mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 13:21:05 +00:00
Bug 1475647 - Remove nsISSLStatusProvider interface. r=baku,Gijs,jchen,jryans,keeler,mcmanus
- Access nsISSLStatus directly as a member of nsITransportSecurityInfo and nsISecureBrowserUI. This is part of a larger effort to consolidate nsISSLStatus and nsITransportSecurityInfo. - The TabParent implementation of GetSecInfo will always return null. - Removed unnecessary QueryInterface calls - Style adherence updates MozReview-Commit-ID: Dzy6t2zYljL --HG-- extra : rebase_source : 9c400bed3c9d29a186fc987c9bd0ffceb37bfd94
This commit is contained in:
parent
45dbd64d99
commit
7641beb1f8
@ -347,12 +347,8 @@ var gIdentityHandler = {
|
||||
// Firstly, populate the state properties required to display the UI. See
|
||||
// the documentation of the individual properties for details.
|
||||
this.setURI(uri);
|
||||
this._sslStatus = gBrowser.securityUI
|
||||
.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
if (this._sslStatus) {
|
||||
this._sslStatus.QueryInterface(Ci.nsISSLStatus);
|
||||
}
|
||||
this._sslStatus = gBrowser.securityUI.secInfo &&
|
||||
gBrowser.securityUI.secInfo.SSLStatus;
|
||||
|
||||
// Then, update the user interface with the available data.
|
||||
this.refreshIdentityBlock();
|
||||
|
@ -2994,8 +2994,7 @@ var BrowserOnClick = {
|
||||
}
|
||||
|
||||
securityInfo = getSecurityInfo(securityInfoAsString);
|
||||
sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
sslStatus = securityInfo.SSLStatus;
|
||||
let params = { exceptionAdded: false,
|
||||
sslStatus };
|
||||
|
||||
@ -3036,8 +3035,7 @@ var BrowserOnClick = {
|
||||
}
|
||||
|
||||
securityInfo = getSecurityInfo(securityInfoAsString);
|
||||
sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
sslStatus = securityInfo.SSLStatus;
|
||||
let errorInfo = getDetailedCertErrorInfo(location,
|
||||
securityInfo);
|
||||
let validityInfo = {
|
||||
|
@ -27,7 +27,6 @@ var security = {
|
||||
},
|
||||
|
||||
_getSecurityInfo() {
|
||||
const nsISSLStatusProvider = Ci.nsISSLStatusProvider;
|
||||
const nsISSLStatus = Ci.nsISSLStatus;
|
||||
|
||||
// We don't have separate info for a frame, return null until further notice
|
||||
@ -50,11 +49,9 @@ var security = {
|
||||
(ui.state & Ci.nsIWebProgressListener.STATE_IS_INSECURE);
|
||||
var isEV =
|
||||
(ui.state & Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
|
||||
ui.QueryInterface(nsISSLStatusProvider);
|
||||
var status = ui.SSLStatus;
|
||||
var status = ui.secInfo && ui.secInfo.SSLStatus;
|
||||
|
||||
if (!isInsecure && status) {
|
||||
status.QueryInterface(nsISSLStatus);
|
||||
var cert = status.serverCert;
|
||||
var issuerName = cert.issuerOrganization || cert.issuerName;
|
||||
|
||||
|
@ -300,7 +300,7 @@ OOBCert.Client.prototype = {
|
||||
// Client verifies that Server's cert matches hash(ServerCert) from the
|
||||
// advertisement
|
||||
dumpv("Validate server cert hash");
|
||||
const serverCert = socket.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
const serverCert = socket.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
|
||||
.SSLStatus.serverCert;
|
||||
const advertisedCert = cert;
|
||||
if (serverCert.sha256Fingerprint != advertisedCert.sha256) {
|
||||
|
@ -353,7 +353,7 @@ function _isInputAlive(input) {
|
||||
*/
|
||||
function _storeCertOverride(s, host, port) {
|
||||
// eslint-disable-next-line no-shadow
|
||||
const cert = s.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
const cert = s.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
|
||||
.SSLStatus.serverCert;
|
||||
const overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
|
||||
Ci.nsICertOverrideService.ERROR_MISMATCH;
|
||||
|
@ -600,7 +600,6 @@ var NetworkHelper = {
|
||||
*/
|
||||
|
||||
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
|
||||
|
||||
const wpl = Ci.nsIWebProgressListener;
|
||||
const NSSErrorsService = Cc["@mozilla.org/nss_errors_service;1"]
|
||||
|
@ -33,8 +33,7 @@ const MockCertificate = {
|
||||
};
|
||||
|
||||
const MockSecurityInfo = {
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
|
||||
Ci.nsISSLStatusProvider]),
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
|
||||
securityState: wpl.STATE_IS_SECURE,
|
||||
errorCode: 0,
|
||||
SSLStatus: {
|
||||
|
@ -19,8 +19,7 @@ Object.defineProperty(this, "NetworkHelper", {
|
||||
|
||||
const wpl = Ci.nsIWebProgressListener;
|
||||
const MockSecurityInfo = {
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
|
||||
Ci.nsISSLStatusProvider]),
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
|
||||
securityState: wpl.STATE_IS_BROKEN,
|
||||
errorCode: 0,
|
||||
SSLStatus: {
|
||||
|
@ -20,8 +20,7 @@ Object.defineProperty(this, "NetworkHelper", {
|
||||
const wpl = Ci.nsIWebProgressListener;
|
||||
|
||||
const MockSecurityInfo = {
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo,
|
||||
Ci.nsISSLStatusProvider]),
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsITransportSecurityInfo]),
|
||||
securityState: wpl.STATE_IS_SECURE,
|
||||
errorCode: 0,
|
||||
SSLStatus: {
|
||||
|
@ -59,6 +59,7 @@
|
||||
#include "nsIInterfaceRequestorUtils.h"
|
||||
#include "nsILoadInfo.h"
|
||||
#include "nsIPromptFactory.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsIWindowWatcher.h"
|
||||
#include "nsIWebBrowserChrome.h"
|
||||
@ -893,6 +894,15 @@ TabParent::GetState(uint32_t *aState)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TabParent::GetSecInfo(nsITransportSecurityInfo** _result)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(_result);
|
||||
NS_WARNING("TransportSecurityInfo not valid here");
|
||||
*_result = nullptr;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TabParent::SetDocShell(nsIDocShell *aDocShell)
|
||||
{
|
||||
|
@ -5687,9 +5687,8 @@ var IdentityHandler = {
|
||||
* (if available). Return the data needed to update the UI.
|
||||
*/
|
||||
checkIdentity: function checkIdentity(aState, aBrowser) {
|
||||
this._lastStatus = aBrowser.securityUI
|
||||
.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
this._lastStatus = aBrowser.securityUI.secInfo &&
|
||||
aBrowser.securityUI.secInfo.SSLStatus;
|
||||
|
||||
// Don't pass in the actual location object, since it can cause us to
|
||||
// hold on to the window object too long. Just pass in the fields we
|
||||
|
@ -360,8 +360,7 @@ var AboutCertErrorListener = {
|
||||
let securityInfo = docShell.failedChannel && docShell.failedChannel.securityInfo;
|
||||
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
|
||||
.QueryInterface(Ci.nsISerializable);
|
||||
let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslStatus = securityInfo.SSLStatus;
|
||||
this._setTechDetails(sslStatus, securityInfo, ownerDoc.location.href);
|
||||
},
|
||||
};
|
||||
|
@ -159,8 +159,7 @@ var IdentityHandler = {
|
||||
result.host = uri.host;
|
||||
}
|
||||
|
||||
let status = aBrowser.securityUI.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus.QueryInterface(Ci.nsISSLStatus);
|
||||
let status = aBrowser.securityUI.secInfo.SSLStatus;
|
||||
let cert = status.serverCert;
|
||||
|
||||
result.organization = cert.organization;
|
||||
|
@ -8,6 +8,7 @@
|
||||
|
||||
interface mozIDOMWindowProxy;
|
||||
interface nsIDocShell;
|
||||
interface nsITransportSecurityInfo;
|
||||
|
||||
[scriptable, uuid(718c662a-f810-4a80-a6c9-0b1810ecade2)]
|
||||
interface nsISecureBrowserUI : nsISupports
|
||||
@ -16,6 +17,7 @@ interface nsISecureBrowserUI : nsISupports
|
||||
void setDocShell(in nsIDocShell docShell);
|
||||
|
||||
readonly attribute unsigned long state;
|
||||
readonly attribute nsITransportSecurityInfo secInfo;
|
||||
};
|
||||
|
||||
%{C++
|
||||
|
@ -15,8 +15,6 @@
|
||||
#include "nsThreadUtils.h"
|
||||
#include "nsHttpTransaction.h"
|
||||
#include "NullHttpTransaction.h"
|
||||
#include "nsISSLStatusProvider.h"
|
||||
#include "nsISSLStatus.h"
|
||||
#include "nsISSLSocketControl.h"
|
||||
#include "nsIWellKnownOpportunisticUtils.h"
|
||||
|
||||
|
@ -27,8 +27,6 @@
|
||||
#include "nsHttpConnection.h"
|
||||
#include "nsIRequestContext.h"
|
||||
#include "nsISSLSocketControl.h"
|
||||
#include "nsISSLStatus.h"
|
||||
#include "nsISSLStatusProvider.h"
|
||||
#include "nsISupportsPriority.h"
|
||||
#include "nsStandardURL.h"
|
||||
#include "nsURLHelper.h"
|
||||
|
@ -69,7 +69,6 @@
|
||||
#include "nsIScriptError.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsISSLStatus.h"
|
||||
#include "nsISSLStatusProvider.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsIWebProgressListener.h"
|
||||
#include "LoadContextInfo.h"
|
||||
@ -1896,11 +1895,11 @@ nsHttpChannel::ProcessSecurityHeaders()
|
||||
uint32_t flags =
|
||||
NS_UsePrivateBrowsing(this) ? nsISocketProvider::NO_PERMANENT_STORAGE : 0;
|
||||
|
||||
// Get the SSLStatus
|
||||
nsCOMPtr<nsISSLStatusProvider> sslprov = do_QueryInterface(mSecurityInfo);
|
||||
NS_ENSURE_TRUE(sslprov, NS_ERROR_FAILURE);
|
||||
// Get the TransportSecurityInfo
|
||||
nsCOMPtr<nsITransportSecurityInfo> transSecInfo = do_QueryInterface(mSecurityInfo);
|
||||
NS_ENSURE_TRUE(transSecInfo, NS_ERROR_FAILURE);
|
||||
nsCOMPtr<nsISSLStatus> sslStatus;
|
||||
rv = sslprov->GetSSLStatus(getter_AddRefs(sslStatus));
|
||||
rv = transSecInfo->GetSSLStatus(getter_AddRefs(sslStatus));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
NS_ENSURE_TRUE(sslStatus, NS_ERROR_FAILURE);
|
||||
|
||||
@ -2031,17 +2030,15 @@ nsHttpChannel::ProcessSSLInformation()
|
||||
!IsHTTPS() || mPrivateBrowsing)
|
||||
return;
|
||||
|
||||
nsCOMPtr<nsISSLStatusProvider> statusProvider =
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo =
|
||||
do_QueryInterface(mSecurityInfo);
|
||||
if (!statusProvider)
|
||||
if (!securityInfo)
|
||||
return;
|
||||
nsCOMPtr<nsISSLStatus> sslstat;
|
||||
statusProvider->GetSSLStatus(getter_AddRefs(sslstat));
|
||||
securityInfo->GetSSLStatus(getter_AddRefs(sslstat));
|
||||
if (!sslstat)
|
||||
return;
|
||||
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo =
|
||||
do_QueryInterface(mSecurityInfo);
|
||||
uint32_t state;
|
||||
if (securityInfo &&
|
||||
NS_SUCCEEDED(securityInfo->GetSecurityState(&state)) &&
|
||||
|
@ -24,7 +24,7 @@
|
||||
#include "nsIChannel.h"
|
||||
#include "nsIX509Cert.h"
|
||||
#include "nsISSLStatus.h"
|
||||
#include "nsISSLStatusProvider.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#endif
|
||||
#include "mozilla/Attributes.h"
|
||||
#include "mozilla/Base64.h"
|
||||
@ -335,12 +335,12 @@ nsHttpNTLMAuth::GenerateCredentials(nsIHttpAuthenticableChannel *authChannel,
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
nsCOMPtr<nsISSLStatusProvider> statusProvider =
|
||||
nsCOMPtr<nsITransportSecurityInfo> secInfo =
|
||||
do_QueryInterface(security);
|
||||
|
||||
if (mUseNative && statusProvider) {
|
||||
if (mUseNative && secInfo) {
|
||||
nsCOMPtr<nsISSLStatus> status;
|
||||
rv = statusProvider->GetSSLStatus(getter_AddRefs(status));
|
||||
rv = secInfo->GetSSLStatus(getter_AddRefs(status));
|
||||
if (NS_FAILED(rv))
|
||||
return rv;
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
interface nsISSLStatus;
|
||||
interface nsIX509CertList;
|
||||
|
||||
[builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)]
|
||||
@ -21,5 +22,7 @@ interface nsITransportSecurityInfo : nsISupports {
|
||||
* If verification succeeded, this will be null.
|
||||
*/
|
||||
readonly attribute nsIX509CertList failedCertChain;
|
||||
|
||||
readonly attribute nsISSLStatus SSLStatus;
|
||||
};
|
||||
|
||||
|
@ -26,7 +26,9 @@ function initExceptionDialog() {
|
||||
gNsISecTel = Ci.nsISecurityUITelemetry;
|
||||
|
||||
var brandName = gBundleBrand.getString("brandShortName");
|
||||
setText("warningText", gPKIBundle.getFormattedString("addExceptionBrandedWarning2", [brandName]));
|
||||
setText("warningText",
|
||||
gPKIBundle.getFormattedString("addExceptionBrandedWarning2",
|
||||
[brandName]));
|
||||
gDialog.getButton("extra1").disabled = true;
|
||||
|
||||
var args = window.arguments;
|
||||
@ -75,7 +77,7 @@ function initExceptionDialog() {
|
||||
function grabCert(req, evt) {
|
||||
if (req.channel && req.channel.securityInfo) {
|
||||
gSSLStatus = req.channel.securityInfo
|
||||
.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
|
||||
.QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus;
|
||||
gCert = gSSLStatus ? gSSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert
|
||||
: null;
|
||||
}
|
||||
@ -159,7 +161,8 @@ function resetDialog() {
|
||||
*/
|
||||
function handleTextChange() {
|
||||
var checkCertButton = document.getElementById("checkCertButton");
|
||||
checkCertButton.disabled = !(document.getElementById("locationTextBox").value);
|
||||
checkCertButton.disabled =
|
||||
!(document.getElementById("locationTextBox").value);
|
||||
if (gNeedReset) {
|
||||
gNeedReset = false;
|
||||
resetDialog();
|
||||
@ -201,7 +204,8 @@ function updateCertStatus() {
|
||||
}
|
||||
}
|
||||
if (gSSLStatus.isUntrusted) {
|
||||
bucketId += gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
|
||||
bucketId +=
|
||||
gNsISecTel.WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED;
|
||||
if (!use1) {
|
||||
use1 = true;
|
||||
shortDesc = uts;
|
||||
@ -229,7 +233,8 @@ function updateCertStatus() {
|
||||
pe.disabled = inPrivateBrowsing;
|
||||
pe.checked = !inPrivateBrowsing;
|
||||
|
||||
setText("headerDescription", gPKIBundle.getString("addExceptionInvalidHeader"));
|
||||
setText("headerDescription",
|
||||
gPKIBundle.getString("addExceptionInvalidHeader"));
|
||||
} else {
|
||||
shortDesc = "addExceptionValidShort";
|
||||
longDesc = "addExceptionValidLong";
|
||||
@ -301,22 +306,27 @@ function addException() {
|
||||
var overrideService = Cc["@mozilla.org/security/certoverride;1"]
|
||||
.getService(Ci.nsICertOverrideService);
|
||||
var flags = 0;
|
||||
let confirmBucketId = gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
|
||||
let confirmBucketId =
|
||||
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE;
|
||||
if (gSSLStatus.isUntrusted) {
|
||||
flags |= overrideService.ERROR_UNTRUSTED;
|
||||
confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
|
||||
confirmBucketId +=
|
||||
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED;
|
||||
}
|
||||
if (gSSLStatus.isDomainMismatch) {
|
||||
flags |= overrideService.ERROR_MISMATCH;
|
||||
confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
|
||||
confirmBucketId +=
|
||||
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN;
|
||||
}
|
||||
if (gSSLStatus.isNotValidAtThisTime) {
|
||||
flags |= overrideService.ERROR_TIME;
|
||||
confirmBucketId += gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
|
||||
confirmBucketId +=
|
||||
gNsISecTel.WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME;
|
||||
}
|
||||
|
||||
var permanentCheckbox = document.getElementById("permanent");
|
||||
var shouldStorePermanently = permanentCheckbox.checked && !inPrivateBrowsingMode();
|
||||
var shouldStorePermanently = permanentCheckbox.checked &&
|
||||
!inPrivateBrowsingMode();
|
||||
if (!permanentCheckbox.checked) {
|
||||
gSecHistogram.add(gNsISecTel.WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION);
|
||||
}
|
||||
|
@ -51,7 +51,6 @@ TransportSecurityInfo::TransportSecurityInfo()
|
||||
NS_IMPL_ISUPPORTS(TransportSecurityInfo,
|
||||
nsITransportSecurityInfo,
|
||||
nsIInterfaceRequestor,
|
||||
nsISSLStatusProvider,
|
||||
nsIAssociatedContentSecurity,
|
||||
nsISerializable,
|
||||
nsIClassInfo)
|
||||
@ -365,7 +364,7 @@ TransportSecurityInfo::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetSSLStatus(nsISSLStatus** _result)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(_result);
|
||||
|
@ -16,7 +16,6 @@
|
||||
#include "nsDataHashtable.h"
|
||||
#include "nsIAssociatedContentSecurity.h"
|
||||
#include "nsIInterfaceRequestor.h"
|
||||
#include "nsISSLStatusProvider.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsSSLStatus.h"
|
||||
#include "nsString.h"
|
||||
@ -26,7 +25,6 @@ namespace mozilla { namespace psm {
|
||||
|
||||
class TransportSecurityInfo : public nsITransportSecurityInfo
|
||||
, public nsIInterfaceRequestor
|
||||
, public nsISSLStatusProvider
|
||||
, public nsIAssociatedContentSecurity
|
||||
, public nsISerializable
|
||||
, public nsIClassInfo
|
||||
@ -39,7 +37,6 @@ public:
|
||||
NS_DECL_THREADSAFE_ISUPPORTS
|
||||
NS_DECL_NSITRANSPORTSECURITYINFO
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
NS_DECL_NSISSLSTATUSPROVIDER
|
||||
NS_DECL_NSIASSOCIATEDCONTENTSECURITY
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
NS_DECL_NSICLASSINFO
|
||||
|
@ -36,7 +36,6 @@ XPIDL_SOURCES += [
|
||||
'nsISecurityUITelemetry.idl',
|
||||
'nsISiteSecurityService.idl',
|
||||
'nsISSLStatus.idl',
|
||||
'nsISSLStatusProvider.idl',
|
||||
'nsITokenDialogs.idl',
|
||||
'nsITokenPasswordDialogs.idl',
|
||||
'nsIX509Cert.idl',
|
||||
|
@ -1,13 +0,0 @@
|
||||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
interface nsISSLStatus;
|
||||
|
||||
[scriptable, uuid(179b1ab1-0950-4427-9556-6f496dc4a27f)]
|
||||
interface nsISSLStatusProvider : nsISupports {
|
||||
readonly attribute nsISSLStatus SSLStatus;
|
||||
};
|
@ -89,8 +89,7 @@ nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
|
||||
NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl,
|
||||
nsISecureBrowserUI,
|
||||
nsIWebProgressListener,
|
||||
nsISupportsWeakReference,
|
||||
nsISSLStatusProvider)
|
||||
nsISupportsWeakReference)
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSecureBrowserUIImpl::Init(mozIDOMWindowProxy* aWindow)
|
||||
@ -374,23 +373,21 @@ nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest* aRequest,
|
||||
("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n",
|
||||
this, mNewToplevelSecurityState));
|
||||
|
||||
nsCOMPtr<nsISSLStatusProvider> sp(do_QueryInterface(info));
|
||||
if (sp) {
|
||||
nsCOMPtr<nsITransportSecurityInfo> psmInfo(do_QueryInterface(info));
|
||||
if (psmInfo) {
|
||||
// Ignore result
|
||||
updateStatus = true;
|
||||
(void) sp->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
|
||||
(void) psmInfo->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
|
||||
if (temp_SSLStatus) {
|
||||
bool aTemp;
|
||||
if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) {
|
||||
mNewToplevelIsEV = aTemp;
|
||||
}
|
||||
}
|
||||
mSecInfo = psmInfo;
|
||||
}
|
||||
|
||||
mNewToplevelSecurityStateKnown = true;
|
||||
if (updateStatus) {
|
||||
mSSLStatus = temp_SSLStatus;
|
||||
}
|
||||
MOZ_LOG(gSecureDocLog, LogLevel::Debug,
|
||||
("SecureUI:%p: remember securityInfo %p\n", this,
|
||||
info));
|
||||
@ -1014,7 +1011,7 @@ nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest,
|
||||
|
||||
// If we have no security, we also shouldn't have any SSL status.
|
||||
if (newSecurityState == lis_no_security) {
|
||||
mSSLStatus = nullptr;
|
||||
mSecInfo = nullptr;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1166,9 +1163,8 @@ nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress* aWebProgress,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// nsISSLStatusProvider methods
|
||||
NS_IMETHODIMP
|
||||
nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
|
||||
nsSecureBrowserUIImpl::GetSecInfo(nsITransportSecurityInfo** _result)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(_result);
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
@ -1187,7 +1183,7 @@ nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
*_result = mSSLStatus;
|
||||
*_result = mSecInfo;
|
||||
NS_IF_ADDREF(*_result);
|
||||
|
||||
return NS_OK;
|
||||
|
@ -10,14 +10,13 @@
|
||||
#include "mozilla/ReentrancyGuard.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsINetUtil.h"
|
||||
#include "nsISSLStatusProvider.h"
|
||||
#include "nsISecureBrowserUI.h"
|
||||
#include "nsISecurityEventSink.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsIWebProgressListener.h"
|
||||
#include "nsWeakReference.h"
|
||||
|
||||
class nsISSLStatus;
|
||||
class nsITransportSecurityInfo;
|
||||
class nsIChannel;
|
||||
|
||||
#define NS_SECURE_BROWSER_UI_CID \
|
||||
@ -26,8 +25,7 @@ class nsIChannel;
|
||||
|
||||
class nsSecureBrowserUIImpl : public nsISecureBrowserUI,
|
||||
public nsIWebProgressListener,
|
||||
public nsSupportsWeakReference,
|
||||
public nsISSLStatusProvider
|
||||
public nsSupportsWeakReference
|
||||
{
|
||||
friend class mozilla::ReentrancyGuard;
|
||||
|
||||
@ -37,7 +35,6 @@ public:
|
||||
NS_DECL_ISUPPORTS
|
||||
NS_DECL_NSIWEBPROGRESSLISTENER
|
||||
NS_DECL_NSISECUREBROWSERUI
|
||||
NS_DECL_NSISSLSTATUSPROVIDER
|
||||
|
||||
protected:
|
||||
virtual ~nsSecureBrowserUIImpl() {};
|
||||
@ -87,7 +84,7 @@ protected:
|
||||
void ObtainEventSink(nsIChannel *channel,
|
||||
nsCOMPtr<nsISecurityEventSink> &sink);
|
||||
|
||||
nsCOMPtr<nsISSLStatus> mSSLStatus;
|
||||
nsCOMPtr<nsITransportSecurityInfo> mSecInfo;
|
||||
nsCOMPtr<nsISupports> mCurrentToplevelSecurityInfo;
|
||||
|
||||
PLDHashTable mTransferringRequests;
|
||||
|
@ -720,8 +720,7 @@ FakeSSLStatus.prototype = {
|
||||
// Helper function for add_cert_override_test. Probably doesn't need to be
|
||||
// called directly.
|
||||
function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
|
||||
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslstatus = aSecurityInfo.SSLStatus;
|
||||
let bits =
|
||||
(sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
|
||||
(sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
|
||||
@ -749,8 +748,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
|
||||
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
|
||||
"Cert override flag should be set on the security state");
|
||||
if (aExpectedSSLStatus) {
|
||||
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslstatus = aSecurityInfo.SSLStatus;
|
||||
if (aExpectedSSLStatus.failedCertChain) {
|
||||
ok(aExpectedSSLStatus.failedCertChain.equals(sslstatus.failedCertChain));
|
||||
}
|
||||
@ -763,8 +761,7 @@ function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
|
||||
// SSLStatus set on it. In this case, the error was not overridable anyway, so
|
||||
// we consider it a success.
|
||||
function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
|
||||
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslstatus = aSecurityInfo.SSLStatus;
|
||||
if (sslstatus) {
|
||||
let bits =
|
||||
(sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
|
||||
|
@ -10,8 +10,7 @@
|
||||
// Helper function for add_read_only_cert_override_test. Probably doesn't need
|
||||
// to be called directly.
|
||||
function add_read_only_cert_override(aHost, aExpectedBits, aSecurityInfo) {
|
||||
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslstatus = aSecurityInfo.SSLStatus;
|
||||
let bits =
|
||||
(sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
|
||||
(sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
|
||||
|
@ -11,8 +11,7 @@ const certdb = Cc["@mozilla.org/security/x509certdb;1"]
|
||||
|
||||
function expectCT(value) {
|
||||
return (securityInfo) => {
|
||||
let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslStatus = securityInfo.SSLStatus;
|
||||
Assert.equal(sslStatus.certificateTransparencyStatus, value,
|
||||
"actual and expected CT status should match");
|
||||
};
|
||||
|
@ -41,9 +41,7 @@ function add_resume_non_ev_with_override_test() {
|
||||
ok(transportSecurityInfo.securityState &
|
||||
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
|
||||
"expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag");
|
||||
let sslStatus = transportSecurityInfo
|
||||
.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslStatus = transportSecurityInfo.SSLStatus;
|
||||
ok(!sslStatus.succeededCertChain,
|
||||
"ev-test.example.com should not have succeededCertChain set");
|
||||
ok(!sslStatus.isDomainMismatch,
|
||||
@ -68,9 +66,7 @@ function add_one_ev_test() {
|
||||
ok(!(transportSecurityInfo.securityState &
|
||||
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
|
||||
"ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag");
|
||||
let sslStatus = transportSecurityInfo
|
||||
.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslStatus = transportSecurityInfo.SSLStatus;
|
||||
ok(sslStatus.succeededCertChain,
|
||||
"ev-test.example.com should have succeededCertChain set");
|
||||
ok(!sslStatus.isDomainMismatch,
|
||||
@ -130,9 +126,7 @@ function add_one_non_ev_test() {
|
||||
ok(!(transportSecurityInfo.securityState &
|
||||
Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
|
||||
`${GOOD_DOMAIN} should not have STATE_CERT_USER_OVERRIDDEN flag`);
|
||||
let sslStatus = transportSecurityInfo
|
||||
.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslStatus = transportSecurityInfo.SSLStatus;
|
||||
ok(sslStatus.succeededCertChain,
|
||||
`${GOOD_DOMAIN} should have succeededCertChain set`);
|
||||
ok(!sslStatus.isDomainMismatch,
|
||||
|
@ -20,8 +20,8 @@ function run_test() {
|
||||
// succeededCertChain should be set as expected)
|
||||
add_connection_test(
|
||||
"good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
|
||||
function withSecurityInfo(aSSLStatus) {
|
||||
let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
|
||||
function withSecurityInfo(aSecInfo) {
|
||||
let sslstatus = aSecInfo.SSLStatus;
|
||||
equal(sslstatus.failedCertChain, null,
|
||||
"failedCertChain for a successful connection should be null");
|
||||
ok(sslstatus.succeededCertChain.equals(build_cert_chain(["default-ee", "test-ca"])),
|
||||
@ -33,8 +33,8 @@ function run_test() {
|
||||
// succeededCertChain should be null)
|
||||
add_connection_test(
|
||||
"expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE, null,
|
||||
function withSecurityInfo(aSSLStatus) {
|
||||
let sslstatus = aSSLStatus.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
|
||||
function withSecurityInfo(aSecInfo) {
|
||||
let sslstatus = aSecInfo.SSLStatus;
|
||||
equal(sslstatus.succeededCertChain, null,
|
||||
"succeededCertChain for a failed connection should be null");
|
||||
ok(sslstatus.failedCertChain.equals(build_cert_chain(["expired-ee", "test-ca"])),
|
||||
|
@ -111,8 +111,8 @@ function processStsHeader(host, header, status, securityInfo) {
|
||||
if (header != null && securityInfo != null) {
|
||||
try {
|
||||
let uri = Services.io.newURI("https://" + host.name);
|
||||
let sslStatus = securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
let sslStatus = securityInfo.
|
||||
QueryInterface(Ci.nsITransportSecurityInfo).SSLStatus;
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
uri, header, sslStatus, 0,
|
||||
Ci.nsISiteSecurityService.SOURCE_PRELOAD_LIST,
|
||||
|
@ -40,8 +40,7 @@ class Security(BaseLib):
|
||||
"""
|
||||
cert = self.marionette.execute_script("""
|
||||
var securityUI = arguments[0].linkedBrowser.securityUI;
|
||||
var status = securityUI.QueryInterface(Components.interfaces.nsISSLStatusProvider)
|
||||
.SSLStatus;
|
||||
var status = securityUI.secInfo && securityUI.secInfo.SSLStatus;
|
||||
|
||||
return status ? status.serverCert : null;
|
||||
""", script_args=[tab_element])
|
||||
|
@ -215,7 +215,7 @@ var WebProgressListener = {
|
||||
let objects = this._setupObjects(aWebProgress, aRequest);
|
||||
|
||||
json.state = aState;
|
||||
json.status = SecurityUI.getSSLStatusAsString();
|
||||
json.secInfo = SecurityUI.getSecInfoAsString();
|
||||
|
||||
json.matchedList = null;
|
||||
if (aRequest && aRequest instanceof Ci.nsIClassifiedChannel) {
|
||||
@ -374,15 +374,17 @@ var WebNavigation = {
|
||||
WebNavigation.init();
|
||||
|
||||
var SecurityUI = {
|
||||
getSSLStatusAsString() {
|
||||
let status = docShell.securityUI.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
|
||||
getSecInfoAsString() {
|
||||
let secInfo = docShell.securityUI.secInfo;
|
||||
|
||||
if (status) {
|
||||
if (secInfo) {
|
||||
if (secInfo) {
|
||||
let helper = Cc["@mozilla.org/network/serialization-helper;1"]
|
||||
.getService(Ci.nsISerializationHelper);
|
||||
|
||||
status.QueryInterface(Ci.nsISerializable);
|
||||
return helper.serializeToString(status);
|
||||
secInfo.QueryInterface(Ci.nsISerializable);
|
||||
return helper.serializeToString(secInfo);
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
|
@ -143,7 +143,7 @@ function checkCert(aChannel, aAllowNonBuiltInCerts, aCerts) {
|
||||
return;
|
||||
}
|
||||
|
||||
let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
let sslStatus = aChannel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
|
||||
.SSLStatus;
|
||||
let cert = sslStatus.serverCert;
|
||||
|
||||
|
@ -8,22 +8,20 @@ var EXPORTED_SYMBOLS = ["RemoteSecurityUI"];
|
||||
ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
|
||||
|
||||
function RemoteSecurityUI() {
|
||||
this._SSLStatus = null;
|
||||
this._secInfo = null;
|
||||
this._state = 0;
|
||||
}
|
||||
|
||||
RemoteSecurityUI.prototype = {
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsISSLStatusProvider, Ci.nsISecureBrowserUI]),
|
||||
|
||||
// nsISSLStatusProvider
|
||||
get SSLStatus() { return this._SSLStatus; },
|
||||
QueryInterface: ChromeUtils.generateQI([Ci.nsISecureBrowserUI]),
|
||||
|
||||
// nsISecureBrowserUI
|
||||
get state() { return this._state; },
|
||||
get tooltipText() { return ""; },
|
||||
get secInfo() { return this._secInfo; },
|
||||
|
||||
_update(aStatus, aState) {
|
||||
this._SSLStatus = aStatus;
|
||||
_update(aSecInfo, aState) {
|
||||
this._secInfo = aSecInfo;
|
||||
this._state = aState;
|
||||
}
|
||||
};
|
||||
|
@ -110,14 +110,14 @@ RemoteWebProgressManager.prototype = {
|
||||
this._progressListeners.filter(l => l.listener != aListener);
|
||||
},
|
||||
|
||||
_fixSSLStatusAndState(aStatus, aState) {
|
||||
_fixSecInfoAndState(aSecInfo, aState) {
|
||||
let deserialized = null;
|
||||
if (aStatus) {
|
||||
if (aSecInfo) {
|
||||
let helper = Cc["@mozilla.org/network/serialization-helper;1"]
|
||||
.getService(Ci.nsISerializationHelper);
|
||||
|
||||
deserialized = helper.deserializeObject(aStatus);
|
||||
deserialized.QueryInterface(Ci.nsISSLStatus);
|
||||
deserialized = helper.deserializeObject(aSecInfo);
|
||||
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
}
|
||||
|
||||
return [deserialized, aState];
|
||||
@ -241,14 +241,14 @@ RemoteWebProgressManager.prototype = {
|
||||
break;
|
||||
|
||||
case "Content:SecurityChange":
|
||||
let [status, state] = this._fixSSLStatusAndState(json.status, json.state);
|
||||
let [secInfo, state] = this._fixSecInfoAndState(json.secInfo, json.state);
|
||||
|
||||
if (isTopLevel) {
|
||||
// Invoking this getter triggers the generation of the underlying object,
|
||||
// which we need to access with ._securityUI, because .securityUI returns
|
||||
// a wrapper that makes _update inaccessible.
|
||||
void this._browser.securityUI;
|
||||
this._browser._securityUI._update(status, state);
|
||||
this._browser._securityUI._update(secInfo, state);
|
||||
}
|
||||
|
||||
this._callProgressListeners(
|
||||
|
@ -94,7 +94,6 @@ const SecurityInfo = {
|
||||
}
|
||||
|
||||
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
|
||||
|
||||
const SSLStatus = securityInfo.SSLStatus;
|
||||
if (NSSErrorsService.isNSSErrorCode(securityInfo.errorCode)) {
|
||||
|
@ -87,7 +87,7 @@ function testXHRLoad(aEvent) {
|
||||
"attributes array passed to checkCert has an element that has an " +
|
||||
"issuerName that is not the same as the certificate's");
|
||||
|
||||
var cert = channel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider).
|
||||
var cert = channel.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo).
|
||||
SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
|
||||
|
||||
certs = [ { issuerName: cert.issuerName,
|
||||
|
@ -3116,7 +3116,7 @@ Checker.prototype = {
|
||||
// Set MitM pref.
|
||||
try {
|
||||
var sslStatus = request.channel.QueryInterface(Ci.nsIRequest)
|
||||
.securityInfo.QueryInterface(Ci.nsISSLStatusProvider)
|
||||
.securityInfo.QueryInterface(Ci.nsITransportSecurityInfo)
|
||||
.SSLStatus.QueryInterface(Ci.nsISSLStatus);
|
||||
if (sslStatus && sslStatus.serverCert && sslStatus.serverCert.issuerName) {
|
||||
Services.prefs.setStringPref("security.pki.mitm_canary_issuer",
|
||||
|
Loading…
Reference in New Issue
Block a user