Closed Bug 107840 Opened 23 years ago Closed 23 years ago

Need to enable automatic update for crls

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.2

People

(Reporter: rangansen, Assigned: rangansen)

References

Details

Attachments

(7 files, 9 obsolete files)

Edit prefs Dialog. Clicking OK saves the prefs.
17.96 KB, image/gif
Details
new CRL manager window. clicking advanced opens autoupdate prefs window. Update imports the CRL directly
30.75 KB, image/gif
Details
Error message when manual import [clicking of url, or update button on crl manager] fails
10.50 KB, image/gif
Details
Auto update prefs displays the error details - no of successive errors and details of last error
21.87 KB, image/gif
Details
updated version of CRL download window
16.48 KB, image/gif
Details
new patch -with Hewitt's and Darin's comments
85.02 KB, patch
Details | Diff | Splinter Review
Patch with <dialog> replacing <window> tag
85.23 KB, patch
hewitt
: superreview+
Details | Diff | Splinter Review 
Need to have automatic update capabilities for CRLs. It should be possible to
confogure a crl for automatic update, based on either next update date or a
certain frequency [e.g. every N days]
Status: NEW → ASSIGNED
Priority: -- → P1
Here is the basic overview of how automatic update of crls work :

When a crl is downloaded successfully for the first time, the import successful
dialog pops [attachment 56135 [details]]. Clicking OK opens the auto update prefs window
[attachment 56138 [details]]. Clicking cancel closes the 'download successful' window. 
Note: If the crl already exists, and this is just a update, the 'download
successful' window does not the display the 'Do you want to enable auto update'
question, and clicking OK would close the window. No cancel button is displayed
in the case.

On the crl manager window [attachment 56139 [details]], clicking advanced would open the
edit auto update prefs window, showing current prefs, if any. Clicking update
tries to import the crl directly, using the last fetched utl, and the behavoiur
is same as to when its being updated by clicking on an url.

Note on attchment 56135 : The CN for the issuer cert is not displayed here. In
fact, for such certs, I always found CN entry to be missing - not sure if its
because they are associated to org units rather than individuals etc.
Target Milestone: --- → 2.2
adding Terry Hayes to the cc list.
Version: unspecified → 2.1
*** Bug 91146 has been marked as a duplicate of this bug. ***
OK, here's the patch....

A point to note: URL for autodownload can either be the last fetched one, or the
one advertised by ca - the later being a crl extension. Right now, NSS does not
interpret crl extensions [bug# 110383], and crlentry object will have a null
entry for this field. However, the code is written in a way to handle advertised
url, if one is available - this would not cause any significant increase in the
code, and the application logic would not require change once we start getting
the advertised url. Only in pref-crlupdate, we are NOT displaying advertised url
in the menu, because, for now, selecting that would always display <Not Define>
in the url string textbox.
Attached patch patch (obsolete) — Splinter Review 

    
    

    
  
David, Javi, Kai .... Please review.
Keywords: patch

    
    

    
  


  

    
    

    
  
Stephane, I am not too sure if we would need it for these UIs, but it might be
very useful if someone from the ui team could comment on the UI [screenshots
attached] and especially on the alert/error messages. I am not very sure about
whom to cc for that purpose, either.

    
  
Keywords: review

    
    

    
  
Rangan, please attach a unified diff that you have created using "diff -u",
which shows the surrounding areas of the changed code. This makes reviewing much
easier. It also helps the patch program, because it can work correctly, even if
the original file was meanwhile changed by someone else. I will continue to
review the rest of your changes when you have attached the new patch.

But are here some first comments already.

I wonder if the buttons in attachment 56135 [details] should be yes/no instead?

You write:
"If the crl already exists, and this is just a update, the 'download
successful' window does not the display the 'Do you want to enable auto update'
question, and clicking OK would close the window. No cancel button is displayed
in the case."

I wonder why you want to make that exception? I'd say it is fine to ask again.
If you display that dialog each time anyway, the additional option in that
dialog does not hurt. This is especially true for people who upgrade to a newer
version of the browser. Those people might already have several CRLs. Asking the
questions always allows them to discover your new feature more easily.

I wonder whether this dialog should look a bit different, just an idea: Leave
the dialog mostly unchanged, but do not ask the question "Do you want to enable
automatic update?", but make this a checkbox instead, that says "Enable
automatic update for this CRL". If you are downloading a CRL that you already
have, the check box is set, depending on what the user decided before. If you
are downloading a new CRL, I'm not sure whether it should be on or off by
default. If you decide to implement it that way, please ask around what people
think.


Maybe you do that already, I have not looked: In automatic update mode, please
do not try to download, when the user has switched to offline mode. This
prevents showing an error message while offline. 


But now to code review:

- in crlImportDialog.js /.xul, can you rename the function openPrefs to doOK? We
would have to change that anyway when we work on the patch to use overlays for
dialog buttons instead.

- can you protect the line "crl=isupport.QueryInterface" with "if (isupport)" ?

- Instead of doing  if (str == "")   I suggest to test  if (str.length == 0)  or
even simpler  if (!str.length)
  This produces better code, because no temporary "" string must be produced at
runtime.
  
  And for simple checks like  if (val == true)   I suggest to just write  if (val)
  and for                     if (val == false)  you can use              if (!val)

- You use a string property named "undefined". I'd prefer if you used a name
that describes the purpose, to allow for better identification where this string
property is used.

- The strings autoupdateURLTypeString and autoupdateURLString are only used when
the updateEnabled preference is true.
  If you move the creation of those strings into the if block, the program will
run faster and use less memory, if update is disabled.

- In the crlImportDialog.js, you update the settings in the preferences in the
onLoad function.
  I think this is not optimal. For example, when an embedder decides to
re-implement the dialog without XUL, they have to re-implement the additional
functionality, too. I think the dialog should only display the information, and
return the user's decision. Instead, the code that automatically updates the
auto-update location should be in the code that downloads the certificate. Doing
it there would even put that logic into the C++ portions of the code, which will
make the code faster.



    
  

        Attachment #56135 -
        Attachment is obsolete: true

    
  

        Attachment #58042 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch - created with -u (obsolete)
        — Splinter Review
      

    


  

    
    

    
  
Kai, Here's the new patch - with the -u. PL note this does not have your review
comments in it - I will put in a patch with all the review comments  once you
are done with rest of the review.

Regarding the window, the present crl download window is actually attachment
58044 [details] - the older one with ok/cancel was replaced after the demo. In fact, I
should have made it obsolete, which I forgot to do. This window has yes/no.
About the checkbox - as we already discussed, if we put a checkbox, and user
downloads the new crl, checks the box, and hits yes/ok, we have to open the
prefs window, which is bit unusual behaviour for checkboxes ...

Right now, even if the user is offline, we still try to update his crl. This
would not display any poop up dialog, but increse his auto update error count.
Next time he opens the auto update prefs dialog, he would see a 'Network Error'
message. Of course the error messgeas for network errors need to be more fine
grained. Right now, all of them would show network error. BUT, If we do not try
at all, the user never knows that this crl is past its due auto update time, but
failed to get updated because he was offline. Anyway, if there is such a
failure, it would be attempted again when browser restarts.

The string prop undefined actually defines the string - undefined=<Not Defined>.
This is used if we have some prop val not available - eg, next update date, for
some crls ...

    
    

    
  
1)
I think one should be reluctant using try/catch blocks. For example, in
crlManager.js, in DeleteCrlSelected, you use two nested try/catch blocks. I
wonder what conditions make the outer block necessary. I would prefer to check
whether "i" has a valid value, i.e. there is something selected. If not, it
would make sense to just "return". When using that strategy, you have ensured
that i is a valid selection index, and the other calls should not fail, and the
try/cache block could be removed. One reasons why I don't like try/catch blocks,
that do nothing in the catch block: You have the risk that you don't recognize
when something goes wrong.

2)
You make a check whether GetBoolPref returns something "!= null". I'd rather not
check a bool value for != null. Just use "if (GetBoolPref())" which is the same
as "if (GetBoolPref() != false)".

3)
You are using getService(nsIPKIParamBlock). This is dangerous, as this says:
give me a pointer to an already allocated parameter block", which will give you
possibly a reference to some other open dialog's parameter block. And if you
modify it, you mess it up. You must use createInstance instead, to request a new
separate parameter block. In general, if you need to decide, whether you should
use getService, or createInstance, ask yourself: "Is there only only global
object for this interface, and I need to access functionality from it?". For
example, if you need the preferences service, there is only one, and you use
getService. But when you want to a private copy of an object, use createInstance.

4)
Whenever you query selectedIndex, you should test, whether you really received a
valid index. It is possible that a function is reached, although nothing was
selected at that time. You should only continue with your code if the selection
was valid.

5)
You have a method toggleSelectedTiming. I would suggest to find a different name
for it. When I read the code without knowing what the function does, I would
assume, it toggles, i.e. look what was the old setting, and switches to a
different setting. But this is not what the function does. I would avoid the
word toggle, maybe you could use something like updateSelectedTimingControls and
updateSelectedURLControls.

6)
Please ignore my previous request to not make preferences settings from the JS
code. I now think you are right in doing it that way.

7)
Typo: You wrote "non-negetive", but it should be "non-negative".

8)
Please remove the commented code from CrlImportStatusDialog.

9)
In pipnss.properties, you changed PrivateTokenDescription and InternalToken to
"Test Security Device". Is that what you want?

10)
In nsNSSCertificateDB::ImportCRL, after do_GetService, you removed the test
failure. If there is no good reason to remove it, I suggest to leave that check in.

11)
You have the statement "crlEntry = new nsCrlEntry(crl);", but you never free
crlEntry. This creates a leak. We must avoid that. Please make sure that you
delete it when no longer needed, i.e. "delete crlEntry;".
Please check all places where you use "new" to allocate an object, and ensure
you delete the objects.

12)
Something similar needs to be done for your statement "new
nsNSSCertificate(caCert)". After CrlImportStatusDialog returned, you must free
that variable. However, it is too dangerous to free it directly, because you
give that object to JavaScript. The dialog could run on a separate thread, and
JavaScript might still refer to the object when you return. Therefore, you must
use nsCOMPtr to do it correctly.
I suggest, instead of

  certDialogs->CrlImportStatusDialog(cxt, new nsNSSCertificate(caCert), crlEntry);

do

  nsCOMPtr<nsIX509Cert> x509cert = new nsNSSCertificate(caCert);
  certDialogs->CrlImportStatusDialog(cxt, x509cert, crlEntry);

The destructor of nsCOMPtr will decrement the reference count and delete the
object if already reached zero. If not, it will be free when JavaScript does no
longer reference the object.

13)
You have code "nsCString *... = new nsCString ...". You don't free that string
objects that you allocate on the heap. This will create another leak.
But you don't need to allocate the strings on the heap, I don't see that you
pass the string pointer a method. I think you can simply use a stack based auto
variable.
Instead of
  nsCString *updateErrCntPrefStr = new nsCString(CRL_AUTOUPDATE_ERRCNT_PREF);
just write
  nsCString updateErrCntPrefStr(CRL_AUTOUPDATE_ERRCNT_PREF);
And when you use 
  updateErrCntPrefStr->
just do
  updateErrCntPrefStr.

14)
Instead of
  dayCnt = (new nsCString((const char *)dayCntStr))->ToFloat(&errCode);
you can just write
  dayCnt = atof(dayCntStr);

15)
I see in several places that you treat the number of days setting as a float
value. Do you want that? Or should we use integers instead? In that case, you
could replace parseFloat with parseInt, and in 14) instead of atof use atol.

16)
NSS functions that return you a string buffer, like CERT_GetOrgUnitName,
transfer ownership over that buffer to you. You are responsible to free that
buffer when you no longer need it, or we have a leak. Use PORT_Free to free
pointers you received from NSS. I don't if there is a general rule, which
function must be used to free objects, I saw PORT_Free is used in some other
places. In doubt please ask Bob Relyea for advice.

16)
Suggestion: I prefer to have checks for success, i.e. whether we actually
received a non-zero pointer, when do_GetService or do_CreateInstance was called.
I also prefer, when a function receives a pointer as an argument, the function
should check whether the pointer is non-zero.

16)
In UpdateCRLFromURL, you do

	if(NS_FAILED(rv))
	    *res = NS_ERROR_FAILURE;
	else
	    *res = NS_OK;

	return rv;

But parameter res is of type PRBool. Note that this type is not designed to
store error codes, it should only be used to store true or false. It depends
what you want to see in PRBool. But I assume you want to see the answer to the
question "was the operation successful?". In that case you would write:

	if(NS_FAILED(rv))
	    *res = PR_FALSE;
	else
	    *res = PR_TRUE;

	return rv;

But being even more specific, you could do something completely different. You
function has two return values. the real return code, which is of type nsresult,
and is what you give back in the return statement. You can see in the IDL
definition, that this type is not included in what you defined. It is used
internally by XPCom. For example, if that function is called from JavaScript,
the environment will not give this nsresult code to your JavaScript code, but
the JavaScript engine checks for this return code. If it sees anything else but
NS_OK, an exception is triggered, and that is why you we sometimes use try/catch
blocks. In normal conditions, your function should return NS_OK. You should
return a failure when you detect an error, for example, when do_GetService gave
you a null pointer. In the boolean result code, just return the result code of
your own action, i.e. either true or false.

17)
I don't like the method name nsNSSComponent::DownloadFromURL. The method is in a
very general class, and the name should indicate that you are downlading a CRL,
because the method behaviour is fixed to that.

18)
In the same method, I suggest you avoid the two casts. Instead of
	nsIStreamListener *psmDownloader = new
PSMContentDownloader(PSMContentDownloader::PKCS7_CRL);
	((PSMContentDownloader *)psmDownloader)->setSilentDownload(PR_TRUE);
	((PSMContentDownloader *)psmDownloader)->setCrlAutodownloadKey(mCrlUpdateKey);
use
	PSMContentDownloader *psmDownloader = new
PSMContentDownloader(PSMContentDownloader::PKCS7_CRL);
	psmDownloader->setSilentDownload(PR_TRUE);
	psmDownloader->setCrlAutodownloadKey(mCrlUpdateKey);
The other code in the method will still work.

18)
In nsNSSComponent.h, please remove the //void Notify

19)
To prevent memory corruption, and to enhance problem detection, you should add
code to the constructor of nsNSSComponent, that inits crlsScheduledForDownload
with nsnull.

20)
Please delete crlsScheduledForDownload.

21)
We must make sure that the crlsScheduledForDownload and all timers are deleted
when we receive the event that the user profile switches.

22)
Please remove the debug printf from nsNSSComponent::InitializeNSS.
One hint: This method already contains some debug statement. In your
environment, define NSPR_LOG_MODULES="pipnss:5" and you will see that trace
messages.

23)
Please remove the commented old PSMContentDownloader from nsNSSComponent.cpp.

24)
Suggestion: Wherever you add a "to do" comment, you could add the text "XXX".
This is some kind of convention to mark places in the source where more work is
needed.

    
    

    
  
Kai, Here's the new patch. Most of your concerns are addressed, except :

#1. I have compacted the two nested try's into one. But, here we cannot 
eliminate the nested try blocks completely. Get..Pref(..) would throw an 
exception if the pref is not available/malformed, and so does clearUserPref(..). 
But, we do not want delete to fail if there is no prefs defined for the crl 
[Note that the prefs.js would not have any prefs for a crl that was never 
activated for autoupdate.] The outer block would handle in case there is some 
error in actually deleting the crl, etc..

#11. Rather that delet in the crlEntry object, I am using nsCOMPtr<nsICrlEntry> 
here as well...this is being passed to js

#12. new nsNSSCertificate(caCert) was actually redundant - for this was not 
being used anywhere is the importcrl dialog. Removed it completely.

#15. This was intentional - the idea was to allow the user to have maximum 
flexibility to define crl update timing/freq.

#16. Null pointer check - In general, I agree. But in some cases, like reading 
the download url from the prefs and importing the crl - where getting a 
null/blank url etc, would might imply some serius trouble with the prefs data, 
and the user should be informed about the error when the opens his seting window 
- it might be useful to rather let the null pointer error travel upto the actual 
error handler, rather than checking it right at the beginning, for in  that 
case, we either need to invoke error handling code at that point, or just return 
from the function with an error. It these cases it might be an elegent solution 
to invoke the downloader, get a invalid url error, and update the error string. 
Also, in some cases, some functions are tightly coupled, and meant to be invoked 
in a certain sequence, which itsely guarantees that a null pointer would not be 
passed in - in such cases a check would be redundant.    

#20+21: Reseting and deleting hashtable in destructor. Refering to yesterdays 
discussion on IRC, for the nsHashtable, using Reset would probably do the job, 
and enumeration will not be required, as in PL_Hashtable. That's the way I found 
it being used in many places in mozilla - I guess it because the keys in this 
case has to be nsHashKey object ... I am not too sure about the reason, though 
...but looks like it works ok..

Patch Follows ....

    
  

        Attachment #58778 -
        Attachment is obsolete: true

    
  

        Attachment #60049 -
        Attachment description: updated patch → updated patch - sorry, wrong patch uploaded accidentally

        Attachment #60049 -
        Attachment is obsolete: true

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Correct one this time (obsolete)
        — Splinter Review
      

    


  

    
  

        Attachment #59798 -
        Attachment is obsolete: true

    
    

    
  
In StopCRLUpdateTimer, please cancel and delete the timer first, before you
delete the scheduled CRLs, in order to prevent possible crashes.

After
  delete crlsScheduledForDownload;
please add
  crlsScheduledForDownload = nsnull;
This prevents the possibility that the invalid pointer could be used or deleted
again.

You need to init mTimer to nsnull in the constructor to prevent crashes.
Especially as you check for !mTimer in DefineNextTimer, where no check for
mUpdateTimerInitialized is made. Note that in C++ you can not rely on variables
to be initialized to zero. You always need to do it yourself.

Please clean up the spacing and remove all "hard tabs" from your changes. Please
configure your editor to not use hard tabs, but to emulate tabs using spaces.
Set tabs to 2 spaces. When in doubt you can look at the first line of source
files, which is the "mode line", which is present in many files and tell you the
tab modes within that file.

Please do the above, and you have r=kaie.


    
    

    
  


  

    
    

    
  
Comment on attachment 60194 [details] [diff] [review]
update patch - with kaie's latest comments

Just note that in nsNSSComponent::~ you still delete the crls first, but you
should cancel the timer first. Thanks.

        Attachment #60194 -
        Flags: review+

    
    

    
  
Comment on attachment 60194 [details] [diff] [review]
update patch - with kaie's latest comments

i haven't looked at any of the JS/XUL/DTD code changes... you'll want to get
an sr= from someone more knowledgeable in that area.



>Index: pki/src/nsNSSDialogs.cpp

>+NS_IMETHODIMP 
>+nsNSSDialogs::CrlImportStatusDialog(nsIInterfaceRequestor *ctx, nsICrlEntry *crl)
>+{

>+}
>+
>+
>+

extra spaces ok?



>Index: ssl/public/nsINSSDialogs.idl

>Index: ssl/public/nsIX509CertDB.idl

>+  /*
>+   * update crl from url
>+   * update an existing crl from the last fteched url. Needed for the update
>+   * button in crl manager
>+   */
>+  boolean updateCRLFromURL(in wstring url, in wstring key);

typo "fteched"



>Index: ssl/resources/locale/en-US/pipnss.properties

>Index: ssl/src/Makefile.in

> 		  content \
> 		  pippki \
> 		  xpconnect \
>+             timer \
> 		  jar \
> 		  unicharutil \
>                   pipboot \

fix indentation.


>Index: ssl/src/makefile.win

> 		jar \
> 		layout_xul \
> 		gfx \
>+           timer \
> 		unicharutil \
>                 pipboot \
> 		$(NULL)

here as well.


>Index: ssl/src/nsNSSCertificate.cpp

>+      if(importSuccessful){

these should probably be nsCAutoString's instead.

>+          nsCString updateTypePrefStr(CRL_AUTOUPDATE_TIMIINGTYPE_PREF);
>+          nsCString updateTimePrefStr(CRL_AUTOUPDATE_TIME_PREF);
>+          nsCString updateUrlPrefStr(CRL_AUTOUPDATE_URL_PREF);
>+          nsCString updateUrlTypePrefStr(CRL_AUTOUPDATE_URLTYPE_PREF);
>+          nsCString updateDayCntPrefStr(CRL_AUTOUPDATE_DAYCNT_PREF);
>+          nsCString updateFreqCntPrefStr(CRL_AUTOUPDATE_FREQCNT_PREF);


>+      } else{

these should also be nsCAutoString's instead.

>+          nsCString errMsg;
>+          nsCString updateErrDetailPrefStr(CRL_AUTOUPDATE_ERRDETAIL_PREF);


>+	//Now, a basic constraing is that the next auto update date can never be after
>+	//next update, if one is defined
>+	if(LL_CMP(mNextUpdate , > , 0 )) {
>+       if(LL_CMP(tempTime , > , mNextUpdate)) {
>+          tempTime = mNextUpdate;
>+       }
>+    }

indentation problems.


>+
>+	nsAutoString nextAutoUpdateDate;
>+	nsString tempBuf;

how about make |tempBuf| a nsAutoString?  actually, what is the point of
|tempBuf|?


>+	PRExplodedTime explodedTime;
>+	nsresult rv;
>+	nsCOMPtr<nsIDateTimeFormat> dateFormatter = do_CreateInstance(kDateTimeFormatCID, &rv);
>+	if (NS_FAILED(rv))
>+		return rv;
>+	PR_ExplodeTime(tempTime, PR_GMTParameters, &explodedTime);
>+	dateFormatter->FormatPRExplodedTime(nsnull, kDateFormatShort, kTimeFormatSeconds,
>+                                      &explodedTime, nextAutoUpdateDate);
>+	tempBuf.Assign(nextAutoUpdateDate.get());
>+	*nextAutoUpdate = ToNewUnicode(nextAutoUpdateDate);
>+
>+	return NS_OK;
>+}


>+NS_IMETHODIMP 
>+nsNSSCertificateDB::UpdateCRLFromURL( const PRUnichar *url, const PRUnichar* key, PRBool *res)
>+{
>+    nsresult rv;
>+    nsString downloadUrl(url);
>+    nsString dbKey(key);

nsAutoString?  do you really need to copy the input string?  if not, then
consider using
nsDependentString to reference |url| and |key|.


>+    nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
>+	if(NS_FAILED(rv)){
>+	   *res = PR_FALSE;
>+	   return rv;
>+	}
>+
>+    rv = nssComponent->DownloadCRLDirectly(downloadUrl, dbKey);
>+	if(NS_FAILED(rv)){
>+	   *res = PR_FALSE;
>+	} else {
>+	   *res = PR_TRUE;
>+	}
>+    return NS_OK;
>+
>+}

indentation problems.


>+NS_IMETHODIMP 
>+nsNSSCertificateDB::RescheduleCRLAutoUpdate(void)
>+{
>+	nsresult rv;
>+	nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
>+	if(NS_FAILED(rv)){
>+	   return rv;
>+	}
>+	rv = nssComponent->DefineNextTimer();
>+	return rv;
>+
>+}

indentation/whitespace problems.


>Index: ssl/src/nsNSSCertificate.h

>Index: ssl/src/nsNSSComponent.cpp

>@@ -198,6 +219,24 @@
> {
>   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor\n"));
> 
>+  if(mUpdateTimerInitialized == PR_TRUE){
>+     if(crlsScheduledForDownload != nsnull){
>+	   crlsScheduledForDownload->Enumerate(crlHashTable_clearEntry);
>+        crlsScheduledForDownload->Reset();
>+        delete crlsScheduledForDownload;
>+	 }
>+
>+     PR_Lock(mCrlTimerLock);
>+	 if(crlDownloadTimerOn == PR_TRUE){
>+		mTimer->Cancel();
>+	 }
>+	 crlDownloadTimerOn = PR_FALSE;
>+	 PR_Unlock(mCrlTimerLock);
>+	 PR_DestroyLock(mCrlTimerLock);
>+
>+	 mUpdateTimerInitialized = PR_FALSE;
>+  }

indentation/whitespace problems.


>+nsresult
>+nsNSSComponent::DownloadCRLDirectly(nsString url, nsString key)
>+{
>+	//This api is meant to support dierct interactive update of crl from the crl manager
>+	//or other such ui and potentially would be called from a different context. So, we

>+	rv = NS_OpenURI(psmDownloader, nsnull, pURL);
>+	return rv;
>+
>+}

indented too much?  all of these functions seem to have inconsistent
indentation:

>+nsresult nsNSSComponent::DownloadCrlSilently()

>+nsresult nsNSSComponent::getParamsForNextCrlToDownload(nsString *url, PRTime *time, nsString *key)

>+void nsNSSComponent::Notify(nsITimer *timer)

>+nsNSSComponent::RemoveCrlFromList(nsString key)

>+nsNSSComponent::DefineNextTimer()

>+nsNSSComponent::StopCRLUpdateTimer()

>+nsNSSComponent::InitializeCRLUpdateTimer()




>@@ -1040,6 +1372,8 @@
>       }
>     }
>     
>+	StopCRLUpdateTimer();
>+

indentation?

>+
>+	InitializeCRLUpdateTimer();

>   : mByteData(nsnull),
>-    mType(type)
>+    mType(type),
>+	mDoSilentDownload(PR_FALSE)

indentation?


summary: lot's of indentation/whitespace problems... i don't think we should be
checking in code like this.  please revise.

        Attachment #60194 -
        Flags: needs-work+

    
    

    
  
Darin : Here's the new patch. Following things have been fixed:

1. The indentation/tab problem - Somehow I was messing this up everytime... but 
I trust I have got it completely fixed this time. Sorry about the mess

2. "how about make |tempBuf| a nsAutoString?  actually, what is the point of
   |tempBuf|?" - tempBuf was actually redundant - removed

3. Auto versions have been used in place of nsString and nsCString excluding the 
places the follwoing places: 

A.
>+NS_IMETHODIMP 
>+nsNSSCertificateDB::UpdateCRLFromURL( const PRUnichar *url, const PRUnichar* 
key, PRBool *res)
>+{
>+    nsresult rv;
>+    nsString downloadUrl(url);
>+    nsString dbKey(key);

nsAutoString?  do you really need to copy the input string?  if not, then
consider using nsDependentString to reference |url| and |key|.

This function is meant to be called from js, potentially on a diff thread. And 
call to UpdateCRLFromURL finally starts off an asynchronous download [which also 
would be on a diff thread] using the url. Thats the reason why copy was used in 
both this case, as well as DownloadCRLDirectly and DownloadCrlSilently methods 
in NSSComponent. 

B. nsString is used when readinging String props ... a ref is passed.

C. The mDownloadURL and mCrlUpdateKey properties in NSSComponent class.

Kaie: Your latest comment [seqence of deleting hashtable entries and 
canceling the timer] has been incorporated in this update

    
    

    
  

      
      
      
      

        Attached patch
          
          
        updated patch (obsolete)
        — Splinter Review
      

    


  

    
    

    
  
CC-ing Joe for sr= on the xul/js part

    
  

        Attachment #60050 -
        Attachment is obsolete: true

    
  

        Attachment #60194 -
        Attachment is obsolete: true

    
    

    
  
rangan: regarding point A .. if you need to make a copy of a string, prefer
nsAutoString over nsString.  nsAutoString can be used anywhere a nsString can be
used, but assignment into a nsAutoString is often much much cheaper.  there
shouldn't be any difference from a threading point-of-view.

    
    

    
  
Comment on attachment 60263 [details] [diff] [review]
updated patch

>+nsresult nsNSSComponent::DownloadCrlSilently()
>+{
>+  nsresult rv;
>+  nsIURI *pURL;
>+  PRTime now = PR_Now();

|now| is never used.


>+  //Check if the download succeeded - it might have failed due to
>+  //network issues, etc.
>+  if (NS_FAILED(aStatus)){
>+	  handleContentDownloadError(aStatus);
>+	  return aStatus;
>+  }

indentation nit ;)

    
    

    
  
It says that nsAutoString allocates memmory for the buff from stack. So, in 
cases as these, where we would be invoking functions potentially on a diff 
thread, is it not unsafe to use nsAutoString?

    
    

    
  
I was not very specific about the last question - let me rephrase it -
Before I invoke NS_OpenURI, I create the nsIURI obj with NS_NewURI, and I pass 
in a nsCString here rather than the nsCAutoString. Now, since for nsCautoString, 
the buff is assigned from the stack and I am basically starting off an 
asynchronous d/l, potentially on a diff thread, would it not be unsafe if I had 
actually used nsCAutoString in this case?

Rest of the places [excluding B] I agree I should be using nsCAutoString.

    
    

    
  
first of all: each thread has its own unique stack, so it wouldn't matter if you
allocated memory on the stack or in the heap.

secondly: you should not be calling NS_OpenURI from a thread other than the UI
thread.  necko is not thread safe.

    
    

    
  
* In many places you are setting value, disabled, and hidden as attributes. Set
them as jsproperties instead.

* In pref-crlupdate.xul you should be using the dialog tag, not rolling your own
dialog buttons. 



    
    

    
  
in the new patch, pref-crlupdate.xul is still not using the dialog tag.  You
should really convert it, you can make your xul file a little bit leaner
(Removing those ok/cancel/help buttons) and get keyboard enter/escape handling
for free.

    
    

    
  
Comment on attachment 60407 [details] [diff] [review]
new patch -with Hewitt's and Darin's comments

sr=darin (on the C++ and .idl changes)

    
    

    
  

      
      
      
      

        Attached patch
          
          
        update - with hewitts comments. (obsolete)
        — Splinter Review
      

    


  
Joe: dialog class is used this time - in fact for both the new xul files -
pref-crlupdate.xul and crlImportDialog.xul. As for seplacing setAttributes by
js properties, it has been replaced in all cases but two - 
1. for text Elements - using var.value does not seem to work - I have seen this
in a few other cases [bug# 1090722, for example]- possibly a xul bug.
2. The same thing for menu labels.
In other cases, properties are directly used.

    
    

    
  
Sorry, typo that Bug #109072

    
    

    
  
Actually, that's the reverse problem - in that case, using setAttribute did not 
work, but .value did, but here I find the using .value does not work, and 
setAttribute does - that's rather weired...

    
    

    
  
Rangan, I am asking you to use the dialog tag, <dialog>, not dialogOverlay.xul.
 That overlay has been deprecated and will soon be banished from the tree. 
Please use <dialog> instead of <window>.  There are plenty of examples of how to
use this new tag in the tree.

    
    

    
  


  
Dialog tag used for crlImportDialog.xul as well - with ok/cancel button texts
overridden with yes/no.

    
  

        Attachment #60437 -
        Attachment is obsolete: true

    
  

        Attachment #60263 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 60583 [details] [diff] [review]
Patch with <dialog> replacing <window> tag

Nice job, Rangan.
sr=hewitt

        Attachment #60583 -
        Flags: superreview+

    
    

    
  
Patch checked in ...
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
A Few Points to note:
This patch enables automatic crl update; but some issues with crl are still 
open:
* The issues related to crl next update for crl import [bug# 99964] and 
  validation against crl [bug# 98193]. Integration with NSS 3.4 would be  
  required to resolve these.
* Delta CRL issues - Browser still allows them to be downloaded [Bug# 103946]



    
    

    
  
cc-ing Sean

    
    

    
  
Verified fixed.
Status: RESOLVED → VERIFIED

    
  
Product: PSM → Core

    
  
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: