michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: michael@0: const Cc = Components.classes; michael@0: const Ci = Components.interfaces; michael@0: const Cr = Components.results; michael@0: michael@0: Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); michael@0: Components.utils.import("resource://gre/modules/Services.jsm"); michael@0: michael@0: function LoginManagerCrypto_SDR() { michael@0: this.init(); michael@0: }; michael@0: michael@0: LoginManagerCrypto_SDR.prototype = { michael@0: michael@0: classID : Components.ID("{dc6c2976-0f73-4f1f-b9ff-3d72b4e28309}"), michael@0: QueryInterface : XPCOMUtils.generateQI([Ci.nsILoginManagerCrypto]), michael@0: michael@0: __sdrSlot : null, // PKCS#11 slot being used by the SDR. michael@0: get _sdrSlot() { michael@0: if (!this.__sdrSlot) { michael@0: let modules = Cc["@mozilla.org/security/pkcs11moduledb;1"]. michael@0: getService(Ci.nsIPKCS11ModuleDB); michael@0: this.__sdrSlot = modules.findSlotByName(""); michael@0: } michael@0: return this.__sdrSlot; michael@0: }, michael@0: michael@0: __decoderRing : null, // nsSecretDecoderRing service michael@0: get _decoderRing() { michael@0: if (!this.__decoderRing) michael@0: this.__decoderRing = Cc["@mozilla.org/security/sdr;1"]. michael@0: getService(Ci.nsISecretDecoderRing); michael@0: return this.__decoderRing; michael@0: }, michael@0: michael@0: __utfConverter : null, // UCS2 <--> UTF8 string conversion michael@0: get _utfConverter() { michael@0: if (!this.__utfConverter) { michael@0: this.__utfConverter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]. michael@0: createInstance(Ci.nsIScriptableUnicodeConverter); michael@0: this.__utfConverter.charset = "UTF-8"; michael@0: } michael@0: return this.__utfConverter; michael@0: }, michael@0: michael@0: _utfConverterReset : function() { michael@0: this.__utfConverter = null; michael@0: }, michael@0: michael@0: _debug : false, // mirrors signon.debug michael@0: _uiBusy : false, michael@0: michael@0: michael@0: /* michael@0: * log michael@0: * michael@0: * Internal function for logging debug messages to the Error Console. michael@0: */ michael@0: log : function (message) { michael@0: if (!this._debug) michael@0: return; michael@0: dump("PwMgr cryptoSDR: " + message + "\n"); michael@0: Services.console.logStringMessage("PwMgr cryptoSDR: " + message); michael@0: }, michael@0: michael@0: michael@0: init : function () { michael@0: // Connect to the correct preferences branch. michael@0: this._prefBranch = Services.prefs.getBranch("signon."); michael@0: michael@0: this._debug = this._prefBranch.getBoolPref("debug"); michael@0: michael@0: // Check to see if the internal PKCS#11 token has been initialized. michael@0: // If not, set a blank password. michael@0: let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]. michael@0: getService(Ci.nsIPK11TokenDB); michael@0: michael@0: let token = tokenDB.getInternalKeyToken(); michael@0: if (token.needsUserInit) { michael@0: this.log("Initializing key3.db with default blank password."); michael@0: token.initPassword(""); michael@0: } michael@0: }, michael@0: michael@0: michael@0: /* michael@0: * encrypt michael@0: * michael@0: * Encrypts the specified string, using the SecretDecoderRing. michael@0: * michael@0: * Returns the encrypted string, or throws an exception if there was a michael@0: * problem. michael@0: */ michael@0: encrypt : function (plainText) { michael@0: let cipherText = null; michael@0: michael@0: let wasLoggedIn = this.isLoggedIn; michael@0: let canceledMP = false; michael@0: michael@0: this._uiBusy = true; michael@0: try { michael@0: let plainOctet = this._utfConverter.ConvertFromUnicode(plainText); michael@0: plainOctet += this._utfConverter.Finish(); michael@0: cipherText = this._decoderRing.encryptString(plainOctet); michael@0: } catch (e) { michael@0: this.log("Failed to encrypt string. (" + e.name + ")"); michael@0: // If the user clicks Cancel, we get NS_ERROR_FAILURE. michael@0: // (unlike decrypting, which gets NS_ERROR_NOT_AVAILABLE). michael@0: if (e.result == Cr.NS_ERROR_FAILURE) { michael@0: canceledMP = true; michael@0: throw Components.Exception("User canceled master password entry", Cr.NS_ERROR_ABORT); michael@0: } else { michael@0: throw Components.Exception("Couldn't encrypt string", Cr.NS_ERROR_FAILURE); michael@0: } michael@0: } finally { michael@0: this._uiBusy = false; michael@0: // If we triggered a master password prompt, notify observers. michael@0: if (!wasLoggedIn && this.isLoggedIn) michael@0: this._notifyObservers("passwordmgr-crypto-login"); michael@0: else if (canceledMP) michael@0: this._notifyObservers("passwordmgr-crypto-loginCanceled"); michael@0: } michael@0: return cipherText; michael@0: }, michael@0: michael@0: michael@0: /* michael@0: * decrypt michael@0: * michael@0: * Decrypts the specified string, using the SecretDecoderRing. michael@0: * michael@0: * Returns the decrypted string, or throws an exception if there was a michael@0: * problem. michael@0: */ michael@0: decrypt : function (cipherText) { michael@0: let plainText = null; michael@0: michael@0: let wasLoggedIn = this.isLoggedIn; michael@0: let canceledMP = false; michael@0: michael@0: this._uiBusy = true; michael@0: try { michael@0: let plainOctet; michael@0: plainOctet = this._decoderRing.decryptString(cipherText); michael@0: plainText = this._utfConverter.ConvertToUnicode(plainOctet); michael@0: } catch (e) { michael@0: this.log("Failed to decrypt string: " + cipherText + michael@0: " (" + e.name + ")"); michael@0: michael@0: // In the unlikely event the converter threw, reset it. michael@0: this._utfConverterReset(); michael@0: michael@0: // If the user clicks Cancel, we get NS_ERROR_NOT_AVAILABLE. michael@0: // If the cipherText is bad / wrong key, we get NS_ERROR_FAILURE michael@0: // Wrong passwords are handled by the decoderRing reprompting; michael@0: // we get no notification. michael@0: if (e.result == Cr.NS_ERROR_NOT_AVAILABLE) { michael@0: canceledMP = true; michael@0: throw Components.Exception("User canceled master password entry", Cr.NS_ERROR_ABORT); michael@0: } else { michael@0: throw Components.Exception("Couldn't decrypt string", Cr.NS_ERROR_FAILURE); michael@0: } michael@0: } finally { michael@0: this._uiBusy = false; michael@0: // If we triggered a master password prompt, notify observers. michael@0: if (!wasLoggedIn && this.isLoggedIn) michael@0: this._notifyObservers("passwordmgr-crypto-login"); michael@0: else if (canceledMP) michael@0: this._notifyObservers("passwordmgr-crypto-loginCanceled"); michael@0: } michael@0: michael@0: return plainText; michael@0: }, michael@0: michael@0: michael@0: /* michael@0: * uiBusy michael@0: */ michael@0: get uiBusy() { michael@0: return this._uiBusy; michael@0: }, michael@0: michael@0: michael@0: /* michael@0: * isLoggedIn michael@0: */ michael@0: get isLoggedIn() { michael@0: let status = this._sdrSlot.status; michael@0: this.log("SDR slot status is " + status); michael@0: if (status == Ci.nsIPKCS11Slot.SLOT_READY || michael@0: status == Ci.nsIPKCS11Slot.SLOT_LOGGED_IN) michael@0: return true; michael@0: if (status == Ci.nsIPKCS11Slot.SLOT_NOT_LOGGED_IN) michael@0: return false; michael@0: throw Components.Exception("unexpected slot status: " + status, Cr.NS_ERROR_FAILURE); michael@0: }, michael@0: michael@0: michael@0: /* michael@0: * defaultEncType michael@0: */ michael@0: get defaultEncType() { michael@0: return Ci.nsILoginManagerCrypto.ENCTYPE_SDR; michael@0: }, michael@0: michael@0: michael@0: /* michael@0: * _notifyObservers michael@0: */ michael@0: _notifyObservers : function(topic) { michael@0: this.log("Prompted for a master password, notifying for " + topic); michael@0: Services.obs.notifyObservers(null, topic, null); michael@0: }, michael@0: }; // end of nsLoginManagerCrypto_SDR implementation michael@0: michael@0: let component = [LoginManagerCrypto_SDR]; michael@0: this.NSGetFactory = XPCOMUtils.generateNSGetFactory(component);