1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/src/NSSErrorsService.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,151 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#include "NSSErrorsService.h"
1.9 +
1.10 +#include "nsNSSComponent.h"
1.11 +#include "nsServiceManagerUtils.h"
1.12 +#include "secerr.h"
1.13 +#include "sslerr.h"
1.14 +
1.15 +#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
1.16 +#define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties"
1.17 +
1.18 +namespace mozilla {
1.19 +namespace psm {
1.20 +
1.21 +NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService)
1.22 +
1.23 +nsresult
1.24 +NSSErrorsService::Init()
1.25 +{
1.26 + nsresult rv;
1.27 + nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
1.28 + if (NS_FAILED(rv) || !bundleService)
1.29 + return NS_ERROR_FAILURE;
1.30 +
1.31 + bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL,
1.32 + getter_AddRefs(mPIPNSSBundle));
1.33 + if (!mPIPNSSBundle)
1.34 + rv = NS_ERROR_FAILURE;
1.35 +
1.36 + bundleService->CreateBundle(NSSERR_STRBUNDLE_URL,
1.37 + getter_AddRefs(mNSSErrorsBundle));
1.38 + if (!mNSSErrorsBundle)
1.39 + rv = NS_ERROR_FAILURE;
1.40 +
1.41 + return rv;
1.42 +}
1.43 +
1.44 +#define EXPECTED_SEC_ERROR_BASE (-0x2000)
1.45 +#define EXPECTED_SSL_ERROR_BASE (-0x3000)
1.46 +
1.47 +#if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE
1.48 +#error "Unexpected change of error code numbers in lib NSS, please adjust the mapping code"
1.49 +/*
1.50 + * Please ensure the NSS error codes are mapped into the positive range 0x1000 to 0xf000
1.51 + * Search for NS_ERROR_MODULE_SECURITY to ensure there are no conflicts.
1.52 + * The current code also assumes that NSS library error codes are negative.
1.53 + */
1.54 +#endif
1.55 +
1.56 +NS_IMETHODIMP
1.57 +NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool *_retval)
1.58 +{
1.59 + if (!_retval)
1.60 + return NS_ERROR_FAILURE;
1.61 +
1.62 + *_retval = IS_SEC_ERROR(aNSPRCode) || IS_SSL_ERROR(aNSPRCode);
1.63 + return NS_OK;
1.64 +}
1.65 +
1.66 +NS_IMETHODIMP
1.67 +NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode, nsresult *aXPCOMErrorCode)
1.68 +{
1.69 + if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode))
1.70 + return NS_ERROR_FAILURE;
1.71 +
1.72 + if (!aXPCOMErrorCode)
1.73 + return NS_ERROR_INVALID_ARG;
1.74 +
1.75 + // The error codes within each module may be a 16 bit value.
1.76 + // For simplicity let's use the positive value of the NSS code.
1.77 + // XXX Don't make up nsresults, it's supposed to be an enum (bug 778113)
1.78 +
1.79 + *aXPCOMErrorCode =
1.80 + (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY,
1.81 + -1 * aNSPRCode);
1.82 + return NS_OK;
1.83 +}
1.84 +
1.85 +NS_IMETHODIMP
1.86 +NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode, uint32_t *aErrorClass)
1.87 +{
1.88 + NS_ENSURE_ARG(aErrorClass);
1.89 +
1.90 + if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY
1.91 + || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR)
1.92 + return NS_ERROR_FAILURE;
1.93 +
1.94 + int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
1.95 +
1.96 + if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode))
1.97 + return NS_ERROR_FAILURE;
1.98 +
1.99 + switch (aNSPRCode)
1.100 + {
1.101 + // Overridable errors.
1.102 + case SEC_ERROR_UNKNOWN_ISSUER:
1.103 + case SEC_ERROR_UNTRUSTED_ISSUER:
1.104 + case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
1.105 + case SEC_ERROR_UNTRUSTED_CERT:
1.106 + case SSL_ERROR_BAD_CERT_DOMAIN:
1.107 + case SEC_ERROR_EXPIRED_CERTIFICATE:
1.108 + case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
1.109 + case SEC_ERROR_CA_CERT_INVALID:
1.110 + *aErrorClass = ERROR_CLASS_BAD_CERT;
1.111 + break;
1.112 + // Non-overridable errors.
1.113 + default:
1.114 + *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
1.115 + break;
1.116 + }
1.117 + return NS_OK;
1.118 +}
1.119 +
1.120 +NS_IMETHODIMP
1.121 +NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode, nsAString &aErrorMessage)
1.122 +{
1.123 + if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY
1.124 + || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR)
1.125 + return NS_ERROR_FAILURE;
1.126 +
1.127 + int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
1.128 +
1.129 + if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode))
1.130 + return NS_ERROR_FAILURE;
1.131 +
1.132 + nsCOMPtr<nsIStringBundle> theBundle = mPIPNSSBundle;
1.133 + const char *id_str = nsNSSErrors::getOverrideErrorStringName(aNSPRCode);
1.134 +
1.135 + if (!id_str) {
1.136 + id_str = nsNSSErrors::getDefaultErrorStringName(aNSPRCode);
1.137 + theBundle = mNSSErrorsBundle;
1.138 + }
1.139 +
1.140 + if (!id_str || !theBundle)
1.141 + return NS_ERROR_FAILURE;
1.142 +
1.143 + nsAutoString msg;
1.144 + nsresult rv =
1.145 + theBundle->GetStringFromName(NS_ConvertASCIItoUTF16(id_str).get(),
1.146 + getter_Copies(msg));
1.147 + if (NS_SUCCEEDED(rv)) {
1.148 + aErrorMessage = msg;
1.149 + }
1.150 + return rv;
1.151 +}
1.152 +
1.153 +} // psm
1.154 +} // mozilla
