mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 1793841 - deserialize nsITransportSecurityInfo without already having an instance of it r=jschanck,necko-reviewers,dragana
This is an important step in making nsITransportSecurityInfo constant. Depends on D157994 Differential Revision: https://phabricator.services.mozilla.com/D157995
This commit is contained in:
Dana Keeler
parent
04b2180978
commit
9c1b9475f3
16
dom/cache/DBSchema.cpp
vendored
16
dom/cache/DBSchema.cpp
vendored
@ -26,6 +26,7 @@
|
||||
#include "mozilla/dom/cache/Types.h"
|
||||
#include "mozilla/dom/quota/ResultExtensions.h"
|
||||
#include "mozilla/net/MozURL.h"
|
||||
#include "mozilla/psm/TransportSecurityInfo.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsCharSeparatedTokenizer.h"
|
||||
#include "nsComponentManagerUtils.h"
|
||||
@ -34,7 +35,6 @@
|
||||
#include "nsICryptoHash.h"
|
||||
#include "nsNetCID.h"
|
||||
#include "nsPrintfCString.h"
|
||||
#include "nsSerializationHelper.h"
|
||||
#include "nsTArray.h"
|
||||
|
||||
namespace mozilla::dom::cache::db {
|
||||
@ -1456,13 +1456,11 @@ Result<int32_t, nsresult> InsertSecurityInfo(
|
||||
mozIStorageConnection& aConn, nsICryptoHash& aCrypto,
|
||||
nsITransportSecurityInfo* aSecurityInfo) {
|
||||
MOZ_DIAGNOSTIC_ASSERT(aSecurityInfo);
|
||||
nsCOMPtr<nsISerializable> serializableSecurityInfo(
|
||||
do_QueryInterface(aSecurityInfo));
|
||||
if (!serializableSecurityInfo) {
|
||||
if (!aSecurityInfo) {
|
||||
return Err(NS_ERROR_FAILURE);
|
||||
}
|
||||
nsCString data;
|
||||
nsresult rv = NS_SerializeToString(serializableSecurityInfo, data);
|
||||
nsresult rv = aSecurityInfo->ToString(data);
|
||||
if (NS_FAILED(rv)) {
|
||||
return Err(rv);
|
||||
}
|
||||
@ -2001,14 +1999,12 @@ Result<SavedResponse, nsresult> ReadResponse(mozIStorageConnection& aConn,
|
||||
nsCString data;
|
||||
QM_TRY(MOZ_TO_RESULT(state->GetBlobAsUTF8String(7, data)));
|
||||
if (!data.IsEmpty()) {
|
||||
nsCOMPtr<nsISupports> securityInfoSupports;
|
||||
nsresult rv =
|
||||
NS_DeserializeObject(data, getter_AddRefs(securityInfoSupports));
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo;
|
||||
nsresult rv = mozilla::psm::TransportSecurityInfo::Read(
|
||||
data, getter_AddRefs(securityInfo));
|
||||
if (NS_FAILED(rv)) {
|
||||
return Err(rv);
|
||||
}
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo(
|
||||
do_QueryInterface(securityInfoSupports));
|
||||
if (!securityInfo) {
|
||||
return Err(NS_ERROR_FAILURE);
|
||||
}
|
||||
|
||||
@ -33,13 +33,11 @@ bool ParamTraits<nsITransportSecurityInfo*>::Read(
|
||||
return true;
|
||||
}
|
||||
|
||||
RefPtr<nsITransportSecurityInfo> info =
|
||||
new mozilla::psm::TransportSecurityInfo();
|
||||
if (!info->DeserializeFromIPC(aReader)) {
|
||||
if (!mozilla::psm::TransportSecurityInfo::DeserializeFromIPC(aReader,
|
||||
aResult)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
*aResult = std::move(info);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@ -5,8 +5,12 @@
|
||||
#ifndef mozilla_ipc_TransportSecurityInfoUtils_h
|
||||
#define mozilla_ipc_TransportSecurityInfoUtils_h
|
||||
|
||||
#include "nsCOMPtr.h"
|
||||
#include "mozilla/RefPtr.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsIX509Cert.h"
|
||||
|
||||
class MessageReader;
|
||||
class MessageWriter;
|
||||
|
||||
namespace IPC {
|
||||
|
||||
|
||||
@ -230,6 +230,12 @@ FuzzySecurityInfo::GetFailedVerification(bool* arg) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
FuzzySecurityInfo::ToString(nsACString& aResult) {
|
||||
MOZ_CRASH("Unused");
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
FuzzySecurityInfo::GetNegotiatedNPN(nsACString& aNegotiatedNPN) {
|
||||
aNegotiatedNPN = "h2";
|
||||
@ -317,11 +323,6 @@ void FuzzySecurityInfo::SerializeToIPC(IPC::MessageWriter* aWriter) {
|
||||
MOZ_CRASH("Unused");
|
||||
}
|
||||
|
||||
bool FuzzySecurityInfo::DeserializeFromIPC(IPC::MessageReader* aReader) {
|
||||
MOZ_CRASH("Unused");
|
||||
return false;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
FuzzySecurityInfo::GetPeerId(nsACString& aResult) {
|
||||
aResult.Assign(""_ns);
|
||||
|
||||
@ -2,33 +2,32 @@
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "CacheLog.h"
|
||||
#include <algorithm>
|
||||
#include <math.h>
|
||||
|
||||
#include "CacheEntry.h"
|
||||
#include "CacheStorageService.h"
|
||||
#include "CacheObserver.h"
|
||||
|
||||
#include "CacheFileUtils.h"
|
||||
#include "CacheIndex.h"
|
||||
|
||||
#include "CacheLog.h"
|
||||
#include "CacheObserver.h"
|
||||
#include "CacheStorageService.h"
|
||||
#include "mozilla/IntegerPrintfMacros.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/psm/TransportSecurityInfo.h"
|
||||
#include "nsComponentManagerUtils.h"
|
||||
#include "nsIAsyncOutputStream.h"
|
||||
#include "nsICacheEntryOpenCallback.h"
|
||||
#include "nsICacheStorage.h"
|
||||
#include "nsIInputStream.h"
|
||||
#include "nsIOutputStream.h"
|
||||
#include "nsISeekableStream.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsICacheEntryOpenCallback.h"
|
||||
#include "nsICacheStorage.h"
|
||||
#include "nsISerializable.h"
|
||||
#include "nsISizeOf.h"
|
||||
|
||||
#include "nsComponentManagerUtils.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsProxyRelease.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsString.h"
|
||||
#include "nsProxyRelease.h"
|
||||
#include "nsSerializationHelper.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/IntegerPrintfMacros.h"
|
||||
#include <math.h>
|
||||
#include <algorithm>
|
||||
|
||||
namespace mozilla::net {
|
||||
|
||||
@ -1343,27 +1342,22 @@ nsresult CacheEntry::GetSecurityInfo(nsITransportSecurityInfo** aSecurityInfo) {
|
||||
NS_ENSURE_SUCCESS(mFileStatus, NS_ERROR_NOT_AVAILABLE);
|
||||
|
||||
nsCString info;
|
||||
nsCOMPtr<nsISupports> secInfoSupports;
|
||||
nsresult rv;
|
||||
|
||||
rv = mFile->GetElement("security-info", getter_Copies(info));
|
||||
nsresult rv = mFile->GetElement("security-info", getter_Copies(info));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo;
|
||||
if (!info.IsVoid()) {
|
||||
rv = NS_DeserializeObject(info, getter_AddRefs(secInfoSupports));
|
||||
rv = mozilla::psm::TransportSecurityInfo::Read(
|
||||
info, getter_AddRefs(securityInfo));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsITransportSecurityInfo> secInfo =
|
||||
do_QueryInterface(secInfoSupports);
|
||||
if (!secInfo) {
|
||||
if (!securityInfo) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
{
|
||||
mozilla::MutexAutoLock lock(mLock);
|
||||
|
||||
mSecurityInfo.swap(secInfo);
|
||||
mSecurityInfo.swap(securityInfo);
|
||||
mSecurityInfoLoaded = true;
|
||||
|
||||
*aSecurityInfo = do_AddRef(mSecurityInfo).take();
|
||||
@ -1384,12 +1378,9 @@ nsresult CacheEntry::SetSecurityInfo(nsITransportSecurityInfo* aSecurityInfo) {
|
||||
mSecurityInfoLoaded = true;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsISerializable> serializable = do_QueryInterface(aSecurityInfo);
|
||||
if (aSecurityInfo && !serializable) return NS_ERROR_UNEXPECTED;
|
||||
|
||||
nsCString info;
|
||||
if (serializable) {
|
||||
rv = NS_SerializeToString(serializable, info);
|
||||
if (aSecurityInfo) {
|
||||
rv = aSecurityInfo->ToString(info);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
|
||||
@ -6,17 +6,16 @@
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
interface nsIObjectOutputStream;
|
||||
interface nsIX509Cert;
|
||||
|
||||
%{ C++
|
||||
namespace IPC {
|
||||
class MessageWriter;
|
||||
class MessageReader;
|
||||
}
|
||||
%}
|
||||
|
||||
[ptr] native IpcMessageWriterPtr(IPC::MessageWriter);
|
||||
[ptr] native IpcMessageReaderPtr(IPC::MessageReader);
|
||||
|
||||
[builtinclass, scriptable, uuid(216112d3-28bc-4671-b057-f98cc09ba1ea)]
|
||||
interface nsITransportSecurityInfo : nsISupports {
|
||||
@ -103,8 +102,12 @@ interface nsITransportSecurityInfo : nsISupports {
|
||||
[notxpcom, noscript]
|
||||
void SerializeToIPC(in IpcMessageWriterPtr aWriter);
|
||||
|
||||
[notxpcom, noscript]
|
||||
bool DeserializeFromIPC(in IpcMessageReaderPtr aReader);
|
||||
/**
|
||||
* Serializes the data represented in this interface to a base64-encoded
|
||||
* string that can be deserialized using TransportSecurityInfo::Read.
|
||||
*/
|
||||
[must_use]
|
||||
ACString toString();
|
||||
|
||||
/* negotiatedNPN is '' if no NPN list was provided by the client,
|
||||
* or if the server did not select any protocol choice from that
|
||||
|
||||
@ -3,7 +3,6 @@
|
||||
#include <numeric>
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsSerializationHelper.h"
|
||||
#include "SSLTokensCache.h"
|
||||
|
||||
static already_AddRefed<nsITransportSecurityInfo> createDummySecInfo() {
|
||||
@ -32,10 +31,9 @@ static already_AddRefed<nsITransportSecurityInfo> createDummySecInfo() {
|
||||
"HZmFBVHMcUN/87HsQo20PdOekeEvkjrrMIxW+gxw22Yb67yF/qKgwrWr+43bLN709iyw+LWiU7sQcHL2xk9SYiWQDj2tYz2soObV"
|
||||
"QYTJm0VUZMEVFhtALq46cx92Zu4vFwC8AAwAAAAABAQAA");
|
||||
// clang-format on
|
||||
nsCOMPtr<nsISupports> secInfo;
|
||||
NS_DeserializeObject(base64Serialization, getter_AddRefs(secInfo));
|
||||
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo = do_QueryInterface(secInfo);
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo;
|
||||
EXPECT_TRUE(NS_SUCCEEDED(mozilla::psm::TransportSecurityInfo::Read(
|
||||
base64Serialization, getter_AddRefs(securityInfo))));
|
||||
return securityInfo.forget();
|
||||
}
|
||||
|
||||
|
||||
@ -8,7 +8,10 @@
|
||||
|
||||
#include "PSMRunnable.h"
|
||||
#include "ipc/IPCMessageUtils.h"
|
||||
#include "mozilla/Base64.h"
|
||||
#include "mozilla/Casting.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "nsBase64Encoder.h"
|
||||
#include "nsComponentManagerUtils.h"
|
||||
#include "nsICertOverrideService.h"
|
||||
#include "nsIObjectInputStream.h"
|
||||
@ -20,8 +23,8 @@
|
||||
#include "nsNSSHelper.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsStringStream.h"
|
||||
#include "nsXULAppAPI.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "secerr.h"
|
||||
#include "ssl.h"
|
||||
|
||||
@ -64,7 +67,7 @@ TransportSecurityInfo::TransportSecurityInfo()
|
||||
mPort(0) {}
|
||||
|
||||
NS_IMPL_ISUPPORTS(TransportSecurityInfo, nsITransportSecurityInfo,
|
||||
nsIInterfaceRequestor, nsISerializable, nsIClassInfo)
|
||||
nsIInterfaceRequestor)
|
||||
|
||||
void TransportSecurityInfo::SetPreliminaryHandshakeInfo(
|
||||
const SSLChannelInfo& channelInfo, const SSLCipherSuiteInfo& cipherInfo) {
|
||||
@ -162,6 +165,15 @@ TransportSecurityInfo::GetInterface(const nsIID& uuid, void** result) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
// 16786594-0296-4471-8096-8f84497ca428
|
||||
#define TRANSPORTSECURITYINFO_CID \
|
||||
{ \
|
||||
0x16786594, 0x0296, 0x4471, { \
|
||||
0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 \
|
||||
} \
|
||||
}
|
||||
static NS_DEFINE_CID(kTransportSecurityInfoCID, TRANSPORTSECURITYINFO_CID);
|
||||
|
||||
// This is a new magic value. However, it re-uses the first 4 bytes
|
||||
// of the previous value. This is so when older versions attempt to
|
||||
// read a newer serialized TransportSecurityInfo, they will actually
|
||||
@ -177,29 +189,40 @@ static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC);
|
||||
// NB: Any updates (except disk-only fields) must be kept in sync with
|
||||
// |SerializeToIPC|.
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::Write(nsIObjectOutputStream* aStream) {
|
||||
nsresult rv = aStream->WriteID(kTransportSecurityInfoMagic);
|
||||
TransportSecurityInfo::ToString(nsACString& aResult) {
|
||||
RefPtr<nsBase64Encoder> stream(new nsBase64Encoder());
|
||||
nsCOMPtr<nsIObjectOutputStream> objStream(NS_NewObjectOutputStream(stream));
|
||||
nsresult rv = objStream->WriteID(kTransportSecurityInfoCID);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
rv = objStream->WriteID(NS_ISUPPORTS_IID);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = objStream->WriteID(kTransportSecurityInfoMagic);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
MutexAutoLock lock(mMutex);
|
||||
|
||||
rv = aStream->Write32(mSecurityState);
|
||||
rv = objStream->Write32(mSecurityState);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
// mSubRequestsBrokenSecurity was removed in bug 748809
|
||||
rv = aStream->Write32(0);
|
||||
rv = objStream->Write32(0);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
// mSubRequestsNoSecurity was removed in bug 748809
|
||||
rv = aStream->Write32(0);
|
||||
rv = objStream->Write32(0);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
rv = aStream->Write32(static_cast<uint32_t>(mErrorCode));
|
||||
rv = objStream->Write32(static_cast<uint32_t>(mErrorCode));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@ -207,99 +230,104 @@ TransportSecurityInfo::Write(nsIObjectOutputStream* aStream) {
|
||||
// Re-purpose mErrorMessageCached to represent serialization version
|
||||
// If string doesn't match exact version it will be treated as older
|
||||
// serialization.
|
||||
rv = aStream->WriteWStringZ(NS_ConvertUTF8toUTF16("9").get());
|
||||
rv = objStream->WriteWStringZ(NS_ConvertUTF8toUTF16("9").get());
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
// moved from nsISSLStatus
|
||||
rv = NS_WriteOptionalCompoundObject(aStream, mServerCert,
|
||||
rv = NS_WriteOptionalCompoundObject(objStream, mServerCert,
|
||||
NS_GET_IID(nsIX509Cert), true);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->Write16(mCipherSuite);
|
||||
rv = objStream->Write16(mCipherSuite);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->Write16(mProtocolVersion);
|
||||
rv = objStream->Write16(mProtocolVersion);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->Write32(mOverridableErrorCategory);
|
||||
rv = objStream->Write32(mOverridableErrorCategory);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = aStream->WriteBoolean(mIsEV);
|
||||
rv = objStream->WriteBoolean(mIsEV);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->WriteBoolean(mHasIsEVStatus);
|
||||
rv = objStream->WriteBoolean(mHasIsEVStatus);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = aStream->WriteBoolean(mHaveCipherSuiteAndProtocol);
|
||||
rv = objStream->WriteBoolean(mHaveCipherSuiteAndProtocol);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = aStream->WriteBoolean(mHaveCertErrorBits);
|
||||
rv = objStream->WriteBoolean(mHaveCertErrorBits);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->Write16(mCertificateTransparencyStatus);
|
||||
rv = objStream->Write16(mCertificateTransparencyStatus);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->WriteStringZ(mKeaGroup.get());
|
||||
rv = objStream->WriteStringZ(mKeaGroup.get());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->WriteStringZ(mSignatureSchemeName.get());
|
||||
rv = objStream->WriteStringZ(mSignatureSchemeName.get());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->Write16(mSucceededCertChain.Length());
|
||||
rv = objStream->Write16(mSucceededCertChain.Length());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
for (const auto& cert : mSucceededCertChain) {
|
||||
rv = aStream->WriteCompoundObject(cert, NS_GET_IID(nsIX509Cert), true);
|
||||
rv = objStream->WriteCompoundObject(cert, NS_GET_IID(nsIX509Cert), true);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
// END moved from nsISSLStatus
|
||||
rv = aStream->Write16(mFailedCertChain.Length());
|
||||
rv = objStream->Write16(mFailedCertChain.Length());
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
for (const auto& cert : mFailedCertChain) {
|
||||
rv = aStream->WriteCompoundObject(cert, NS_GET_IID(nsIX509Cert), true);
|
||||
rv = objStream->WriteCompoundObject(cert, NS_GET_IID(nsIX509Cert), true);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
rv = aStream->WriteBoolean(mIsDelegatedCredential);
|
||||
rv = objStream->WriteBoolean(mIsDelegatedCredential);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteBoolean(mNPNCompleted);
|
||||
rv = objStream->WriteBoolean(mNPNCompleted);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteStringZ(mNegotiatedNPN.get());
|
||||
rv = objStream->WriteStringZ(mNegotiatedNPN.get());
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteBoolean(mResumed);
|
||||
rv = objStream->WriteBoolean(mResumed);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteBoolean(mIsBuiltCertChainRootBuiltInRoot);
|
||||
rv = objStream->WriteBoolean(mIsBuiltCertChainRootBuiltInRoot);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteBoolean(mIsAcceptedEch);
|
||||
rv = objStream->WriteBoolean(mIsAcceptedEch);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteStringZ(mPeerId.get());
|
||||
rv = objStream->WriteStringZ(mPeerId.get());
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteBoolean(mMadeOCSPRequests);
|
||||
rv = objStream->WriteBoolean(mMadeOCSPRequests);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->WriteBoolean(mUsedPrivateDNS);
|
||||
rv = objStream->WriteBoolean(mUsedPrivateDNS);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = stream->Finish(aResult);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@ -313,9 +341,8 @@ TransportSecurityInfo::Write(nsIObjectOutputStream* aStream) {
|
||||
}
|
||||
|
||||
nsresult TransportSecurityInfo::ReadOldOverridableErrorBits(
|
||||
nsIObjectInputStream* aStream, MutexAutoLock& aProofOfLock) {
|
||||
mMutex.AssertCurrentThreadOwns();
|
||||
|
||||
nsIObjectInputStream* aStream,
|
||||
OverridableErrorCategory& aOverridableErrorCategory) {
|
||||
bool isDomainMismatch;
|
||||
nsresult rv = aStream->ReadBoolean(&isDomainMismatch);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
@ -329,16 +356,16 @@ nsresult TransportSecurityInfo::ReadOldOverridableErrorBits(
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (isUntrusted) {
|
||||
mOverridableErrorCategory =
|
||||
aOverridableErrorCategory =
|
||||
nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TRUST;
|
||||
} else if (isDomainMismatch) {
|
||||
mOverridableErrorCategory =
|
||||
aOverridableErrorCategory =
|
||||
nsITransportSecurityInfo::OverridableErrorCategory::ERROR_DOMAIN;
|
||||
} else if (isNotValidAtThisTime) {
|
||||
mOverridableErrorCategory =
|
||||
aOverridableErrorCategory =
|
||||
nsITransportSecurityInfo::OverridableErrorCategory::ERROR_TIME;
|
||||
} else {
|
||||
mOverridableErrorCategory =
|
||||
aOverridableErrorCategory =
|
||||
nsITransportSecurityInfo::OverridableErrorCategory::ERROR_UNSET;
|
||||
}
|
||||
|
||||
@ -347,10 +374,14 @@ nsresult TransportSecurityInfo::ReadOldOverridableErrorBits(
|
||||
|
||||
// This is for backward compatibility to be able to read nsISSLStatus
|
||||
// serialized object.
|
||||
nsresult TransportSecurityInfo::ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
MutexAutoLock& aProofOfLock) {
|
||||
mMutex.AssertCurrentThreadOwns();
|
||||
|
||||
nsresult TransportSecurityInfo::ReadSSLStatus(
|
||||
nsIObjectInputStream* aStream, nsCOMPtr<nsIX509Cert>& aServerCert,
|
||||
uint16_t& aCipherSuite, uint16_t& aProtocolVersion,
|
||||
OverridableErrorCategory& aOverridableErrorCategory, bool& aIsEV,
|
||||
bool& aHasIsEVStatus, bool& aHaveCipherSuiteAndProtocol,
|
||||
bool& aHaveCertErrorBits, uint16_t& aCertificateTransparencyStatus,
|
||||
nsCString& aKeaGroup, nsCString& aSignatureSchemeName,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain) {
|
||||
bool nsISSLStatusPresent;
|
||||
nsresult rv = aStream->ReadBoolean(&nsISSLStatusPresent);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
@ -385,14 +416,14 @@ nsresult TransportSecurityInfo::ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (cert) {
|
||||
mServerCert = do_QueryInterface(cert);
|
||||
if (!mServerCert) {
|
||||
aServerCert = do_QueryInterface(cert);
|
||||
if (!aServerCert) {
|
||||
CHILD_DIAGNOSTIC_ASSERT(false, "Deserialization should not fail");
|
||||
return NS_NOINTERFACE;
|
||||
}
|
||||
}
|
||||
|
||||
rv = aStream->Read16(&mCipherSuite);
|
||||
rv = aStream->Read16(&aCipherSuite);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
@ -406,29 +437,29 @@ nsresult TransportSecurityInfo::ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
rv = aStream->Read16(&protocolVersionAndStreamFormatVersion);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
mProtocolVersion = protocolVersionAndStreamFormatVersion & 0xFF;
|
||||
aProtocolVersion = protocolVersionAndStreamFormatVersion & 0xFF;
|
||||
const uint8_t streamFormatVersion =
|
||||
(protocolVersionAndStreamFormatVersion >> 8) & 0xFF;
|
||||
|
||||
rv = ReadOldOverridableErrorBits(aStream, aProofOfLock);
|
||||
rv = ReadOldOverridableErrorBits(aStream, aOverridableErrorCategory);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mIsEV);
|
||||
rv = aStream->ReadBoolean(&aIsEV);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mHasIsEVStatus);
|
||||
rv = aStream->ReadBoolean(&aHasIsEVStatus);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mHaveCipherSuiteAndProtocol);
|
||||
rv = aStream->ReadBoolean(&aHaveCipherSuiteAndProtocol);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mHaveCertErrorBits);
|
||||
rv = aStream->ReadBoolean(&aHaveCertErrorBits);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
// Added in version 1 (see bug 1305289).
|
||||
if (streamFormatVersion >= 1) {
|
||||
rv = aStream->Read16(&mCertificateTransparencyStatus);
|
||||
rv = aStream->Read16(&aCertificateTransparencyStatus);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
@ -436,12 +467,12 @@ nsresult TransportSecurityInfo::ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
|
||||
// Added in version 2 (see bug 1304923).
|
||||
if (streamFormatVersion >= 2) {
|
||||
rv = aStream->ReadCString(mKeaGroup);
|
||||
rv = aStream->ReadCString(aKeaGroup);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->ReadCString(mSignatureSchemeName);
|
||||
rv = aStream->ReadCString(aSignatureSchemeName);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
@ -449,7 +480,7 @@ nsresult TransportSecurityInfo::ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
|
||||
// Added in version 3 (see bug 1406856).
|
||||
if (streamFormatVersion >= 3) {
|
||||
rv = ReadCertList(aStream, mSucceededCertChain, aProofOfLock);
|
||||
rv = ReadCertList(aStream, aSucceededCertChain);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -458,7 +489,7 @@ nsresult TransportSecurityInfo::ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
|
||||
// Read only to consume bytes from the stream.
|
||||
nsTArray<RefPtr<nsIX509Cert>> failedCertChain;
|
||||
rv = ReadCertList(aStream, failedCertChain, aProofOfLock);
|
||||
rv = ReadCertList(aStream, failedCertChain);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -471,8 +502,7 @@ nsresult TransportSecurityInfo::ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
// This is for backward compatability to be able to read nsIX509CertList
|
||||
// serialized object.
|
||||
nsresult TransportSecurityInfo::ReadCertList(
|
||||
nsIObjectInputStream* aStream, nsTArray<RefPtr<nsIX509Cert>>& aCertList,
|
||||
MutexAutoLock& aProofOfLock) {
|
||||
nsIObjectInputStream* aStream, nsTArray<RefPtr<nsIX509Cert>>& aCertList) {
|
||||
bool nsIX509CertListPresent;
|
||||
|
||||
nsresult rv = aStream->ReadBoolean(&nsIX509CertListPresent);
|
||||
@ -508,13 +538,12 @@ nsresult TransportSecurityInfo::ReadCertList(
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
return ReadCertificatesFromStream(aStream, certListSize, aCertList,
|
||||
aProofOfLock);
|
||||
return ReadCertificatesFromStream(aStream, certListSize, aCertList);
|
||||
}
|
||||
|
||||
nsresult TransportSecurityInfo::ReadCertificatesFromStream(
|
||||
nsIObjectInputStream* aStream, uint32_t aSize,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aCertList, MutexAutoLock& aProofOfLock) {
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aCertList) {
|
||||
nsresult rv;
|
||||
for (uint32_t i = 0; i < aSize; ++i) {
|
||||
nsCOMPtr<nsISupports> support;
|
||||
@ -552,10 +581,46 @@ IntToOverridableErrorCategory(uint32_t intVal) {
|
||||
|
||||
// NB: Any updates (except disk-only fields) must be kept in sync with
|
||||
// |DeserializeFromIPC|.
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
nsresult TransportSecurityInfo::Read(const nsCString& aSerializedSecurityInfo,
|
||||
nsITransportSecurityInfo** aResult) {
|
||||
*aResult = nullptr;
|
||||
|
||||
nsCString decodedSecurityInfo;
|
||||
nsresult rv = Base64Decode(aSerializedSecurityInfo, decodedSecurityInfo);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
nsCOMPtr<nsIInputStream> inputStream;
|
||||
rv = NS_NewCStringInputStream(getter_AddRefs(inputStream),
|
||||
std::move(decodedSecurityInfo));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
nsCOMPtr<nsIObjectInputStream> objStream(
|
||||
NS_NewObjectInputStream(inputStream));
|
||||
if (!objStream) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsCID cid;
|
||||
rv = objStream->ReadID(&cid);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
if (!cid.Equals(kTransportSecurityInfoCID)) {
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
nsIID iid;
|
||||
rv = objStream->ReadID(&iid);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
if (!iid.Equals(NS_ISUPPORTS_IID)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsID id;
|
||||
nsresult rv = aStream->ReadID(&id);
|
||||
rv = objStream->ReadID(&id);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
@ -565,46 +630,47 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
|
||||
MutexAutoLock lock(mMutex);
|
||||
|
||||
rv = ReadUint32AndSetAtomicFieldHelper(aStream, mSecurityState);
|
||||
RefPtr<TransportSecurityInfo> securityInfo(new TransportSecurityInfo());
|
||||
MutexAutoLock guard(securityInfo->mMutex);
|
||||
rv = ReadUint32AndSetAtomicFieldHelper(objStream,
|
||||
securityInfo->mSecurityState);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
// mSubRequestsBrokenSecurity was removed in bug 748809
|
||||
uint32_t unusedSubRequestsBrokenSecurity;
|
||||
rv = aStream->Read32(&unusedSubRequestsBrokenSecurity);
|
||||
rv = objStream->Read32(&unusedSubRequestsBrokenSecurity);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
// mSubRequestsNoSecurity was removed in bug 748809
|
||||
uint32_t unusedSubRequestsNoSecurity;
|
||||
rv = aStream->Read32(&unusedSubRequestsNoSecurity);
|
||||
rv = objStream->Read32(&unusedSubRequestsNoSecurity);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
uint32_t errorCode;
|
||||
rv = aStream->Read32(&errorCode);
|
||||
rv = objStream->Read32(&errorCode);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
// PRErrorCode will be a negative value
|
||||
mErrorCode = static_cast<PRErrorCode>(errorCode);
|
||||
securityInfo->mErrorCode = static_cast<PRErrorCode>(errorCode);
|
||||
// If mErrorCode is non-zero, SetCanceled was called on the
|
||||
// TransportSecurityInfo that was serialized.
|
||||
if (mErrorCode != 0) {
|
||||
mCanceled = true;
|
||||
if (securityInfo->mErrorCode != 0) {
|
||||
securityInfo->mCanceled = true;
|
||||
}
|
||||
|
||||
// Re-purpose mErrorMessageCached to represent serialization version
|
||||
// If string doesn't match exact version it will be treated as older
|
||||
// serialization.
|
||||
nsAutoString serVersion;
|
||||
rv = aStream->ReadString(serVersion);
|
||||
rv = objStream->ReadString(serVersion);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv), "Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
@ -628,119 +694,140 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
// moved from nsISSLStatus
|
||||
if (serVersionParsedToInt < 1) {
|
||||
// nsISSLStatus may be present
|
||||
rv = ReadSSLStatus(aStream, lock);
|
||||
OverridableErrorCategory overridableErrorCategory;
|
||||
bool isEV;
|
||||
bool hasIsEVStatus;
|
||||
bool haveCipherSuiteAndProtocol;
|
||||
bool haveCertErrorBits;
|
||||
rv = ReadSSLStatus(
|
||||
objStream, securityInfo->mServerCert, securityInfo->mCipherSuite,
|
||||
securityInfo->mProtocolVersion, overridableErrorCategory, isEV,
|
||||
hasIsEVStatus, haveCipherSuiteAndProtocol, haveCertErrorBits,
|
||||
securityInfo->mCertificateTransparencyStatus, securityInfo->mKeaGroup,
|
||||
securityInfo->mSignatureSchemeName, securityInfo->mSucceededCertChain);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
securityInfo->mOverridableErrorCategory = overridableErrorCategory;
|
||||
securityInfo->mIsEV = isEV;
|
||||
securityInfo->mHasIsEVStatus = hasIsEVStatus;
|
||||
securityInfo->mHaveCipherSuiteAndProtocol = haveCipherSuiteAndProtocol;
|
||||
securityInfo->mHaveCertErrorBits = haveCertErrorBits;
|
||||
} else {
|
||||
nsCOMPtr<nsISupports> cert;
|
||||
rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(cert));
|
||||
rv = NS_ReadOptionalObject(objStream, true, getter_AddRefs(cert));
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (cert != nullptr) {
|
||||
mServerCert = do_QueryInterface(cert);
|
||||
if (!mServerCert) {
|
||||
securityInfo->mServerCert = do_QueryInterface(cert);
|
||||
if (!securityInfo->mServerCert) {
|
||||
CHILD_DIAGNOSTIC_ASSERT(false, "Deserialization should not fail");
|
||||
return NS_NOINTERFACE;
|
||||
}
|
||||
}
|
||||
|
||||
rv = aStream->Read16(&mCipherSuite);
|
||||
rv = objStream->Read16(&securityInfo->mCipherSuite);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->Read16(&mProtocolVersion);
|
||||
rv = objStream->Read16(&securityInfo->mProtocolVersion);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (serVersionParsedToInt < 8) {
|
||||
rv = ReadOldOverridableErrorBits(aStream, lock);
|
||||
OverridableErrorCategory overridableErrorCategory;
|
||||
rv = ReadOldOverridableErrorBits(objStream, overridableErrorCategory);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
securityInfo->mOverridableErrorCategory = overridableErrorCategory;
|
||||
} else {
|
||||
uint32_t overridableErrorCategory;
|
||||
rv = aStream->Read32(&overridableErrorCategory);
|
||||
rv = objStream->Read32(&overridableErrorCategory);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
mOverridableErrorCategory =
|
||||
securityInfo->mOverridableErrorCategory =
|
||||
IntToOverridableErrorCategory(overridableErrorCategory);
|
||||
}
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mIsEV);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(objStream, securityInfo->mIsEV);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mHasIsEVStatus);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(objStream,
|
||||
securityInfo->mHasIsEVStatus);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mHaveCipherSuiteAndProtocol);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(
|
||||
objStream, securityInfo->mHaveCipherSuiteAndProtocol);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(aStream, mHaveCertErrorBits);
|
||||
rv = ReadBoolAndSetAtomicFieldHelper(objStream,
|
||||
securityInfo->mHaveCertErrorBits);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->Read16(&mCertificateTransparencyStatus);
|
||||
rv = objStream->Read16(&securityInfo->mCertificateTransparencyStatus);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->ReadCString(mKeaGroup);
|
||||
rv = objStream->ReadCString(securityInfo->mKeaGroup);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = aStream->ReadCString(mSignatureSchemeName);
|
||||
rv = objStream->ReadCString(securityInfo->mSignatureSchemeName);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
if (serVersionParsedToInt < 3) {
|
||||
// The old data structure of certList(nsIX509CertList) presents
|
||||
rv = ReadCertList(aStream, mSucceededCertChain, lock);
|
||||
rv = ReadCertList(objStream, securityInfo->mSucceededCertChain);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
} else {
|
||||
uint16_t certCount;
|
||||
rv = aStream->Read16(&certCount);
|
||||
rv = objStream->Read16(&certCount);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = ReadCertificatesFromStream(aStream, certCount, mSucceededCertChain,
|
||||
lock);
|
||||
rv = ReadCertificatesFromStream(objStream, certCount,
|
||||
securityInfo->mSucceededCertChain);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
}
|
||||
// END moved from nsISSLStatus
|
||||
if (serVersionParsedToInt < 3) {
|
||||
// The old data structure of certList(nsIX509CertList) presents
|
||||
rv = ReadCertList(aStream, mFailedCertChain, lock);
|
||||
rv = ReadCertList(objStream, securityInfo->mFailedCertChain);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
} else {
|
||||
uint16_t certCount;
|
||||
rv = aStream->Read16(&certCount);
|
||||
rv = objStream->Read16(&certCount);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
||||
rv = ReadCertificatesFromStream(aStream, certCount, mFailedCertChain, lock);
|
||||
rv = ReadCertificatesFromStream(objStream, certCount,
|
||||
securityInfo->mFailedCertChain);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
|
||||
// mIsDelegatedCredential added in bug 1562773
|
||||
if (serVersionParsedToInt >= 2) {
|
||||
rv = aStream->ReadBoolean(&mIsDelegatedCredential);
|
||||
rv = objStream->ReadBoolean(&securityInfo->mIsDelegatedCredential);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -750,21 +837,21 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
|
||||
// mNPNCompleted, mNegotiatedNPN, mResumed added in bug 1584104
|
||||
if (serVersionParsedToInt >= 4) {
|
||||
rv = aStream->ReadBoolean(&mNPNCompleted);
|
||||
rv = objStream->ReadBoolean(&securityInfo->mNPNCompleted);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->ReadCString(mNegotiatedNPN);
|
||||
rv = objStream->ReadCString(securityInfo->mNegotiatedNPN);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->ReadBoolean(&mResumed);
|
||||
rv = objStream->ReadBoolean(&securityInfo->mResumed);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -774,7 +861,8 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
|
||||
// mIsBuiltCertChainRootBuiltInRoot added in bug 1485652
|
||||
if (serVersionParsedToInt >= 5) {
|
||||
rv = aStream->ReadBoolean(&mIsBuiltCertChainRootBuiltInRoot);
|
||||
rv =
|
||||
objStream->ReadBoolean(&securityInfo->mIsBuiltCertChainRootBuiltInRoot);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -784,7 +872,7 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
|
||||
// mIsAcceptedEch added in bug 1678079
|
||||
if (serVersionParsedToInt >= 6) {
|
||||
rv = aStream->ReadBoolean(&mIsAcceptedEch);
|
||||
rv = objStream->ReadBoolean(&securityInfo->mIsAcceptedEch);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -794,7 +882,7 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
|
||||
// mPeerId added in bug 1738664
|
||||
if (serVersionParsedToInt >= 7) {
|
||||
rv = aStream->ReadCString(mPeerId);
|
||||
rv = objStream->ReadCString(securityInfo->mPeerId);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -803,14 +891,14 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
}
|
||||
|
||||
if (serVersionParsedToInt >= 9) {
|
||||
rv = aStream->ReadBoolean(&mMadeOCSPRequests);
|
||||
rv = objStream->ReadBoolean(&securityInfo->mMadeOCSPRequests);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
rv = aStream->ReadBoolean(&mUsedPrivateDNS);
|
||||
rv = objStream->ReadBoolean(&securityInfo->mUsedPrivateDNS);
|
||||
CHILD_DIAGNOSTIC_ASSERT(NS_SUCCEEDED(rv),
|
||||
"Deserialization should not fail");
|
||||
if (NS_FAILED(rv)) {
|
||||
@ -818,6 +906,7 @@ TransportSecurityInfo::Read(nsIObjectInputStream* aStream) {
|
||||
};
|
||||
}
|
||||
|
||||
securityInfo.forget(aResult);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -854,90 +943,53 @@ void TransportSecurityInfo::SerializeToIPC(IPC::MessageWriter* aWriter) {
|
||||
WriteParam(aWriter, mUsedPrivateDNS);
|
||||
}
|
||||
|
||||
bool TransportSecurityInfo::DeserializeFromIPC(IPC::MessageReader* aReader) {
|
||||
MutexAutoLock guard(mMutex);
|
||||
bool TransportSecurityInfo::DeserializeFromIPC(
|
||||
IPC::MessageReader* aReader, RefPtr<nsITransportSecurityInfo>* aResult) {
|
||||
RefPtr<TransportSecurityInfo> securityInfo(new TransportSecurityInfo());
|
||||
MutexAutoLock guard(securityInfo->mMutex);
|
||||
|
||||
int32_t errorCode = 0;
|
||||
uint32_t overridableErrorCategory;
|
||||
|
||||
if (!ReadParamAtomicHelper(aReader, mSecurityState) ||
|
||||
!ReadParam(aReader, &errorCode) || !ReadParam(aReader, &mServerCert) ||
|
||||
!ReadParam(aReader, &mCipherSuite) ||
|
||||
!ReadParam(aReader, &mProtocolVersion) ||
|
||||
if (!ReadParamAtomicHelper(aReader, securityInfo->mSecurityState) ||
|
||||
!ReadParam(aReader, &errorCode) ||
|
||||
!ReadParam(aReader, &securityInfo->mServerCert) ||
|
||||
!ReadParam(aReader, &securityInfo->mCipherSuite) ||
|
||||
!ReadParam(aReader, &securityInfo->mProtocolVersion) ||
|
||||
!ReadParam(aReader, &overridableErrorCategory) ||
|
||||
!ReadParamAtomicHelper(aReader, mIsEV) ||
|
||||
!ReadParamAtomicHelper(aReader, mHasIsEVStatus) ||
|
||||
!ReadParamAtomicHelper(aReader, mHaveCipherSuiteAndProtocol) ||
|
||||
!ReadParamAtomicHelper(aReader, mHaveCertErrorBits) ||
|
||||
!ReadParam(aReader, &mCertificateTransparencyStatus) ||
|
||||
!ReadParam(aReader, &mKeaGroup) ||
|
||||
!ReadParam(aReader, &mSignatureSchemeName) ||
|
||||
!ReadParam(aReader, &mSucceededCertChain) ||
|
||||
!ReadParam(aReader, &mFailedCertChain) ||
|
||||
!ReadParam(aReader, &mIsDelegatedCredential) ||
|
||||
!ReadParam(aReader, &mNPNCompleted) ||
|
||||
!ReadParam(aReader, &mNegotiatedNPN) || !ReadParam(aReader, &mResumed) ||
|
||||
!ReadParam(aReader, &mIsBuiltCertChainRootBuiltInRoot) ||
|
||||
!ReadParam(aReader, &mIsAcceptedEch) || !ReadParam(aReader, &mPeerId) ||
|
||||
!ReadParam(aReader, &mMadeOCSPRequests) ||
|
||||
!ReadParam(aReader, &mUsedPrivateDNS)) {
|
||||
!ReadParamAtomicHelper(aReader, securityInfo->mIsEV) ||
|
||||
!ReadParamAtomicHelper(aReader, securityInfo->mHasIsEVStatus) ||
|
||||
!ReadParamAtomicHelper(aReader,
|
||||
securityInfo->mHaveCipherSuiteAndProtocol) ||
|
||||
!ReadParamAtomicHelper(aReader, securityInfo->mHaveCertErrorBits) ||
|
||||
!ReadParam(aReader, &securityInfo->mCertificateTransparencyStatus) ||
|
||||
!ReadParam(aReader, &securityInfo->mKeaGroup) ||
|
||||
!ReadParam(aReader, &securityInfo->mSignatureSchemeName) ||
|
||||
!ReadParam(aReader, &securityInfo->mSucceededCertChain) ||
|
||||
!ReadParam(aReader, &securityInfo->mFailedCertChain) ||
|
||||
!ReadParam(aReader, &securityInfo->mIsDelegatedCredential) ||
|
||||
!ReadParam(aReader, &securityInfo->mNPNCompleted) ||
|
||||
!ReadParam(aReader, &securityInfo->mNegotiatedNPN) ||
|
||||
!ReadParam(aReader, &securityInfo->mResumed) ||
|
||||
!ReadParam(aReader, &securityInfo->mIsBuiltCertChainRootBuiltInRoot) ||
|
||||
!ReadParam(aReader, &securityInfo->mIsAcceptedEch) ||
|
||||
!ReadParam(aReader, &securityInfo->mPeerId) ||
|
||||
!ReadParam(aReader, &securityInfo->mMadeOCSPRequests) ||
|
||||
!ReadParam(aReader, &securityInfo->mUsedPrivateDNS)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
mErrorCode = static_cast<PRErrorCode>(errorCode);
|
||||
if (mErrorCode != 0) {
|
||||
mCanceled = true;
|
||||
securityInfo->mErrorCode = static_cast<PRErrorCode>(errorCode);
|
||||
if (securityInfo->mErrorCode != 0) {
|
||||
securityInfo->mCanceled = true;
|
||||
}
|
||||
mOverridableErrorCategory =
|
||||
securityInfo->mOverridableErrorCategory =
|
||||
IntToOverridableErrorCategory(overridableErrorCategory);
|
||||
|
||||
*aResult = std::move(securityInfo);
|
||||
return true;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetInterfaces(nsTArray<nsIID>& array) {
|
||||
array.Clear();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetScriptableHelper(nsIXPCScriptable** _retval) {
|
||||
*_retval = nullptr;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetContractID(nsACString& aContractID) {
|
||||
aContractID.SetIsVoid(true);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetClassDescription(nsACString& aClassDescription) {
|
||||
aClassDescription.SetIsVoid(true);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetClassID(nsCID** aClassID) {
|
||||
*aClassID = (nsCID*)moz_xmalloc(sizeof(nsCID));
|
||||
return GetClassIDNoAlloc(*aClassID);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetFlags(uint32_t* aFlags) {
|
||||
*aFlags = 0;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
static NS_DEFINE_CID(kNSSSocketInfoCID, TRANSPORTSECURITYINFO_CID);
|
||||
|
||||
NS_IMETHODIMP
|
||||
TransportSecurityInfo::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc) {
|
||||
*aClassIDNoAlloc = kNSSSocketInfoCID;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void TransportSecurityInfo::SetStatusErrorBits(
|
||||
const nsCOMPtr<nsIX509Cert>& cert,
|
||||
OverridableErrorCategory overridableErrorCategory) {
|
||||
|
||||
@ -16,7 +16,6 @@
|
||||
#include "mozilla/RefPtr.h"
|
||||
#include "mozilla/ipc/TransportSecurityInfoUtils.h"
|
||||
#include "mozpkix/pkixtypes.h"
|
||||
#include "nsIClassInfo.h"
|
||||
#include "nsIObjectInputStream.h"
|
||||
#include "nsIInterfaceRequestor.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
@ -27,9 +26,7 @@ namespace mozilla {
|
||||
namespace psm {
|
||||
|
||||
class TransportSecurityInfo : public nsITransportSecurityInfo,
|
||||
public nsIInterfaceRequestor,
|
||||
public nsISerializable,
|
||||
public nsIClassInfo {
|
||||
public nsIInterfaceRequestor {
|
||||
protected:
|
||||
virtual ~TransportSecurityInfo() = default;
|
||||
|
||||
@ -39,8 +36,11 @@ class TransportSecurityInfo : public nsITransportSecurityInfo,
|
||||
NS_DECL_THREADSAFE_ISUPPORTS
|
||||
NS_DECL_NSITRANSPORTSECURITYINFO
|
||||
NS_DECL_NSIINTERFACEREQUESTOR
|
||||
NS_DECL_NSISERIALIZABLE
|
||||
NS_DECL_NSICLASSINFO
|
||||
|
||||
static bool DeserializeFromIPC(IPC::MessageReader* aReader,
|
||||
RefPtr<nsITransportSecurityInfo>* aResult);
|
||||
static nsresult Read(const nsCString& aSerializedSecurityInfo,
|
||||
nsITransportSecurityInfo** aResult);
|
||||
|
||||
void SetPreliminaryHandshakeInfo(const SSLChannelInfo& channelInfo,
|
||||
const SSLCipherSuiteInfo& cipherInfo);
|
||||
@ -202,31 +202,28 @@ class TransportSecurityInfo : public nsITransportSecurityInfo,
|
||||
/* Peer cert chain for failed connections (for error reporting) */
|
||||
nsTArray<RefPtr<nsIX509Cert>> mFailedCertChain MOZ_GUARDED_BY(mMutex);
|
||||
|
||||
nsresult ReadOldOverridableErrorBits(nsIObjectInputStream* aStream,
|
||||
MutexAutoLock& aProofOfLock);
|
||||
nsresult ReadSSLStatus(nsIObjectInputStream* aStream,
|
||||
MutexAutoLock& aProofOfLock);
|
||||
static nsresult ReadOldOverridableErrorBits(
|
||||
nsIObjectInputStream* aStream,
|
||||
OverridableErrorCategory& aOverridableErrorCategory);
|
||||
static nsresult ReadSSLStatus(
|
||||
nsIObjectInputStream* aStream, nsCOMPtr<nsIX509Cert>& aServerCert,
|
||||
uint16_t& aCipherSuite, uint16_t& aProtocolVersion,
|
||||
OverridableErrorCategory& aOverridableErrorCategory, bool& aIsEV,
|
||||
bool& aHasIsEVStatus, bool& aHaveCipherSuiteAndProtocol,
|
||||
bool& aHaveCertErrorBits, uint16_t& aCertificateTransparencyStatus,
|
||||
nsCString& aKeaGroup, nsCString& aSignatureSchemeName,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aSucceededCertChain);
|
||||
|
||||
// This function is used to read the binary that are serialized
|
||||
// by using nsIX509CertList
|
||||
nsresult ReadCertList(nsIObjectInputStream* aStream,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aCertList,
|
||||
MutexAutoLock& aProofOfLock);
|
||||
nsresult ReadCertificatesFromStream(nsIObjectInputStream* aStream,
|
||||
uint32_t aSize,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aCertList,
|
||||
MutexAutoLock& aProofOfLock);
|
||||
static nsresult ReadCertList(nsIObjectInputStream* aStream,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aCertList);
|
||||
static nsresult ReadCertificatesFromStream(
|
||||
nsIObjectInputStream* aStream, uint32_t aSize,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aCertList);
|
||||
};
|
||||
|
||||
} // namespace psm
|
||||
} // namespace mozilla
|
||||
|
||||
// 16786594-0296-4471-8096-8f84497ca428
|
||||
#define TRANSPORTSECURITYINFO_CID \
|
||||
{ \
|
||||
0x16786594, 0x0296, 0x4471, { \
|
||||
0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 \
|
||||
} \
|
||||
}
|
||||
|
||||
#endif // TransportSecurityInfo_h
|
||||
|
||||
@ -5,12 +5,16 @@
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "gtest/gtest.h"
|
||||
|
||||
#include "TransportSecurityInfo.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsISimpleEnumerator.h"
|
||||
#include "nsITransportSecurityInfo.h"
|
||||
#include "nsIX509Cert.h"
|
||||
#include "nsSerializationHelper.h"
|
||||
#include "nsString.h"
|
||||
#include "mozilla/Maybe.h"
|
||||
|
||||
using namespace mozilla;
|
||||
using namespace mozilla::psm;
|
||||
|
||||
// nsITransportSecurityInfo de-serializatin tests
|
||||
//
|
||||
@ -28,15 +32,12 @@
|
||||
// We would like to move away from this binary compatibility requirement
|
||||
// in service workers. See bug 1248628.
|
||||
void deserializeAndVerify(const nsCString& serializedSecInfo,
|
||||
bool hasFailedCertChain,
|
||||
size_t failedCertChainLength = 0) {
|
||||
nsCOMPtr<nsISupports> secInfo;
|
||||
nsresult rv =
|
||||
NS_DeserializeObject(serializedSecInfo, getter_AddRefs(secInfo));
|
||||
Maybe<size_t> failedCertChainLength = Nothing(),
|
||||
Maybe<size_t> succeededCertChainLength = Nothing()) {
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo;
|
||||
nsresult rv = TransportSecurityInfo::Read(serializedSecInfo,
|
||||
getter_AddRefs(securityInfo));
|
||||
ASSERT_EQ(NS_OK, rv);
|
||||
ASSERT_TRUE(secInfo);
|
||||
|
||||
nsCOMPtr<nsITransportSecurityInfo> securityInfo = do_QueryInterface(secInfo);
|
||||
ASSERT_TRUE(securityInfo);
|
||||
|
||||
nsCOMPtr<nsIX509Cert> cert;
|
||||
@ -48,15 +49,29 @@ void deserializeAndVerify(const nsCString& serializedSecInfo,
|
||||
rv = securityInfo->GetFailedCertChain(failedCertArray);
|
||||
ASSERT_EQ(NS_OK, rv);
|
||||
|
||||
if (hasFailedCertChain) {
|
||||
if (failedCertChainLength) {
|
||||
ASSERT_FALSE(failedCertArray.IsEmpty());
|
||||
for (const auto& cert : failedCertArray) {
|
||||
ASSERT_TRUE(cert);
|
||||
}
|
||||
ASSERT_EQ(failedCertChainLength, failedCertArray.Length());
|
||||
ASSERT_EQ(*failedCertChainLength, failedCertArray.Length());
|
||||
} else {
|
||||
ASSERT_TRUE(failedCertArray.IsEmpty());
|
||||
}
|
||||
|
||||
nsTArray<RefPtr<nsIX509Cert>> succeededCertArray;
|
||||
rv = securityInfo->GetSucceededCertChain(succeededCertArray);
|
||||
ASSERT_EQ(NS_OK, rv);
|
||||
|
||||
if (succeededCertChainLength) {
|
||||
ASSERT_FALSE(succeededCertArray.IsEmpty());
|
||||
for (const auto& cert : succeededCertArray) {
|
||||
ASSERT_TRUE(cert);
|
||||
}
|
||||
ASSERT_EQ(*succeededCertChainLength, succeededCertArray.Length());
|
||||
} else {
|
||||
ASSERT_TRUE(succeededCertArray.IsEmpty());
|
||||
}
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, gecko33)
|
||||
@ -91,7 +106,7 @@ TEST(psm_DeserializeCert, gecko33)
|
||||
"QYTJm0VUZMEVFhtALq46cx92Zu4vFwC8AAwAAAAABAQAA");
|
||||
// clang-format on
|
||||
|
||||
deserializeAndVerify(base64Serialization, false);
|
||||
deserializeAndVerify(base64Serialization);
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, gecko46)
|
||||
@ -126,7 +141,7 @@ TEST(psm_DeserializeCert, gecko46)
|
||||
"idlvOj/7QyyX5m8up/1US8z1fRW4yoCSOt6V2bwuH6cAvAAMAAAAAAQEAAA==");
|
||||
// clang-format on
|
||||
|
||||
deserializeAndVerify(base64Serialization, false);
|
||||
deserializeAndVerify(base64Serialization);
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, preSSLStatusConsolidation)
|
||||
@ -175,7 +190,7 @@ TEST(psm_DeserializeCert, preSSLStatusConsolidation)
|
||||
"bEw7P6+V9zz5cAzaaq7EB0mCE+jJckSzSETBN+7lyVD8gwmHYxxZfPnUM/yvPbMU9L3xWD/z6HHwO6r+9m7BT+2pHjBCAAA=");
|
||||
// clang-format on
|
||||
|
||||
deserializeAndVerify(base64Serialization, false);
|
||||
deserializeAndVerify(base64Serialization, Nothing(), Some(2));
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, preSSLStatusConsolidationFailedCertChain)
|
||||
@ -243,5 +258,250 @@ TEST(psm_DeserializeCert, preSSLStatusConsolidationFailedCertChain)
|
||||
"E+jJckSzSETBN+7lyVD8gwmHYxxZfPnUM/yvPbMU9L3xWD/z6HHwO6r+9m7BT+2pHjBC");
|
||||
// clang-format on
|
||||
|
||||
deserializeAndVerify(base64Serialization, true, 2);
|
||||
deserializeAndVerify(base64Serialization, Some(2));
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, preNsIX509CertListReplacement)
|
||||
{
|
||||
// This was the serialized output of test
|
||||
// "good.include-subdomains.pinning.example.com" // in
|
||||
// security/manager/ssl/tests/unit/test_cert_chains.js The serialized output
|
||||
// was generated before we replace nsIX509CertList with Array<nsIX509Cert>, so
|
||||
// it had the old version of transportSecurityInfo.
|
||||
nsCString base64Serialization(
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgA"
|
||||
"AAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
|
||||
"AAAAONMIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQELB"
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAwMjA1MDAw"
|
||||
"MDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4I"
|
||||
"BDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZ"
|
||||
"wGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tF"
|
||||
"YIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n"
|
||||
"FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN"
|
||||
"7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe"
|
||||
"2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tg"
|
||||
"hUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu"
|
||||
"ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20"
|
||||
"wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA"
|
||||
"0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvlaobK2YRb4OGMxySIKuQ80N0X"
|
||||
"lO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0swx/+oUxCfLb0VIl/kdUqLkbGY"
|
||||
"rAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j3rXoimcdo6X3TK1SN2/64fGM"
|
||||
"yG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t/UgqDsnTWq5wUc5IJKwoHT41"
|
||||
"sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16I"
|
||||
"jWEukvJuU1WwC8AAwAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYBlZ+x"
|
||||
"ZWUXSH+rm9iRO+Uxl650zaXNL0c/lvXwt//2LGgAAAACZgoyJpFcT/u7IImFpjLfBb3Dl5p"
|
||||
"UIkzVhYlpa26W6oMAAAAAAAADjTCCA4kwggJxoAMCAQICFA1KP/RtK8+3yYlk8NIWOkyMj0"
|
||||
"UiMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzExMjcwMDAwM"
|
||||
"DBaGA8yMDIwMDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjAN"
|
||||
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz"
|
||||
"1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4IC"
|
||||
"mTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXk"
|
||||
"D3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK"
|
||||
"9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP"
|
||||
"+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHHMIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdI"
|
||||
"INKi5leGFtcGxlLmNvbYIVKi5waW5uaW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZ"
|
||||
"G9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5u"
|
||||
"aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x"
|
||||
"vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEApILjYTMlQmIcmF3xNtsDb5WqGy"
|
||||
"tmEW+DhjMckiCrkPNDdF5TvsaSyU7PWMxVWNfiUxzXs9UH8D/SiXmc5081cy4eLL9LMMf/q"
|
||||
"FMQny29FSJf5HVKi5GxmKwJrY3jimS2qlbUR9AZ5mz6MC2pNaYup0GDlPmi/UDrr0/49616"
|
||||
"IpnHaOl90ytUjdv+uHxjMhv6cGrPiV3oW0XlH+J9XsJPOAA7W/nsPLUQCn/7scylI+bf1IK"
|
||||
"g7J01qucFHOSCSsKB0+NbEJzaj4NdsePlhlogLFgqUf4SmBxRq+62+CUxhDwCaVnL/VrWWA"
|
||||
"L8E+/GtsaR6eVzYJY9eiI1hLpLyblNVmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtul"
|
||||
"uqDAAAAAAAAAtcwggLTMIIBu6ADAgECAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG"
|
||||
"9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDA"
|
||||
"yMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw"
|
||||
"AwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm"
|
||||
"24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP"
|
||||
"8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFth"
|
||||
"Vt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7Ly"
|
||||
"JvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NA"
|
||||
"gMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB"
|
||||
"AQAgyCfLAcVs/MkERxunH9pZA4ja1QWWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR"
|
||||
"3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmL"
|
||||
"NeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8Oal"
|
||||
"QICt0M0wx29B6HNof3px2NxKyC6qlf01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+S"
|
||||
"Xo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB96muQQ2M3WDiMz5ZLI3oMLu8KSPsAA==");
|
||||
|
||||
deserializeAndVerify(base64Serialization, Nothing(), Some(2));
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, preNsIX509CertListReplacementV2)
|
||||
{
|
||||
// Same as the above test, however, this is the v2 version of the
|
||||
// serialization.
|
||||
nsCString base64Serialization(
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgA"
|
||||
"AAAAAAAAAAAAAAAAAAAEAMgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
|
||||
"AAAAONMIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQELB"
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAwMjA1MDAw"
|
||||
"MDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4I"
|
||||
"BDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZ"
|
||||
"wGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tF"
|
||||
"YIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n"
|
||||
"FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN"
|
||||
"7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe"
|
||||
"2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tg"
|
||||
"hUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu"
|
||||
"ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20"
|
||||
"wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA"
|
||||
"0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvlaobK2YRb4OGMxySIKuQ80N0X"
|
||||
"lO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0swx/+oUxCfLb0VIl/kdUqLkbGY"
|
||||
"rAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j3rXoimcdo6X3TK1SN2/64fGM"
|
||||
"yG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t/UgqDsnTWq5wUc5IJKwoHT41"
|
||||
"sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16I"
|
||||
"jWEukvJuU1WEwEABAAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYBlZ+x"
|
||||
"ZWUXSH+rm9iRO+Uxl650zaXNL0c/lvXwt//2LGgAAAACZgoyJpFcT/u7IImFpjLfBb3Dl5p"
|
||||
"UIkzVhYlpa26W6oMAAAAAAAADjTCCA4kwggJxoAMCAQICFA1KP/RtK8+3yYlk8NIWOkyMj0"
|
||||
"UiMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzExMjcwMDAwM"
|
||||
"DBaGA8yMDIwMDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjAN"
|
||||
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz"
|
||||
"1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4IC"
|
||||
"mTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXk"
|
||||
"D3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK"
|
||||
"9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP"
|
||||
"+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHHMIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdI"
|
||||
"INKi5leGFtcGxlLmNvbYIVKi5waW5uaW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZ"
|
||||
"G9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5u"
|
||||
"aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x"
|
||||
"vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEApILjYTMlQmIcmF3xNtsDb5WqGy"
|
||||
"tmEW+DhjMckiCrkPNDdF5TvsaSyU7PWMxVWNfiUxzXs9UH8D/SiXmc5081cy4eLL9LMMf/q"
|
||||
"FMQny29FSJf5HVKi5GxmKwJrY3jimS2qlbUR9AZ5mz6MC2pNaYup0GDlPmi/UDrr0/49616"
|
||||
"IpnHaOl90ytUjdv+uHxjMhv6cGrPiV3oW0XlH+J9XsJPOAA7W/nsPLUQCn/7scylI+bf1IK"
|
||||
"g7J01qucFHOSCSsKB0+NbEJzaj4NdsePlhlogLFgqUf4SmBxRq+62+CUxhDwCaVnL/VrWWA"
|
||||
"L8E+/GtsaR6eVzYJY9eiI1hLpLyblNVmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtul"
|
||||
"uqDAAAAAAAAAtcwggLTMIIBu6ADAgECAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG"
|
||||
"9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDA"
|
||||
"yMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw"
|
||||
"AwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm"
|
||||
"24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP"
|
||||
"8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFth"
|
||||
"Vt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7Ly"
|
||||
"JvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NA"
|
||||
"gMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB"
|
||||
"AQAgyCfLAcVs/MkERxunH9pZA4ja1QWWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR"
|
||||
"3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmL"
|
||||
"NeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8Oal"
|
||||
"QICt0M0wx29B6HNof3px2NxKyC6qlf01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+S"
|
||||
"Xo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB96muQQ2M3WDiMz5ZLI3oMLu8KSPsAAA=");
|
||||
|
||||
deserializeAndVerify(base64Serialization, Nothing(), Some(2));
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, preNsIX509CertListReplacementWithFailedChain)
|
||||
{
|
||||
// This was the serialized output of test "expired.example.com"
|
||||
// in security/manager/ssl/tests/unit/test_cert_chains.js
|
||||
// The serialized output was generated before we replace nsIX509CertList with
|
||||
// Array<nsIX509Cert>, so it had the old version of transportSecurityInfo.
|
||||
nsCString base64Serialization(
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAABAA"
|
||||
"AAAAAAAAA///gCwAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
|
||||
"AAAAMgMIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQELB"
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQwMTAxMDAw"
|
||||
"MDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvc"
|
||||
"NAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wc"
|
||||
"clqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk2"
|
||||
"7lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI"
|
||||
"H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wn"
|
||||
"vuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxD"
|
||||
"HVA6zaGAo17Y0CAwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyB"
|
||||
"ggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ"
|
||||
"KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzfT+ow5WV"
|
||||
"sxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5hmu/81rkJLmZ8RQ"
|
||||
"DWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3L9zJ2JqNc60+hB8l297Za"
|
||||
"Sl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74VkQyNobaFzDZ+Zr3QmfbejEsY2EYn"
|
||||
"q8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZgBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFw"
|
||||
"WwtnoK7IAAAAAAAEAAAEAAQAAAAAAAAAAAAAAAZWfsWVlF0h/q5vYkTvlMZeudM2lzS9HP5"
|
||||
"b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwg"
|
||||
"gMcMIICBKADAgECAhRj0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAw"
|
||||
"DgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAwMDAwWhgPMjAxNDAxMDEwMDAwMDBaMCI"
|
||||
"xIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAA"
|
||||
"OCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngfv"
|
||||
"bGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO"
|
||||
"7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEP"
|
||||
"vJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naO"
|
||||
"Gzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYC"
|
||||
"jXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUF"
|
||||
"BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0"
|
||||
"BAQsFAAOCAQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF"
|
||||
"0DjclopP2B8yxuc/WqIjbN6XdT4XsgAw7UISvkVV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrK"
|
||||
"f/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb3tlpKXSdsp99"
|
||||
"vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag"
|
||||
"7gO5iubzT+npsw7qVoHRS/lbq5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsm"
|
||||
"YKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAtcwggLTMIIBu6ADAgECA"
|
||||
"hQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0"
|
||||
"IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1R"
|
||||
"lc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBj"
|
||||
"YQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJ"
|
||||
"JwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw"
|
||||
"JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7f"
|
||||
"ilhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL"
|
||||
"8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wC"
|
||||
"wYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1QWW"
|
||||
"jsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv6"
|
||||
"3dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ4"
|
||||
"69RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf01"
|
||||
"wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB"
|
||||
"96muQQ2M3WDiMz5ZLI3oMLu8KSPs");
|
||||
|
||||
deserializeAndVerify(base64Serialization, Some(2));
|
||||
}
|
||||
|
||||
TEST(psm_DeserializeCert, preNsIX509CertListReplacementWithFailedChainV2)
|
||||
{
|
||||
// Same as the above test, however, this is the v2 version of the
|
||||
// serialization.
|
||||
nsCString base64Serialization(
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAABAA"
|
||||
"AAAAAAAAA///gCwAAAAEAMgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA"
|
||||
"AAAAMgMIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQELB"
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQwMTAxMDAw"
|
||||
"MDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvc"
|
||||
"NAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wc"
|
||||
"clqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk2"
|
||||
"7lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI"
|
||||
"H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wn"
|
||||
"vuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxD"
|
||||
"HVA6zaGAo17Y0CAwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyB"
|
||||
"ggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ"
|
||||
"KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzfT+ow5WV"
|
||||
"sxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5hmu/81rkJLmZ8RQ"
|
||||
"DWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3L9zJ2JqNc60+hB8l297Za"
|
||||
"Sl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74VkQyNobaFzDZ+Zr3QmfbejEsY2EYn"
|
||||
"q8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZgBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFw"
|
||||
"WwtnoK7IAAAAAAAEAAAEAAQAAAAAAAAAAAAAAAZWfsWVlF0h/q5vYkTvlMZeudM2lzS9HP5"
|
||||
"b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwg"
|
||||
"gMcMIICBKADAgECAhRj0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAw"
|
||||
"DgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAwMDAwWhgPMjAxNDAxMDEwMDAwMDBaMCI"
|
||||
"xIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAA"
|
||||
"OCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngfv"
|
||||
"bGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO"
|
||||
"7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEP"
|
||||
"vJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naO"
|
||||
"Gzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYC"
|
||||
"jXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUF"
|
||||
"BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0"
|
||||
"BAQsFAAOCAQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF"
|
||||
"0DjclopP2B8yxuc/WqIjbN6XdT4XsgAw7UISvkVV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrK"
|
||||
"f/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb3tlpKXSdsp99"
|
||||
"vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag"
|
||||
"7gO5iubzT+npsw7qVoHRS/lbq5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsm"
|
||||
"YKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAtcwggLTMIIBu6ADAgECA"
|
||||
"hQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0"
|
||||
"IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1R"
|
||||
"lc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBj"
|
||||
"YQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJ"
|
||||
"JwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw"
|
||||
"JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7f"
|
||||
"ilhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL"
|
||||
"8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wC"
|
||||
"wYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1QWW"
|
||||
"jsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv6"
|
||||
"3dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ4"
|
||||
"69RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf01"
|
||||
"wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB"
|
||||
"96muQQ2M3WDiMz5ZLI3oMLu8KSPsAA==");
|
||||
|
||||
deserializeAndVerify(base64Serialization, Some(2));
|
||||
}
|
||||
|
||||
@ -31,26 +31,6 @@ v0swx/+oUxCfLb0VIl/kdUqLkbGYrAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU
|
||||
/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16IjWEukvJuU1W
|
||||
-----END CERTIFICATE-----`;
|
||||
|
||||
const gExpiredEEPEM = `-----BEGIN CERTIFICATE-----
|
||||
MIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQEL
|
||||
BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQw
|
||||
MTAxMDAwMDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCC
|
||||
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
|
||||
PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
|
||||
HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
|
||||
Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
|
||||
EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
|
||||
lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
|
||||
AwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyBggrBgEF
|
||||
BQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ
|
||||
KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzf
|
||||
T+ow5WVsxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5h
|
||||
mu/81rkJLmZ8RQDWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3
|
||||
L9zJ2JqNc60+hB8l297ZaSl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74V
|
||||
kQyNobaFzDZ+Zr3QmfbejEsY2EYnq8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZ
|
||||
gBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFwWwtnoK7I=
|
||||
-----END CERTIFICATE-----`;
|
||||
|
||||
const gTestCAPEM = `-----BEGIN CERTIFICATE-----
|
||||
MIIC0zCCAbugAwIBAgIUKaFwIwCwHXUgKRuOhAX4pjYsmbgwDQYJKoZIhvcNAQEL
|
||||
BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAw
|
||||
@ -315,344 +295,6 @@ function test_cert_pkcs7_empty_array() {
|
||||
);
|
||||
}
|
||||
|
||||
function test_security_info_serialization(securityInfo, expectedErrorCode) {
|
||||
// Serialize the securityInfo to a string
|
||||
let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
|
||||
Ci.nsISerializationHelper
|
||||
);
|
||||
let serialized = serHelper.serializeToString(securityInfo);
|
||||
|
||||
// Deserialize from the string and compare to the original object
|
||||
let deserialized = serHelper.deserializeObject(serialized);
|
||||
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
equal(
|
||||
securityInfo.securityState,
|
||||
deserialized.securityState,
|
||||
"Original and deserialized security state should match"
|
||||
);
|
||||
equal(
|
||||
securityInfo.errorMessage,
|
||||
deserialized.errorMessage,
|
||||
"Original and deserialized error message should match"
|
||||
);
|
||||
equal(
|
||||
securityInfo.errorCode,
|
||||
expectedErrorCode,
|
||||
"Original and expected error code should match"
|
||||
);
|
||||
equal(
|
||||
deserialized.errorCode,
|
||||
expectedErrorCode,
|
||||
"Deserialized and expected error code should match"
|
||||
);
|
||||
}
|
||||
|
||||
// In Bug 1580315, nsNSSCertList/nsIX509CertList was replaced by
|
||||
// Array<nsIX509Cert>, so the serialization of the certList changed. This
|
||||
// test is used to make sure we can still deserialize the transportSecurityInfo
|
||||
// binary string which has the old certList binary.
|
||||
function test_old_succeeded_certlist_deseralization_v1() {
|
||||
// This was the serialized output of test "good.include-subdomains.pinning.example.com"
|
||||
// in security/manager/ssl/tests/unit/test_cert_chains.js
|
||||
// The serialized output was generated before we replace nsIX509CertList with
|
||||
// Array<nsIX509Cert>, so it had the old version of transportSecurityInfo.
|
||||
const serialized =
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgA" +
|
||||
"AAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA" +
|
||||
"AAAAONMIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQELB" +
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAwMjA1MDAw" +
|
||||
"MDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4I" +
|
||||
"BDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZ" +
|
||||
"wGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tF" +
|
||||
"YIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n" +
|
||||
"FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN" +
|
||||
"7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe" +
|
||||
"2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tg" +
|
||||
"hUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu" +
|
||||
"ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20" +
|
||||
"wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA" +
|
||||
"0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvlaobK2YRb4OGMxySIKuQ80N0X" +
|
||||
"lO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0swx/+oUxCfLb0VIl/kdUqLkbGY" +
|
||||
"rAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j3rXoimcdo6X3TK1SN2/64fGM" +
|
||||
"yG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t/UgqDsnTWq5wUc5IJKwoHT41" +
|
||||
"sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16I" +
|
||||
"jWEukvJuU1WwC8AAwAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYBlZ+x" +
|
||||
"ZWUXSH+rm9iRO+Uxl650zaXNL0c/lvXwt//2LGgAAAACZgoyJpFcT/u7IImFpjLfBb3Dl5p" +
|
||||
"UIkzVhYlpa26W6oMAAAAAAAADjTCCA4kwggJxoAMCAQICFA1KP/RtK8+3yYlk8NIWOkyMj0" +
|
||||
"UiMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzExMjcwMDAwM" +
|
||||
"DBaGA8yMDIwMDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjAN" +
|
||||
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz" +
|
||||
"1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4IC" +
|
||||
"mTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXk" +
|
||||
"D3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK" +
|
||||
"9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP" +
|
||||
"+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHHMIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdI" +
|
||||
"INKi5leGFtcGxlLmNvbYIVKi5waW5uaW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZ" +
|
||||
"G9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5u" +
|
||||
"aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x" +
|
||||
"vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEApILjYTMlQmIcmF3xNtsDb5WqGy" +
|
||||
"tmEW+DhjMckiCrkPNDdF5TvsaSyU7PWMxVWNfiUxzXs9UH8D/SiXmc5081cy4eLL9LMMf/q" +
|
||||
"FMQny29FSJf5HVKi5GxmKwJrY3jimS2qlbUR9AZ5mz6MC2pNaYup0GDlPmi/UDrr0/49616" +
|
||||
"IpnHaOl90ytUjdv+uHxjMhv6cGrPiV3oW0XlH+J9XsJPOAA7W/nsPLUQCn/7scylI+bf1IK" +
|
||||
"g7J01qucFHOSCSsKB0+NbEJzaj4NdsePlhlogLFgqUf4SmBxRq+62+CUxhDwCaVnL/VrWWA" +
|
||||
"L8E+/GtsaR6eVzYJY9eiI1hLpLyblNVmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtul" +
|
||||
"uqDAAAAAAAAAtcwggLTMIIBu6ADAgECAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG" +
|
||||
"9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDA" +
|
||||
"yMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw" +
|
||||
"AwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm" +
|
||||
"24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP" +
|
||||
"8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFth" +
|
||||
"Vt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7Ly" +
|
||||
"JvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NA" +
|
||||
"gMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB" +
|
||||
"AQAgyCfLAcVs/MkERxunH9pZA4ja1QWWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR" +
|
||||
"3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmL" +
|
||||
"NeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8Oal" +
|
||||
"QICt0M0wx29B6HNof3px2NxKyC6qlf01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+S" +
|
||||
"Xo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB96muQQ2M3WDiMz5ZLI3oMLu8KSPsAA==";
|
||||
|
||||
let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
|
||||
Ci.nsISerializationHelper
|
||||
);
|
||||
// deserialize from the string and compare to the original object
|
||||
let deserialized = serHelper.deserializeObject(serialized);
|
||||
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
|
||||
equal(
|
||||
deserialized.failedCertChain.length,
|
||||
0,
|
||||
"failedCertChain for a successful connection should be empty"
|
||||
);
|
||||
let certChain = build_cert_list_from_pem_list([gDefaultEEPEM, gTestCAPEM]);
|
||||
ok(
|
||||
areCertArraysEqual(certChain, deserialized.succeededCertChain),
|
||||
"succeededCertChain should be deserialized correctly"
|
||||
);
|
||||
}
|
||||
|
||||
// Same as the above test, however, this is the v2 version of the
|
||||
// serialization.
|
||||
function test_old_succeeded_certlist_deseralization_v2() {
|
||||
const serialized =
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgA" +
|
||||
"AAAAAAAAAAAAAAAAAAAEAMgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA" +
|
||||
"AAAAONMIIDiTCCAnGgAwIBAgIUDUo/9G0rz7fJiWTw0hY6TIyPRSIwDQYJKoZIhvcNAQELB" +
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDE3MTEyNzAwMDAwMFoYDzIwMjAwMjA1MDAw" +
|
||||
"MDAwWjAaMRgwFgYDVQQDDA9UZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4I" +
|
||||
"BDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZ" +
|
||||
"wGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tF" +
|
||||
"YIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n" +
|
||||
"FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN" +
|
||||
"7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe" +
|
||||
"2NAgMBAAGjgcowgccwgZAGA1UdEQSBiDCBhYIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tg" +
|
||||
"hUqLnBpbm5pbmcuZXhhbXBsZS5jb22CKCouaW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcu" +
|
||||
"ZXhhbXBsZS5jb22CKCouZXhjbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb20" +
|
||||
"wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMA" +
|
||||
"0GCSqGSIb3DQEBCwUAA4IBAQCkguNhMyVCYhyYXfE22wNvlaobK2YRb4OGMxySIKuQ80N0X" +
|
||||
"lO+xpLJTs9YzFVY1+JTHNez1QfwP9KJeZznTzVzLh4sv0swx/+oUxCfLb0VIl/kdUqLkbGY" +
|
||||
"rAmtjeOKZLaqVtRH0BnmbPowLak1pi6nQYOU+aL9QOuvT/j3rXoimcdo6X3TK1SN2/64fGM" +
|
||||
"yG/pwas+JXehbReUf4n1ewk84ADtb+ew8tRAKf/uxzKUj5t/UgqDsnTWq5wUc5IJKwoHT41" +
|
||||
"sQnNqPg12x4+WGWiAsWCpR/hKYHFGr7rb4JTGEPAJpWcv9WtZYAvwT78a2xpHp5XNglj16I" +
|
||||
"jWEukvJuU1WEwEABAAAAAABAQAAAAAAAAZ4MjU1MTkAAAAOUlNBLVBTUy1TSEEyNTYBlZ+x" +
|
||||
"ZWUXSH+rm9iRO+Uxl650zaXNL0c/lvXwt//2LGgAAAACZgoyJpFcT/u7IImFpjLfBb3Dl5p" +
|
||||
"UIkzVhYlpa26W6oMAAAAAAAADjTCCA4kwggJxoAMCAQICFA1KP/RtK8+3yYlk8NIWOkyMj0" +
|
||||
"UiMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNzExMjcwMDAwM" +
|
||||
"DBaGA8yMDIwMDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjAN" +
|
||||
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz" +
|
||||
"1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4IC" +
|
||||
"mTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXk" +
|
||||
"D3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK" +
|
||||
"9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP" +
|
||||
"+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHHMIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdI" +
|
||||
"INKi5leGFtcGxlLmNvbYIVKi5waW5uaW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZ" +
|
||||
"G9tYWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5u" +
|
||||
"aW5nLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2x" +
|
||||
"vY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0BAQsFAAOCAQEApILjYTMlQmIcmF3xNtsDb5WqGy" +
|
||||
"tmEW+DhjMckiCrkPNDdF5TvsaSyU7PWMxVWNfiUxzXs9UH8D/SiXmc5081cy4eLL9LMMf/q" +
|
||||
"FMQny29FSJf5HVKi5GxmKwJrY3jimS2qlbUR9AZ5mz6MC2pNaYup0GDlPmi/UDrr0/49616" +
|
||||
"IpnHaOl90ytUjdv+uHxjMhv6cGrPiV3oW0XlH+J9XsJPOAA7W/nsPLUQCn/7scylI+bf1IK" +
|
||||
"g7J01qucFHOSCSsKB0+NbEJzaj4NdsePlhlogLFgqUf4SmBxRq+62+CUxhDwCaVnL/VrWWA" +
|
||||
"L8E+/GtsaR6eVzYJY9eiI1hLpLyblNVmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtul" +
|
||||
"uqDAAAAAAAAAtcwggLTMIIBu6ADAgECAhQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG" +
|
||||
"9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDA" +
|
||||
"yMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDw" +
|
||||
"AwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm" +
|
||||
"24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP" +
|
||||
"8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFth" +
|
||||
"Vt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7Ly" +
|
||||
"JvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NA" +
|
||||
"gMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IB" +
|
||||
"AQAgyCfLAcVs/MkERxunH9pZA4ja1QWWjsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR" +
|
||||
"3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv63dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmL" +
|
||||
"NeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ469RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8Oal" +
|
||||
"QICt0M0wx29B6HNof3px2NxKyC6qlf01wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+S" +
|
||||
"Xo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB96muQQ2M3WDiMz5ZLI3oMLu8KSPsAAA=";
|
||||
|
||||
let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
|
||||
Ci.nsISerializationHelper
|
||||
);
|
||||
// deserialize from the string and compare to the original object
|
||||
let deserialized = serHelper.deserializeObject(serialized);
|
||||
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
|
||||
equal(
|
||||
deserialized.failedCertChain.length,
|
||||
[],
|
||||
"failedCertChain for a successful connection should be empty"
|
||||
);
|
||||
let certChain = build_cert_list_from_pem_list([gDefaultEEPEM, gTestCAPEM]);
|
||||
ok(
|
||||
areCertArraysEqual(certChain, deserialized.succeededCertChain),
|
||||
"succeededCertChain should be deserialized correctly"
|
||||
);
|
||||
}
|
||||
|
||||
// In Bug 1580315, nsNSSCertList/nsIX509CertList was replaced by
|
||||
// Array<nsIX509Cert>, so the serialization of the certList changed. This
|
||||
// test is used to make sure we can still deserialize the TransportSecurityInfo
|
||||
// binary string which has the old certList binary.
|
||||
function test_old_failed_certlist_deseralization_v1() {
|
||||
// This was the serialized output of test "expired.example.com"
|
||||
// in security/manager/ssl/tests/unit/test_cert_chains.js
|
||||
// The serialized output was generated before we replace nsIX509CertList with
|
||||
// Array<nsIX509Cert>, so it had the old version of transportSecurityInfo.
|
||||
const serialized =
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAABAA" +
|
||||
"AAAAAAAAA///gCwAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA" +
|
||||
"AAAAMgMIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQELB" +
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQwMTAxMDAw" +
|
||||
"MDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvc" +
|
||||
"NAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wc" +
|
||||
"clqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk2" +
|
||||
"7lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI" +
|
||||
"H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wn" +
|
||||
"vuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxD" +
|
||||
"HVA6zaGAo17Y0CAwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyB" +
|
||||
"ggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ" +
|
||||
"KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzfT+ow5WV" +
|
||||
"sxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5hmu/81rkJLmZ8RQ" +
|
||||
"DWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3L9zJ2JqNc60+hB8l297Za" +
|
||||
"Sl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74VkQyNobaFzDZ+Zr3QmfbejEsY2EYn" +
|
||||
"q8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZgBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFw" +
|
||||
"WwtnoK7IAAAAAAAEAAAEAAQAAAAAAAAAAAAAAAZWfsWVlF0h/q5vYkTvlMZeudM2lzS9HP5" +
|
||||
"b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwg" +
|
||||
"gMcMIICBKADAgECAhRj0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAw" +
|
||||
"DgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAwMDAwWhgPMjAxNDAxMDEwMDAwMDBaMCI" +
|
||||
"xIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAA" +
|
||||
"OCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngfv" +
|
||||
"bGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO" +
|
||||
"7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEP" +
|
||||
"vJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naO" +
|
||||
"Gzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYC" +
|
||||
"jXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUF" +
|
||||
"BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0" +
|
||||
"BAQsFAAOCAQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF" +
|
||||
"0DjclopP2B8yxuc/WqIjbN6XdT4XsgAw7UISvkVV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrK" +
|
||||
"f/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb3tlpKXSdsp99" +
|
||||
"vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag" +
|
||||
"7gO5iubzT+npsw7qVoHRS/lbq5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsm" +
|
||||
"YKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAtcwggLTMIIBu6ADAgECA" +
|
||||
"hQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0" +
|
||||
"IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1R" +
|
||||
"lc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBj" +
|
||||
"YQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJ" +
|
||||
"JwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw" +
|
||||
"JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7f" +
|
||||
"ilhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL" +
|
||||
"8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wC" +
|
||||
"wYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1QWW" +
|
||||
"jsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv6" +
|
||||
"3dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ4" +
|
||||
"69RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf01" +
|
||||
"wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB" +
|
||||
"96muQQ2M3WDiMz5ZLI3oMLu8KSPs";
|
||||
|
||||
let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
|
||||
Ci.nsISerializationHelper
|
||||
);
|
||||
// Deserialize from the string and compare to the original object
|
||||
let deserialized = serHelper.deserializeObject(serialized);
|
||||
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
|
||||
equal(
|
||||
deserialized.succeededCertChain.length,
|
||||
0,
|
||||
"succeededCertChain should be empty"
|
||||
);
|
||||
let certChain = build_cert_list_from_pem_list([gExpiredEEPEM, gTestCAPEM]);
|
||||
ok(
|
||||
areCertArraysEqual(certChain, deserialized.failedCertChain),
|
||||
"failedCertChain should be deserialized correctly"
|
||||
);
|
||||
}
|
||||
|
||||
// Same as the above test, however, this is the v2 version of the
|
||||
// serialization.
|
||||
function test_old_failed_certlist_deseralization_v2() {
|
||||
const serialized =
|
||||
"FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAABAA" +
|
||||
"AAAAAAAAA///gCwAAAAEAMgFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAA" +
|
||||
"AAAAMgMIIDHDCCAgSgAwIBAgIUY9ERAIKj0js/YbhJoMrcLnj++uowDQYJKoZIhvcNAQELB" +
|
||||
"QAwEjEQMA4GA1UEAwwHVGVzdCBDQTAiGA8yMDEzMDEwMTAwMDAwMFoYDzIwMTQwMTAxMDAw" +
|
||||
"MDAwWjAiMSAwHgYDVQQDDBdFeHBpcmVkIFRlc3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvc" +
|
||||
"NAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wc" +
|
||||
"clqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk2" +
|
||||
"7lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI" +
|
||||
"H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wn" +
|
||||
"vuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxD" +
|
||||
"HVA6zaGAo17Y0CAwEAAaNWMFQwHgYDVR0RBBcwFYITZXhwaXJlZC5leGFtcGxlLmNvbTAyB" +
|
||||
"ggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wDQYJ" +
|
||||
"KoZIhvcNAQELBQADggEBAImiFuy275T6b+Ud6gl/El6qpgWHUXeYiv2sp7d+HVzfT+ow5WV" +
|
||||
"sxI/GMKhdA43JaKT9gfMsbnP1qiI2zel3U+F7IAMO1CEr5FVdCOVTma5hmu/81rkJLmZ8RQ" +
|
||||
"DWWOhZKyn/7aD7TH1C1e768yCt5E2DDl8mHil9zR8BPsoXwuS3L9zJ2JqNc60+hB8l297Za" +
|
||||
"Sl0nbKffb47ukvn5kSJ7tI9n/fSXdj1JrukwjZP+74VkQyNobaFzDZ+Zr3QmfbejEsY2EYn" +
|
||||
"q8XuENgIO4DuYrm80/p6bMO6laB0Uv5W6uXZgBZdRTe1WMdYWGhmvnFFQmf+naeOOl6ryFw" +
|
||||
"WwtnoK7IAAAAAAAEAAAEAAQAAAAAAAAAAAAAAAZWfsWVlF0h/q5vYkTvlMZeudM2lzS9HP5" +
|
||||
"b18Lf/9ixoAAAAAmYKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAyAwg" +
|
||||
"gMcMIICBKADAgECAhRj0REAgqPSOz9huEmgytwueP766jANBgkqhkiG9w0BAQsFADASMRAw" +
|
||||
"DgYDVQQDDAdUZXN0IENBMCIYDzIwMTMwMTAxMDAwMDAwWhgPMjAxNDAxMDEwMDAwMDBaMCI" +
|
||||
"xIDAeBgNVBAMMF0V4cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAA" +
|
||||
"OCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngfv" +
|
||||
"bGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO" +
|
||||
"7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEP" +
|
||||
"vJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naO" +
|
||||
"Gzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYC" +
|
||||
"jXtjQIDAQABo1YwVDAeBgNVHREEFzAVghNleHBpcmVkLmV4YW1wbGUuY29tMDIGCCsGAQUF" +
|
||||
"BwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzANBgkqhkiG9w0" +
|
||||
"BAQsFAAOCAQEAiaIW7LbvlPpv5R3qCX8SXqqmBYdRd5iK/aynt34dXN9P6jDlZWzEj8YwqF" +
|
||||
"0DjclopP2B8yxuc/WqIjbN6XdT4XsgAw7UISvkVV0I5VOZrmGa7/zWuQkuZnxFANZY6FkrK" +
|
||||
"f/toPtMfULV7vrzIK3kTYMOXyYeKX3NHwE+yhfC5Lcv3MnYmo1zrT6EHyXb3tlpKXSdsp99" +
|
||||
"vju6S+fmRInu0j2f99Jd2PUmu6TCNk/7vhWRDI2htoXMNn5mvdCZ9t6MSxjYRierxe4Q2Ag" +
|
||||
"7gO5iubzT+npsw7qVoHRS/lbq5dmAFl1FN7VYx1hYaGa+cUVCZ/6dp446XqvIXBbC2egrsm" +
|
||||
"YKMiaRXE/7uyCJhaYy3wW9w5eaVCJM1YWJaWtuluqDAAAAAAAAAtcwggLTMIIBu6ADAgECA" +
|
||||
"hQpoXAjALAddSApG46EBfimNiyZuDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0" +
|
||||
"IENBMCIYDzIwMTcxMTI3MDAwMDAwWhgPMjAyMDAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB1R" +
|
||||
"lc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBj" +
|
||||
"YQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJ" +
|
||||
"JwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw" +
|
||||
"JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7f" +
|
||||
"ilhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL" +
|
||||
"8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wC" +
|
||||
"wYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAgyCfLAcVs/MkERxunH9pZA4ja1QWW" +
|
||||
"jsxSg9KgAIfOgj8c5RPHbl4oeWk0raNKWMu5+FR3/94IJeD45C3h/Y3+1HDyC6ZuzdgMXv6" +
|
||||
"3dk0a36JDFlPA3swqwYhnL7pHnbdcfDyWnMVfmLNeAhL7QA+Vf5fJmTsxEJwFaHo9JpKoQ4" +
|
||||
"69RdWno6aHeK3TfiQFaebzT1MRabCJXDeyw8OalQICt0M0wx29B6HNof3px2NxKyC6qlf01" +
|
||||
"wwNSaaIbsctDaLL5ZLN6T1LjpJsooMvDwRt69+SXo8SmD4YO6Wr4Q9drI3cCwVeQXwxoUuB" +
|
||||
"96muQQ2M3WDiMz5ZLI3oMLu8KSPsAA==";
|
||||
|
||||
let serHelper = Cc["@mozilla.org/network/serialization-helper;1"].getService(
|
||||
Ci.nsISerializationHelper
|
||||
);
|
||||
// Deserialize from the string and compare to the original object
|
||||
let deserialized = serHelper.deserializeObject(serialized);
|
||||
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
|
||||
|
||||
let certChain = build_cert_list_from_pem_list([gExpiredEEPEM, gTestCAPEM]);
|
||||
ok(
|
||||
areCertArraysEqual(certChain, deserialized.failedCertChain),
|
||||
"failedCertChain should be deserialized correctly"
|
||||
);
|
||||
}
|
||||
function run_test() {
|
||||
do_get_profile();
|
||||
add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
|
||||
@ -667,26 +309,6 @@ function run_test() {
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
add_test(function() {
|
||||
test_old_succeeded_certlist_deseralization_v2();
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
add_test(function() {
|
||||
test_old_failed_certlist_deseralization_v2();
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
add_test(function() {
|
||||
test_old_succeeded_certlist_deseralization_v1();
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
add_test(function() {
|
||||
test_old_failed_certlist_deseralization_v1();
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
// Test successful connection (failedCertChain should be null)
|
||||
add_connection_test(
|
||||
// re-use pinning certs (keeler)
|
||||
@ -694,7 +316,6 @@ function run_test() {
|
||||
PRErrorCodeSuccess,
|
||||
null,
|
||||
function withSecurityInfo(aTransportSecurityInfo) {
|
||||
test_security_info_serialization(aTransportSecurityInfo, 0);
|
||||
equal(
|
||||
aTransportSecurityInfo.failedCertChain.length,
|
||||
0,
|
||||
@ -709,10 +330,6 @@ function run_test() {
|
||||
SEC_ERROR_EXPIRED_CERTIFICATE,
|
||||
null,
|
||||
function withSecurityInfo(securityInfo) {
|
||||
test_security_info_serialization(
|
||||
securityInfo,
|
||||
SEC_ERROR_EXPIRED_CERTIFICATE
|
||||
);
|
||||
notEqual(
|
||||
securityInfo.failedCertChain,
|
||||
null,
|
||||
@ -734,7 +351,6 @@ function run_test() {
|
||||
SEC_ERROR_UNKNOWN_ISSUER,
|
||||
null,
|
||||
function withSecurityInfo(securityInfo) {
|
||||
test_security_info_serialization(securityInfo, SEC_ERROR_UNKNOWN_ISSUER);
|
||||
notEqual(
|
||||
securityInfo.failedCertChain,
|
||||
null,
|
||||
@ -756,10 +372,6 @@ function run_test() {
|
||||
SEC_ERROR_INADEQUATE_KEY_USAGE,
|
||||
null,
|
||||
function withSecurityInfo(securityInfo) {
|
||||
test_security_info_serialization(
|
||||
securityInfo,
|
||||
SEC_ERROR_INADEQUATE_KEY_USAGE
|
||||
);
|
||||
notEqual(
|
||||
securityInfo.failedCertChain,
|
||||
null,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user