Bug 1639795: Update keystore name to be user-friendly r=MattN,keeler
*** Differential Revision: https://phabricator.services.mozilla.com/D78610
This commit is contained in:
Adam Roach [:abr]
@@ -113,9 +113,7 @@ nsresult NSSKeyStore::StoreSecret(const nsACString& aSecret,
|
||||
|
||||
// It is possible for multiple keys to have the same nickname in NSS. To
|
||||
// prevent the problem of not knowing which key to use in the future, simply
|
||||
// delete all keys with this nickname before storing a new one (if something
|
||||
// else is using our prefix ("org.mozilla.nss.keystore") with the given label,
|
||||
// it may result in breakage).
|
||||
// delete all keys with this nickname before storing a new one.
|
||||
nsresult rv = DeleteSecret(aLabel);
|
||||
if (NS_FAILED(rv)) {
|
||||
MOZ_LOG(gNSSKeyStoreLog, LogLevel::Debug,
|
||||
|
||||
@@ -72,8 +72,7 @@ static nsresult GenerateRandom(std::vector<uint8_t>& r) {
|
||||
nsresult OSKeyStore::SecretAvailable(const nsACString& aLabel,
|
||||
/* out */ bool* aAvailable) {
|
||||
NS_ENSURE_STATE(mKs);
|
||||
nsAutoCString label = mLabelPrefix + aLabel;
|
||||
*aAvailable = mKs->SecretAvailable(label);
|
||||
*aAvailable = mKs->SecretAvailable(aLabel);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@@ -96,8 +95,7 @@ nsresult OSKeyStore::GenerateSecret(const nsACString& aLabel,
|
||||
return rv;
|
||||
}
|
||||
|
||||
nsAutoCString label = mLabelPrefix + aLabel;
|
||||
rv = mKs->StoreSecret(secretString, label);
|
||||
rv = mKs->StoreSecret(secretString, aLabel);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@@ -117,8 +115,7 @@ nsresult OSKeyStore::RecoverSecret(const nsACString& aLabel,
|
||||
if (secret.Length() != mKs->GetKeyByteLength()) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
nsAutoCString label = mLabelPrefix + aLabel;
|
||||
rv = mKs->StoreSecret(secret, label);
|
||||
rv = mKs->StoreSecret(secret, aLabel);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@@ -128,8 +125,7 @@ nsresult OSKeyStore::RecoverSecret(const nsACString& aLabel,
|
||||
|
||||
nsresult OSKeyStore::DeleteSecret(const nsACString& aLabel) {
|
||||
NS_ENSURE_STATE(mKs);
|
||||
nsAutoCString label = mLabelPrefix + aLabel;
|
||||
return mKs->DeleteSecret(label);
|
||||
return mKs->DeleteSecret(aLabel);
|
||||
}
|
||||
|
||||
enum Cipher { Encrypt = true, Decrypt = false };
|
||||
@@ -139,10 +135,10 @@ nsresult OSKeyStore::EncryptBytes(const nsACString& aLabel,
|
||||
/*out*/ nsACString& aEncryptedBase64Text) {
|
||||
NS_ENSURE_STATE(mKs);
|
||||
|
||||
nsAutoCString label = mLabelPrefix + aLabel;
|
||||
aEncryptedBase64Text.Truncate();
|
||||
std::vector<uint8_t> outBytes;
|
||||
nsresult rv = mKs->EncryptDecrypt(label, aInBytes, outBytes, Cipher::Encrypt);
|
||||
nsresult rv =
|
||||
mKs->EncryptDecrypt(aLabel, aInBytes, outBytes, Cipher::Encrypt);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
@@ -174,11 +170,10 @@ nsresult OSKeyStore::DecryptBytes(const nsACString& aLabel,
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
}
|
||||
nsAutoCString label = mLabelPrefix + aLabel;
|
||||
uint8_t* tmp = BitwiseCast<uint8_t*, const char*>(ciphertext.BeginReading());
|
||||
const std::vector<uint8_t> ciphertextBytes(tmp, tmp + ciphertext.Length());
|
||||
std::vector<uint8_t> plaintextBytes;
|
||||
rv = mKs->EncryptDecrypt(label, ciphertextBytes, plaintextBytes,
|
||||
rv = mKs->EncryptDecrypt(aLabel, ciphertextBytes, plaintextBytes,
|
||||
Cipher::Decrypt);
|
||||
if (NS_FAILED(rv)) {
|
||||
return rv;
|
||||
|
||||
@@ -100,8 +100,6 @@ class OSKeyStore final : public nsIOSKeyStore {
|
||||
|
||||
std::unique_ptr<AbstractOSKeyStore> mKs;
|
||||
bool mKsIsNSSKeyStore;
|
||||
const nsCString mLabelPrefix =
|
||||
NS_LITERAL_CSTRING("org.mozilla.nss.keystore.");
|
||||
};
|
||||
|
||||
#endif // OSKeyStore_h
|
||||
|
||||
@@ -332,6 +332,7 @@ this.AppConstants = Object.freeze({
|
||||
DLL_SUFFIX: "@DLL_SUFFIX@",
|
||||
|
||||
MOZ_APP_NAME: "@MOZ_APP_NAME@",
|
||||
MOZ_APP_BASENAME: "@MOZ_APP_BASENAME@",
|
||||
MOZ_APP_VERSION: "@MOZ_APP_VERSION@",
|
||||
MOZ_APP_VERSION_DISPLAY: "@MOZ_APP_VERSION_DISPLAY@",
|
||||
MOZ_BUILDID: "@MOZ_BUILDID@",
|
||||
|
||||
@@ -44,9 +44,14 @@ const TEST_ONLY_REAUTH = "toolkit.osKeyStore.unofficialBuildOnlyLogin";
|
||||
var OSKeyStore = {
|
||||
/**
|
||||
* On macOS this becomes part of the name label visible on Keychain Acesss as
|
||||
* "org.mozilla.nss.keystore.firefox" (where "firefox" is the MOZ_APP_NAME).
|
||||
* "Firefox Encrypted Storage" (where "Firefox" is the MOZ_APP_BASENAME).
|
||||
* Unfortunately, since this is the index into the keystore, we can't
|
||||
* localize it without some really unfortunate side effects, like users
|
||||
* losing access to stored information when they change their locale.
|
||||
* This is a limitation of the interface exposed by macOS. Notably, both
|
||||
* Chrome and Safari suffer the same shortcoming.
|
||||
*/
|
||||
STORE_LABEL: AppConstants.MOZ_APP_NAME,
|
||||
STORE_LABEL: AppConstants.MOZ_APP_BASENAME + " Encrypted Storage",
|
||||
|
||||
/**
|
||||
* Consider the module is initialized as locked. OS might unlock without a
|
||||
|
||||
@@ -273,6 +273,7 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows':
|
||||
|
||||
for var in ('ANDROID_PACKAGE_NAME',
|
||||
'MOZ_APP_NAME',
|
||||
'MOZ_APP_BASENAME',
|
||||
'MOZ_APP_VERSION',
|
||||
'MOZ_APP_VERSION_DISPLAY',
|
||||
'MOZ_BING_API_CLIENTID',
|
||||
|
||||
Reference in New Issue
Block a user