nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/security/manager/ssl/SelectTLSClientAuthCertParent.h
Dana Keeler 101100dc72 Bug 1401466 - make the client auth certificate selection dialog tab modal r=jschanck,necko-reviewers,bolsson,kershaw,valentin 
Previously, the client authentication certificate selection dialog could show
up unexpectedly. Because it was modal, it would prevent user interaction with
the browser. It could even get in a state where the dialog couldn't be
interacted with, and neither could anything else, so the entire browser would
be locked and the user would have to quit and restart.

This patch associates a top-level outer content window ID (called "browserId"
in networking code) with each NSSSocketControl. When a peer asks for a client
authentication certificate, the NSSSocketControl can use the ID to find the
relevant tab and open a tab-modal dialog, which allows other browser UI to be
interacted with.

Some loads cannot be associated with browser tabs, and so the implementation
falls back to opening a window-modal dialog on the most recently active window.
This is still better than the previous implementation, since the dialog is
connected to a window rather than being its own separate dialog.

Differential Revision: https://phabricator.services.mozilla.com/D183775
2023-08-30 03:05:35 +00:00

54 lines
2.2 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTPARENT_H_
#define SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTPARENT_H_
#include "mozilla/OriginAttributes.h"
#include "mozilla/psm/PSelectTLSClientAuthCertParent.h"
namespace mozilla {
namespace psm {
// Parent process component of the SelectTLSClientAuthCert IPC protocol. When
// the socket process encounters a TLS server that requests a client
// authentication certificate, Dispatch will be called via IPC with the
// information associated with that connection. That function dispatches an
// event to the main thread that determines what certificate to select, if any
// (usually by opening a dialog for the user to interact with). When a
// certificate (or no certificate) has been selected, TLSClientAuthCertSelected
// will be called on the IPC thread, which will cause
// SelectTLSClientAuthCertChild::RecvTLSClientAuthCertSelected to be called via
// IPC, which will get the appropriate information to NSS to continue the
// connection.
class SelectTLSClientAuthCertParent : public PSelectTLSClientAuthCertParent {
public:
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SelectTLSClientAuthCertParent, override)
SelectTLSClientAuthCertParent() = default;
bool Dispatch(const nsACString& aHostName,
const OriginAttributes& aOriginAttributes, const int32_t& aPort,
const uint32_t& aProviderFlags,
const uint32_t& aProviderTlsFlags,
const ByteArray& aServerCertBytes,
nsTArray<ByteArray>&& aCANames,
const uint64_t& aBrowsingContextID);
void TLSClientAuthCertSelected(
const nsTArray<uint8_t>& aSelectedCertBytes,
nsTArray<nsTArray<uint8_t>>&& aSelectedCertChainBytes);
private:
~SelectTLSClientAuthCertParent() = default;
void ActorDestroy(mozilla::ipc::IProtocol::ActorDestroyReason aWhy) override;
};
} // namespace psm
} // namespace mozilla
#endif // SECURITY_MANAGER_SSL_SELECTTLSCLIENTAUTHCERTPARENT_H_
View git blame Copy permalink