Bug 1493788 - move certificate/binary transparency implementation to its own directory r=jcj
authorDana Keeler <dkeeler@mozilla.com>
Mon, 01 Oct 2018 16:20:41 +0000
changeset 494779 fb3ddeeec773bdbccddb3fbc5e1c0324e1ab8c87
parent 494778 9a685b824b8862df011d96b6a246f7ff83fe5e67
child 494780 f1a361f8d51d87a77b18483020d3bc4d67b46d56
push id9984
push userffxbld-merge
push dateMon, 15 Oct 2018 21:07:35 +0000
treeherdermozilla-beta@183d27ea8570 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjcj
bugs1493788
milestone64.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1493788 - move certificate/binary transparency implementation to its own directory r=jcj Our current certificate transparency implementation (and the start of the binary transparency implementation) can almost be used by itself as a standalone library (for comparison, mozilla::pkix already has this property, as evidenced by the "Library('mozillapkix')" line in security/pkix/moz.build and the "'mozillapkix'" line in the USE_LIBS section of security/manager/ssl/tests/unit/tlsserver/cmd/moz.build). These changes make this code re-usable as a library so that we'll be able to use it in the updater to verify binary/certificate transparency information. This first patch simply moves the code to its own directory. Differential Revision: https://phabricator.services.mozilla.com/D6844
security/certverifier/BTInclusionProof.h
security/certverifier/BTVerifier.cpp
security/certverifier/BTVerifier.h
security/certverifier/Buffer.cpp
security/certverifier/Buffer.h
security/certverifier/CTDiversityPolicy.cpp
security/certverifier/CTDiversityPolicy.h
security/certverifier/CTKnownLogs.h
security/certverifier/CTLog.h
security/certverifier/CTLogVerifier.cpp
security/certverifier/CTLogVerifier.h
security/certverifier/CTObjectsExtractor.cpp
security/certverifier/CTObjectsExtractor.h
security/certverifier/CTPolicyEnforcer.cpp
security/certverifier/CTPolicyEnforcer.h
security/certverifier/CTSerialization.cpp
security/certverifier/CTSerialization.h
security/certverifier/CTUtils.h
security/certverifier/CTVerifyResult.cpp
security/certverifier/CTVerifyResult.h
security/certverifier/MultiLogCTVerifier.cpp
security/certverifier/MultiLogCTVerifier.h
security/certverifier/SignedCertificateTimestamp.cpp
security/certverifier/SignedCertificateTimestamp.h
security/certverifier/SignedTreeHead.h
security/certverifier/moz.build
security/certverifier/tests/gtest/BTSerializationTest.cpp
security/certverifier/tests/gtest/CTDiversityPolicyTest.cpp
security/certverifier/tests/gtest/CTLogVerifierTest.cpp
security/certverifier/tests/gtest/CTObjectsExtractorTest.cpp
security/certverifier/tests/gtest/CTPolicyEnforcerTest.cpp
security/certverifier/tests/gtest/CTSerializationTest.cpp
security/certverifier/tests/gtest/CTTestUtils.cpp
security/certverifier/tests/gtest/CTTestUtils.h
security/certverifier/tests/gtest/MultiLogCTVerifierTest.cpp
security/certverifier/tests/gtest/moz.build
security/ct/BTInclusionProof.h
security/ct/BTVerifier.cpp
security/ct/BTVerifier.h
security/ct/Buffer.cpp
security/ct/Buffer.h
security/ct/CTDiversityPolicy.cpp
security/ct/CTDiversityPolicy.h
security/ct/CTKnownLogs.h
security/ct/CTLog.h
security/ct/CTLogVerifier.cpp
security/ct/CTLogVerifier.h
security/ct/CTObjectsExtractor.cpp
security/ct/CTObjectsExtractor.h
security/ct/CTPolicyEnforcer.cpp
security/ct/CTPolicyEnforcer.h
security/ct/CTSerialization.cpp
security/ct/CTSerialization.h
security/ct/CTUtils.h
security/ct/CTVerifyResult.cpp
security/ct/CTVerifyResult.h
security/ct/MultiLogCTVerifier.cpp
security/ct/MultiLogCTVerifier.h
security/ct/SignedCertificateTimestamp.cpp
security/ct/SignedCertificateTimestamp.h
security/ct/SignedTreeHead.h
security/ct/moz.build
security/ct/tests/gtest/BTSerializationTest.cpp
security/ct/tests/gtest/CTDiversityPolicyTest.cpp
security/ct/tests/gtest/CTLogVerifierTest.cpp
security/ct/tests/gtest/CTObjectsExtractorTest.cpp
security/ct/tests/gtest/CTPolicyEnforcerTest.cpp
security/ct/tests/gtest/CTSerializationTest.cpp
security/ct/tests/gtest/CTTestUtils.cpp
security/ct/tests/gtest/CTTestUtils.h
security/ct/tests/gtest/MultiLogCTVerifierTest.cpp
security/ct/tests/gtest/moz.build
--- a/security/certverifier/moz.build
+++ b/security/certverifier/moz.build
@@ -4,58 +4,42 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 with Files("**"):
     BUG_COMPONENT = ("Core", "Security: PSM")
 
 EXPORTS += [
     'BRNameMatchingPolicy.h',
-    'BTInclusionProof.h',
-    'BTVerifier.h',
-    'Buffer.h',
     'CertVerifier.h',
-    'CTLog.h',
-    'CTPolicyEnforcer.h',
-    'CTVerifyResult.h',
     'OCSPCache.h',
-    'SignedCertificateTimestamp.h',
-    'SignedTreeHead.h',
 ]
 
 UNIFIED_SOURCES += [
     'BRNameMatchingPolicy.cpp',
-    'BTVerifier.cpp',
-    'Buffer.cpp',
     'CertVerifier.cpp',
-    'CTDiversityPolicy.cpp',
-    'CTLogVerifier.cpp',
-    'CTObjectsExtractor.cpp',
-    'CTPolicyEnforcer.cpp',
-    'CTSerialization.cpp',
-    'CTVerifyResult.cpp',
-    'MultiLogCTVerifier.cpp',
     'NSSCertDBTrustDomain.cpp',
     'OCSPCache.cpp',
     'OCSPVerificationTrustDomain.cpp',
-    'SignedCertificateTimestamp.cpp',
 ]
 
 if not CONFIG['NSS_NO_EV_CERTS']:
     UNIFIED_SOURCES += [
         'ExtendedValidation.cpp',
     ]
 
 LOCAL_INCLUDES += [
+    '/security/ct',
     '/security/manager/ssl',
     '/security/pkix/include',
     '/security/pkix/lib',
 ]
 
 DIRS += [
+    '../ct',
     '../pkix',
 ]
 
 TEST_DIRS += [
     'tests/gtest',
 ]
 
 if CONFIG['CC_TYPE'] == 'clang-cl':
--- a/security/certverifier/tests/gtest/moz.build
+++ b/security/certverifier/tests/gtest/moz.build
@@ -1,26 +1,16 @@
 # -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 SOURCES += [
-    'BTSerializationTest.cpp',
-    'CTDiversityPolicyTest.cpp',
-    'CTLogVerifierTest.cpp',
-    'CTObjectsExtractorTest.cpp',
-    'CTPolicyEnforcerTest.cpp',
-    'CTSerializationTest.cpp',
-    'CTTestUtils.cpp',
-    'MultiLogCTVerifierTest.cpp',
     'TrustOverrideTest.cpp',
 ]
 
 LOCAL_INCLUDES += [
     '/security/certverifier',
     '/security/manager/ssl',
-    '/security/pkix/include',
-    '/security/pkix/lib',
 ]
 
 FINAL_LIBRARY = 'xul-gtest'
rename from security/certverifier/BTInclusionProof.h
rename to security/ct/BTInclusionProof.h
rename from security/certverifier/BTVerifier.cpp
rename to security/ct/BTVerifier.cpp
rename from security/certverifier/BTVerifier.h
rename to security/ct/BTVerifier.h
rename from security/certverifier/Buffer.cpp
rename to security/ct/Buffer.cpp
rename from security/certverifier/Buffer.h
rename to security/ct/Buffer.h
rename from security/certverifier/CTDiversityPolicy.cpp
rename to security/ct/CTDiversityPolicy.cpp
rename from security/certverifier/CTDiversityPolicy.h
rename to security/ct/CTDiversityPolicy.h
rename from security/certverifier/CTKnownLogs.h
rename to security/ct/CTKnownLogs.h
rename from security/certverifier/CTLog.h
rename to security/ct/CTLog.h
rename from security/certverifier/CTLogVerifier.cpp
rename to security/ct/CTLogVerifier.cpp
rename from security/certverifier/CTLogVerifier.h
rename to security/ct/CTLogVerifier.h
rename from security/certverifier/CTObjectsExtractor.cpp
rename to security/ct/CTObjectsExtractor.cpp
rename from security/certverifier/CTObjectsExtractor.h
rename to security/ct/CTObjectsExtractor.h
rename from security/certverifier/CTPolicyEnforcer.cpp
rename to security/ct/CTPolicyEnforcer.cpp
rename from security/certverifier/CTPolicyEnforcer.h
rename to security/ct/CTPolicyEnforcer.h
rename from security/certverifier/CTSerialization.cpp
rename to security/ct/CTSerialization.cpp
rename from security/certverifier/CTSerialization.h
rename to security/ct/CTSerialization.h
rename from security/certverifier/CTUtils.h
rename to security/ct/CTUtils.h
--- a/security/certverifier/CTUtils.h
+++ b/security/ct/CTUtils.h
@@ -12,19 +12,20 @@
 
 namespace mozilla { namespace ct {
 
 // Reads a TLS-encoded variable length unsigned integer from |in|.
 // The integer is expected to be in big-endian order, which is used by TLS.
 // Note: checks if the output parameter overflows while reading.
 // |length| indicates the size (in bytes) of the serialized integer.
 template <size_t length, typename T>
-pkix::Result ReadUint(Reader& in, T& out);
+mozilla::pkix::Result ReadUint(mozilla::pkix::Reader& in, T& out);
 
 // Reads a length-prefixed variable amount of bytes from |in|, updating |out|
 // on success. |prefixLength| indicates the number of bytes needed to represent
 // the length.
 template <size_t prefixLength>
-pkix::Result ReadVariableBytes(Reader& in, Input& out);
+mozilla::pkix::Result ReadVariableBytes(mozilla::pkix::Reader& in,
+                                        mozilla::pkix::Input& out);
 
 } } // namespace mozilla::ct
 
 #endif //CTUtils_h
rename from security/certverifier/CTVerifyResult.cpp
rename to security/ct/CTVerifyResult.cpp
rename from security/certverifier/CTVerifyResult.h
rename to security/ct/CTVerifyResult.h
rename from security/certverifier/MultiLogCTVerifier.cpp
rename to security/ct/MultiLogCTVerifier.cpp
rename from security/certverifier/MultiLogCTVerifier.h
rename to security/ct/MultiLogCTVerifier.h
rename from security/certverifier/SignedCertificateTimestamp.cpp
rename to security/ct/SignedCertificateTimestamp.cpp
rename from security/certverifier/SignedCertificateTimestamp.h
rename to security/ct/SignedCertificateTimestamp.h
rename from security/certverifier/SignedTreeHead.h
rename to security/ct/SignedTreeHead.h
copy from security/certverifier/moz.build
copy to security/ct/moz.build
--- a/security/certverifier/moz.build
+++ b/security/ct/moz.build
@@ -3,54 +3,40 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 with Files("**"):
     BUG_COMPONENT = ("Core", "Security: PSM")
 
 EXPORTS += [
-    'BRNameMatchingPolicy.h',
     'BTInclusionProof.h',
     'BTVerifier.h',
     'Buffer.h',
-    'CertVerifier.h',
     'CTLog.h',
     'CTPolicyEnforcer.h',
     'CTVerifyResult.h',
-    'OCSPCache.h',
     'SignedCertificateTimestamp.h',
     'SignedTreeHead.h',
 ]
 
 UNIFIED_SOURCES += [
-    'BRNameMatchingPolicy.cpp',
     'BTVerifier.cpp',
     'Buffer.cpp',
-    'CertVerifier.cpp',
     'CTDiversityPolicy.cpp',
     'CTLogVerifier.cpp',
     'CTObjectsExtractor.cpp',
     'CTPolicyEnforcer.cpp',
     'CTSerialization.cpp',
     'CTVerifyResult.cpp',
     'MultiLogCTVerifier.cpp',
-    'NSSCertDBTrustDomain.cpp',
-    'OCSPCache.cpp',
-    'OCSPVerificationTrustDomain.cpp',
     'SignedCertificateTimestamp.cpp',
 ]
 
-if not CONFIG['NSS_NO_EV_CERTS']:
-    UNIFIED_SOURCES += [
-        'ExtendedValidation.cpp',
-    ]
-
 LOCAL_INCLUDES += [
-    '/security/manager/ssl',
     '/security/pkix/include',
     '/security/pkix/lib',
 ]
 
 DIRS += [
     '../pkix',
 ]
 
rename from security/certverifier/tests/gtest/BTSerializationTest.cpp
rename to security/ct/tests/gtest/BTSerializationTest.cpp
rename from security/certverifier/tests/gtest/CTDiversityPolicyTest.cpp
rename to security/ct/tests/gtest/CTDiversityPolicyTest.cpp
rename from security/certverifier/tests/gtest/CTLogVerifierTest.cpp
rename to security/ct/tests/gtest/CTLogVerifierTest.cpp
rename from security/certverifier/tests/gtest/CTObjectsExtractorTest.cpp
rename to security/ct/tests/gtest/CTObjectsExtractorTest.cpp
rename from security/certverifier/tests/gtest/CTPolicyEnforcerTest.cpp
rename to security/ct/tests/gtest/CTPolicyEnforcerTest.cpp
rename from security/certverifier/tests/gtest/CTSerializationTest.cpp
rename to security/ct/tests/gtest/CTSerializationTest.cpp
rename from security/certverifier/tests/gtest/CTTestUtils.cpp
rename to security/ct/tests/gtest/CTTestUtils.cpp
rename from security/certverifier/tests/gtest/CTTestUtils.h
rename to security/ct/tests/gtest/CTTestUtils.h
rename from security/certverifier/tests/gtest/MultiLogCTVerifierTest.cpp
rename to security/ct/tests/gtest/MultiLogCTVerifierTest.cpp
copy from security/certverifier/tests/gtest/moz.build
copy to security/ct/tests/gtest/moz.build
--- a/security/certverifier/tests/gtest/moz.build
+++ b/security/ct/tests/gtest/moz.build
@@ -8,19 +8,17 @@ SOURCES += [
     'BTSerializationTest.cpp',
     'CTDiversityPolicyTest.cpp',
     'CTLogVerifierTest.cpp',
     'CTObjectsExtractorTest.cpp',
     'CTPolicyEnforcerTest.cpp',
     'CTSerializationTest.cpp',
     'CTTestUtils.cpp',
     'MultiLogCTVerifierTest.cpp',
-    'TrustOverrideTest.cpp',
 ]
 
 LOCAL_INCLUDES += [
-    '/security/certverifier',
-    '/security/manager/ssl',
+    '../..',
     '/security/pkix/include',
     '/security/pkix/lib',
 ]
 
 FINAL_LIBRARY = 'xul-gtest'