|
Packit |
f0b94e |
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
Packit |
f0b94e |
*
|
|
Packit |
f0b94e |
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
f0b94e |
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
f0b94e |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
#include "CTVerifyResult.h"
|
|
Packit |
f0b94e |
#include "mozilla/Casting.h"
|
|
Packit |
f0b94e |
#include "nsSSLStatus.h"
|
|
Packit |
f0b94e |
#include "nsIClassInfoImpl.h"
|
|
Packit |
f0b94e |
#include "nsIObjectOutputStream.h"
|
|
Packit |
f0b94e |
#include "nsIObjectInputStream.h"
|
|
Packit |
f0b94e |
#include "nsNSSCertificate.h"
|
|
Packit |
f0b94e |
#include "ssl.h"
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetServerCert(nsIX509Cert** aServerCert) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aServerCert);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
nsCOMPtr<nsIX509Cert> cert = mServerCert;
|
|
Packit |
f0b94e |
cert.forget(aServerCert);
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetKeyLength(uint32_t* aKeyLength) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aKeyLength);
|
|
Packit |
f0b94e |
if (!mHaveCipherSuiteAndProtocol) {
|
|
Packit |
f0b94e |
return NS_ERROR_NOT_AVAILABLE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
SSLCipherSuiteInfo cipherInfo;
|
|
Packit |
f0b94e |
if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, sizeof(cipherInfo)) !=
|
|
Packit |
f0b94e |
SECSuccess) {
|
|
Packit |
f0b94e |
return NS_ERROR_FAILURE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
*aKeyLength = cipherInfo.symKeyBits;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetSecretKeyLength(uint32_t* aSecretKeyLength) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aSecretKeyLength);
|
|
Packit |
f0b94e |
if (!mHaveCipherSuiteAndProtocol) {
|
|
Packit |
f0b94e |
return NS_ERROR_NOT_AVAILABLE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
SSLCipherSuiteInfo cipherInfo;
|
|
Packit |
f0b94e |
if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, sizeof(cipherInfo)) !=
|
|
Packit |
f0b94e |
SECSuccess) {
|
|
Packit |
f0b94e |
return NS_ERROR_FAILURE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
*aSecretKeyLength = cipherInfo.effectiveKeyBits;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetCipherName(nsACString& aCipherName) {
|
|
Packit |
f0b94e |
if (!mHaveCipherSuiteAndProtocol) {
|
|
Packit |
f0b94e |
return NS_ERROR_NOT_AVAILABLE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
SSLCipherSuiteInfo cipherInfo;
|
|
Packit |
f0b94e |
if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo, sizeof(cipherInfo)) !=
|
|
Packit |
f0b94e |
SECSuccess) {
|
|
Packit |
f0b94e |
return NS_ERROR_FAILURE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
aCipherName.Assign(cipherInfo.cipherSuiteName);
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetKeaGroupName(nsACString& aKeaGroup) {
|
|
Packit |
f0b94e |
if (!mHaveCipherSuiteAndProtocol) {
|
|
Packit |
f0b94e |
return NS_ERROR_NOT_AVAILABLE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
aKeaGroup.Assign(mKeaGroup);
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetSignatureSchemeName(nsACString& aSignatureScheme) {
|
|
Packit |
f0b94e |
if (!mHaveCipherSuiteAndProtocol) {
|
|
Packit |
f0b94e |
return NS_ERROR_NOT_AVAILABLE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
aSignatureScheme.Assign(mSignatureSchemeName);
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetProtocolVersion(uint16_t* aProtocolVersion) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aProtocolVersion);
|
|
Packit |
f0b94e |
if (!mHaveCipherSuiteAndProtocol) {
|
|
Packit |
f0b94e |
return NS_ERROR_NOT_AVAILABLE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
*aProtocolVersion = mProtocolVersion;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetCertificateTransparencyStatus(
|
|
Packit |
f0b94e |
uint16_t* aCertificateTransparencyStatus) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aCertificateTransparencyStatus);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
*aCertificateTransparencyStatus = mCertificateTransparencyStatus;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetIsDomainMismatch(bool* aIsDomainMismatch) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aIsDomainMismatch);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
*aIsDomainMismatch = mHaveCertErrorBits && mIsDomainMismatch;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetIsNotValidAtThisTime(bool* aIsNotValidAtThisTime) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aIsNotValidAtThisTime);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
*aIsNotValidAtThisTime = mHaveCertErrorBits && mIsNotValidAtThisTime;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetIsUntrusted(bool* aIsUntrusted) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aIsUntrusted);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
*aIsUntrusted = mHaveCertErrorBits && mIsUntrusted;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetIsExtendedValidation(bool* aIsEV) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(aIsEV);
|
|
Packit |
f0b94e |
*aIsEV = false;
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// Never allow bad certs for EV, regardless of overrides.
|
|
Packit |
f0b94e |
if (mHaveCertErrorBits) {
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
if (mHasIsEVStatus) {
|
|
Packit |
f0b94e |
*aIsEV = mIsEV;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
return NS_ERROR_NOT_AVAILABLE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::Read(nsIObjectInputStream* aStream) {
|
|
Packit |
f0b94e |
nsCOMPtr<nsISupports> cert;
|
|
Packit |
f0b94e |
nsresult rv = aStream->ReadObject(true, getter_AddRefs(cert));
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
mServerCert = do_QueryInterface(cert);
|
|
Packit |
f0b94e |
if (!mServerCert) {
|
|
Packit |
f0b94e |
return NS_NOINTERFACE;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->Read16(&mCipherSuite);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// The code below is a workaround to allow serializing new fields
|
|
Packit |
f0b94e |
// while preserving binary compatibility with older streams. For more details
|
|
Packit |
f0b94e |
// on the binary compatibility requirement, refer to bug 1248628.
|
|
Packit |
f0b94e |
// Here, we take advantage of the fact that mProtocolVersion was originally
|
|
Packit |
f0b94e |
// stored as a 16 bits integer, but the highest 8 bits were never used.
|
|
Packit |
f0b94e |
// These bits are now used for stream versioning.
|
|
Packit |
f0b94e |
uint16_t protocolVersionAndStreamFormatVersion;
|
|
Packit |
f0b94e |
rv = aStream->Read16(&protocolVersionAndStreamFormatVersion);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
mProtocolVersion = protocolVersionAndStreamFormatVersion & 0xFF;
|
|
Packit |
f0b94e |
const uint8_t streamFormatVersion =
|
|
Packit |
f0b94e |
(protocolVersionAndStreamFormatVersion >> 8) & 0xFF;
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->ReadBoolean(&mIsDomainMismatch);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->ReadBoolean(&mIsNotValidAtThisTime);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->ReadBoolean(&mIsUntrusted);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->ReadBoolean(&mIsEV);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->ReadBoolean(&mHasIsEVStatus);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->ReadBoolean(&mHaveCipherSuiteAndProtocol);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->ReadBoolean(&mHaveCertErrorBits);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// Added in version 1 (see bug 1305289).
|
|
Packit |
f0b94e |
if (streamFormatVersion >= 1) {
|
|
Packit |
f0b94e |
rv = aStream->Read16(&mCertificateTransparencyStatus);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// Added in version 2 (see bug 1304923).
|
|
Packit |
f0b94e |
if (streamFormatVersion >= 2) {
|
|
Packit |
f0b94e |
rv = aStream->ReadCString(mKeaGroup);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->ReadCString(mSignatureSchemeName);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// Added in version 3 (see bug 1406856).
|
|
Packit |
f0b94e |
if (streamFormatVersion >= 3) {
|
|
Packit |
f0b94e |
nsCOMPtr<nsISupports> succeededCertChainSupports;
|
|
Packit |
f0b94e |
rv = NS_ReadOptionalObject(aStream, true,
|
|
Packit |
f0b94e |
getter_AddRefs(succeededCertChainSupports));
|
|
Packit |
f0b94e |
if (NS_FAILED(rv)) {
|
|
Packit |
f0b94e |
return rv;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
mSucceededCertChain = do_QueryInterface(succeededCertChainSupports);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
nsCOMPtr<nsISupports> failedCertChainSupports;
|
|
Packit |
f0b94e |
rv = NS_ReadOptionalObject(aStream, true,
|
|
Packit |
f0b94e |
getter_AddRefs(failedCertChainSupports));
|
|
Packit |
f0b94e |
if (NS_FAILED(rv)) {
|
|
Packit |
f0b94e |
return rv;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
mFailedCertChain = do_QueryInterface(failedCertChainSupports);
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::Write(nsIObjectOutputStream* aStream) {
|
|
Packit |
f0b94e |
// The current version of the binary stream format.
|
|
Packit |
f0b94e |
const uint8_t STREAM_FORMAT_VERSION = 3;
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
nsresult rv =
|
|
Packit |
f0b94e |
aStream->WriteCompoundObject(mServerCert, NS_GET_IID(nsIX509Cert), true);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->Write16(mCipherSuite);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
uint16_t protocolVersionAndStreamFormatVersion =
|
|
Packit |
f0b94e |
mozilla::AssertedCast<uint8_t>(mProtocolVersion) |
|
|
Packit |
f0b94e |
(STREAM_FORMAT_VERSION << 8);
|
|
Packit |
f0b94e |
rv = aStream->Write16(protocolVersionAndStreamFormatVersion);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->WriteBoolean(mIsDomainMismatch);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->WriteBoolean(mIsNotValidAtThisTime);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->WriteBoolean(mIsUntrusted);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->WriteBoolean(mIsEV);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->WriteBoolean(mHasIsEVStatus);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->WriteBoolean(mHaveCipherSuiteAndProtocol);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
rv = aStream->WriteBoolean(mHaveCertErrorBits);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// Added in version 1.
|
|
Packit |
f0b94e |
rv = aStream->Write16(mCertificateTransparencyStatus);
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// Added in version 2.
|
|
Packit |
f0b94e |
rv = aStream->WriteStringZ(mKeaGroup.get());
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = aStream->WriteStringZ(mSignatureSchemeName.get());
|
|
Packit |
f0b94e |
NS_ENSURE_SUCCESS(rv, rv);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
// Added in version 3.
|
|
Packit |
f0b94e |
rv = NS_WriteOptionalCompoundObject(aStream, mSucceededCertChain,
|
|
Packit |
f0b94e |
NS_GET_IID(nsIX509CertList), true);
|
|
Packit |
f0b94e |
if (NS_FAILED(rv)) {
|
|
Packit |
f0b94e |
return rv;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
rv = NS_WriteOptionalCompoundObject(aStream, mFailedCertChain,
|
|
Packit |
f0b94e |
NS_GET_IID(nsIX509CertList), true);
|
|
Packit |
f0b94e |
if (NS_FAILED(rv)) {
|
|
Packit |
f0b94e |
return rv;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetInterfaces(uint32_t* aCount, nsIID*** aArray) {
|
|
Packit |
f0b94e |
*aCount = 0;
|
|
Packit |
f0b94e |
*aArray = nullptr;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetScriptableHelper(nsIXPCScriptable** aHelper) {
|
|
Packit |
f0b94e |
*aHelper = nullptr;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetContractID(nsACString& aContractID) {
|
|
Packit |
f0b94e |
aContractID.SetIsVoid(true);
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetClassDescription(nsACString& aClassDescription) {
|
|
Packit |
f0b94e |
aClassDescription.SetIsVoid(true);
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetClassID(nsCID** aClassID) {
|
|
Packit |
f0b94e |
*aClassID = (nsCID*)moz_xmalloc(sizeof(nsCID));
|
|
Packit |
f0b94e |
if (!*aClassID) {
|
|
Packit |
f0b94e |
return NS_ERROR_OUT_OF_MEMORY;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
return GetClassIDNoAlloc(*aClassID);
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetFlags(uint32_t* aFlags) {
|
|
Packit |
f0b94e |
*aFlags = 0;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
static NS_DEFINE_CID(kSSLStatusCID, NS_SSLSTATUS_CID);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) {
|
|
Packit |
f0b94e |
*aClassIDNoAlloc = kSSLStatusCID;
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
nsSSLStatus::nsSSLStatus()
|
|
Packit |
f0b94e |
: mCipherSuite(0),
|
|
Packit |
f0b94e |
mProtocolVersion(0),
|
|
Packit |
f0b94e |
mCertificateTransparencyStatus(
|
|
Packit |
f0b94e |
nsISSLStatus::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE),
|
|
Packit |
f0b94e |
mKeaGroup(),
|
|
Packit |
f0b94e |
mSignatureSchemeName(),
|
|
Packit |
f0b94e |
mIsDomainMismatch(false),
|
|
Packit |
f0b94e |
mIsNotValidAtThisTime(false),
|
|
Packit |
f0b94e |
mIsUntrusted(false),
|
|
Packit |
f0b94e |
mIsEV(false),
|
|
Packit |
f0b94e |
mHasIsEVStatus(false),
|
|
Packit |
f0b94e |
mHaveCipherSuiteAndProtocol(false),
|
|
Packit |
f0b94e |
mHaveCertErrorBits(false) {}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
void nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert,
|
|
Packit |
f0b94e |
EVStatus aEVStatus) {
|
|
Packit |
f0b94e |
MOZ_ASSERT(aServerCert);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
mServerCert = aServerCert;
|
|
Packit |
f0b94e |
mIsEV = (aEVStatus == EVStatus::EV);
|
|
Packit |
f0b94e |
mHasIsEVStatus = true;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
nsresult nsSSLStatus::SetSucceededCertChain(UniqueCERTCertList aCertList) {
|
|
Packit |
f0b94e |
// nsNSSCertList takes ownership of certList
|
|
Packit |
f0b94e |
mSucceededCertChain = new nsNSSCertList(Move(aCertList));
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
void nsSSLStatus::SetFailedCertChain(nsIX509CertList* aX509CertList) {
|
|
Packit |
f0b94e |
mFailedCertChain = aX509CertList;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetSucceededCertChain(nsIX509CertList** _result) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(_result);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
nsCOMPtr<nsIX509CertList> tmpList = mSucceededCertChain;
|
|
Packit |
f0b94e |
tmpList.forget(_result);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
NS_IMETHODIMP
|
|
Packit |
f0b94e |
nsSSLStatus::GetFailedCertChain(nsIX509CertList** _result) {
|
|
Packit |
f0b94e |
NS_ENSURE_ARG_POINTER(_result);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
nsCOMPtr<nsIX509CertList> tmpList = mFailedCertChain;
|
|
Packit |
f0b94e |
tmpList.forget(_result);
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
return NS_OK;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
void nsSSLStatus::SetCertificateTransparencyInfo(
|
|
Packit |
f0b94e |
const mozilla::psm::CertificateTransparencyInfo& info) {
|
|
Packit |
f0b94e |
using mozilla::ct::CTPolicyCompliance;
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
mCertificateTransparencyStatus =
|
|
Packit |
f0b94e |
nsISSLStatus::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE;
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
if (!info.enabled) {
|
|
Packit |
f0b94e |
// CT disabled.
|
|
Packit |
f0b94e |
return;
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
|
|
Packit |
f0b94e |
switch (info.policyCompliance) {
|
|
Packit |
f0b94e |
case CTPolicyCompliance::Compliant:
|
|
Packit |
f0b94e |
mCertificateTransparencyStatus =
|
|
Packit |
f0b94e |
nsISSLStatus::CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT;
|
|
Packit |
f0b94e |
break;
|
|
Packit |
f0b94e |
case CTPolicyCompliance::NotEnoughScts:
|
|
Packit |
f0b94e |
mCertificateTransparencyStatus =
|
|
Packit |
f0b94e |
nsISSLStatus::CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS;
|
|
Packit |
f0b94e |
break;
|
|
Packit |
f0b94e |
case CTPolicyCompliance::NotDiverseScts:
|
|
Packit |
f0b94e |
mCertificateTransparencyStatus =
|
|
Packit |
f0b94e |
nsISSLStatus::CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS;
|
|
Packit |
f0b94e |
break;
|
|
Packit |
f0b94e |
case CTPolicyCompliance::Unknown:
|
|
Packit |
f0b94e |
default:
|
|
Packit |
f0b94e |
MOZ_ASSERT_UNREACHABLE("Unexpected CTPolicyCompliance type");
|
|
Packit |
f0b94e |
}
|
|
Packit |
f0b94e |
}
|