зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1618710 - Refactoring nsClientAuthRememberService to work as a service r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D62585 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
510ee4e665
Коммит
e037cf93e5
|
@ -124,10 +124,6 @@ SharedSSLState::SharedSSLState(uint32_t aTlsFlags)
|
|||
mOCSPMustStapleEnabled(false),
|
||||
mSignedCertTimestampsEnabled(false) {
|
||||
mIOLayerHelpers.Init();
|
||||
if (!aTlsFlags) { // the per socket flags don't need memory
|
||||
mClientAuthRemember = new nsClientAuthRememberService();
|
||||
mClientAuthRemember->Init();
|
||||
}
|
||||
}
|
||||
|
||||
SharedSSLState::~SharedSSLState() {}
|
||||
|
@ -140,11 +136,7 @@ void SharedSSLState::NotePrivateBrowsingStatus() {
|
|||
}
|
||||
|
||||
void SharedSSLState::ResetStoredData() {
|
||||
if (!mClientAuthRemember) {
|
||||
return;
|
||||
}
|
||||
MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
|
||||
mClientAuthRemember->ClearRememberedDecisions();
|
||||
mIOLayerHelpers.clearStoredData();
|
||||
}
|
||||
|
||||
|
|
|
@ -7,10 +7,8 @@
|
|||
#ifndef SharedSSLState_h
|
||||
#define SharedSSLState_h
|
||||
|
||||
#include "mozilla/RefPtr.h"
|
||||
#include "nsNSSIOLayer.h"
|
||||
|
||||
class nsClientAuthRememberService;
|
||||
class nsIObserver;
|
||||
|
||||
namespace mozilla {
|
||||
|
@ -24,10 +22,6 @@ class SharedSSLState {
|
|||
static void GlobalInit();
|
||||
static void GlobalCleanup();
|
||||
|
||||
nsClientAuthRememberService* GetClientAuthRememberService() {
|
||||
return mClientAuthRemember;
|
||||
}
|
||||
|
||||
nsSSLIOLayerHelpers& IOLayerHelpers() { return mIOLayerHelpers; }
|
||||
|
||||
// Main-thread only
|
||||
|
@ -59,7 +53,6 @@ class SharedSSLState {
|
|||
void Cleanup();
|
||||
|
||||
nsCOMPtr<nsIObserver> mObserver;
|
||||
RefPtr<nsClientAuthRememberService> mClientAuthRemember;
|
||||
nsSSLIOLayerHelpers mIOLayerHelpers;
|
||||
|
||||
// True if any sockets have been created that use this shared data.
|
||||
|
|
|
@ -89,6 +89,13 @@ Classes = [
|
|||
'type': 'nsNSSCertificateDB',
|
||||
'legacy_constructor': 'mozilla::psm::NSSConstructor<nsNSSCertificateDB>',
|
||||
},
|
||||
{
|
||||
'cid': '{1dbc6eb6-0972-4bdb-9dc4-acd0abf72369}',
|
||||
'contract_ids': ['@mozilla.org/security/clientAuthRemember;1'],
|
||||
'type': 'nsClientAuthRememberService',
|
||||
'headers': ['nsClientAuthRemember.h'],
|
||||
'init_method': 'Init',
|
||||
},
|
||||
{
|
||||
'cid': '{36a1d3b3-d886-4317-96ff-87b0005cfef7}',
|
||||
'contract_ids': ['@mozilla.org/security/hash;1'],
|
||||
|
|
|
@ -19,6 +19,7 @@ XPIDL_SOURCES += [
|
|||
'nsICertificateDialogs.idl',
|
||||
'nsICertOverrideService.idl',
|
||||
'nsIClientAuthDialogs.idl',
|
||||
'nsIClientAuthRemember.idl',
|
||||
'nsIContentSignatureVerifier.idl',
|
||||
'nsICryptoHash.idl',
|
||||
'nsICryptoHMAC.idl',
|
||||
|
|
|
@ -25,8 +25,8 @@
|
|||
using namespace mozilla;
|
||||
using namespace mozilla::psm;
|
||||
|
||||
NS_IMPL_ISUPPORTS(nsClientAuthRememberService, nsIObserver,
|
||||
nsISupportsWeakReference)
|
||||
NS_IMPL_ISUPPORTS(nsClientAuthRememberService, nsIClientAuthRemember,
|
||||
nsIObserver)
|
||||
|
||||
nsClientAuthRememberService::nsClientAuthRememberService()
|
||||
: monitor("nsClientAuthRememberService.monitor") {}
|
||||
|
@ -44,7 +44,8 @@ nsresult nsClientAuthRememberService::Init() {
|
|||
nsCOMPtr<nsIObserverService> observerService =
|
||||
mozilla::services::GetObserverService();
|
||||
if (observerService) {
|
||||
observerService->AddObserver(this, "profile-before-change", true);
|
||||
observerService->AddObserver(this, "profile-before-change", false);
|
||||
observerService->AddObserver(this, "last-pb-context-exited", false);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
@ -60,36 +61,46 @@ nsClientAuthRememberService::Observe(nsISupports* aSubject, const char* aTopic,
|
|||
|
||||
ReentrantMonitorAutoEnter lock(monitor);
|
||||
RemoveAllFromMemory();
|
||||
} else if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) {
|
||||
ReentrantMonitorAutoEnter lock(monitor);
|
||||
ClearPrivateDecisions();
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void nsClientAuthRememberService::ClearRememberedDecisions() {
|
||||
NS_IMETHODIMP
|
||||
nsClientAuthRememberService::ClearRememberedDecisions() {
|
||||
ReentrantMonitorAutoEnter lock(monitor);
|
||||
RemoveAllFromMemory();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void nsClientAuthRememberService::ClearAllRememberedDecisions() {
|
||||
RefPtr<nsClientAuthRememberService> svc =
|
||||
PublicSSLState()->GetClientAuthRememberService();
|
||||
MOZ_ASSERT(svc);
|
||||
if (svc) {
|
||||
svc->ClearRememberedDecisions();
|
||||
}
|
||||
nsresult nsClientAuthRememberService::ClearPrivateDecisions() {
|
||||
ReentrantMonitorAutoEnter lock(monitor);
|
||||
for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
|
||||
nsCString entryKey = iter.Get()->mEntryKey;
|
||||
const int32_t separator = entryKey.Find(":", false, 0, -1);
|
||||
nsCString suffix;
|
||||
if (separator >= 0) {
|
||||
entryKey.Left(suffix, separator);
|
||||
} else {
|
||||
suffix = entryKey;
|
||||
}
|
||||
|
||||
svc = PrivateSSLState()->GetClientAuthRememberService();
|
||||
MOZ_ASSERT(svc);
|
||||
if (svc) {
|
||||
svc->ClearRememberedDecisions();
|
||||
if (OriginAttributes::IsPrivateBrowsing(suffix)) {
|
||||
iter.Remove();
|
||||
}
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
void nsClientAuthRememberService::RemoveAllFromMemory() {
|
||||
mSettingsTable.Clear();
|
||||
}
|
||||
|
||||
nsresult nsClientAuthRememberService::RememberDecision(
|
||||
NS_IMETHODIMP
|
||||
nsClientAuthRememberService::RememberDecision(
|
||||
const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
|
||||
CERTCertificate* aServerCert, CERTCertificate* aClientCert) {
|
||||
// aClientCert == nullptr means: remember that user does not want to use a
|
||||
|
@ -123,7 +134,8 @@ nsresult nsClientAuthRememberService::RememberDecision(
|
|||
return NS_OK;
|
||||
}
|
||||
|
||||
nsresult nsClientAuthRememberService::HasRememberedDecision(
|
||||
NS_IMETHODIMP
|
||||
nsClientAuthRememberService::HasRememberedDecision(
|
||||
const nsACString& aHostName, const OriginAttributes& aOriginAttributes,
|
||||
CERTCertificate* aCert, nsACString& aCertDBKey, bool* aRetVal) {
|
||||
if (aHostName.IsEmpty()) return NS_ERROR_INVALID_ARG;
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
#include "mozilla/Attributes.h"
|
||||
#include "mozilla/HashFunctions.h"
|
||||
#include "mozilla/ReentrantMonitor.h"
|
||||
#include "nsIClientAuthRemember.h"
|
||||
#include "nsIObserver.h"
|
||||
#include "nsNSSCertificate.h"
|
||||
#include "nsString.h"
|
||||
|
@ -87,10 +88,11 @@ class nsClientAuthRememberEntry final : public PLDHashEntryHdr {
|
|||
};
|
||||
|
||||
class nsClientAuthRememberService final : public nsIObserver,
|
||||
public nsSupportsWeakReference {
|
||||
public nsIClientAuthRemember {
|
||||
public:
|
||||
NS_DECL_THREADSAFE_ISUPPORTS
|
||||
NS_DECL_NSIOBSERVER
|
||||
NS_DECL_NSICLIENTAUTHREMEMBER
|
||||
|
||||
nsClientAuthRememberService();
|
||||
|
||||
|
@ -101,19 +103,6 @@ class nsClientAuthRememberService final : public nsIObserver,
|
|||
const nsACString& aFingerprint,
|
||||
/*out*/ nsACString& aEntryKey);
|
||||
|
||||
nsresult RememberDecision(const nsACString& aHostName,
|
||||
const OriginAttributes& aOriginAttributes,
|
||||
CERTCertificate* aServerCert,
|
||||
CERTCertificate* aClientCert);
|
||||
|
||||
nsresult HasRememberedDecision(const nsACString& aHostName,
|
||||
const OriginAttributes& aOriginAttributes,
|
||||
CERTCertificate* aServerCert,
|
||||
nsACString& aCertDBKey, bool* aRetVal);
|
||||
|
||||
void ClearRememberedDecisions();
|
||||
static void ClearAllRememberedDecisions();
|
||||
|
||||
protected:
|
||||
~nsClientAuthRememberService();
|
||||
|
||||
|
@ -121,10 +110,20 @@ class nsClientAuthRememberService final : public nsIObserver,
|
|||
nsTHashtable<nsClientAuthRememberEntry> mSettingsTable;
|
||||
|
||||
void RemoveAllFromMemory();
|
||||
|
||||
nsresult ClearPrivateDecisions();
|
||||
|
||||
nsresult AddEntryToList(const nsACString& aHost,
|
||||
const OriginAttributes& aOriginAttributes,
|
||||
const nsACString& aServerFingerprint,
|
||||
const nsACString& aDBKey);
|
||||
};
|
||||
|
||||
#define NS_CLIENTAUTHREMEMBER_CID \
|
||||
{ /* 1dbc6eb6-0972-4bdb-9dc4-acd0abf72369 */ \
|
||||
0x1dbc6eb6, 0x0972, 0x4bdb, { \
|
||||
0x9d, 0xc4, 0xac, 0xd0, 0xab, 0xf7, 0x23, 0x69 \
|
||||
} \
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
#include "nsISupports.idl"
|
||||
|
||||
%{C++
|
||||
#include "cert.h"
|
||||
#define NS_CLIENTAUTHREMEMBER_CONTRACTID "@mozilla.org/security/clientAuthRemember;1"
|
||||
%}
|
||||
|
||||
[ptr] native CERTCertificatePtr(CERTCertificate);
|
||||
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
|
||||
|
||||
[scriptable, uuid(1dbc6eb6-0972-4bdb-9dc4-acd0abf72369)]
|
||||
interface nsIClientAuthRemember : nsISupports
|
||||
{
|
||||
|
||||
[must_use, noscript]
|
||||
void rememberDecision(in ACString aHostName,
|
||||
in const_OriginAttributesRef aOriginAttributes,
|
||||
in CERTCertificatePtr aServerCert,
|
||||
in CERTCertificatePtr aClientCert);
|
||||
|
||||
[must_use, noscript]
|
||||
bool hasRememberedDecision(in ACString aHostName,
|
||||
in const_OriginAttributesRef aOriginAttributes,
|
||||
in CERTCertificatePtr aServerCert,
|
||||
out ACString aCertDBKey);
|
||||
|
||||
[must_use]
|
||||
void clearRememberedDecisions();
|
||||
};
|
|
@ -1969,6 +1969,9 @@ nsresult nsNSSComponent::InitializeNSS() {
|
|||
return NS_ERROR_UNEXPECTED;
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIClientAuthRemember> cars =
|
||||
do_GetService(NS_CLIENTAUTHREMEMBER_CONTRACTID);
|
||||
|
||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n"));
|
||||
|
||||
{
|
||||
|
@ -2199,7 +2202,14 @@ nsresult nsNSSComponent::LogoutAuthenticatedPK11() {
|
|||
NS_LITERAL_CSTRING("all:temporary-certificates"), 0);
|
||||
}
|
||||
|
||||
nsClientAuthRememberService::ClearAllRememberedDecisions();
|
||||
nsCOMPtr<nsIClientAuthRemember> svc =
|
||||
do_GetService(NS_CLIENTAUTHREMEMBER_CONTRACTID);
|
||||
|
||||
if (svc) {
|
||||
nsresult rv = svc->ClearRememberedDecisions();
|
||||
|
||||
Unused << NS_WARN_IF(NS_FAILED(rv));
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
|
||||
if (os) {
|
||||
|
|
|
@ -1955,8 +1955,11 @@ void ClientAuthDataRunnable::RunOnTargetThread() {
|
|||
|
||||
const nsACString& hostname = mSocketInfo->GetHostName();
|
||||
|
||||
RefPtr<nsClientAuthRememberService> cars =
|
||||
mSocketInfo->SharedState().GetClientAuthRememberService();
|
||||
nsCOMPtr<nsIClientAuthRemember> cars = nullptr;
|
||||
|
||||
if (mSocketInfo->GetProviderTlsFlags() == 0) {
|
||||
cars = do_GetService(NS_CLIENTAUTHREMEMBER_CONTRACTID);
|
||||
}
|
||||
|
||||
bool hasRemembered = false;
|
||||
nsCString rememberedDBKey;
|
||||
|
@ -2050,8 +2053,10 @@ void ClientAuthDataRunnable::RunOnTargetThread() {
|
|||
}
|
||||
|
||||
if (cars && wantRemember) {
|
||||
cars->RememberDecision(hostname, mSocketInfo->GetOriginAttributes(),
|
||||
mServerCert, certChosen ? cert.get() : nullptr);
|
||||
rv = cars->RememberDecision(
|
||||
hostname, mSocketInfo->GetOriginAttributes(), mServerCert,
|
||||
certChosen ? cert.get() : nullptr);
|
||||
Unused << NS_WARN_IF(NS_FAILED(rv));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче