The Tor Browser / annotate

security/manager/ssl/src/nsSSLStatus.cpp@6474c204b198 (annotated)

security/manager/ssl/src/nsSSLStatus.cpp

Wed, 31 Dec 2014 06:09:35 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 06:09:35 +0100
changeset 0
6474c204b198
permissions
-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0 1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
michael@0 2 *
michael@0 3 * This Source Code Form is subject to the terms of the Mozilla Public
michael@0 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 6
michael@0 7 #include "nsSSLStatus.h"
michael@0 8 #include "plstr.h"
michael@0 9 #include "nsIClassInfoImpl.h"
michael@0 10 #include "nsIIdentityInfo.h"
michael@0 11 #include "nsIProgrammingLanguage.h"
michael@0 12 #include "nsIObjectOutputStream.h"
michael@0 13 #include "nsIObjectInputStream.h"
michael@0 14
michael@0 15 NS_IMETHODIMP
michael@0 16 nsSSLStatus::GetServerCert(nsIX509Cert** _result)
michael@0 17 {
michael@0 18 NS_ASSERTION(_result, "non-NULL destination required");
michael@0 19
michael@0 20 *_result = mServerCert;
michael@0 21 NS_IF_ADDREF(*_result);
michael@0 22
michael@0 23 return NS_OK;
michael@0 24 }
michael@0 25
michael@0 26 NS_IMETHODIMP
michael@0 27 nsSSLStatus::GetKeyLength(uint32_t* _result)
michael@0 28 {
michael@0 29 NS_ASSERTION(_result, "non-NULL destination required");
michael@0 30 if (!mHaveKeyLengthAndCipher)
michael@0 31 return NS_ERROR_NOT_AVAILABLE;
michael@0 32
michael@0 33 *_result = mKeyLength;
michael@0 34
michael@0 35 return NS_OK;
michael@0 36 }
michael@0 37
michael@0 38 NS_IMETHODIMP
michael@0 39 nsSSLStatus::GetSecretKeyLength(uint32_t* _result)
michael@0 40 {
michael@0 41 NS_ASSERTION(_result, "non-NULL destination required");
michael@0 42 if (!mHaveKeyLengthAndCipher)
michael@0 43 return NS_ERROR_NOT_AVAILABLE;
michael@0 44
michael@0 45 *_result = mSecretKeyLength;
michael@0 46
michael@0 47 return NS_OK;
michael@0 48 }
michael@0 49
michael@0 50 NS_IMETHODIMP
michael@0 51 nsSSLStatus::GetCipherName(char** _result)
michael@0 52 {
michael@0 53 NS_ASSERTION(_result, "non-NULL destination required");
michael@0 54 if (!mHaveKeyLengthAndCipher)
michael@0 55 return NS_ERROR_NOT_AVAILABLE;
michael@0 56
michael@0 57 *_result = ToNewCString(mCipherName);
michael@0 58
michael@0 59 return NS_OK;
michael@0 60 }
michael@0 61
michael@0 62 NS_IMETHODIMP
michael@0 63 nsSSLStatus::GetIsDomainMismatch(bool* _result)
michael@0 64 {
michael@0 65 NS_ASSERTION(_result, "non-NULL destination required");
michael@0 66
michael@0 67 *_result = mHaveCertErrorBits && mIsDomainMismatch;
michael@0 68
michael@0 69 return NS_OK;
michael@0 70 }
michael@0 71
michael@0 72 NS_IMETHODIMP
michael@0 73 nsSSLStatus::GetIsNotValidAtThisTime(bool* _result)
michael@0 74 {
michael@0 75 NS_ASSERTION(_result, "non-NULL destination required");
michael@0 76
michael@0 77 *_result = mHaveCertErrorBits && mIsNotValidAtThisTime;
michael@0 78
michael@0 79 return NS_OK;
michael@0 80 }
michael@0 81
michael@0 82 NS_IMETHODIMP
michael@0 83 nsSSLStatus::GetIsUntrusted(bool* _result)
michael@0 84 {
michael@0 85 NS_ASSERTION(_result, "non-NULL destination required");
michael@0 86
michael@0 87 *_result = mHaveCertErrorBits && mIsUntrusted;
michael@0 88
michael@0 89 return NS_OK;
michael@0 90 }
michael@0 91
michael@0 92 NS_IMETHODIMP
michael@0 93 nsSSLStatus::GetIsExtendedValidation(bool* aIsEV)
michael@0 94 {
michael@0 95 NS_ENSURE_ARG_POINTER(aIsEV);
michael@0 96 *aIsEV = false;
michael@0 97
michael@0 98 #ifdef MOZ_NO_EV_CERTS
michael@0 99 return NS_OK;
michael@0 100 #else
michael@0 101 nsCOMPtr<nsIX509Cert> cert = mServerCert;
michael@0 102 nsresult rv;
michael@0 103 nsCOMPtr<nsIIdentityInfo> idinfo = do_QueryInterface(cert, &rv);
michael@0 104
michael@0 105 // mServerCert should never be null when this method is called because
michael@0 106 // nsSSLStatus objects always have mServerCert set right after they are
michael@0 107 // constructed and before they are returned. GetIsExtendedValidation should
michael@0 108 // only be called in the chrome process (in e10s), and mServerCert will always
michael@0 109 // implement nsIIdentityInfo in the chrome process.
michael@0 110 if (!idinfo) {
michael@0 111 NS_ERROR("nsSSLStatus has null mServerCert or was called in the content "
michael@0 112 "process");
michael@0 113 return NS_ERROR_UNEXPECTED;
michael@0 114 }
michael@0 115
michael@0 116 // Never allow bad certs for EV, regardless of overrides.
michael@0 117 if (mHaveCertErrorBits) {
michael@0 118 return NS_OK;
michael@0 119 }
michael@0 120
michael@0 121 return idinfo->GetIsExtendedValidation(aIsEV);
michael@0 122 #endif
michael@0 123 }
michael@0 124
michael@0 125 NS_IMETHODIMP
michael@0 126 nsSSLStatus::Read(nsIObjectInputStream* stream)
michael@0 127 {
michael@0 128 nsCOMPtr<nsISupports> cert;
michael@0 129 nsresult rv = stream->ReadObject(true, getter_AddRefs(cert));
michael@0 130 NS_ENSURE_SUCCESS(rv, rv);
michael@0 131
michael@0 132 mServerCert = do_QueryInterface(cert);
michael@0 133 if (!mServerCert)
michael@0 134 return NS_NOINTERFACE;
michael@0 135
michael@0 136 rv = stream->Read32(&mKeyLength);
michael@0 137 NS_ENSURE_SUCCESS(rv, rv);
michael@0 138 rv = stream->Read32(&mSecretKeyLength);
michael@0 139 NS_ENSURE_SUCCESS(rv, rv);
michael@0 140 rv = stream->ReadCString(mCipherName);
michael@0 141 NS_ENSURE_SUCCESS(rv, rv);
michael@0 142
michael@0 143 rv = stream->ReadBoolean(&mIsDomainMismatch);
michael@0 144 NS_ENSURE_SUCCESS(rv, rv);
michael@0 145 rv = stream->ReadBoolean(&mIsNotValidAtThisTime);
michael@0 146 NS_ENSURE_SUCCESS(rv, rv);
michael@0 147 rv = stream->ReadBoolean(&mIsUntrusted);
michael@0 148 NS_ENSURE_SUCCESS(rv, rv);
michael@0 149
michael@0 150 rv = stream->ReadBoolean(&mHaveKeyLengthAndCipher);
michael@0 151 NS_ENSURE_SUCCESS(rv, rv);
michael@0 152 rv = stream->ReadBoolean(&mHaveCertErrorBits);
michael@0 153 NS_ENSURE_SUCCESS(rv, rv);
michael@0 154
michael@0 155 return NS_OK;
michael@0 156 }
michael@0 157
michael@0 158 NS_IMETHODIMP
michael@0 159 nsSSLStatus::Write(nsIObjectOutputStream* stream)
michael@0 160 {
michael@0 161 nsresult rv = stream->WriteCompoundObject(mServerCert,
michael@0 162 NS_GET_IID(nsIX509Cert),
michael@0 163 true);
michael@0 164 NS_ENSURE_SUCCESS(rv, rv);
michael@0 165
michael@0 166 rv = stream->Write32(mKeyLength);
michael@0 167 NS_ENSURE_SUCCESS(rv, rv);
michael@0 168 rv = stream->Write32(mSecretKeyLength);
michael@0 169 NS_ENSURE_SUCCESS(rv, rv);
michael@0 170 rv = stream->WriteStringZ(mCipherName.get());
michael@0 171 NS_ENSURE_SUCCESS(rv, rv);
michael@0 172
michael@0 173 rv = stream->WriteBoolean(mIsDomainMismatch);
michael@0 174 NS_ENSURE_SUCCESS(rv, rv);
michael@0 175 rv = stream->WriteBoolean(mIsNotValidAtThisTime);
michael@0 176 NS_ENSURE_SUCCESS(rv, rv);
michael@0 177 rv = stream->WriteBoolean(mIsUntrusted);
michael@0 178 NS_ENSURE_SUCCESS(rv, rv);
michael@0 179
michael@0 180 rv = stream->WriteBoolean(mHaveKeyLengthAndCipher);
michael@0 181 NS_ENSURE_SUCCESS(rv, rv);
michael@0 182 rv = stream->WriteBoolean(mHaveCertErrorBits);
michael@0 183 NS_ENSURE_SUCCESS(rv, rv);
michael@0 184
michael@0 185 return NS_OK;
michael@0 186 }
michael@0 187
michael@0 188 NS_IMETHODIMP
michael@0 189 nsSSLStatus::GetInterfaces(uint32_t *count, nsIID * **array)
michael@0 190 {
michael@0 191 *count = 0;
michael@0 192 *array = nullptr;
michael@0 193 return NS_OK;
michael@0 194 }
michael@0 195
michael@0 196 NS_IMETHODIMP
michael@0 197 nsSSLStatus::GetHelperForLanguage(uint32_t language, nsISupports **_retval)
michael@0 198 {
michael@0 199 *_retval = nullptr;
michael@0 200 return NS_OK;
michael@0 201 }
michael@0 202
michael@0 203 NS_IMETHODIMP
michael@0 204 nsSSLStatus::GetContractID(char * *aContractID)
michael@0 205 {
michael@0 206 *aContractID = nullptr;
michael@0 207 return NS_OK;
michael@0 208 }
michael@0 209
michael@0 210 NS_IMETHODIMP
michael@0 211 nsSSLStatus::GetClassDescription(char * *aClassDescription)
michael@0 212 {
michael@0 213 *aClassDescription = nullptr;
michael@0 214 return NS_OK;
michael@0 215 }
michael@0 216
michael@0 217 NS_IMETHODIMP
michael@0 218 nsSSLStatus::GetClassID(nsCID * *aClassID)
michael@0 219 {
michael@0 220 *aClassID = (nsCID*) nsMemory::Alloc(sizeof(nsCID));
michael@0 221 if (!*aClassID)
michael@0 222 return NS_ERROR_OUT_OF_MEMORY;
michael@0 223 return GetClassIDNoAlloc(*aClassID);
michael@0 224 }
michael@0 225
michael@0 226 NS_IMETHODIMP
michael@0 227 nsSSLStatus::GetImplementationLanguage(uint32_t *aImplementationLanguage)
michael@0 228 {
michael@0 229 *aImplementationLanguage = nsIProgrammingLanguage::CPLUSPLUS;
michael@0 230 return NS_OK;
michael@0 231 }
michael@0 232
michael@0 233 NS_IMETHODIMP
michael@0 234 nsSSLStatus::GetFlags(uint32_t *aFlags)
michael@0 235 {
michael@0 236 *aFlags = 0;
michael@0 237 return NS_OK;
michael@0 238 }
michael@0 239
michael@0 240 static NS_DEFINE_CID(kSSLStatusCID, NS_SSLSTATUS_CID);
michael@0 241
michael@0 242 NS_IMETHODIMP
michael@0 243 nsSSLStatus::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
michael@0 244 {
michael@0 245 *aClassIDNoAlloc = kSSLStatusCID;
michael@0 246 return NS_OK;
michael@0 247 }
michael@0 248
michael@0 249 nsSSLStatus::nsSSLStatus()
michael@0 250 : mKeyLength(0), mSecretKeyLength(0)
michael@0 251 , mIsDomainMismatch(false)
michael@0 252 , mIsNotValidAtThisTime(false)
michael@0 253 , mIsUntrusted(false)
michael@0 254 , mHaveKeyLengthAndCipher(false)
michael@0 255 , mHaveCertErrorBits(false)
michael@0 256 {
michael@0 257 mCipherName = "";
michael@0 258 }
michael@0 259
michael@0 260 NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
michael@0 261
michael@0 262 nsSSLStatus::~nsSSLStatus()
michael@0 263 {
michael@0 264 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial