Bug 1342736 - Remove nsIX509CertDB.verifySignedManifestAsync(). r?mgoodwin draft
authorCykesiopka <cykesiopka.bmo@gmail.com>
Sun, 26 Feb 2017 20:25:36 +0800
changeset 489839 7a60c621c9fd2533c531137e5076c766610f6311
parent 489788 aededf5a3d389f03a89e33f5201bcd8f49ac8c51
child 547086 561c01ce4f37102e23ca8cf45d33c3091422a382
push id46912
push usercykesiopka.bmo@gmail.com
push dateSun, 26 Feb 2017 12:35:51 +0000
reviewersmgoodwin
bugs1342736, 1059216, 1196988
milestone54.0a1
Bug 1342736 - Remove nsIX509CertDB.verifySignedManifestAsync(). r?mgoodwin verifySignedManifestAsync() was added in Bug 1059216 to support Trusted Hosted Apps. However, Bug 1196988 removed THA and no add-ons use this method, so there's no point in keeping it around. MozReview-Commit-ID: 6xBRxvRZfjh
security/apps/AppSignatureVerification.cpp
security/manager/ssl/nsIX509CertDB.idl
security/nss.symbols
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -873,97 +873,16 @@ OpenSignedAppFile(AppTrustedRoot aTruste
       nsNSSCertificate::Create(signerCertNode->cert);
     NS_ENSURE_TRUE(signerCert, NS_ERROR_OUT_OF_MEMORY);
     signerCert.forget(aSignerCert);
   }
 
   return NS_OK;
 }
 
-nsresult
-VerifySignedManifest(AppTrustedRoot aTrustedRoot,
-                     nsIInputStream* aManifestStream,
-                     nsIInputStream* aSignatureStream,
-                     /*out, optional */ nsIX509Cert** aSignerCert)
-{
-  NS_ENSURE_ARG(aManifestStream);
-  NS_ENSURE_ARG(aSignatureStream);
-
-  if (aSignerCert) {
-    *aSignerCert = nullptr;
-  }
-
-  // Load signature file in buffer
-  ScopedAutoSECItem signatureBuffer;
-  nsresult rv = ReadStream(aSignatureStream, signatureBuffer);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  signatureBuffer.type = siBuffer;
-
-  // Load manifest file in buffer
-  ScopedAutoSECItem manifestBuffer;
-  rv = ReadStream(aManifestStream, manifestBuffer);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  // Calculate SHA1 digest of the manifest buffer
-  Digest manifestCalculatedDigest;
-  rv = manifestCalculatedDigest.DigestBuf(SEC_OID_SHA1,
-                                          manifestBuffer.data,
-                                          manifestBuffer.len - 1); // buffer is null terminated
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
-  }
-
-  // Get base64 encoded string from manifest buffer digest
-  UniquePORTString
-    base64EncDigest(NSSBase64_EncodeItem(nullptr, nullptr, 0,
-                      const_cast<SECItem*>(&manifestCalculatedDigest.get())));
-  if (NS_WARN_IF(!base64EncDigest)) {
-    return NS_ERROR_OUT_OF_MEMORY;
-  }
-
-  // Calculate SHA1 digest of the base64 encoded string
-  Digest doubleDigest;
-  rv = doubleDigest.DigestBuf(SEC_OID_SHA1,
-                              BitwiseCast<uint8_t*, char*>(base64EncDigest.get()),
-                              strlen(base64EncDigest.get()));
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
-  }
-
-  // Verify the manifest signature (signed digest of the base64 encoded string)
-  UniqueCERTCertList builtChain;
-  rv = VerifySignature(aTrustedRoot, signatureBuffer,
-                       doubleDigest.get(), builtChain);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  // Return the signer's certificate to the reader if they want it.
-  if (aSignerCert) {
-    CERTCertListNode* signerCertNode = CERT_LIST_HEAD(builtChain);
-    if (!signerCertNode || CERT_LIST_END(signerCertNode, builtChain) ||
-        !signerCertNode->cert) {
-      return NS_ERROR_FAILURE;
-    }
-    nsCOMPtr<nsIX509Cert> signerCert =
-      nsNSSCertificate::Create(signerCertNode->cert);
-    if (NS_WARN_IF(!signerCert)) {
-      return NS_ERROR_OUT_OF_MEMORY;
-    }
-
-    signerCert.forget(aSignerCert);
-  }
-
-  return NS_OK;
-}
-
 class OpenSignedAppFileTask final : public CryptoTask
 {
 public:
   OpenSignedAppFileTask(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
                         nsIOpenSignedAppFileCallback* aCallback)
     : mTrustedRoot(aTrustedRoot)
     , mJarFile(aJarFile)
     , mCallback(new nsMainThreadPtrHolder<nsIOpenSignedAppFileCallback>(aCallback))
@@ -989,85 +908,31 @@ private:
 
   const AppTrustedRoot mTrustedRoot;
   const nsCOMPtr<nsIFile> mJarFile;
   nsMainThreadPtrHandle<nsIOpenSignedAppFileCallback> mCallback;
   nsCOMPtr<nsIZipReader> mZipReader; // out
   nsCOMPtr<nsIX509Cert> mSignerCert; // out
 };
 
-class VerifySignedmanifestTask final : public CryptoTask
-{
-public:
-  VerifySignedmanifestTask(AppTrustedRoot aTrustedRoot,
-                           nsIInputStream* aManifestStream,
-                           nsIInputStream* aSignatureStream,
-                           nsIVerifySignedManifestCallback* aCallback)
-    : mTrustedRoot(aTrustedRoot)
-    , mManifestStream(aManifestStream)
-    , mSignatureStream(aSignatureStream)
-    , mCallback(
-      new nsMainThreadPtrHolder<nsIVerifySignedManifestCallback>(aCallback))
-  {
-  }
-
-private:
-  virtual nsresult CalculateResult() override
-  {
-    return VerifySignedManifest(mTrustedRoot, mManifestStream,
-                                mSignatureStream, getter_AddRefs(mSignerCert));
-  }
-
-  // nsNSSCertificate implements nsNSSShutdownObject, so there's nothing that
-  // needs to be released
-  virtual void ReleaseNSSResources() override { }
-
-  virtual void CallCallback(nsresult rv) override
-  {
-    (void) mCallback->VerifySignedManifestFinished(rv, mSignerCert);
-  }
-
-  const AppTrustedRoot mTrustedRoot;
-  const nsCOMPtr<nsIInputStream> mManifestStream;
-  const nsCOMPtr<nsIInputStream> mSignatureStream;
-  nsMainThreadPtrHandle<nsIVerifySignedManifestCallback> mCallback;
-  nsCOMPtr<nsIX509Cert> mSignerCert; // out
-};
-
 } // unnamed namespace
 
 NS_IMETHODIMP
 nsNSSCertificateDB::OpenSignedAppFileAsync(
   AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
   nsIOpenSignedAppFileCallback* aCallback)
 {
   NS_ENSURE_ARG_POINTER(aJarFile);
   NS_ENSURE_ARG_POINTER(aCallback);
   RefPtr<OpenSignedAppFileTask> task(new OpenSignedAppFileTask(aTrustedRoot,
                                                                aJarFile,
                                                                aCallback));
   return task->Dispatch("SignedJAR");
 }
 
-NS_IMETHODIMP
-nsNSSCertificateDB::VerifySignedManifestAsync(
-  AppTrustedRoot aTrustedRoot, nsIInputStream* aManifestStream,
-  nsIInputStream* aSignatureStream, nsIVerifySignedManifestCallback* aCallback)
-{
-  NS_ENSURE_ARG_POINTER(aManifestStream);
-  NS_ENSURE_ARG_POINTER(aSignatureStream);
-  NS_ENSURE_ARG_POINTER(aCallback);
-
-  RefPtr<VerifySignedmanifestTask> task(
-    new VerifySignedmanifestTask(aTrustedRoot, aManifestStream,
-                                 aSignatureStream, aCallback));
-  return task->Dispatch("SignedManifest");
-}
-
-
 //
 // Signature verification for archives unpacked into a file structure
 //
 
 // Finds the "*.rsa" signature file in the META-INF directory and returns
 // the name. It is an error if there are none or more than one .rsa file
 nsresult
 FindSignatureFilename(nsIFile* aMetaDir,
--- a/security/manager/ssl/nsIX509CertDB.idl
+++ b/security/manager/ssl/nsIX509CertDB.idl
@@ -30,23 +30,16 @@ interface nsIOpenSignedAppFileCallback :
 
 [scriptable, function, uuid(d5f97827-622a-488f-be08-d850432ac8ec)]
 interface nsIVerifySignedDirectoryCallback : nsISupports
 {
   void verifySignedDirectoryFinished(in nsresult rv,
                                      in nsIX509Cert aSignerCert);
 };
 
-[scriptable, function, uuid(3d6a9c87-5c5f-46fc-9410-96da6092f0f2)]
-interface nsIVerifySignedManifestCallback : nsISupports
-{
-  void verifySignedManifestFinished(in nsresult rv,
-                                    in nsIX509Cert aSignerCert);
-};
-
 /**
  * Callback type for use with asyncVerifyCertAtTime.
  * If aPRErrorCode is PRErrorCodeSuccess (i.e. 0), aVerifiedChain represents the
  * verified certificate chain determined by asyncVerifyCertAtTime. aHasEVPolicy
  * represents whether or not the end-entity certificate verified as EV.
  * If aPRErrorCode is non-zero, it represents the error encountered during
  * verification. aVerifiedChain is null in that case and aHasEVPolicy has no
  * meaning.
@@ -272,32 +265,16 @@ interface nsIX509CertDB : nsISupports {
    *  unpacked JAR are returned.
    *
    *  On failure, an error code is returned.
    */
   void verifySignedDirectoryAsync(in AppTrustedRoot trustedRoot,
                                   in nsIFile aUnpackedDir,
                                   in nsIVerifySignedDirectoryCallback callback);
 
-  /**
-   * Given streams containing a signature and a manifest file, verifies
-   * that the signature is valid for the manifest. The signature must
-   * come from a certificate that is trusted for code signing and that
-   * was issued by the given trusted root.
-   *
-   *  On success, NS_OK and the trusted certificate that signed the
-   *  Manifest are returned.
-   *
-   *  On failure, an error code is returned.
-   */
-  void verifySignedManifestAsync(in AppTrustedRoot trustedRoot,
-                                 in nsIInputStream aManifestStream,
-                                 in nsIInputStream aSignatureStream,
-                                 in nsIVerifySignedManifestCallback callback);
-
   /*
    * Add a cert to a cert DB from a binary string.
    *
    * @param certDER The raw DER encoding of a certificate.
    * @param trust String describing the trust settings to assign the
    *              certificate. Decoded by CERT_DecodeTrustString. Consists of 3
    *              comma separated sets of characters, indicating SSL, Email, and
    *              Object signing trust.
--- a/security/nss.symbols
+++ b/security/nss.symbols
@@ -176,17 +176,16 @@ HASH_Create
 HASH_Destroy
 HASH_End
 HASH_GetHashObject
 HASH_GetType
 HASH_HashBuf
 HASH_ResultLenByOidTag
 HASH_Update
 NSSBase64_DecodeBuffer
-NSSBase64_EncodeItem
 NSSBase64_EncodeItem_Util
 NSS_CMSContentInfo_GetContent
 NSS_CMSContentInfo_SetContent_Data
 NSS_CMSContentInfo_SetContent_EnvelopedData
 NSS_CMSContentInfo_SetContent_SignedData
 NSS_CMSDecoder_Cancel
 NSS_CMSDecoder_Finish
 NSS_CMSDecoder_Start