mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1241646 - remove unused token arguments from nsIX509CertDB r=keeler
This commit is contained in:
parent
a36aa95b54
commit
964cc276c9
@ -258,7 +258,7 @@ private:
|
||||
|
||||
nsCOMPtr<nsIX509Cert> certFromDB;
|
||||
nsresult rv;
|
||||
rv = certDB->FindCertByNickname(nullptr, NS_ConvertASCIItoUTF16(mNickname),
|
||||
rv = certDB->FindCertByNickname(NS_ConvertASCIItoUTF16(mNickname),
|
||||
getter_AddRefs(certFromDB));
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
|
@ -506,7 +506,7 @@ function addCACerts()
|
||||
gCertFileTypes);
|
||||
fp.appendFilters(nsIFilePicker.filterAll);
|
||||
if (fp.show() == nsIFilePicker.returnOK) {
|
||||
certdb.importCertsFromFile(null, fp.file, nsIX509Cert.CA_CERT);
|
||||
certdb.importCertsFromFile(fp.file, nsIX509Cert.CA_CERT);
|
||||
caTreeView.loadCerts(nsIX509Cert.CA_CERT);
|
||||
caTreeView.selection.clearSelection();
|
||||
}
|
||||
@ -540,7 +540,7 @@ function addEmailCert()
|
||||
gCertFileTypes);
|
||||
fp.appendFilters(nsIFilePicker.filterAll);
|
||||
if (fp.show() == nsIFilePicker.returnOK) {
|
||||
certdb.importCertsFromFile(null, fp.file, nsIX509Cert.EMAIL_CERT);
|
||||
certdb.importCertsFromFile(fp.file, nsIX509Cert.EMAIL_CERT);
|
||||
var certcache = certdb.getCerts();
|
||||
emailTreeView.loadCertsFromCache(certcache, nsIX509Cert.EMAIL_CERT);
|
||||
emailTreeView.selection.clearSelection();
|
||||
@ -560,7 +560,7 @@ function addWebSiteCert()
|
||||
gCertFileTypes);
|
||||
fp.appendFilters(nsIFilePicker.filterAll);
|
||||
if (fp.show() == nsIFilePicker.returnOK) {
|
||||
certdb.importCertsFromFile(null, fp.file, nsIX509Cert.SERVER_CERT);
|
||||
certdb.importCertsFromFile(fp.file, nsIX509Cert.SERVER_CERT);
|
||||
|
||||
var certcache = certdb.getCerts();
|
||||
serverTreeView.loadCertsFromCache(certcache, nsIX509Cert.SERVER_CERT);
|
||||
|
@ -22,7 +22,7 @@ function setWindowName()
|
||||
|
||||
// Get the cert from the cert database
|
||||
certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
|
||||
cert = certdb.findCertByDBKey(dbkey, null);
|
||||
cert = certdb.findCertByDBKey(dbkey);
|
||||
|
||||
var bundle = document.getElementById("pippki_bundle");
|
||||
|
||||
|
@ -76,7 +76,7 @@ function setWindowName()
|
||||
//var token = pk11db.findTokenByName(tokenName);
|
||||
|
||||
//var cert = certdb.findCertByNickname(token, myName);
|
||||
cert = certdb.findCertByNickname(null, myName);
|
||||
cert = certdb.findCertByNickname(myName);
|
||||
} else {
|
||||
var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
|
||||
var cert = params.objects.queryElementAt(0, nsIX509Cert);
|
||||
@ -265,7 +265,7 @@ function updateCertDump()
|
||||
var dbKey = item.firstChild.firstChild.getAttribute('display');
|
||||
// Get the cert from the cert database
|
||||
var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
|
||||
var cert = certdb.findCertByDBKey(dbKey,null);
|
||||
var cert = certdb.findCertByDBKey(dbKey);
|
||||
asn1Tree.loadASN1Structure(cert.ASN1Structure);
|
||||
}
|
||||
displaySelected();
|
||||
@ -290,7 +290,7 @@ function getCurrentCert()
|
||||
var item = tree.contentView.getItemAtIndex(realIndex);
|
||||
var dbKey = item.firstChild.firstChild.getAttribute('display');
|
||||
var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
|
||||
var cert = certdb.findCertByDBKey(dbKey,null);
|
||||
var cert = certdb.findCertByDBKey(dbKey);
|
||||
return cert;
|
||||
}
|
||||
/* shouldn't really happen */
|
||||
|
@ -46,7 +46,7 @@ interface nsIVerifySignedManifestCallback : nsISupports
|
||||
* This represents a service to access and manipulate
|
||||
* X.509 certificates stored in a database.
|
||||
*/
|
||||
[scriptable, uuid(a36c45fb-f7b5-423e-a0f7-ea1eb4fd60b5)]
|
||||
[scriptable, uuid(5c16cd9b-5a73-47f1-ab0f-11ede7495cce)]
|
||||
interface nsIX509CertDB : nsISupports {
|
||||
|
||||
/**
|
||||
@ -59,19 +59,15 @@ interface nsIX509CertDB : nsISupports {
|
||||
const unsigned long TRUSTED_OBJSIGN = 1 << 2;
|
||||
|
||||
/**
|
||||
* Given a nickname and optionally a token,
|
||||
* Given a nickname,
|
||||
* locate the matching certificate.
|
||||
*
|
||||
* @param aToken Optionally limits the scope of
|
||||
* this function to a token device.
|
||||
* Can be null to mean any token.
|
||||
* @param aNickname The nickname to be used as the key
|
||||
* to find a certificate.
|
||||
*
|
||||
* @return The matching certificate if found.
|
||||
*/
|
||||
nsIX509Cert findCertByNickname(in nsISupports aToken,
|
||||
in AString aNickname);
|
||||
nsIX509Cert findCertByNickname(in AString aNickname);
|
||||
|
||||
/**
|
||||
* Will find a certificate based on its dbkey
|
||||
@ -80,11 +76,8 @@ interface nsIX509CertDB : nsISupports {
|
||||
*
|
||||
* @param aDBkey Database internal key, as obtained using
|
||||
* attribute dbkey in nsIX509Cert.
|
||||
* @param aToken Optionally limits the scope of
|
||||
* this function to a token device.
|
||||
* Can be null to mean any token.
|
||||
*/
|
||||
nsIX509Cert findCertByDBKey(in string aDBkey, in nsISupports aToken);
|
||||
nsIX509Cert findCertByDBKey(in string aDBkey);
|
||||
|
||||
/**
|
||||
* Obtain a list of certificate nicknames from the database.
|
||||
@ -92,16 +85,12 @@ interface nsIX509CertDB : nsISupports {
|
||||
* user, ca, or server cert - the nickname
|
||||
* email cert - the email address
|
||||
*
|
||||
* @param aToken Optionally limits the scope of
|
||||
* this function to a token device.
|
||||
* Can be null to mean any token.
|
||||
* @param aType Type of certificate to obtain
|
||||
* See certificate type constants in nsIX509Cert.
|
||||
* @param count The number of nicknames in the returned array
|
||||
* @param certNameList The returned array of certificate nicknames.
|
||||
*/
|
||||
void findCertNicknames(in nsISupports aToken,
|
||||
in unsigned long aType,
|
||||
void findCertNicknames(in unsigned long aType,
|
||||
out unsigned long count,
|
||||
[array, size_is(count)] out wstring certNameList);
|
||||
|
||||
@ -128,16 +117,12 @@ interface nsIX509CertDB : nsISupports {
|
||||
/**
|
||||
* Find a certificate by email address.
|
||||
*
|
||||
* @param aToken Optionally limits the scope of
|
||||
* this function to a token device.
|
||||
* Can be null to mean any token.
|
||||
* @param aEmailAddress The email address to be used as the key
|
||||
* to find the certificate.
|
||||
*
|
||||
* @return The matching certificate if found.
|
||||
*/
|
||||
nsIX509Cert findCertByEmailAddress(in nsISupports aToken,
|
||||
in string aEmailAddress);
|
||||
nsIX509Cert findCertByEmailAddress(in string aEmailAddress);
|
||||
|
||||
/**
|
||||
* Use this to import a stream sent down as a mime type into
|
||||
@ -229,23 +214,19 @@ interface nsIX509CertDB : nsISupports {
|
||||
* @return Returns true if the certificate is trusted for the given use.
|
||||
*/
|
||||
boolean isCertTrusted(in nsIX509Cert cert,
|
||||
in unsigned long certType,
|
||||
in unsigned long trustType);
|
||||
in unsigned long certType,
|
||||
in unsigned long trustType);
|
||||
|
||||
/**
|
||||
* Import certificate(s) from file
|
||||
*
|
||||
* @param aToken Optionally limits the scope of
|
||||
* this function to a token device.
|
||||
* Can be null to mean any token.
|
||||
* @param aFile Identifies a file that contains the certificate
|
||||
* to be imported.
|
||||
* @param aType Describes the type of certificate that is going to
|
||||
* be imported. See type constants in nsIX509Cert.
|
||||
*/
|
||||
void importCertsFromFile(in nsISupports aToken,
|
||||
in nsIFile aFile,
|
||||
in unsigned long aType);
|
||||
void importCertsFromFile(in nsIFile aFile,
|
||||
in unsigned long aType);
|
||||
|
||||
/**
|
||||
* Import a PKCS#12 file containing cert(s) and key(s) into the database.
|
||||
|
@ -96,9 +96,8 @@ nsNSSCertificateDB::~nsNSSCertificateDB()
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
|
||||
const nsAString &nickname,
|
||||
nsIX509Cert **_rvCert)
|
||||
nsNSSCertificateDB::FindCertByNickname(const nsAString& nickname,
|
||||
nsIX509Cert** _rvCert)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(_rvCert);
|
||||
*_rvCert = nullptr;
|
||||
@ -127,9 +126,8 @@ nsNSSCertificateDB::FindCertByNickname(nsISupports *aToken,
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
|
||||
nsIX509Cert **_cert)
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::FindCertByDBKey(const char* aDBkey,nsIX509Cert** _cert)
|
||||
{
|
||||
NS_ENSURE_ARG_POINTER(aDBkey);
|
||||
NS_ENSURE_ARG(aDBkey[0]);
|
||||
@ -199,10 +197,9 @@ nsNSSCertificateDB::FindCertByDBKey(const char *aDBkey, nsISupports *aToken,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::FindCertNicknames(nsISupports *aToken,
|
||||
uint32_t aType,
|
||||
uint32_t *_count,
|
||||
char16_t ***_certNames)
|
||||
nsNSSCertificateDB::FindCertNicknames(uint32_t aType,
|
||||
uint32_t* _count,
|
||||
char16_t*** _certNames)
|
||||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
if (isAlreadyShutDown()) {
|
||||
@ -1084,10 +1081,8 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert,
|
||||
}
|
||||
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::ImportCertsFromFile(nsISupports *aToken,
|
||||
nsIFile *aFile,
|
||||
uint32_t aType)
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType)
|
||||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
if (isAlreadyShutDown()) {
|
||||
@ -1101,7 +1096,7 @@ nsNSSCertificateDB::ImportCertsFromFile(nsISupports *aToken,
|
||||
case nsIX509Cert::SERVER_CERT:
|
||||
// good
|
||||
break;
|
||||
|
||||
|
||||
default:
|
||||
// not supported (yet)
|
||||
return NS_ERROR_FAILURE;
|
||||
@ -1155,8 +1150,7 @@ nsNSSCertificateDB::ImportCertsFromFile(nsISupports *aToken,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::ImportPKCS12File(nsISupports *aToken,
|
||||
nsIFile *aFile)
|
||||
nsNSSCertificateDB::ImportPKCS12File(nsISupports* aToken, nsIFile* aFile)
|
||||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
if (isAlreadyShutDown()) {
|
||||
@ -1173,10 +1167,10 @@ nsNSSCertificateDB::ImportPKCS12File(nsISupports *aToken,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::ExportPKCS12File(nsISupports *aToken,
|
||||
nsIFile *aFile,
|
||||
uint32_t count,
|
||||
nsIX509Cert **certs)
|
||||
nsNSSCertificateDB::ExportPKCS12File(nsISupports* aToken,
|
||||
nsIFile* aFile,
|
||||
uint32_t count,
|
||||
nsIX509Cert** certs)
|
||||
//const char16_t **aCertNames)
|
||||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
@ -1343,20 +1337,21 @@ nsNSSCertificateDB::FindEmailSigningCert(const nsAString& aNickname,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsNSSCertificateDB::FindCertByEmailAddress(nsISupports *aToken, const char *aEmailAddress, nsIX509Cert **_retval)
|
||||
nsNSSCertificateDB::FindCertByEmailAddress(const char* aEmailAddress,
|
||||
nsIX509Cert** _retval)
|
||||
{
|
||||
nsNSSShutDownPreventionLock locker;
|
||||
if (isAlreadyShutDown()) {
|
||||
return NS_ERROR_NOT_AVAILABLE;
|
||||
}
|
||||
|
||||
|
||||
RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
|
||||
NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
|
||||
|
||||
ScopedCERTCertList certlist(
|
||||
PK11_FindCertsFromEmailAddress(aEmailAddress, nullptr));
|
||||
if (!certlist)
|
||||
return NS_ERROR_FAILURE;
|
||||
return NS_ERROR_FAILURE;
|
||||
|
||||
// certlist now contains certificates with the right email address,
|
||||
// but they might not have the correct usage or might even be invalid
|
||||
|
@ -2237,7 +2237,7 @@ ClientAuthDataRunnable::RunOnTargetThread()
|
||||
if (certdb) {
|
||||
nsCOMPtr<nsIX509Cert> found_cert;
|
||||
nsresult find_rv =
|
||||
certdb->FindCertByDBKey(rememberedDBKey.get(), nullptr,
|
||||
certdb->FindCertByDBKey(rememberedDBKey.get(),
|
||||
getter_AddRefs(found_cert));
|
||||
if (NS_SUCCEEDED(find_rv) && found_cert) {
|
||||
nsNSSCertificate* obj_cert =
|
||||
|
@ -39,7 +39,7 @@ function run_test() {
|
||||
// Change the already existing intermediate certificate's trust using
|
||||
// addCertFromBase64(). We use findCertByNickname first to ensure that the
|
||||
// certificate already exists.
|
||||
let int_cert = certDB.findCertByNickname(null, "int-limited-depth");
|
||||
let int_cert = certDB.findCertByNickname("int-limited-depth");
|
||||
notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
|
||||
let base64_cert = btoa(getDERString(int_cert));
|
||||
certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
|
||||
|
@ -55,7 +55,7 @@ function encodeCommonNameAsBytes(commonName) {
|
||||
function testInvalidDBKey(certDB, dbKey) {
|
||||
let exceptionCaught = false;
|
||||
try {
|
||||
let cert = certDB.findCertByDBKey(dbKey, null);
|
||||
let cert = certDB.findCertByDBKey(dbKey);
|
||||
} catch(e) {
|
||||
do_print(e);
|
||||
exceptionCaught = true;
|
||||
@ -64,7 +64,7 @@ function testInvalidDBKey(certDB, dbKey) {
|
||||
}
|
||||
|
||||
function testDBKeyForNonexistentCert(certDB, dbKey) {
|
||||
let cert = certDB.findCertByDBKey(dbKey, null);
|
||||
let cert = certDB.findCertByDBKey(dbKey);
|
||||
ok(!cert, "shouldn't find cert for given dbKey");
|
||||
}
|
||||
|
||||
@ -98,7 +98,7 @@ function run_test() {
|
||||
equal(cert.dbKey, expectedDbKey,
|
||||
"actual and expected dbKey values should match");
|
||||
|
||||
let certFromDbKey = certDB.findCertByDBKey(expectedDbKey, null);
|
||||
let certFromDbKey = certDB.findCertByDBKey(expectedDbKey);
|
||||
ok(certFromDbKey.equals(cert),
|
||||
"nsIX509CertDB.findCertByDBKey should find the right certificate");
|
||||
|
||||
@ -107,14 +107,14 @@ function run_test() {
|
||||
let expectedDbKeyWithCRLF = expectedDbKey.replace(/(.{64})/, "$1\r\n");
|
||||
ok(expectedDbKeyWithCRLF.indexOf("\r\n") == 64,
|
||||
"test self-check: adding CRLF to dbKey should succeed");
|
||||
certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF, null);
|
||||
certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF);
|
||||
ok(certFromDbKey.equals(cert),
|
||||
"nsIX509CertDB.findCertByDBKey should work with dbKey with CRLF");
|
||||
|
||||
let expectedDbKeyWithSpaces = expectedDbKey.replace(/(.{64})/, "$1 ");
|
||||
ok(expectedDbKeyWithSpaces.indexOf(" ") == 64,
|
||||
"test self-check: adding spaces to dbKey should succeed");
|
||||
certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces, null);
|
||||
certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces);
|
||||
ok(certFromDbKey.equals(cert),
|
||||
"nsIX509CertDB.findCertByDBKey should work with dbKey with spaces");
|
||||
|
||||
|
@ -44,7 +44,7 @@ function run_test() {
|
||||
caList.forEach(function(ca) {
|
||||
addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem",
|
||||
"CTu,CTu,CTu");
|
||||
let caCert = certdb.findCertByNickname(null, ca);
|
||||
let caCert = certdb.findCertByNickname(ca);
|
||||
let usages = {};
|
||||
caCert.getUsagesString(true, {}, usages); // true indicates local-only
|
||||
equal(usages.value, expectedUsagesMap[ca],
|
||||
|
@ -191,11 +191,11 @@ function run_test() {
|
||||
load_cert(certList[i], ',,');
|
||||
}
|
||||
|
||||
let ca_cert = certdb.findCertByNickname(null, 'ca');
|
||||
let ca_cert = certdb.findCertByNickname('ca');
|
||||
notEqual(ca_cert, null, "CA cert should be in the cert DB");
|
||||
let int_cert = certdb.findCertByNickname(null, 'int');
|
||||
let int_cert = certdb.findCertByNickname('int');
|
||||
notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
|
||||
let ee_cert = certdb.findCertByNickname(null, 'ee');
|
||||
let ee_cert = certdb.findCertByNickname('ee');
|
||||
notEqual(ee_cert, null, "EE cert should be in the cert DB");
|
||||
|
||||
setup_basic_trusts(ca_cert, int_cert);
|
||||
|
@ -46,13 +46,13 @@ function start_ocsp_responder(expectedCertNames) {
|
||||
}
|
||||
|
||||
function check_cert_err(cert_name, expected_error) {
|
||||
let cert = certdb.findCertByNickname(null, cert_name);
|
||||
let cert = certdb.findCertByNickname(cert_name);
|
||||
checkCertErrorGeneric(certdb, cert, expected_error, certificateUsageSSLServer);
|
||||
}
|
||||
|
||||
|
||||
function check_ee_for_ev(cert_name, expected_ev) {
|
||||
let cert = certdb.findCertByNickname(null, cert_name);
|
||||
let cert = certdb.findCertByNickname(cert_name);
|
||||
checkEVStatus(certdb, cert, certificateUsageSSLServer, expected_ev);
|
||||
}
|
||||
|
||||
@ -107,7 +107,7 @@ function run_test() {
|
||||
// causes the root to be untrusted.
|
||||
const nsIX509Cert = Ci.nsIX509Cert;
|
||||
add_test(function() {
|
||||
let evRootCA = certdb.findCertByNickname(null, evrootnick);
|
||||
let evRootCA = certdb.findCertByNickname(evrootnick);
|
||||
certdb.setCertTrust(evRootCA, nsIX509Cert.CA_CERT, 0);
|
||||
|
||||
clearOCSPCache();
|
||||
@ -119,7 +119,7 @@ function run_test() {
|
||||
// bug 917380: Check that a trusted EV root is trusted after disabling and
|
||||
// re-enabling trust.
|
||||
add_test(function() {
|
||||
let evRootCA = certdb.findCertByNickname(null, evrootnick);
|
||||
let evRootCA = certdb.findCertByNickname(evrootnick);
|
||||
certdb.setCertTrust(evRootCA, nsIX509Cert.CA_CERT,
|
||||
Ci.nsIX509CertDB.TRUSTED_SSL |
|
||||
Ci.nsIX509CertDB.TRUSTED_EMAIL |
|
||||
@ -240,7 +240,7 @@ function run_test() {
|
||||
ocspResponder.stop(function () {
|
||||
// without net it must be able to EV verify
|
||||
let failingOcspResponder = failingOCSPResponder();
|
||||
let cert = certdb.findCertByNickname(null, "ev-valid");
|
||||
let cert = certdb.findCertByNickname("ev-valid");
|
||||
let hasEVPolicy = {};
|
||||
let verifiedChain = {};
|
||||
let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY |
|
||||
@ -321,7 +321,7 @@ function run_test() {
|
||||
function check_no_ocsp_requests(cert_name, expected_error) {
|
||||
clearOCSPCache();
|
||||
let ocspResponder = failingOCSPResponder();
|
||||
let cert = certdb.findCertByNickname(null, cert_name);
|
||||
let cert = certdb.findCertByNickname(cert_name);
|
||||
let hasEVPolicy = {};
|
||||
let verifiedChain = {};
|
||||
let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY |
|
||||
|
@ -71,7 +71,7 @@ function run_test() {
|
||||
addCertFromFile(certdb, `test_getchain/${cert}.pem`, ",,");
|
||||
}
|
||||
|
||||
let ee_cert = certdb.findCertByNickname(null, 'ee');
|
||||
let ee_cert = certdb.findCertByNickname('ee');
|
||||
notEqual(ee_cert, null, "EE cert should be in the cert DB");
|
||||
|
||||
let ca = get_ca_array();
|
||||
|
Loading…
Reference in New Issue
Block a user