From 5570895680dea975a1f5b6f52bcc2becc482c292 Mon Sep 17 00:00:00 2001 From: "thayes%netscape.com" Date: Wed, 31 Jan 2001 18:03:49 +0000 Subject: [PATCH] Reorganize password callback context (uses nsIInterfaceRequestor). Fix several bugs in the SDR implementation. git-svn-id: svn://10.0.0.236/trunk@85834 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/manager/ssl/src/Makefile.in | 1 + mozilla/security/manager/ssl/src/makefile.win | 6 ++ .../manager/ssl/src/nsNSSCallbacks.cpp | 30 +++---- .../security/manager/ssl/src/nsNSSIOLayer.cpp | 22 +++++- .../security/manager/ssl/src/nsNSSIOLayer.h | 5 +- .../security/manager/ssl/src/nsNSSModule.cpp | 26 +++++++ mozilla/security/manager/ssl/src/nsSDR.cpp | 78 ++++++++++++++++--- 7 files changed, 139 insertions(+), 29 deletions(-) diff --git a/mozilla/security/manager/ssl/src/Makefile.in b/mozilla/security/manager/ssl/src/Makefile.in index deaec8d3aba..a213c6e0845 100644 --- a/mozilla/security/manager/ssl/src/Makefile.in +++ b/mozilla/security/manager/ssl/src/Makefile.in @@ -73,6 +73,7 @@ CPPSRCS = \ nsSSLSocketProvider.cpp \ nsSecureBrowserUIImpl.cpp \ nsTLSSocketProvider.cpp \ + nsSDR.cpp \ $(NULL) REQUIRES = nspr security diff --git a/mozilla/security/manager/ssl/src/makefile.win b/mozilla/security/manager/ssl/src/makefile.win index 416a8ed89aa..289e97e0d6b 100644 --- a/mozilla/security/manager/ssl/src/makefile.win +++ b/mozilla/security/manager/ssl/src/makefile.win @@ -57,6 +57,7 @@ LLIBS = \ $(DIST)/lib/ssl.lib \ $(DIST)/lib/certhi.lib \ $(DIST)/lib/cryptohi.lib \ + $(DIST)/lib/ssl.lib \ $(DIST)/lib/pk11wrap.lib \ $(DIST)/lib/certdb.lib \ $(DIST)/lib/softoken.lib \ @@ -78,8 +79,13 @@ OBJS = \ .\$(OBJDIR)\nsSSLSocketProvider.obj \ .\$(OBJDIR)\nsSecureBrowserUIImpl.obj \ .\$(OBJDIR)\nsTLSSocketProvider.obj \ + .\$(OBJDIR)\nsSDR.obj \ $(NULL) +!ifdef USE_NSCERTIFICATEDB +OBJS = $(OBJS) .\$(OBJDIR)\nsCertificateDB.obj +!endif + include <$(DEPTH)\config\rules.mak> install:: $(DLL) diff --git a/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp b/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp index 913ab5bae83..d788890dd81 100644 --- a/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp @@ -45,37 +45,39 @@ char* PK11PasswordPrompt(PK11SlotInfo* slot, PRBool retry, void* arg) { nsresult rv = NS_OK; PRUnichar *password = nsnull; PRBool value = PR_FALSE; + nsIInterfaceRequestor *ir = NS_STATIC_CAST(nsIInterfaceRequestor*, arg); + nsCOMPtr proxyPrompt; - if (retry) + // If no context is provided, no prompt is possible. + if (!ir) return nsnull; - nsIChannelSecurityInfo* csi = NS_STATIC_CAST(nsIChannelSecurityInfo*, arg); - nsCOMPtr channel; - csi->GetChannel(getter_AddRefs(channel)); - if (!channel) return nsnull; + /* TODO: Retry should generate a different dialog message */ +/* + if (retry) + return nsnull; +*/ - nsCOMPtr callbacks; - channel->GetNotificationCallbacks(getter_AddRefs(callbacks)); - if (!callbacks) return nsnull; - - // The notification callbacks object may not be safe, so + // The interface requestor object may not be safe, so // proxy the call to get the nsIPrompt. nsCOMPtr proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID)); + if (!proxyman) return nsnull; + nsCOMPtr proxiedCallbacks; proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, NS_GET_IID(nsIInterfaceRequestor), - callbacks, + ir, PROXY_SYNC, getter_AddRefs(proxiedCallbacks)); + // Get the desired interface nsCOMPtr prompt(do_GetInterface(proxiedCallbacks)); + if (!prompt) return nsnull; // Finally, get a proxy for the nsIPrompt - - nsCOMPtr proxyPrompt; proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, - NS_GET_IID(nsIPrompt), + NS_GET_IID(nsIPrompt), prompt, PROXY_SYNC, getter_AddRefs(proxyPrompt)); diff --git a/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp b/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp index fc5c5066390..72991756ead 100644 --- a/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp @@ -71,9 +71,10 @@ nsNSSSocketInfo::~nsNSSSocketInfo() { } -NS_IMPL_THREADSAFE_ISUPPORTS2(nsNSSSocketInfo, +NS_IMPL_THREADSAFE_ISUPPORTS3(nsNSSSocketInfo, nsIChannelSecurityInfo, - nsISSLSocketControl) + nsISSLSocketControl, + nsIInterfaceRequestor) NS_IMETHODIMP nsNSSSocketInfo::GetHostName(char * *aHostName) @@ -185,6 +186,21 @@ nsNSSSocketInfo::SetShortSecurityDescription(const PRUnichar* aText) { return NS_OK; } +/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */ +NS_IMETHODIMP nsNSSSocketInfo::GetInterface(const nsIID & uuid, void * *result) +{ + if (!mChannel) return NS_ERROR_FAILURE; + + nsCOMPtr callbacks; + mChannel->GetNotificationCallbacks(getter_AddRefs(callbacks)); + if (!callbacks) return NS_ERROR_FAILURE; + + // Proxy of the channel callbacks should probably go here, rather + // than in the password callback code + + return callbacks->GetInterface(uuid, result); +} + NS_IMETHODIMP nsNSSSocketInfo::GetForceHandshake(PRBool* forceHandshake) { @@ -492,7 +508,7 @@ nsSSLIOLayerAddToSocket(const char* host, goto loser; } - SSL_SetPKCS11PinArg(sslSock, infoObject); + SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*)infoObject); SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject); SSL_GetClientAuthDataHook(sslSock, (SSLGetClientAuthData)NSS_GetClientAuthData, nsnull); diff --git a/mozilla/security/manager/ssl/src/nsNSSIOLayer.h b/mozilla/security/manager/ssl/src/nsNSSIOLayer.h index ca182495153..2bf9b1fba01 100644 --- a/mozilla/security/manager/ssl/src/nsNSSIOLayer.h +++ b/mozilla/security/manager/ssl/src/nsNSSIOLayer.h @@ -27,13 +27,15 @@ #include "prtypes.h" #include "prio.h" #include "nsString.h" +#include "nsIInterfaceRequestor.h" #include "nsIChannelSecurityInfo.h" #include "nsISSLSocketControl.h" class nsIChannel; class nsNSSSocketInfo : public nsIChannelSecurityInfo, - public nsISSLSocketControl + public nsISSLSocketControl, + public nsIInterfaceRequestor { public: nsNSSSocketInfo(); @@ -42,6 +44,7 @@ public: NS_DECL_ISUPPORTS NS_DECL_NSICHANNELSECURITYINFO NS_DECL_NSISSLSOCKETCONTROL + NS_DECL_NSIINTERFACEREQUESTOR nsresult SetHostName(const char *aHostName); nsresult SetProxyName(const char *aName); diff --git a/mozilla/security/manager/ssl/src/nsNSSModule.cpp b/mozilla/security/manager/ssl/src/nsNSSModule.cpp index 6b06016eba9..b6229b447c9 100644 --- a/mozilla/security/manager/ssl/src/nsNSSModule.cpp +++ b/mozilla/security/manager/ssl/src/nsNSSModule.cpp @@ -33,10 +33,20 @@ #include "nsCURILoader.h" +#include "nsSDR.h" + +#ifdef USE_NSCERTIFICATEDB +#include "nsCertificateDB.h" +#endif + NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init) NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl) NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider) NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider) +NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing) +#ifdef USE_NSCERTIFICATEDB +NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertificateDB) +#endif static nsModuleComponentInfo components[] = { @@ -110,6 +120,22 @@ static nsModuleComponentInfo components[] = nsSSLSocketProviderConstructor }, + { + NS_SDR_CLASSNAME, + NS_SDR_CID, + NS_SDR_CONTRACTID, + nsSecretDecoderRingConstructor + }, + +#ifdef USE_NSCERTIFICATEDB + { + "Certificate Database", + NS_CERTIFICATEDB_CID, + NS_CERTIFICATEDB_CONTRACTID, + nsCertificateDBConstructor + }, +#endif + { "Entropy Collector", NS_ENTROPYCOLLECTOR_CID, diff --git a/mozilla/security/manager/ssl/src/nsSDR.cpp b/mozilla/security/manager/ssl/src/nsSDR.cpp index 59296f61dc4..b8bd445da57 100644 --- a/mozilla/security/manager/ssl/src/nsSDR.cpp +++ b/mozilla/security/manager/ssl/src/nsSDR.cpp @@ -23,21 +23,69 @@ #include "stdlib.h" #include "plstr.h" -#include "nsMemory.h" -#include "nsCOMPtr.h" -#include "nsIServiceManager.h" - #include "plbase64.h" +#include "nsMemory.h" +#include "nsCOMPtr.h" +#include "nsISupports.h" +#include "nsIInterfaceRequestor.h" +#include "nsIServiceManager.h" #include "nsISecurityManagerComponent.h" +#include "nsINetSupportDialogService.h" +#include "nsProxiedService.h" + #include "nsISecretDecoderRing.h" #include "nsSDR.h" -// Import PK11_* functions #include "pk11func.h" +#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt -// Import PK11SDR_Encrypt and PK11SDR_Decrypt -#include "pk11sdr.h" +static NS_DEFINE_CID(kNetSupportDialogCID, NS_NETSUPPORTDIALOG_CID); + +// +// Implementation of an nsIInterfaceRequestor for use +// as context for NSS calls +// +class nsSDRContext : public nsIInterfaceRequestor +{ +public: + NS_DECL_ISUPPORTS + NS_DECL_NSIINTERFACEREQUESTOR + + nsSDRContext(); + virtual ~nsSDRContext(); + +}; + +NS_IMPL_ISUPPORTS1(nsSDRContext, nsIInterfaceRequestor) + +nsSDRContext::nsSDRContext() +{ + NS_INIT_ISUPPORTS(); +} + +nsSDRContext::~nsSDRContext() +{ +} + +/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */ +NS_IMETHODIMP nsSDRContext::GetInterface(const nsIID & uuid, void * *result) +{ + nsresult rv; + + if (uuid.Equals(NS_GET_IID(nsIPrompt))) { + NS_WITH_PROXIED_SERVICE(nsIPrompt, dialog, kNetSupportDialogCID, + NS_UI_THREAD_EVENTQ, &rv); + if (NS_FAILED(rv)) return rv; + + *result = dialog; + NS_ADDREF(dialog); + } else { + rv = NS_ERROR_NO_INTERFACE; + } + + return rv; +} // Standard ISupports implementation // NOTE: Should these be the thread-safe versions? @@ -49,6 +97,8 @@ nsSecretDecoderRing::nsSecretDecoderRing() // initialize superclass NS_INIT_ISUPPORTS(); + // (Possibly) create the Security Manager component to get things + // initialized nsCOMPtr nss = do_GetService(PSM_COMPONENT_CONTRACTID); } @@ -67,6 +117,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 SECItem request; SECItem reply; SECStatus s; + nsCOMPtr ctx = new nsSDRContext(); slot = PK11_GetInternalKeySlot(); if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } @@ -74,7 +125,7 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 /* Make sure token is initialized. FIX THIS: needs UI */ if (PK11_NeedUserInit(slot)) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } - s = PK11_Authenticate(slot, PR_TRUE, 0); + s = PK11_Authenticate(slot, PR_TRUE, ctx); if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; } /* Use default key id */ @@ -82,7 +133,9 @@ Encrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 keyid.len = 0; request.data = data; request.len = dataLen; - s= PK11SDR_Encrypt(&keyid, &request, &reply, 0); + reply.data = 0; + reply.len = 0; + s= PK11SDR_Encrypt(&keyid, &request, &reply, ctx); if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; } *result = reply.data; @@ -102,6 +155,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 SECStatus s; SECItem request; SECItem reply; + nsCOMPtr ctx = new nsSDRContext(); *result = 0; *_retval = 0; @@ -111,7 +165,7 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 if (!slot) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; } /* Force authentication */ - if (PK11_Authenticate(slot, PR_TRUE, 0) != SECSuccess) + if (PK11_Authenticate(slot, PR_TRUE, ctx) != SECSuccess) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; @@ -119,7 +173,9 @@ Decrypt(unsigned char * data, PRInt32 dataLen, unsigned char * *result, PRInt32 request.data = data; request.len = dataLen; - s = PK11SDR_Decrypt(&request, &reply, 0); + reply.data = 0; + reply.len = 0; + s = PK11SDR_Decrypt(&request, &reply, ctx); if (s != SECSuccess) { rv = NS_ERROR_FAILURE; goto loser; } *result = reply.data;