--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -544,22 +544,25 @@ NSSCertDBTrustDomain::CheckRevocation(En
return rv;
}
SECItem ocspRequestItem = {
siBuffer,
ocspRequest,
static_cast<unsigned int>(ocspRequestLength)
};
// Owned by arena
- const SECItem* responseSECItem =
+ SECItem* responseSECItem = nullptr;
+ Result tempRV =
DoOCSPRequest(arena.get(), url, &ocspRequestItem,
OCSPFetchingTypeToTimeoutTime(mOCSPFetching),
- mOCSPGetConfig == CertVerifier::ocspGetEnabled);
- if (!responseSECItem) {
- rv = MapPRErrorCodeToResult(PR_GetError());
+ mOCSPGetConfig == CertVerifier::ocspGetEnabled,
+ responseSECItem);
+ MOZ_ASSERT((tempRV != Success) || responseSECItem);
+ if (tempRV != Success) {
+ rv = tempRV;
} else if (response.Init(responseSECItem->data, responseSECItem->len)
!= Success) {
rv = Result::ERROR_OCSP_MALFORMED_RESPONSE; // too big
}
attemptedRequest = true;
} else {
rv = cachedResponseResult;
attemptedRequest = false;
--- a/security/certverifier/OCSPRequestor.cpp
+++ b/security/certverifier/OCSPRequestor.cpp
@@ -65,95 +65,87 @@ AppendEscapedBase64Item(const SECItem* e
// http://tools.ietf.org/html/rfc5019#section-5
base64Request.ReplaceSubstring("+", "%2B");
base64Request.ReplaceSubstring("/", "%2F");
base64Request.ReplaceSubstring("=", "%3D");
path.Append(base64Request);
return NS_OK;
}
-SECItem*
+Result
DoOCSPRequest(PLArenaPool* arena, const char* url,
const SECItem* encodedRequest, PRIntervalTime timeout,
- bool useGET)
+ bool useGET,
+ /*out*/ SECItem*& encodedResponse)
{
if (!arena || !url || !encodedRequest || !encodedRequest->data) {
- PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
- return nullptr;
+ return Result::FATAL_ERROR_INVALID_ARGS;
}
uint32_t urlLen = PL_strlen(url);
if (urlLen > static_cast<uint32_t>(std::numeric_limits<int32_t>::max())) {
- PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
- return nullptr;
+ return Result::FATAL_ERROR_INVALID_ARGS;
}
nsCOMPtr<nsIURLParser> urlParser = do_GetService(NS_STDURLPARSER_CONTRACTID);
if (!urlParser) {
- PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
- return nullptr;
+ return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
uint32_t schemePos;
int32_t schemeLen;
uint32_t authorityPos;
int32_t authorityLen;
uint32_t pathPos;
int32_t pathLen;
- nsresult rv = urlParser->ParseURL(url, static_cast<int32_t>(urlLen),
- &schemePos, &schemeLen,
- &authorityPos, &authorityLen,
- &pathPos, &pathLen);
- if (NS_FAILED(rv)) {
- PR_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, 0);
- return nullptr;
+ nsresult nsrv = urlParser->ParseURL(url, static_cast<int32_t>(urlLen),
+ &schemePos, &schemeLen,
+ &authorityPos, &authorityLen,
+ &pathPos, &pathLen);
+ if (NS_FAILED(nsrv)) {
+ return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
}
if (schemeLen < 0 || authorityLen < 0) {
- PR_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, 0);
- return nullptr;
+ return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
}
nsAutoCString scheme(url + schemePos,
static_cast<nsAutoCString::size_type>(schemeLen));
if (!scheme.LowerCaseEqualsLiteral("http")) {
- // We dont support https:// to avoid loops see Bug 92923
- PR_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, 0);
- return nullptr;
+ // We don't support HTTPS to avoid loops. See Bug 92923.
+ // We also in general only support HTTP.
+ return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
}
uint32_t hostnamePos;
int32_t hostnameLen;
int32_t port;
- // We do not support urls with user@pass sections in the URL,
- // In cas we find them we will ignore and try to connect with
- rv = urlParser->ParseAuthority(url + authorityPos, authorityLen,
- nullptr, nullptr, nullptr, nullptr,
- &hostnamePos, &hostnameLen, &port);
- if (NS_FAILED(rv)) {
- PR_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, 0);
- return nullptr;
+ // We ignore user:password sections: if one is present, we send an OCSP
+ // request to the URL as normal without sending the username or password.
+ nsrv = urlParser->ParseAuthority(url + authorityPos, authorityLen,
+ nullptr, nullptr, nullptr, nullptr,
+ &hostnamePos, &hostnameLen, &port);
+ if (NS_FAILED(nsrv)) {
+ return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
}
if (hostnameLen < 0) {
- PR_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, 0);
- return nullptr;
+ return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
}
if (port == -1) {
port = 80;
} else if (port < 0 || port > 0xffff) {
- PR_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION, 0);
- return nullptr;
+ return Result::ERROR_CERT_BAD_ACCESS_LOCATION;
}
nsAutoCString
hostname(url + authorityPos + hostnamePos,
static_cast<nsACString_internal::size_type>(hostnameLen));
SEC_HTTP_SERVER_SESSION serverSessionPtr = nullptr;
- if (nsNSSHttpInterface::createSessionFcn(hostname.BeginReading(),
- static_cast<uint16_t>(port),
- &serverSessionPtr) != SECSuccess) {
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- return nullptr;
+ Result rv = nsNSSHttpInterface::createSessionFcn(
+ hostname.BeginReading(), static_cast<uint16_t>(port), &serverSessionPtr);
+ if (rv != Success) {
+ return rv;
}
ScopedHTTPServerSession serverSession(
reinterpret_cast<nsNSSHttpServerSession*>(serverSessionPtr));
nsAutoCString path;
if (pathLen > 0) {
path.Assign(url + pathPos, static_cast<nsAutoCString::size_type>(pathLen));
} else {
@@ -163,64 +155,58 @@ DoOCSPRequest(PLArenaPool* arena, const
("Setting up OCSP request: pre all path =%s pathlen=%d\n", path.get(),
pathLen));
nsAutoCString method("POST");
if (useGET) {
method.Assign("GET");
if (!StringEndsWith(path, NS_LITERAL_CSTRING("/"))) {
path.Append("/");
}
- nsresult rv = AppendEscapedBase64Item(encodedRequest, path);
- if (NS_WARN_IF(NS_FAILED(rv))) {
- return nullptr;
+ nsresult nsrv = AppendEscapedBase64Item(encodedRequest, path);
+ if (NS_WARN_IF(NS_FAILED(nsrv))) {
+ return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
}
SEC_HTTP_REQUEST_SESSION requestSessionPtr;
- if (nsNSSHttpInterface::createFcn(serverSession.get(), "http",
- path.get(), method.get(),
- timeout, &requestSessionPtr)
- != SECSuccess) {
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- return nullptr;
+ rv = nsNSSHttpInterface::createFcn(serverSession.get(), "http", path.get(),
+ method.get(), timeout, &requestSessionPtr);
+ if (rv != Success) {
+ return rv;
}
ScopedHTTPRequestSession requestSession(
reinterpret_cast<nsNSSHttpRequestSession*>(requestSessionPtr));
if (!useGET) {
- if (nsNSSHttpInterface::setPostDataFcn(requestSession.get(),
- reinterpret_cast<char*>(encodedRequest->data), encodedRequest->len,
- "application/ocsp-request") != SECSuccess) {
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- return nullptr;
+ rv = nsNSSHttpInterface::setPostDataFcn(
+ requestSession.get(), reinterpret_cast<char*>(encodedRequest->data),
+ encodedRequest->len, "application/ocsp-request");
+ if (rv != Success) {
+ return rv;
}
}
uint16_t httpResponseCode;
const char* httpResponseData;
uint32_t httpResponseDataLen = 0; // 0 means any response size is acceptable
- if (nsNSSHttpInterface::trySendAndReceiveFcn(requestSession.get(), nullptr,
- &httpResponseCode, nullptr,
- nullptr, &httpResponseData,
- &httpResponseDataLen)
- != SECSuccess) {
- PR_SetError(SEC_ERROR_OCSP_SERVER_ERROR, 0);
- return nullptr;
+ rv = nsNSSHttpInterface::trySendAndReceiveFcn(requestSession.get(), nullptr,
+ &httpResponseCode, nullptr,
+ nullptr, &httpResponseData,
+ &httpResponseDataLen);
+ if (rv != Success) {
+ return rv;
}
if (httpResponseCode != 200) {
- PR_SetError(SEC_ERROR_OCSP_SERVER_ERROR, 0);
- return nullptr;
+ return Result::ERROR_OCSP_SERVER_ERROR;
}
- SECItem* encodedResponse = SECITEM_AllocItem(arena, nullptr,
- httpResponseDataLen);
+ encodedResponse = SECITEM_AllocItem(arena, nullptr, httpResponseDataLen);
if (!encodedResponse) {
- PR_SetError(SEC_ERROR_NO_MEMORY, 0);
- return nullptr;
+ return Result::FATAL_ERROR_NO_MEMORY;
}
memcpy(encodedResponse->data, httpResponseData, httpResponseDataLen);
- return encodedResponse;
+ return Success;
}
} } // namespace mozilla::psm
--- a/security/certverifier/OCSPRequestor.h
+++ b/security/certverifier/OCSPRequestor.h
@@ -7,16 +7,17 @@
#ifndef mozilla_psm_OCSPRequestor_h
#define mozilla_psm_OCSPRequestor_h
#include "CertVerifier.h"
#include "secmodt.h"
namespace mozilla { namespace psm {
-// The memory returned is owned by the given arena.
-SECItem* DoOCSPRequest(PLArenaPool* arena, const char* url,
- const SECItem* encodedRequest, PRIntervalTime timeout,
- bool useGET);
+// The memory returned via |encodedResponse| is owned by the given arena.
+Result DoOCSPRequest(PLArenaPool* arena, const char* url,
+ const SECItem* encodedRequest, PRIntervalTime timeout,
+ bool useGET,
+ /*out*/ SECItem*& encodedResponse);
} } // namespace mozilla::psm
#endif // mozilla_psm_OCSPRequestor_h
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -93,18 +93,17 @@ nsHTTPDownloadEvent::Run()
nsContentUtils::GetSystemPrincipal(),
nullptr, // aTriggeringPrincipal
nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
nsIContentPolicy::TYPE_OTHER,
getter_AddRefs(chan));
NS_ENSURE_STATE(chan);
// Security operations scheduled through normal HTTP channels are given
- // high priority to accommodate real time OCSP transactions. Background CRL
- // fetches happen through a different path (CRLDownloadEvent).
+ // high priority to accommodate real time OCSP transactions.
nsCOMPtr<nsISupportsPriority> priorityChannel = do_QueryInterface(chan);
if (priorityChannel)
priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST);
chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS |
nsIChannel::LOAD_BYPASS_SERVICE_WORKER);
// Create a loadgroup for this new channel. This way if the channel
@@ -126,17 +125,17 @@ nsHTTPDownloadEvent::Run()
rv = uploadChannel->SetUploadStream(uploadStream,
mRequestSession->mPostContentType,
-1);
NS_ENSURE_SUCCESS(rv, rv);
}
// Do not use SPDY for internal security operations. It could result
// in the silent upgrade to ssl, which in turn could require an SSL
- // operation to fufill something like a CRL fetch, which is an
+ // operation to fulfill something like an OCSP fetch, which is an
// endless loop.
nsCOMPtr<nsIHttpChannelInternal> internalChannel = do_QueryInterface(chan);
if (internalChannel) {
rv = internalChannel->SetAllowSpdy(false);
NS_ENSURE_SUCCESS(rv, rv);
}
nsCOMPtr<nsIHttpChannel> hchan = do_QueryInterface(chan);
@@ -180,52 +179,59 @@ struct nsCancelHTTPDownloadEvent : nsRun
NS_IMETHOD Run() {
mListener->FreeLoadGroup(true);
mListener = nullptr;
return NS_OK;
}
};
-SECStatus nsNSSHttpServerSession::createSessionFcn(const char *host,
- uint16_t portnum,
- SEC_HTTP_SERVER_SESSION *pSession)
+Result
+nsNSSHttpServerSession::createSessionFcn(const char* host,
+ uint16_t portnum,
+ SEC_HTTP_SERVER_SESSION* pSession)
{
- if (!host || !pSession)
- return SECFailure;
+ if (!host || !pSession) {
+ return Result::FATAL_ERROR_INVALID_ARGS;
+ }
- nsNSSHttpServerSession *hss = new nsNSSHttpServerSession;
- if (!hss)
- return SECFailure;
+ nsNSSHttpServerSession* hss = new nsNSSHttpServerSession;
+ if (!hss) {
+ return Result::FATAL_ERROR_NO_MEMORY;
+ }
hss->mHost = host;
hss->mPort = portnum;
*pSession = hss;
- return SECSuccess;
+ return Success;
}
-SECStatus nsNSSHttpRequestSession::createFcn(SEC_HTTP_SERVER_SESSION session,
- const char *http_protocol_variant,
- const char *path_and_query_string,
- const char *http_request_method,
- const PRIntervalTime timeout,
- SEC_HTTP_REQUEST_SESSION *pRequest)
+Result
+nsNSSHttpRequestSession::createFcn(SEC_HTTP_SERVER_SESSION session,
+ const char* http_protocol_variant,
+ const char* path_and_query_string,
+ const char* http_request_method,
+ const PRIntervalTime timeout,
+ SEC_HTTP_REQUEST_SESSION* pRequest)
{
- if (!session || !http_protocol_variant || !path_and_query_string ||
- !http_request_method || !pRequest)
- return SECFailure;
+ if (!session || !http_protocol_variant || !path_and_query_string ||
+ !http_request_method || !pRequest) {
+ return Result::FATAL_ERROR_INVALID_ARGS;
+ }
nsNSSHttpServerSession* hss = static_cast<nsNSSHttpServerSession*>(session);
- if (!hss)
- return SECFailure;
+ if (!hss) {
+ return Result::FATAL_ERROR_INVALID_ARGS;
+ }
- nsNSSHttpRequestSession *rs = new nsNSSHttpRequestSession;
- if (!rs)
- return SECFailure;
+ nsNSSHttpRequestSession* rs = new nsNSSHttpRequestSession;
+ if (!rs) {
+ return Result::FATAL_ERROR_NO_MEMORY;
+ }
rs->mTimeoutInterval = timeout;
// Use a maximum timeout value of 10 seconds because of bug 404059.
// FIXME: Use a better approach once 406120 is ready.
uint32_t maxBug404059Timeout = PR_TicksPerSecond() * 10;
if (timeout > maxBug404059Timeout) {
rs->mTimeoutInterval = maxBug404059Timeout;
@@ -236,68 +242,67 @@ SECStatus nsNSSHttpRequestSession::creat
rs->mURL.Append(hss->mHost);
rs->mURL.Append(':');
rs->mURL.AppendInt(hss->mPort);
rs->mURL.Append(path_and_query_string);
rs->mRequestMethod = http_request_method;
*pRequest = (void*)rs;
- return SECSuccess;
+ return Success;
}
-SECStatus nsNSSHttpRequestSession::setPostDataFcn(const char *http_data,
- const uint32_t http_data_len,
- const char *http_content_type)
+Result
+nsNSSHttpRequestSession::setPostDataFcn(const char* http_data,
+ const uint32_t http_data_len,
+ const char* http_content_type)
{
mHasPostData = true;
mPostData.Assign(http_data, http_data_len);
mPostContentType.Assign(http_content_type);
- return SECSuccess;
+ return Success;
}
-SECStatus nsNSSHttpRequestSession::trySendAndReceiveFcn(PRPollDesc **pPollDesc,
- uint16_t *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- uint32_t *http_response_data_len)
+Result
+nsNSSHttpRequestSession::trySendAndReceiveFcn(PRPollDesc** pPollDesc,
+ uint16_t* http_response_code,
+ const char** http_response_content_type,
+ const char** http_response_headers,
+ const char** http_response_data,
+ uint32_t* http_response_data_len)
{
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSHttpRequestSession::trySendAndReceiveFcn to %s\n", mURL.get()));
bool onSTSThread;
nsresult nrv;
nsCOMPtr<nsIEventTarget> sts
= do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
if (NS_FAILED(nrv)) {
NS_ERROR("Could not get STS service");
- PR_SetError(PR_INVALID_STATE_ERROR, 0);
- return SECFailure;
+ return Result::FATAL_ERROR_INVALID_STATE;
}
nrv = sts->IsOnCurrentThread(&onSTSThread);
if (NS_FAILED(nrv)) {
NS_ERROR("IsOnCurrentThread failed");
- PR_SetError(PR_INVALID_STATE_ERROR, 0);
- return SECFailure;
+ return Result::FATAL_ERROR_INVALID_STATE;
}
if (onSTSThread) {
NS_ERROR("nsNSSHttpRequestSession::trySendAndReceiveFcn called on socket "
"thread; this will not work.");
- PR_SetError(PR_INVALID_STATE_ERROR, 0);
- return SECFailure;
+ return Result::FATAL_ERROR_INVALID_STATE;
}
const int max_retries = 2;
int retry_count = 0;
bool retryable_error = false;
- SECStatus result_sec_status = SECFailure;
+ Result rv = Result::ERROR_UNKNOWN_ERROR;
do
{
if (retry_count > 0)
{
if (retryable_error)
{
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
@@ -306,17 +311,17 @@ SECStatus nsNSSHttpRequestSession::trySe
}
PR_Sleep( PR_MillisecondsToInterval(300) * retry_count );
}
++retry_count;
retryable_error = false;
- result_sec_status =
+ rv =
internal_send_receive_attempt(retryable_error, pPollDesc, http_response_code,
http_response_content_type, http_response_headers,
http_response_data, http_response_data_len);
}
while (retryable_error &&
retry_count < max_retries);
if (retry_count > 1)
@@ -325,17 +330,17 @@ SECStatus nsNSSHttpRequestSession::trySe
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSHttpRequestSession::trySendAndReceiveFcn - still failing, giving up...\n"));
else
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("nsNSSHttpRequestSession::trySendAndReceiveFcn - success at attempt %d\n",
retry_count));
}
- return result_sec_status;
+ return rv;
}
void
nsNSSHttpRequestSession::AddRef()
{
++mRefCount;
}
@@ -343,17 +348,17 @@ void
nsNSSHttpRequestSession::Release()
{
int32_t newRefCount = --mRefCount;
if (!newRefCount) {
delete this;
}
}
-SECStatus
+Result
nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error,
PRPollDesc **pPollDesc,
uint16_t *http_response_code,
const char **http_response_content_type,
const char **http_response_headers,
const char **http_response_data,
uint32_t *http_response_data_len)
{
@@ -365,38 +370,39 @@ nsNSSHttpRequestSession::internal_send_r
uint32_t acceptableResultSize = 0;
if (http_response_data_len)
{
acceptableResultSize = *http_response_data_len;
*http_response_data_len = 0;
}
-
- if (!mListener)
- return SECFailure;
+
+ if (!mListener) {
+ return Result::FATAL_ERROR_INVALID_STATE;
+ }
Mutex& waitLock = mListener->mLock;
CondVar& waitCondition = mListener->mCondition;
volatile bool &waitFlag = mListener->mWaitFlag;
waitFlag = true;
RefPtr<nsHTTPDownloadEvent> event(new nsHTTPDownloadEvent);
- if (!event)
- return SECFailure;
+ if (!event) {
+ return Result::FATAL_ERROR_NO_MEMORY;
+ }
event->mListener = mListener;
this->AddRef();
event->mRequestSession = this;
nsresult rv = NS_DispatchToMainThread(event);
- if (NS_FAILED(rv))
- {
+ if (NS_FAILED(rv)) {
event->mResponsibleForDoneSignal = false;
- return SECFailure;
+ return Result::FATAL_ERROR_LIBRARY_FAILURE;
}
bool request_canceled = false;
{
MutexAutoLock locker(waitLock);
const PRIntervalTime start_time = PR_IntervalNow();
@@ -483,57 +489,53 @@ nsNSSHttpRequestSession::internal_send_r
Telemetry::CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME,
event->mStartTime, TimeStamp::Now());
}
}
else {
Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3);
}
- if (request_canceled)
- return SECFailure;
+ if (request_canceled) {
+ return Result::ERROR_OCSP_SERVER_ERROR;
+ }
- if (NS_FAILED(mListener->mResultCode))
- {
- if (mListener->mResultCode == NS_ERROR_CONNECTION_REFUSED
- ||
- mListener->mResultCode == NS_ERROR_NET_RESET)
- {
+ if (NS_FAILED(mListener->mResultCode)) {
+ if (mListener->mResultCode == NS_ERROR_CONNECTION_REFUSED ||
+ mListener->mResultCode == NS_ERROR_NET_RESET) {
retryable_error = true;
}
- return SECFailure;
+ return Result::ERROR_OCSP_SERVER_ERROR;
}
if (http_response_code)
*http_response_code = mListener->mHttpResponseCode;
- if (mListener->mHttpRequestSucceeded && http_response_data && http_response_data_len) {
+ if (mListener->mHttpRequestSucceeded && http_response_data &&
+ http_response_data_len) {
+ *http_response_data_len = mListener->mResultLen;
- *http_response_data_len = mListener->mResultLen;
-
// acceptableResultSize == 0 means: any size is acceptable
- if (acceptableResultSize != 0
- &&
- acceptableResultSize < mListener->mResultLen)
- {
- return SECFailure;
+ if (acceptableResultSize != 0 &&
+ acceptableResultSize < mListener->mResultLen) {
+ return Result::ERROR_OCSP_SERVER_ERROR;
}
- // return data by reference, result data will be valid
- // until "this" gets destroyed by NSS
+ // Return data by reference, result data will be valid until "this" gets
+ // destroyed.
*http_response_data = (const char*)mListener->mResultData;
}
if (mListener->mHttpRequestSucceeded && http_response_content_type) {
if (mListener->mHttpResponseContentType.Length()) {
*http_response_content_type = mListener->mHttpResponseContentType.get();
}
}
- return SECSuccess;
+ return Success;
}
nsNSSHttpRequestSession::nsNSSHttpRequestSession()
: mRefCount(1),
mHasPostData(false),
mTimeoutInterval(0),
mListener(new nsHTTPListener)
{
--- a/security/manager/ssl/nsNSSCallbacks.h
+++ b/security/manager/ssl/nsNSSCallbacks.h
@@ -11,16 +11,17 @@
#include "mozilla/CondVar.h"
#include "mozilla/Mutex.h"
#include "nsAutoPtr.h"
#include "nsCOMPtr.h"
#include "nsIStreamLoader.h"
#include "nspr.h"
#include "nsString.h"
#include "pk11func.h"
+#include "pkix/pkixtypes.h"
#include "ocspt.h" // Must be included after pk11func.h.
class nsILoadGroup;
char*
PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
@@ -51,133 +52,141 @@ public:
nsresult mResultCode;
bool mHttpRequestSucceeded;
uint16_t mHttpResponseCode;
nsCString mHttpResponseContentType;
const uint8_t* mResultData; // allocated in loader, but owned by listener
uint32_t mResultLen;
-
+
mozilla::Mutex mLock;
mozilla::CondVar mCondition;
volatile bool mWaitFlag;
-
+
bool mResponsibleForDoneSignal;
void send_done_signal();
// no nsCOMPtr. When I use it, I get assertions about
// loadgroup not being thread safe.
// So, let's use a raw pointer and ensure we only create and destroy
// it on the network thread ourselves.
nsILoadGroup *mLoadGroup;
PRThread *mLoadGroupOwnerThread;
void FreeLoadGroup(bool aCancelLoad);
};
class nsNSSHttpServerSession
{
public:
- nsCString mHost;
- uint16_t mPort;
+ typedef mozilla::pkix::Result Result;
- static SECStatus createSessionFcn(const char *host,
- uint16_t portnum,
- SEC_HTTP_SERVER_SESSION *pSession);
+ nsCString mHost;
+ uint16_t mPort;
+
+ static Result createSessionFcn(const char* host,
+ uint16_t portnum,
+ SEC_HTTP_SERVER_SESSION* pSession);
};
class nsNSSHttpRequestSession
{
protected:
mozilla::ThreadSafeAutoRefCnt mRefCount;
public:
- static SECStatus createFcn(SEC_HTTP_SERVER_SESSION session,
- const char *http_protocol_variant,
- const char *path_and_query_string,
- const char *http_request_method,
- const PRIntervalTime timeout,
- SEC_HTTP_REQUEST_SESSION *pRequest);
+ typedef mozilla::pkix::Result Result;
+
+ static Result createFcn(SEC_HTTP_SERVER_SESSION session,
+ const char* httpProtocolVariant,
+ const char* pathAndQueryString,
+ const char* httpRequestMethod,
+ const PRIntervalTime timeout,
+ SEC_HTTP_REQUEST_SESSION* pRequest);
- SECStatus setPostDataFcn(const char *http_data,
- const uint32_t http_data_len,
- const char *http_content_type);
+ Result setPostDataFcn(const char* httpData,
+ const uint32_t httpDataLen,
+ const char* httpContentType);
- SECStatus trySendAndReceiveFcn(PRPollDesc **pPollDesc,
- uint16_t *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- uint32_t *http_response_data_len);
+ Result trySendAndReceiveFcn(PRPollDesc** pPollDesc,
+ uint16_t* httpResponseCode,
+ const char** httpResponseContentType,
+ const char** httpResponseHeaders,
+ const char** httpResponseData,
+ uint32_t* httpResponseDataLen);
void AddRef();
void Release();
nsCString mURL;
nsCString mRequestMethod;
-
+
bool mHasPostData;
nsCString mPostData;
nsCString mPostContentType;
-
+
PRIntervalTime mTimeoutInterval;
-
+
RefPtr<nsHTTPListener> mListener;
-
+
protected:
nsNSSHttpRequestSession();
~nsNSSHttpRequestSession();
- SECStatus internal_send_receive_attempt(bool &retryable_error,
- PRPollDesc **pPollDesc,
- uint16_t *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- uint32_t *http_response_data_len);
+ Result internal_send_receive_attempt(bool& retryableError,
+ PRPollDesc** pPollDesc,
+ uint16_t* httpResponseCode,
+ const char** httpResponseContentType,
+ const char** httpResponseHeaders,
+ const char** httpResponseData,
+ uint32_t* httpResponseDataLen);
};
class nsNSSHttpInterface
{
public:
- static SECStatus createSessionFcn(const char *host,
- uint16_t portnum,
- SEC_HTTP_SERVER_SESSION *pSession)
+ typedef mozilla::pkix::Result Result;
+
+ static Result createSessionFcn(const char* host,
+ uint16_t portnum,
+ SEC_HTTP_SERVER_SESSION* pSession)
{
return nsNSSHttpServerSession::createSessionFcn(host, portnum, pSession);
}
- static SECStatus createFcn(SEC_HTTP_SERVER_SESSION session,
- const char *http_protocol_variant,
- const char *path_and_query_string,
- const char *http_request_method,
- const PRIntervalTime timeout,
- SEC_HTTP_REQUEST_SESSION *pRequest)
+ static Result createFcn(SEC_HTTP_SERVER_SESSION session,
+ const char* httpProtocolVariant,
+ const char* pathAndQueryString,
+ const char* httpRequestMethod,
+ const PRIntervalTime timeout,
+ SEC_HTTP_REQUEST_SESSION* pRequest)
{
- return nsNSSHttpRequestSession::createFcn(session, http_protocol_variant,
- path_and_query_string, http_request_method,
- timeout, pRequest);
+ return nsNSSHttpRequestSession::createFcn(session, httpProtocolVariant,
+ pathAndQueryString,
+ httpRequestMethod, timeout,
+ pRequest);
}
- static SECStatus setPostDataFcn(SEC_HTTP_REQUEST_SESSION request,
- const char *http_data,
- const uint32_t http_data_len,
- const char *http_content_type)
+ static Result setPostDataFcn(SEC_HTTP_REQUEST_SESSION request,
+ const char* httpData,
+ const uint32_t httpDataLen,
+ const char* httpContentType)
{
return static_cast<nsNSSHttpRequestSession*>(request)
- ->setPostDataFcn(http_data, http_data_len, http_content_type);
+ ->setPostDataFcn(httpData, httpDataLen, httpContentType);
}
- static SECStatus trySendAndReceiveFcn(SEC_HTTP_REQUEST_SESSION request,
- PRPollDesc **pPollDesc,
- uint16_t *http_response_code,
- const char **http_response_content_type,
- const char **http_response_headers,
- const char **http_response_data,
- uint32_t *http_response_data_len)
+ static Result trySendAndReceiveFcn(SEC_HTTP_REQUEST_SESSION request,
+ PRPollDesc** pPollDesc,
+ uint16_t* httpResponseCode,
+ const char** httpResponseContentType,
+ const char** httpResponseHeaders,
+ const char** httpResponseData,
+ uint32_t* httpResponseDataLen)
{
return static_cast<nsNSSHttpRequestSession*>(request)
- ->trySendAndReceiveFcn(pPollDesc, http_response_code, http_response_content_type,
- http_response_headers, http_response_data, http_response_data_len);
+ ->trySendAndReceiveFcn(pPollDesc, httpResponseCode,
+ httpResponseContentType, httpResponseHeaders,
+ httpResponseData, httpResponseDataLen);
}
};
#endif // nsNSSCallbacks_h