Closed Bug 1577836 Opened 3 years ago Closed 3 years ago

Remove nsIX509CertList from getCerts and loadCertsFromCache

Categories

(Core :: Security: PSM, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- affected

People

(Reporter: sefeng, Assigned: sefeng)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(2 files, 6 obsolete files)

nsNSSCertList/ nsIX509CertList is redundant as it can be replaced by Array<nsIX509Cert>. Constructing nsNSSCertList is expensive as it required the raw cert to be decoded.

Blocks: 1566191

This patch removes nsIX509CertList for LoadCertsFromCache,
GetCerts and AsPKCS7Blob.

This is a helper function that is used t compare two Array of
nsIX509Cert.

Depends on D44239

Since we are removing nsIX509CertList, some of the helper functions
need to be duplicated with small modifications to adapt the new
certList format.

Depends on D44240

Depends on D44241

Depends on D44243

nsNSSCertList/nsIX509CertList are redundant, and also contructing
them are expensive. so it is replaced by Array<nsIX509Cert>

Depends on D44244

Attachment #9089494 - Attachment description: Bug 1577836 - Remove nsIX509CertList from some APIs → Bug 1577836 - Remove nsIX509CertList from getCerts and loadCertsFromCache

Depends on D44239

Attachment #9089495 - Attachment description: Bug 1577836 - Add certListEquals function to nsIX509CertDB → Bug 1577836 - Add certListEquals function to nsIX509CertDB r=keeler
Attachment #9089496 - Attachment description: Bug 1577836 - Duplicate some helper functions from nsIX509CertList → Bug 1577836 - Duplicate some helper functions from nsIX509CertList r=keeler
Attachment #9089497 - Attachment description: Bug 1577836 - Remove nsIX509CertList from TransportSecurityInfo → Bug 1577836 - Remove nsIX509CertList from TransportSecurityInfo r=keeler
Attachment #9089499 - Attachment description: Bug 1577836 - Remove nsIX509CertList from verifyCertFinished → Bug 1577836 - Remove nsIX509CertList from verifyCertFinished r=keeler
Attachment #9089500 - Attachment description: Bug 1577836 - Remove nsNSSCertList/nsIX509CertList → Bug 1577836 - Remove nsNSSCertList/nsIX509CertList r=keeler
Attachment #9089494 - Attachment description: Bug 1577836 - Remove nsIX509CertList from getCerts and loadCertsFromCache → Bug 1577836 - Remove nsIX509CertList from getCerts and loadCertsFromCache r=keeler

The signatureInfo that has been used in ExternalHelperAppService and
ReputationService has been stored Array of nsIX509CertList, which
isn't necessary because only the raw bytes of the certs are required.
This patch intends to remove the usage of nsIX509CertList and store
the raw bytes directly.

Priority: -- → P1
Whiteboard: [psm-assigned]
Pushed by sefeng@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/b4e80141db47
Remove nsIX509CertList from getCerts and loadCertsFromCache r=keeler
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

Reopen the bug as only the first patch got landed.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #9089495 - Attachment description: Bug 1577836 - Add certListEquals function to nsIX509CertDB r=keeler → Bug 1577836 - Add are_certChains_equal function to head_psm.js r=keeler
Attachment #9090395 - Attachment description: Bug 1577836 - Update signatureInfo to Array of Array of Bytes r=keeler → Bug 1577836 - Update signatureInfo to Array of Array of nsIX509Cert(in raw bytes) r=keeler
Duplicate of this bug: 1580304
Summary: Replace nsIX509CertList with Array<nsIX509Cert> → Remove nsIX509CertList from getCerts and loadCertsFromCache
Blocks: 1580304
No longer blocks: 1566191

Comment on attachment 9090131 [details]
Bug 1577836 - Remove nsIX509CertList from asPKCS7Blob r=keeler

Revision D44516 was moved to bug 1580313. Setting attachment 9090131 [details] to obsolete.

Attachment #9090131 - Attachment is obsolete: true

Comment on attachment 9089496 [details]
Bug 1577836 - Duplicate some helper functions from nsIX509CertList r=keeler

Revision D44241 was moved to bug 1580315. Setting attachment 9089496 [details] to obsolete.

Attachment #9089496 - Attachment is obsolete: true

Comment on attachment 9089497 [details]
Bug 1577836 - Remove nsIX509CertList from TransportSecurityInfo r=keeler

Revision D44242 was moved to bug 1580315. Setting attachment 9089497 [details] to obsolete.

Attachment #9089497 - Attachment is obsolete: true

Comment on attachment 9090395 [details]
Bug 1577836 - Update signatureInfo to Array of Array of nsIX509Cert(in raw bytes) r=keeler

Revision D44243 was moved to bug 1580316. Setting attachment 9090395 [details] to obsolete.

Attachment #9090395 - Attachment is obsolete: true

Comment on attachment 9089499 [details]
Bug 1577836 - Remove nsIX509CertList from verifyCertFinished r=keeler

Revision D44244 was moved to bug 1580318. Setting attachment 9089499 [details] to obsolete.

Attachment #9089499 - Attachment is obsolete: true

Comment on attachment 9089500 [details]
Bug 1577836 - Remove nsNSSCertList/nsIX509CertList r=keeler

Revision D44245 was moved to bug 1580304. Setting attachment 9089500 [details] to obsolete.

Attachment #9089500 - Attachment is obsolete: true

I re-purposed this bug to only for the patch that is landed, the rest of the patches got moved to other bugs. Resolving this bug as the patch landed.

Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
Keywords: leave-open
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.