Closed Bug 221329 Opened 21 years ago Closed 21 years ago

need to add nsIX509Cert::isPerm and nsIX509CertDB::addCert methods

Categories

(Core Graveyard :: Security: UI, defect)

Product:
Core Graveyard
Component:
Security: UI
Version:
Other Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: Bienvenu, Assigned: Bienvenu)

Details

Attachments

(1 file, 3 obsolete files)

patch addressing Nelson's comment
6.39 KB, patch
nelson
: review+
sspitzer
: superreview+
Details | Diff | Splinter Review 
For 4.x compatibility, we need to add nsIX509Cert::isPerm and
nsIX509CertDB::addCert methods so autoconfig js can add certs. Patch upcoming.
Attached patch proposed fix (obsolete) — Splinter Review 
proposed fix - this patch seems to work fine, at least for root certs.
this patch also contains the patch for bug 220816, although that fix is not
neccesary. It is, however, needed if GetRawDER is ever to be called from js,
because js expects the result to be copied. Please let me know if you'd rather I
removed those diffs from the patch.
Status: NEW → ASSIGNED
Comment on attachment 132707 [details] [diff] [review]
proposed fix

requesting reviews
Attachment #132707 - Flags: superreview?(scott)
Attachment #132707 - Flags: review?(MisterSSL)
cc'ing Kaie in case he has time to review this.
Comment on attachment 132707 [details] [diff] [review]
proposed fix

I emailed my comments directly to David.
Attachment #132707 - Flags: review?(MisterSSL) → review-
Attached patch fix addressing Nelson's comments (obsolete) — Splinter Review 
fix memory leak, clean up return value
Attachment #132707 - Attachment is obsolete: true
Attachment #132891 - Flags: review?(MisterSSL)
Comment on attachment 132891 [details] [diff] [review]
fix addressing Nelson's comments

I'm sorry, but both interfaces you are changing are marked @status frozen :-(

I assume we don't want to change frozen interfaces.
Attachment #132891 - Flags: review?(MisterSSL) → review-
well, cripes, that's really unfortunate. Excuse my ignorance - we've never
frozen any mailnews interfaces so I don't know the policy. I assume frozen means
frozen but it doesn't hurt to ask:

1. Does anyone care if these interfaces are frozen? Is there anyone out there
actually using them, or would we know if there were? If there were, would adding
new methods at the end break them?

2. I suppose my alternative is to create two new interfaces, one each with the
methods I need, and make the underlying objects implement those interfaces, and
QI for those interfaces. Or, roll my two methods into one new method on the new
interface nsIX509CertDB2:

 void addX509CertFromBase64(in string aBase64, in string aTrust, in string aName);

It would check if the cert already existed in the db, and if not, add it to the
db, and set the trust appropriately. 

Is that approach going to be acceptable?

thx, - David
Comment on attachment 132891 [details] [diff] [review]
fix addressing Nelson's comments

Random nits first:

>@@ -850,12 +850,24 @@
>     return NS_ERROR_NOT_AVAILABLE;
> 
>   if (mCert) {
>-    *aArray = (PRUint8 *)mCert->derCert.data;
>+    *aArray = (PRUint8 *) PR_Malloc(mCert->derCert.len);
>+    if (*aArray)
>+      memcpy(*aArray, (PRUint8 *)mCert->derCert.data, mCert->derCert.len);
>+    else
>+      return NS_ERROR_OUT_OF_MEMORY;
>     *aLength = mCert->derCert.len;
>     return NS_OK;

This control flow is arbitrarily overcomplicated -- why not return NS_ERROR_OOM
right away if (! *aArray)?  Then the memcpy is not overindented and separated
from the *aLength setting and return NS_OK.

>   }
>   *aLength = 0;
>   return NS_ERROR_FAILURE;

That nit suggests inverting the if (mCert) test to return NS_ERROR_FAILURE
early.	Also, why is *aLength zeroed only for this failure return, not for the
NS_ERROR_NOT_AVAILABLE in the first line of context?  Are any callers actually
counting on valid out params after a failed call?

>+}
>+
>+NS_IMETHODIMP
>+nsNSSCertificate::GetIsPerm(PRBool *aIsPerm)
>+{
>+  NS_ENSURE_ARG_POINTER(aIsPerm);
>+  *aIsPerm = (mCert) ? mCert->isperm : PR_FALSE;

  *aIsPerm = mCert && mCert->isperm;

is better than using ?:PR_FALSE.

Another nit, possibly a stupid question on my part: is isPerm the best name for
this attribute?  Should it be an readonly attribute, or an explicit method?

Unfortunately, FROZEN means "don't ever change this."  See bug 168452 for some
of the history leading up to the freeze.  It may be that no one actually uses
these frozen interfaces yet.  If that can be determined, adding at the end is
ok.  The trick will be determining that no one counts on this now.  I suspect
some embedders do, though perhaps not the original embedder driving the effort
in  bug 168452.

/be
this is the other approach, since the interfaces are frozen. I backed out the
getrawder changes because if we have embedders using that, their code will
start leaking, which takes care of the nits :-)
+  // need to calculate the trust bits from the aTrust string.
+  rv = CERT_DecodeTrustString(trust.GetTrust(), /* this is const, but not
declared that way */(char *) aTrust);
+  trust.SetValidCA();

what if CERT_DecodeTrustString returns an error?
I've moved things around so that we error out with a bad trust string, and also
added an error check for creating the x509 cert from base64.
Attachment #132891 - Attachment is obsolete: true
Comment on attachment 133266 [details] [diff] [review]
patch addressing Nelson's comment

requesting review for patch addressing Nelson's comments.
Attachment #133266 - Flags: review?(MisterSSL)
Comment on attachment 132964 [details] [diff] [review]
add a new interface to accomplish this

obsoleting old patch
Attachment #132964 - Attachment is obsolete: true
I realize everyone's very busy, but can any security module owner review the
last patch? It adds a new interface, so it can't break any existing clients...
Comment on attachment 133266 [details] [diff] [review]
patch addressing Nelson's comment

David,	
I looked over your patch and I believe it should do what you expect it to do
for users whose crypto software is not running in 'FIPS mode".	r=MisterSSL.  

My remaining concerns at this point are whether these interfaces, which are 
more-or-less modelled on the old C4.x ones, are right for modern mozilla.  
Old C4.x had one central cert DB.  Now, mozilla has potentially numerous 
PKCS11 crypto modules, including hardware and software modules.  The cert 
interfaces should be able to acccess (and store) certs into any module.  
The single central certDB paradigm allows access to only a limited subset 
of the underlying capability of modern mozilla.

In a perfect world, I'd say we should review all the existing mozilla 
crypto JS interfaces, and not create any more JS interfaces that would limit
the functionality (to the old paradigm), and instead devise new interfaces
that match mozilla's capabilities.  

OTOH, I think there will always be a software cert store, and having an
interface that can manipulate (only) that store is not necessarily a bad thing.
Attachment #133266 - Flags: review?(MisterSSL) → review+
Comment on attachment 133266 [details] [diff] [review]
patch addressing Nelson's comment

great, thx, Nelson.
Attachment #133266 - Flags: superreview?(scott)
Comment on attachment 133266 [details] [diff] [review]
patch addressing Nelson's comment

sr=sspitzer
Attachment #133266 - Flags: superreview?(scott) → superreview+
fixed, thx.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Comment on attachment 132707 [details] [diff] [review]
proposed fix

removing obsolete review request
Attachment #132707 - Flags: superreview?(scott)
Product: PSM → Core
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: