Bug 1580318 - Remove nsIX509CertList from verifyCertFinished r=keeler

Differential Revision: https://phabricator.services.mozilla.com/D44244

--HG--
extra : moz-landing-system : lando
This commit is contained in:
Sean Feng 2019-11-07 14:35:16 +00:00
parent e9a5754ce0
commit b8410f69c1
3 changed files with 25 additions and 22 deletions

View File

@ -298,9 +298,7 @@ function getChainForUsage(results, usage) {
certificateUsages[result.usageString] == usage &&
result.errorCode == PRErrorCodeSuccess
) {
// The chain attribute here is generated by the VerifyCertAtTime API,
// and it is a nsIX509CertList, so we have to enumerate it.
return Array.from(result.chain.getEnumerator());
return result.chain;
}
}
return null;

View File

@ -11,7 +11,6 @@ interface nsIX509Cert;
interface nsIFile;
interface nsIInterfaceRequestor;
interface nsIZipReader;
interface nsIX509CertList;
interface nsIInputStream;
%{C++
@ -40,7 +39,7 @@ interface nsIOpenSignedAppFileCallback : nsISupports
[scriptable, function, uuid(49e16fc8-efac-4f57-8361-956ef6b960a4)]
interface nsICertVerificationCallback : nsISupports {
void verifyCertFinished(in int32_t aPRErrorCode,
in nsIX509CertList aVerifiedChain,
in Array<nsIX509Cert> aVerifiedChain,
in bool aHasEVPolicy);
};

View File

@ -1157,14 +1157,17 @@ nsresult VerifyCertAtTime(nsIX509Cert* aCert,
int64_t /*SECCertificateUsage*/ aUsage,
uint32_t aFlags, const nsACString& aHostname,
mozilla::pkix::Time aTime,
nsIX509CertList** aVerifiedChain, bool* aHasEVPolicy,
nsTArray<RefPtr<nsIX509Cert>>& aVerifiedChain,
bool* aHasEVPolicy,
int32_t* /*PRErrorCode*/ _retval) {
NS_ENSURE_ARG_POINTER(aCert);
NS_ENSURE_ARG_POINTER(aHasEVPolicy);
NS_ENSURE_ARG_POINTER(aVerifiedChain);
NS_ENSURE_ARG_POINTER(_retval);
*aVerifiedChain = nullptr;
if (!aVerifiedChain.IsEmpty()) {
return NS_ERROR_INVALID_ARG;
}
*aHasEVPolicy = false;
*_retval = PR_UNKNOWN_ERROR;
@ -1203,16 +1206,20 @@ nsresult VerifyCertAtTime(nsIX509Cert* aCert,
OriginAttributes(), &evOidPolicy);
}
nsCOMPtr<nsIX509CertList> nssCertList;
// This adopts the list
nssCertList = new nsNSSCertList(std::move(resultChain));
NS_ENSURE_TRUE(nssCertList, NS_ERROR_FAILURE);
if (result == mozilla::pkix::Success) {
nsresult rv = nsNSSCertificateDB::ConstructCertArrayFromUniqueCertList(
resultChain, aVerifiedChain);
if (NS_FAILED(rv)) {
return rv;
}
if (evOidPolicy != SEC_OID_UNKNOWN) {
*aHasEVPolicy = true;
}
}
*_retval = mozilla::pkix::MapResultToPRErrorCode(result);
if (result == mozilla::pkix::Success && evOidPolicy != SEC_OID_UNKNOWN) {
*aHasEVPolicy = true;
}
nssCertList.forget(aVerifiedChain);
return NS_OK;
}
@ -1230,7 +1237,6 @@ class VerifyCertAtTimeTask final : public CryptoTask {
mCallback(new nsMainThreadPtrHolder<nsICertVerificationCallback>(
"nsICertVerificationCallback", aCallback)),
mPRErrorCode(SEC_ERROR_LIBRARY_FAILURE),
mVerifiedCertList(nullptr),
mHasEVPolicy(false) {}
private:
@ -1241,14 +1247,14 @@ class VerifyCertAtTimeTask final : public CryptoTask {
}
return VerifyCertAtTime(mCert, mUsage, mFlags, mHostname,
mozilla::pkix::TimeFromEpochInSeconds(mTime),
getter_AddRefs(mVerifiedCertList), &mHasEVPolicy,
&mPRErrorCode);
mVerifiedCertList, &mHasEVPolicy, &mPRErrorCode);
}
virtual void CallCallback(nsresult rv) override {
if (NS_FAILED(rv)) {
Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE,
nullptr, false);
nsTArray<RefPtr<nsIX509Cert>> tmp;
Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE, tmp,
false);
} else {
Unused << mCallback->VerifyCertFinished(mPRErrorCode, mVerifiedCertList,
mHasEVPolicy);
@ -1262,7 +1268,7 @@ class VerifyCertAtTimeTask final : public CryptoTask {
uint64_t mTime;
nsMainThreadPtrHandle<nsICertVerificationCallback> mCallback;
int32_t mPRErrorCode;
nsCOMPtr<nsIX509CertList> mVerifiedCertList;
nsTArray<RefPtr<nsIX509Cert>> mVerifiedCertList;
bool mHasEVPolicy;
};