/mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.h b/mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.h new file mode 100644 index 00000000000..a04f3eff806 --- /dev/null +++ b/mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.h @@ -0,0 +1,117 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is mozilla.org code. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1998-2001 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * Hubbie Shaw + * Doug Turner + * Brian Ryner + * Kai Engert + * + * ***** END LICENSE BLOCK ***** */ + +#ifndef nsSecureBrowserUIImpl_h_ +#define nsSecureBrowserUIImpl_h_ + +#include "nsCOMPtr.h" +#include "nsXPIDLString.h" +#include "nsString.h" +#include "nsIObserver.h" +#include "nsIDOMElement.h" +#include "nsIDOMWindow.h" +#include "nsIStringBundle.h" +#include "nsISecureBrowserUI.h" +#include "nsIDocShell.h" +#include "nsIWebProgressListener.h" +#include "nsIFormSubmitObserver.h" +#include "nsIURI.h" +#include "nsISecurityEventSink.h" +#include "nsWeakReference.h" +#include "nsISSLStatusProvider.h" + +class nsITransportSecurityInfo; +class nsISecurityWarningDialogs; + +#define NS_SECURE_BROWSER_UI_CID \ +{ 0xcc75499a, 0x1dd1, 0x11b2, {0x8a, 0x82, 0xca, 0x41, 0x0a, 0xc9, 0x07, 0xb8}} + + +class nsSecureBrowserUIImpl : public nsISecureBrowserUI, + public nsIWebProgressListener, + public nsIFormSubmitObserver, + public nsIObserver, + public nsSupportsWeakReference, + public nsISSLStatusProvider +{ +public: + + nsSecureBrowserUIImpl(); + virtual ~nsSecureBrowserUIImpl(); + + NS_DECL_ISUPPORTS + NS_DECL_NSIWEBPROGRESSLISTENER + NS_DECL_NSISECUREBROWSERUI + + // nsIObserver + NS_DECL_NSIOBSERVER + NS_DECL_NSISSLSTATUSPROVIDER + + NS_IMETHOD Notify(nsIContent* formNode, nsIDOMWindowInternal* window, + nsIURI *actionURL, PRBool* cancelSubmit); + +protected: + + nsCOMPtr mWindow; + nsCOMPtr mSecurityButton; + nsCOMPtr mStringBundle; + nsCOMPtr mCurrentURI; + + PRBool mMixContentAlertShown; + PRInt32 mSecurityState; + PRBool mFirstRequest; + + nsCOMPtr mSSLStatus; + + void GetBundleString(const PRUnichar* name, nsString &outString); + + nsresult CheckProtocolContextSwitch(nsISecurityEventSink* sink, + nsIRequest* request, nsIChannel* aChannel); + nsresult CheckMixedContext(nsISecurityEventSink* sink, nsIRequest* request, + nsIChannel* aChannel); + nsresult CheckPost(nsIURI *formURI, nsIURI *actionURL, PRBool *okayToPost); + nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value); + nsresult SetBrokenLockIcon(nsISecurityEventSink* sink, nsIRequest* request, + PRBool removeValue = PR_FALSE); + + // Alerts for security transitions + void AlertEnteringSecure(); + void AlertEnteringWeak(); + void AlertLeavingSecure(); + void AlertMixedMode(); + PRBool ConfirmPostToInsecure(); + PRBool ConfirmPostToInsecureFromSecure(); + + // Support functions + nsresult GetNSSDialogs(nsISecurityWarningDialogs **); + +}; + + +#endif /* nsSecureBrowserUIImpl_h_ */