security/manager/ssl/src/NSSErrorsService.cpp@b8a032363ba2 (annotated)
security/manager/ssl/src/NSSErrorsService.cpp
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | |
| michael@0 | 5 | #include "NSSErrorsService.h" |
| michael@0 | 6 | |
| michael@0 | 7 | #include "nsNSSComponent.h" |
| michael@0 | 8 | #include "nsServiceManagerUtils.h" |
| michael@0 | 9 | #include "secerr.h" |
| michael@0 | 10 | #include "sslerr.h" |
| michael@0 | 11 | |
| michael@0 | 12 | #define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties" |
| michael@0 | 13 | #define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties" |
| michael@0 | 14 | |
| michael@0 | 15 | namespace mozilla { |
| michael@0 | 16 | namespace psm { |
| michael@0 | 17 | |
| michael@0 | 18 | NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService) |
| michael@0 | 19 | |
| michael@0 | 20 | nsresult |
| michael@0 | 21 | NSSErrorsService::Init() |
| michael@0 | 22 | { |
| michael@0 | 23 | nsresult rv; |
| michael@0 | 24 | nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv)); |
| michael@0 | 25 | if (NS_FAILED(rv) || !bundleService) |
| michael@0 | 26 | return NS_ERROR_FAILURE; |
| michael@0 | 27 | |
| michael@0 | 28 | bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL, |
| michael@0 | 29 | getter_AddRefs(mPIPNSSBundle)); |
| michael@0 | 30 | if (!mPIPNSSBundle) |
| michael@0 | 31 | rv = NS_ERROR_FAILURE; |
| michael@0 | 32 | |
| michael@0 | 33 | bundleService->CreateBundle(NSSERR_STRBUNDLE_URL, |
| michael@0 | 34 | getter_AddRefs(mNSSErrorsBundle)); |
| michael@0 | 35 | if (!mNSSErrorsBundle) |
| michael@0 | 36 | rv = NS_ERROR_FAILURE; |
| michael@0 | 37 | |
| michael@0 | 38 | return rv; |
| michael@0 | 39 | } |
| michael@0 | 40 | |
| michael@0 | 41 | #define EXPECTED_SEC_ERROR_BASE (-0x2000) |
| michael@0 | 42 | #define EXPECTED_SSL_ERROR_BASE (-0x3000) |
| michael@0 | 43 | |
| michael@0 | 44 | #if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE |
| michael@0 | 45 | #error "Unexpected change of error code numbers in lib NSS, please adjust the mapping code" |
| michael@0 | 46 | /* |
| michael@0 | 47 | * Please ensure the NSS error codes are mapped into the positive range 0x1000 to 0xf000 |
| michael@0 | 48 | * Search for NS_ERROR_MODULE_SECURITY to ensure there are no conflicts. |
| michael@0 | 49 | * The current code also assumes that NSS library error codes are negative. |
| michael@0 | 50 | */ |
| michael@0 | 51 | #endif |
| michael@0 | 52 | |
| michael@0 | 53 | NS_IMETHODIMP |
| michael@0 | 54 | NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool *_retval) |
| michael@0 | 55 | { |
| michael@0 | 56 | if (!_retval) |
| michael@0 | 57 | return NS_ERROR_FAILURE; |
| michael@0 | 58 | |
| michael@0 | 59 | *_retval = IS_SEC_ERROR(aNSPRCode) || IS_SSL_ERROR(aNSPRCode); |
| michael@0 | 60 | return NS_OK; |
| michael@0 | 61 | } |
| michael@0 | 62 | |
| michael@0 | 63 | NS_IMETHODIMP |
| michael@0 | 64 | NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode, nsresult *aXPCOMErrorCode) |
| michael@0 | 65 | { |
| michael@0 | 66 | if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode)) |
| michael@0 | 67 | return NS_ERROR_FAILURE; |
| michael@0 | 68 | |
| michael@0 | 69 | if (!aXPCOMErrorCode) |
| michael@0 | 70 | return NS_ERROR_INVALID_ARG; |
| michael@0 | 71 | |
| michael@0 | 72 | // The error codes within each module may be a 16 bit value. |
| michael@0 | 73 | // For simplicity let's use the positive value of the NSS code. |
| michael@0 | 74 | // XXX Don't make up nsresults, it's supposed to be an enum (bug 778113) |
| michael@0 | 75 | |
| michael@0 | 76 | *aXPCOMErrorCode = |
| michael@0 | 77 | (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, |
| michael@0 | 78 | -1 * aNSPRCode); |
| michael@0 | 79 | return NS_OK; |
| michael@0 | 80 | } |
| michael@0 | 81 | |
| michael@0 | 82 | NS_IMETHODIMP |
| michael@0 | 83 | NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode, uint32_t *aErrorClass) |
| michael@0 | 84 | { |
| michael@0 | 85 | NS_ENSURE_ARG(aErrorClass); |
| michael@0 | 86 | |
| michael@0 | 87 | if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY |
| michael@0 | 88 | || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) |
| michael@0 | 89 | return NS_ERROR_FAILURE; |
| michael@0 | 90 | |
| michael@0 | 91 | int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode); |
| michael@0 | 92 | |
| michael@0 | 93 | if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode)) |
| michael@0 | 94 | return NS_ERROR_FAILURE; |
| michael@0 | 95 | |
| michael@0 | 96 | switch (aNSPRCode) |
| michael@0 | 97 | { |
| michael@0 | 98 | // Overridable errors. |
| michael@0 | 99 | case SEC_ERROR_UNKNOWN_ISSUER: |
| michael@0 | 100 | case SEC_ERROR_UNTRUSTED_ISSUER: |
| michael@0 | 101 | case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: |
| michael@0 | 102 | case SEC_ERROR_UNTRUSTED_CERT: |
| michael@0 | 103 | case SSL_ERROR_BAD_CERT_DOMAIN: |
| michael@0 | 104 | case SEC_ERROR_EXPIRED_CERTIFICATE: |
| michael@0 | 105 | case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: |
| michael@0 | 106 | case SEC_ERROR_CA_CERT_INVALID: |
| michael@0 | 107 | *aErrorClass = ERROR_CLASS_BAD_CERT; |
| michael@0 | 108 | break; |
| michael@0 | 109 | // Non-overridable errors. |
| michael@0 | 110 | default: |
| michael@0 | 111 | *aErrorClass = ERROR_CLASS_SSL_PROTOCOL; |
| michael@0 | 112 | break; |
| michael@0 | 113 | } |
| michael@0 | 114 | return NS_OK; |
| michael@0 | 115 | } |
| michael@0 | 116 | |
| michael@0 | 117 | NS_IMETHODIMP |
| michael@0 | 118 | NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode, nsAString &aErrorMessage) |
| michael@0 | 119 | { |
| michael@0 | 120 | if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY |
| michael@0 | 121 | || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) |
| michael@0 | 122 | return NS_ERROR_FAILURE; |
| michael@0 | 123 | |
| michael@0 | 124 | int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode); |
| michael@0 | 125 | |
| michael@0 | 126 | if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode)) |
| michael@0 | 127 | return NS_ERROR_FAILURE; |
| michael@0 | 128 | |
| michael@0 | 129 | nsCOMPtr<nsIStringBundle> theBundle = mPIPNSSBundle; |
| michael@0 | 130 | const char *id_str = nsNSSErrors::getOverrideErrorStringName(aNSPRCode); |
| michael@0 | 131 | |
| michael@0 | 132 | if (!id_str) { |
| michael@0 | 133 | id_str = nsNSSErrors::getDefaultErrorStringName(aNSPRCode); |
| michael@0 | 134 | theBundle = mNSSErrorsBundle; |
| michael@0 | 135 | } |
| michael@0 | 136 | |
| michael@0 | 137 | if (!id_str || !theBundle) |
| michael@0 | 138 | return NS_ERROR_FAILURE; |
| michael@0 | 139 | |
| michael@0 | 140 | nsAutoString msg; |
| michael@0 | 141 | nsresult rv = |
| michael@0 | 142 | theBundle->GetStringFromName(NS_ConvertASCIItoUTF16(id_str).get(), |
| michael@0 | 143 | getter_Copies(msg)); |
| michael@0 | 144 | if (NS_SUCCEEDED(rv)) { |
| michael@0 | 145 | aErrorMessage = msg; |
| michael@0 | 146 | } |
| michael@0 | 147 | return rv; |
| michael@0 | 148 | } |
| michael@0 | 149 | |
| michael@0 | 150 | } // psm |
| michael@0 | 151 | } // mozilla |
