wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 643041 - Merge nsIX509Cert2 and nsIX509Cert3 into nsIX509Cert, and merge nsIX509CertDB2 into nsIX509CertDB. r=keeler

Browse Source 
--HG--
extra : rebase_source : 5283c637e45dbee9f741d56cda54fdef1afce16e
This commit is contained in:
Harsh Pathak 2014-07-03 22:09:24 -07:00
parent 030939a356
commit e99f23fe2a
26 changed files with 298 additions and 342 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
dom/wifi/WifiWorker.js
View File

@ -3309,13 +3309,13 @@ WifiWorker.prototype = {
return;
}
let certDB2 = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB2);
if (!certDB2) {
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
if (!certDB) {
self._sendMessage(message, false, "Failed to query NSS DB service", msg);
}
let certList = certDB2.getCerts();
let certList = certDB.getCerts();
if (!certList) {
self._sendMessage(message, false, "Failed to get certificate List", msg);
}
@ -3332,7 +3332,7 @@ WifiWorker.prototype = {
};
while (certListEnum.hasMoreElements()) {
let certInfo = certListEnum.getNext().QueryInterface(Ci.nsIX509Cert3);
let certInfo = certListEnum.getNext().QueryInterface(Ci.nsIX509Cert);
let certNicknameInfo = /WIFI\_([A-Z]*)\_(.*)/.exec(certInfo.nickname);
if (!certNicknameInfo) {
continue;

6
security/apps/AppSignatureVerification.cpp
View File

@ -569,7 +569,7 @@ VerifySignature(AppTrustedRoot trustedRoot, const SECItem& buffer,
NS_IMETHODIMP
OpenSignedAppFile(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
/*out, optional */ nsIZipReader** aZipReader,
/*out, optional */ nsIX509Cert3** aSignerCert)
/*out, optional */ nsIX509Cert** aSignerCert)
{
NS_ENSURE_ARG_POINTER(aJarFile);
@ -728,7 +728,7 @@ OpenSignedAppFile(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
// but we can't do that until we switch to libpkix.
if (aSignerCert) {
MOZ_ASSERT(CERT_LIST_HEAD(builtChain));
nsCOMPtr<nsIX509Cert3> signerCert =
nsCOMPtr<nsIX509Cert> signerCert =
nsNSSCertificate::Create(CERT_LIST_HEAD(builtChain)->cert);
NS_ENSURE_TRUE(signerCert, NS_ERROR_OUT_OF_MEMORY);
signerCert.forget(aSignerCert);
@ -769,7 +769,7 @@ private:
const nsCOMPtr<nsIFile> mJarFile;
nsMainThreadPtrHandle<nsIOpenSignedAppFileCallback> mCallback;
nsCOMPtr<nsIZipReader> mZipReader; // out
nsCOMPtr<nsIX509Cert3> mSignerCert; // out
nsCOMPtr<nsIX509Cert> mSignerCert; // out
};
} // unnamed namespace

5
security/manager/pki/resources/content/pippki.js
View File

@ -43,7 +43,6 @@ function getDERString(cert)
function getPKCS7String(cert, chainMode)
{
var length = {};
cert.QueryInterface(Components.interfaces.nsIX509Cert3);
var pkcs7Array = cert.exportAsCMS(chainMode, length);
var pkcs7String = '';
for (var i = 0; i < pkcs7Array.length; i++) {
@ -110,10 +109,10 @@ function exportToFile(parent, cert)
content = getDERString(cert);
break;
case 3:
content = getPKCS7String(cert, Components.interfaces.nsIX509Cert3.CMS_CHAIN_MODE_CertOnly);
content = getPKCS7String(cert, Components.interfaces.nsIX509Cert.CMS_CHAIN_MODE_CertOnly);
break;
case 4:
content = getPKCS7String(cert, Components.interfaces.nsIX509Cert3.CMS_CHAIN_MODE_CertChainWithRoot);
content = getPKCS7String(cert, Components.interfaces.nsIX509Cert.CMS_CHAIN_MODE_CertChainWithRoot);
break;
case 0:
default:

12
security/manager/pki/resources/content/viewCertDetails.js
View File

@ -3,7 +3,6 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
const nsIX509Cert = Components.interfaces.nsIX509Cert;
const nsIX509Cert3 = Components.interfaces.nsIX509Cert3;
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
@ -94,14 +93,9 @@ function setWindowName()
AddCertChain("treesetDump", chain, "dump_");
DisplayGeneralDataFromCert(cert);
BuildPrettyPrint(cert);
if (cert instanceof nsIX509Cert3)
{
cert.requestUsagesArrayAsync(new listener());
}
cert.requestUsagesArrayAsync(new listener());
}
function addChildrenToTree(parentTree,label,value,addTwistie)
{
var treeChild1 = document.createElement("treechildren");
@ -249,7 +243,7 @@ function DisplayGeneralDataFromCert(cert)
addAttributeFromCert('validitystart', cert.validity.notBeforeLocalDay);
// Validity end
addAttributeFromCert('validityend', cert.validity.notAfterLocalDay);
//Now to populate the fields that correspond to the issuer.
var issuerCommonname, issuerOrg, issuerOrgUnit;
issuerCommonname = cert.issuerCommonName;
@ -287,7 +281,7 @@ function getCurrentCert()
&& document.getElementById('prettyprint_tab').selected) {
/* if the user manually selected a cert on the Details tab,
then take that one */
realIndex = tree.currentIndex;
realIndex = tree.currentIndex;
} else {
/* otherwise, take the one at the bottom of the chain
(i.e. the one of the end-entity, unless we're displaying

3
security/manager/ssl/public/moz.build
View File

@ -39,10 +39,7 @@ XPIDL_SOURCES += [
'nsITokenPasswordDialogs.idl',
'nsIUserCertPicker.idl',
'nsIX509Cert.idl',
'nsIX509Cert2.idl',
'nsIX509Cert3.idl',
'nsIX509CertDB.idl',
'nsIX509CertDB2.idl',
'nsIX509CertList.idl',
'nsIX509CertValidity.idl',
]

2
security/manager/ssl/public/nsISSLStatus.idl
View File

@ -23,7 +23,7 @@ interface nsISSLStatus : nsISupports {
* "unstrusted because missing or untrusted issuer"
* and
* "untrusted because self signed"
* query nsIX509Cert3::isSelfSigned
* query nsIX509Cert::isSelfSigned
*/
readonly attribute boolean isUntrusted;

125
security/manager/ssl/public/nsIX509Cert.idl
View File

@ -9,11 +9,18 @@
interface nsIArray;
interface nsIX509CertValidity;
interface nsIASN1Object;
interface nsICertVerificationListener;
%{ C++
/* forward declaration */
typedef struct CERTCertificateStr CERTCertificate;
%}
[ptr] native CERTCertificatePtr(CERTCertificate);
/**
* This represents a X.509 certificate.
*/
[scriptable, uuid(891d2009-b9ba-4a0d-bebe-6b3a30e33191)]
[scriptable, uuid(f8ed8364-ced9-4c6e-86ba-48af53c393e6)]
interface nsIX509Cert : nsISupports {
/**
@ -33,7 +40,7 @@ interface nsIX509Cert : nsISupports {
* @param length The number of strings in the returned array.
* @return An array of email addresses.
*/
void getEmailAddresses(out unsigned long length,
void getEmailAddresses(out unsigned long length,
[retval, array, size_is(length)] out wstring addresses);
/**
@ -42,7 +49,7 @@ interface nsIX509Cert : nsISupports {
* The behaviour for non ASCII characters is undefined.
*
* @param aEmailAddress The address to search for.
*
*
* @return True if the address is contained in the certificate.
*/
boolean containsEmailAddress(in AString aEmailAddress);
@ -138,6 +145,18 @@ interface nsIX509Cert : nsISupports {
const unsigned long USER_CERT = 1 << 1;
const unsigned long EMAIL_CERT = 1 << 2;
const unsigned long SERVER_CERT = 1 << 3;
const unsigned long ANY_CERT = 0xffff;
/**
* Type of this certificate
*/
readonly attribute unsigned long certType;
/**
* True if the certificate is self-signed. CA issued
* certificates are always self-signed.
*/
readonly attribute boolean isSelfSigned;
/**
* Constants for certificate verification results.
@ -152,7 +171,7 @@ interface nsIX509Cert : nsISupports {
const unsigned long INVALID_CA = 1 << 6;
const unsigned long USAGE_NOT_ALLOWED = 1 << 7;
const unsigned long SIGNATURE_ALGORITHM_DISABLED = 1 << 8;
/**
* Constants that describe the certified usages of a certificate.
*
@ -172,7 +191,14 @@ interface nsIX509Cert : nsISupports {
const unsigned long CERT_USAGE_AnyCA = 11;
/**
* Obtain a list of certificates that contains this certificate
* Constants for specifying the chain mode when exporting a certificate
*/
const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
const unsigned long CMS_CHAIN_MODE_CertChain = 2;
const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
/**
* Obtain a list of certificates that contains this certificate
* and the issuing certificates of all involved issuers,
* up to the root issuer.
*
@ -192,9 +218,17 @@ interface nsIX509Cert : nsISupports {
*/
void getUsagesArray(in boolean localOnly,
out uint32_t verified,
out uint32_t count,
out uint32_t count,
[array, size_is(count)] out wstring usages);
/**
* Async version of nsIX509Cert::getUsagesArray()
*
* Will not block, will request results asynchronously,
* availability of results will be notified on the main thread.
*/
void requestUsagesArrayAsync(in nsICertVerificationListener cvl);
/**
* Obtain a single comma separated human readable string describing
* the certificate's certified usages.
@ -224,7 +258,7 @@ interface nsIX509Cert : nsISupports {
[retval, array, size_is(length)] out octet data);
/**
* Test whether two certificate instances represent the
* Test whether two certificate instances represent the
* same certificate.
*
* @return Whether the certificates are equal
@ -236,4 +270,81 @@ interface nsIX509Cert : nsISupports {
* digest.
*/
readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
/**
* Obtain the certificate wrapped in a PKCS#7 SignedData structure,
* with or without the certificate chain
*
* @param chainMode Whether to include the chain (with or without the root),
see CMS_CHAIN_MODE constants.
* @param length The number of bytes of the PKCS#7 data.
* @param data The bytes representing the PKCS#7 wrapped certificate.
*/
void exportAsCMS(in unsigned long chainMode,
out unsigned long length,
[retval, array, size_is(length)] out octet data);
/**
* Retrieves the NSS certificate object wrapped by this interface
*/
[notxpcom, noscript] CERTCertificatePtr getCert();
/**
* Human readable names identifying all hardware or
* software tokens the certificate is stored on.
*
* @param length On success, the number of entries in the returned array.
* @return On success, an array containing the names of all tokens
* the certificate is stored on (may be empty).
* On failure the function throws/returns an error.
*/
void getAllTokenNames(out unsigned long length,
[retval, array, size_is(length)] out wstring
tokenNames);
/**
* Either delete the certificate from all cert databases,
* or mark it as untrusted.
*/
void markForPermDeletion();
};
[scriptable, uuid(2fd0a785-9f2d-4327-8871-8c3e0783891d)]
interface nsICertVerificationResult : nsISupports {
/**
* This interface reflects a container of
* verification results. Call will not block.
*
* Obtain an array of human readable strings describing
* the certificate's certified usages.
*
* Mirrors the results produced by
* nsIX509Cert::getUsagesArray()
*
* As of today, this function is a one-shot object,
* only the first call will succeed.
* This allows an optimization in the implementation,
* ownership of result data will be transfered to caller.
*
* @param cert The certificate that was verified.
* @param verified The certificate verification result,
* see constants in nsIX509Cert.
* @param count The number of human readable usages returned.
* @param usages The array of human readable usages.
*/
void getUsagesArrayResult(out uint32_t verified,
out uint32_t count,
[array, size_is(count)] out wstring usages);
};
[scriptable, uuid(6684bce9-50db-48e1-81b7-98102bf81357)]
interface nsICertVerificationListener : nsISupports {
/**
* Notify that results are ready, that have been requested
* using nsIX509Cert::requestUsagesArrayAsync()
*/
void notify(in nsIX509Cert verifiedCert,
in nsICertVerificationResult result);
};

30
security/manager/ssl/public/nsIX509Cert2.idl
View File

@ -1,30 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsIX509Cert.idl"
interface nsIArray;
interface nsIASN1Object;
%{ C++
/* forward declaration */
typedef struct CERTCertificateStr CERTCertificate;
%}
[ptr] native CERTCertificatePtr(CERTCertificate);
/**
* This represents additional interfaces to X.509 certificates
*/
[scriptable, uuid(5b62c61c-f898-4dab-8ace-51109bb459b4)]
interface nsIX509Cert2 : nsIX509Cert {
/**
* Additional constants to classify the type of a certificate.
*/
const unsigned long ANY_CERT = 0xffff;
readonly attribute unsigned long certType;
void markForPermDeletion();
[notxpcom, noscript] CERTCertificatePtr getCert();
};

98
security/manager/ssl/public/nsIX509Cert3.idl
View File

@ -1,98 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsIX509Cert2.idl"
interface nsICertVerificationListener;
/**
* Extending nsIX509Cert
*/
[scriptable, uuid(399004d8-b8c7-4eb9-8362-d99f4c0161fd)]
interface nsIX509Cert3 : nsIX509Cert2 {
/**
* Constants for specifying the chain mode when exporting a certificate
*/
const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
const unsigned long CMS_CHAIN_MODE_CertChain = 2;
const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
/**
* Async version of nsIX509Cert::getUsagesArray()
*
* Will not block, will request results asynchronously,
* availability of results will be notified on the main thread.
*/
void requestUsagesArrayAsync(in nsICertVerificationListener cvl);
/**
* Obtain the certificate wrapped in a PKCS#7 SignedData structure,
* with or without the certificate chain
*
* @param chainMode Whether to include the chain (with or without the root),
see CMS_CHAIN_MODE constants.
* @param length The number of bytes of the PKCS#7 data.
* @param data The bytes representing the PKCS#7 wrapped certificate.
*/
void exportAsCMS(in unsigned long chainMode,
out unsigned long length,
[retval, array, size_is(length)] out octet data);
readonly attribute boolean isSelfSigned;
/**
* Human readable names identifying all hardware or
* software tokens the certificate is stored on.
*
* @param length On success, the number of entries in the returned array.
* @return On success, an array containing the names of all tokens
* the certificate is stored on (may be empty).
* On failure the function throws/returns an error.
*/
void getAllTokenNames(out unsigned long length,
[retval, array, size_is(length)] out wstring
tokenNames);
};
[scriptable, uuid(2fd0a785-9f2d-4327-8871-8c3e0783891d)]
interface nsICertVerificationResult : nsISupports {
/**
* This interface reflects a container of
* verification results. Call will not block.
*
* Obtain an array of human readable strings describing
* the certificate's certified usages.
*
* Mirrors the results produced by
* nsIX509Cert::getUsagesArray()
*
* As of today, this function is a one-shot object,
* only the first call will succeed.
* This allows an optimization in the implementation,
* ownership of result data will be transfered to caller.
*
* @param cert The certificate that was verified.
* @param verified The certificate verification result,
* see constants in nsIX509Cert.
* @param count The number of human readable usages returned.
* @param usages The array of human readable usages.
*/
void getUsagesArrayResult(out uint32_t verified,
out uint32_t count,
[array, size_is(count)] out wstring usages);
};
[scriptable, uuid(6684bce9-50db-48e1-81b7-98102bf81357)]
interface nsICertVerificationListener : nsISupports {
/**
* Notify that results are ready, that have been requested
* using nsIX509Cert3::requestUsagesArrayAsync()
*/
void notify(in nsIX509Cert3 verifiedCert,
in nsICertVerificationResult result);
};

57
security/manager/ssl/public/nsIX509CertDB.idl
View File

@ -8,7 +8,6 @@
interface nsIArray;
interface nsIX509Cert;
interface nsIX509Cert3;
interface nsIFile;
interface nsIInterfaceRequestor;
interface nsIZipReader;
@ -21,16 +20,16 @@ interface nsIX509CertList;
typedef uint32_t AppTrustedRoot;
[scriptable, function, uuid(0927baea-622d-4e41-a76d-255af426e7fb)]
[scriptable, function, uuid(5984db62-d0e5-4671-a082-799cf7271e24)]
interface nsIOpenSignedAppFileCallback : nsISupports
{
void openSignedAppFileFinished(in nsresult rv,
in nsIZipReader aZipReader,
in nsIX509Cert3 aSignerCert);
in nsIX509Cert aSignerCert);
};
/**
* This represents a service to access and manipulate
* This represents a service to access and manipulate
* X.509 certificates stored in a database.
*/
[scriptable, uuid(7446a5b1-84ca-491f-a2fe-0bc60a71ffa5)]
@ -49,12 +48,12 @@ interface nsIX509CertDB : nsISupports {
* Given a nickname and optionally a token,
* locate the matching certificate.
*
* @param aToken Optionally limits the scope of
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aNickname The nickname to be used as the key
* to find a certificate.
*
*
* @return The matching certificate if found.
*/
nsIX509Cert findCertByNickname(in nsISupports aToken,
@ -67,7 +66,7 @@ interface nsIX509CertDB : nsISupports {
*
* @param aDBkey Database internal key, as obtained using
* attribute dbkey in nsIX509Cert.
* @param aToken Optionally limits the scope of
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
*/
@ -79,7 +78,7 @@ interface nsIX509CertDB : nsISupports {
* user, ca, or server cert - the nickname
* email cert - the email address
*
* @param aToken Optionally limits the scope of
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aType Type of certificate to obtain
@ -87,7 +86,7 @@ interface nsIX509CertDB : nsISupports {
* @param count The number of nicknames in the returned array
* @param certNameList The returned array of certificate nicknames.
*/
void findCertNicknames(in nsISupports aToken,
void findCertNicknames(in nsISupports aToken,
in unsigned long aType,
out unsigned long count,
[array, size_is(count)] out wstring certNameList);
@ -97,7 +96,7 @@ interface nsIX509CertDB : nsISupports {
*
* @param aNickname The nickname to be used as the key
* to find the certificate.
*
*
* @return The matching certificate if found.
*/
nsIX509Cert findEmailEncryptionCert(in AString aNickname);
@ -107,7 +106,7 @@ interface nsIX509CertDB : nsISupports {
*
* @param aNickname The nickname to be used as the key
* to find the certificate.
*
*
* @return The matching certificate if found.
*/
nsIX509Cert findEmailSigningCert(in AString aNickname);
@ -115,12 +114,12 @@ interface nsIX509CertDB : nsISupports {
/**
* Find a certificate by email address.
*
* @param aToken Optionally limits the scope of
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aEmailAddress The email address to be used as the key
* to find the certificate.
*
*
* @return The matching certificate if found.
*/
nsIX509Cert findCertByEmailAddress(in nsISupports aToken,
@ -164,7 +163,7 @@ interface nsIX509CertDB : nsISupports {
in nsIInterfaceRequestor ctx);
/**
* Import a personal certificate into the database, assuming
* Import a personal certificate into the database, assuming
* the database already contains the private key for this certificate.
*
* @param data The raw data to be imported
@ -184,7 +183,7 @@ interface nsIX509CertDB : nsISupports {
/**
* Modify the trust that is stored and associated to a certificate within
* a database. Separate trust is stored for
* a database. Separate trust is stored for
* One call manipulates the trust for one trust type only.
* See the trust type constants defined within this interface.
*
@ -203,14 +202,14 @@ interface nsIX509CertDB : nsISupports {
* characters, indicating SSL, Email, and Obj signing
* trust.
*/
void setCertTrustFromString(in nsIX509Cert3 cert, in string trustString);
void setCertTrustFromString(in nsIX509Cert cert, in string trustString);
/**
* Query whether a certificate is trusted for a particular use.
*
* @param cert Obtain the stored trust of this certificate.
* @param certType The type of the certificate. See nsIX509Cert.
* @param trustType A single bit from the usages constants defined
* @param trustType A single bit from the usages constants defined
* within this interface.
*
* @return Returns true if the certificate is trusted for the given use.
@ -222,7 +221,7 @@ interface nsIX509CertDB : nsISupports {
/**
* Import certificate(s) from file
*
* @param aToken Optionally limits the scope of
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aFile Identifies a file that contains the certificate
@ -237,7 +236,7 @@ interface nsIX509CertDB : nsISupports {
/**
* Import a PKCS#12 file containing cert(s) and key(s) into the database.
*
* @param aToken Optionally limits the scope of
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aFile Identifies a file that contains the data
@ -249,7 +248,7 @@ interface nsIX509CertDB : nsISupports {
/**
* Export a set of certs and keys from the database to a PKCS#12 file.
*
* @param aToken Optionally limits the scope of
* @param aToken Optionally limits the scope of
* this function to a token device.
* Can be null to mean any token.
* @param aFile Identifies a file that will be filled with the data
@ -316,7 +315,7 @@ interface nsIX509CertDB : nsISupports {
in nsIFile aJarFile,
in nsIOpenSignedAppFileCallback callback);
/*
/*
* Add a cert to a cert DB from a binary string.
*
* @param certDER The raw DER encoding of a certificate.
@ -361,4 +360,20 @@ interface nsIX509CertDB : nsISupports {
// Clears the OCSP cache for the current certificate verification
// implementation.
void clearOCSPCache();
/*
* Add a cert to a cert DB from a base64 encoded string.
*
* @param base64 The raw representation of a certificate,
* encoded as Base 64.
* @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
* indicating SSL, Email, and Obj signing trust
* @param aName name of the cert for display purposes.
*/
void addCertFromBase64(in string base64, in string aTrust, in string aName);
/*
* Get all the known certs in the database
*/
nsIX509CertList getCerts();
};

36
security/manager/ssl/public/nsIX509CertDB2.idl
View File

@ -1,36 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
interface nsIX509CertList;
/**
* This represents a service to access and manipulate
* X.509 certificates stored in a database through methods
* not in nsIX509CertDB, which is frozen
*
*/
[scriptable, uuid(e0df4784-6560-45bf-b1b7-86076a0e8381)]
interface nsIX509CertDB2 : nsISupports {
/*
* Add a cert to a cert DB from a base64 encoded string.
*
* @param base64 The raw representation of a certificate,
* encoded as Base 64.
* @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
* indicating SSL, Email, and Obj signing trust
* @param aName name of the cert for display purposes.
*/
void addCertFromBase64(in string base64, in string aTrust, in string aName);
/*
* Get all the known certs in the database
*/
nsIX509CertList getCerts();
};

15
security/manager/ssl/src/SSLServerCertVerification.cpp
View File

@ -689,7 +689,6 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo* infoObject,
// Get the existing cert. If there isn't one, then there is
// no cert change to worry about.
nsCOMPtr<nsIX509Cert> cert;
nsCOMPtr<nsIX509Cert2> cert2;
RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
if (!status) {
@ -700,10 +699,9 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo* infoObject,
}
status->GetServerCert(getter_AddRefs(cert));
cert2 = do_QueryInterface(cert);
if (!cert2) {
if (!cert) {
NS_NOTREACHED("every nsSSLStatus must have a cert"
"that implements nsIX509Cert2");
"that implements nsIX509Cert");
PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
return SECFailure;
}
@ -715,9 +713,9 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo* infoObject,
"GetNegotiatedNPN() failed during renegotiation");
if (NS_SUCCEEDED(rv) && !StringBeginsWith(negotiatedNPN,
NS_LITERAL_CSTRING("spdy/")))
NS_LITERAL_CSTRING("spdy/"))) {
return SECSuccess;
}
// If GetNegotiatedNPN() failed we will assume spdy for safety's safe
if (NS_FAILED(rv)) {
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
@ -726,11 +724,12 @@ BlockServerCertChangeForSpdy(nsNSSSocketInfo* infoObject,
}
// Check to see if the cert has actually changed
ScopedCERTCertificate c(cert2->GetCert());
ScopedCERTCertificate c(cert->GetCert());
NS_ASSERTION(c, "very bad and hopefully impossible state");
bool sameCert = CERT_CompareCerts(c, serverCert);
if (sameCert)
if (sameCert) {
return SECSuccess;
}
// Report an error - changed cert is confirmed
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,

16
security/manager/ssl/src/TransportSecurityInfo.cpp
View File

@ -535,13 +535,9 @@ AppendErrorTextUntrusted(PRErrorCode errTrust,
nsString &returnedMessage)
{
const char *errorID = nullptr;
nsCOMPtr<nsIX509Cert3> cert3 = do_QueryInterface(ix509);
if (cert3) {
bool isSelfSigned;
if (NS_SUCCEEDED(cert3->GetIsSelfSigned(&isSelfSigned))
&& isSelfSigned) {
errorID = "certErrorTrust_SelfSigned";
}
bool isSelfSigned;
if (NS_SUCCEEDED(ix509->GetIsSelfSigned(&isSelfSigned)) && isSelfSigned) {
errorID = "certErrorTrust_SelfSigned";
}
if (!errorID) {
@ -690,11 +686,7 @@ AppendErrorTextMismatch(const nsString &host,
const char16_t *params[1];
nsresult rv;
mozilla::pkix::ScopedCERTCertificate nssCert;
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(ix509, &rv);
if (cert2)
nssCert = cert2->GetCert();
mozilla::pkix::ScopedCERTCertificate nssCert(ix509->GetCert());
if (!nssCert) {
// We are unable to extract the valid names, say "not valid for name".

35
security/manager/ssl/src/nsCertOverrideService.cpp
View File

@ -390,14 +390,11 @@ GetCertFingerprintByOidTag(nsIX509Cert *aCert,
SECOidTag aOidTag,
nsCString &fp)
{
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(aCert);
if (!cert2)
return NS_ERROR_FAILURE;
mozilla::pkix::ScopedCERTCertificate nsscert(cert2->GetCert());
if (!nsscert)
mozilla::pkix::ScopedCERTCertificate nsscert(aCert->GetCert());
if (!nsscert) {
return NS_ERROR_FAILURE;
}
return GetCertFingerprintByOidTag(nsscert.get(), aOidTag, fp);
}
@ -425,24 +422,23 @@ GetCertFingerprintByDottedOidString(CERTCertificate* nsscert,
static nsresult
GetCertFingerprintByDottedOidString(nsIX509Cert *aCert,
const nsCString &dottedOid,
const nsCString &dottedOid,
nsCString &fp)
{
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(aCert);
if (!cert2)
return NS_ERROR_FAILURE;
mozilla::pkix::ScopedCERTCertificate nsscert(cert2->GetCert());
if (!nsscert)
mozilla::pkix::ScopedCERTCertificate nsscert(aCert->GetCert());
if (!nsscert) {
return NS_ERROR_FAILURE;
}
return GetCertFingerprintByDottedOidString(nsscert.get(), dottedOid, fp);
}
NS_IMETHODIMP
nsCertOverrideService::RememberValidityOverride(const nsACString & aHostName, int32_t aPort,
nsIX509Cert *aCert,
uint32_t aOverrideBits,
nsCertOverrideService::RememberValidityOverride(const nsACString& aHostName,
int32_t aPort,
nsIX509Cert* aCert,
uint32_t aOverrideBits,
bool aTemporary)
{
NS_ENSURE_ARG_POINTER(aCert);
@ -451,13 +447,10 @@ nsCertOverrideService::RememberValidityOverride(const nsACString & aHostName, in
if (aPort < -1)
return NS_ERROR_INVALID_ARG;
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(aCert);
if (!cert2)
return NS_ERROR_FAILURE;
mozilla::pkix::ScopedCERTCertificate nsscert(cert2->GetCert());
if (!nsscert)
mozilla::pkix::ScopedCERTCertificate nsscert(aCert->GetCert());
if (!nsscert) {
return NS_ERROR_FAILURE;
}
char* nickname = DefaultServerNicknameForCert(nsscert.get());
if (!aTemporary && nickname && *nickname)

17
security/manager/ssl/src/nsCertTree.cpp
View File

@ -330,7 +330,7 @@ nsCertTree::nsCertCompareFunc
nsCertTree::GetCompareFuncFromCertType(uint32_t aType)
{
switch (aType) {
case nsIX509Cert2::ANY_CERT:
case nsIX509Cert::ANY_CERT:
case nsIX509Cert::USER_CERT:
return CmpUserCert;
case nsIX509Cert::CA_CERT:
@ -477,7 +477,7 @@ nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
!CERT_LIST_END(node, aCertList);
node = CERT_LIST_NEXT(node)) {
bool wantThisCert = (aWantedType == nsIX509Cert2::ANY_CERT);
bool wantThisCert = (aWantedType == nsIX509Cert::ANY_CERT);
bool wantThisCertIfNoOverrides = false;
bool wantThisCertIfHaveOverrides = false;
bool addOverrides = false;
@ -809,12 +809,7 @@ nsCertTree::DeleteEntryObject(uint32_t index)
// although there are still overrides stored,
// so, we keep the cert, but remove the trust
mozilla::pkix::ScopedCERTCertificate nsscert;
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(cert);
if (cert2) {
nsscert = cert2->GetCert();
}
mozilla::pkix::ScopedCERTCertificate nsscert(cert->GetCert());
if (nsscert) {
CERTCertTrust trust;
@ -1235,12 +1230,8 @@ nsCertTree::GetCellText(int32_t row, nsITreeColumn* col,
(certdi->mIsTemporary) ? "CertExceptionTemporary" : "CertExceptionPermanent";
rv = mNSSComponent->GetPIPNSSBundleString(stringID, _retval);
} else if (NS_LITERAL_STRING("typecol").Equals(colID) && cert) {
nsCOMPtr<nsIX509Cert2> pipCert = do_QueryInterface(cert);
uint32_t type = nsIX509Cert::UNKNOWN_CERT;
if (pipCert) {
rv = pipCert->GetCertType(&type);
}
rv = cert->GetCertType(&type);
switch (type) {
case nsIX509Cert::USER_CERT:

9
security/manager/ssl/src/nsCertVerificationThread.cpp
View File

@ -17,7 +17,7 @@ class DispatchCertVerificationResult : public nsRunnable
{
public:
DispatchCertVerificationResult(const nsMainThreadPtrHandle<nsICertVerificationListener>& aListener,
nsIX509Cert3* aCert,
nsIX509Cert* aCert,
nsICertVerificationResult* aResult)
: mListener(aListener)
, mCert(aCert)
@ -31,7 +31,7 @@ public:
private:
nsMainThreadPtrHandle<nsICertVerificationListener> mListener;
nsCOMPtr<nsIX509Cert3> mCert;
nsCOMPtr<nsIX509Cert> mCert;
nsCOMPtr<nsICertVerificationResult> mResult;
};
} // anonymous namespace
@ -63,9 +63,8 @@ void nsCertVerificationJob::Run()
ires = vres;
}
nsCOMPtr<nsIX509Cert3> c3 = do_QueryInterface(mCert);
nsCOMPtr<nsIRunnable> r = new DispatchCertVerificationResult(mListener, c3, ires);
nsCOMPtr<nsIRunnable> r = new DispatchCertVerificationResult(mListener, mCert, ires);
NS_DispatchToMainThread(r);
}

32
security/manager/ssl/src/nsNSSCertificate.cpp
View File

@ -19,7 +19,6 @@
#include "nsPKCS12Blob.h"
#include "nsPK11TokenDB.h"
#include "nsIX509Cert.h"
#include "nsIX509Cert3.h"
#include "nsNSSASN1Object.h"
#include "nsString.h"
#include "nsXPIDLString.h"
@ -68,8 +67,6 @@ NSSCleanupAutoPtrClass_WithParam(PLArenaPool, PORT_FreeArena, FalseParam, false)
NS_IMPL_ISUPPORTS(nsNSSCertificate,
nsIX509Cert,
nsIX509Cert2,
nsIX509Cert3,
nsIIdentityInfo,
nsISerializable,
nsIClassInfo)
@ -1141,9 +1138,9 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
return NS_ERROR_FAILURE;
switch (chainMode) {
case nsIX509Cert3::CMS_CHAIN_MODE_CertOnly:
case nsIX509Cert3::CMS_CHAIN_MODE_CertChain:
case nsIX509Cert3::CMS_CHAIN_MODE_CertChainWithRoot:
case nsIX509Cert::CMS_CHAIN_MODE_CertOnly:
case nsIX509Cert::CMS_CHAIN_MODE_CertChain:
case nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot:
break;
default:
return NS_ERROR_INVALID_ARG;
@ -1178,15 +1175,15 @@ nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
// Since CERT_CertChainFromCert() also includes the certificate itself,
// we have to start at the issuing cert (to avoid duplicate certs
// in the SignedData).
if (chainMode == nsIX509Cert3::CMS_CHAIN_MODE_CertChain ||
chainMode == nsIX509Cert3::CMS_CHAIN_MODE_CertChainWithRoot) {
if (chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChain ||
chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot) {
ScopedCERTCertificate issuerCert(
CERT_FindCertIssuer(mCert.get(), PR_Now(), certUsageAnyCA));
// the issuerCert of a self signed root is the cert itself,
// so make sure we're not adding duplicates, again
if (issuerCert && issuerCert != mCert.get()) {
bool includeRoot =
(chainMode == nsIX509Cert3::CMS_CHAIN_MODE_CertChainWithRoot);
(chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot);
ScopedCERTCertificateList certChain(
CERT_CertChainFromCert(issuerCert, certUsageAnyCA, includeRoot));
if (certChain) {
@ -1377,11 +1374,7 @@ nsNSSCertificate::Equals(nsIX509Cert* other, bool* result)
NS_ENSURE_ARG(other);
NS_ENSURE_ARG(result);
nsCOMPtr<nsIX509Cert2> other2 = do_QueryInterface(other);
if (!other2)
return NS_ERROR_FAILURE;
ScopedCERTCertificate cert(other2->GetCert());
ScopedCERTCertificate cert(other->GetCert());
*result = (mCert.get() == cert.get());
return NS_OK;
}
@ -1552,10 +1545,7 @@ nsNSSCertList::AddCert(nsIX509Cert* aCert)
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsCOMPtr<nsIX509Cert2> nssCert = do_QueryInterface(aCert);
CERTCertificate* cert;
cert = nssCert->GetCert();
CERTCertificate* cert = aCert->GetCert();
if (!cert) {
NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate.");
return NS_ERROR_FAILURE;
@ -1577,8 +1567,7 @@ nsNSSCertList::DeleteCert(nsIX509Cert* aCert)
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsCOMPtr<nsIX509Cert2> nssCert = do_QueryInterface(aCert);
CERTCertificate* cert = nssCert->GetCert();
CERTCertificate* cert = aCert->GetCert();
CERTCertListNode* node;
if (!cert) {
@ -1605,8 +1594,9 @@ CERTCertList*
nsNSSCertList::DupCertList(CERTCertList* aCertList,
const nsNSSShutDownPreventionLock& /*proofOfLock*/)
{
if (!aCertList)
if (!aCertList) {
return nullptr;
}
CERTCertList* newList = CERT_NewCertList();

6
security/manager/ssl/src/nsNSSCertificate.h
View File

@ -7,8 +7,6 @@
#define _NS_NSSCERTIFICATE_H_
#include "nsIX509Cert.h"
#include "nsIX509Cert2.h"
#include "nsIX509Cert3.h"
#include "nsIX509CertDB.h"
#include "nsIX509CertList.h"
#include "nsIASN1Object.h"
@ -25,7 +23,7 @@ class nsAutoString;
class nsINSSComponent;
class nsIASN1Sequence;
class nsNSSCertificate : public nsIX509Cert3,
class nsNSSCertificate : public nsIX509Cert,
public nsIIdentityInfo,
public nsISerializable,
public nsIClassInfo,
@ -34,8 +32,6 @@ class nsNSSCertificate : public nsIX509Cert3,
public:
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSIX509CERT
NS_DECL_NSIX509CERT2
NS_DECL_NSIX509CERT3
NS_DECL_NSIIDENTITYINFO
NS_DECL_NSISERIALIZABLE
NS_DECL_NSICLASSINFO

43
security/manager/ssl/src/nsNSSCertificateDB.cpp
View File

@ -82,7 +82,7 @@ attemptToLogInWithDefaultPassword()
return NS_OK;
}
NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB, nsIX509CertDB2)
NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB)
nsNSSCertificateDB::nsNSSCertificateDB()
: mBadCertsLock("nsNSSCertificateDB::mBadCertsLock")
@ -954,14 +954,15 @@ nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert)
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsCOMPtr<nsIX509Cert2> nssCert = do_QueryInterface(aCert);
mozilla::pkix::ScopedCERTCertificate cert(nssCert->GetCert());
if (!cert) return NS_ERROR_FAILURE;
mozilla::pkix::ScopedCERTCertificate cert(aCert->GetCert());
if (!cert) {
return NS_ERROR_FAILURE;
}
SECStatus srv = SECSuccess;
uint32_t certType;
nssCert->GetCertType(&certType);
if (NS_FAILED(nssCert->MarkForPermDeletion()))
aCert->GetCertType(&certType);
if (NS_FAILED(aCert->MarkForPermDeletion()))
{
return NS_ERROR_FAILURE;
}
@ -998,11 +999,7 @@ nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert,
}
nsNSSCertTrust trust;
nsresult rv;
nsCOMPtr<nsIX509Cert2> pipCert = do_QueryInterface(cert, &rv);
if (!pipCert) {
return rv;
}
mozilla::pkix::ScopedCERTCertificate nsscert(pipCert->GetCert());
mozilla::pkix::ScopedCERTCertificate nsscert(cert->GetCert());
rv = attemptToLogInWithDefaultPassword();
if (NS_WARN_IF(rv != NS_OK)) {
@ -1054,8 +1051,7 @@ nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert,
return NS_ERROR_NOT_AVAILABLE;
}
SECStatus srv;
nsCOMPtr<nsIX509Cert2> pipCert = do_QueryInterface(cert);
mozilla::pkix::ScopedCERTCertificate nsscert(pipCert->GetCert());
mozilla::pkix::ScopedCERTCertificate nsscert(cert->GetCert());
CERTCertTrust nsstrust;
srv = CERT_GetCertTrust(nsscert.get(), &nsstrust);
if (srv != SECSuccess)
@ -1284,7 +1280,8 @@ finish:
/* nsIX509Cert getDefaultEmailEncryptionCert (); */
NS_IMETHODIMP
nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString &aNickname, nsIX509Cert **_retval)
nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString& aNickname,
nsIX509Cert** _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
*_retval = nullptr;
@ -1320,7 +1317,8 @@ nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString &aNickname, nsIX509C
/* nsIX509Cert getDefaultEmailSigningCert (); */
NS_IMETHODIMP
nsNSSCertificateDB::FindEmailSigningCert(const nsAString &aNickname, nsIX509Cert **_retval)
nsNSSCertificateDB::FindEmailSigningCert(const nsAString& aNickname,
nsIX509Cert** _retval)
{
NS_ENSURE_ARG_POINTER(_retval);
*_retval = nullptr;
@ -1590,14 +1588,16 @@ nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert,
}
}
}
if (!dummycert)
if (!dummycert) {
break;
}
count++;
}
}
NS_IMETHODIMP nsNSSCertificateDB::AddCertFromBase64(const char *aBase64, const char *aTrust, const char *aName)
NS_IMETHODIMP nsNSSCertificateDB::AddCertFromBase64(const char* aBase64,
const char* aTrust,
const char* aName)
{
NS_ENSURE_ARG_POINTER(aBase64);
nsCOMPtr <nsIX509Cert> newCert;
@ -1668,7 +1668,7 @@ nsNSSCertificateDB::AddCert(const nsACString & aCertDER, const char *aTrust,
}
NS_IMETHODIMP
nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert3* cert,
nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert,
const char* trustString)
{
CERTCertTrust trust;
@ -1761,11 +1761,10 @@ nsNSSCertificateDB::VerifyCertNow(nsIX509Cert* aCert,
EnsureIdentityInfoLoaded();
#endif
nsCOMPtr<nsIX509Cert2> x509Cert = do_QueryInterface(aCert);
if (!x509Cert) {
ScopedCERTCertificate nssCert(aCert->GetCert());
if (!nssCert) {
return NS_ERROR_INVALID_ARG;
}
ScopedCERTCertificate nssCert(x509Cert->GetCert());
RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);

3
security/manager/ssl/src/nsNSSCertificateDB.h
View File

@ -6,7 +6,6 @@
#define __NSNSSCERTIFICATEDB_H__
#include "nsIX509CertDB.h"
#include "nsIX509CertDB2.h"
#include "nsNSSShutDown.h"
#include "mozilla/RefPtr.h"
#include "mozilla/Mutex.h"
@ -17,14 +16,12 @@ class nsIArray;
class nsRecentBadCerts;
class nsNSSCertificateDB : public nsIX509CertDB
, public nsIX509CertDB2
, public nsNSSShutDownObject
{
public:
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSIX509CERTDB
NS_DECL_NSIX509CERTDB2
nsNSSCertificateDB();

53
security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp
View File

@ -12,7 +12,6 @@
#include "nsISupportsPrimitives.h"
#include "nsIX509Cert.h"
#include "nsNSSCertificate.h"
#include "nsNSSCertificate.h"
#include "nsString.h"
#include "nsXPIDLString.h"
@ -357,3 +356,55 @@ nsNSSCertificateFakeTransport::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
*aClassIDNoAlloc = kNSSCertificateCID;
return NS_OK;
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::GetCertType(unsigned int*)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::GetIsSelfSigned(bool*)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::RequestUsagesArrayAsync(nsICertVerificationListener*)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::GetAllTokenNames(unsigned int*,
char16_t***)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}
CERTCertificate*
nsNSSCertificateFakeTransport::GetCert()
{
NS_NOTREACHED("Unimplemented on content process");
return nullptr;
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::ExportAsCMS(unsigned int,
unsigned int*,
unsigned char**)
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP
nsNSSCertificateFakeTransport::MarkForPermDeletion()
{
NS_NOTREACHED("Unimplemented on content process");
return NS_ERROR_NOT_IMPLEMENTED;
}

15
security/manager/ssl/src/nsNSSIOLayer.cpp
View File

@ -387,16 +387,19 @@ nsNSSSocketInfo::JoinConnection(const nsACString& npnProtocol,
ScopedCERTCertificate nssCert;
nsCOMPtr<nsIX509Cert2> cert2 = do_QueryInterface(SSLStatus()->mServerCert);
if (cert2)
nssCert = cert2->GetCert();
nsCOMPtr<nsIX509Cert> cert(SSLStatus()->mServerCert);
if (cert) {
nssCert = cert->GetCert();
}
if (!nssCert)
if (!nssCert) {
return NS_OK;
}
if (CERT_VerifyCertName(nssCert, PromiseFlatCString(hostname).get()) !=
SECSuccess)
return NS_OK;
SECSuccess) {
return NS_OK;
}
// All tests pass - this is joinable
mJoined = true;

1
security/manager/ssl/src/nsVerificationJob.h
View File

@ -10,7 +10,6 @@
#include "nspr.h"
#include "nsIX509Cert.h"
#include "nsIX509Cert3.h"
#include "nsProxyRelease.h"
class nsBaseVerificationJob

5
security/manager/ssl/tests/unit/test_getchain.js
View File

@ -8,9 +8,6 @@
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
const certdb2 = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB2);
// This is the list of certificates needed for the test
// The certificates prefixed by 'int-' are intermediates
let certList = [
@ -29,7 +26,7 @@ function load_cert(cert_name, trust_string) {
// the ones that I am interested in.
function get_ca_array() {
let ret_array = new Array();
let allCerts = certdb2.getCerts();
let allCerts = certdb.getCerts();
let enumerator = allCerts.getEnumerator();
while (enumerator.hasMoreElements()) {
let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);

5
security/manager/tools/genHPKPStaticPins.js
View File

@ -25,7 +25,7 @@ let { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
let gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB2);
.getService(Ci.nsIX509CertDB);
gCertDB.QueryInterface(Ci.nsIX509CertDB);
const BUILT_IN_NICK_PREFIX = "Builtin Object Token:";
@ -108,8 +108,7 @@ function isBuiltinToken(tokenName) {
}
function isCertBuiltIn(cert) {
let cert3 = cert.QueryInterface(Ci.nsIX509Cert3);
let tokenNames = cert3.getAllTokenNames({});
let tokenNames = cert.getAllTokenNames({});
if (!tokenNames) {
return false;
}

1
toolkit/modules/CertUtils.jsm
View File

@ -167,7 +167,6 @@ this.checkCert =
if (!issuerCert)
throw new Ce(certNotBuiltInErr, Cr.NS_ERROR_ABORT);
issuerCert = issuerCert.QueryInterface(Ci.nsIX509Cert3);
var tokenNames = issuerCert.getAllTokenNames({});
if (!tokenNames || !tokenNames.some(isBuiltinToken))