1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- 2 * 3 * This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef TransportSecurityInfo_h 8 #define TransportSecurityInfo_h 9 10 #include "ScopedNSSTypes.h" 11 #include "certt.h" 12 #include "mozilla/BasePrincipal.h" 13 #include "mozilla/Mutex.h" 14 #include "mozilla/RefPtr.h" 15 #include "nsDataHashtable.h" 16 #include "nsIAssociatedContentSecurity.h" 17 #include "nsIInterfaceRequestor.h" 18 #include "nsISSLStatusProvider.h" 19 #include "nsITransportSecurityInfo.h" 20 #include "nsNSSShutDown.h" 21 #include "nsSSLStatus.h" 22 #include "pkix/pkixtypes.h" 23 24 namespace mozilla { namespace psm { 25 26 enum SSLErrorMessageType { 27 OverridableCertErrorMessage = 1, // for *overridable* certificate errors 28 PlainErrorMessage = 2 // all other errors (or "no error") 29 }; 30 31 class TransportSecurityInfo : public nsITransportSecurityInfo, 32 public nsIInterfaceRequestor, 33 public nsISSLStatusProvider, 34 public nsIAssociatedContentSecurity, 35 public nsISerializable, 36 public nsIClassInfo, 37 public nsNSSShutDownObject, 38 public nsOnPK11LogoutCancelObject 39 { 40 protected: 41 virtual ~TransportSecurityInfo(); 42 public: 43 TransportSecurityInfo(); 44 45 NS_DECL_THREADSAFE_ISUPPORTS 46 NS_DECL_NSITRANSPORTSECURITYINFO 47 NS_DECL_NSIINTERFACEREQUESTOR 48 NS_DECL_NSISSLSTATUSPROVIDER 49 NS_DECL_NSIASSOCIATEDCONTENTSECURITY 50 NS_DECL_NSISERIALIZABLE 51 NS_DECL_NSICLASSINFO 52 53 nsresult SetSecurityState(uint32_t aState); 54 nsresult SetShortSecurityDescription(const char16_t *aText); 55 GetHostName()56 const nsACString & GetHostName() const { return mHostName; } GetHostNameRaw()57 const char * GetHostNameRaw() const { return mHostName.get(); } 58 59 nsresult GetHostName(char **aHostName); 60 nsresult SetHostName(const char *aHostName); 61 GetPort()62 int32_t GetPort() const { return mPort; } 63 nsresult GetPort(int32_t *aPort); 64 nsresult SetPort(int32_t aPort); 65 GetOriginAttributes()66 const NeckoOriginAttributes& GetOriginAttributes() const { 67 return mOriginAttributes; 68 } 69 nsresult SetOriginAttributes(const NeckoOriginAttributes& aOriginAttributes); 70 71 PRErrorCode GetErrorCode() const; 72 73 void GetErrorLogMessage(PRErrorCode errorCode, 74 ::mozilla::psm::SSLErrorMessageType errorMessageType, 75 nsString &result); 76 77 void SetCanceled(PRErrorCode errorCode, 78 ::mozilla::psm::SSLErrorMessageType errorMessageType); 79 80 /* Set SSL Status values */ 81 nsresult SetSSLStatus(nsSSLStatus *aSSLStatus); SSLStatus()82 nsSSLStatus* SSLStatus() { return mSSLStatus; } 83 void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors); 84 85 nsresult SetFailedCertChain(UniqueCERTCertList certList); 86 87 private: 88 mutable ::mozilla::Mutex mMutex; 89 90 protected: 91 nsCOMPtr<nsIInterfaceRequestor> mCallbacks; 92 93 private: 94 uint32_t mSecurityState; 95 int32_t mSubRequestsBrokenSecurity; 96 int32_t mSubRequestsNoSecurity; 97 98 PRErrorCode mErrorCode; 99 ::mozilla::psm::SSLErrorMessageType mErrorMessageType; 100 nsString mErrorMessageCached; 101 nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock, 102 PRErrorCode errorCode, 103 ::mozilla::psm::SSLErrorMessageType errorMessageType, 104 bool wantsHtml, bool suppressPort443, 105 nsString &result); 106 107 int32_t mPort; 108 nsXPIDLCString mHostName; 109 NeckoOriginAttributes mOriginAttributes; 110 111 /* SSL Status */ 112 RefPtr<nsSSLStatus> mSSLStatus; 113 114 /* Peer cert chain for failed connections (for error reporting) */ 115 nsCOMPtr<nsIX509CertList> mFailedCertChain; 116 117 virtual void virtualDestroyNSSReference() override; 118 void destructorSafeDestroyNSSReference(); 119 }; 120 121 class RememberCertErrorsTable 122 { 123 private: 124 RememberCertErrorsTable(); 125 126 struct CertStateBits 127 { 128 bool mIsDomainMismatch; 129 bool mIsNotValidAtThisTime; 130 bool mIsUntrusted; 131 }; 132 nsDataHashtable<nsCStringHashKey, CertStateBits> mErrorHosts; 133 134 public: 135 void RememberCertHasError(TransportSecurityInfo * infoobject, 136 nsSSLStatus * status, 137 SECStatus certVerificationResult); 138 void LookupCertErrorBits(TransportSecurityInfo * infoObject, 139 nsSSLStatus* status); 140 Init()141 static nsresult Init() 142 { 143 sInstance = new RememberCertErrorsTable(); 144 return NS_OK; 145 } 146 GetInstance()147 static RememberCertErrorsTable & GetInstance() 148 { 149 MOZ_ASSERT(sInstance); 150 return *sInstance; 151 } 152 Cleanup()153 static void Cleanup() 154 { 155 delete sInstance; 156 sInstance = nullptr; 157 } 158 private: 159 Mutex mMutex; 160 161 static RememberCertErrorsTable * sInstance; 162 }; 163 164 } } // namespace mozilla::psm 165 166 // 16786594-0296-4471-8096-8f84497ca428 167 #define TRANSPORTSECURITYINFO_CID \ 168 { 0x16786594, 0x0296, 0x4471, \ 169 { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } } 170 171 #endif // TransportSecurityInfo_h 172