From 90498538879c40b1b7e26a85e537049d087286a0 Mon Sep 17 00:00:00 2001 From: Dana Keeler Date: Mon, 23 Jan 2023 18:30:55 +0000 Subject: [PATCH] Bug 1808816 - socket process follow-up: find potential client certificates on the socket thread r=jschanck Differential Revision: https://phabricator.services.mozilla.com/D167456 --- .../ssl/TLSClientAuthCertSelection.cpp | 53 ++++++++++++------- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/security/manager/ssl/TLSClientAuthCertSelection.cpp b/security/manager/ssl/TLSClientAuthCertSelection.cpp index e6acc6ad73b1..caea4a968901 100644 --- a/security/manager/ssl/TLSClientAuthCertSelection.cpp +++ b/security/manager/ssl/TLSClientAuthCertSelection.cpp @@ -868,27 +868,42 @@ bool SelectTLSClientAuthCertParent::Dispatch( new RemoteClientAuthCertificateSelected(this)); ClientAuthInfo authInfo(aHostName, aOriginAttributes, aPort, aProviderFlags, aProviderTlsFlags); - SECItem serverCertItem{ - siBuffer, - const_cast(aServerCertBytes.data().Elements()), - static_cast(aServerCertBytes.data().Length()), - }; - UniqueCERTCertificate serverCert(CERT_NewTempCertificate( - CERT_GetDefaultCertDB(), &serverCertItem, nullptr, false, true)); - if (!serverCert) { + nsCOMPtr socketThread = + do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID); + if (NS_WARN_IF(!socketThread)) { return false; } - nsTArray> caNames; - for (auto& caName : aCANames) { - caNames.AppendElement(std::move(caName.data())); - } - UniqueCERTCertList potentialClientCertificates( - FindClientCertificatesWithPrivateKeys()); - RefPtr selectClientAuthCertificate( - new SelectClientAuthCertificate( - std::move(authInfo), std::move(serverCert), std::move(caNames), - std::move(potentialClientCertificates), continuation)); - return NS_SUCCEEDED(NS_DispatchToMainThread(selectClientAuthCertificate)); + // Dispatch the work of instantiating a CERTCertificate and searching for + // client certificates to the socket thread. + nsresult rv = socketThread->Dispatch(NS_NewRunnableFunction( + "SelectTLSClientAuthCertParent::Dispatch", + [authInfo(std::move(authInfo)), continuation(std::move(continuation)), + serverCertBytes(aServerCertBytes), + caNames(std::move(aCANames))]() mutable { + SECItem serverCertItem{ + siBuffer, + const_cast(serverCertBytes.data().Elements()), + static_cast(serverCertBytes.data().Length()), + }; + UniqueCERTCertificate serverCert(CERT_NewTempCertificate( + CERT_GetDefaultCertDB(), &serverCertItem, nullptr, false, true)); + if (!serverCert) { + return; + } + nsTArray> caNamesArray; + for (auto& caName : caNames) { + caNamesArray.AppendElement(std::move(caName.data())); + } + UniqueCERTCertList potentialClientCertificates( + FindClientCertificatesWithPrivateKeys()); + RefPtr selectClientAuthCertificate( + new SelectClientAuthCertificate( + std::move(authInfo), std::move(serverCert), + std::move(caNamesArray), std::move(potentialClientCertificates), + continuation)); + Unused << NS_DispatchToMainThread(selectClientAuthCertificate); + })); + return NS_SUCCEEDED(rv); } void SelectTLSClientAuthCertParent::TLSClientAuthCertSelected(