Bug 1342736 - Remove nsIX509CertDB.verifySignedManifestAsync(). r=mgoodwin
authorCykesiopka <cykesiopka.bmo@gmail.com>
Sun, 26 Feb 2017 20:25:36 +0800
changeset 394393 10479537baf6bdc5d7168c586a17067b757b1023
parent 394392 c865b539abeab0daaa42083088adeaf35f8458e2
child 394394 ec0a9237ed60be50601df0a0dfd33491d0ae24f3
push id1468
push userasasaki@mozilla.com
push dateMon, 05 Jun 2017 19:31:07 +0000
treeherdermozilla-release@0641fc6ee9d1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmgoodwin
bugs1342736, 1059216, 1196988
milestone54.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1342736 - Remove nsIX509CertDB.verifySignedManifestAsync(). r=mgoodwin verifySignedManifestAsync() was added in Bug 1059216 to support Trusted Hosted Apps. However, Bug 1196988 removed THA and no add-ons use this method, so there's no point in keeping it around. MozReview-Commit-ID: 6xBRxvRZfjh
security/apps/AppSignatureVerification.cpp
security/manager/ssl/nsIX509CertDB.idl
security/nss.symbols
--- a/security/apps/AppSignatureVerification.cpp
+++ b/security/apps/AppSignatureVerification.cpp
@@ -873,97 +873,16 @@ OpenSignedAppFile(AppTrustedRoot aTruste
       nsNSSCertificate::Create(signerCertNode->cert);
     NS_ENSURE_TRUE(signerCert, NS_ERROR_OUT_OF_MEMORY);
     signerCert.forget(aSignerCert);
   }
 
   return NS_OK;
 }
 
-nsresult
-VerifySignedManifest(AppTrustedRoot aTrustedRoot,
-                     nsIInputStream* aManifestStream,
-                     nsIInputStream* aSignatureStream,
-                     /*out, optional */ nsIX509Cert** aSignerCert)
-{
-  NS_ENSURE_ARG(aManifestStream);
-  NS_ENSURE_ARG(aSignatureStream);
-
-  if (aSignerCert) {
-    *aSignerCert = nullptr;
-  }
-
-  // Load signature file in buffer
-  ScopedAutoSECItem signatureBuffer;
-  nsresult rv = ReadStream(aSignatureStream, signatureBuffer);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-  signatureBuffer.type = siBuffer;
-
-  // Load manifest file in buffer
-  ScopedAutoSECItem manifestBuffer;
-  rv = ReadStream(aManifestStream, manifestBuffer);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  // Calculate SHA1 digest of the manifest buffer
-  Digest manifestCalculatedDigest;
-  rv = manifestCalculatedDigest.DigestBuf(SEC_OID_SHA1,
-                                          manifestBuffer.data,
-                                          manifestBuffer.len - 1); // buffer is null terminated
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
-  }
-
-  // Get base64 encoded string from manifest buffer digest
-  UniquePORTString
-    base64EncDigest(NSSBase64_EncodeItem(nullptr, nullptr, 0,
-                      const_cast<SECItem*>(&manifestCalculatedDigest.get())));
-  if (NS_WARN_IF(!base64EncDigest)) {
-    return NS_ERROR_OUT_OF_MEMORY;
-  }
-
-  // Calculate SHA1 digest of the base64 encoded string
-  Digest doubleDigest;
-  rv = doubleDigest.DigestBuf(SEC_OID_SHA1,
-                              BitwiseCast<uint8_t*, char*>(base64EncDigest.get()),
-                              strlen(base64EncDigest.get()));
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
-  }
-
-  // Verify the manifest signature (signed digest of the base64 encoded string)
-  UniqueCERTCertList builtChain;
-  rv = VerifySignature(aTrustedRoot, signatureBuffer,
-                       doubleDigest.get(), builtChain);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  // Return the signer's certificate to the reader if they want it.
-  if (aSignerCert) {
-    CERTCertListNode* signerCertNode = CERT_LIST_HEAD(builtChain);
-    if (!signerCertNode || CERT_LIST_END(signerCertNode, builtChain) ||
-        !signerCertNode->cert) {
-      return NS_ERROR_FAILURE;
-    }
-    nsCOMPtr<nsIX509Cert> signerCert =
-      nsNSSCertificate::Create(signerCertNode->cert);
-    if (NS_WARN_IF(!signerCert)) {
-      return NS_ERROR_OUT_OF_MEMORY;
-    }
-
-    signerCert.forget(aSignerCert);
-  }
-
-  return NS_OK;
-}
-
 class OpenSignedAppFileTask final : public CryptoTask
 {
 public:
   OpenSignedAppFileTask(AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
                         nsIOpenSignedAppFileCallback* aCallback)
     : mTrustedRoot(aTrustedRoot)
     , mJarFile(aJarFile)
     , mCallback(new nsMainThreadPtrHolder<nsIOpenSignedAppFileCallback>(aCallback))
@@ -989,85 +908,31 @@ private:
 
   const AppTrustedRoot mTrustedRoot;
   const nsCOMPtr<nsIFile> mJarFile;
   nsMainThreadPtrHandle<nsIOpenSignedAppFileCallback> mCallback;
   nsCOMPtr<nsIZipReader> mZipReader; // out
   nsCOMPtr<nsIX509Cert> mSignerCert; // out
 };
 
-class VerifySignedmanifestTask final : public CryptoTask
-{
-public:
-  VerifySignedmanifestTask(AppTrustedRoot aTrustedRoot,
-                           nsIInputStream* aManifestStream,
-                           nsIInputStream* aSignatureStream,
-                           nsIVerifySignedManifestCallback* aCallback)
-    : mTrustedRoot(aTrustedRoot)
-    , mManifestStream(aManifestStream)
-    , mSignatureStream(aSignatureStream)
-    , mCallback(
-      new nsMainThreadPtrHolder<nsIVerifySignedManifestCallback>(aCallback))
-  {
-  }
-
-private:
-  virtual nsresult CalculateResult() override
-  {
-    return VerifySignedManifest(mTrustedRoot, mManifestStream,
-                                mSignatureStream, getter_AddRefs(mSignerCert));
-  }
-
-  // nsNSSCertificate implements nsNSSShutdownObject, so there's nothing that
-  // needs to be released
-  virtual void ReleaseNSSResources() override { }
-
-  virtual void CallCallback(nsresult rv) override
-  {
-    (void) mCallback->VerifySignedManifestFinished(rv, mSignerCert);
-  }
-
-  const AppTrustedRoot mTrustedRoot;
-  const nsCOMPtr<nsIInputStream> mManifestStream;
-  const nsCOMPtr<nsIInputStream> mSignatureStream;
-  nsMainThreadPtrHandle<nsIVerifySignedManifestCallback> mCallback;
-  nsCOMPtr<nsIX509Cert> mSignerCert; // out
-};
-
 } // unnamed namespace
 
 NS_IMETHODIMP
 nsNSSCertificateDB::OpenSignedAppFileAsync(
   AppTrustedRoot aTrustedRoot, nsIFile* aJarFile,
   nsIOpenSignedAppFileCallback* aCallback)
 {
   NS_ENSURE_ARG_POINTER(aJarFile);
   NS_ENSURE_ARG_POINTER(aCallback);
   RefPtr<OpenSignedAppFileTask> task(new OpenSignedAppFileTask(aTrustedRoot,
                                                                aJarFile,
                                                                aCallback));
   return task->Dispatch("SignedJAR");
 }
 
-NS_IMETHODIMP
-nsNSSCertificateDB::VerifySignedManifestAsync(
-  AppTrustedRoot aTrustedRoot, nsIInputStream* aManifestStream,
-  nsIInputStream* aSignatureStream, nsIVerifySignedManifestCallback* aCallback)
-{
-  NS_ENSURE_ARG_POINTER(aManifestStream);
-  NS_ENSURE_ARG_POINTER(aSignatureStream);
-  NS_ENSURE_ARG_POINTER(aCallback);
-
-  RefPtr<VerifySignedmanifestTask> task(
-    new VerifySignedmanifestTask(aTrustedRoot, aManifestStream,
-                                 aSignatureStream, aCallback));
-  return task->Dispatch("SignedManifest");
-}
-
-
 //
 // Signature verification for archives unpacked into a file structure
 //
 
 // Finds the "*.rsa" signature file in the META-INF directory and returns
 // the name. It is an error if there are none or more than one .rsa file
 nsresult
 FindSignatureFilename(nsIFile* aMetaDir,
--- a/security/manager/ssl/nsIX509CertDB.idl
+++ b/security/manager/ssl/nsIX509CertDB.idl
@@ -30,23 +30,16 @@ interface nsIOpenSignedAppFileCallback :
 
 [scriptable, function, uuid(d5f97827-622a-488f-be08-d850432ac8ec)]
 interface nsIVerifySignedDirectoryCallback : nsISupports
 {
   void verifySignedDirectoryFinished(in nsresult rv,
                                      in nsIX509Cert aSignerCert);
 };
 
-[scriptable, function, uuid(3d6a9c87-5c5f-46fc-9410-96da6092f0f2)]
-interface nsIVerifySignedManifestCallback : nsISupports
-{
-  void verifySignedManifestFinished(in nsresult rv,
-                                    in nsIX509Cert aSignerCert);
-};
-
 /**
  * Callback type for use with asyncVerifyCertAtTime.
  * If aPRErrorCode is PRErrorCodeSuccess (i.e. 0), aVerifiedChain represents the
  * verified certificate chain determined by asyncVerifyCertAtTime. aHasEVPolicy
  * represents whether or not the end-entity certificate verified as EV.
  * If aPRErrorCode is non-zero, it represents the error encountered during
  * verification. aVerifiedChain is null in that case and aHasEVPolicy has no
  * meaning.
@@ -272,32 +265,16 @@ interface nsIX509CertDB : nsISupports {
    *  unpacked JAR are returned.
    *
    *  On failure, an error code is returned.
    */
   void verifySignedDirectoryAsync(in AppTrustedRoot trustedRoot,
                                   in nsIFile aUnpackedDir,
                                   in nsIVerifySignedDirectoryCallback callback);
 
-  /**
-   * Given streams containing a signature and a manifest file, verifies
-   * that the signature is valid for the manifest. The signature must
-   * come from a certificate that is trusted for code signing and that
-   * was issued by the given trusted root.
-   *
-   *  On success, NS_OK and the trusted certificate that signed the
-   *  Manifest are returned.
-   *
-   *  On failure, an error code is returned.
-   */
-  void verifySignedManifestAsync(in AppTrustedRoot trustedRoot,
-                                 in nsIInputStream aManifestStream,
-                                 in nsIInputStream aSignatureStream,
-                                 in nsIVerifySignedManifestCallback callback);
-
   /*
    * Add a cert to a cert DB from a binary string.
    *
    * @param certDER The raw DER encoding of a certificate.
    * @param trust String describing the trust settings to assign the
    *              certificate. Decoded by CERT_DecodeTrustString. Consists of 3
    *              comma separated sets of characters, indicating SSL, Email, and
    *              Object signing trust.
--- a/security/nss.symbols
+++ b/security/nss.symbols
@@ -176,17 +176,16 @@ HASH_Create
 HASH_Destroy
 HASH_End
 HASH_GetHashObject
 HASH_GetType
 HASH_HashBuf
 HASH_ResultLenByOidTag
 HASH_Update
 NSSBase64_DecodeBuffer
-NSSBase64_EncodeItem
 NSSBase64_EncodeItem_Util
 NSS_CMSContentInfo_GetContent
 NSS_CMSContentInfo_SetContent_Data
 NSS_CMSContentInfo_SetContent_EnvelopedData
 NSS_CMSContentInfo_SetContent_SignedData
 NSS_CMSDecoder_Cancel
 NSS_CMSDecoder_Finish
 NSS_CMSDecoder_Start