Bommels05/Mozilla
Bommels05/Mozilla
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

b=75947 Landing security startup performance improvement and related issues.

Browse Source 
r=javi sr=alecf
b=109777  Make sure certificate downloading works immediately
r=javi sr=mscott


git-svn-id: svn://10.0.0.236/trunk@109268 18797224-902f-48f8-a5cc-f745e15eee43
This commit is contained in:
kaie%netscape.com 2001-11-29 23:36:34 +00:00
parent ddeef888b9
commit c4caa1b828
26 changed files with 510 additions and 1185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mozilla/allmakefiles.sh
View File

@ -725,6 +725,9 @@ embedding/config/Makefile
MAKEFILES_psm2="
security/manager/Makefile
security/manager/boot/Makefile
security/manager/boot/src/Makefile
security/manager/boot/public/Makefile
security/manager/ssl/Makefile
security/manager/ssl/src/Makefile
security/manager/ssl/resources/Makefile

1
mozilla/build/mac/build_scripts/MozillaBuildList.pm
View File

@ -405,7 +405,6 @@ sub ProcessJarManifests()
if ($main::options{psm}) {
CreateJarFromManifest(":mozilla:security:manager:ssl:resources:jar.mn", $chrome_dir, \%jars);
CreateJarFromManifest(":mozilla:security:manager:pki:resources:jar.mn", $chrome_dir, \%jars);
InstallFromManifest(":mozilla:security:manager:ssl:src:MANIFEST_NSSIFAIL", "$resource_dir");
}
# bad jar.mn files
# CreateJarFromManifest(":mozilla:extensions:xmlterm:jar.mn", $chrome_dir, \%jars);

4
mozilla/config/config.mk
View File

@ -286,8 +286,8 @@ MOZ_META_COMPONENTS_mail += nsSMIMEModule
MOZ_META_COMPONENTS_mail_comps += smimestb
endif
MOZ_META_COMPONENTS_crypto = PKI NSS
MOZ_META_COMPONENTS_crypto_comps = pippki pipnss
MOZ_META_COMPONENTS_crypto = BOOT PKI NSS
MOZ_META_COMPONENTS_crypto_comps = pipboot pippki pipnss
#
# Build using PIC by default

5
mozilla/security/manager/Makefile.in
View File

@ -63,11 +63,12 @@ ifdef HAVE_64BIT_OS
DEFAULT_GMAKE_FLAGS += USE_64=1
endif
SUBMAKEFILES = ssl/Makefile pki/Makefile
SUBMAKEFILES = boot/Makefile ssl/Makefile pki/Makefile
include $(topsrcdir)/config/rules.mk
depend dependclean export::
$(MAKE) -C boot $@
$(MAKE) -C ssl $@
$(MAKE) -C pki $@
@ -84,10 +85,12 @@ ifndef HAVE_64BIT_OS
endif
endif
endif
$(MAKE) -C boot $@
$(MAKE) -C ssl $@
$(MAKE) -C pki $@
clean clobber clobber_all realclean distclean::
$(MAKE) -C boot $@
$(MAKE) -C ssl $@
$(MAKE) -C pki $@
$(MAKE) -C $(topsrcdir)/security/coreconf $(DEFAULT_GMAKE_FLAGS) clean

2
mozilla/security/manager/makefile.win
View File

@ -36,6 +36,6 @@
DEPTH=..\..
include <$(DEPTH)/config/config.mak>
DIRS = ssl pki
DIRS = boot ssl pki
include <$(DEPTH)\config\rules.mak>

6
mozilla/security/manager/pki/public/makefile.win
View File

@ -38,12 +38,6 @@ MODULE = pippki
DEPTH=..\..\..\..
IGNORE_MANIFEST=1
DLLNAME = pippki
PDBFILE = $(DLLNAME).pdb
MAPFILE = $(DLLNAME).map
DLL = .\$(OBJDIR)\$(DLLNAME).dll
MAKE_OBJ_TYPE = DLL
include <$(DEPTH)/config/config.mak>
XPIDL_INCLUDES=-I$(DEPTH)\dist\idl

8
mozilla/security/manager/pki/resources/content/PageInfoOverlay.xul
View File

@ -43,6 +43,7 @@
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsISSLStatusProvider = Components.interfaces.nsISSLStatusProvider;
const nsISSLStatus = Components.interfaces.nsISSLStatus;
// Get the window for this information
var w;
@ -60,6 +61,9 @@
var ui = security._getSecurityUI();
var sp = ui.QueryInterface(nsISSLStatusProvider);
var status = sp.SSLStatus;
if (status) {
status = status.QueryInterface(nsISSLStatus);
}
if (status) {
var cert = status.serverCert;
var issuerName;
@ -198,8 +202,8 @@
<separator class="groove"/>
<label id="security-privacy" class="header"/>
<vbox flex="1">
<html id="security-privacy-msg1"/>
<html id="security-privacy-msg2"/>
<description id="security-privacy-msg1"/>
<description id="security-privacy-msg2"/>
</vbox>
</vbox>
</tabpanels>

1
mozilla/security/manager/pki/src/Makefile.in
View File

@ -69,6 +69,7 @@ REQUIRES = nspr \
necko \
pipnss \
layout \
pipboot \
$(NULL)
include $(topsrcdir)/config/rules.mk

1
mozilla/security/manager/pki/src/makefile.win
View File

@ -56,6 +56,7 @@ REQUIRES = \
pipnss \
layout \
layout_xul \
pipboot \
$(NULL)
include <$(DEPTH)/config/config.mak>

1
mozilla/security/manager/pki/src/nsNSSDialogs.h
View File

@ -30,6 +30,7 @@
#include "nsCOMPtr.h"
#include "nsIStringBundle.h"
#include "nsIPref.h"
#include "nsISecurityWarningDialogs.h"
#define NS_NSSDIALOGS_CID \
{ 0x518e071f, 0x1dd2, 0x11b2, \

6
mozilla/security/manager/ssl/public/makefile.win
View File

@ -39,12 +39,6 @@ MODULE = pipnss
DEPTH=..\..\..\..
IGNORE_MANIFEST=1
DLLNAME = pipnss
PDBFILE = $(DLLNAME).pdb
MAPFILE = $(DLLNAME).map
DLL = .\$(OBJDIR)\$(DLLNAME).dll
MAKE_OBJ_TYPE = DLL
include <$(DEPTH)/config/config.mak>
XPIDL_INCLUDES=-I$(DEPTH)\dist\idl

39
mozilla/security/manager/ssl/public/nsINSSDialogs.idl
View File

@ -79,45 +79,6 @@ interface nsINSSDialogs : nsISupports
};
/**
* nsISecurityWarningDialogs - functions that
* display warnings for transitions between secure
* and insecure pages, posts to insecure servers etc.
*/
[scriptable, uuid(1c399d06-1dd2-11b2-bc58-c87cbcacdb78)]
interface nsISecurityWarningDialogs : nsISupports
{
/**
* alertEnteringSecure
*/
void alertEnteringSecure(in nsIInterfaceRequestor ctx);
/**
* alertEnteringWeak
*/
void alertEnteringWeak(in nsIInterfaceRequestor ctx);
/**
* alertLeavingSecure
*/
void alertLeavingSecure(in nsIInterfaceRequestor ctx);
/**
* alertMixedMode
*/
void alertMixedMode(in nsIInterfaceRequestor ctx);
/**
* confirmPostToInsecure
*/
boolean confirmPostToInsecure(in nsIInterfaceRequestor ctx);
/**
* confirmPostToInsecureFromSecure
*/
boolean confirmPostToInsecureFromSecure(in nsIInterfaceRequestor ctx);
};
/**
* nsICertificateDialogs
* Provides UI for certificate-related dialogs.

5
mozilla/security/manager/ssl/public/nsISSLStatus.idl
View File

@ -44,8 +44,3 @@ interface nsISSLStatus : nsISupports {
readonly attribute PRUint32 keyLength;
readonly attribute PRUint32 secretKeyLength;
};
[scriptable, uuid(8de811f0-1dd2-11b2-8bf1-e9aa324984b2)]
interface nsISSLStatusProvider : nsISupports {
readonly attribute nsISSLStatus SSLStatus;
};

2
mozilla/security/manager/ssl/resources/locale/en-US/pipnss.properties
View File

@ -162,4 +162,4 @@ CrlImportSuccess=The browser successfully imported the certificate revocation li
CrlImportFailure1=The browser cannot import the certificate revocation list (CRL).
CrlImportFailure2=A more recent version of this CRL is available.
CrlImportFailure3=Please ask your system administrator for assistance.
NSSInitProblem=Could not initialize the browser's security component. The most likely cause is problems with files in your browser's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the browser and fix the problem. If you continue to use this browser session, you might see incorrect browser behaviour when accessing security features.

1
mozilla/security/manager/ssl/src/MANIFEST_NSSIFAIL
View File

@ -1 +0,0 @@
nssifail.txt

5
mozilla/security/manager/ssl/src/Makefile.in
View File

@ -51,16 +51,12 @@ META_COMPONENT = crypto
EXPORTS = \
$(NULL)
libs::
$(INSTALL) $(srcdir)/nssifail.txt $(DIST)/bin/res
CPPSRCS = \
nsNSSCallbacks.cpp \
nsNSSComponent.cpp \
nsNSSIOLayer.cpp \
nsNSSModule.cpp \
nsSSLSocketProvider.cpp \
nsSecureBrowserUIImpl.cpp \
nsTLSSocketProvider.cpp \
nsSDR.cpp \
nsPK11TokenDB.cpp \
@ -98,6 +94,7 @@ REQUIRES = nspr \
xpconnect \
jar \
unicharutil \
pipboot \
$(NULL)
EXTRA_LIBS = $(NSS_LIBS)

2
mozilla/security/manager/ssl/src/makefile.win
View File

@ -68,6 +68,7 @@ REQUIRES = \
layout_xul \
gfx \
unicharutil \
pipboot \
$(NULL)
include <$(DEPTH)/config/config.mak>
@ -134,5 +135,4 @@ include <$(DEPTH)\config\rules.mak>
libs:: $(DLL)
$(MAKE_INSTALL) $(DIST)\lib\nssckbi.dll $(DIST)\bin
$(MAKE_INSTALL) nssifail.txt $(DIST)\bin\res

1
mozilla/security/manager/ssl/src/nsKeygenHandler.cpp
View File

@ -34,7 +34,6 @@ extern "C" {
#include "nsProxiedService.h"
#include "nsKeygenHandler.h"
#include "nsVoidArray.h"
#include "nsSecureBrowserUIImpl.h"
#include "nsIServiceManager.h"
#include "nsIDOMHTMLSelectElement.h"
#include "nsIContent.h"

466
mozilla/security/manager/ssl/src/nsNSSComponent.cpp
View File

@ -22,6 +22,7 @@
* Doug Turner <dougt@netscape.com>
* Mitch Stoltz <mstoltz@netscape.com>
* Brian Ryner <bryner@netscape.com>
* Kai Engert <kaie@netscape.com>
*/
#include "nsNSSComponent.h"
@ -44,12 +45,16 @@
#include "nsNSSCertificate.h"
#include "nsNSSHelper.h"
#include "prlog.h"
#include "nsAutoLock.h"
#include "nsIWindowWatcher.h"
#include "nsIPrompt.h"
#include "nsProxiedService.h"
#include "nsICertificatePrincipal.h"
#include "nsReadableUtils.h"
#include "nsIEntropyCollector.h"
#include "nsIBufEntropyCollector.h"
#include "nsIServiceManager.h"
#include "nss.h"
#include "pk11func.h"
@ -70,7 +75,7 @@ extern "C" {
PRLogModuleInfo* gPIPNSSLog = nsnull;
#endif
PRBool nsNSSComponent::mNSSInitialized = PR_FALSE;
int nsNSSComponent::mInstanceCount = 0;
#ifdef XP_MAC
@ -171,37 +176,40 @@ static PRIntn PR_CALLBACK certHashtable_clearEntry(PLHashEntry *he, PRIntn /*ind
}
nsNSSComponent::nsNSSComponent()
:mNSSInitialized(PR_FALSE)
{
NS_INIT_ISUPPORTS();
mutex = PR_NewLock();
#ifdef PR_LOGGING
if (!gPIPNSSLog)
gPIPNSSLog = PR_NewLogModule("pipnss");
#endif
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::ctor\n"));
hashTableCerts = PL_NewHashTable( 0, certHashtable_keyHash, certHashtable_keyCompare,
certHashtable_valueCompare, 0, 0 );
mObserversRegistered = PR_FALSE;
NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
++mInstanceCount;
hashTableCerts = nsnull;
}
nsNSSComponent::~nsNSSComponent()
{
if (mPSMContentListener) {
nsresult rv = NS_ERROR_FAILURE;
nsCOMPtr<nsIURILoader> dispatcher(do_GetService(NS_URI_LOADER_CONTRACTID));
if (dispatcher) {
rv = dispatcher->UnRegisterContentListener(mPSMContentListener);
}
}
if (mPref)
mPref->UnregisterCallback("security.", nsNSSComponent::PrefChangedCallback,
(void*) this);
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor\n"));
if (hashTableCerts) {
PL_HashTableEnumerateEntries(hashTableCerts, certHashtable_clearEntry, 0);
PL_HashTableDestroy(hashTableCerts);
hashTableCerts = 0;
}
if (mNSSInitialized)
NSS_Shutdown();
// All cleanup code requiring services needs to happen in xpcom_shutdown
ShutdownNSS();
nsSSLIOLayerFreeTLSIntolerantSites();
--mInstanceCount;
if (mutex) {
PR_DestroyLock(mutex);
mutex = nsnull;
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor finished\n"));
}
#ifdef XP_MAC
@ -417,6 +425,8 @@ loser:
nsresult
nsNSSComponent::InitializePIPNSSBundle()
{
// Called during init only, no mutex required.
nsresult rv;
nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
if (NS_FAILED(rv) || !bundleService)
@ -433,6 +443,8 @@ nsNSSComponent::InitializePIPNSSBundle()
nsresult
nsNSSComponent::RegisterPSMContentListener()
{
// Called during init only, no mutex required.
nsresult rv = NS_OK;
if (!mPSMContentListener) {
nsCOMPtr<nsIURILoader> dispatcher(do_GetService(NS_URI_LOADER_CONTRACTID));
@ -512,92 +524,207 @@ static void setOCSPOptions(nsIPref * pref)
nsresult
nsNSSComponent::InitializeNSS()
{
nsresult rv;
nsXPIDLCString profileStr;
nsCOMPtr<nsIFile> profilePath;
// Can be called both during init and profile change.
// Needs mutex protection.
if (mNSSInitialized) {
PR_ASSERT(!"Trying to initialize NSS twice"); // We should never try to
// initialize NSS more than
// once in a process.
return NS_ERROR_FAILURE;
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::InitializeNSS\n"));
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization beginning\n"));
rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
getter_AddRefs(profilePath));
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to get profile directory\n"));
return rv;
}
// variables used for flow control within this function
enum { problem_none, problem_no_rw, problem_no_security_at_all }
which_nss_problem = problem_none;
{
nsAutoLock lock(mutex);
// Init phase 1, prepare own variables used for NSS
if (mNSSInitialized) {
PR_ASSERT(!"Trying to initialize NSS twice"); // We should never try to
// initialize NSS more than
// once in a process.
return NS_ERROR_FAILURE;
}
PK11_SetPasswordFunc(PK11PasswordPrompt);
#ifdef XP_MAC
// On the Mac we place all NSS DBs in the Security
// Folder in the profile directory.
profilePath->Append("Security");
profilePath->Create(nsIFile::DIRECTORY_TYPE, 0); //This is for Mac, don't worry about
//permissions.
#endif
mNSSInitialized = PR_TRUE;
rv = profilePath->GetPath(getter_Copies(profileStr));
if (NS_FAILED(rv))
return rv;
if (NSS_InitReadWrite(profileStr) != SECSuccess) {
return NS_ERROR_ABORT;
}
NSS_SetDomesticPolicy();
// SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
hashTableCerts = PL_NewHashTable( 0, certHashtable_keyHash, certHashtable_keyCompare,
certHashtable_valueCompare, 0, 0 );
mPref = do_GetService(NS_PREF_CONTRACTID);
nsresult rv;
nsXPIDLCString profileStr;
nsCOMPtr<nsIFile> profilePath;
// Register a callback so we can inform NSS when these prefs change
mPref->RegisterCallback("security.", nsNSSComponent::PrefChangedCallback,
(void*) this);
rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
getter_AddRefs(profilePath));
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to get profile directory\n"));
return rv;
}
PRBool enabled;
mPref->GetBoolPref("security.enable_ssl2", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
mPref->GetBoolPref("security.enable_ssl3", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
mPref->GetBoolPref("security.enable_tls", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
#ifdef XP_MAC
// On the Mac we place all NSS DBs in the Security
// Folder in the profile directory.
profilePath->Append("Security");
profilePath->Create(nsIFile::DIRECTORY_TYPE, 0); //This is for Mac, don't worry about
//permissions.
#endif
// Set SSL/TLS ciphers
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
mPref->GetBoolPref(cp->pref, &enabled);
rv = profilePath->GetPath(getter_Copies(profileStr));
if (NS_FAILED(rv))
return rv;
SSL_CipherPrefSetDefault(cp->id, enabled);
PRBool supress_warning_preference = PR_FALSE;
rv = mPref->GetBoolPref("security.suppress_nss_rw_impossible_warning", &supress_warning_preference);
if (NS_FAILED(rv)) {
supress_warning_preference = PR_FALSE;
}
// init phase 2, init calls to NSS library
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization beginning\n"));
// The call to ConfigureInternalPKCS11Token needs to be done before NSS is initialized,
// but affects only static data.
// If we could assume i18n will not change between profiles, one call per application
// run were sufficient. As I can't predict what happens in the future, let's repeat
// this call for every re-init of NSS.
ConfigureInternalPKCS11Token();
if (::NSS_InitReadWrite(profileStr) != SECSuccess) {
if (supress_warning_preference) {
which_nss_problem = problem_none;
}
else {
which_nss_problem = problem_no_rw;
}
// try to init r/o
if (NSS_Init(profileStr) != SECSuccess) {
which_nss_problem = problem_no_security_at_all;
NSS_NoDB_Init(profileStr);
}
}
// init phase 3, only if phase 2 was successful
if (problem_no_security_at_all != which_nss_problem) {
::NSS_SetDomesticPolicy();
// SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
PK11_SetPasswordFunc(PK11PasswordPrompt);
// Register a callback so we can inform NSS when these prefs change
mPref->RegisterCallback("security.", nsNSSComponent::PrefChangedCallback,
(void*) this);
PRBool enabled;
mPref->GetBoolPref("security.enable_ssl2", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
mPref->GetBoolPref("security.enable_ssl3", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
mPref->GetBoolPref("security.enable_tls", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
// Set SSL/TLS ciphers
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
mPref->GetBoolPref(cp->pref, &enabled);
SSL_CipherPrefSetDefault(cp->id, enabled);
}
// Enable ciphers for PKCS#12
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
PORT_SetUCS2_ASCIIConversionFunction(pip_ucs2_ascii_conversion_fn);
// Set up OCSP //
setOCSPOptions(mPref);
InstallLoadableRoots();
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
}
}
// Enable ciphers for PKCS#12
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
PORT_SetUCS2_ASCIIConversionFunction(pip_ucs2_ascii_conversion_fn);
if (problem_none != which_nss_problem) {
nsString message;
// Set up OCSP //
setOCSPOptions(mPref);
// We might want to use different messages, depending on what failed.
// For now, let's use the same message.
nsresult rv = GetPIPNSSBundleString(NS_LITERAL_STRING("NSSInitProblem").get(), message);
if (NS_SUCCEEDED(rv)) {
nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService("@mozilla.org/embedcomp/window-watcher;1"));
if (wwatch) {
nsCOMPtr<nsIPrompt> prompter;
wwatch->GetNewPrompter(0, getter_AddRefs(prompter));
if (prompter) {
nsCOMPtr<nsIProxyObjectManager> proxyman(do_GetService(NS_XPCOMPROXY_CONTRACTID));
if (proxyman) {
nsCOMPtr<nsIPrompt> proxyPrompt;
proxyman->GetProxyForObject(NS_UI_THREAD_EVENTQ, NS_GET_IID(nsIPrompt),
prompter, PROXY_SYNC, getter_AddRefs(proxyPrompt));
if (proxyPrompt) {
proxyPrompt->Alert(nsnull, message.get());
}
}
}
}
}
}
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("NSS Initialization done\n"));
mNSSInitialized = PR_TRUE;
return NS_OK;
}
nsresult
nsNSSComponent::ShutdownNSS()
{
// Can be called both during init and profile change,
// needs mutex protection.
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::ShutdownNSS\n"));
nsAutoLock lock(mutex);
if (hashTableCerts) {
PL_HashTableEnumerateEntries(hashTableCerts, certHashtable_clearEntry, 0);
PL_HashTableDestroy(hashTableCerts);
hashTableCerts = nsnull;
}
if (mNSSInitialized) {
mNSSInitialized = PR_FALSE;
PK11_SetPasswordFunc((PK11PasswordFunc)nsnull);
if (mPref) {
mPref->UnregisterCallback("security.", nsNSSComponent::PrefChangedCallback,
(void*) this);
}
::NSS_Shutdown();
}
return NS_OK;
}
NS_IMETHODIMP
nsNSSComponent::Init()
{
// No mutex protection.
// Assume Init happens before any concurrency on "this" can start.
nsresult rv = NS_OK;
#ifdef PR_LOGGING
if (!gPIPNSSLog)
gPIPNSSLog = PR_NewLogModule("pipnss");
#endif
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Beginning NSS initialization\n"));
rv = InitializePIPNSSBundle();
@ -605,15 +732,38 @@ nsNSSComponent::Init()
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to create pipnss bundle.\n"));
return rv;
}
ConfigureInternalPKCS11Token();
if (!mPref) {
mPref = do_GetService(NS_PREF_CONTRACTID);
NS_ASSERTION(mPref, "Unable to get pref service");
}
// Do that before NSS init, to make sure we won't get unloaded.
RegisterObservers();
rv = InitializeNSS();
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS.\n"));
return rv;
}
InstallLoadableRoots();
RegisterPSMContentListener();
RegisterProfileChangeObserver();
nsCOMPtr<nsIEntropyCollector> ec
= do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID);
nsCOMPtr<nsIBufEntropyCollector> bec;
if (ec) {
bec = do_QueryInterface(ec);
}
NS_ASSERTION(bec, "No buffering entropy collector. "
"This means no entropy will be collected.");
if (bec) {
bec->ForwardTo(this);
}
return rv;
}
@ -766,9 +916,13 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
nsresult rv2;
nsCOMPtr<nsIX509Cert> pCert = new nsNSSCertificate(cert);
if (!mScriptSecurityManager) {
mScriptSecurityManager =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv2);
if (NS_FAILED(rv2)) return rv2;
nsAutoLock lock(mutex);
// re-test the condition to prevent double initialization
if (!mScriptSecurityManager) {
mScriptSecurityManager =
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv2);
if (NS_FAILED(rv2)) return rv2;
}
}
//-- Create a certificate principal with id and organization data
PRUnichar* fingerprint;
@ -802,6 +956,11 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
NS_IMETHODIMP
nsNSSComponent::RandomUpdate(void *entropy, PRInt32 bufLen)
{
// Asynchronous event happening often,
// must not interfere with initialization or profile switch.
nsAutoLock lock(mutex);
if (!mNSSInitialized)
return NS_ERROR_NOT_INITIALIZED;
@ -846,6 +1005,11 @@ nsNSSComponent::PrefChanged(const char* prefName)
}
}
#ifdef DEBUG
#define PROFILE_CHANGE_NET_TEARDOWN_TOPIC NS_LITERAL_CSTRING("profile-change-net-teardown").get()
#define PROFILE_CHANGE_NET_RESTORE_TOPIC NS_LITERAL_CSTRING("profile-change-net-restore").get()
#endif
#define PROFILE_BEFORE_CHANGE_TOPIC NS_LITERAL_CSTRING("profile-before-change").get()
#define PROFILE_AFTER_CHANGE_TOPIC NS_LITERAL_CSTRING("profile-after-change").get()
@ -854,26 +1018,118 @@ NS_IMETHODIMP
nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
const PRUnichar *someData)
{
#ifdef DEBUG
static PRBool isNetworkDown = PR_FALSE;
#endif
if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0) {
//The profile is about to change, shut down NSS
NSS_Shutdown();
mNSSInitialized = PR_FALSE;
} else if (nsCRT::strcmp(aTopic, PROFILE_AFTER_CHANGE_TOPIC) == 0) {
InitializeNSS();
InstallLoadableRoots();
#ifdef DEBUG
NS_ASSERTION(isNetworkDown, "nsNSSComponent relies on profile manager to wait for synchronous shutdown of all network activity");
#endif
PRBool needsCleanup = PR_TRUE;
{
nsAutoLock lock(mutex);
if (!mNSSInitialized) {
// Make sure we don't try to cleanup if we have already done so.
// This makes sure we behave safely, in case we are notified
// multiple times.
needsCleanup = PR_FALSE;
}
}
if (needsCleanup) {
ShutdownNSS();
}
}
else if (nsCRT::strcmp(aTopic, PROFILE_AFTER_CHANGE_TOPIC) == 0) {
PRBool needsInit = PR_TRUE;
{
nsAutoLock lock(mutex);
if (mNSSInitialized) {
// We have already initialized NSS before the profile came up,
// no need to do it again
needsInit = PR_FALSE;
}
}
if (needsInit) {
if (NS_FAILED(InitializeNSS())) {
PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to Initialize NSS after profile switch.\n"));
}
}
}
else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent: XPCom shutdown observed\n"));
// Cleanup code that requires services, it's too late in destructor.
if (mPSMContentListener) {
nsresult rv = NS_ERROR_FAILURE;
nsCOMPtr<nsIURILoader> dispatcher(do_GetService(NS_URI_LOADER_CONTRACTID));
if (dispatcher) {
rv = dispatcher->UnRegisterContentListener(mPSMContentListener);
}
mPSMContentListener = nsnull;
}
nsCOMPtr<nsIEntropyCollector> ec
= do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID);
if (ec) {
nsCOMPtr<nsIBufEntropyCollector> bec
= do_QueryInterface(ec);
if (bec) {
bec->DontForward();
}
}
}
#ifdef DEBUG
else if (nsCRT::strcmp(aTopic, PROFILE_CHANGE_NET_TEARDOWN_TOPIC) == 0) {
isNetworkDown = PR_TRUE;
}
else if (nsCRT::strcmp(aTopic, PROFILE_CHANGE_NET_RESTORE_TOPIC) == 0) {
isNetworkDown = PR_FALSE;
}
#endif
return NS_OK;
}
nsresult
nsNSSComponent::RegisterProfileChangeObserver()
nsNSSComponent::RegisterObservers()
{
// Happens once during init only, no mutex protection.
nsCOMPtr<nsIObserverService> observerService(do_GetService("@mozilla.org/observer-service;1"));
NS_ASSERTION(observerService, "could not get observer service");
if (observerService) {
observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, PR_TRUE);
observerService->AddObserver(this, PROFILE_AFTER_CHANGE_TOPIC, PR_TRUE);
mObserversRegistered = PR_TRUE;
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent: adding observers\n"));
// We are a service.
// Once we are loaded, don't allow being removed from memory.
// This makes sense, as initializing NSS is expensive.
// By using PR_FALSE for parameter ownsWeak in AddObserver,
// we make sure that we won't get unloaded until the application shuts down.
observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, PR_FALSE);
observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, PR_FALSE);
observerService->AddObserver(this, PROFILE_AFTER_CHANGE_TOPIC, PR_FALSE);
#ifdef DEBUG
observerService->AddObserver(this, PROFILE_CHANGE_NET_TEARDOWN_TOPIC, PR_FALSE);
observerService->AddObserver(this, PROFILE_CHANGE_NET_RESTORE_TOPIC, PR_FALSE);
#endif
}
return NS_OK;
}
@ -881,6 +1137,10 @@ nsNSSComponent::RegisterProfileChangeObserver()
NS_IMETHODIMP
nsNSSComponent::RememberCert(CERTCertificate *cert)
{
// Must not interfere with init / shutdown / profile switch.
nsAutoLock lock(mutex);
if (!hashTableCerts || !cert)
return NS_OK;

16
mozilla/security/manager/ssl/src/nsNSSComponent.h
View File

@ -21,6 +21,7 @@
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@netscape.com>
* Kai Engert <kaie@netscape.com>
*/
#ifndef _nsNSSComponent_h_
@ -41,8 +42,6 @@
#include "nsNSSHelper.h"
#define SECURITY_STRING_BUNDLE_URL "chrome://communicator/locale/security.properties"
#define NS_NSSCOMPONENT_CID \
{0xa277189c, 0x1dd1, 0x11b2, {0xa8, 0xc9, 0xe4, 0xe8, 0xbf, 0xb1, 0x33, 0x8e}}
@ -80,7 +79,7 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
NS_IMETHOD RememberCert(CERTCertificate *cert) = 0;
};
struct PRLock;
// Implementation of the PSM component interface.
class nsNSSComponent : public nsISecurityManagerComponent,
@ -112,26 +111,31 @@ public:
PRUnichar **outString);
NS_IMETHOD DisableOCSP();
NS_IMETHOD EnableOCSP();
nsresult InitializeNSS();
NS_IMETHOD RememberCert(CERTCertificate *cert);
private:
nsresult InitializeNSS();
nsresult ShutdownNSS();
void InstallLoadableRoots();
nsresult InitializePIPNSSBundle();
nsresult ConfigureInternalPKCS11Token();
char * GetPK11String(const PRUnichar *name, PRUint32 len);
nsresult RegisterPSMContentListener();
nsresult RegisterProfileChangeObserver();
nsresult RegisterObservers();
static int PR_CALLBACK PrefChangedCallback(const char* aPrefName, void* data);
void PrefChanged(const char* aPrefName);
PRLock *mutex;
nsCOMPtr<nsIScriptSecurityManager> mScriptSecurityManager;
nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
nsCOMPtr<nsIURIContentListener> mPSMContentListener;
nsCOMPtr<nsIPref> mPref;
static PRBool mNSSInitialized;
PRBool mNSSInitialized;
PRBool mObserversRegistered;
PLHashTable *hashTableCerts;
static int mInstanceCount;
};
//--------------------------------------------

12
mozilla/security/manager/ssl/src/nsNSSIOLayer.cpp
View File

@ -100,7 +100,6 @@ nsNSS_SSLGetClientAuthData(void *arg, PRFileDesc *socket,
CERTDistNames *caNames,
CERTCertificate **pRetCert,
SECKEYPrivateKey **pRetKey);
static nsISecurityManagerComponent* gNSSService = nsnull;
static PRBool firstTime = PR_TRUE;
static PRDescIdentity nsSSLIOLayerIdentity;
static PRIOMethods nsSSLIOLayerMethods;
@ -358,7 +357,7 @@ nsresult nsNSSSocketInfo::SetFileDescPtr(PRFileDesc* aFilePtr)
return NS_OK;
}
nsresult nsNSSSocketInfo::GetSSLStatus(nsISSLStatus** _result)
nsresult nsNSSSocketInfo::GetSSLStatus(nsISupports** _result)
{
NS_ASSERTION(_result, "non-NULL destination required");
@ -790,11 +789,12 @@ nsresult InitNSSMethods()
nsSSLIOLayerMethods.write = nsSSLIOLayerWrite;
nsSSLIOLayerMethods.read = nsSSLIOLayerRead;
/* Make sure NSS has been loaded.
* We rely on the NSS component to keep itself loaded
* until the application shuts down.
*/
nsresult rv;
/* This performs NSS initialization for us */
rv = nsServiceManager::GetService(PSM_COMPONENT_CONTRACTID,
NS_GET_IID(nsISecurityManagerComponent),
(nsISupports**)&gNSSService);
nsCOMPtr<nsISupports> loader = do_GetService(PSM_COMPONENT_CONTRACTID, &rv);
return rv;
}

1
mozilla/security/manager/ssl/src/nsNSSIOLayer.h
View File

@ -33,6 +33,7 @@
#include "nsITransportSecurityInfo.h"
#include "nsISSLSocketControl.h"
#include "nsISSLStatus.h"
#include "nsISSLStatusProvider.h"
#include "nsXPIDLString.h"
class nsIChannel;

141
mozilla/security/manager/ssl/src/nsNSSModule.cpp
View File

@ -27,7 +27,6 @@
#include "nsIGenericFactory.h"
#include "nsNSSComponent.h"
#include "nsSecureBrowserUIImpl.h"
#include "nsSSLSocketProvider.h"
#include "nsTLSSocketProvider.h"
#include "nsKeygenHandler.h"
@ -46,24 +45,114 @@
#include "nsCMS.h"
#include "nsCertPicker.h"
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsNSSComponent, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSSLSocketProvider)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsTLSSocketProvider)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecretDecoderRing)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPK11TokenDB)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPKCS11ModuleDB)
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSCertificateDB)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertOutliner)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCrypto)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPkcs11)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSSecureMessage)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSDecoder)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSEncoder)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCMSMessage)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsHash)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsCertPicker)
// We must ensure that the nsNSSComponent has been loaded before
// creating any other components.
static void EnsureNSSInitialized(PRBool triggeredByNSSComponent)
{
static PRBool haveLoaded = PR_FALSE;
if (haveLoaded)
return;
haveLoaded = PR_TRUE;
if (triggeredByNSSComponent) {
// Me must prevent a recursion, as nsNSSComponent creates
// additional instances
return;
}
nsCOMPtr<nsISupports> nssComponent
= do_GetService(PSM_COMPONENT_CONTRACTID);
}
// These two macros are ripped off from nsIGenericFactory.h and slightly
// modified.
#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(triggeredByNSSComponent, \
_InstanceClass) \
static NS_IMETHODIMP \
_InstanceClass##Constructor(nsISupports *aOuter, REFNSIID aIID, \
void **aResult) \
{ \
nsresult rv; \
_InstanceClass * inst; \
\
EnsureNSSInitialized(triggeredByNSSComponent); \
\
*aResult = NULL; \
if (NULL != aOuter) { \
rv = NS_ERROR_NO_AGGREGATION; \
return rv; \
} \
\
NS_NEWXPCOM(inst, _InstanceClass); \
if (NULL == inst) { \
rv = NS_ERROR_OUT_OF_MEMORY; \
return rv; \
} \
NS_ADDREF(inst); \
rv = inst->QueryInterface(aIID, aResult); \
NS_RELEASE(inst); \
\
return rv; \
} \
#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(triggeredByNSSComponent, \
_InstanceClass, _InitMethod) \
static NS_IMETHODIMP \
_InstanceClass##Constructor(nsISupports *aOuter, REFNSIID aIID, \
void **aResult) \
{ \
nsresult rv; \
_InstanceClass * inst; \
\
EnsureNSSInitialized(triggeredByNSSComponent); \
\
*aResult = NULL; \
if (NULL != aOuter) { \
rv = NS_ERROR_NO_AGGREGATION; \
return rv; \
} \
\
NS_NEWXPCOM(inst, _InstanceClass); \
if (NULL == inst) { \
rv = NS_ERROR_OUT_OF_MEMORY; \
return rv; \
} \
NS_ADDREF(inst); \
rv = inst->_InitMethod(); \
if(NS_SUCCEEDED(rv)) { \
rv = inst->QueryInterface(aIID, aResult); \
} \
NS_RELEASE(inst); \
\
return rv; \
} \
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_TRUE, nsNSSComponent, Init)
// Use the special factory constructor for everything this module implements,
// because all code could potentially require the NSS library.
// Our factory constructor takes an additional boolean parameter.
// Only for the nsNSSComponent, set this to PR_TRUE.
// All other classes must have this set to PR_FALSE.
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsSSLSocketProvider)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsTLSSocketProvider)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsSecretDecoderRing)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsPK11TokenDB)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsPKCS11ModuleDB)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PR_FALSE, PSMContentListener, init)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsNSSCertificateDB)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCertOutliner)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCrypto)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsPkcs11)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSSecureMessage)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSDecoder)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSEncoder)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSMessage)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsHash)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCertPicker)
static nsModuleComponentInfo components[] =
{
@ -74,13 +163,6 @@ static nsModuleComponentInfo components[] =
nsNSSComponentConstructor
},
{
NS_SECURE_BROWSER_UI_CLASSNAME,
NS_SECURE_BROWSER_UI_CID,
NS_SECURE_BROWSER_UI_CONTRACTID,
nsSecureBrowserUIImplConstructor
},
{
NS_ISSLSOCKETPROVIDER_CLASSNAME,
NS_SSLSOCKETPROVIDER_CID,
@ -109,13 +191,6 @@ static nsModuleComponentInfo components[] =
nsSecretDecoderRingConstructor
},
{
"Entropy Collector",
NS_NSSCOMPONENT_CID,
NS_ENTROPYCOLLECTOR_CONTRACTID,
nsNSSComponentConstructor
},
{
"PK11 Token Database",
NS_PK11TOKENDB_CID,

823
mozilla/security/manager/ssl/src/nsSecureBrowserUIImpl.cpp
View File

@ -1,823 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998-2000 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Stuart Parmenter <pavlov@netscape.com>
* Brian Ryner <bryner@netscape.com>
* Terry Hayes <thayes@netscape.com>
*/
#ifdef MOZ_LOGGING
#define FORCE_PR_LOG
#endif
#include "nspr.h"
#include "prlog.h"
#include "prmem.h"
#include "nsISecureBrowserUI.h"
#include "nsSecureBrowserUIImpl.h"
#include "nsNSSComponent.h"
#include "nsCOMPtr.h"
#include "nsIInterfaceRequestor.h"
#include "nsIInterfaceRequestorUtils.h"
#include "nsIServiceManager.h"
#include "nsIScriptGlobalObject.h"
#include "nsIObserverService.h"
#include "nsIDocumentLoader.h"
#include "nsCURILoader.h"
#include "nsIDocShell.h"
#include "nsIDocumentViewer.h"
#include "nsIDocument.h"
#include "nsIDOMElement.h"
#include "nsIDOMWindowInternal.h"
#include "nsIContent.h"
#include "nsIWebProgress.h"
#include "nsIChannel.h"
#include "nsIHttpChannel.h"
#include "nsIFileChannel.h"
#include "nsITransportSecurityInfo.h"
#include "nsIURI.h"
#include "nsISecurityEventSink.h"
#include "nsIPrompt.h"
#include "nsIFormSubmitObserver.h"
#include "nsNSSHelper.h"
#include "nsINSSDialogs.h"
static NS_DEFINE_CID(kCStringBundleServiceCID, NS_STRINGBUNDLESERVICE_CID);
#define IS_SECURE(state) ((state & 0xFFFF) == STATE_IS_SECURE)
#if defined(PR_LOGGING)
//
// Log module for nsSecureBroswerUI logging...
//
// To enable logging (see prlog.h for full details):
//
// set NSPR_LOG_MODULES=nsSecureBroswerUI:5
// set NSPR_LOG_FILE=nspr.log
//
// this enables PR_LOG_DEBUG level information and places all output in
// the file nspr.log
//
PRLogModuleInfo* gSecureDocLog = nsnull;
#endif /* PR_LOGGING */
nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
: mMixContentAlertShown(PR_FALSE),
mSecurityState(STATE_IS_INSECURE)
{
NS_INIT_ISUPPORTS();
#if defined(PR_LOGGING)
if (!gSecureDocLog)
gSecureDocLog = PR_NewLogModule("nsSecureBrowserUI");
#endif /* PR_LOGGING */
}
nsSecureBrowserUIImpl::~nsSecureBrowserUIImpl()
{
nsresult rv;
// remove self from form post notifications:
nsCOMPtr<nsIObserverService> svc(do_GetService("@mozilla.org/observer-service;1", &rv));
if (NS_SUCCEEDED(rv)) {
svc->RemoveObserver(this, NS_FORMSUBMIT_SUBJECT);
}
}
NS_IMPL_ISUPPORTS6(nsSecureBrowserUIImpl,
nsISecureBrowserUI,
nsIWebProgressListener,
nsIFormSubmitObserver,
nsIObserver,
nsISupportsWeakReference,
nsISSLStatusProvider);
NS_IMETHODIMP
nsSecureBrowserUIImpl::Init(nsIDOMWindow *window,
nsIDOMElement *button)
{
nsresult rv = NS_OK;
mSecurityButton = button; /* may be null */
mWindow = window;
nsCOMPtr<nsIStringBundleService> service(do_GetService(kCStringBundleServiceCID, &rv));
if (NS_FAILED(rv)) return rv;
rv = service->CreateBundle(SECURITY_STRING_BUNDLE_URL,
getter_AddRefs(mStringBundle));
if (NS_FAILED(rv)) return rv;
// hook up to the form post notifications:
nsCOMPtr<nsIObserverService> svc(do_GetService("@mozilla.org/observer-service;1", &rv));
if (NS_SUCCEEDED(rv)) {
rv = svc->AddObserver(this, NS_FORMSUBMIT_SUBJECT, PR_TRUE);
}
/* GetWebProgress(mWindow) */
// hook up to the webprogress notifications.
nsCOMPtr<nsIScriptGlobalObject> sgo(do_QueryInterface(mWindow));
if (!sgo) return NS_ERROR_FAILURE;
nsCOMPtr<nsIDocShell> docShell;
sgo->GetDocShell(getter_AddRefs(docShell));
if (!docShell) return NS_ERROR_FAILURE;
nsCOMPtr<nsIWebProgress> wp(do_GetInterface(docShell));
if (!wp) return NS_ERROR_FAILURE;
/* end GetWebProgress */
wp->AddProgressListener(NS_STATIC_CAST(nsIWebProgressListener*,this));
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::DisplayPageInfoUI()
{
#if 0
nsresult res = NS_OK;
nsCOMPtr<nsISecurityManagerComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID,
&res));
if (NS_FAILED(res))
return res;
nsXPIDLCString host;
if (mCurrentURI)
mCurrentURI->GetHost(getter_Copies(host));
// return psm->DisplayPSMAdvisor(mLastPSMStatus, host);
#endif
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::Observe(nsISupports*, const char*,
const PRUnichar*)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
static nsresult IsChildOfDomWindow(nsIDOMWindow *parent, nsIDOMWindow *child,
PRBool* value)
{
*value = PR_FALSE;
if (parent == child) {
*value = PR_TRUE;
return NS_OK;
}
nsCOMPtr<nsIDOMWindow> childsParent;
child->GetParent(getter_AddRefs(childsParent));
if (childsParent && childsParent.get() != child)
IsChildOfDomWindow(parent, childsParent, value);
return NS_OK;
}
static PRInt32 GetSecurityStateFromChannel(nsIChannel* aChannel)
{
nsresult res;
PRInt32 securityState;
// qi for the psm information about this channel load.
nsCOMPtr<nsISupports> info;
aChannel->GetSecurityInfo(getter_AddRefs(info));
nsCOMPtr<nsITransportSecurityInfo> psmInfo(do_QueryInterface(info));
if (!psmInfo) {
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - no nsITransportSecurityInfo for %p\n",
aChannel, (nsISupports *)info));
return nsIWebProgressListener::STATE_IS_INSECURE;
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - info is %p\n", aChannel,
(nsISupports *)info));
res = psmInfo->GetSecurityState(&securityState);
if (!NS_SUCCEEDED(res)) {
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - GetSecurityState failed: %d\n",
aChannel, res));
securityState = nsIWebProgressListener::STATE_IS_BROKEN;
}
PR_LOG(gSecureDocLog, PR_LOG_DEBUG, ("SecureUI: GetSecurityState:%p - Returning %d\n", aChannel,
securityState));
return securityState;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::Notify(nsIContent* formNode,
nsIDOMWindowInternal* window, nsIURI* actionURL,
PRBool* cancelSubmit)
{
// Return NS_OK unless we want to prevent this form from submitting.
*cancelSubmit = PR_FALSE;
if (!window || !actionURL || !formNode)
return NS_OK;
nsCOMPtr<nsIDocument> document;
formNode->GetDocument(*getter_AddRefs(document));
if (!document) return NS_OK;
nsCOMPtr<nsIURI> formURL;
document->GetBaseURL(*getter_AddRefs(formURL));
nsCOMPtr<nsIScriptGlobalObject> globalObject;
document->GetScriptGlobalObject(getter_AddRefs(globalObject));
nsCOMPtr<nsIDOMWindow> postingWindow(do_QueryInterface(globalObject));
PRBool isChild;
IsChildOfDomWindow(mWindow, postingWindow, &isChild);
// This notify call is not for our window, ignore it.
if (!isChild)
return NS_OK;
PRBool okayToPost;
nsresult res = CheckPost(formURL, actionURL, &okayToPost);
if (NS_SUCCEEDED(res) && !okayToPost)
*cancelSubmit = PR_TRUE;
return res;
}
// nsIWebProgressListener
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
PRInt32 aCurSelfProgress,
PRInt32 aMaxSelfProgress,
PRInt32 aCurTotalProgress,
PRInt32 aMaxTotalProgress)
{
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
PRInt32 aProgressStateFlags,
nsresult aStatus)
{
nsresult res = NS_OK;
if (!aRequest)
return NS_ERROR_NULL_POINTER;
// Get the channel from the request...
// If the request is not network based, then ignore it.
nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest, &res));
if (NS_FAILED(res))
return NS_OK;
// We are only interested in HTTP and file requests.
nsCOMPtr<nsIHttpChannel> httpRequest(do_QueryInterface(aRequest));
nsCOMPtr<nsIFileChannel> fileRequest(do_QueryInterface(aRequest));
if (!httpRequest && !fileRequest) {
return NS_OK;
}
nsCOMPtr<nsIInterfaceRequestor> requestor;
nsCOMPtr<nsISecurityEventSink> eventSink;
channel->GetNotificationCallbacks(getter_AddRefs(requestor));
if (requestor)
eventSink = do_GetInterface(requestor);
#if defined(DEBUG)
nsCOMPtr<nsIURI> loadingURI;
res = channel->GetURI(getter_AddRefs(loadingURI));
NS_ASSERTION(NS_SUCCEEDED(res), "GetURI failed");
if (loadingURI) {
nsXPIDLCString temp;
loadingURI->GetSpec(getter_Copies(temp));
PR_LOG(gSecureDocLog, PR_LOG_DEBUG,
("SecureUI:%p: OnStateChange: %x :%s\n", this,
aProgressStateFlags,(const char*)temp));
}
#endif
// First event when loading doc
if (aProgressStateFlags & STATE_START) {
if (aProgressStateFlags & STATE_IS_NETWORK) {
// Reset state variables used per doc loading
mMixContentAlertShown = PR_FALSE;
mFirstRequest = PR_TRUE;
mSSLStatus = nsnull;
}
}
// A Document is starting to load...
if ((aProgressStateFlags & (STATE_STOP)) &&
(aProgressStateFlags & STATE_IS_REQUEST)) {
// work-around for bug 48515.
nsCOMPtr<nsIURI> aURI;
channel->GetURI(getter_AddRefs(aURI));
// Sometimes URI is null, so ignore.
if (aURI == nsnull) {
return NS_OK;
}
// If this is the first request, then do a protocol check
if (mFirstRequest) {
mFirstRequest = PR_FALSE;
return CheckProtocolContextSwitch(eventSink, aRequest, channel);
}
// Check that the request does not have mixed content.
return CheckMixedContext(eventSink, aRequest, channel);
}
// A document has finished loading
if ((aProgressStateFlags & STATE_STOP) &&
(aProgressStateFlags & STATE_IS_NETWORK)) {
// Get SSL Status information if possible
nsCOMPtr<nsISupports> info;
channel->GetSecurityInfo(getter_AddRefs(info));
nsCOMPtr<nsISSLStatusProvider> sp = do_QueryInterface(info);
if (sp) {
// Ignore result
sp->GetSSLStatus(getter_AddRefs(mSSLStatus));
}
if (eventSink)
eventSink->OnSecurityChange(aRequest, mSecurityState);
if (!mSecurityButton)
return res;
/* TNH - need event for changing the tooltip */
// Do we really need to look at res here? What happens if there's an error?
// We should still set the certificate authority display.
nsXPIDLString tooltip;
if (info) {
nsCOMPtr<nsITransportSecurityInfo> secInfo(do_QueryInterface(info));
if (secInfo &&
NS_SUCCEEDED(secInfo->GetShortSecurityDescription(getter_Copies(tooltip))) &&
tooltip) {
res = mSecurityButton->SetAttribute(NS_LITERAL_STRING("tooltiptext"),
nsString(tooltip));
}
}
}
return res;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
nsIURI* aLocation)
{
mCurrentURI = aLocation;
return NS_OK;
}
NS_IMETHODIMP
nsSecureBrowserUIImpl::OnStatusChange(nsIWebProgress* aWebProgress,
nsIRequest* aRequest,
nsresult aStatus,
const PRUnichar* aMessage)
{
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress *aWebProgress,
nsIRequest *aRequest,
PRInt32 state)
{
nsresult res = NS_OK;
#if defined(DEBUG_dougt)
nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
if (!channel)
return NS_ERROR_FAILURE;
nsCOMPtr<nsIURI> aURI;
channel->GetURI(getter_AddRefs(aURI));
nsXPIDLCString temp;
aURI->GetSpec(getter_Copies(temp));
printf("OnSecurityChange: (%x) %s\n", state, (const char*)temp);
#endif
/* Deprecated support for mSecurityButton */
if (mSecurityButton) {
NS_NAMED_LITERAL_STRING(level, "level");
if (state == (STATE_IS_SECURE|STATE_SECURE_HIGH)) {
res = mSecurityButton->SetAttribute(level, NS_LITERAL_STRING("high"));
} else if (state == (STATE_IS_SECURE|STATE_SECURE_LOW)) {
res = mSecurityButton->SetAttribute(level, NS_LITERAL_STRING("low"));
} else if (state == STATE_IS_BROKEN) {
res = mSecurityButton->SetAttribute(level, NS_LITERAL_STRING("broken"));
} else {
res = mSecurityButton->RemoveAttribute(level);
}
}
return res;
}
// nsISSLStatusProvider methods
NS_IMETHODIMP
nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
{
NS_ASSERTION(_result, "non-NULL destination required");
*_result = mSSLStatus;
NS_IF_ADDREF(*_result);
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::IsURLHTTPS(nsIURI* aURL, PRBool* value)
{
*value = PR_FALSE;
if (!aURL)
return NS_OK;
char* scheme;
aURL->GetScheme(&scheme);
// If no scheme, it's not an https url - not necessarily an error.
// See bugs 54845 and 54966
if (!scheme)
return NS_OK;
if (!PL_strncasecmp(scheme, "https", 5))
*value = PR_TRUE;
nsMemory::Free(scheme);
return NS_OK;
}
void
nsSecureBrowserUIImpl::GetBundleString(const PRUnichar* name,
nsString &outString)
{
if (mStringBundle && name) {
PRUnichar *ptrv = nsnull;
if (NS_SUCCEEDED(mStringBundle->GetStringFromName(name,
&ptrv)))
outString = ptrv;
else
outString.SetLength(0);
nsMemory::Free(ptrv);
} else {
outString.SetLength(0);
}
}
nsresult
nsSecureBrowserUIImpl::CheckProtocolContextSwitch(nsISecurityEventSink* eventSink,
nsIRequest* aRequest,
nsIChannel* aChannel)
{
PRInt32 newSecurityState, oldSecurityState = mSecurityState;
newSecurityState = GetSecurityStateFromChannel(aChannel);
mSecurityState = newSecurityState;
// Check to see if we are going from a secure page to an insecure page
if (newSecurityState == STATE_IS_INSECURE &&
(IS_SECURE(oldSecurityState) ||
oldSecurityState == STATE_IS_BROKEN)) {
SetBrokenLockIcon(eventSink, aRequest, PR_TRUE);
AlertLeavingSecure();
}
// check to see if we are going from an insecure page to a secure one.
else if ((newSecurityState == (STATE_IS_SECURE|STATE_SECURE_HIGH) ||
newSecurityState == STATE_IS_BROKEN) &&
oldSecurityState == STATE_IS_INSECURE) {
AlertEnteringSecure();
}
// check to see if we are going from a strong or insecure page to a
// weak one.
else if ((IS_SECURE(newSecurityState) &&
newSecurityState != (STATE_IS_SECURE|STATE_SECURE_HIGH)) &&
(oldSecurityState == STATE_IS_INSECURE ||
oldSecurityState == (STATE_IS_SECURE|STATE_SECURE_HIGH))) {
AlertEnteringWeak();
}
mSecurityState = newSecurityState;
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::CheckMixedContext(nsISecurityEventSink *eventSink,
nsIRequest* aRequest, nsIChannel* aChannel)
{
PRInt32 newSecurityState;
newSecurityState = GetSecurityStateFromChannel(aChannel);
// Deal with http redirect to https //
if (mSecurityState == STATE_IS_INSECURE && newSecurityState != STATE_IS_INSECURE) {
return CheckProtocolContextSwitch(eventSink, aRequest, aChannel);
}
if ((newSecurityState == STATE_IS_INSECURE ||
newSecurityState == STATE_IS_BROKEN) &&
IS_SECURE(mSecurityState)) {
// work-around for bug 48515
nsCOMPtr<nsIURI> aURI;
aChannel->GetURI(getter_AddRefs(aURI));
nsXPIDLCString temp;
aURI->GetSpec(getter_Copies(temp));
if (!nsCRT::strncmp((const char*) temp, "file:", 5) ||
!nsCRT::strcmp((const char*) temp, "about:layout-dummy-request")) {
return NS_OK;
}
mSecurityState = STATE_IS_BROKEN;
SetBrokenLockIcon(eventSink, aRequest);
// Show alert to user (first time only)
// NOTE: doesn't mSecurityState provide the correct
// one-time checking?? Why have mMixContentAlertShown
// as well?
if (!mMixContentAlertShown) {
AlertMixedMode();
mMixContentAlertShown = PR_TRUE;
}
}
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::CheckPost(nsIURI *formURL, nsIURI *actionURL, PRBool *okayToPost)
{
PRBool formSecure,actionSecure;
*okayToPost = PR_TRUE;
nsresult rv = IsURLHTTPS(formURL, &formSecure);
if (NS_FAILED(rv))
return rv;
rv = IsURLHTTPS(actionURL, &actionSecure);
if (NS_FAILED(rv))
return rv;
// if we are posting to a secure link from a secure page, all is okay.
if (actionSecure && formSecure) {
return NS_OK;
}
// posting to insecure webpage from a secure webpage.
if (!actionSecure && formSecure) {
*okayToPost = ConfirmPostToInsecureFromSecure();
} else {
*okayToPost = ConfirmPostToInsecure();
}
return NS_OK;
}
nsresult
nsSecureBrowserUIImpl::SetBrokenLockIcon(nsISecurityEventSink *eventSink,
nsIRequest* aRequest,
PRBool removeValue)
{
nsresult rv = NS_OK;
if (removeValue) {
if (eventSink)
(void) eventSink->OnSecurityChange(aRequest, STATE_IS_INSECURE);
} else {
if (eventSink)
(void) eventSink->OnSecurityChange(aRequest, (STATE_IS_BROKEN));
}
nsAutoString tooltiptext;
GetBundleString(NS_LITERAL_STRING("SecurityButtonTooltipText").get(),
tooltiptext);
/* TNH - need tooltip notification here */
if (mSecurityButton)
rv = mSecurityButton->SetAttribute(NS_LITERAL_STRING("tooltiptext"),
tooltiptext);
return rv;
}
//
// Implementation of an nsIInterfaceRequestor for use
// as context for NSS calls
//
class nsUIContext : public nsIInterfaceRequestor
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIINTERFACEREQUESTOR
nsUIContext(nsIDOMWindow *window);
virtual ~nsUIContext();
private:
nsCOMPtr<nsIDOMWindow> mWindow;
};
NS_IMPL_ISUPPORTS1(nsUIContext, nsIInterfaceRequestor)
nsUIContext::nsUIContext(nsIDOMWindow *aWindow)
: mWindow(aWindow)
{
NS_INIT_ISUPPORTS();
}
nsUIContext::~nsUIContext()
{
}
/* void getInterface (in nsIIDRef uuid, [iid_is (uuid), retval] out nsQIResult result); */
NS_IMETHODIMP nsUIContext::GetInterface(const nsIID & uuid, void * *result)
{
nsresult rv;
if (uuid.Equals(NS_GET_IID(nsIPrompt))) {
nsCOMPtr<nsIDOMWindowInternal> internal = do_QueryInterface(mWindow, &rv);
if (NS_FAILED(rv)) return rv;
nsIPrompt *prompt;
rv = internal->GetPrompter(&prompt);
*result = prompt;
} else {
rv = NS_ERROR_NO_INTERFACE;
}
return rv;
}
nsresult nsSecureBrowserUIImpl::
GetNSSDialogs(const nsIID &id, void* *result)
{
return ::getNSSDialogs(result, id);
#if 0
nsCOMPtr<nsIProxyObjectManager> manager = do_GetService(NS_XPCOMPROXY_CONTRACTID);
if (!manager) return NS_ERROR_FAILURE;
nsCOMPtr<nsINSSDialogs> nssDialogs = do_GetService(NS_NSSDIALOGS_CONTRACTID);
if (!nssDialogs) return NS_ERROR_FAILURE;
manager->GetProxyForObject(NS_UI_THREAD_EVENTQ,
NS_GET_IID(nsISecurityWarningDialogs),
nssDialogs,
PROXY_SYNC,
result);
if (!manager) return NS_ERROR_FAILURE;
return NS_OK;
#endif
}
void nsSecureBrowserUIImpl::
AlertEnteringSecure()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(NS_GET_IID(nsISecurityWarningDialogs), getter_AddRefs(dialogs));
if (!dialogs) return;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertEnteringSecure(ctx);
return;
}
void nsSecureBrowserUIImpl::
AlertEnteringWeak()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(NS_GET_IID(nsISecurityWarningDialogs), getter_AddRefs(dialogs));
if (!dialogs) return;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertEnteringWeak(ctx);
return;
}
void nsSecureBrowserUIImpl::
AlertLeavingSecure()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(NS_GET_IID(nsISecurityWarningDialogs), getter_AddRefs(dialogs));
if (!dialogs) return;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertLeavingSecure(ctx);
return;
}
void nsSecureBrowserUIImpl::
AlertMixedMode()
{
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(NS_GET_IID(nsISecurityWarningDialogs), getter_AddRefs(dialogs));
if (!dialogs) return;
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
dialogs->AlertMixedMode(ctx);
return;
}
/**
* ConfirmPostToInsecure - returns PR_TRUE if
* the user approves the submit (or doesn't care).
* returns PR_FALSE on errors.
*/
PRBool nsSecureBrowserUIImpl::
ConfirmPostToInsecure()
{
nsresult rv;
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(NS_GET_IID(nsISecurityWarningDialogs), getter_AddRefs(dialogs));
if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented?
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
PRBool result;
rv = dialogs->ConfirmPostToInsecure(ctx, &result);
if (NS_FAILED(rv)) return PR_FALSE;
return result;
}
/**
* ConfirmPostToInsecureFromSecure - returns PR_TRUE if
* the user approves the submit (or doesn't care).
* returns PR_FALSE on errors.
*/
PRBool nsSecureBrowserUIImpl::
ConfirmPostToInsecureFromSecure()
{
nsresult rv;
nsCOMPtr<nsISecurityWarningDialogs> dialogs;
GetNSSDialogs(NS_GET_IID(nsISecurityWarningDialogs), getter_AddRefs(dialogs));
if (!dialogs) return PR_FALSE; // Should this allow PR_TRUE for unimplemented?
nsCOMPtr<nsIInterfaceRequestor> ctx = new nsUIContext(mWindow);
PRBool result;
rv = dialogs->ConfirmPostToInsecureFromSecure(ctx, &result);
if (NS_FAILED(rv)) return PR_FALSE;
return result;
}

110
mozilla/security/manager/ssl/src/nsSecureBrowserUIImpl.h
View File

@ -1,110 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is mozilla.org code.
*
* The Initial Developer of the Original Code is Netscape
* Communications Corporation. Portions created by Netscape are
* Copyright (C) 1998 Netscape Communications Corporation. All
* Rights Reserved.
*
* Contributor(s):
* Hubbie Shaw
* Doug Turner <dougt@netscape.com>
* Brian Ryner <bryner@netscape.com>
*/
#ifndef nsSecureBrowserUIImpl_h_
#define nsSecureBrowserUIImpl_h_
#include "nsCOMPtr.h"
#include "nsXPIDLString.h"
#include "nsString.h"
#include "nsIObserver.h"
#include "nsIDOMElement.h"
#include "nsIDOMWindow.h"
#include "nsIStringBundle.h"
#include "nsISecureBrowserUI.h"
#include "nsIDocShell.h"
#include "nsIWebProgressListener.h"
#include "nsIFormSubmitObserver.h"
#include "nsIURI.h"
#include "nsISecurityEventSink.h"
#include "nsWeakReference.h"
#include "nsISSLStatus.h"
#define NS_SECURE_BROWSER_UI_CID \
{ 0xcc75499a, 0x1dd1, 0x11b2, {0x8a, 0x82, 0xca, 0x41, 0x0a, 0xc9, 0x07, 0xb8}}
class nsSecureBrowserUIImpl : public nsISecureBrowserUI,
public nsIWebProgressListener,
public nsIFormSubmitObserver,
public nsIObserver,
public nsSupportsWeakReference,
public nsISSLStatusProvider
{
public:
nsSecureBrowserUIImpl();
virtual ~nsSecureBrowserUIImpl();
NS_DECL_ISUPPORTS
NS_DECL_NSIWEBPROGRESSLISTENER
NS_DECL_NSISECUREBROWSERUI
// nsIObserver
NS_DECL_NSIOBSERVER
NS_DECL_NSISSLSTATUSPROVIDER
NS_IMETHOD Notify(nsIContent* formNode, nsIDOMWindowInternal* window,
nsIURI *actionURL, PRBool* cancelSubmit);
protected:
nsCOMPtr<nsIDOMWindow> mWindow;
nsCOMPtr<nsIDOMElement> mSecurityButton;
nsCOMPtr<nsIStringBundle> mStringBundle;
nsCOMPtr<nsIURI> mCurrentURI;
PRBool mMixContentAlertShown;
PRInt32 mSecurityState;
PRBool mFirstRequest;
nsCOMPtr<nsISSLStatus> mSSLStatus;
void GetBundleString(const PRUnichar* name, nsString &outString);
nsresult CheckProtocolContextSwitch(nsISecurityEventSink* sink,
nsIRequest* request, nsIChannel* aChannel);
nsresult CheckMixedContext(nsISecurityEventSink* sink, nsIRequest* request,
nsIChannel* aChannel);
nsresult CheckPost(nsIURI *formURI, nsIURI *actionURL, PRBool *okayToPost);
nsresult IsURLHTTPS(nsIURI* aURL, PRBool *value);
nsresult SetBrokenLockIcon(nsISecurityEventSink* sink, nsIRequest* request,
PRBool removeValue = PR_FALSE);
// Alerts for security transitions
void AlertEnteringSecure();
void AlertEnteringWeak();
void AlertLeavingSecure();
void AlertMixedMode();
PRBool ConfirmPostToInsecure();
PRBool ConfirmPostToInsecureFromSecure();
// Support functions
nsresult GetNSSDialogs(const nsIID &id, void* *result);
};
#endif /* nsSecureBrowserUIImpl_h_ */

33
mozilla/xpfe/bootstrap/nsAppRunner.cpp
View File

@ -85,7 +85,6 @@
#include "nsIXULWindow.h"
#include "nsIWebBrowserChrome.h"
#include "nsIDocShell.h"
#include "nsIEntropyCollector.h"
// for X remote support
#ifdef MOZ_ENABLE_XREMOTE
@ -1022,35 +1021,6 @@ static nsresult VerifyInstallation(int argc, char **argv)
return NS_OK;
}
static nsresult VerifyPsmAbsentOrSane(int argc, char **argv)
{
nsresult rv;
nsCOMPtr<nsIEntropyCollector> enCol =
do_GetService(NS_ENTROPYCOLLECTOR_CONTRACTID, &rv);
if (rv == NS_ERROR_ABORT) {
// In case the security component can not do its internal initialization,
// we must warn the user and exit.
const char panicMsg[] = "Could not initialize the browser's security component. "
"The most likely cause is problems with files in your "
"browser's profile directory. Please check that this "
"directory has no read/write restrictions and your "
"hard disk is not full or close to full.";
const char panicMessageFilename[] = "nssifail.txt";
ShowOSAlertFromFile(argc, argv, panicMessageFilename, panicMsg);
return rv;
}
// Any other return code means: Security component could initialize NSS fine,
// or, security components are not available.
return NS_OK;
}
#ifdef DEBUG_warren
#ifdef XP_PC
#define _CRTDBG_MAP_ALLOC
@ -1249,9 +1219,6 @@ static nsresult main1(int argc, char* argv[], nsISupports *nativeApp )
NS_TIMELINE_LEAVE("InitializeProfileService");
if (NS_FAILED(rv)) return rv;
rv = VerifyPsmAbsentOrSane(argc, argv);
if (NS_FAILED(rv)) return rv;
// rjc: now must explicitly call appshell's CreateHiddenWindow() function AFTER profile manager.
// if the profile manager ever switches to using nsIDOMWindowInternal stuff, this might have to change
NS_TIMELINE_ENTER("appShell->CreateHiddenWindow");