Bug 1618710 - Refactoring nsClientAuthRememberService to work as a service r=keeler

Differential Revision: https://phabricator.services.mozilla.com/D62585 --HG-- extra : moz-landing-system : lando
2020-02-28 01:32:38 +00:00 · 2020-02-28 01:32:38 +00:00 · e037cf93e5
--- a/security/manager/ssl/SharedSSLState.cpp
+++ b/security/manager/ssl/SharedSSLState.cpp
@ -124,10 +124,6 @@ SharedSSLState::SharedSSLState(uint32_t aTlsFlags)
      mOCSPMustStapleEnabled(false),
      mSignedCertTimestampsEnabled(false) {
  mIOLayerHelpers.Init();
-  if (!aTlsFlags) {  // the per socket flags don't need memory
-    mClientAuthRemember = new nsClientAuthRememberService();
-    mClientAuthRemember->Init();
-  }
 }

 SharedSSLState::~SharedSSLState() {}
@ -140,11 +136,7 @@ void SharedSSLState::NotePrivateBrowsingStatus() {
 }

 void SharedSSLState::ResetStoredData() {
-  if (!mClientAuthRemember) {
-    return;
-  }
  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
-  mClientAuthRemember->ClearRememberedDecisions();
  mIOLayerHelpers.clearStoredData();
 }

--- a/security/manager/ssl/SharedSSLState.h
+++ b/security/manager/ssl/SharedSSLState.h
@ -7,10 +7,8 @@
 #ifndef SharedSSLState_h
 #define SharedSSLState_h

-#include "mozilla/RefPtr.h"
 #include "nsNSSIOLayer.h"

-class nsClientAuthRememberService;
 class nsIObserver;

 namespace mozilla {
@ -24,10 +22,6 @@ class SharedSSLState {
  static void GlobalInit();
  static void GlobalCleanup();

-  nsClientAuthRememberService* GetClientAuthRememberService() {
-    return mClientAuthRemember;
-  }
-
  nsSSLIOLayerHelpers& IOLayerHelpers() { return mIOLayerHelpers; }

  // Main-thread only
@ -59,7 +53,6 @@ class SharedSSLState {
  void Cleanup();

  nsCOMPtr<nsIObserver> mObserver;
-  RefPtr<nsClientAuthRememberService> mClientAuthRemember;
  nsSSLIOLayerHelpers mIOLayerHelpers;

  // True if any sockets have been created that use this shared data.
--- a/security/manager/ssl/components.conf
+++ b/security/manager/ssl/components.conf
@ -89,6 +89,13 @@ Classes = [
        'type': 'nsNSSCertificateDB',
        'legacy_constructor': 'mozilla::psm::NSSConstructor<nsNSSCertificateDB>',
    },
+    {
+        'cid': '{1dbc6eb6-0972-4bdb-9dc4-acd0abf72369}',
+        'contract_ids': ['@mozilla.org/security/clientAuthRemember;1'],
+        'type': 'nsClientAuthRememberService',
+        'headers': ['nsClientAuthRemember.h'],
+        'init_method': 'Init',
+    },
    {
        'cid': '{36a1d3b3-d886-4317-96ff-87b0005cfef7}',
        'contract_ids': ['@mozilla.org/security/hash;1'],
--- a/security/manager/ssl/moz.build
+++ b/security/manager/ssl/moz.build
@ -19,6 +19,7 @@ XPIDL_SOURCES += [
    'nsICertificateDialogs.idl',
    'nsICertOverrideService.idl',
    'nsIClientAuthDialogs.idl',
+    'nsIClientAuthRemember.idl',
    'nsIContentSignatureVerifier.idl',
    'nsICryptoHash.idl',
    'nsICryptoHMAC.idl',
--- a/security/manager/ssl/nsClientAuthRemember.cpp
+++ b/security/manager/ssl/nsClientAuthRemember.cpp
@ -25,8 +25,8 @@
 using namespace mozilla;
 using namespace mozilla::psm;

-NS_IMPL_ISUPPORTS(nsClientAuthRememberService, nsIObserver,
-                  nsISupportsWeakReference)
+NS_IMPL_ISUPPORTS(nsClientAuthRememberService, nsIClientAuthRemember,
+                  nsIObserver)

 nsClientAuthRememberService::nsClientAuthRememberService()
    : monitor("nsClientAuthRememberService.monitor") {}
@ -44,7 +44,8 @@ nsresult nsClientAuthRememberService::Init() {
  nsCOMPtr<nsIObserverService> observerService =
      mozilla::services::GetObserverService();
  if (observerService) {
-    observerService->AddObserver(this, "profile-before-change", true);
+    observerService->AddObserver(this, "profile-before-change", false);
+    observerService->AddObserver(this, "last-pb-context-exited", false);
  }

  return NS_OK;
@ -60,36 +61,46 @@ nsClientAuthRememberService::Observe(nsISupports* aSubject, const char* aTopic,

    ReentrantMonitorAutoEnter lock(monitor);
    RemoveAllFromMemory();
+  } else if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) {
+    ReentrantMonitorAutoEnter lock(monitor);
+    ClearPrivateDecisions();
  }

  return NS_OK;
 }

-void nsClientAuthRememberService::ClearRememberedDecisions() {
+NS_IMETHODIMP
+nsClientAuthRememberService::ClearRememberedDecisions() {
  ReentrantMonitorAutoEnter lock(monitor);
  RemoveAllFromMemory();
+  return NS_OK;
 }

-void nsClientAuthRememberService::ClearAllRememberedDecisions() {
-  RefPtr<nsClientAuthRememberService> svc =
-      PublicSSLState()->GetClientAuthRememberService();
-  MOZ_ASSERT(svc);
-  if (svc) {
-    svc->ClearRememberedDecisions();
-  }
+nsresult nsClientAuthRememberService::ClearPrivateDecisions() {
+  ReentrantMonitorAutoEnter lock(monitor);
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    nsCString entryKey = iter.Get()->mEntryKey;
+    const int32_t separator = entryKey.Find(":", false, 0, -1);
+    nsCString suffix;
+    if (separator >= 0) {
+      entryKey.Left(suffix, separator);
+    } else {
+      suffix = entryKey;
+    }

-  svc = PrivateSSLState()->GetClientAuthRememberService();
-  MOZ_ASSERT(svc);
-  if (svc) {
-    svc->ClearRememberedDecisions();
+    if (OriginAttributes::IsPrivateBrowsing(suffix)) {
+      iter.Remove();
+    }
  }
+  return NS_OK;
 }

 void nsClientAuthRememberService::RemoveAllFromMemory() {
  mSettingsTable.Clear();
 }

-nsresult nsClientAuthRememberService::RememberDecision(
+NS_IMETHODIMP
+nsClientAuthRememberService::RememberDecision(
    const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
    CERTCertificate* aServerCert, CERTCertificate* aClientCert) {
  // aClientCert == nullptr means: remember that user does not want to use a
@ -123,7 +134,8 @@ nsresult nsClientAuthRememberService::RememberDecision(
  return NS_OK;
 }

-nsresult nsClientAuthRememberService::HasRememberedDecision(
+NS_IMETHODIMP
+nsClientAuthRememberService::HasRememberedDecision(
    const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
    CERTCertificate* aCert, nsACString& aCertDBKey, bool* aRetVal) {
  if (aHostName.IsEmpty()) return NS_ERROR_INVALID_ARG;
--- a/security/manager/ssl/nsClientAuthRemember.h
+++ b/security/manager/ssl/nsClientAuthRemember.h
@ -12,6 +12,7 @@
 #include "mozilla/Attributes.h"
 #include "mozilla/HashFunctions.h"
 #include "mozilla/ReentrantMonitor.h"
+#include "nsIClientAuthRemember.h"
 #include "nsIObserver.h"
 #include "nsNSSCertificate.h"
 #include "nsString.h"
@ -87,10 +88,11 @@ class nsClientAuthRememberEntry final : public PLDHashEntryHdr {
 };

 class nsClientAuthRememberService final : public nsIObserver,
-                                          public nsSupportsWeakReference {
+                                          public nsIClientAuthRemember {
 public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSIOBSERVER
+  NS_DECL_NSICLIENTAUTHREMEMBER

  nsClientAuthRememberService();

@ -101,19 +103,6 @@ class nsClientAuthRememberService final : public nsIObserver,
                          const nsACString& aFingerprint,
                          /*out*/ nsACString& aEntryKey);

-  nsresult RememberDecision(const nsACString& aHostName,
-                            const OriginAttributes& aOriginAttributes,
-                            CERTCertificate* aServerCert,
-                            CERTCertificate* aClientCert);
-
-  nsresult HasRememberedDecision(const nsACString& aHostName,
-                                 const OriginAttributes& aOriginAttributes,
-                                 CERTCertificate* aServerCert,
-                                 nsACString& aCertDBKey, bool* aRetVal);
-
-  void ClearRememberedDecisions();
-  static void ClearAllRememberedDecisions();
-
 protected:
  ~nsClientAuthRememberService();

@ -121,10 +110,20 @@ class nsClientAuthRememberService final : public nsIObserver,
  nsTHashtable<nsClientAuthRememberEntry> mSettingsTable;

  void RemoveAllFromMemory();
+
+  nsresult ClearPrivateDecisions();
+
  nsresult AddEntryToList(const nsACString& aHost,
                          const OriginAttributes& aOriginAttributes,
                          const nsACString& aServerFingerprint,
                          const nsACString& aDBKey);
 };

+#define NS_CLIENTAUTHREMEMBER_CID                    \
+  { /* 1dbc6eb6-0972-4bdb-9dc4-acd0abf72369 */       \
+    0x1dbc6eb6, 0x0972, 0x4bdb, {                    \
+      0x9d, 0xc4, 0xac, 0xd0, 0xab, 0xf7, 0x23, 0x69 \
+    }                                                \
+  }
+
 #endif
--- a/security/manager/ssl/nsIClientAuthRemember.idl
+++ b/security/manager/ssl/nsIClientAuthRemember.idl
@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#include "cert.h"
+#define NS_CLIENTAUTHREMEMBER_CONTRACTID "@mozilla.org/security/clientAuthRemember;1"
+%}
+
+[ptr] native CERTCertificatePtr(CERTCertificate);
+[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+
+[scriptable, uuid(1dbc6eb6-0972-4bdb-9dc4-acd0abf72369)]
+interface nsIClientAuthRemember : nsISupports
+{
+
+  [must_use, noscript]
+  void rememberDecision(in ACString aHostName,
+                        in const_OriginAttributesRef aOriginAttributes,
+                        in CERTCertificatePtr aServerCert,
+                        in CERTCertificatePtr aClientCert);
+
+  [must_use, noscript]
+  bool hasRememberedDecision(in ACString aHostName,
+                             in const_OriginAttributesRef aOriginAttributes,
+                             in CERTCertificatePtr aServerCert,
+                             out ACString aCertDBKey);
+
+  [must_use]
+  void clearRememberedDecisions();
+};
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@ -1969,6 +1969,9 @@ nsresult nsNSSComponent::InitializeNSS() {
    return NS_ERROR_UNEXPECTED;
  }

+  nsCOMPtr<nsIClientAuthRemember> cars =
+      do_GetService(NS_CLIENTAUTHREMEMBER_CONTRACTID);
+
  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n"));

  {
@ -2199,7 +2202,14 @@ nsresult nsNSSComponent::LogoutAuthenticatedPK11() {
        NS_LITERAL_CSTRING("all:temporary-certificates"), 0);
  }

-  nsClientAuthRememberService::ClearAllRememberedDecisions();
+  nsCOMPtr<nsIClientAuthRemember> svc =
+      do_GetService(NS_CLIENTAUTHREMEMBER_CONTRACTID);
+
+  if (svc) {
+    nsresult rv = svc->ClearRememberedDecisions();
+
+    Unused << NS_WARN_IF(NS_FAILED(rv));
+  }

  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
  if (os) {
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@ -1955,8 +1955,11 @@ void ClientAuthDataRunnable::RunOnTargetThread() {

    const nsACString& hostname = mSocketInfo->GetHostName();

-    RefPtr<nsClientAuthRememberService> cars =
-        mSocketInfo->SharedState().GetClientAuthRememberService();
+    nsCOMPtr<nsIClientAuthRemember> cars = nullptr;
+
+    if (mSocketInfo->GetProviderTlsFlags() == 0) {
+      cars = do_GetService(NS_CLIENTAUTHREMEMBER_CONTRACTID);
+    }

    bool hasRemembered = false;
    nsCString rememberedDBKey;
@ -2050,8 +2053,10 @@ void ClientAuthDataRunnable::RunOnTargetThread() {
      }

      if (cars && wantRemember) {
-        cars->RememberDecision(hostname, mSocketInfo->GetOriginAttributes(),
-                               mServerCert, certChosen ? cert.get() : nullptr);
+        rv = cars->RememberDecision(
+            hostname, mSocketInfo->GetOriginAttributes(), mServerCert,
+            certChosen ? cert.get() : nullptr);
+        Unused << NS_WARN_IF(NS_FAILED(rv));
      }
    }