The Tor Browser: security/manager/ssl/src/NSSErrorsService.cpp@6474c204b198

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

     1 /* This Source Code Form is subject to the terms of the Mozilla Public

     2  * License, v. 2.0. If a copy of the MPL was not distributed with this

     3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

     5 #include "NSSErrorsService.h"

     7 #include "nsNSSComponent.h"

     8 #include "nsServiceManagerUtils.h"

     9 #include "secerr.h"

    10 #include "sslerr.h"

    12 #define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"

    13 #define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties"

    15 namespace mozilla {

    16 namespace psm {

    18 NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService)

    20 nsresult

    21 NSSErrorsService::Init()

    22 {

    23   nsresult rv;

    24   nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));

    25   if (NS_FAILED(rv) || !bundleService)

    26     return NS_ERROR_FAILURE;

    28   bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL,

    29                               getter_AddRefs(mPIPNSSBundle));

    30   if (!mPIPNSSBundle)

    31     rv = NS_ERROR_FAILURE;

    33   bundleService->CreateBundle(NSSERR_STRBUNDLE_URL,

    34                               getter_AddRefs(mNSSErrorsBundle));

    35   if (!mNSSErrorsBundle)

    36     rv = NS_ERROR_FAILURE;

    38   return rv;

    39 }

    41 #define EXPECTED_SEC_ERROR_BASE (-0x2000)

    42 #define EXPECTED_SSL_ERROR_BASE (-0x3000)

    44 #if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE

    45 #error "Unexpected change of error code numbers in lib NSS, please adjust the mapping code"

    46 /*

    47  * Please ensure the NSS error codes are mapped into the positive range 0x1000 to 0xf000

    48  * Search for NS_ERROR_MODULE_SECURITY to ensure there are no conflicts.

    49  * The current code also assumes that NSS library error codes are negative.

    50  */

    51 #endif

    53 NS_IMETHODIMP

    54 NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool *_retval)

    55 {

    56   if (!_retval)

    57     return NS_ERROR_FAILURE;

    59   *_retval = IS_SEC_ERROR(aNSPRCode) || IS_SSL_ERROR(aNSPRCode);

    60   return NS_OK;

    61 }

    63 NS_IMETHODIMP

    64 NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode, nsresult *aXPCOMErrorCode)

    65 {

    66   if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode))

    67     return NS_ERROR_FAILURE;

    69   if (!aXPCOMErrorCode)

    70     return NS_ERROR_INVALID_ARG;

    72   // The error codes within each module may be a 16 bit value.

    73   // For simplicity let's use the positive value of the NSS code.

    74   // XXX Don't make up nsresults, it's supposed to be an enum (bug 778113)

    76   *aXPCOMErrorCode =

    77     (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY,

    78                                         -1 * aNSPRCode);

    79   return NS_OK;

    80 }

    82 NS_IMETHODIMP

    83 NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode, uint32_t *aErrorClass)

    84 {

    85   NS_ENSURE_ARG(aErrorClass);

    87   if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY

    88       || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR)

    89     return NS_ERROR_FAILURE;

    91   int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);

    93   if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode))

    94     return NS_ERROR_FAILURE;

    96   switch (aNSPRCode)

    97   {

    98     // Overridable errors.

    99     case SEC_ERROR_UNKNOWN_ISSUER:

   100     case SEC_ERROR_UNTRUSTED_ISSUER:

   101     case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:

   102     case SEC_ERROR_UNTRUSTED_CERT:

   103     case SSL_ERROR_BAD_CERT_DOMAIN:

   104     case SEC_ERROR_EXPIRED_CERTIFICATE:

   105     case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:

   106     case SEC_ERROR_CA_CERT_INVALID:

   107       *aErrorClass = ERROR_CLASS_BAD_CERT;

   108       break;

   109     // Non-overridable errors.

   110     default:

   111       *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;

   112       break;

   113   }

   114   return NS_OK;

   115 }

   117 NS_IMETHODIMP

   118 NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode, nsAString &aErrorMessage)

   119 {

   120   if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY

   121       || NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR)

   122     return NS_ERROR_FAILURE;

   124   int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);

   126   if (!IS_SEC_ERROR(aNSPRCode) && !IS_SSL_ERROR(aNSPRCode))

   127     return NS_ERROR_FAILURE;

   129   nsCOMPtr<nsIStringBundle> theBundle = mPIPNSSBundle;

   130   const char *id_str = nsNSSErrors::getOverrideErrorStringName(aNSPRCode);

   132   if (!id_str) {

   133     id_str = nsNSSErrors::getDefaultErrorStringName(aNSPRCode);

   134     theBundle = mNSSErrorsBundle;

   135   }

   137   if (!id_str || !theBundle)

   138     return NS_ERROR_FAILURE;

   140   nsAutoString msg;

   141   nsresult rv =

   142     theBundle->GetStringFromName(NS_ConvertASCIItoUTF16(id_str).get(),

   143                                  getter_Copies(msg));

   144   if (NS_SUCCEEDED(rv)) {

   145     aErrorMessage = msg;

   146   }

   147   return rv;

   148 }

   150 } // psm

   151 } // mozilla

The Tor Browser / file revision