Loading browser/components/urlbar/tests/browser/browser_speculative_connect_not_with_client_cert.js +37 −58 Original line number Diff line number Diff line Loading @@ -40,10 +40,6 @@ const clientAuthDialogs = { is(certList.length, 1, "should have only one client certificate available"); selectedIndex.value = 0; rememberClientAuthCertificate.value = false; ok( !chooseCertificateCalled, "chooseCertificate should only be called once" ); chooseCertificateCalled = true; return true; }, Loading @@ -51,24 +47,31 @@ const clientAuthDialogs = { QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogs"]), }; /** * A helper class to use with nsITLSServerConnectionInfo.setSecurityObserver. * Implements nsITLSServerSecurityObserver and simulates an extremely * rudimentary HTTP server that expects an HTTP/1.1 GET request and responds * with a 200 OK. */ class SecurityObserver { constructor(input, output) { this.input = input; this.output = output; } function startServer(cert) { let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance( Ci.nsITLSServerSocket ); tlsServer.init(-1, true, -1); tlsServer.serverCert = cert; let input, output; let listener = { onSocketAccepted(socket, transport) { info("Accepted TLS client connection"); let connectionInfo = transport.securityCallbacks.getInterface( Ci.nsITLSServerConnectionInfo ); connectionInfo.setSecurityObserver(listener); input = transport.openInputStream(0, 0, 0); output = transport.openOutputStream(0, 0, 0); }, onHandshakeDone(socket, status) { info("TLS handshake done"); handshakeDone = true; let output = this.output; this.input.asyncWait( input.asyncWait( { onInputStreamReady(readyInput) { try { Loading @@ -85,7 +88,6 @@ class SecurityObserver { "Connection:Close\r\nContent-Length:2\r\n\r\nOK"; output.write(response, response.length); } catch (e) { console.log(e.message); // This will fail when we close the speculative connection. } }, Loading @@ -94,35 +96,12 @@ class SecurityObserver { 0, Services.tm.currentThread ); } } function startServer(cert) { let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance( Ci.nsITLSServerSocket ); tlsServer.init(-1, true, -1); tlsServer.serverCert = cert; let securityObservers = []; let listener = { onSocketAccepted(socket, transport) { info("Accepted TLS client connection"); let connectionInfo = transport.securityCallbacks.getInterface( Ci.nsITLSServerConnectionInfo ); let input = transport.openInputStream(0, 0, 0); let output = transport.openOutputStream(0, 0, 0); connectionInfo.setSecurityObserver(new SecurityObserver(input, output)); }, onStopListening() { info("onStopListening"); for (let securityObserver of securityObservers) { securityObserver.input.close(); securityObserver.output.close(); } input.close(); output.close(); }, }; Loading netwerk/base/FuzzySocketControl.cpp +0 −2 Original line number Diff line number Diff line Loading @@ -179,7 +179,5 @@ FuzzySocketControl::AsyncGetSecurityInfo(JSContext* aCx, return NS_ERROR_NOT_IMPLEMENTED; } NS_IMETHODIMP FuzzySocketControl::Claim() { return NS_OK; } } // namespace net } // namespace mozilla netwerk/base/Predictor.cpp +6 −0 Original line number Diff line number Diff line Loading @@ -306,6 +306,12 @@ Predictor::GetAllow1918(bool* allow1918) { return NS_OK; } NS_IMETHODIMP Predictor::GetIgnoreUserCertCheck(bool* ignore) { *ignore = false; return NS_OK; } // Predictor::nsIInterfaceRequestor NS_IMETHODIMP Loading netwerk/base/nsISocketTransport.idl +2 −7 Original line number Diff line number Diff line Loading @@ -283,17 +283,12 @@ interface nsISocketTransport : nsITransport * only set on CORS preflight request to allowed sending client certificates * on a connection for an anonymous request. */ const unsigned long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = (1 << 14); const long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = (1 << 14); /** * If set, we've retrying after a failed connection attempt. */ const unsigned long IS_RETRY = (1 << 15); /** * If set, this is a speculative connection. */ const unsigned long IS_SPECULATIVE_CONNECTION = (1 << 16); const long IS_RETRY = (1 << 15); /** * An opaque flags for non-standard behavior of the TLS system. Loading netwerk/base/nsISpeculativeConnect.idl +8 −0 Original line number Diff line number Diff line Loading @@ -68,4 +68,12 @@ interface nsISpeculativeConnectionOverrider : nsISupports * by default speculative connections are not made to RFC 1918 addresses */ [infallible] readonly attribute boolean allow1918; /** * By default the speculative connections triggered by nsISpeculativeConnect * should respect the user certificate checks implemented in nsHttpHandler. * The checks can be ignored for `Link: rel=preconnect` and is also * controlled by a pref. */ [infallible] readonly attribute boolean ignoreUserCertCheck; }; Loading
browser/components/urlbar/tests/browser/browser_speculative_connect_not_with_client_cert.js +37 −58 Original line number Diff line number Diff line Loading @@ -40,10 +40,6 @@ const clientAuthDialogs = { is(certList.length, 1, "should have only one client certificate available"); selectedIndex.value = 0; rememberClientAuthCertificate.value = false; ok( !chooseCertificateCalled, "chooseCertificate should only be called once" ); chooseCertificateCalled = true; return true; }, Loading @@ -51,24 +47,31 @@ const clientAuthDialogs = { QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogs"]), }; /** * A helper class to use with nsITLSServerConnectionInfo.setSecurityObserver. * Implements nsITLSServerSecurityObserver and simulates an extremely * rudimentary HTTP server that expects an HTTP/1.1 GET request and responds * with a 200 OK. */ class SecurityObserver { constructor(input, output) { this.input = input; this.output = output; } function startServer(cert) { let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance( Ci.nsITLSServerSocket ); tlsServer.init(-1, true, -1); tlsServer.serverCert = cert; let input, output; let listener = { onSocketAccepted(socket, transport) { info("Accepted TLS client connection"); let connectionInfo = transport.securityCallbacks.getInterface( Ci.nsITLSServerConnectionInfo ); connectionInfo.setSecurityObserver(listener); input = transport.openInputStream(0, 0, 0); output = transport.openOutputStream(0, 0, 0); }, onHandshakeDone(socket, status) { info("TLS handshake done"); handshakeDone = true; let output = this.output; this.input.asyncWait( input.asyncWait( { onInputStreamReady(readyInput) { try { Loading @@ -85,7 +88,6 @@ class SecurityObserver { "Connection:Close\r\nContent-Length:2\r\n\r\nOK"; output.write(response, response.length); } catch (e) { console.log(e.message); // This will fail when we close the speculative connection. } }, Loading @@ -94,35 +96,12 @@ class SecurityObserver { 0, Services.tm.currentThread ); } } function startServer(cert) { let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance( Ci.nsITLSServerSocket ); tlsServer.init(-1, true, -1); tlsServer.serverCert = cert; let securityObservers = []; let listener = { onSocketAccepted(socket, transport) { info("Accepted TLS client connection"); let connectionInfo = transport.securityCallbacks.getInterface( Ci.nsITLSServerConnectionInfo ); let input = transport.openInputStream(0, 0, 0); let output = transport.openOutputStream(0, 0, 0); connectionInfo.setSecurityObserver(new SecurityObserver(input, output)); }, onStopListening() { info("onStopListening"); for (let securityObserver of securityObservers) { securityObserver.input.close(); securityObserver.output.close(); } input.close(); output.close(); }, }; Loading
netwerk/base/FuzzySocketControl.cpp +0 −2 Original line number Diff line number Diff line Loading @@ -179,7 +179,5 @@ FuzzySocketControl::AsyncGetSecurityInfo(JSContext* aCx, return NS_ERROR_NOT_IMPLEMENTED; } NS_IMETHODIMP FuzzySocketControl::Claim() { return NS_OK; } } // namespace net } // namespace mozilla
netwerk/base/Predictor.cpp +6 −0 Original line number Diff line number Diff line Loading @@ -306,6 +306,12 @@ Predictor::GetAllow1918(bool* allow1918) { return NS_OK; } NS_IMETHODIMP Predictor::GetIgnoreUserCertCheck(bool* ignore) { *ignore = false; return NS_OK; } // Predictor::nsIInterfaceRequestor NS_IMETHODIMP Loading
netwerk/base/nsISocketTransport.idl +2 −7 Original line number Diff line number Diff line Loading @@ -283,17 +283,12 @@ interface nsISocketTransport : nsITransport * only set on CORS preflight request to allowed sending client certificates * on a connection for an anonymous request. */ const unsigned long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = (1 << 14); const long ANONYMOUS_CONNECT_ALLOW_CLIENT_CERT = (1 << 14); /** * If set, we've retrying after a failed connection attempt. */ const unsigned long IS_RETRY = (1 << 15); /** * If set, this is a speculative connection. */ const unsigned long IS_SPECULATIVE_CONNECTION = (1 << 16); const long IS_RETRY = (1 << 15); /** * An opaque flags for non-standard behavior of the TLS system. Loading
netwerk/base/nsISpeculativeConnect.idl +8 −0 Original line number Diff line number Diff line Loading @@ -68,4 +68,12 @@ interface nsISpeculativeConnectionOverrider : nsISupports * by default speculative connections are not made to RFC 1918 addresses */ [infallible] readonly attribute boolean allow1918; /** * By default the speculative connections triggered by nsISpeculativeConnect * should respect the user certificate checks implemented in nsHttpHandler. * The checks can be ignored for `Link: rel=preconnect` and is also * controlled by a pref. */ [infallible] readonly attribute boolean ignoreUserCertCheck; };