Work on the FacetID/AppID algorithm showed this patch had incorrect usage of
the eTLD+1 checking, so this patch removes those checks until the more
sophisticated algorithm lands in Bug 1244959.
MozReview-Commit-ID: 2k6N5AU0J68
--HG--
extra : transplant_source : %B7n%17%00%DF%AB%F4OG%7E%D1%F0p%B1%AC%9Bq%C9%2B%D0
- Add an ephemeral self-signed Attestation Cert to NSSToken
- A new one is generated at each call to Register; this is allowed by the
protocol, and avoids fingerprinting if the NSSToken is in use.
- This now passes at https://u2fdemo.appspot.com/
MozReview-Commit-ID: Aq61MuX9oSD
--HG--
extra : transplant_source : %C1%00n6%22%01%E7q%B4/%D8-%C5W%D4%E6%86%14%25%C2
- Merge in test changes from Bug 1255784.
- Remove the unnecessary mutex
- Stop doing direct memory work in NSS Token
- Clean up direct memory work in ContentParent
- In order to store persistent crypto parameters, the NSSToken had to move
onto the main thread and be interfaced with via IDL/IPDL.
- Support Register/Sign via NSS using a long-lived secret key
- Rename the softtoken/usbtoken "enable" prefs, because of hierarchy issues
with the WebIDL Pref shadowing.
- Also orders the includes on nsNSSModule.cpp
- Attestation Certificates are in Part 2.
Updates per keeler review comments:
- Use //-style comments everywhere
- Refactor the PrivateKeyFromKeyHandle method
- Rename the logging and fix extraneous NS_WARN_IF/logging combinations
- Other updates from review
April 11-12:
- Correct usage of the "usageCount" flag for PK11_UnwrapPrivKey
- Rebase up to latest
April 15:
- Rebase to latest
MozReview-Commit-ID: 6T8jNmwFvHJ
--HG--
extra : transplant_source : w%26%CES%2Cu%04%3EAl%04%2Cb%E2v%C9%08%3A%CC%F4
J.C. Jones
Andrea Marchesini
J.C. Jones