Store a HMAC with the encrypted symmetric key instead of just the wrapped key and verify that the HMAC matches before unwrapping. Test that normal getting works and a tampered payload/HMAC fails but succeeds on restoring the correct HMAC.
Generate a SHA256 HAMC hex string from the base64 ciphertext and base64 symmetric key. Generate a HMAC key from the symmetric key and cache them together when unwrapping. Refactor the Utils.sha1 to share the same digest code.
--HG--
extra : rebase_source : dae973c62317eb3b738306fc30ea19870555c7df
Inline various _init calls and do super's init with <Super>.call(this, args..). Add various get/set sugar to those missing e.g., meta.keyring. Also simplify crypto record creation by setting cleartext in the parent.
--HG--
extra : rebase_source : 6c9a9f210f8f46ac338adb84188538e7353c9673
Get rid of Filters and automatically JSON.stringify PUT/POST data that aren't strings, so plain Records can be passed in to PUT and POST. This leverages toJSON of Records to provide an object that can be serialized. Fix up client record serialize/deserialize to still escape/unescape non-ASCII.
Switch to newline mode when using a collection record handler, and look for newlines! Easy! Update test to provide newline-separated strings instead of JSON.
Get rid of lastChannel and return a String object from _request with additional properties of status, succeeded, headers -- even if the response was handled by cache. Update engines to check for non-success and throw the failure. Update tests to use these additional properties instead of lastChannel, etc.
Trim the full path from JS stacks and just show the file and convert nsIException traces to look like js stacks: func()@file:line. Only difference is js stacks show arguments while nsIException always shows just (). Fix up some places where we print the exception instead of the fixed up string.
Incrementally process records as the collection finds record boundaries and converts them to records for the engine to use. Get rid of the collection iterator and original RecordParser. Add tests for incremental record parsing and remove old iter tests.
Add a couple Utils helper to create a pair of simple [gs]etters that use a hash property instead. Apply this to various records: WBORecord, {Priv,Pub}Key, Crypto{Meta,Wrapper}, and every engine's type records. Migrate by making sure key data exists (name change).
