Bug 1103120 - Part 10: Server: Send pending auth message to client. r=past
authorJ. Ryan Stinnett <jryans@gmail.com>
Mon, 26 Jan 2015 12:47:13 -0600
changeset 225852 a40e2eeacf5acc66ffa69ab0f01567b2cb1bf2a2
parent 225851 63a17819ae9411808096062cec4770b23c671ce7
child 225853 5a2adc1655638a8653d9e8e7e9488793ebe7cca6
push id28176
push userryanvm@gmail.com
push dateMon, 26 Jan 2015 21:48:45 +0000
treeherdermozilla-central@38e4719e71af [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerspast
bugs1103120
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1103120 - Part 10: Server: Send pending auth message to client. r=past
toolkit/devtools/security/auth.js
toolkit/devtools/security/socket.js
--- a/toolkit/devtools/security/auth.js
+++ b/toolkit/devtools/security/auth.js
@@ -37,16 +37,21 @@ let AuthenticationResult = exports.Authe
   DISABLE_ALL: null,
 
   /**
    * Deny the current connection.
    */
   DENY: null,
 
   /**
+   * Additional data needs to be exchanged before a result can be determined.
+   */
+  PENDING: null,
+
+  /**
    * Allow the current connection.
    */
   ALLOW: null,
 
   /**
    * Allow the current connection, and persist this choice for future
    * connections from the same client.  This requires a trustable mechanism to
    * identify the client in the future, such as the cert used during OOB_CERT.
@@ -131,27 +136,31 @@ Prompt.Server.prototype = {
    *        {
    *          client: {
    *            host,
    *            port
    *          },
    *          server: {
    *            host,
    *            port
-   *          }
+   *          },
+   *          transport
    *        }
    * @return An AuthenticationResult value.
    *         A promise that will be resolved to the above is also allowed.
    */
-  authenticate(session) {
+  authenticate({ client, server }) {
     if (!Services.prefs.getBoolPref("devtools.debugger.prompt-connection")) {
       return AuthenticationResult.ALLOW;
     }
-    session.authentication = this.mode;
-    return this.allowConnection(session);
+    return this.allowConnection({
+      authentication: this.mode,
+      client,
+      server
+    });
   },
 
   /**
    * Prompt the user to accept or decline the incoming connection. The default
    * implementation is used unless this is overridden on a particular
    * authenticator instance.
    *
    * It is expected that the implementation of |allowConnection| will show a
@@ -268,24 +277,41 @@ OOBCert.Server.prototype = {
    *            },
    *          },
    *          server: {
    *            host,
    *            port,
    *            cert: {
    *              sha256
    *            }
-   *          }
+   *          },
+   *          transport
    *        }
    * @return An AuthenticationResult value.
    *         A promise that will be resolved to the above is also allowed.
    */
-  authenticate(session) {
-    session.authentication = this.mode;
-    return this.allowConnection(session);
+  authenticate({ client, server, transport }) {
+    // Step B.3 / C.3
+    // TLS connection established, authentication begins
+    // TODO: Bug 1032128: Consult a list of persisted, approved clients
+    // Step B.4
+    // Server sees that ClientCert is from a unknown client
+    // Tell client they are unknown and should display OOB client UX
+    transport.send({
+      authResult: AuthenticationResult.PENDING
+    });
+
+    // Step B.5
+    // User is shown a Allow / Deny / Always Allow prompt on the Server
+    // with Client name and hash(ClientCert)
+    return this.allowConnection({
+      authentication: this.mode,
+      client,
+      server
+    });
   },
 
   /**
    * Prompt the user to accept or decline the incoming connection. The default
    * implementation is used unless this is overridden on a particular
    * authenticator instance.
    *
    * It is expected that the implementation of |allowConnection| will show a
--- a/toolkit/devtools/security/socket.js
+++ b/toolkit/devtools/security/socket.js
@@ -556,17 +556,18 @@ ServerSocketConnection.prototype = {
     }
 
     this._handshakeDeferred.resolve();
   },
 
   _authenticate: Task.async(function*() {
     let result = yield this._listener.authenticator.authenticate({
       client: this.client,
-      server: this.server
+      server: this.server,
+      transport: this._transport
     });
     switch (result) {
       case AuthenticationResult.DISABLE_ALL:
         DebuggerServer.closeAllListeners();
         Services.prefs.setBoolPref("devtools.debugger.remote-enabled", false);
         return promise.reject(Cr.NS_ERROR_CONNECTION_REFUSED);
       case AuthenticationResult.DENY:
         return promise.reject(Cr.NS_ERROR_CONNECTION_REFUSED);