Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-19 08:15:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
17b4754b7e
gecko-dev/netwerk/base/FuzzySecurityInfo.cpp

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

351 lines
8.3 KiB
C++
Raw Normal View History

Bug 1566342 - Implement changes for HTTP2 fuzzing in Necko. r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D38182 --HG-- extra : moz-landing-system : lando
2019-08-19 13:46:18 +00:00
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim:set ts=2 sw=2 sts=2 et cindent: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "FuzzySecurityInfo.h"
#include "mozilla/Logging.h"
#include "mozilla/OriginAttributes.h"
#include "nsThreadManager.h"
namespace mozilla {
namespace net {
FuzzySecurityInfo::FuzzySecurityInfo() {}
FuzzySecurityInfo::~FuzzySecurityInfo() {}
NS_IMPL_ISUPPORTS(FuzzySecurityInfo, nsITransportSecurityInfo,
nsIInterfaceRequestor, nsISSLSocketControl)
NS_IMETHODIMP
FuzzySecurityInfo::GetErrorCode(int32_t* state) {
*state = 0;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetSecurityState(uint32_t* state) {
*state = 0;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetErrorCodeString(nsAString& aErrorString) {
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
Bug 1592083 - Convert certList to raw array for nsITransportSecurityInfo r=keeler,Ehsan,kershaw This patch converts the certList attribute of nsITransportSecurityInfo from nsIX509CertList to Array<nsIx509Cert> Differential Revision: https://phabricator.services.mozilla.com/D48745 --HG-- extra : moz-landing-system : lando
2019-10-29 17:20:07 +00:00
FuzzySecurityInfo::GetFailedCertChain(
nsTArray<RefPtr<nsIX509Cert>>& aFailedCertChain) {
Bug 1566342 - Implement changes for HTTP2 fuzzing in Necko. r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D38182 --HG-- extra : moz-landing-system : lando
2019-08-19 13:46:18 +00:00
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetServerCert(nsIX509Cert** aServerCert) {
NS_ENSURE_ARG_POINTER(aServerCert);
// This method is called by nsHttpChannel::ProcessSSLInformation()
// in order to display certain information in the console.
// Returning NULL is okay here and handled by the caller.
*aServerCert = NULL;
return NS_OK;
}
NS_IMETHODIMP
Bug 1592083 - Convert certList to raw array for nsITransportSecurityInfo r=keeler,Ehsan,kershaw This patch converts the certList attribute of nsITransportSecurityInfo from nsIX509CertList to Array<nsIx509Cert> Differential Revision: https://phabricator.services.mozilla.com/D48745 --HG-- extra : moz-landing-system : lando
2019-10-29 17:20:07 +00:00
FuzzySecurityInfo::GetSucceededCertChain(
nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain) {
Bug 1566342 - Implement changes for HTTP2 fuzzing in Necko. r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D38182 --HG-- extra : moz-landing-system : lando
2019-08-19 13:46:18 +00:00
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetCipherName(nsACString& aCipherName) {
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetKeyLength(uint32_t* aKeyLength) {
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetSecretKeyLength(uint32_t* aSecretKeyLength) {
MOZ_CRASH("Unused");
*aSecretKeyLength = 4096;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetKeaGroupName(nsACString& aKeaGroup) {
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetSignatureSchemeName(nsACString& aSignatureScheme) {
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetProtocolVersion(uint16_t* aProtocolVersion) {
NS_ENSURE_ARG_POINTER(aProtocolVersion);
// Must be >= TLS 1.2 for HTTP2
*aProtocolVersion = nsITransportSecurityInfo::TLS_VERSION_1_2;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetCertificateTransparencyStatus(
uint16_t* aCertificateTransparencyStatus) {
NS_ENSURE_ARG_POINTER(aCertificateTransparencyStatus);
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetIsDomainMismatch(bool* aIsDomainMismatch) {
NS_ENSURE_ARG_POINTER(aIsDomainMismatch);
*aIsDomainMismatch = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetIsNotValidAtThisTime(bool* aIsNotValidAtThisTime) {
NS_ENSURE_ARG_POINTER(aIsNotValidAtThisTime);
*aIsNotValidAtThisTime = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetIsUntrusted(bool* aIsUntrusted) {
NS_ENSURE_ARG_POINTER(aIsUntrusted);
*aIsUntrusted = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetIsExtendedValidation(bool* aIsEV) {
NS_ENSURE_ARG_POINTER(aIsEV);
*aIsEV = true;
return NS_OK;
}
Bug 1562773 - Propagate Delegated Credential flag to nsITransportSecurityInfo r=keeler,jcj This patch adds a new `mIsDelegatedCredential` parameter to nsITransportSecurityInfo, indicating whether or not a delegated credential keypair was used in the TLS handshake (see: https://tools.ietf.org/html/draft-ietf-tls-subcerts-03) . This functionality is only available if _security.tls.enable_delegated_credentials_ is set to true. Differential Revision: https://phabricator.services.mozilla.com/D39807 --HG-- extra : moz-landing-system : lando
2019-09-11 15:19:57 +00:00
NS_IMETHODIMP
FuzzySecurityInfo::GetIsDelegatedCredential(bool* aIsDelegCred) {
NS_ENSURE_ARG_POINTER(aIsDelegCred);
*aIsDelegCred = false;
return NS_OK;
}
Bug 1566342 - Implement changes for HTTP2 fuzzing in Necko. r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D38182 --HG-- extra : moz-landing-system : lando
2019-08-19 13:46:18 +00:00
NS_IMETHODIMP
FuzzySecurityInfo::GetInterface(const nsIID& uuid, void** result) {
if (!NS_IsMainThread()) {
MOZ_CRASH("FuzzySecurityInfo::GetInterface called off the main thread");
return NS_ERROR_NOT_SAME_THREAD;
}
nsresult rv = NS_ERROR_NO_INTERFACE;
if (mCallbacks) {
rv = mCallbacks->GetInterface(uuid, result);
}
return rv;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetNotificationCallbacks(
nsIInterfaceRequestor** aCallbacks) {
nsCOMPtr<nsIInterfaceRequestor> ir(mCallbacks);
ir.forget(aCallbacks);
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::SetNotificationCallbacks(nsIInterfaceRequestor* aCallbacks) {
mCallbacks = aCallbacks;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetProviderFlags(uint32_t* aProviderFlags) {
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetProviderTlsFlags(uint32_t* aProviderTlsFlags) {
MOZ_CRASH("Unused");
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetKEAUsed(int16_t* aKea) {
// Can be ssl_kea_dh or ssl_kea_ecdh for HTTP2
*aKea = ssl_kea_ecdh;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetKEAKeyBits(uint32_t* aKeyBits) {
// Must be >= 224 for ecdh and >= 2048 for dh when using HTTP2
*aKeyBits = 256;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetSSLVersionUsed(int16_t* aSSLVersionUsed) {
// Must be >= TLS 1.2 for HTTP2
*aSSLVersionUsed = nsISSLSocketControl::TLS_VERSION_1_2;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetSSLVersionOffered(int16_t* aSSLVersionOffered) {
*aSSLVersionOffered = nsISSLSocketControl::TLS_VERSION_1_2;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetMACAlgorithmUsed(int16_t* aMac) {
// The only valid choice for HTTP2 is SSL_MAC_AEAD
*aMac = nsISSLSocketControl::SSL_MAC_AEAD;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetClientCert(nsIX509Cert** aClientCert) {
NS_ENSURE_ARG_POINTER(aClientCert);
*aClientCert = nullptr;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::SetClientCert(nsIX509Cert* aClientCert) {
MOZ_CRASH("Unused");
return NS_OK;
}
bool FuzzySecurityInfo::GetDenyClientCert() { return false; }
void FuzzySecurityInfo::SetDenyClientCert(bool aDenyClientCert) {
// Called by mozilla::net::nsHttpConnection::StartSpdy
}
NS_IMETHODIMP
FuzzySecurityInfo::GetClientCertSent(bool* arg) {
*arg = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetFailedVerification(bool* arg) {
*arg = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetNegotiatedNPN(nsACString& aNegotiatedNPN) {
aNegotiatedNPN = "h2";
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected) {
// TODO: For now we don't support early selection
return NS_ERROR_NOT_AVAILABLE;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetEarlyDataAccepted(bool* aAccepted) {
*aAccepted = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetResumed(bool* aResumed) {
*aResumed = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::DriveHandshake() { return NS_OK; }
NS_IMETHODIMP
FuzzySecurityInfo::IsAcceptableForHost(const nsACString& hostname,
bool* _retval) {
NS_ENSURE_ARG(_retval);
*_retval = true;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::TestJoinConnection(const nsACString& npnProtocol,
const nsACString& hostname, int32_t port,
bool* _retval) {
*_retval = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::JoinConnection(const nsACString& npnProtocol,
const nsACString& hostname, int32_t port,
bool* _retval) {
*_retval = false;
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::ProxyStartSSL() { return NS_OK; }
NS_IMETHODIMP
FuzzySecurityInfo::StartTLS() { return NS_OK; }
NS_IMETHODIMP
FuzzySecurityInfo::SetNPNList(nsTArray<nsCString>& protocolArray) {
return NS_OK;
}
NS_IMETHODIMP
FuzzySecurityInfo::GetEsniTxt(nsACString& aEsniTxt) { return NS_OK; }
NS_IMETHODIMP
FuzzySecurityInfo::SetEsniTxt(const nsACString& aEsniTxt) {
MOZ_CRASH("Unused");
return NS_OK;
}
Bug 1510569 - Implement serializers for nsITransportSecurityInfo, nsIX509Cert, and nsIX509CertList r=froydnj,keeler,mayhemer As part of the ongoing effort to port the nsIWebProgress events from RemoteWebProgress / WebProgressChild to BrowserParent / BrowserChild, we need to (de)serialize the nsITransportSecurityInfo instance across the IPC layer. The existing code was calling `NS_SerializeToString` which has the overhead of (a) allocating a buffer and also performing base64 encoding/decoding. This patch adds `IPC::ParamTraits` implementations for `nsITransportSecurityInfo`, `nsIX509Certificate`, and `nsIX509CertList` that (de)serializes the params directly onto and off of the IPC message so that we don't go through the overhead of allocating and encoding/decoding an additional buffer. This (de)serialization will address the performance issues present in the current implementation. As a side effect, I also make nsITransportSecurityInfo a builtinclass XPCOM interface, since the existing serialization code was assuming it was, there is only one implementation, and it is in C++. Differential Revision: https://phabricator.services.mozilla.com/D35090 --HG-- extra : moz-landing-system : lando
2019-08-28 18:55:31 +00:00
void FuzzySecurityInfo::SerializeToIPC(IPC::Message* aMsg) {
MOZ_CRASH("Unused");
}
bool FuzzySecurityInfo::DeserializeFromIPC(const IPC::Message* aMsg,
PickleIterator* aIter) {
MOZ_CRASH("Unused");
return false;
}
Bug 1580138 - Use peer id to isolate token cache r=dragana,keeler Differential Revision: https://phabricator.services.mozilla.com/D45406 --HG-- extra : moz-landing-system : lando
2019-09-30 12:15:07 +00:00
NS_IMETHODIMP
FuzzySecurityInfo::GetPeerId(nsACString& aResult) {
aResult.Assign(EmptyCString());
return NS_OK;
}
Bug 1485652 - Reimplement IsAcceptableForHost r=keeler Differential Revision: https://phabricator.services.mozilla.com/D67949
2020-04-24 14:45:56 +00:00
NS_IMETHODIMP FuzzySecurityInfo::SetIsBuiltCertChainRootBuiltInRoot(
bool aIsBuiltInRoot) {
return NS_OK;
}
NS_IMETHODIMP FuzzySecurityInfo::GetIsBuiltCertChainRootBuiltInRoot(
bool* aIsBuiltInRoot) {
*aIsBuiltInRoot = false;
return NS_OK;
}
Bug 1566342 - Implement changes for HTTP2 fuzzing in Necko. r=mayhemer Differential Revision: https://phabricator.services.mozilla.com/D38182 --HG-- extra : moz-landing-system : lando
2019-08-19 13:46:18 +00:00
} // namespace net
} // namespace mozilla
Reference in New Issue Copy Permalink