The Tor Browser / file diff

diff: security/manager/ssl/src/nsClientAuthRemember.cpp

security/manager/ssl/src/nsClientAuthRemember.cpp

changeset 0
6474c204b198
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/manager/ssl/src/nsClientAuthRemember.cpp	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,212 @@
     1.4 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
     1.5 + *
     1.6 + * This Source Code Form is subject to the terms of the Mozilla Public
     1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this
     1.8 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
     1.9 +
    1.10 +#include "nsClientAuthRemember.h"
    1.11 +
    1.12 +#include "nsIX509Cert.h"
    1.13 +#include "mozilla/RefPtr.h"
    1.14 +#include "nsCRT.h"
    1.15 +#include "nsNetUtil.h"
    1.16 +#include "nsNSSCertHelper.h"
    1.17 +#include "nsIObserverService.h"
    1.18 +#include "nsNetUtil.h"
    1.19 +#include "nsISupportsPrimitives.h"
    1.20 +#include "nsPromiseFlatString.h"
    1.21 +#include "nsThreadUtils.h"
    1.22 +#include "nsStringBuffer.h"
    1.23 +#include "cert.h"
    1.24 +#include "nspr.h"
    1.25 +#include "pk11pub.h"
    1.26 +#include "certdb.h"
    1.27 +#include "sechash.h"
    1.28 +#include "SharedSSLState.h"
    1.29 +
    1.30 +using namespace mozilla;
    1.31 +using namespace mozilla::psm;
    1.32 +
    1.33 +NS_IMPL_ISUPPORTS(nsClientAuthRememberService,
    1.34 +                  nsIObserver,
    1.35 +                  nsISupportsWeakReference)
    1.36 +
    1.37 +nsClientAuthRememberService::nsClientAuthRememberService()
    1.38 +  : monitor("nsClientAuthRememberService.monitor")
    1.39 +{
    1.40 +}
    1.41 +
    1.42 +nsClientAuthRememberService::~nsClientAuthRememberService()
    1.43 +{
    1.44 +  RemoveAllFromMemory();
    1.45 +}
    1.46 +
    1.47 +nsresult
    1.48 +nsClientAuthRememberService::Init()
    1.49 +{
    1.50 +  if (!NS_IsMainThread()) {
    1.51 +    NS_ERROR("nsClientAuthRememberService::Init called off the main thread");
    1.52 +    return NS_ERROR_NOT_SAME_THREAD;
    1.53 +  }
    1.54 +
    1.55 +  nsCOMPtr<nsIObserverService> observerService =
    1.56 +      mozilla::services::GetObserverService();
    1.57 +  if (observerService) {
    1.58 +    observerService->AddObserver(this, "profile-before-change", true);
    1.59 +  }
    1.60 +
    1.61 +  return NS_OK;
    1.62 +}
    1.63 +
    1.64 +NS_IMETHODIMP
    1.65 +nsClientAuthRememberService::Observe(nsISupports     *aSubject,
    1.66 +                               const char      *aTopic,
    1.67 +                               const char16_t *aData)
    1.68 +{
    1.69 +  // check the topic
    1.70 +  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
    1.71 +    // The profile is about to change,
    1.72 +    // or is going away because the application is shutting down.
    1.73 +
    1.74 +    ReentrantMonitorAutoEnter lock(monitor);
    1.75 +    RemoveAllFromMemory();
    1.76 +  }
    1.77 +
    1.78 +  return NS_OK;
    1.79 +}
    1.80 +
    1.81 +void nsClientAuthRememberService::ClearRememberedDecisions()
    1.82 +{
    1.83 +  ReentrantMonitorAutoEnter lock(monitor);
    1.84 +  RemoveAllFromMemory();
    1.85 +}
    1.86 +
    1.87 +void nsClientAuthRememberService::ClearAllRememberedDecisions()
    1.88 +{
    1.89 +  RefPtr<nsClientAuthRememberService> svc =
    1.90 +    PublicSSLState()->GetClientAuthRememberService();
    1.91 +  svc->ClearRememberedDecisions();
    1.92 +
    1.93 +  svc = PrivateSSLState()->GetClientAuthRememberService();
    1.94 +  svc->ClearRememberedDecisions();
    1.95 +}
    1.96 +
    1.97 +void
    1.98 +nsClientAuthRememberService::RemoveAllFromMemory()
    1.99 +{
   1.100 +  mSettingsTable.Clear();
   1.101 +}
   1.102 +
   1.103 +nsresult
   1.104 +nsClientAuthRememberService::RememberDecision(const nsACString & aHostName, 
   1.105 +                                              CERTCertificate *aServerCert, CERTCertificate *aClientCert)
   1.106 +{
   1.107 +  // aClientCert == nullptr means: remember that user does not want to use a cert
   1.108 +  NS_ENSURE_ARG_POINTER(aServerCert);
   1.109 +  if (aHostName.IsEmpty())
   1.110 +    return NS_ERROR_INVALID_ARG;
   1.111 +
   1.112 +  nsAutoCString fpStr;
   1.113 +  nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr);
   1.114 +  if (NS_FAILED(rv))
   1.115 +    return rv;
   1.116 +
   1.117 +  {
   1.118 +    ReentrantMonitorAutoEnter lock(monitor);
   1.119 +    if (aClientCert) {
   1.120 +      nsNSSCertificate pipCert(aClientCert);
   1.121 +      char *dbkey = nullptr;
   1.122 +      rv = pipCert.GetDbKey(&dbkey);
   1.123 +      if (NS_SUCCEEDED(rv) && dbkey) {
   1.124 +        AddEntryToList(aHostName, fpStr, 
   1.125 +                       nsDependentCString(dbkey));
   1.126 +      }
   1.127 +      if (dbkey) {
   1.128 +        PORT_Free(dbkey);
   1.129 +      }
   1.130 +    }
   1.131 +    else {
   1.132 +      nsCString empty;
   1.133 +      AddEntryToList(aHostName, fpStr, empty);
   1.134 +    }
   1.135 +  }
   1.136 +
   1.137 +  return NS_OK;
   1.138 +}
   1.139 +
   1.140 +nsresult
   1.141 +nsClientAuthRememberService::HasRememberedDecision(const nsACString & aHostName, 
   1.142 +                                                   CERTCertificate *aCert, 
   1.143 +                                                   nsACString & aCertDBKey,
   1.144 +                                                   bool *_retval)
   1.145 +{
   1.146 +  if (aHostName.IsEmpty())
   1.147 +    return NS_ERROR_INVALID_ARG;
   1.148 +
   1.149 +  NS_ENSURE_ARG_POINTER(aCert);
   1.150 +  NS_ENSURE_ARG_POINTER(_retval);
   1.151 +  *_retval = false;
   1.152 +
   1.153 +  nsresult rv;
   1.154 +  nsAutoCString fpStr;
   1.155 +  rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr);
   1.156 +  if (NS_FAILED(rv))
   1.157 +    return rv;
   1.158 +
   1.159 +  nsAutoCString hostCert;
   1.160 +  GetHostWithCert(aHostName, fpStr, hostCert);
   1.161 +  nsClientAuthRemember settings;
   1.162 +
   1.163 +  {
   1.164 +    ReentrantMonitorAutoEnter lock(monitor);
   1.165 +    nsClientAuthRememberEntry *entry = mSettingsTable.GetEntry(hostCert.get());
   1.166 +    if (!entry)
   1.167 +      return NS_OK;
   1.168 +    settings = entry->mSettings; // copy
   1.169 +  }
   1.170 +
   1.171 +  aCertDBKey = settings.mDBKey;
   1.172 +  *_retval = true;
   1.173 +  return NS_OK;
   1.174 +}
   1.175 +
   1.176 +nsresult
   1.177 +nsClientAuthRememberService::AddEntryToList(const nsACString &aHostName, 
   1.178 +                                      const nsACString &fingerprint,
   1.179 +                                      const nsACString &db_key)
   1.180 +
   1.181 +{
   1.182 +  nsAutoCString hostCert;
   1.183 +  GetHostWithCert(aHostName, fingerprint, hostCert);
   1.184 +
   1.185 +  {
   1.186 +    ReentrantMonitorAutoEnter lock(monitor);
   1.187 +    nsClientAuthRememberEntry *entry = mSettingsTable.PutEntry(hostCert.get());
   1.188 +
   1.189 +    if (!entry) {
   1.190 +      NS_ERROR("can't insert a null entry!");
   1.191 +      return NS_ERROR_OUT_OF_MEMORY;
   1.192 +    }
   1.193 +
   1.194 +    entry->mHostWithCert = hostCert;
   1.195 +
   1.196 +    nsClientAuthRemember &settings = entry->mSettings;
   1.197 +    settings.mAsciiHost = aHostName;
   1.198 +    settings.mFingerprint = fingerprint;
   1.199 +    settings.mDBKey = db_key;
   1.200 +  }
   1.201 +
   1.202 +  return NS_OK;
   1.203 +}
   1.204 +
   1.205 +void
   1.206 +nsClientAuthRememberService::GetHostWithCert(const nsACString & aHostName, 
   1.207 +                                             const nsACString & fingerprint, 
   1.208 +                                             nsACString& _retval)
   1.209 +{
   1.210 +  nsAutoCString hostCert(aHostName);
   1.211 +  hostCert.AppendLiteral(":");
   1.212 +  hostCert.Append(fingerprint);
   1.213 +  
   1.214 +  _retval.Assign(hostCert);
   1.215 +}

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial