1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/src/nsSSLStatus.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,264 @@
1.4 +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
1.5 + *
1.6 + * This Source Code Form is subject to the terms of the Mozilla Public
1.7 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.8 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.9 +
1.10 +#include "nsSSLStatus.h"
1.11 +#include "plstr.h"
1.12 +#include "nsIClassInfoImpl.h"
1.13 +#include "nsIIdentityInfo.h"
1.14 +#include "nsIProgrammingLanguage.h"
1.15 +#include "nsIObjectOutputStream.h"
1.16 +#include "nsIObjectInputStream.h"
1.17 +
1.18 +NS_IMETHODIMP
1.19 +nsSSLStatus::GetServerCert(nsIX509Cert** _result)
1.20 +{
1.21 + NS_ASSERTION(_result, "non-NULL destination required");
1.22 +
1.23 + *_result = mServerCert;
1.24 + NS_IF_ADDREF(*_result);
1.25 +
1.26 + return NS_OK;
1.27 +}
1.28 +
1.29 +NS_IMETHODIMP
1.30 +nsSSLStatus::GetKeyLength(uint32_t* _result)
1.31 +{
1.32 + NS_ASSERTION(_result, "non-NULL destination required");
1.33 + if (!mHaveKeyLengthAndCipher)
1.34 + return NS_ERROR_NOT_AVAILABLE;
1.35 +
1.36 + *_result = mKeyLength;
1.37 +
1.38 + return NS_OK;
1.39 +}
1.40 +
1.41 +NS_IMETHODIMP
1.42 +nsSSLStatus::GetSecretKeyLength(uint32_t* _result)
1.43 +{
1.44 + NS_ASSERTION(_result, "non-NULL destination required");
1.45 + if (!mHaveKeyLengthAndCipher)
1.46 + return NS_ERROR_NOT_AVAILABLE;
1.47 +
1.48 + *_result = mSecretKeyLength;
1.49 +
1.50 + return NS_OK;
1.51 +}
1.52 +
1.53 +NS_IMETHODIMP
1.54 +nsSSLStatus::GetCipherName(char** _result)
1.55 +{
1.56 + NS_ASSERTION(_result, "non-NULL destination required");
1.57 + if (!mHaveKeyLengthAndCipher)
1.58 + return NS_ERROR_NOT_AVAILABLE;
1.59 +
1.60 + *_result = ToNewCString(mCipherName);
1.61 +
1.62 + return NS_OK;
1.63 +}
1.64 +
1.65 +NS_IMETHODIMP
1.66 +nsSSLStatus::GetIsDomainMismatch(bool* _result)
1.67 +{
1.68 + NS_ASSERTION(_result, "non-NULL destination required");
1.69 +
1.70 + *_result = mHaveCertErrorBits && mIsDomainMismatch;
1.71 +
1.72 + return NS_OK;
1.73 +}
1.74 +
1.75 +NS_IMETHODIMP
1.76 +nsSSLStatus::GetIsNotValidAtThisTime(bool* _result)
1.77 +{
1.78 + NS_ASSERTION(_result, "non-NULL destination required");
1.79 +
1.80 + *_result = mHaveCertErrorBits && mIsNotValidAtThisTime;
1.81 +
1.82 + return NS_OK;
1.83 +}
1.84 +
1.85 +NS_IMETHODIMP
1.86 +nsSSLStatus::GetIsUntrusted(bool* _result)
1.87 +{
1.88 + NS_ASSERTION(_result, "non-NULL destination required");
1.89 +
1.90 + *_result = mHaveCertErrorBits && mIsUntrusted;
1.91 +
1.92 + return NS_OK;
1.93 +}
1.94 +
1.95 +NS_IMETHODIMP
1.96 +nsSSLStatus::GetIsExtendedValidation(bool* aIsEV)
1.97 +{
1.98 + NS_ENSURE_ARG_POINTER(aIsEV);
1.99 + *aIsEV = false;
1.100 +
1.101 +#ifdef MOZ_NO_EV_CERTS
1.102 + return NS_OK;
1.103 +#else
1.104 + nsCOMPtr<nsIX509Cert> cert = mServerCert;
1.105 + nsresult rv;
1.106 + nsCOMPtr<nsIIdentityInfo> idinfo = do_QueryInterface(cert, &rv);
1.107 +
1.108 + // mServerCert should never be null when this method is called because
1.109 + // nsSSLStatus objects always have mServerCert set right after they are
1.110 + // constructed and before they are returned. GetIsExtendedValidation should
1.111 + // only be called in the chrome process (in e10s), and mServerCert will always
1.112 + // implement nsIIdentityInfo in the chrome process.
1.113 + if (!idinfo) {
1.114 + NS_ERROR("nsSSLStatus has null mServerCert or was called in the content "
1.115 + "process");
1.116 + return NS_ERROR_UNEXPECTED;
1.117 + }
1.118 +
1.119 + // Never allow bad certs for EV, regardless of overrides.
1.120 + if (mHaveCertErrorBits) {
1.121 + return NS_OK;
1.122 + }
1.123 +
1.124 + return idinfo->GetIsExtendedValidation(aIsEV);
1.125 +#endif
1.126 +}
1.127 +
1.128 +NS_IMETHODIMP
1.129 +nsSSLStatus::Read(nsIObjectInputStream* stream)
1.130 +{
1.131 + nsCOMPtr<nsISupports> cert;
1.132 + nsresult rv = stream->ReadObject(true, getter_AddRefs(cert));
1.133 + NS_ENSURE_SUCCESS(rv, rv);
1.134 +
1.135 + mServerCert = do_QueryInterface(cert);
1.136 + if (!mServerCert)
1.137 + return NS_NOINTERFACE;
1.138 +
1.139 + rv = stream->Read32(&mKeyLength);
1.140 + NS_ENSURE_SUCCESS(rv, rv);
1.141 + rv = stream->Read32(&mSecretKeyLength);
1.142 + NS_ENSURE_SUCCESS(rv, rv);
1.143 + rv = stream->ReadCString(mCipherName);
1.144 + NS_ENSURE_SUCCESS(rv, rv);
1.145 +
1.146 + rv = stream->ReadBoolean(&mIsDomainMismatch);
1.147 + NS_ENSURE_SUCCESS(rv, rv);
1.148 + rv = stream->ReadBoolean(&mIsNotValidAtThisTime);
1.149 + NS_ENSURE_SUCCESS(rv, rv);
1.150 + rv = stream->ReadBoolean(&mIsUntrusted);
1.151 + NS_ENSURE_SUCCESS(rv, rv);
1.152 +
1.153 + rv = stream->ReadBoolean(&mHaveKeyLengthAndCipher);
1.154 + NS_ENSURE_SUCCESS(rv, rv);
1.155 + rv = stream->ReadBoolean(&mHaveCertErrorBits);
1.156 + NS_ENSURE_SUCCESS(rv, rv);
1.157 +
1.158 + return NS_OK;
1.159 +}
1.160 +
1.161 +NS_IMETHODIMP
1.162 +nsSSLStatus::Write(nsIObjectOutputStream* stream)
1.163 +{
1.164 + nsresult rv = stream->WriteCompoundObject(mServerCert,
1.165 + NS_GET_IID(nsIX509Cert),
1.166 + true);
1.167 + NS_ENSURE_SUCCESS(rv, rv);
1.168 +
1.169 + rv = stream->Write32(mKeyLength);
1.170 + NS_ENSURE_SUCCESS(rv, rv);
1.171 + rv = stream->Write32(mSecretKeyLength);
1.172 + NS_ENSURE_SUCCESS(rv, rv);
1.173 + rv = stream->WriteStringZ(mCipherName.get());
1.174 + NS_ENSURE_SUCCESS(rv, rv);
1.175 +
1.176 + rv = stream->WriteBoolean(mIsDomainMismatch);
1.177 + NS_ENSURE_SUCCESS(rv, rv);
1.178 + rv = stream->WriteBoolean(mIsNotValidAtThisTime);
1.179 + NS_ENSURE_SUCCESS(rv, rv);
1.180 + rv = stream->WriteBoolean(mIsUntrusted);
1.181 + NS_ENSURE_SUCCESS(rv, rv);
1.182 +
1.183 + rv = stream->WriteBoolean(mHaveKeyLengthAndCipher);
1.184 + NS_ENSURE_SUCCESS(rv, rv);
1.185 + rv = stream->WriteBoolean(mHaveCertErrorBits);
1.186 + NS_ENSURE_SUCCESS(rv, rv);
1.187 +
1.188 + return NS_OK;
1.189 +}
1.190 +
1.191 +NS_IMETHODIMP
1.192 +nsSSLStatus::GetInterfaces(uint32_t *count, nsIID * **array)
1.193 +{
1.194 + *count = 0;
1.195 + *array = nullptr;
1.196 + return NS_OK;
1.197 +}
1.198 +
1.199 +NS_IMETHODIMP
1.200 +nsSSLStatus::GetHelperForLanguage(uint32_t language, nsISupports **_retval)
1.201 +{
1.202 + *_retval = nullptr;
1.203 + return NS_OK;
1.204 +}
1.205 +
1.206 +NS_IMETHODIMP
1.207 +nsSSLStatus::GetContractID(char * *aContractID)
1.208 +{
1.209 + *aContractID = nullptr;
1.210 + return NS_OK;
1.211 +}
1.212 +
1.213 +NS_IMETHODIMP
1.214 +nsSSLStatus::GetClassDescription(char * *aClassDescription)
1.215 +{
1.216 + *aClassDescription = nullptr;
1.217 + return NS_OK;
1.218 +}
1.219 +
1.220 +NS_IMETHODIMP
1.221 +nsSSLStatus::GetClassID(nsCID * *aClassID)
1.222 +{
1.223 + *aClassID = (nsCID*) nsMemory::Alloc(sizeof(nsCID));
1.224 + if (!*aClassID)
1.225 + return NS_ERROR_OUT_OF_MEMORY;
1.226 + return GetClassIDNoAlloc(*aClassID);
1.227 +}
1.228 +
1.229 +NS_IMETHODIMP
1.230 +nsSSLStatus::GetImplementationLanguage(uint32_t *aImplementationLanguage)
1.231 +{
1.232 + *aImplementationLanguage = nsIProgrammingLanguage::CPLUSPLUS;
1.233 + return NS_OK;
1.234 +}
1.235 +
1.236 +NS_IMETHODIMP
1.237 +nsSSLStatus::GetFlags(uint32_t *aFlags)
1.238 +{
1.239 + *aFlags = 0;
1.240 + return NS_OK;
1.241 +}
1.242 +
1.243 +static NS_DEFINE_CID(kSSLStatusCID, NS_SSLSTATUS_CID);
1.244 +
1.245 +NS_IMETHODIMP
1.246 +nsSSLStatus::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
1.247 +{
1.248 + *aClassIDNoAlloc = kSSLStatusCID;
1.249 + return NS_OK;
1.250 +}
1.251 +
1.252 +nsSSLStatus::nsSSLStatus()
1.253 +: mKeyLength(0), mSecretKeyLength(0)
1.254 +, mIsDomainMismatch(false)
1.255 +, mIsNotValidAtThisTime(false)
1.256 +, mIsUntrusted(false)
1.257 +, mHaveKeyLengthAndCipher(false)
1.258 +, mHaveCertErrorBits(false)
1.259 +{
1.260 + mCipherName = "";
1.261 +}
1.262 +
1.263 +NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
1.264 +
1.265 +nsSSLStatus::~nsSSLStatus()
1.266 +{
1.267 +}
