summaryrefslogtreecommitdiffstats
path: root/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'netwerk/protocol/webtransport/WebTransportSessionProxy.cpp')
-rw-r--r--netwerk/protocol/webtransport/WebTransportSessionProxy.cpp80
1 files changed, 22 insertions, 58 deletions
diff --git a/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp b/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp
index e650a74d5b..dd4ba7e7d0 100644
--- a/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp
+++ b/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp
@@ -27,7 +27,8 @@ namespace mozilla::net {
LazyLogModule webTransportLog("nsWebTransport");
NS_IMPL_ISUPPORTS(WebTransportSessionProxy, WebTransportSessionEventListener,
- nsIWebTransport, nsIRedirectResultListener, nsIStreamListener,
+ WebTransportConnectionSettings, nsIWebTransport,
+ nsIRedirectResultListener, nsIStreamListener,
nsIChannelEventSink, nsIInterfaceRequestor);
WebTransportSessionProxy::WebTransportSessionProxy()
@@ -63,17 +64,17 @@ WebTransportSessionProxy::~WebTransportSessionProxy() {
//-----------------------------------------------------------------------------
nsresult WebTransportSessionProxy::AsyncConnect(
- nsIURI* aURI,
+ nsIURI* aURI, bool aDedicated,
const nsTArray<RefPtr<nsIWebTransportHash>>& aServerCertHashes,
nsIPrincipal* aPrincipal, uint32_t aSecurityFlags,
WebTransportSessionEventListener* aListener) {
- return AsyncConnectWithClient(aURI, std::move(aServerCertHashes), aPrincipal,
- aSecurityFlags, aListener,
+ return AsyncConnectWithClient(aURI, aDedicated, std::move(aServerCertHashes),
+ aPrincipal, aSecurityFlags, aListener,
Maybe<dom::ClientInfo>());
}
nsresult WebTransportSessionProxy::AsyncConnectWithClient(
- nsIURI* aURI,
+ nsIURI* aURI, bool aDedicated,
const nsTArray<RefPtr<nsIWebTransportHash>>& aServerCertHashes,
nsIPrincipal* aPrincipal, uint32_t aSecurityFlags,
WebTransportSessionEventListener* aListener,
@@ -126,7 +127,10 @@ nsresult WebTransportSessionProxy::AsyncConnectWithClient(
return NS_ERROR_ABORT;
}
+ mDedicatedConnection = aDedicated;
+
if (!aServerCertHashes.IsEmpty()) {
+ mServerCertHashes.Clear();
mServerCertHashes.AppendElements(aServerCertHashes);
}
@@ -235,6 +239,18 @@ WebTransportSessionProxy::CloseSession(uint32_t status,
return NS_OK;
}
+NS_IMETHODIMP WebTransportSessionProxy::GetDedicated(bool* dedicated) {
+ *dedicated = mDedicatedConnection;
+ return NS_OK;
+}
+
+NS_IMETHODIMP WebTransportSessionProxy::GetServerCertificateHashes(
+ nsTArray<RefPtr<nsIWebTransportHash>>& aServerCertHashes) {
+ aServerCertHashes.Clear();
+ aServerCertHashes.AppendElements(mServerCertHashes);
+ return NS_OK;
+}
+
void WebTransportSessionProxy::CloseSessionInternalLocked() {
MutexAutoLock lock(mMutex);
CloseSessionInternal();
@@ -573,8 +589,7 @@ WebTransportSessionProxy::OnStartRequest(nsIRequest* aRequest) {
nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(mChannel);
if (!httpChannel ||
NS_FAILED(httpChannel->GetResponseStatus(&status)) ||
- !(status >= 200 && status < 300) ||
- !CheckServerCertificateIfNeeded()) {
+ !(status >= 200 && status < 300)) {
listener = mListener;
mListener = nullptr;
mChannel = nullptr;
@@ -990,57 +1005,6 @@ void WebTransportSessionProxy::CallOnSessionClosed() {
}
}
-bool WebTransportSessionProxy::CheckServerCertificateIfNeeded() {
- if (mServerCertHashes.IsEmpty()) {
- return true;
- }
-
- nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(mChannel);
- MOZ_ASSERT(httpChannel, "Not a http channel ?");
- nsCOMPtr<nsITransportSecurityInfo> tsi;
- httpChannel->GetSecurityInfo(getter_AddRefs(tsi));
- MOZ_ASSERT(tsi,
- "We shouln't reach this code before setting the security info.");
- nsCOMPtr<nsIX509Cert> cert;
- nsresult rv = tsi->GetServerCert(getter_AddRefs(cert));
- if (!cert || NS_WARN_IF(NS_FAILED(rv))) return true;
- nsTArray<uint8_t> certDER;
- if (NS_FAILED(cert->GetRawDER(certDER))) {
- return false;
- }
- // https://w3c.github.io/webtransport/#compute-a-certificate-hash
- nsTArray<uint8_t> certHash;
- if (NS_FAILED(Digest::DigestBuf(SEC_OID_SHA256, certDER.Elements(),
- certDER.Length(), certHash)) ||
- certHash.Length() != SHA256_LENGTH) {
- return false;
- }
- auto verifyCertDer = [&certHash](const auto& hash) {
- return certHash.Length() == hash.Length() &&
- memcmp(certHash.Elements(), hash.Elements(), certHash.Length()) == 0;
- };
-
- // https://w3c.github.io/webtransport/#verify-a-certificate-hash
- for (const auto& hash : mServerCertHashes) {
- nsCString algorithm;
- if (NS_FAILED(hash->GetAlgorithm(algorithm)) || algorithm != "sha-256") {
- continue;
- LOG(("Unexpected non-SHA-256 hash"));
- }
-
- nsTArray<uint8_t> value;
- if (NS_FAILED(hash->GetValue(value))) {
- continue;
- LOG(("Unexpected corrupted hash"));
- }
-
- if (verifyCertDer(value)) {
- return true;
- }
- }
- return false;
-}
-
void WebTransportSessionProxy::ChangeState(
WebTransportSessionProxyState newState) {
mMutex.AssertCurrentThreadOwns();