Bug 1323998 - Stop using Scoped.h NSS types in dtlsidentity.(cpp|h) and nricectx.cpp. r=mt

Scoped.h is deprecated.

MozReview-Commit-ID: IRFLV2mfN4J

--HG--
extra : rebase_source : 4c2a73ed8c1e9c695716aafb2da099f60f889454

dom/media/webrtc/RTCCertificate.cpp

@@ -13,6 +13,7 @@
 #include "mozilla/dom/RTCCertificateBinding.h"
 #include "mozilla/dom/WebCryptoCommon.h"
 #include "mozilla/dom/WebCryptoTask.h"
+#include "mozilla/Move.h"
 #include "mozilla/Sprintf.h"
 
 #include <cstdio>
@@ -333,9 +334,9 @@ RTCCertificate::CreateDtlsIdentity() const
   if (isAlreadyShutDown() || !mPrivateKey || !mCertificate) {
     return nullptr;
   }
-  SECKEYPrivateKey* key = SECKEY_CopyPrivateKey(mPrivateKey.get());
-  CERTCertificate* cert = CERT_DupCertificate(mCertificate.get());
-  RefPtr<DtlsIdentity> id = new DtlsIdentity(key, cert, mAuthType);
+  UniqueSECKEYPrivateKey key(SECKEY_CopyPrivateKey(mPrivateKey.get()));
+  UniqueCERTCertificate cert(CERT_DupCertificate(mCertificate.get()));
+  RefPtr<DtlsIdentity> id = new DtlsIdentity(Move(key), Move(cert), mAuthType);
   return id;
 }
 

media/mtransport/dtlsidentity.cpp

@@ -19,14 +19,14 @@
 namespace mozilla {
 
 RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
-  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
   if (!slot) {
     return nullptr;
   }
 
   uint8_t random_name[16];
 
-  SECStatus rv = PK11_GenerateRandomOnSlot(slot, random_name,
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), random_name,
                                            sizeof(random_name));
   if (rv != SECSuccess)
     return nullptr;
@@ -39,7 +39,7 @@ RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
   }
 
   std::string subject_name_string = "CN=" + name;
-  ScopedCERTName subject_name(CERT_AsciiToName(subject_name_string.c_str()));
+  UniqueCERTName subject_name(CERT_AsciiToName(subject_name_string.c_str()));
   if (!subject_name) {
     return nullptr;
   }
@@ -55,26 +55,24 @@ RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
   memcpy(ecdsaParams.data + 2, oidData->oid.data, oidData->oid.len);
   ecdsaParams.len = oidData->oid.len + 2;
 
-  ScopedSECKEYPrivateKey private_key;
-  ScopedSECKEYPublicKey public_key;
   SECKEYPublicKey *pubkey;
-
-  private_key =
-      PK11_GenerateKeyPair(slot,
+  UniqueSECKEYPrivateKey private_key(
+      PK11_GenerateKeyPair(slot.get(),
                            CKM_EC_KEY_PAIR_GEN, &ecdsaParams, &pubkey,
-                           PR_FALSE, PR_TRUE, nullptr);
+                           PR_FALSE, PR_TRUE, nullptr));
   if (private_key == nullptr)
     return nullptr;
-  public_key = pubkey;
+  UniqueSECKEYPublicKey public_key(pubkey);
+  pubkey = nullptr;
 
-  ScopedCERTSubjectPublicKeyInfo spki(
-      SECKEY_CreateSubjectPublicKeyInfo(pubkey));
+  UniqueCERTSubjectPublicKeyInfo spki(
+      SECKEY_CreateSubjectPublicKeyInfo(public_key.get()));
   if (!spki) {
     return nullptr;
   }
 
-  ScopedCERTCertificateRequest certreq(
-      CERT_CreateCertificateRequest(subject_name, spki, nullptr));
+  UniqueCERTCertificateRequest certreq(
+      CERT_CreateCertificateRequest(subject_name.get(), spki.get(), nullptr));
   if (!certreq) {
     return nullptr;
   }
@@ -94,22 +92,23 @@ RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
   PRTime notBefore = now - oneDay;
   PRTime notAfter = now + (PRTime(30) * oneDay);
 
-  ScopedCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
+  UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
   if (!validity) {
     return nullptr;
   }
 
   unsigned long serial;
   // Note: This serial in principle could collide, but it's unlikely
-  rv = PK11_GenerateRandomOnSlot(slot,
+  rv = PK11_GenerateRandomOnSlot(slot.get(),
                                  reinterpret_cast<unsigned char *>(&serial),
                                  sizeof(serial));
   if (rv != SECSuccess) {
     return nullptr;
   }
 
-  ScopedCERTCertificate certificate(
-      CERT_CreateCertificate(serial, subject_name, validity, certreq));
+  UniqueCERTCertificate certificate(
+      CERT_CreateCertificate(serial, subject_name.get(), validity.get(),
+                             certreq.get()));
   if (!certificate) {
     return nullptr;
   }
@@ -129,7 +128,7 @@ RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
   innerDER.len = 0;
   innerDER.data = nullptr;
 
-  if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate,
+  if (!SEC_ASN1EncodeItem(arena, &innerDER, certificate.get(),
                           SEC_ASN1_GET(CERT_CertificateTemplate))) {
     return nullptr;
   }
@@ -140,15 +139,16 @@ RefPtr<DtlsIdentity> DtlsIdentity::Generate() {
   }
 
   rv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len,
-                       private_key,
+                       private_key.get(),
                        SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
   if (rv != SECSuccess) {
     return nullptr;
   }
   certificate->derCert = *signedCert;
 
-  RefPtr<DtlsIdentity> identity =
-      new DtlsIdentity(private_key.forget(), certificate.forget(), ssl_kea_ecdh);
+  RefPtr<DtlsIdentity> identity = new DtlsIdentity(Move(private_key),
+                                                   Move(certificate),
+                                                   ssl_kea_ecdh);
   return identity.forget();
 }
 

media/mtransport/dtlsidentity.h

@@ -9,10 +9,11 @@
 #include <string>
 
 #include "m_cpp_utils.h"
+#include "mozilla/Move.h"
 #include "mozilla/RefPtr.h"
 #include "nsISupportsImpl.h"
-#include "sslt.h"
 #include "ScopedNSSTypes.h"
+#include "sslt.h"
 
 // All code in this module requires NSS to be live.
 // Callers must initialize NSS and implement the nsNSSShutdownObject
@@ -22,10 +23,10 @@ namespace mozilla {
 class DtlsIdentity final {
  public:
   // This constructor takes ownership of privkey and cert.
-  DtlsIdentity(SECKEYPrivateKey *privkey,
-               CERTCertificate *cert,
+  DtlsIdentity(UniqueSECKEYPrivateKey privkey,
+               UniqueCERTCertificate cert,
                SSLKEAType authType)
-      : private_key_(privkey), cert_(cert), auth_type_(authType) {}
+      : private_key_(Move(privkey)), cert_(Move(cert)), auth_type_(authType) {}
 
   // This is only for use in tests, or for external linkage.  It makes a (bad)
   // instance of this class.
@@ -34,7 +35,7 @@ class DtlsIdentity final {
   // These don't create copies or transfer ownership. If you want these to live
   // on, make a copy.
   const UniqueCERTCertificate& cert() const { return cert_; }
-  SECKEYPrivateKey *privkey() const { return private_key_; }
+  const UniqueSECKEYPrivateKey& privkey() const { return private_key_; }
   // Note: this uses SSLKEAType because that is what the libssl API requires.
   // This is a giant confusing mess, but libssl indexes certificates based on a
   // key exchange type, not authentication type (as you might have reasonably
@@ -62,7 +63,7 @@ class DtlsIdentity final {
   ~DtlsIdentity() {}
   DISALLOW_COPY_ASSIGN(DtlsIdentity);
 
-  ScopedSECKEYPrivateKey private_key_;
+  UniqueSECKEYPrivateKey private_key_;
   UniqueCERTCertificate cert_;
   SSLKEAType auth_type_;
 };

media/mtransport/nricectx.cpp

@@ -114,11 +114,11 @@ static bool initialized = false;
 
 // Implement NSPR-based crypto algorithms
 static int nr_crypto_nss_random_bytes(UCHAR *buf, int len) {
-  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
   if (!slot)
     return R_INTERNAL;
 
-  SECStatus rv = PK11_GenerateRandomOnSlot(slot, buf, len);
+  SECStatus rv = PK11_GenerateRandomOnSlot(slot.get(), buf, len);
   if (rv != SECSuccess)
     return R_INTERNAL;
 

media/mtransport/transportlayerdtls.cpp

@@ -518,7 +518,7 @@ bool TransportLayerDtls::Setup() {
     MOZ_MTLOG(ML_INFO, "Setting up DTLS as server");
     // Server side
     rv = SSL_ConfigSecureServer(ssl_fd.get(), identity_->cert().get(),
-                                identity_->privkey(),
+                                identity_->privkey().get(),
                                 identity_->auth_type());
     if (rv != SECSuccess) {
       MOZ_MTLOG(ML_ERROR, "Couldn't set identity");
@@ -1090,7 +1090,7 @@ SECStatus TransportLayerDtls::GetClientAuthDataHook(void *arg, PRFileDesc *fd,
     return SECFailure;
   }
 
-  *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey());
+  *pRetKey = SECKEY_CopyPrivateKey(stream->identity_->privkey().get());
   if (!*pRetKey) {
     CERT_DestroyCertificate(*pRetCert);
     *pRetCert = nullptr;

security/manager/ssl/ScopedNSSTypes.h

@@ -62,19 +62,9 @@ MapSECStatus(SECStatus rv)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificate,
                                           CERTCertificate,
                                           CERT_DestroyCertificate)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateRequest,
-                                          CERTCertificateRequest,
-                                          CERT_DestroyCertificateRequest)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName,
-                                          CERTName,
-                                          CERT_DestroyName)
 MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo,
                                           CERTSubjectPublicKeyInfo,
                                           SECKEY_DestroySubjectPublicKeyInfo)
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity,
-                                          CERTValidity,
-                                          CERT_DestroyValidity)
-// Deprecated: use the equivalent UniquePtr templates instead.
 
 namespace internal {