/src/mozilla-central/security/manager/ssl/nsNSSComponent.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef _nsNSSComponent_h_
#define _nsNSSComponent_h_

#include "nsINSSComponent.h"

#include "ScopedNSSTypes.h"
#include "SharedCertVerifier.h"
#include "mozilla/Attributes.h"
#include "mozilla/Monitor.h"
#include "mozilla/Mutex.h"
#include "mozilla/RefPtr.h"
#include "nsCOMPtr.h"
#include "nsIObserver.h"
#include "nsNSSCallbacks.h"
#include "prerror.h"
#include "sslt.h"

#ifdef XP_WIN
#include "windows.h" // this needs to be before the following includes
#include "wincrypt.h"
#endif // XP_WIN

class nsIDOMWindow;
class nsIPrompt;
class nsIX509CertList;
class SmartCardThreadList;

namespace mozilla { namespace psm {

MOZ_MUST_USE
  ::already_AddRefed<mozilla::psm::SharedCertVerifier>
  GetDefaultCertVerifier();

} } // namespace mozilla::psm

#define NS_NSSCOMPONENT_CID \
{0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}}

extern bool EnsureNSSInitializedChromeOrContent();

// Implementation of the PSM component interface.
class nsNSSComponent final : public nsINSSComponent
                           , public nsIObserver
{
public:
  // LoadLoadableRootsTask updates mLoadableRootsLoaded and
  // mLoadableRootsLoadedResult and then signals mLoadableRootsLoadedMonitor.
  friend class LoadLoadableRootsTask;

  nsNSSComponent();

  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSINSSCOMPONENT
  NS_DECL_NSIOBSERVER

  nsresult Init();

  static nsresult GetNewPrompter(nsIPrompt** result);

  static void FillTLSVersionRange(SSLVersionRange& rangeOut,
                                  uint32_t minFromPrefs,
                                  uint32_t maxFromPrefs,
                                  SSLVersionRange defaults);

protected:
  virtual ~nsNSSComponent();

private:
  nsresult InitializeNSS();
  void ShutdownNSS();

  void setValidationOptions(bool isInitialSetting,
                            const mozilla::MutexAutoLock& proofOfLock);
  nsresult setEnabledTLSVersions();
  nsresult RegisterObservers();

  void MaybeImportEnterpriseRoots();
  void ImportEnterpriseRoots();
  void UnloadEnterpriseRoots();

  void MaybeEnableFamilySafetyCompatibility(uint32_t familySafetyMode);
  void UnloadFamilySafetyRoot();

  nsresult TrustLoaded3rdPartyRoots();

#ifdef XP_WIN
  nsresult MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
                                       bool& wasFamilySafetyRoot);
  nsresult LoadFamilySafetyRoot();
#endif // XP_WIN

  // mLoadableRootsLoadedMonitor protects mLoadableRootsLoaded.
  mozilla::Monitor mLoadableRootsLoadedMonitor;
  bool mLoadableRootsLoaded;
  nsresult mLoadableRootsLoadedResult;

  // mMutex protects all members that are accessed from more than one thread.
  mozilla::Mutex mMutex;

  // The following members are accessed from more than one thread:

#ifdef DEBUG
  nsString mTestBuiltInRootHash;
#endif
  nsString mContentSigningRootHash;
  RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier;
  nsString mMitmCanaryIssuer;
  bool mMitmDetecionEnabled;
  mozilla::UniqueCERTCertList mEnterpriseRoots;
  mozilla::UniqueCERTCertificate mFamilySafetyRoot;

  // The following members are accessed only on the main thread:
  static int mInstanceCount;
  // If InitializeNSS succeeds, then we have dispatched an event to load the
  // loadable roots module on a background thread. We must wait for it to
  // complete before attempting to unload the module again in ShutdownNSS. If we
  // never dispatched the event, then we can't wait for it to complete (because
  // it will never complete) so we use this boolean to keep track of if we
  // should wait.
  bool mLoadLoadableRootsTaskDispatched;
};

inline nsresult
BlockUntilLoadableRootsLoaded()
{
  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
  if (!component) {
    return NS_ERROR_FAILURE;
  }
  return component->BlockUntilLoadableRootsLoaded();
}

inline nsresult
CheckForSmartCardChanges()
{
#ifndef MOZ_NO_SMART_CARDS
  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
  if (!component) {
    return NS_ERROR_FAILURE;
  }
  return component->CheckForSmartCardChanges();
#else
  return NS_OK;
#endif
}

#endif // _nsNSSComponent_h_

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 --
2		*
3		* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		#ifndef _nsNSSComponent_h_
8		#define _nsNSSComponent_h_
9
10		#include "nsINSSComponent.h"
11
12		#include "ScopedNSSTypes.h"
13		#include "SharedCertVerifier.h"
14		#include "mozilla/Attributes.h"
15		#include "mozilla/Monitor.h"
16		#include "mozilla/Mutex.h"
17		#include "mozilla/RefPtr.h"
18		#include "nsCOMPtr.h"
19		#include "nsIObserver.h"
20		#include "nsNSSCallbacks.h"
21		#include "prerror.h"
22		#include "sslt.h"
23
24		#ifdef XP_WIN
25		#include "windows.h" // this needs to be before the following includes
26		#include "wincrypt.h"
27		#endif // XP_WIN
28
29		class nsIDOMWindow;
30		class nsIPrompt;
31		class nsIX509CertList;
32		class SmartCardThreadList;
33
34		namespace mozilla { namespace psm {
35
36		MOZ_MUST_USE
37		::already_AddRefed<mozilla::psm::SharedCertVerifier>
38		GetDefaultCertVerifier();
39
40		} } // namespace mozilla::psm
41
42		#define NS_NSSCOMPONENT_CID \
43		{0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}}
44
45		extern bool EnsureNSSInitializedChromeOrContent();
46
47		// Implementation of the PSM component interface.
48		class nsNSSComponent final : public nsINSSComponent
49		, public nsIObserver
50		{
51		public:
52		// LoadLoadableRootsTask updates mLoadableRootsLoaded and
53		// mLoadableRootsLoadedResult and then signals mLoadableRootsLoadedMonitor.
54		friend class LoadLoadableRootsTask;
55
56		nsNSSComponent();
57
58		NS_DECL_THREADSAFE_ISUPPORTS
59		NS_DECL_NSINSSCOMPONENT
60		NS_DECL_NSIOBSERVER
61
62		nsresult Init();
63
64		static nsresult GetNewPrompter(nsIPrompt** result);
65
66		static void FillTLSVersionRange(SSLVersionRange& rangeOut,
67		uint32_t minFromPrefs,
68		uint32_t maxFromPrefs,
69		SSLVersionRange defaults);
70
71		protected:
72		virtual ~nsNSSComponent();
73
74		private:
75		nsresult InitializeNSS();
76		void ShutdownNSS();
77
78		void setValidationOptions(bool isInitialSetting,
79		const mozilla::MutexAutoLock& proofOfLock);
80		nsresult setEnabledTLSVersions();
81		nsresult RegisterObservers();
82
83		void MaybeImportEnterpriseRoots();
84		void ImportEnterpriseRoots();
85		void UnloadEnterpriseRoots();
86
87		void MaybeEnableFamilySafetyCompatibility(uint32_t familySafetyMode);
88		void UnloadFamilySafetyRoot();
89
90		nsresult TrustLoaded3rdPartyRoots();
91
92		#ifdef XP_WIN
93		nsresult MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
94		bool& wasFamilySafetyRoot);
95		nsresult LoadFamilySafetyRoot();
96		#endif // XP_WIN
97
98		// mLoadableRootsLoadedMonitor protects mLoadableRootsLoaded.
99		mozilla::Monitor mLoadableRootsLoadedMonitor;
100		bool mLoadableRootsLoaded;
101		nsresult mLoadableRootsLoadedResult;
102
103		// mMutex protects all members that are accessed from more than one thread.
104		mozilla::Mutex mMutex;
105
106		// The following members are accessed from more than one thread:
107
108		#ifdef DEBUG
109		nsString mTestBuiltInRootHash;
110		#endif
111		nsString mContentSigningRootHash;
112		RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier;
113		nsString mMitmCanaryIssuer;
114		bool mMitmDetecionEnabled;
115		mozilla::UniqueCERTCertList mEnterpriseRoots;
116		mozilla::UniqueCERTCertificate mFamilySafetyRoot;
117
118		// The following members are accessed only on the main thread:
119		static int mInstanceCount;
120		// If InitializeNSS succeeds, then we have dispatched an event to load the
121		// loadable roots module on a background thread. We must wait for it to
122		// complete before attempting to unload the module again in ShutdownNSS. If we
123		// never dispatched the event, then we can't wait for it to complete (because
124		// it will never complete) so we use this boolean to keep track of if we
125		// should wait.
126		bool mLoadLoadableRootsTaskDispatched;
127		};
128
129		inline nsresult
130		BlockUntilLoadableRootsLoaded()
131	0	{
132	0	nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
133	0	if (!component) {
134	0	return NS_ERROR_FAILURE;
135	0	}
136	0	return component->BlockUntilLoadableRootsLoaded();
137	0	}
138
139		inline nsresult
140		CheckForSmartCardChanges()
141	0	{
142	0	#ifndef MOZ_NO_SMART_CARDS
143	0	nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
144	0	if (!component) {
145	0	return NS_ERROR_FAILURE;
146	0	}
147	0	return component->CheckForSmartCardChanges();
148		#else
149		return NS_OK;
150		#endif
151		}
152
153		#endif // _nsNSSComponent_h_

Coverage Report

Created: 2018-09-25 14:53