mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-25 05:41:12 +00:00
Bug 1580318 - Remove nsIX509CertList from verifyCertFinished r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D44244 --HG-- extra : moz-landing-system : lando
This commit is contained in:
parent
e9a5754ce0
commit
b8410f69c1
@ -298,9 +298,7 @@ function getChainForUsage(results, usage) {
|
||||
certificateUsages[result.usageString] == usage &&
|
||||
result.errorCode == PRErrorCodeSuccess
|
||||
) {
|
||||
// The chain attribute here is generated by the VerifyCertAtTime API,
|
||||
// and it is a nsIX509CertList, so we have to enumerate it.
|
||||
return Array.from(result.chain.getEnumerator());
|
||||
return result.chain;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
|
@ -11,7 +11,6 @@ interface nsIX509Cert;
|
||||
interface nsIFile;
|
||||
interface nsIInterfaceRequestor;
|
||||
interface nsIZipReader;
|
||||
interface nsIX509CertList;
|
||||
interface nsIInputStream;
|
||||
|
||||
%{C++
|
||||
@ -40,7 +39,7 @@ interface nsIOpenSignedAppFileCallback : nsISupports
|
||||
[scriptable, function, uuid(49e16fc8-efac-4f57-8361-956ef6b960a4)]
|
||||
interface nsICertVerificationCallback : nsISupports {
|
||||
void verifyCertFinished(in int32_t aPRErrorCode,
|
||||
in nsIX509CertList aVerifiedChain,
|
||||
in Array<nsIX509Cert> aVerifiedChain,
|
||||
in bool aHasEVPolicy);
|
||||
};
|
||||
|
||||
|
@ -1157,14 +1157,17 @@ nsresult VerifyCertAtTime(nsIX509Cert* aCert,
|
||||
int64_t /*SECCertificateUsage*/ aUsage,
|
||||
uint32_t aFlags, const nsACString& aHostname,
|
||||
mozilla::pkix::Time aTime,
|
||||
nsIX509CertList** aVerifiedChain, bool* aHasEVPolicy,
|
||||
nsTArray<RefPtr<nsIX509Cert>>& aVerifiedChain,
|
||||
bool* aHasEVPolicy,
|
||||
int32_t* /*PRErrorCode*/ _retval) {
|
||||
NS_ENSURE_ARG_POINTER(aCert);
|
||||
NS_ENSURE_ARG_POINTER(aHasEVPolicy);
|
||||
NS_ENSURE_ARG_POINTER(aVerifiedChain);
|
||||
NS_ENSURE_ARG_POINTER(_retval);
|
||||
|
||||
*aVerifiedChain = nullptr;
|
||||
if (!aVerifiedChain.IsEmpty()) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
*aHasEVPolicy = false;
|
||||
*_retval = PR_UNKNOWN_ERROR;
|
||||
|
||||
@ -1203,16 +1206,20 @@ nsresult VerifyCertAtTime(nsIX509Cert* aCert,
|
||||
OriginAttributes(), &evOidPolicy);
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIX509CertList> nssCertList;
|
||||
// This adopts the list
|
||||
nssCertList = new nsNSSCertList(std::move(resultChain));
|
||||
NS_ENSURE_TRUE(nssCertList, NS_ERROR_FAILURE);
|
||||
if (result == mozilla::pkix::Success) {
|
||||
nsresult rv = nsNSSCertificateDB::ConstructCertArrayFromUniqueCertList(
|
||||
resultChain, aVerifiedChain);
|
||||
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (evOidPolicy != SEC_OID_UNKNOWN) {
|
||||
*aHasEVPolicy = true;
|
||||
}
|
||||
}
|
||||
|
||||
*_retval = mozilla::pkix::MapResultToPRErrorCode(result);
|
||||
if (result == mozilla::pkix::Success && evOidPolicy != SEC_OID_UNKNOWN) {
|
||||
*aHasEVPolicy = true;
|
||||
}
|
||||
nssCertList.forget(aVerifiedChain);
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
@ -1230,7 +1237,6 @@ class VerifyCertAtTimeTask final : public CryptoTask {
|
||||
mCallback(new nsMainThreadPtrHolder<nsICertVerificationCallback>(
|
||||
"nsICertVerificationCallback", aCallback)),
|
||||
mPRErrorCode(SEC_ERROR_LIBRARY_FAILURE),
|
||||
mVerifiedCertList(nullptr),
|
||||
mHasEVPolicy(false) {}
|
||||
|
||||
private:
|
||||
@ -1241,14 +1247,14 @@ class VerifyCertAtTimeTask final : public CryptoTask {
|
||||
}
|
||||
return VerifyCertAtTime(mCert, mUsage, mFlags, mHostname,
|
||||
mozilla::pkix::TimeFromEpochInSeconds(mTime),
|
||||
getter_AddRefs(mVerifiedCertList), &mHasEVPolicy,
|
||||
&mPRErrorCode);
|
||||
mVerifiedCertList, &mHasEVPolicy, &mPRErrorCode);
|
||||
}
|
||||
|
||||
virtual void CallCallback(nsresult rv) override {
|
||||
if (NS_FAILED(rv)) {
|
||||
Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE,
|
||||
nullptr, false);
|
||||
nsTArray<RefPtr<nsIX509Cert>> tmp;
|
||||
Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE, tmp,
|
||||
false);
|
||||
} else {
|
||||
Unused << mCallback->VerifyCertFinished(mPRErrorCode, mVerifiedCertList,
|
||||
mHasEVPolicy);
|
||||
@ -1262,7 +1268,7 @@ class VerifyCertAtTimeTask final : public CryptoTask {
|
||||
uint64_t mTime;
|
||||
nsMainThreadPtrHandle<nsICertVerificationCallback> mCallback;
|
||||
int32_t mPRErrorCode;
|
||||
nsCOMPtr<nsIX509CertList> mVerifiedCertList;
|
||||
nsTArray<RefPtr<nsIX509Cert>> mVerifiedCertList;
|
||||
bool mHasEVPolicy;
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user