Bug 1475647 - Remove nsISSLStatusProvider interface. r=baku,Gijs,jchen,jryans,keeler,mcmanus

- Access nsISSLStatus directly as a member of nsITransportSecurityInfo
and nsISecureBrowserUI.  This is part of a larger effort to consolidate
nsISSLStatus and nsITransportSecurityInfo.
- The TabParent implementation of GetSecInfo will always return null.
- Removed unnecessary QueryInterface calls
- Style adherence updates

MozReview-Commit-ID: Dzy6t2zYljL

--HG--
extra : rebase_source : 9c400bed3c9d29a186fc987c9bd0ffceb37bfd94
This commit is contained in:
Dipen Patel 2018-07-13 11:48:55 -07:00
parent 45dbd64d99
commit 7641beb1f8
40 changed files with 111 additions and 147 deletions

View File

@ -347,12 +347,8 @@ var gIdentityHandler = {
// Firstly, populate the state properties required to display the UI. See
// the documentation of the individual properties for details.
this.setURI(uri);
this._sslStatus = gBrowser.securityUI
.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
if (this._sslStatus) {
this._sslStatus.QueryInterface(Ci.nsISSLStatus);
}
this._sslStatus = gBrowser.securityUI.secInfo &&
gBrowser.securityUI.secInfo.SSLStatus;
// Then, update the user interface with the available data.
this.refreshIdentityBlock();

View File

@ -2994,8 +2994,7 @@ var BrowserOnClick = {
}
securityInfo = getSecurityInfo(securityInfoAsString);
sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
sslStatus = securityInfo.SSLStatus;
let params = { exceptionAdded: false,
sslStatus };
@ -3036,8 +3035,7 @@ var BrowserOnClick = {
}
securityInfo = getSecurityInfo(securityInfoAsString);
sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
sslStatus = securityInfo.SSLStatus;
let errorInfo = getDetailedCertErrorInfo(location,
securityInfo);
let validityInfo = {

View File

@ -27,7 +27,6 @@ var security = {
},
_getSecurityInfo() {
const nsISSLStatusProvider = Ci.nsISSLStatusProvider;
const nsISSLStatus = Ci.nsISSLStatus;
// We don't have separate info for a frame, return null until further notice
@ -50,11 +49,9 @@ var security = {
(ui.state & Ci.nsIWebProgressListener.STATE_IS_INSECURE);
var isEV =
(ui.state & Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
ui.QueryInterface(nsISSLStatusProvider);
var status = ui.SSLStatus;
var status = ui.secInfo && ui.secInfo.SSLStatus;
if (!isInsecure && status) {
status.QueryInterface(nsISSLStatus);
var cert = status.serverCert;
var issuerName = cert.issuerOrganization || cert.issuerName;

View File

@ -300,7 +300,7 @@ OOBCert.Client.prototype = {
// Client verifies that Server's cert matches hash(ServerCert) from the
// advertisement
dumpv("Validate server cert hash");
const serverCert = socket.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
const serverCert = socket.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
.SSLStatus.serverCert;
const advertisedCert = cert;
if (serverCert.sha256Fingerprint != advertisedCert.sha256) {

View File

@ -353,7 +353,7 @@ function _isInputAlive(input) {
*/
function _storeCertOverride(s, host, port) {
// eslint-disable-next-line no-shadow
const cert = s.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
const cert = s.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
.SSLStatus.serverCert;
const overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH;

View File

@ -600,7 +600,6 @@ var NetworkHelper = {
*/
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
const wpl = Ci.nsIWebProgressListener;
const NSSErrorsService = Cc["@mozilla.org/nss_errors_service;1"]

View File

@ -33,8 +33,7 @@ const MockCertificate = {
};
const MockSecurityInfo = {
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
Ci.nsISSLStatusProvider]),
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
securityState: wpl.STATE_IS_SECURE,
errorCode: 0,
SSLStatus: {

View File

@ -19,8 +19,7 @@ Object.defineProperty(this, "NetworkHelper", {
const wpl = Ci.nsIWebProgressListener;
const MockSecurityInfo = {
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
Ci.nsISSLStatusProvider]),
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
securityState: wpl.STATE_IS_BROKEN,
errorCode: 0,
SSLStatus: {

View File

@ -20,8 +20,7 @@ Object.defineProperty(this, "NetworkHelper", {
const wpl = Ci.nsIWebProgressListener;
const MockSecurityInfo = {
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
Ci.nsISSLStatusProvider]),
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
securityState: wpl.STATE_IS_SECURE,
errorCode: 0,
SSLStatus: {

View File

@ -59,6 +59,7 @@
#include "nsIInterfaceRequestorUtils.h"
#include "nsILoadInfo.h"
#include "nsIPromptFactory.h"
#include "nsITransportSecurityInfo.h"
#include "nsIURI.h"
#include "nsIWindowWatcher.h"
#include "nsIWebBrowserChrome.h"
@ -893,6 +894,15 @@ TabParent::GetState(uint32_t *aState)
return NS_OK;
}
NS_IMETHODIMP
TabParent::GetSecInfo(nsITransportSecurityInfo** _result)
{
NS_ENSURE_ARG_POINTER(_result);
NS_WARNING("TransportSecurityInfo not valid here");
*_result = nullptr;
return NS_OK;
}
NS_IMETHODIMP
TabParent::SetDocShell(nsIDocShell *aDocShell)
{

View File

@ -5687,9 +5687,8 @@ var IdentityHandler = {
* (if available). Return the data needed to update the UI.
*/
checkIdentity: function checkIdentity(aState, aBrowser) {
this._lastStatus = aBrowser.securityUI
.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
this._lastStatus = aBrowser.securityUI.secInfo &&
aBrowser.securityUI.secInfo.SSLStatus;
// Don't pass in the actual location object, since it can cause us to
// hold on to the window object too long. Just pass in the fields we

View File

@ -360,8 +360,7 @@ var AboutCertErrorListener = {
let securityInfo = docShell.failedChannel && docShell.failedChannel.securityInfo;
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
.QueryInterface(Ci.nsISerializable);
let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslStatus = securityInfo.SSLStatus;
this._setTechDetails(sslStatus, securityInfo, ownerDoc.location.href);
},
};

View File

@ -159,8 +159,7 @@ var IdentityHandler = {
result.host = uri.host;
}
let status = aBrowser.securityUI.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus.QueryInterface(Ci.nsISSLStatus);
let status = aBrowser.securityUI.secInfo.SSLStatus;
let cert = status.serverCert;
result.organization = cert.organization;

View File

@ -8,6 +8,7 @@
interface mozIDOMWindowProxy;
interface nsIDocShell;
interface nsITransportSecurityInfo;
[scriptable, uuid(718c662a-f810-4a80-a6c9-0b1810ecade2)]
interface nsISecureBrowserUI : nsISupports
@ -16,6 +17,7 @@ interface nsISecureBrowserUI : nsISupports
void setDocShell(in nsIDocShell docShell);
readonly attribute unsigned long state;
readonly attribute nsITransportSecurityInfo secInfo;
};
%{C++

View File

@ -15,8 +15,6 @@
#include "nsThreadUtils.h"
#include "nsHttpTransaction.h"
#include "NullHttpTransaction.h"
#include "nsISSLStatusProvider.h"
#include "nsISSLStatus.h"
#include "nsISSLSocketControl.h"
#include "nsIWellKnownOpportunisticUtils.h"

View File

@ -27,8 +27,6 @@
#include "nsHttpConnection.h"
#include "nsIRequestContext.h"
#include "nsISSLSocketControl.h"
#include "nsISSLStatus.h"
#include "nsISSLStatusProvider.h"
#include "nsISupportsPriority.h"
#include "nsStandardURL.h"
#include "nsURLHelper.h"

View File

@ -69,7 +69,6 @@
#include "nsIScriptError.h"
#include "nsIScriptSecurityManager.h"
#include "nsISSLStatus.h"
#include "nsISSLStatusProvider.h"
#include "nsITransportSecurityInfo.h"
#include "nsIWebProgressListener.h"
#include "LoadContextInfo.h"
@ -1896,11 +1895,11 @@ nsHttpChannel::ProcessSecurityHeaders()
uint32_t flags =
NS_UsePrivateBrowsing(this) ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
// Get the SSLStatus
nsCOMPtr<nsISSLStatusProvider> sslprov = do_QueryInterface(mSecurityInfo);
NS_ENSURE_TRUE(sslprov, NS_ERROR_FAILURE);
// Get the TransportSecurityInfo
nsCOMPtr<nsITransportSecurityInfo> transSecInfo = do_QueryInterface(mSecurityInfo);
NS_ENSURE_TRUE(transSecInfo, NS_ERROR_FAILURE);
nsCOMPtr<nsISSLStatus> sslStatus;
rv = sslprov->GetSSLStatus(getter_AddRefs(sslStatus));
rv = transSecInfo->GetSSLStatus(getter_AddRefs(sslStatus));
NS_ENSURE_SUCCESS(rv, rv);
NS_ENSURE_TRUE(sslStatus, NS_ERROR_FAILURE);
@ -2031,17 +2030,15 @@ nsHttpChannel::ProcessSSLInformation()
!IsHTTPS() || mPrivateBrowsing)
return;
nsCOMPtr<nsISSLStatusProvider> statusProvider =
nsCOMPtr<nsITransportSecurityInfo> securityInfo =
do_QueryInterface(mSecurityInfo);
if (!statusProvider)
if (!securityInfo)
return;
nsCOMPtr<nsISSLStatus> sslstat;
statusProvider->GetSSLStatus(getter_AddRefs(sslstat));
securityInfo->GetSSLStatus(getter_AddRefs(sslstat));
if (!sslstat)
return;
nsCOMPtr<nsITransportSecurityInfo> securityInfo =
do_QueryInterface(mSecurityInfo);
uint32_t state;
if (securityInfo &&
NS_SUCCEEDED(securityInfo->GetSecurityState(&state)) &&

View File

@ -24,7 +24,7 @@
#include "nsIChannel.h"
#include "nsIX509Cert.h"
#include "nsISSLStatus.h"
#include "nsISSLStatusProvider.h"
#include "nsITransportSecurityInfo.h"
#endif
#include "mozilla/Attributes.h"
#include "mozilla/Base64.h"
@ -335,12 +335,12 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
if (NS_FAILED(rv))
return rv;
nsCOMPtr<nsISSLStatusProvider> statusProvider =
nsCOMPtr<nsITransportSecurityInfo> secInfo =
do_QueryInterface(security);
if (mUseNative && statusProvider) {
if (mUseNative && secInfo) {
nsCOMPtr<nsISSLStatus> status;
rv = statusProvider->GetSSLStatus(getter_AddRefs(status));
rv = secInfo->GetSSLStatus(getter_AddRefs(status));
if (NS_FAILED(rv))
return rv;

View File

@ -6,6 +6,7 @@
#include "nsISupports.idl"
interface nsISSLStatus;
interface nsIX509CertList;
[builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)]
@ -21,5 +22,7 @@ interface nsITransportSecurityInfo : nsISupports {
* If verification succeeded, this will be null.
*/
readonly attribute nsIX509CertList failedCertChain;
readonly attribute nsISSLStatus SSLStatus;
};

View File

@ -26,7 +26,9 @@ function initExceptionDialog() {
gNsISecTel = Ci.nsISecurityUITelemetry;
var brandName = gBundleBrand.getString("brandShortName");
setText("warningText", gPKIBundle.getFormattedString("addExceptionBrandedWarning2", [brandName]));
setText("warningText",
gPKIBundle.getFormattedString("addExceptionBrandedWarning2",
[brandName]));
gDialog.getButton("extra1").disabled = true;
var args = window.arguments;
@ -75,7 +77,7 @@ function initExceptionDialog() {
function grabCert(req, evt) {
if (req.channel && req.channel.securityInfo) {
gSSLStatus = req.channel.securityInfo
.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
.QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus;
gCert = gSSLStatus ? gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert
: null;
}
@ -159,7 +161,8 @@ function resetDialog() {
*/
function handleTextChange() {
var checkCertButton = document.getElementById("checkCertButton");
checkCertButton.disabled = !(document.getElementById("locationTextBox").value);
checkCertButton.disabled =
!(document.getElementById("locationTextBox").value);
if (gNeedReset) {
gNeedReset = false;
resetDialog();
@ -201,7 +204,8 @@ function updateCertStatus() {
}
}
if (gSSLStatus.isUntrusted) {
bucketId += gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
bucketId +=
gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
if (!use1) {
use1 = true;
shortDesc = uts;
@ -229,7 +233,8 @@ function updateCertStatus() {
pe.disabled = inPrivateBrowsing;
pe.checked = !inPrivateBrowsing;
setText("headerDescription", gPKIBundle.getString("addExceptionInvalidHeader"));
setText("headerDescription",
gPKIBundle.getString("addExceptionInvalidHeader"));
} else {
shortDesc = "addExceptionValidShort";
longDesc = "addExceptionValidLong";
@ -301,22 +306,27 @@ function addException() {
var overrideService = Cc["@mozilla.org/security/certoverride;1"]
.getService(Ci.nsICertOverrideService);
var flags = 0;
let confirmBucketId = gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
let confirmBucketId =
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
if (gSSLStatus.isUntrusted) {
flags |= overrideService.ERROR_UNTRUSTED;
confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
confirmBucketId +=
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
}
if (gSSLStatus.isDomainMismatch) {
flags |= overrideService.ERROR_MISMATCH;
confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
confirmBucketId +=
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
}
if (gSSLStatus.isNotValidAtThisTime) {
flags |= overrideService.ERROR_TIME;
confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
confirmBucketId +=
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
}
var permanentCheckbox = document.getElementById("permanent");
var shouldStorePermanently = permanentCheckbox.checked && !inPrivateBrowsingMode();
var shouldStorePermanently = permanentCheckbox.checked &&
!inPrivateBrowsingMode();
if (!permanentCheckbox.checked) {
gSecHistogram.add(gNsISecTel.WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION);
}

View File

@ -51,7 +51,6 @@ TransportSecurityInfo::TransportSecurityInfo()
NS_IMPL_ISUPPORTS(TransportSecurityInfo,
nsITransportSecurityInfo,
nsIInterfaceRequestor,
nsISSLStatusProvider,
nsIAssociatedContentSecurity,
nsISerializable,
nsIClassInfo)
@ -365,7 +364,7 @@ TransportSecurityInfo::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
return NS_OK;
}
nsresult
NS_IMETHODIMP
TransportSecurityInfo::GetSSLStatus(nsISSLStatus** _result)
{
NS_ENSURE_ARG_POINTER(_result);

View File

@ -16,7 +16,6 @@
#include "nsDataHashtable.h"
#include "nsIAssociatedContentSecurity.h"
#include "nsIInterfaceRequestor.h"
#include "nsISSLStatusProvider.h"
#include "nsITransportSecurityInfo.h"
#include "nsSSLStatus.h"
#include "nsString.h"
@ -26,7 +25,6 @@ namespace mozilla { namespace psm {
class TransportSecurityInfo : public nsITransportSecurityInfo
, public nsIInterfaceRequestor
, public nsISSLStatusProvider
, public nsIAssociatedContentSecurity
, public nsISerializable
, public nsIClassInfo
@ -39,7 +37,6 @@ public:
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSITRANSPORTSECURITYINFO
NS_DECL_NSIINTERFACEREQUESTOR
NS_DECL_NSISSLSTATUSPROVIDER
NS_DECL_NSIASSOCIATEDCONTENTSECURITY
NS_DECL_NSISERIALIZABLE
NS_DECL_NSICLASSINFO

View File

@ -36,7 +36,6 @@ XPIDL_SOURCES += [
'nsISecurityUITelemetry.idl',
'nsISiteSecurityService.idl',
'nsISSLStatus.idl',
'nsISSLStatusProvider.idl',
'nsITokenDialogs.idl',
'nsITokenPasswordDialogs.idl',
'nsIX509Cert.idl',

View File

@ -1,13 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsISSLStatus;
[scriptable, uuid(179b1ab1-0950-4427-9556-6f496dc4a27f)]
interface nsISSLStatusProvider : nsISupports {
readonly attribute nsISSLStatus SSLStatus;
};

View File

@ -89,8 +89,7 @@ nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl,
nsISecureBrowserUI,
nsIWebProgressListener,
nsISupportsWeakReference,
nsISSLStatusProvider)
nsISupportsWeakReference)
NS_IMETHODIMP
nsSecureBrowserUIImpl::Init(mozIDOMWindowProxy* aWindow)
@ -374,23 +373,21 @@ nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest* aRequest,
("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n",
this, mNewToplevelSecurityState));
nsCOMPtr<nsISSLStatusProvider> sp(do_QueryInterface(info));
if (sp) {
nsCOMPtr<nsITransportSecurityInfo> psmInfo(do_QueryInterface(info));
if (psmInfo) {
// Ignore result
updateStatus = true;
(void) sp->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
(void) psmInfo->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
if (temp_SSLStatus) {
bool aTemp;
if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) {
mNewToplevelIsEV = aTemp;
}
}
mSecInfo = psmInfo;
}
mNewToplevelSecurityStateKnown = true;
if (updateStatus) {
mSSLStatus = temp_SSLStatus;
}
MOZ_LOG(gSecureDocLog, LogLevel::Debug,
("SecureUI:%p: remember securityInfo %p\n", this,
info));
@ -1014,7 +1011,7 @@ nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest,
// If we have no security, we also shouldn't have any SSL status.
if (newSecurityState == lis_no_security) {
mSSLStatus = nullptr;
mSecInfo = nullptr;
}
}
@ -1166,9 +1163,8 @@ nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress* aWebProgress,
return NS_OK;
}
// nsISSLStatusProvider methods
NS_IMETHODIMP
nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
nsSecureBrowserUIImpl::GetSecInfo(nsITransportSecurityInfo** _result)
{
NS_ENSURE_ARG_POINTER(_result);
MOZ_ASSERT(NS_IsMainThread());
@ -1187,7 +1183,7 @@ nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
return NS_OK;
}
*_result = mSSLStatus;
*_result = mSecInfo;
NS_IF_ADDREF(*_result);
return NS_OK;

View File

@ -10,14 +10,13 @@
#include "mozilla/ReentrancyGuard.h"
#include "nsCOMPtr.h"
#include "nsINetUtil.h"
#include "nsISSLStatusProvider.h"
#include "nsISecureBrowserUI.h"
#include "nsISecurityEventSink.h"
#include "nsIURI.h"
#include "nsIWebProgressListener.h"
#include "nsWeakReference.h"
class nsISSLStatus;
class nsITransportSecurityInfo;
class nsIChannel;
#define NS_SECURE_BROWSER_UI_CID \
@ -26,8 +25,7 @@ class nsIChannel;
class nsSecureBrowserUIImpl : public nsISecureBrowserUI,
public nsIWebProgressListener,
public nsSupportsWeakReference,
public nsISSLStatusProvider
public nsSupportsWeakReference
{
friend class mozilla::ReentrancyGuard;
@ -37,7 +35,6 @@ public:
NS_DECL_ISUPPORTS
NS_DECL_NSIWEBPROGRESSLISTENER
NS_DECL_NSISECUREBROWSERUI
NS_DECL_NSISSLSTATUSPROVIDER
protected:
virtual ~nsSecureBrowserUIImpl() {};
@ -87,7 +84,7 @@ protected:
void ObtainEventSink(nsIChannel *channel,
nsCOMPtr<nsISecurityEventSink> &sink);
nsCOMPtr<nsISSLStatus> mSSLStatus;
nsCOMPtr<nsITransportSecurityInfo> mSecInfo;
nsCOMPtr<nsISupports> mCurrentToplevelSecurityInfo;
PLDHashTable mTransferringRequests;

View File

@ -720,8 +720,7 @@ FakeSSLStatus.prototype = {
// Helper function for add_cert_override_test. Probably doesn't need to be
// called directly.
function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslstatus = aSecurityInfo.SSLStatus;
let bits =
(sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
(sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
@ -749,8 +748,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
"Cert override flag should be set on the security state");
if (aExpectedSSLStatus) {
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslstatus = aSecurityInfo.SSLStatus;
if (aExpectedSSLStatus.failedCertChain) {
ok(aExpectedSSLStatus.failedCertChain.equals(sslstatus.failedCertChain));
}
@ -763,8 +761,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
// SSLStatus set on it. In this case, the error was not overridable anyway, so
// we consider it a success.
function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslstatus = aSecurityInfo.SSLStatus;
if (sslstatus) {
let bits =
(sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |

View File

@ -10,8 +10,7 @@
// Helper function for add_read_only_cert_override_test. Probably doesn't need
// to be called directly.
function add_read_only_cert_override(aHost, aExpectedBits, aSecurityInfo) {
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslstatus = aSecurityInfo.SSLStatus;
let bits =
(sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
(sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |

View File

@ -11,8 +11,7 @@ const certdb = Cc["@mozilla.org/security/x509certdb;1"]
function expectCT(value) {
return (securityInfo) => {
let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslStatus = securityInfo.SSLStatus;
Assert.equal(sslStatus.certificateTransparencyStatus, value,
"actual and expected CT status should match");
};

View File

@ -41,9 +41,7 @@ function add_resume_non_ev_with_override_test() {
ok(transportSecurityInfo.securityState &
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
"expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag");
let sslStatus = transportSecurityInfo
.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslStatus = transportSecurityInfo.SSLStatus;
ok(!sslStatus.succeededCertChain,
"ev-test.example.com should not have succeededCertChain set");
ok(!sslStatus.isDomainMismatch,
@ -68,9 +66,7 @@ function add_one_ev_test() {
ok(!(transportSecurityInfo.securityState &
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
"ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag");
let sslStatus = transportSecurityInfo
.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslStatus = transportSecurityInfo.SSLStatus;
ok(sslStatus.succeededCertChain,
"ev-test.example.com should have succeededCertChain set");
ok(!sslStatus.isDomainMismatch,
@ -130,9 +126,7 @@ function add_one_non_ev_test() {
ok(!(transportSecurityInfo.securityState &
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
`${GOOD_DOMAIN} should not have STATE_CERT_USER_OVERRIDDEN flag`);
let sslStatus = transportSecurityInfo
.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslStatus = transportSecurityInfo.SSLStatus;
ok(sslStatus.succeededCertChain,
`${GOOD_DOMAIN} should have succeededCertChain set`);
ok(!sslStatus.isDomainMismatch,

View File

@ -20,8 +20,8 @@ function run_test() {
// succeededCertChain should be set as expected)
add_connection_test(
"good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
function withSecurityInfo(aSSLStatus) {
let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
function withSecurityInfo(aSecInfo) {
let sslstatus = aSecInfo.SSLStatus;
equal(sslstatus.failedCertChain, null,
"failedCertChain for a successful connection should be null");
ok(sslstatus.succeededCertChain.equals(build_cert_chain(["default-ee", "test-ca"])),
@ -33,8 +33,8 @@ function run_test() {
// succeededCertChain should be null)
add_connection_test(
"expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE, null,
function withSecurityInfo(aSSLStatus) {
let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
function withSecurityInfo(aSecInfo) {
let sslstatus = aSecInfo.SSLStatus;
equal(sslstatus.succeededCertChain, null,
"succeededCertChain for a failed connection should be null");
ok(sslstatus.failedCertChain.equals(build_cert_chain(["expired-ee", "test-ca"])),

View File

@ -111,8 +111,8 @@ function processStsHeader(host, header, status, securityInfo) {
if (header != null && securityInfo != null) {
try {
let uri = Services.io.newURI("https://" + host.name);
let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let sslStatus = securityInfo.
QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus;
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
uri, header, sslStatus, 0,
Ci.nsISiteSecurityService.SOURCE_PRELOAD_LIST,

View File

@ -40,8 +40,7 @@ class Security(BaseLib):
"""
cert = self.marionette.execute_script("""
var securityUI = arguments[0].linkedBrowser.securityUI;
var status = securityUI.QueryInterface(Components.interfaces.nsISSLStatusProvider)
.SSLStatus;
var status = securityUI.secInfo && securityUI.secInfo.SSLStatus;
return status ? status.serverCert : null;
""", script_args=[tab_element])

View File

@ -215,7 +215,7 @@ var WebProgressListener = {
let objects = this._setupObjects(aWebProgress, aRequest);
json.state = aState;
json.status = SecurityUI.getSSLStatusAsString();
json.secInfo = SecurityUI.getSecInfoAsString();
json.matchedList = null;
if (aRequest && aRequest instanceof Ci.nsIClassifiedChannel) {
@ -374,15 +374,17 @@ var WebNavigation = {
WebNavigation.init();
var SecurityUI = {
getSSLStatusAsString() {
let status = docShell.securityUI.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
getSecInfoAsString() {
let secInfo = docShell.securityUI.secInfo;
if (status) {
let helper = Cc["@mozilla.org/network/serialization-helper;1"]
.getService(Ci.nsISerializationHelper);
if (secInfo) {
if (secInfo) {
let helper = Cc["@mozilla.org/network/serialization-helper;1"]
.getService(Ci.nsISerializationHelper);
status.QueryInterface(Ci.nsISerializable);
return helper.serializeToString(status);
secInfo.QueryInterface(Ci.nsISerializable);
return helper.serializeToString(secInfo);
}
}
return null;

View File

@ -143,7 +143,7 @@ function checkCert(aChannel, aAllowNonBuiltInCerts, aCerts) {
return;
}
let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
.SSLStatus;
let cert = sslStatus.serverCert;

View File

@ -8,22 +8,20 @@ var EXPORTED_SYMBOLS = ["RemoteSecurityUI"];
ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
function RemoteSecurityUI() {
this._SSLStatus = null;
this._secInfo = null;
this._state = 0;
}
RemoteSecurityUI.prototype = {
QueryInterface: ChromeUtils.generateQI([Ci.nsISSLStatusProvider, Ci.nsISecureBrowserUI]),
// nsISSLStatusProvider
get SSLStatus() { return this._SSLStatus; },
QueryInterface: ChromeUtils.generateQI([Ci.nsISecureBrowserUI]),
// nsISecureBrowserUI
get state() { return this._state; },
get tooltipText() { return ""; },
get secInfo() { return this._secInfo; },
_update(aStatus, aState) {
this._SSLStatus = aStatus;
_update(aSecInfo, aState) {
this._secInfo = aSecInfo;
this._state = aState;
}
};

View File

@ -110,14 +110,14 @@ RemoteWebProgressManager.prototype = {
this._progressListeners.filter(l => l.listener != aListener);
},
_fixSSLStatusAndState(aStatus, aState) {
_fixSecInfoAndState(aSecInfo, aState) {
let deserialized = null;
if (aStatus) {
if (aSecInfo) {
let helper = Cc["@mozilla.org/network/serialization-helper;1"]
.getService(Ci.nsISerializationHelper);
deserialized = helper.deserializeObject(aStatus);
deserialized.QueryInterface(Ci.nsISSLStatus);
deserialized = helper.deserializeObject(aSecInfo);
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
}
return [deserialized, aState];
@ -241,14 +241,14 @@ RemoteWebProgressManager.prototype = {
break;
case "Content:SecurityChange":
let [status, state] = this._fixSSLStatusAndState(json.status, json.state);
let [secInfo, state] = this._fixSecInfoAndState(json.secInfo, json.state);
if (isTopLevel) {
// Invoking this getter triggers the generation of the underlying object,
// which we need to access with ._securityUI, because .securityUI returns
// a wrapper that makes _update inaccessible.
void this._browser.securityUI;
this._browser._securityUI._update(status, state);
this._browser._securityUI._update(secInfo, state);
}
this._callProgressListeners(

View File

@ -94,7 +94,6 @@ const SecurityInfo = {
}
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
const SSLStatus = securityInfo.SSLStatus;
if (NSSErrorsService.isNSSErrorCode(securityInfo.errorCode)) {

View File

@ -87,7 +87,7 @@ function testXHRLoad(aEvent) {
"attributes array passed to checkCert has an element that has an " +
"issuerName that is not the same as the certificate's");
var cert = channel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider).
var cert = channel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo).
SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
certs = [ { issuerName: cert.issuerName,

View File

@ -3116,7 +3116,7 @@ Checker.prototype = {
// Set MitM pref.
try {
var sslStatus = request.channel.QueryInterface(Ci.nsIRequest)
.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
.SSLStatus.QueryInterface(Ci.nsISSLStatus);
if (sslStatus && sslStatus.serverCert && sslStatus.serverCert.issuerName) {
Services.prefs.setStringPref("security.pki.mitm_canary_issuer",