The Tor Browser / annotate

security/manager/ssl/src/SharedSSLState.cpp@6474c204b198 (annotated)

security/manager/ssl/src/SharedSSLState.cpp

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
michael@0 2 /* vim: set ts=2 et sw=2 tw=80: */
michael@0 3 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 6
michael@0 7 #include "SharedSSLState.h"
michael@0 8 #include "nsClientAuthRemember.h"
michael@0 9 #include "nsComponentManagerUtils.h"
michael@0 10 #include "nsICertOverrideService.h"
michael@0 11 #include "nsIObserverService.h"
michael@0 12 #include "mozilla/Services.h"
michael@0 13 #include "nsThreadUtils.h"
michael@0 14 #include "nsCRT.h"
michael@0 15 #include "nsServiceManagerUtils.h"
michael@0 16 #include "nsRecentBadCerts.h"
michael@0 17 #include "PSMRunnable.h"
michael@0 18 #include "PublicSSL.h"
michael@0 19 #include "ssl.h"
michael@0 20 #include "nsNetCID.h"
michael@0 21 #include "mozilla/Atomics.h"
michael@0 22 #include "mozilla/unused.h"
michael@0 23
michael@0 24 using mozilla::psm::SyncRunnableBase;
michael@0 25 using mozilla::Atomic;
michael@0 26 using mozilla::unused;
michael@0 27
michael@0 28 namespace {
michael@0 29
michael@0 30 static Atomic<bool> sCertOverrideSvcExists(false);
michael@0 31 static Atomic<bool> sCertDBExists(false);
michael@0 32
michael@0 33 class MainThreadClearer : public SyncRunnableBase
michael@0 34 {
michael@0 35 public:
michael@0 36 MainThreadClearer() : mShouldClearSessionCache(false) {}
michael@0 37
michael@0 38 void RunOnTargetThread() {
michael@0 39 // In some cases it's possible to cause PSM/NSS to initialize while XPCOM shutdown
michael@0 40 // is in progress. We want to avoid this, since they do not handle the situation well,
michael@0 41 // hence the flags to avoid instantiating the services if they don't already exist.
michael@0 42
michael@0 43 bool certOverrideSvcExists = sCertOverrideSvcExists.exchange(false);
michael@0 44 if (certOverrideSvcExists) {
michael@0 45 sCertOverrideSvcExists = true;
michael@0 46 nsCOMPtr<nsICertOverrideService> icos = do_GetService(NS_CERTOVERRIDE_CONTRACTID);
michael@0 47 if (icos) {
michael@0 48 icos->ClearValidityOverride(
michael@0 49 NS_LITERAL_CSTRING("all:temporary-certificates"),
michael@0 50 0);
michael@0 51 }
michael@0 52 }
michael@0 53
michael@0 54 bool certDBExists = sCertDBExists.exchange(false);
michael@0 55 if (certDBExists) {
michael@0 56 sCertDBExists = true;
michael@0 57 nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
michael@0 58 if (certdb) {
michael@0 59 nsCOMPtr<nsIRecentBadCerts> badCerts;
michael@0 60 certdb->GetRecentBadCerts(true, getter_AddRefs(badCerts));
michael@0 61 if (badCerts) {
michael@0 62 badCerts->ResetStoredCerts();
michael@0 63 }
michael@0 64 }
michael@0 65 }
michael@0 66
michael@0 67 // This needs to be checked on the main thread to avoid racing with NSS
michael@0 68 // initialization.
michael@0 69 mShouldClearSessionCache = mozilla::psm::PrivateSSLState() &&
michael@0 70 mozilla::psm::PrivateSSLState()->SocketCreated();
michael@0 71 }
michael@0 72 bool mShouldClearSessionCache;
michael@0 73 };
michael@0 74
michael@0 75 } // anonymous namespace
michael@0 76
michael@0 77 namespace mozilla {
michael@0 78
michael@0 79 void ClearPrivateSSLState()
michael@0 80 {
michael@0 81 // This only works if it is called on the socket transport
michael@0 82 // service thread immediately after closing all private SSL
michael@0 83 // connections.
michael@0 84 #ifdef DEBUG
michael@0 85 nsresult rv;
michael@0 86 nsCOMPtr<nsIEventTarget> sts
michael@0 87 = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
michael@0 88 MOZ_ASSERT(NS_SUCCEEDED(rv));
michael@0 89 bool onSTSThread;
michael@0 90 rv = sts->IsOnCurrentThread(&onSTSThread);
michael@0 91 MOZ_ASSERT(NS_SUCCEEDED(rv) && onSTSThread);
michael@0 92 #endif
michael@0 93
michael@0 94 RefPtr<MainThreadClearer> runnable = new MainThreadClearer;
michael@0 95 runnable->DispatchToMainThreadAndWait();
michael@0 96
michael@0 97 // If NSS isn't initialized, this throws an assertion. We guard it by checking if
michael@0 98 // the session cache might even have anything worth clearing.
michael@0 99 if (runnable->mShouldClearSessionCache) {
michael@0 100 SSL_ClearSessionCache();
michael@0 101 }
michael@0 102 }
michael@0 103
michael@0 104 namespace psm {
michael@0 105
michael@0 106 namespace {
michael@0 107 class PrivateBrowsingObserver : public nsIObserver {
michael@0 108 public:
michael@0 109 NS_DECL_ISUPPORTS
michael@0 110 NS_DECL_NSIOBSERVER
michael@0 111 PrivateBrowsingObserver(SharedSSLState* aOwner) : mOwner(aOwner) {}
michael@0 112 virtual ~PrivateBrowsingObserver() {}
michael@0 113 private:
michael@0 114 SharedSSLState* mOwner;
michael@0 115 };
michael@0 116
michael@0 117 SharedSSLState* gPublicState;
michael@0 118 SharedSSLState* gPrivateState;
michael@0 119 } // anonymous namespace
michael@0 120
michael@0 121 NS_IMPL_ISUPPORTS(PrivateBrowsingObserver, nsIObserver)
michael@0 122
michael@0 123 NS_IMETHODIMP
michael@0 124 PrivateBrowsingObserver::Observe(nsISupports *aSubject,
michael@0 125 const char *aTopic,
michael@0 126 const char16_t *aData)
michael@0 127 {
michael@0 128 if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) {
michael@0 129 mOwner->ResetStoredData();
michael@0 130 }
michael@0 131 return NS_OK;
michael@0 132 }
michael@0 133
michael@0 134 SharedSSLState::SharedSSLState()
michael@0 135 : mClientAuthRemember(new nsClientAuthRememberService)
michael@0 136 , mMutex("SharedSSLState::mMutex")
michael@0 137 , mSocketCreated(false)
michael@0 138 , mOCSPStaplingEnabled(false)
michael@0 139 {
michael@0 140 mIOLayerHelpers.Init();
michael@0 141 mClientAuthRemember->Init();
michael@0 142 }
michael@0 143
michael@0 144 SharedSSLState::~SharedSSLState()
michael@0 145 {
michael@0 146 }
michael@0 147
michael@0 148 void
michael@0 149 SharedSSLState::NotePrivateBrowsingStatus()
michael@0 150 {
michael@0 151 MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
michael@0 152 mObserver = new PrivateBrowsingObserver(this);
michael@0 153 nsCOMPtr<nsIObserverService> obsSvc = mozilla::services::GetObserverService();
michael@0 154 obsSvc->AddObserver(mObserver, "last-pb-context-exited", false);
michael@0 155 }
michael@0 156
michael@0 157 void
michael@0 158 SharedSSLState::ResetStoredData()
michael@0 159 {
michael@0 160 MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
michael@0 161 mClientAuthRemember->ClearRememberedDecisions();
michael@0 162 mIOLayerHelpers.clearStoredData();
michael@0 163 }
michael@0 164
michael@0 165 void
michael@0 166 SharedSSLState::NoteSocketCreated()
michael@0 167 {
michael@0 168 MutexAutoLock lock(mMutex);
michael@0 169 mSocketCreated = true;
michael@0 170 }
michael@0 171
michael@0 172 bool
michael@0 173 SharedSSLState::SocketCreated()
michael@0 174 {
michael@0 175 MutexAutoLock lock(mMutex);
michael@0 176 return mSocketCreated;
michael@0 177 }
michael@0 178
michael@0 179 /*static*/ void
michael@0 180 SharedSSLState::GlobalInit()
michael@0 181 {
michael@0 182 MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
michael@0 183 gPublicState = new SharedSSLState();
michael@0 184 gPrivateState = new SharedSSLState();
michael@0 185 gPrivateState->NotePrivateBrowsingStatus();
michael@0 186 }
michael@0 187
michael@0 188 /*static*/ void
michael@0 189 SharedSSLState::GlobalCleanup()
michael@0 190 {
michael@0 191 MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
michael@0 192
michael@0 193 if (gPrivateState) {
michael@0 194 gPrivateState->Cleanup();
michael@0 195 delete gPrivateState;
michael@0 196 gPrivateState = nullptr;
michael@0 197 }
michael@0 198
michael@0 199 if (gPublicState) {
michael@0 200 gPublicState->Cleanup();
michael@0 201 delete gPublicState;
michael@0 202 gPublicState = nullptr;
michael@0 203 }
michael@0 204 }
michael@0 205
michael@0 206 /*static*/ void
michael@0 207 SharedSSLState::NoteCertOverrideServiceInstantiated()
michael@0 208 {
michael@0 209 sCertOverrideSvcExists = true;
michael@0 210 }
michael@0 211
michael@0 212 /*static*/ void
michael@0 213 SharedSSLState::NoteCertDBServiceInstantiated()
michael@0 214 {
michael@0 215 sCertDBExists = true;
michael@0 216 }
michael@0 217
michael@0 218 void
michael@0 219 SharedSSLState::Cleanup()
michael@0 220 {
michael@0 221 mIOLayerHelpers.Cleanup();
michael@0 222 }
michael@0 223
michael@0 224 SharedSSLState*
michael@0 225 PublicSSLState()
michael@0 226 {
michael@0 227 return gPublicState;
michael@0 228 }
michael@0 229
michael@0 230 SharedSSLState*
michael@0 231 PrivateSSLState()
michael@0 232 {
michael@0 233 return gPrivateState;
michael@0 234 }
michael@0 235
michael@0 236 } // namespace psm
michael@0 237 } // namespace mozilla

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial