The Tor Browser / file comparison
comparison: security/manager/ssl/src/NSSErrorsService.cpp
security/manager/ssl/src/NSSErrorsService.cpp
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
equal
deleted
inserted
replaced
| -1:000000000000 | 0:a87c4777890a |
|---|---|
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 #include "NSSErrorsService.h" | |
| 6 | |
| 7 #include "nsNSSComponent.h" | |
| 8 #include "nsServiceManagerUtils.h" | |
| 9 #include "secerr.h" | |
| 10 #include "sslerr.h" | |
| 11 | |
| 12 #define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties" | |
| 13 #define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties" | |
| 14 | |
| 15 namespace mozilla { | |
| 16 namespace psm { | |
| 17 | |
| 18 NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService) | |
| 19 | |
| 20 nsresult | |
| 21 NSSErrorsService::Init() | |
| 22 { | |
| 23 nsresult rv; | |
| 24 nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv)); | |
| 25 if (NS_FAILED(rv) || !bundleService) | |
| 26 return NS_ERROR_FAILURE; | |
| 27 | |
| 28 bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL, | |
| 29 getter_AddRefs(mPIPNSSBundle)); | |
| 30 if (!mPIPNSSBundle) | |
| 31 rv = NS_ERROR_FAILURE; | |
| 32 | |
| 33 bundleService->CreateBundle(NSSERR_STRBUNDLE_URL, | |
| 34 getter_AddRefs(mNSSErrorsBundle)); | |
| 35 if (!mNSSErrorsBundle) | |
| 36 rv = NS_ERROR_FAILURE; | |
| 37 | |
| 38 return rv; | |
| 39 } | |
| 40 | |
| 41 #define EXPECTED_SEC_ERROR_BASE (-0x2000) | |
| 42 #define EXPECTED_SSL_ERROR_BASE (-0x3000) | |
| 43 | |
| 44 #if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE | |
| 45 #error "Unexpected change of error code numbers in lib NSS, please adjust the mapping code" | |
| 46 /* | |
| 47 * Please ensure the NSS error codes are mapped into the positive range 0x1000 to 0xf000 | |
| 48 * Search for NS_ERROR_MODULE_SECURITY to ensure there are no conflicts. | |
| 49 * The current code also assumes that NSS library error codes are negative. | |
| 50 */ | |
| 51 #endif | |
| 52 | |
| 53 NS_IMETHODIMP | |
| 54 NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool *_retval) | |
| 55 { | |
| 56 if (!_retval) | |
| 57 return NS_ERROR_FAILURE; | |
| 58 | |
| 59 *_retval = IS_SEC_ERROR(aNSPRCode) || IS_SSL_ERROR(aNSPRCode); | |
| 60 return NS_OK; | |
| 61 } | |
| 62 | |
| 63 NS_IMETHODIMP | |
| 64 NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode, nsresult *aXPCOMErrorCode) | |
| 65 { | |
| 66 if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode)) | |
| 67 return NS_ERROR_FAILURE; | |
| 68 | |
| 69 if (!aXPCOMErrorCode) | |
| 70 return NS_ERROR_INVALID_ARG; | |
| 71 | |
| 72 // The error codes within each module may be a 16 bit value. | |
| 73 // For simplicity let's use the positive value of the NSS code. | |
| 74 // XXX Don't make up nsresults, it's supposed to be an enum (bug 778113) | |
| 75 | |
| 76 *aXPCOMErrorCode = | |
| 77 (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY, | |
| 78 -1 * aNSPRCode); | |
| 79 return NS_OK; | |
| 80 } | |
| 81 | |
| 82 NS_IMETHODIMP | |
| 83 NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode, uint32_t *aErrorClass) | |
| 84 { | |
| 85 NS_ENSURE_ARG(aErrorClass); | |
| 86 | |
| 87 if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY | |
| 88 || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) | |
| 89 return NS_ERROR_FAILURE; | |
| 90 | |
| 91 int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode); | |
| 92 | |
| 93 if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode)) | |
| 94 return NS_ERROR_FAILURE; | |
| 95 | |
| 96 switch (aNSPRCode) | |
| 97 { | |
| 98 // Overridable errors. | |
| 99 case SEC_ERROR_UNKNOWN_ISSUER: | |
| 100 case SEC_ERROR_UNTRUSTED_ISSUER: | |
| 101 case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: | |
| 102 case SEC_ERROR_UNTRUSTED_CERT: | |
| 103 case SSL_ERROR_BAD_CERT_DOMAIN: | |
| 104 case SEC_ERROR_EXPIRED_CERTIFICATE: | |
| 105 case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED: | |
| 106 case SEC_ERROR_CA_CERT_INVALID: | |
| 107 *aErrorClass = ERROR_CLASS_BAD_CERT; | |
| 108 break; | |
| 109 // Non-overridable errors. | |
| 110 default: | |
| 111 *aErrorClass = ERROR_CLASS_SSL_PROTOCOL; | |
| 112 break; | |
| 113 } | |
| 114 return NS_OK; | |
| 115 } | |
| 116 | |
| 117 NS_IMETHODIMP | |
| 118 NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode, nsAString &aErrorMessage) | |
| 119 { | |
| 120 if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY | |
| 121 || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) | |
| 122 return NS_ERROR_FAILURE; | |
| 123 | |
| 124 int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode); | |
| 125 | |
| 126 if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode)) | |
| 127 return NS_ERROR_FAILURE; | |
| 128 | |
| 129 nsCOMPtr<nsIStringBundle> theBundle = mPIPNSSBundle; | |
| 130 const char *id_str = nsNSSErrors::getOverrideErrorStringName(aNSPRCode); | |
| 131 | |
| 132 if (!id_str) { | |
| 133 id_str = nsNSSErrors::getDefaultErrorStringName(aNSPRCode); | |
| 134 theBundle = mNSSErrorsBundle; | |
| 135 } | |
| 136 | |
| 137 if (!id_str || !theBundle) | |
| 138 return NS_ERROR_FAILURE; | |
| 139 | |
| 140 nsAutoString msg; | |
| 141 nsresult rv = | |
| 142 theBundle->GetStringFromName(NS_ConvertASCIItoUTF16(id_str).get(), | |
| 143 getter_Copies(msg)); | |
| 144 if (NS_SUCCEEDED(rv)) { | |
| 145 aErrorMessage = msg; | |
| 146 } | |
| 147 return rv; | |
| 148 } | |
| 149 | |
| 150 } // psm | |
| 151 } // mozilla |
