Bug 1103120 - Part 3: Server: Advertise cert for authentication. r=past

2015-01-26 12:47:13 -06:00 · 2015-01-26 12:47:13 -06:00 · 2b5084f43a
--- a/toolkit/devtools/security/auth.js
+++ b/toolkit/devtools/security/auth.js
@ -41,6 +41,28 @@ Prompt.Server.prototype = {

  mode: Prompt.mode,

+  /**
+   * Verify that listener settings are appropriate for this authentication mode.
+   *
+   * @param listener SocketListener
+   *        The socket listener about to be opened.
+   * @throws if validation requirements are not met
+   */
+  validateOptions() {},
+
+  /**
+   * Augment the service discovery advertisement with any additional data needed
+   * to support this authentication mode.
+   *
+   * @param listener SocketListener
+   *        The socket listener that was just opened.
+   * @param advertisement object
+   *        The advertisement being built.
+   */
+  augmentAdvertisement(listener, advertisement) {
+    advertisement.authentication = Prompt.mode;
+  },
+
 };

 /**
@ -77,6 +99,38 @@ OOBCert.Server.prototype = {

  mode: OOBCert.mode,

+  /**
+   * Verify that listener settings are appropriate for this authentication mode.
+   *
+   * @param listener SocketListener
+   *        The socket listener about to be opened.
+   * @throws if validation requirements are not met
+   */
+  validateOptions(listener) {
+    if (!listener.encryption) {
+      throw new Error(OOBCert.mode + " authentication requires encryption.");
+    }
+  },
+
+  /**
+   * Augment the service discovery advertisement with any additional data needed
+   * to support this authentication mode.
+   *
+   * @param listener SocketListener
+   *        The socket listener that was just opened.
+   * @param advertisement object
+   *        The advertisement being built.
+   */
+  augmentAdvertisement(listener, advertisement) {
+    advertisement.authentication = OOBCert.mode;
+    // Step A.4
+    // Server announces itself via service discovery
+    // Announcement contains hash(ServerCert) as additional data
+    advertisement.cert = {
+      sha256: listener._socket.serverCert.sha256Fingerprint
+    };
+  },
+
 };

 exports.Authenticators = {
--- a/toolkit/devtools/security/socket.js
+++ b/toolkit/devtools/security/socket.js
@ -23,6 +23,8 @@ loader.lazyRequireGetter(this, "discovery",
  "devtools/toolkit/discovery/discovery");
 loader.lazyRequireGetter(this, "cert",
  "devtools/toolkit/security/cert");
+loader.lazyRequireGetter(this, "Authenticators",
+  "devtools/toolkit/security/auth", true);
 loader.lazyRequireGetter(this, "setTimeout", "Timer", true);
 loader.lazyRequireGetter(this, "clearTimeout", "Timer", true);

@ -274,6 +276,15 @@ SocketListener.prototype = {
   */
  encryption: false,

+  /**
+   * Controls the |Authenticator| used, which hooks various socket steps to
+   * implement an authentication policy.  It is expected that different use
+   * cases may override pieces of the |Authenticator|.  See auth.js.
+   *
+   * Here we set the default |Authenticator|, which is |Prompt|.
+   */
+  authenticator: new (Authenticators.get().Server)(),
+
  /**
   * Validate that all options have been set to a supported configuration.
   */
@ -284,6 +295,7 @@ SocketListener.prototype = {
    if (this.discoverable && !Number(this.portOrPath)) {
      throw new Error("Discovery only supported for TCP sockets.");
    }
+    this.authenticator.validateOptions(this);
  },

  /**
@ -317,12 +329,7 @@ SocketListener.prototype = {
      self._socket.asyncListen(self);
      dumpn("Socket listening on: " + (self.port || self.portOrPath));
    }).then(() => {
-      if (this.discoverable && this.port) {
-        discovery.addService("devtools", {
-          port: this.port,
-          encryption: this.encryption
-        });
-      }
+      this._advertise();
    }).catch(e => {
      dumpn("Could not start debugging listener on '" + this.portOrPath +
            "': " + e);
@ -330,6 +337,21 @@ SocketListener.prototype = {
    });
  },

+  _advertise: function() {
+    if (!this.discoverable || !this.port) {
+      return;
+    }
+
+    let advertisement = {
+      port: this.port,
+      encryption: this.encryption,
+    };
+
+    this.authenticator.augmentAdvertisement(this, advertisement);
+
+    discovery.addService("devtools", advertisement);
+  },
+
  _createSocketInstance: function() {
    if (this.encryption) {
      return Cc["@mozilla.org/network/tls-server-socket;1"]