Bug 1311996 - Fix code using pkix::Result to not conflict with the new mozilla::Result type. r=keeler
authorJan de Mooij <jdemooij@mozilla.com>
Mon, 31 Oct 2016 10:05:13 +0100
changeset 320270 a24793dce64c
parent 320269 9a76e10e5450
child 320271 15bfa2b75e1b
push id20754
push usercbook@mozilla.com
push dateMon, 31 Oct 2016 15:58:35 +0000
treeherderfx-team@b1b66b1780c2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1311996
milestone52.0a1
Bug 1311996 - Fix code using pkix::Result to not conflict with the new mozilla::Result type. r=keeler
security/apps/AppSignatureVerification.cpp
security/certverifier/CTSerialization.cpp
security/certverifier/CertVerifier.h
security/certverifier/OCSPCache.cpp
security/certverifier/OCSPVerificationTrustDomain.cpp
security/certverifier/OCSPVerificationTrustDomain.h
security/manager/ssl/ContentSignatureVerifier.cpp
security/manager/ssl/nsDataSignatureVerifier.cpp
security/manager/ssl/nsNSSCallbacks.cpp
security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -638,28 +638,29 @@ VerifyCertificate(CERTCertificate* signe
   const VerifyCertificateContext& context =
     *static_cast<const VerifyCertificateContext*>(voidContext);
 
   AppTrustDomain trustDomain(context.builtChain, pinArg);
   if (trustDomain.SetTrustedRoot(context.trustedRoot) != SECSuccess) {
     return MapSECStatus(SECFailure);
   }
   Input certDER;
-  Result rv = certDER.Init(signerCert->derCert.data, signerCert->derCert.len);
+  mozilla::pkix::Result rv = certDER.Init(signerCert->derCert.data,
+                                          signerCert->derCert.len);
   if (rv != Success) {
     return mozilla::psm::GetXPCOMFromNSSError(MapResultToPRErrorCode(rv));
   }
 
   rv = BuildCertChain(trustDomain, certDER, Now(),
                       EndEntityOrCA::MustBeEndEntity,
                       KeyUsage::digitalSignature,
                       KeyPurposeId::id_kp_codeSigning,
                       CertPolicyId::anyPolicy,
                       nullptr/*stapledOCSPResponse*/);
-  if (rv == Result::ERROR_EXPIRED_CERTIFICATE) {
+  if (rv == mozilla::pkix::Result::ERROR_EXPIRED_CERTIFICATE) {
     // For code-signing you normally need trusted 3rd-party timestamps to
     // handle expiration properly. The signer could always mess with their
     // system clock so you can't trust the certificate was un-expired when
     // the signing took place. The choice is either to ignore expiration
     // or to enforce expiration at time of use. The latter leads to the
     // user-hostile result that perfectly good code stops working.
     //
     // Our package format doesn't support timestamps (nor do we have a
--- a/security/certverifier/CTSerialization.cpp
+++ b/security/certverifier/CTSerialization.cpp
@@ -11,16 +11,18 @@
 #include "mozilla/Assertions.h"
 #include "mozilla/Move.h"
 #include "mozilla/TypeTraits.h"
 
 namespace mozilla { namespace ct {
 
 using namespace mozilla::pkix;
 
+typedef mozilla::pkix::Result Result;
+
 // Note: length is always specified in bytes.
 // Signed Certificate Timestamp (SCT) Version length
 static const size_t kVersionLength = 1;
 
 // Members of a V1 SCT
 static const size_t kLogIdLength = 32;
 static const size_t kTimestampLength = 8;
 static const size_t kExtensionsLengthBytes = 2;
--- a/security/certverifier/CertVerifier.h
+++ b/security/certverifier/CertVerifier.h
@@ -21,16 +21,18 @@ namespace mozilla { namespace ct {
 // headers and force us to export them in moz.build. Just forward-declare
 // the class here instead.
 class MultiLogCTVerifier;
 
 } } // namespace mozilla::ct
 
 namespace mozilla { namespace psm {
 
+typedef mozilla::pkix::Result Result;
+
 // These values correspond to the CERT_CHAIN_KEY_SIZE_STATUS telemetry.
 enum class KeySizeStatus {
   NeverChecked = 0,
   LargeMinimumSucceeded = 1,
   CompatibilityRisk = 2,
   AlreadyBad = 3,
 };
 
--- a/security/certverifier/OCSPCache.cpp
+++ b/security/certverifier/OCSPCache.cpp
@@ -33,16 +33,18 @@
 #include "secerr.h"
 
 extern mozilla::LazyLogModule gCertVerifierLog;
 
 using namespace mozilla::pkix;
 
 namespace mozilla { namespace psm {
 
+typedef mozilla::pkix::Result Result;
+
 static SECStatus
 DigestLength(UniquePK11Context& context, uint32_t length)
 {
   // Restrict length to 2 bytes because it should be big enough for all
   // inputs this code will actually see and that it is well-defined and
   // type-size-independent.
   if (length >= 65536) {
     return SECFailure;
--- a/security/certverifier/OCSPVerificationTrustDomain.cpp
+++ b/security/certverifier/OCSPVerificationTrustDomain.cpp
@@ -4,16 +4,18 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "OCSPVerificationTrustDomain.h"
 
 using namespace mozilla;
 using namespace mozilla::pkix;
 
+namespace mozilla { namespace psm {
+
 OCSPVerificationTrustDomain::OCSPVerificationTrustDomain(
   NSSCertDBTrustDomain& certDBTrustDomain)
   : mCertDBTrustDomain(certDBTrustDomain)
 {
 }
 
 Result
 OCSPVerificationTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
@@ -117,8 +119,10 @@ OCSPVerificationTrustDomain::NoteAuxilia
 
 Result
 OCSPVerificationTrustDomain::DigestBuf(
   Input item, DigestAlgorithm digestAlg,
   /*out*/ uint8_t* digestBuf, size_t digestBufLen)
 {
   return mCertDBTrustDomain.DigestBuf(item, digestAlg, digestBuf, digestBufLen);
 }
+
+} } // namespace mozilla::psm
--- a/security/certverifier/OCSPVerificationTrustDomain.h
+++ b/security/certverifier/OCSPVerificationTrustDomain.h
@@ -7,16 +7,18 @@
 #ifndef mozilla_psm__OCSPVerificationTrustDomain_h
 #define mozilla_psm__OCSPVerificationTrustDomain_h
 
 #include "pkix/pkixtypes.h"
 #include "NSSCertDBTrustDomain.h"
 
 namespace mozilla { namespace psm {
 
+typedef mozilla::pkix::Result Result;
+
 class OCSPVerificationTrustDomain : public mozilla::pkix::TrustDomain
 {
 public:
   explicit OCSPVerificationTrustDomain(NSSCertDBTrustDomain& certDBTrustDomain);
 
   virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
                             IssuerChecker& checker,
                             mozilla::pkix::Time time) override;
--- a/security/manager/ssl/ContentSignatureVerifier.cpp
+++ b/security/manager/ssl/ContentSignatureVerifier.cpp
@@ -159,17 +159,17 @@ ContentSignatureVerifier::CreateContextI
   CERTCertListNode* node = CERT_LIST_HEAD(certCertList.get());
   if (!node || !node->cert) {
     return NS_ERROR_FAILURE;
   }
 
   SECItem* certSecItem = &node->cert->derCert;
 
   Input certDER;
-  Result result =
+  mozilla::pkix::Result result =
     certDER.Init(BitwiseCast<uint8_t*, unsigned char*>(certSecItem->data),
                  certSecItem->len);
   if (result != Success) {
     return NS_ERROR_FAILURE;
   }
 
 
   // Check the signerCert chain is good
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -252,21 +252,22 @@ VerifyCertificate(CERTCertificate* cert,
     return NS_ERROR_OUT_OF_MEMORY;
   }
 
   context->signingCert = xpcomCert;
 
   RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
   NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
 
-  Result result = certVerifier->VerifyCert(cert,
-                                           certificateUsageObjectSigner,
-                                           Now(), pinArg,
-                                           nullptr, // hostname
-                                           context->builtChain);
+  mozilla::pkix::Result result =
+    certVerifier->VerifyCert(cert,
+                             certificateUsageObjectSigner,
+                             Now(), pinArg,
+                             nullptr, // hostname
+                             context->builtChain);
   if (result != Success) {
     return GetXPCOMFromNSSError(MapResultToPRErrorCode(result));
   }
 
   return NS_OK;
 }
 
 } // namespace
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -184,17 +184,17 @@ struct nsCancelHTTPDownloadEvent : Runna
 
   NS_IMETHOD Run() override {
     mListener->FreeLoadGroup(true);
     mListener = nullptr;
     return NS_OK;
   }
 };
 
-Result
+mozilla::pkix::Result
 nsNSSHttpServerSession::createSessionFcn(const char* host,
                                          uint16_t portnum,
                                  /*out*/ nsNSSHttpServerSession** pSession)
 {
   if (!host || !pSession) {
     return Result::FATAL_ERROR_INVALID_ARGS;
   }
 
@@ -205,17 +205,17 @@ nsNSSHttpServerSession::createSessionFcn
 
   hss->mHost = host;
   hss->mPort = portnum;
 
   *pSession = hss;
   return Success;
 }
 
-Result
+mozilla::pkix::Result
 nsNSSHttpRequestSession::createFcn(const nsNSSHttpServerSession* session,
                                    const char* http_protocol_variant,
                                    const char* path_and_query_string,
                                    const char* http_request_method,
                                    const PRIntervalTime timeout,
                            /*out*/ nsNSSHttpRequestSession** pRequest)
 {
   if (!session || !http_protocol_variant || !path_and_query_string ||
@@ -245,29 +245,29 @@ nsNSSHttpRequestSession::createFcn(const
   rs->mURL.Append(path_and_query_string);
 
   rs->mRequestMethod = http_request_method;
 
   *pRequest = rs;
   return Success;
 }
 
-Result
+mozilla::pkix::Result
 nsNSSHttpRequestSession::setPostDataFcn(const char* http_data,
                                         const uint32_t http_data_len,
                                         const char* http_content_type)
 {
   mHasPostData = true;
   mPostData.Assign(http_data, http_data_len);
   mPostContentType.Assign(http_content_type);
 
   return Success;
 }
 
-Result
+mozilla::pkix::Result
 nsNSSHttpRequestSession::trySendAndReceiveFcn(PRPollDesc** pPollDesc,
                                               uint16_t* http_response_code,
                                               const char** http_response_content_type,
                                               const char** http_response_headers,
                                               const char** http_response_data,
                                               uint32_t* http_response_data_len)
 {
   MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
@@ -348,17 +348,17 @@ void
 nsNSSHttpRequestSession::Release()
 {
   int32_t newRefCount = --mRefCount;
   if (!newRefCount) {
     delete this;
   }
 }
 
-Result
+mozilla::pkix::Result
 nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error,
                                                        PRPollDesc **pPollDesc,
                                                        uint16_t *http_response_code,
                                                        const char **http_response_content_type,
                                                        const char **http_response_headers,
                                                        const char **http_response_data,
                                                        uint32_t *http_response_data_len)
 {
--- a/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
+++ b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
@@ -12,17 +12,16 @@
 #include "nss.h"
 #include "pkix/pkixtypes.h"
 #include "pkixtestutil.h"
 #include "prerr.h"
 #include "secerr.h"
 
 using namespace mozilla::pkix;
 using namespace mozilla::pkix::test;
-using namespace mozilla::psm;
 
 template <size_t N>
 inline Input
 LiteralInput(const char(&valueString)[N])
 {
   // Ideally we would use mozilla::BitwiseCast() here rather than
   // reinterpret_cast for better type checking, but the |N - 1| part trips
   // static asserts.
@@ -41,17 +40,17 @@ protected:
     NSS_NoDB_Init(nullptr);
   }
 
   const Time now;
   mozilla::psm::OCSPCache cache;
 };
 
 static void
-PutAndGet(OCSPCache& cache, const CertID& certID, Result result,
+PutAndGet(mozilla::psm::OCSPCache& cache, const CertID& certID, Result result,
           Time time, const char* firstPartyDomain = nullptr)
 {
   // The first time is thisUpdate. The second is validUntil.
   // The caller is expecting the validUntil returned with Get
   // to be equal to the passed-in time. Since these values will
   // be different in practice, make thisUpdate less than validUntil.
   Time thisUpdate(time);
   ASSERT_EQ(Success, thisUpdate.SubtractSeconds(10));