Closed Bug 805305 Opened 12 years ago Closed 7 years ago

remove nsIDataSignatureVerifier::VerifySignature


(Core :: Security: PSM, defect, P1)




Tracking Status
firefox57 --- fixed


(Reporter: briansmith, Assigned: keeler)


(Blocks 1 open bug)


(Keywords: APIchange, Whiteboard: [psm-assigned])


(1 file)

This does a public key operation on the main thread. It is not used by any addons on AMO (according to MXR) and it's only use within Gecko will go away soon. MailNews uses it, but only to initialize PSM and/or to check if PSM exists; I will provide MailNews with another technique for initializing PSM.
The nsISignatureVerifier interface will go away and/or be substantially changed soon, maybe even in Aurora.

AFAICT, all uses of nsISignatureVerifier in comm-central are of the following form:

   nsresult rv;
   nsCOMPtr<nsISignatureVerifier> verifier =
   // this checks if psm is installed...
   if (NS_SUCCEEDED(rv)) {
       // Now we know PSM is available
} // never use verifier

At this point, PSM is not an optional component; it will be available in every build. (I will remove the MOZ_PSM build option soon.) If you need to initialize PSM (which must happen on the main thread), then the recommend way to do so is:

    nsresult rv;
    nsCOMPtr<nsISupports> dummyUsedToEnsureNSSIsInitialized
      = do_GetService(";1", &rv);
    NS_ENSURE_SUCCESS(rv, rv);

as exemplified by toolkit/identity/IdentityCryptoService.cpp and other places within Gecko.
Keywords: APIchange
OS: Windows 7 → All
Hardware: x86_64 → All
Target Milestone: --- → mozilla19
Depends on: 807451
I wasted 2 days on looking for the reason why this interface is not usable with javascript. It does not even show up in the firefox. eventually, I came to here. I would say, this interface is not bad.
if you can keep it, then with window.crypto.signText, I can sign on something
and with this iterface, I can verify something.

This interface is especially good to be called from content page. since it does not require the caller to find the certificate.
can we keep this and make it scriptable? or add it to the crypto?
Summary: Remove nsISignatureVerifier and/or nsISignatureVerifier::VerifySignature → remove nsIDataSignatureVerifier::VerifySignature
Whiteboard: [psm-cleanup]
Priority: -- → P3
Removing this means removing the "old way" of signing add-ons. See
Assignee: nobody → dkeeler
Priority: P3 → P1
Summary: remove nsIDataSignatureVerifier::VerifySignature → remove nsIDataSignatureVerifier::VerifySignature (and, consequently, old-style add-on signing)
Whiteboard: [psm-cleanup] → [psm-assigned]
Actually, maybe this would be easier as (at least) two bugs.
Summary: remove nsIDataSignatureVerifier::VerifySignature (and, consequently, old-style add-on signing) → remove nsIDataSignatureVerifier::VerifySignature
Comment on attachment 8906781 [details]
bug 805305 - remove nsIDataSignatureVerifier.verifySignature
Attachment #8906781 - Flags: review?(mgoodwin) → review+
Pushed by
remove nsIDataSignatureVerifier.verifySignature r=mgoodwin
You need to log in before you can comment on or make changes to this bug.