Bug 1340486 - Remove duplication of code at nsHttpNegotiate/NTLMAuth::TestPref and MatchesBaseURI r=mayhemer
authorValentin Gosu <valentin.gosu@gmail.com>
Mon, 27 Feb 2017 17:57:59 +0100
changeset 374068 858477eb9953c6a6c8991c7b78c456e9f71f7c4c
parent 374067 9ff75c152be3b18e5f8750b7bb241f11ba3d52e4
child 374069 4966be4821bd6193221a323117bdaf8f7f28a39a
push id10863
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 23:02:23 +0000
treeherdermozilla-aurora@0931190cd725 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmayhemer
bugs1340486
milestone54.0a1
Bug 1340486 - Remove duplication of code at nsHttpNegotiate/NTLMAuth::TestPref and MatchesBaseURI r=mayhemer MozReview-Commit-ID: L8oS7TFnHJm
extensions/auth/nsHttpNegotiateAuth.cpp
extensions/auth/nsHttpNegotiateAuth.h
netwerk/protocol/http/HttpAuthUtils.cpp
netwerk/protocol/http/HttpAuthUtils.h
netwerk/protocol/http/moz.build
netwerk/protocol/http/nsHttpNTLMAuth.cpp
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -42,16 +42,17 @@
 #include "mozilla/Sprintf.h"
 #include "nsIChannel.h"
 #include "nsNetUtil.h"
 #include "nsThreadUtils.h"
 #include "nsIHttpAuthenticatorCallback.h"
 #include "mozilla/Mutex.h"
 #include "nsICancelable.h"
 #include "nsUnicharUtils.h"
+#include "mozilla/net/HttpAuthUtils.h"
 
 //-----------------------------------------------------------------------------
 
 static const char kNegotiate[] = "Negotiate";
 static const char kNegotiateAuthTrustedURIs[] = "network.negotiate-auth.trusted-uris";
 static const char kNegotiateAuthDelegationURIs[] = "network.negotiate-auth.delegation-uris";
 static const char kNegotiateAuthAllowProxies[] = "network.negotiate-auth.allow-proxies";
 static const char kNegotiateAuthAllowNonFqdn[] = "network.negotiate-auth.allow-non-fqdn";
@@ -159,23 +160,23 @@ nsHttpNegotiateAuth::ChallengeReceived(n
         authChannel->GetProxyInfo(getter_AddRefs(proxyInfo));
         NS_ENSURE_STATE(proxyInfo);
 
         proxyInfo->GetHost(service);
     }
     else {
         bool allowed = TestNotInPBMode(authChannel, isProxyAuth) &&
                        (TestNonFqdn(uri) ||
-                       TestPref(uri, kNegotiateAuthTrustedURIs));
+                       mozilla::net::auth::URIMatchesPrefPattern(uri, kNegotiateAuthTrustedURIs));
         if (!allowed) {
             LOG(("nsHttpNegotiateAuth::ChallengeReceived URI blocked\n"));
             return NS_ERROR_ABORT;
         }
 
-        bool delegation = TestPref(uri, kNegotiateAuthDelegationURIs);
+        bool delegation = mozilla::net::auth::URIMatchesPrefPattern(uri, kNegotiateAuthDelegationURIs);
         if (delegation) {
             LOG(("  using REQ_DELEGATE\n"));
             req_flags |= nsIAuthModule::REQ_DELEGATE;
         }
 
         rv = uri->GetAsciiHost(service);
         if (NS_FAILED(rv))
             return rv;
@@ -617,156 +618,8 @@ nsHttpNegotiateAuth::TestNonFqdn(nsIURI 
 
     if (NS_FAILED(uri->GetAsciiHost(host)))
         return false;
 
     // return true if host does not contain a dot and is not an ip address
     return !host.IsEmpty() && !host.Contains('.') &&
            PR_StringToNetAddr(host.BeginReading(), &addr) != PR_SUCCESS;
 }
-
-bool
-nsHttpNegotiateAuth::TestPref(nsIURI *uri, const char *pref)
-{
-    nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-    if (!prefs)
-        return false;
-
-    nsAutoCString scheme, host;
-    int32_t port;
-
-    if (NS_FAILED(uri->GetScheme(scheme)))
-        return false;
-    if (NS_FAILED(uri->GetAsciiHost(host)))
-        return false;
-
-    port = NS_GetRealPort(uri);
-    if (port == -1) {
-        return false;
-    }
-
-    char *hostList;
-    if (NS_FAILED(prefs->GetCharPref(pref, &hostList)) || !hostList)
-        return false;
-
-    struct FreePolicy { void operator()(void* p) { free(p); } };
-    mozilla::UniquePtr<char[], FreePolicy> hostListScope;
-    hostListScope.reset(hostList);
-
-    // pseudo-BNF
-    // ----------
-    //
-    // url-list       base-url ( base-url "," LWS )*
-    // base-url       ( scheme-part | host-part | scheme-part host-part )
-    // scheme-part    scheme "://"
-    // host-part      host [":" port]
-    //
-    // for example:
-    //   "https://, http://office.foo.com"
-    //
-
-    mozilla::Tokenizer t(hostList);
-    while (!t.CheckEOF()) {
-        t.SkipWhites();
-        nsDependentCSubstring url;
-        mozilla::Unused << t.ReadUntil(mozilla::Tokenizer::Token::Char(','), url);
-        if (url.IsEmpty()) {
-            continue;
-        }
-        if (MatchesBaseURI(scheme, host, port, url)) {
-            return true;
-        }
-    }
-
-    return false;
-}
-
-bool
-nsHttpNegotiateAuth::MatchesBaseURI(const nsCSubstring &matchScheme,
-                                    const nsCSubstring &matchHost,
-                                    int32_t             matchPort,
-                                    nsDependentCSubstring const& url)
-{
-  // check if scheme://host:port matches baseURI
-
-  // parse the base URI
-  mozilla::Tokenizer t(url);
-  mozilla::Tokenizer::Token token;
-
-  t.SkipWhites();
-
-  // We don't know if the url to check against starts with scheme
-  // or a host name.  Start recording here.
-  t.Record();
-
-  mozilla::Unused << t.Next(token);
-
-  // The ipv6 literals MUST be enclosed with [] in the preference.
-  bool ipv6 = false;
-  if (token.Equals(mozilla::Tokenizer::Token::Char('['))) {
-    nsDependentCSubstring ipv6BareLiteral;
-    if (!t.ReadUntil(mozilla::Tokenizer::Token::Char(']'), ipv6BareLiteral)) {
-      // Broken ipv6 literal
-      return false;
-    }
-
-    nsDependentCSubstring ipv6Literal;
-    t.Claim(ipv6Literal, mozilla::Tokenizer::INCLUDE_LAST);
-    if (!matchHost.Equals(ipv6Literal, nsCaseInsensitiveUTF8StringComparator()) &&
-        !matchHost.Equals(ipv6BareLiteral, nsCaseInsensitiveUTF8StringComparator())) {
-      return false;
-    }
-
-    ipv6 = true;
-  } else if (t.CheckChar(':') && t.CheckChar('/') && t.CheckChar('/')) {
-    if (!matchScheme.Equals(token.Fragment())) {
-      return false;
-    }
-    // Re-start recording the hostname from the point after scheme://.
-    t.Record();
-  }
-
-  while (t.Next(token)) {
-    bool eof = token.Equals(mozilla::Tokenizer::Token::EndOfFile());
-    bool port = token.Equals(mozilla::Tokenizer::Token::Char(':'));
-
-    if (eof || port) {
-      if (!ipv6) { // Match already performed above.
-        nsDependentCSubstring hostName;
-        t.Claim(hostName);
-
-        // An empty hostname means to accept everything for the schema
-        if (!hostName.IsEmpty()) {
-          if (hostName.First() == '.') {
-            if (!StringEndsWith(matchHost, hostName, nsCaseInsensitiveUTF8StringComparator())) {
-              return false;
-            }
-          } else { // host to match doesn't begin with '.', do a full compare
-            if (!matchHost.Equals(hostName, nsCaseInsensitiveUTF8StringComparator())) {
-              return false;
-            }
-          }
-        }
-      }
-
-      if (port) {
-        uint16_t portNumber;
-        if (!t.ReadInteger(&portNumber)) {
-          // Missing port number
-          return false;
-        }
-        if (matchPort != portNumber) {
-          return false;
-        }
-        if (!t.CheckEOF()) {
-          return false;
-        }
-      }
-    } else if (ipv6) {
-      // After an ipv6 literal there can only be EOF or :port.  Everything else
-      // must be treated as non-match/broken input.
-      return false;
-    }
-  }
-
-  // All negative checks has passed positively.
-  return true;
-}
--- a/extensions/auth/nsHttpNegotiateAuth.h
+++ b/extensions/auth/nsHttpNegotiateAuth.h
@@ -25,19 +25,12 @@ private:
     ~nsHttpNegotiateAuth() {}
 
     // returns the value of the given boolean pref
     bool TestBoolPref(const char *pref);
 
     // tests if the host part of an uri is fully qualified
     bool TestNonFqdn(nsIURI *uri);
 
-    // returns true if URI is accepted by the list of hosts in the pref
-    bool TestPref(nsIURI *, const char *pref);
-
-    bool MatchesBaseURI(const nsCSubstring &scheme,
-                        const nsCSubstring &host,
-                        int32_t             port,
-                        nsDependentCSubstring const& url);
     // Thread for GenerateCredentialsAsync
     RefPtr<mozilla::LazyIdleThread> mNegotiateThread;
 };
 #endif /* nsHttpNegotiateAuth_h__ */
new file mode 100644
--- /dev/null
+++ b/netwerk/protocol/http/HttpAuthUtils.cpp
@@ -0,0 +1,171 @@
+#include "mozilla/net/HttpAuthUtils.h"
+#include "mozilla/Tokenizer.h"
+#include "nsIPrefService.h"
+#include "nsIURI.h"
+#include "nsNetUtil.h"
+#include "nsUnicharUtils.h"
+
+namespace mozilla {
+namespace net {
+namespace auth {
+
+namespace detail {
+
+bool
+MatchesBaseURI(const nsCSubstring &matchScheme,
+               const nsCSubstring &matchHost,
+               int32_t             matchPort,
+               nsDependentCSubstring const& url)
+{
+  // check if scheme://host:port matches baseURI
+
+  // parse the base URI
+  mozilla::Tokenizer t(url);
+  mozilla::Tokenizer::Token token;
+
+  t.SkipWhites();
+
+  // We don't know if the url to check against starts with scheme
+  // or a host name.  Start recording here.
+  t.Record();
+
+  mozilla::Unused << t.Next(token);
+
+  // The ipv6 literals MUST be enclosed with [] in the preference.
+  bool ipv6 = false;
+  if (token.Equals(mozilla::Tokenizer::Token::Char('['))) {
+    nsDependentCSubstring ipv6BareLiteral;
+    if (!t.ReadUntil(mozilla::Tokenizer::Token::Char(']'), ipv6BareLiteral)) {
+      // Broken ipv6 literal
+      return false;
+    }
+
+    nsDependentCSubstring ipv6Literal;
+    t.Claim(ipv6Literal, mozilla::Tokenizer::INCLUDE_LAST);
+    if (!matchHost.Equals(ipv6Literal, nsCaseInsensitiveUTF8StringComparator()) &&
+        !matchHost.Equals(ipv6BareLiteral, nsCaseInsensitiveUTF8StringComparator())) {
+      return false;
+    }
+
+    ipv6 = true;
+  } else if (t.CheckChar(':') && t.CheckChar('/') && t.CheckChar('/')) {
+    if (!matchScheme.Equals(token.Fragment())) {
+      return false;
+    }
+    // Re-start recording the hostname from the point after scheme://.
+    t.Record();
+  }
+
+  while (t.Next(token)) {
+    bool eof = token.Equals(mozilla::Tokenizer::Token::EndOfFile());
+    bool port = token.Equals(mozilla::Tokenizer::Token::Char(':'));
+
+    if (eof || port) {
+      if (!ipv6) { // Match already performed above.
+        nsDependentCSubstring hostName;
+        t.Claim(hostName);
+
+        // An empty hostname means to accept everything for the schema
+        if (!hostName.IsEmpty()) {
+          if (hostName.First() == '.') {
+            if (!StringEndsWith(matchHost, hostName, nsCaseInsensitiveUTF8StringComparator())) {
+              return false;
+            }
+          } else { // host to match doesn't begin with '.', do a full compare
+            if (!matchHost.Equals(hostName, nsCaseInsensitiveUTF8StringComparator())) {
+              return false;
+            }
+          }
+        }
+      }
+
+      if (port) {
+        uint16_t portNumber;
+        if (!t.ReadInteger(&portNumber)) {
+          // Missing port number
+          return false;
+        }
+        if (matchPort != portNumber) {
+          return false;
+        }
+        if (!t.CheckEOF()) {
+          return false;
+        }
+      }
+    } else if (ipv6) {
+      // After an ipv6 literal there can only be EOF or :port.  Everything else
+      // must be treated as non-match/broken input.
+      return false;
+    }
+  }
+
+  // All negative checks has passed positively.
+  return true;
+}
+
+} // namespace detail
+
+
+bool
+URIMatchesPrefPattern(nsIURI *uri, const char *pref)
+{
+  nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+  if (!prefs) {
+    return false;
+  }
+
+  nsAutoCString scheme, host;
+  int32_t port;
+
+  if (NS_FAILED(uri->GetScheme(scheme))) {
+    return false;
+  }
+  if (NS_FAILED(uri->GetAsciiHost(host))) {
+    return false;
+  }
+
+  port = NS_GetRealPort(uri);
+  if (port == -1) {
+    return false;
+  }
+
+  char *hostList;
+  if (NS_FAILED(prefs->GetCharPref(pref, &hostList)) || !hostList) {
+    return false;
+  }
+
+  struct FreePolicy { void operator()(void* p) { free(p); } };
+  mozilla::UniquePtr<char[], FreePolicy> hostListScope;
+  hostListScope.reset(hostList);
+
+  // pseudo-BNF
+  // ----------
+  //
+  // url-list       base-url ( base-url "," LWS )*
+  // base-url       ( scheme-part | host-part | scheme-part host-part )
+  // scheme-part    scheme "://"
+  // host-part      host [":" port]
+  //
+  // for example:
+  //   "https://, http://office.foo.com"
+  //
+
+  mozilla::Tokenizer t(hostList);
+  while (!t.CheckEOF()) {
+    t.SkipWhites();
+    nsDependentCSubstring url;
+    mozilla::Unused << t.ReadUntil(mozilla::Tokenizer::Token::Char(','), url);
+    if (url.IsEmpty()) {
+      continue;
+    }
+    if (detail::MatchesBaseURI(scheme, host, port, url)) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+} // namespace auth
+} // namespace net
+} // namespace mozilla
new file mode 100644
--- /dev/null
+++ b/netwerk/protocol/http/HttpAuthUtils.h
@@ -0,0 +1,32 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef HttpAuthUtils_h__
+#define HttpAuthUtils_h__
+
+
+class nsIURI;
+
+namespace mozilla { namespace net { namespace auth {
+
+/* Tries to match the given URI against the value of a given pref
+ *
+ * The pref should be in pseudo-BNF format.
+ * url-list       base-url ( base-url "," LWS )*
+ * base-url       ( scheme-part | host-part | scheme-part host-part )
+ * scheme-part    scheme "://"
+ * host-part      host [":" port]
+ *
+ * for example:
+ *   "https://, http://office.foo.com"
+ *
+ * Will return true if the URI matches any of the patterns, or false otherwise.
+ */
+bool URIMatchesPrefPattern(nsIURI *uri, const char *pref);
+
+} // namespace auth
+} // namespace net
+} // namespace mozilla
+
+#endif // HttpAuthUtils_h__
--- a/netwerk/protocol/http/moz.build
+++ b/netwerk/protocol/http/moz.build
@@ -33,16 +33,17 @@ EXPORTS += [
     'nsHttpHeaderArray.h',
     'nsHttpRequestHead.h',
     'nsHttpResponseHead.h',
 ]
 
 EXPORTS.mozilla.net += [
     'AltDataOutputStreamChild.h',
     'AltDataOutputStreamParent.h',
+    'HttpAuthUtils.h',
     'HttpBaseChannel.h',
     'HttpChannelChild.h',
     'HttpChannelParent.h',
     'HttpInfo.h',
     'NullHttpChannel.h',
     'PHttpChannelParams.h',
     'PSpdyPush.h',
     'TimingStruct.h',
@@ -62,16 +63,17 @@ UNIFIED_SOURCES += [
     'AltDataOutputStreamParent.cpp',
     'CacheControlParser.cpp',
     'ConnectionDiagnostics.cpp',
     'HSTSPrimerListener.cpp',
     'Http2Compression.cpp',
     'Http2Push.cpp',
     'Http2Session.cpp',
     'Http2Stream.cpp',
+    'HttpAuthUtils.cpp',
     'HttpBaseChannel.cpp',
     'HttpChannelChild.cpp',
     'HttpChannelParent.cpp',
     'HttpChannelParentListener.cpp',
     'HttpInfo.cpp',
     'InterceptedChannel.cpp',
     'nsCORSListenerProxy.cpp',
     'nsHttp.cpp',
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -28,189 +28,41 @@
 #endif
 #include "mozilla/Attributes.h"
 #include "mozilla/Tokenizer.h"
 #include "mozilla/UniquePtr.h"
 #include "mozilla/Unused.h"
 #include "nsNetUtil.h"
 #include "nsIChannel.h"
 #include "nsUnicharUtils.h"
+#include "mozilla/net/HttpAuthUtils.h"
 
 namespace mozilla {
 namespace net {
 
 static const char kAllowProxies[] = "network.automatic-ntlm-auth.allow-proxies";
 static const char kAllowNonFqdn[] = "network.automatic-ntlm-auth.allow-non-fqdn";
 static const char kTrustedURIs[]  = "network.automatic-ntlm-auth.trusted-uris";
 static const char kForceGeneric[] = "network.auth.force-generic-ntlm";
 static const char kSSOinPBmode[] = "network.auth.private-browsing-sso";
 
-// XXX MatchesBaseURI and TestPref are duplicated in nsHttpNegotiateAuth.cpp,
-// but since that file lives in a separate library we cannot directly share it.
-// bug 236865 addresses this problem.
-
-static bool
-MatchesBaseURI(const nsCSubstring &matchScheme,
-               const nsCSubstring &matchHost,
-               int32_t             matchPort,
-               nsDependentCSubstring const& url)
-{
-  // check if scheme://host:port matches baseURI
-
-  // parse the base URI
-  mozilla::Tokenizer t(url);
-  mozilla::Tokenizer::Token token;
-
-  t.SkipWhites();
-
-  // We don't know if the url to check against starts with scheme
-  // or a host name.  Start recording here.
-  t.Record();
-
-  mozilla::Unused << t.Next(token);
-
-  // The ipv6 literals MUST be enclosed with [] in the preference.
-  bool ipv6 = false;
-  if (token.Equals(mozilla::Tokenizer::Token::Char('['))) {
-    nsDependentCSubstring ipv6BareLiteral;
-    if (!t.ReadUntil(mozilla::Tokenizer::Token::Char(']'), ipv6BareLiteral)) {
-      // Broken ipv6 literal
-      return false;
-    }
-
-    nsDependentCSubstring ipv6Literal;
-    t.Claim(ipv6Literal, mozilla::Tokenizer::INCLUDE_LAST);
-    if (!matchHost.Equals(ipv6Literal, nsCaseInsensitiveUTF8StringComparator()) &&
-        !matchHost.Equals(ipv6BareLiteral, nsCaseInsensitiveUTF8StringComparator())) {
-      return false;
-    }
-
-    ipv6 = true;
-  } else if (t.CheckChar(':') && t.CheckChar('/') && t.CheckChar('/')) {
-    if (!matchScheme.Equals(token.Fragment())) {
-      return false;
-    }
-    // Re-start recording the hostname from the point after scheme://.
-    t.Record();
-  }
-
-  while (t.Next(token)) {
-    bool eof = token.Equals(mozilla::Tokenizer::Token::EndOfFile());
-    bool port = token.Equals(mozilla::Tokenizer::Token::Char(':'));
-
-    if (eof || port) {
-      if (!ipv6) { // Match already performed above.
-        nsDependentCSubstring hostName;
-        t.Claim(hostName);
-
-        // An empty hostname means to accept everything for the schema
-        if (!hostName.IsEmpty()) {
-          if (hostName.First() == '.') {
-            if (!StringEndsWith(matchHost, hostName, nsCaseInsensitiveUTF8StringComparator())) {
-              return false;
-            }
-          } else { // host to match doesn't begin with '.', do a full compare
-            if (!matchHost.Equals(hostName, nsCaseInsensitiveUTF8StringComparator())) {
-              return false;
-            }
-          }
-        }
-      }
-
-      if (port) {
-        uint16_t portNumber;
-        if (!t.ReadInteger(&portNumber)) {
-          // Missing port number
-          return false;
-        }
-        if (matchPort != portNumber) {
-          return false;
-        }
-        if (!t.CheckEOF()) {
-          return false;
-        }
-      }
-    } else if (ipv6) {
-      // After an ipv6 literal there can only be EOF or :port.  Everything else
-      // must be treated as non-match/broken input.
-      return false;
-    }
-  }
-
-  // All negative checks has passed positively.
-  return true;
-}
-
 static bool
 IsNonFqdn(nsIURI *uri)
 {
     nsAutoCString host;
     PRNetAddr addr;
 
     if (NS_FAILED(uri->GetAsciiHost(host)))
         return false;
 
     // return true if host does not contain a dot and is not an ip address
     return !host.IsEmpty() && !host.Contains('.') &&
            PR_StringToNetAddr(host.BeginReading(), &addr) != PR_SUCCESS;
 }
 
-static bool
-TestPref(nsIURI *uri, const char *pref)
-{
-    nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
-    if (!prefs)
-        return false;
-
-    nsAutoCString scheme, host;
-    int32_t port;
-
-    if (NS_FAILED(uri->GetScheme(scheme)))
-        return false;
-    if (NS_FAILED(uri->GetAsciiHost(host)))
-        return false;
-    if (NS_FAILED(uri->GetPort(&port)))
-        return false;
-
-    char *hostList;
-    if (NS_FAILED(prefs->GetCharPref(pref, &hostList)) || !hostList)
-        return false;
-
-    struct FreePolicy { void operator()(void* p) { free(p); } };
-    mozilla::UniquePtr<char[], FreePolicy> hostListScope;
-    hostListScope.reset(hostList);
-
-    // pseudo-BNF
-    // ----------
-    //
-    // url-list       base-url ( base-url "," LWS )*
-    // base-url       ( scheme-part | host-part | scheme-part host-part )
-    // scheme-part    scheme "://"
-    // host-part      host [":" port]
-    //
-    // for example:
-    //   "https://, http://office.foo.com"
-    //
-
-    mozilla::Tokenizer t(hostList);
-    while (!t.CheckEOF()) {
-      t.SkipWhites();
-      nsDependentCSubstring url;
-      mozilla::Unused << t.ReadUntil(mozilla::Tokenizer::Token::Char(','), url);
-      if (url.IsEmpty()) {
-        continue;
-      }
-      if (MatchesBaseURI(scheme, host, port, url)) {
-        return true;
-      }
-    }
-
-    return false;
-}
-
 // Check to see if we should use our generic (internal) NTLM auth module.
 static bool
 ForceGenericNTLM()
 {
     nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
     if (!prefs)
         return false;
     bool flag = false;
@@ -269,17 +121,17 @@ CanUseDefaultCredentials(nsIHttpAuthenti
     bool allowNonFqdn;
     if (NS_FAILED(prefs->GetBoolPref(kAllowNonFqdn, &allowNonFqdn)))
         allowNonFqdn = false;
     if (allowNonFqdn && uri && IsNonFqdn(uri)) {
         LOG(("Host is non-fqdn, default credentials are allowed\n"));
         return true;
     }
 
-    bool isTrustedHost = (uri && TestPref(uri, kTrustedURIs));
+    bool isTrustedHost = (uri && auth::URIMatchesPrefPattern(uri, kTrustedURIs));
     LOG(("Default credentials allowed for host: %d\n", isTrustedHost));
     return isTrustedHost;
 }
 
 // Dummy class for session state object.  This class doesn't hold any data.
 // Instead we use its existence as a flag.  See ChallengeReceived.
 class nsNTLMSessionState final : public nsISupports
 {