1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2  *
3  * This Source Code Form is subject to the terms of the Mozilla Public
4  * License, v. 2.0. If a copy of the MPL was not distributed with this
5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 
7 #ifndef TransportSecurityInfo_h
8 #define TransportSecurityInfo_h
9 
10 #include "ScopedNSSTypes.h"
11 #include "certt.h"
12 #include "mozilla/BasePrincipal.h"
13 #include "mozilla/Mutex.h"
14 #include "mozilla/RefPtr.h"
15 #include "nsDataHashtable.h"
16 #include "nsIAssociatedContentSecurity.h"
17 #include "nsIInterfaceRequestor.h"
18 #include "nsISSLStatusProvider.h"
19 #include "nsITransportSecurityInfo.h"
20 #include "nsNSSShutDown.h"
21 #include "nsSSLStatus.h"
22 #include "pkix/pkixtypes.h"
23 
24 namespace mozilla { namespace psm {
25 
26 enum SSLErrorMessageType {
27   OverridableCertErrorMessage  = 1, // for *overridable* certificate errors
28   PlainErrorMessage = 2             // all other errors (or "no error")
29 };
30 
31 class TransportSecurityInfo : public nsITransportSecurityInfo,
32                               public nsIInterfaceRequestor,
33                               public nsISSLStatusProvider,
34                               public nsIAssociatedContentSecurity,
35                               public nsISerializable,
36                               public nsIClassInfo,
37                               public nsNSSShutDownObject,
38                               public nsOnPK11LogoutCancelObject
39 {
40 protected:
41   virtual ~TransportSecurityInfo();
42 public:
43   TransportSecurityInfo();
44 
45   NS_DECL_THREADSAFE_ISUPPORTS
46   NS_DECL_NSITRANSPORTSECURITYINFO
47   NS_DECL_NSIINTERFACEREQUESTOR
48   NS_DECL_NSISSLSTATUSPROVIDER
49   NS_DECL_NSIASSOCIATEDCONTENTSECURITY
50   NS_DECL_NSISERIALIZABLE
51   NS_DECL_NSICLASSINFO
52 
53   nsresult SetSecurityState(uint32_t aState);
54   nsresult SetShortSecurityDescription(const char16_t *aText);
55 
GetHostName()56   const nsACString & GetHostName() const { return mHostName; }
GetHostNameRaw()57   const char * GetHostNameRaw() const { return mHostName.get(); }
58 
59   nsresult GetHostName(char **aHostName);
60   nsresult SetHostName(const char *aHostName);
61 
GetPort()62   int32_t GetPort() const { return mPort; }
63   nsresult GetPort(int32_t *aPort);
64   nsresult SetPort(int32_t aPort);
65 
GetOriginAttributes()66   const NeckoOriginAttributes& GetOriginAttributes() const {
67     return mOriginAttributes;
68   }
69   nsresult SetOriginAttributes(const NeckoOriginAttributes& aOriginAttributes);
70 
71   PRErrorCode GetErrorCode() const;
72 
73   void GetErrorLogMessage(PRErrorCode errorCode,
74                           ::mozilla::psm::SSLErrorMessageType errorMessageType,
75                           nsString &result);
76 
77   void SetCanceled(PRErrorCode errorCode,
78                    ::mozilla::psm::SSLErrorMessageType errorMessageType);
79 
80   /* Set SSL Status values */
81   nsresult SetSSLStatus(nsSSLStatus *aSSLStatus);
SSLStatus()82   nsSSLStatus* SSLStatus() { return mSSLStatus; }
83   void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors);
84 
85   nsresult SetFailedCertChain(UniqueCERTCertList certList);
86 
87 private:
88   mutable ::mozilla::Mutex mMutex;
89 
90 protected:
91   nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
92 
93 private:
94   uint32_t mSecurityState;
95   int32_t mSubRequestsBrokenSecurity;
96   int32_t mSubRequestsNoSecurity;
97 
98   PRErrorCode mErrorCode;
99   ::mozilla::psm::SSLErrorMessageType mErrorMessageType;
100   nsString mErrorMessageCached;
101   nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock,
102                               PRErrorCode errorCode,
103                               ::mozilla::psm::SSLErrorMessageType errorMessageType,
104                               bool wantsHtml, bool suppressPort443,
105                               nsString &result);
106 
107   int32_t mPort;
108   nsXPIDLCString mHostName;
109   NeckoOriginAttributes mOriginAttributes;
110 
111   /* SSL Status */
112   RefPtr<nsSSLStatus> mSSLStatus;
113 
114   /* Peer cert chain for failed connections (for error reporting) */
115   nsCOMPtr<nsIX509CertList> mFailedCertChain;
116 
117   virtual void virtualDestroyNSSReference() override;
118   void destructorSafeDestroyNSSReference();
119 };
120 
121 class RememberCertErrorsTable
122 {
123 private:
124   RememberCertErrorsTable();
125 
126   struct CertStateBits
127   {
128     bool mIsDomainMismatch;
129     bool mIsNotValidAtThisTime;
130     bool mIsUntrusted;
131   };
132   nsDataHashtable<nsCStringHashKey, CertStateBits> mErrorHosts;
133 
134 public:
135   void RememberCertHasError(TransportSecurityInfo * infoobject,
136                             nsSSLStatus * status,
137                             SECStatus certVerificationResult);
138   void LookupCertErrorBits(TransportSecurityInfo * infoObject,
139                            nsSSLStatus* status);
140 
Init()141   static nsresult Init()
142   {
143     sInstance = new RememberCertErrorsTable();
144     return NS_OK;
145   }
146 
GetInstance()147   static RememberCertErrorsTable & GetInstance()
148   {
149     MOZ_ASSERT(sInstance);
150     return *sInstance;
151   }
152 
Cleanup()153   static void Cleanup()
154   {
155     delete sInstance;
156     sInstance = nullptr;
157   }
158 private:
159   Mutex mMutex;
160 
161   static RememberCertErrorsTable * sInstance;
162 };
163 
164 } } // namespace mozilla::psm
165 
166 // 16786594-0296-4471-8096-8f84497ca428
167 #define TRANSPORTSECURITYINFO_CID \
168 { 0x16786594, 0x0296, 0x4471, \
169     { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }
170 
171 #endif // TransportSecurityInfo_h
172