diff options
Diffstat (limited to 'netwerk/protocol/webtransport/WebTransportSessionProxy.cpp')
-rw-r--r-- | netwerk/protocol/webtransport/WebTransportSessionProxy.cpp | 80 |
1 files changed, 22 insertions, 58 deletions
diff --git a/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp b/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp index e650a74d5b..dd4ba7e7d0 100644 --- a/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp +++ b/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp @@ -27,7 +27,8 @@ namespace mozilla::net { LazyLogModule webTransportLog("nsWebTransport"); NS_IMPL_ISUPPORTS(WebTransportSessionProxy, WebTransportSessionEventListener, - nsIWebTransport, nsIRedirectResultListener, nsIStreamListener, + WebTransportConnectionSettings, nsIWebTransport, + nsIRedirectResultListener, nsIStreamListener, nsIChannelEventSink, nsIInterfaceRequestor); WebTransportSessionProxy::WebTransportSessionProxy() @@ -63,17 +64,17 @@ WebTransportSessionProxy::~WebTransportSessionProxy() { //----------------------------------------------------------------------------- nsresult WebTransportSessionProxy::AsyncConnect( - nsIURI* aURI, + nsIURI* aURI, bool aDedicated, const nsTArray<RefPtr<nsIWebTransportHash>>& aServerCertHashes, nsIPrincipal* aPrincipal, uint32_t aSecurityFlags, WebTransportSessionEventListener* aListener) { - return AsyncConnectWithClient(aURI, std::move(aServerCertHashes), aPrincipal, - aSecurityFlags, aListener, + return AsyncConnectWithClient(aURI, aDedicated, std::move(aServerCertHashes), + aPrincipal, aSecurityFlags, aListener, Maybe<dom::ClientInfo>()); } nsresult WebTransportSessionProxy::AsyncConnectWithClient( - nsIURI* aURI, + nsIURI* aURI, bool aDedicated, const nsTArray<RefPtr<nsIWebTransportHash>>& aServerCertHashes, nsIPrincipal* aPrincipal, uint32_t aSecurityFlags, WebTransportSessionEventListener* aListener, @@ -126,7 +127,10 @@ nsresult WebTransportSessionProxy::AsyncConnectWithClient( return NS_ERROR_ABORT; } + mDedicatedConnection = aDedicated; + if (!aServerCertHashes.IsEmpty()) { + mServerCertHashes.Clear(); mServerCertHashes.AppendElements(aServerCertHashes); } @@ -235,6 +239,18 @@ WebTransportSessionProxy::CloseSession(uint32_t status, return NS_OK; } +NS_IMETHODIMP WebTransportSessionProxy::GetDedicated(bool* dedicated) { + *dedicated = mDedicatedConnection; + return NS_OK; +} + +NS_IMETHODIMP WebTransportSessionProxy::GetServerCertificateHashes( + nsTArray<RefPtr<nsIWebTransportHash>>& aServerCertHashes) { + aServerCertHashes.Clear(); + aServerCertHashes.AppendElements(mServerCertHashes); + return NS_OK; +} + void WebTransportSessionProxy::CloseSessionInternalLocked() { MutexAutoLock lock(mMutex); CloseSessionInternal(); @@ -573,8 +589,7 @@ WebTransportSessionProxy::OnStartRequest(nsIRequest* aRequest) { nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(mChannel); if (!httpChannel || NS_FAILED(httpChannel->GetResponseStatus(&status)) || - !(status >= 200 && status < 300) || - !CheckServerCertificateIfNeeded()) { + !(status >= 200 && status < 300)) { listener = mListener; mListener = nullptr; mChannel = nullptr; @@ -990,57 +1005,6 @@ void WebTransportSessionProxy::CallOnSessionClosed() { } } -bool WebTransportSessionProxy::CheckServerCertificateIfNeeded() { - if (mServerCertHashes.IsEmpty()) { - return true; - } - - nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(mChannel); - MOZ_ASSERT(httpChannel, "Not a http channel ?"); - nsCOMPtr<nsITransportSecurityInfo> tsi; - httpChannel->GetSecurityInfo(getter_AddRefs(tsi)); - MOZ_ASSERT(tsi, - "We shouln't reach this code before setting the security info."); - nsCOMPtr<nsIX509Cert> cert; - nsresult rv = tsi->GetServerCert(getter_AddRefs(cert)); - if (!cert || NS_WARN_IF(NS_FAILED(rv))) return true; - nsTArray<uint8_t> certDER; - if (NS_FAILED(cert->GetRawDER(certDER))) { - return false; - } - // https://w3c.github.io/webtransport/#compute-a-certificate-hash - nsTArray<uint8_t> certHash; - if (NS_FAILED(Digest::DigestBuf(SEC_OID_SHA256, certDER.Elements(), - certDER.Length(), certHash)) || - certHash.Length() != SHA256_LENGTH) { - return false; - } - auto verifyCertDer = [&certHash](const auto& hash) { - return certHash.Length() == hash.Length() && - memcmp(certHash.Elements(), hash.Elements(), certHash.Length()) == 0; - }; - - // https://w3c.github.io/webtransport/#verify-a-certificate-hash - for (const auto& hash : mServerCertHashes) { - nsCString algorithm; - if (NS_FAILED(hash->GetAlgorithm(algorithm)) || algorithm != "sha-256") { - continue; - LOG(("Unexpected non-SHA-256 hash")); - } - - nsTArray<uint8_t> value; - if (NS_FAILED(hash->GetValue(value))) { - continue; - LOG(("Unexpected corrupted hash")); - } - - if (verifyCertDer(value)) { - return true; - } - } - return false; -} - void WebTransportSessionProxy::ChangeState( WebTransportSessionProxyState newState) { mMutex.AssertCurrentThreadOwns(); |