Id rather than sha1 hash, since that is rarely used in modern
certs. The previous form was storing trusted certs using an empty sha1
hash value as the key, which meant most certificates matched... not good.
Modify the LLCertException to pass certificate information back as
LLSD rather than an LLPointer<LLCertificate>, because when the
exception is being thown from the certificate constructor that results
in one of a couple of other exceptions (even refcounting won't save
you when the problem is that the thing you're pointing to never
finished coming into being properly).
Update the certificates in the llsechandler_basic_test to modern
conventions, and extend the classes to allow for an optional
validation date so that the test can use a fixed date. Also make all
the certificates include the plain text form for ease of reference.
This also introduces LLContinueError for exceptions which should interrupt
some part of viewer processing (e.g. the current coroutine) but should attempt
to let the viewer session proceed.
Derive all existing viewer exception classes from LLException rather than from
std::runtime_error or std::logic_error.
Use BOOST_THROW_EXCEPTION() rather than plain 'throw' to enrich the thrown
exception with source file, line number and containing function.
The LLProtectedDataException and LLCertException exception classes didn't used
to be derived from std::exception, so they followed their own getMessage()
convention instead of the standard what() convention. Now that they're derived
from std::exception, remove getMessage() and change its few consumers to use
what() instead. Thanks NickyD for suggesting.
In particular:
NotImplemented in llhttpnode.cpp
RelocateError in llupdateinstaller.cpp
LLProtectedDataException, LLCertException and subclasses in llsecapi.h
Had to add no-throw destructor overrides to LLCertException and subclasses
because otherwise clang complains that the implicitly-generated destructor's
exception specification is more lax than the base class's.
Reason:
secapiSSLCertVerifyCallback() seems to be called simultaneously by multiple threads,
which causes a race condition in LLRefCount::ref/unref() methods.
The reference counter in LLSecAPIBasicHandler::mStore goes to zero, and the object gets destroyed.
Fix:
Derive LLCertificateStore from LLThreadSafeRefCount instead of LLRefCount,
which should fix the race condition.
Note:
The LLThreadSafeRefCount constructor is private, so we have to wrap instances of the class with LLPointer.
DEV-50166 - LLBasicCertificateChain::validate calls in log
Added caching of certificates that have been validated.
The sha1 hash for the certificate is stored and is associated
with the from and to times. When the certificate is validated,
the code determines whether the certificate has successfully
been validated before by looking for it in the cache, and then
checks the date of the cert. If that is successful,
the validation calls with success.
Otherwise, it proceeds to do a full validation of the certificate.
Needs to be changed when IE is checked in, of course.
Now we check the expected credential formats for a given grid against the
format that is typed in, and throw an error if it's invalid.
Added authority key identifier/subject key identifier checking.
Whenever a new cert was created, a new private key was also
created. Typically you get a new key identifier with
that private key which is written to the child cert. The
child cert can then find the appropriate parent cert
for validation via subject key identifier.
Oz Linden