Bug 1490265 - Port bug 1468222: Replace nsISSLStatus with nsITransportSecurityInfo. r=mkmelin
authorJorg K <jorgk@jorgk.com>
Tue, 11 Sep 2018 22:09:15 +0200
changeset 24717 37bdf33fc10c12f87f9229a9c6f7d56f3b3b9f01
parent 24716 babac1433bfba508e186fba72edfa5bb3bc60ff1
child 24718 a4f58095ed048c01694c7f66c1ad9f4f2431da57
push id14868
push usermozilla@jorgk.com
push dateTue, 11 Sep 2018 22:23:50 +0000
treeherdercomm-central@a4f58095ed04 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmkmelin
bugs1490265, 1468222
Bug 1490265 - Port bug 1468222: Replace nsISSLStatus with nsITransportSecurityInfo. r=mkmelin
calendar/base/modules/utils/calProviderUtils.jsm
chat/components/public/imIAccount.idl
chat/modules/jsProtoHelper.jsm
chat/modules/socket.jsm
mail/base/content/mailWindow.js
mail/components/accountcreation/content/guessConfig.js
mail/components/accountcreation/content/verifyConfig.js
mail/components/im/content/imAccounts.js
--- a/calendar/base/modules/utils/calProviderUtils.jsm
+++ b/calendar/base/modules/utils/calProviderUtils.jsm
@@ -172,29 +172,29 @@ var calprovider = {
             return ChromeUtils.generateQI([Ci.nsIBadCertListener2]);
         }
 
         constructor(thisProvider) {
             this.thisProvider = thisProvider;
             this.timer = null;
         }
 
-        notifyCertProblem(socketInfo, status, targetSite) {
+        notifyCertProblem(socketInfo, secInfo, targetSite) {
             // Unfortunately we can't pass js objects using the window watcher, so
             // we'll just take the first available calendar window. We also need to
             // do this on a timer so that the modal window doesn't block the
             // network request.
             let calWindow = cal.window.getCalendarWindow();
 
             let timerCallback = {
                 thisProvider: this.thisProvider,
                 notify: function(timer) {
                     let params = {
                         exceptionAdded: false,
-                        sslStatus: status,
+                        securityInfo: secInfo,
                         prefetchCert: true,
                         location: targetSite
                     };
                     calWindow.openDialog("chrome://pippki/content/exceptionDialog.xul",
                                          "",
                                          "chrome,centerscreen,modal",
                                          params);
                     if (this.thisProvider.canRefresh &&
--- a/chat/components/public/imIAccount.idl
+++ b/chat/components/public/imIAccount.idl
@@ -8,16 +8,17 @@
 
 interface imITag;
 interface imIBuddy;
 interface prplIAccountBuddy;
 interface imIAccount;
 interface prplIAccount;
 interface prplIProtocol;
 interface nsIScriptError;
+interface nsITransportSecurityInfo;
 
 /*
  * Used to join chat rooms.
  */
 
 [scriptable, uuid(7e91accd-f04c-4787-9954-c7db4fb235fb)]
 interface prplIChatRoomFieldValues: nsISupports {
   AUTF8String getValue(in AUTF8String aIdentifier);
@@ -144,16 +145,19 @@ interface prplIAccount: nsISupports {
 
   /* When a connection error occurred, this value indicates the type of error */
   readonly attribute short connectionErrorReason;
 
   /* When a certificate error occurs, the host/port that caused a
    * SSL/certificate error when connecting to it. This is only valid when
    * connectionErrorReason is one of ERROR_CERT_*. */
   readonly attribute AUTF8String connectionTarget;
+  /* When a certificate error occurs, the nsITransportSecurityInfo error of
+   * the socket. This should only be set when connectionTarget is set. */
+  readonly attribute nsITransportSecurityInfo secInfo;
 
   /* Possible connection error reasons:
      ERROR_NETWORK_ERROR and ERROR_ENCRYPTION_ERROR are not fatal and
      should enable the automatic reconnection feature. */
   const short NO_ERROR = -1;
   const short ERROR_NETWORK_ERROR = 0;
   const short ERROR_INVALID_USERNAME = 1;
   const short ERROR_AUTHENTICATION_FAILED = 2;
--- a/chat/modules/jsProtoHelper.jsm
+++ b/chat/modules/jsProtoHelper.jsm
@@ -45,63 +45,63 @@ var GenericAccountPrototype = {
   get connected() { return this.imAccount.connected; },
   get connecting() { return this.imAccount.connecting; },
   get disconnected() { return this.imAccount.disconnected; },
   get disconnecting() { return this.imAccount.disconnecting; },
   _connectionErrorReason: Ci.prplIAccount.NO_ERROR,
   get connectionErrorReason() { return this._connectionErrorReason; },
 
   /*
-   * Convert a socket's nsISSLStatus into a prplIAccount connection error. Store
-   * the nsISSLStatus and the connection location on the account so the
+   * Convert a socket's nsITransportSecurityInfo into a prplIAccount connection error. Store
+   * the nsITransportSecurityInfo and the connection location on the account so the
    * certificate exception dialog can access the information.
    */
   handleBadCertificate: function(aSocket, aIsSslError) {
     this._connectionTarget = aSocket.host + ":" + aSocket.port;
 
     if (aIsSslError)
       return Ci.prplIAccount.ERROR_ENCRYPTION_ERROR;
 
-    let sslStatus = this._sslStatus = aSocket.sslStatus;
-    if (!sslStatus)
+    let secInfo = this._secInfo = aSocket.secInfo;
+    if (!secInfo)
       return Ci.prplIAccount.ERROR_CERT_NOT_PROVIDED;
 
-    if (sslStatus.isUntrusted) {
-      if (sslStatus.serverCert &&
-          sslStatus.serverCert.isSelfSigned)
+    if (secInfo.isUntrusted) {
+      if (secInfo.serverCert &&
+          secInfo.serverCert.isSelfSigned)
         return Ci.prplIAccount.ERROR_CERT_SELF_SIGNED;
       return Ci.prplIAccount.ERROR_CERT_UNTRUSTED;
     }
 
-    if (sslStatus.isNotValidAtThisTime) {
-      if (sslStatus.serverCert &&
-          sslStatus.serverCert.validity.notBefore < Date.now() * 1000)
+    if (secInfo.isNotValidAtThisTime) {
+      if (secInfo.serverCert &&
+          secInfo.serverCert.validity.notBefore < Date.now() * 1000)
         return Ci.prplIAccount.ERROR_CERT_NOT_ACTIVATED;
       return Ci.prplIAccount.ERROR_CERT_EXPIRED;
     }
 
-    if (sslStatus.isDomainMismatch)
+    if (secInfo.isDomainMismatch)
       return Ci.prplIAccount.ERROR_CERT_HOSTNAME_MISMATCH;
 
     // XXX ERROR_CERT_FINGERPRINT_MISMATCH
 
     return Ci.prplIAccount.ERROR_CERT_OTHER_ERROR;
   },
   _connectionTarget: "",
   get connectionTarget() { return this._connectionTarget; },
-  _sslStatus: null,
-  get sslStatus() { return this._sslStatus; },
+  _secInfo: null,
+  get secInfo() { return this._secInfo; },
 
   reportConnected: function() {
     this.imAccount.observe(this, "account-connected", null);
   },
   reportConnecting: function(aConnectionStateMsg) {
     // Delete any leftover errors from the previous connection.
     delete this._connectionTarget;
-    delete this._sslStatus;
+    delete this._secInfo;
 
     if (!this.connecting)
       this.imAccount.observe(this, "account-connecting", null);
     if (aConnectionStateMsg)
       this.imAccount.observe(this, "account-connect-progress", aConnectionStateMsg);
   },
   reportDisconnected: function() {
     this.imAccount.observe(this, "account-disconnected", null);
--- a/chat/modules/socket.jsm
+++ b/chat/modules/socket.jsm
@@ -31,17 +31,17 @@
  *   binaryMode
  *   delimiter
  *   inputSegmentSize
  *   outputSegmentSize
  *   proxyFlags
  *   connectTimeout (default is no timeout)
  *   readWriteTimeout (default is no timeout)
  *   disconnected
- *   sslStatus
+ *   secInfo
  *
  * Users should "subclass" this object, i.e. set their .__proto__ to be it. And
  * then implement:
  *   onConnection()
  *   onConnectionHeard()
  *   onConnectionTimedOut()
  *   onConnectionReset()
  *   onBadCertificate(boolean aIsSslError, AString aNSSErrorMessage)
@@ -125,18 +125,18 @@ var Socket = {
   // Flags used by nsIProxyService when resolving a proxy.
   proxyFlags: Ci.nsIProtocolProxyService.RESOLVE_PREFER_SOCKS_PROXY,
 
   // Time (in seconds) for nsISocketTransport to continue trying before
   // reporting a failure, 0 is forever.
   connectTimeout: 0,
   readWriteTimeout: 0,
 
-  // A nsISSLStatus instance giving details about the certificate error.
-  sslStatus: null,
+  // A nsITransportSecurityInfo instance giving details about the certificate error.
+  secInfo: null,
 
   /*
    *****************************************************************************
    ******************************* Public methods ******************************
    *****************************************************************************
    */
   // Synchronously open a connection.
   // It connects to aHost and aPort, but uses aOriginHost and aOriginPort for
@@ -528,18 +528,18 @@ var Socket = {
     this.onConnectionClosed();
   },
 
   /*
    * nsIBadCertListener2
    */
   // Called when there's an error, return true to suppress the modal alert.
   // Whatever this function returns, NSS will close the connection.
-  notifyCertProblem: function(aSocketInfo, aStatus, aTargetSite) {
-    this.sslStatus = aStatus;
+  notifyCertProblem: function(aSocketInfo, aSecInfo, aTargetSite) {
+    this.secInfo = aSecInfo;
     return true;
   },
 
   /*
    * nsITransportEventSink methods
    */
   onTransportStatus: function(aTransport, aStatus, aProgress, aProgressmax) {
     // Don't send status change notifications after the socket has been closed.
--- a/mail/base/content/mailWindow.js
+++ b/mail/base/content/mailWindow.js
@@ -611,21 +611,21 @@ BadCertHandler.prototype = {
     return this.QueryInterface(iid);
   },
 
   // nsISupports
   QueryInterface: ChromeUtils.generateQI(["nsIBadCertListener2",
                                           "nsIInterfaceRequestor"]),
 };
 
-function InformUserOfCertError(socketInfo, status, targetSite)
+function InformUserOfCertError(socketInfo, secInfo, targetSite)
 {
   let params = {
     exceptionAdded : false,
-    sslStatus : status,
+    securityInfo : secInfo,
     prefetchCert: true,
     location : targetSite
   };
   window.openDialog('chrome://pippki/content/exceptionDialog.xul',
                   '','chrome,centerscreen,modal', params);
 }
 
 function nsBrowserAccess() { }
--- a/mail/components/accountcreation/content/guessConfig.js
+++ b/mail/components/accountcreation/content/guessConfig.js
@@ -845,23 +845,23 @@ function SSLErrorHandler(thisTry, logger
   this._try = thisTry;
   this._log = logger;
   // _ gotCertError will be set to an error code (one of those defined in
   // nsICertOverrideService)
   this._gotCertError = 0;
 }
 SSLErrorHandler.prototype =
 {
-  processCertError(socketInfo, status, targetSite) {
+  processCertError(socketInfo, secInfo, targetSite) {
     this._log.error("Got Cert error for " + targetSite);
 
     if (!status)
       return true;
 
-    let cert = status.QueryInterface(Ci.nsISSLStatus).serverCert;
+    let cert = secInfo.serverCert;
     let flags = 0;
 
     let parts = targetSite.split(":");
     let host = parts[0];
     let port = parts[1];
 
     /* The following 2 cert problems are unfortunately common:
      * 1) hostname mismatch:
--- a/mail/components/accountcreation/content/verifyConfig.js
+++ b/mail/components/accountcreation/content/verifyConfig.js
@@ -278,20 +278,20 @@ urlListener.prototype =
     setTimeout(function() {
       try {
         self.informUserOfCertError(socketInfo, status, targetSite);
       } catch (e) { logException(e); }
     }, 0);
     return true;
   },
 
-  informUserOfCertError(socketInfo, status, targetSite) {
+  informUserOfCertError(socketInfo, secInfo, targetSite) {
     var params = {
       exceptionAdded: false,
-      sslStatus: status,
+      securityInfo: secInfo,
       prefetchCert: true,
       location: targetSite,
     };
     window.openDialog("chrome://pippki/content/exceptionDialog.xul",
                       "", "chrome,centerscreen,modal", params);
     this._log.info("cert exception dialog closed");
     this._log.info("cert exceptionAdded = " + params.exceptionAdded);
     if (!params.exceptionAdded) {
--- a/mail/components/im/content/imAccounts.js
+++ b/mail/components/im/content/imAccounts.js
@@ -219,17 +219,17 @@ var gAccountManager = {
     let account = this.accountList.selectedItem.account;
     let prplAccount = account.prplAccount;
     if (!account.disconnected || !prplAccount.connectionTarget)
       return;
 
     // Open the Gecko SSL exception dialog.
     let params = {
       exceptionAdded: false,
-      sslStatus: prplAccount.sslStatus,
+      securityInfo: prplAccount.secInfo,
       prefetchCert: true,
       location: prplAccount.connectionTarget
     };
     window.openDialog("chrome://pippki/content/exceptionDialog.xul", "",
                       "chrome,centerscreen,modal", params);
     // Reconnect the account if an exception was added.
     if (params.exceptionAdded)
       account.connect();