Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-25 13:51:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

suppress bad cert dialogs during extension update checks (bug 366191). r=rstrong, sr=darin

Browse Source
This commit is contained in:
dveditz%cruzio.com 2007-01-29 07:58:01 +00:00
parent 34c36544b6
commit 12b5ffb533
3 changed files with 152 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
toolkit/mozapps/extensions/src/nsExtensionManager.js.in
View File

@ -24,6 +24,7 @@
* Jens Bannmann <jens.b@web.de>
* Robert Strong <robert.bugzilla@gmail.com>
* Dave Townsend <dave.townsend@blueprintit.co.uk>
* Daniel Veditz <dveditz@mozilla.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
@ -177,6 +178,9 @@ var gCheckCompatibility = true;
*/
var gIDTest = /^(\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\}|[a-z0-9-\._]*\@[a-z0-9-\._]+)$/i;
// shared code for suppressing bad cert dialogs
#include ../../shared/src/badCertHandler.js
/**
* Creates a Version Checker object.
* @returns A handle to the global Version Checker service.
@ -2371,6 +2375,7 @@ var Blocklist = {
var request = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
.createInstance(Components.interfaces.nsIXMLHttpRequest);
request.open("GET", uri.spec, true);
request.channel.notificationCallbacks = new BadCertHandler();
request.overrideMimeType("text/xml");
request.setRequestHeader("Cache-Control", "no-cache");
@ -2382,6 +2387,13 @@ var Blocklist = {
onXMLLoad: function(aEvent) {
var request = aEvent.target;
try {
checkCert(request.channel);
}
catch (e) {
LOG("Blocklist::onXMLLoad: " + e);
return;
}
var responseXML = request.responseXML;
if (!responseXML || responseXML.documentElement.namespaceURI == XMLURI_PARSE_ERROR ||
(request.status != 200 && request.status != 0)) {
@ -6173,6 +6185,7 @@ RDFItemUpdater.prototype = {
var request = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
.createInstance(Components.interfaces.nsIXMLHttpRequest);
request.open("GET", uri.spec, true);
request.channel.notificationCallbacks = new BadCertHandler();
request.overrideMimeType("text/xml");
request.channel.loadFlags |= Components.interfaces.nsIRequest.LOAD_BYPASS_CACHE;
@ -6184,6 +6197,25 @@ RDFItemUpdater.prototype = {
onXMLLoad: function(aEvent, aItem) {
var request = aEvent.target;
try {
checkCert(request.channel);
}
catch (e) {
// This may be overly restrictive in two cases: corporate installations
// with a corporate update server using an in-house CA cert (installed
// but not "built-in") and lone developers hosting their updates on a
// site with a self-signed cert (permanently accepted, otherwise the
// BadCertHandler would prevent getting this far). Update checks will
// fail in both these scenarios.
// How else can we protect the vast majority of updates served from AMO
// from the spoofing attack described in bug 340198 while allowing those
// other cases? A "hackme" pref? Domain-control certs are cheap, getting
// one should not be a barrier in either case.
LOG("RDFItemUpdater::onXMLLoad: " + e);
this._updater.checkForDone(aItem,
nsIAddonUpdateCheckListener.STATUS_FAILURE);
return;
}
var responseXML = request.responseXML;
// If the item does not have an update RDF and returns an error it is not

117
toolkit/mozapps/shared/src/badCertHandler.js Normal file
View File

@ -0,0 +1,117 @@
#if 0
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Update Service.
*
* The Initial Developer of the Original Code is Ben Goodger.
* Portions created by the Initial Developer are Copyright (C) 2004
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Darin Fisher <darin@meer.net>
* Daniel Veditz <dveditz@mozilla.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#endif
/**
* Only allow built-in certs for HTTPS connections. See bug 340198.
*/
function checkCert(channel) {
if (!channel.originalURI.schemeIs("https")) // bypass
return;
const Ci = Components.interfaces;
var cert =
channel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider).
SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
var issuer = cert.issuer;
while (issuer && !cert.equals(issuer)) {
cert = issuer;
issuer = cert.issuer;
}
if (!issuer || issuer.tokenName != "Builtin Object Token")
throw "cert issuer is not built-in";
}
/**
* This class implements nsIBadCertListener. It's job is to prevent "bad cert"
* security dialogs from being shown to the user. It is better to simply fail
* if the certificate is bad. See bug 304286.
*/
function BadCertHandler() {
}
BadCertHandler.prototype = {
// nsIBadCertListener
confirmUnknownIssuer: function(socketInfo, cert, certAddType) {
LOG("EM BadCertHandler: Unknown issuer");
return false;
},
confirmMismatchDomain: function(socketInfo, targetURL, cert) {
LOG("EM BadCertHandler: Mismatched domain");
return false;
},
confirmCertExpired: function(socketInfo, cert) {
LOG("EM BadCertHandler: Expired certificate");
return false;
},
notifyCrlNextupdate: function(socketInfo, targetURL, cert) {
},
// nsIChannelEventSink
onChannelRedirect: function(oldChannel, newChannel, flags) {
// make sure the certificate of the old channel checks out before we follow
// a redirect from it. See bug 340198.
checkCert(oldChannel);
},
// nsIInterfaceRequestor
getInterface: function(iid) {
if (iid.equals(Components.interfaces.nsIBadCertListener) ||
iid.equals(Components.interfaces.nsIChannelEventSink))
return this;
Components.returnCode = Components.results.NS_ERROR_NO_INTERFACE;
return null;
},
// nsISupports
QueryInterface: function(iid) {
if (!iid.equals(Components.interfaces.nsIBadCertListener) &&
!iid.equals(Components.interfaces.nsIChannelEventSink) &&
!iid.equals(Components.interfaces.nsIInterfaceRequestor) &&
!iid.equals(Components.interfaces.nsISupports))
throw Components.results.NS_ERROR_NO_INTERFACE;
return this;
}
};

84
toolkit/mozapps/update/src/nsUpdateService.js.in
View File

@ -124,6 +124,9 @@ var gOSVersion = null;
var gConsole = null;
var gLogEnabled = { };
// shared code for suppressing bad cert dialogs
#include ../../shared/src/badCertHandler.js
/**
* Logs a string to the error console.
* @param string
@ -136,28 +139,6 @@ function LOG(module, string) {
}
}
/**
* Only allow built-in certs for HTTPS connections. See bug 340198.
*/
function checkCert(channel) {
if (!channel.originalURI.schemeIs("https")) // bypass
return;
const Ci = Components.interfaces;
var cert =
channel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider).
SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
var issuer = cert.issuer;
while (issuer && !cert.equals(issuer)) {
cert = issuer;
issuer = cert.issuer;
}
if (!issuer || issuer.tokenName != "Builtin Object Token")
throw "cert issuer is not built-in";
}
/**
* Convert a string containing binary values to hex.
*/
@ -1744,65 +1725,6 @@ UpdateManager.prototype = {
}
};
/**
* This class implements nsIBadCertListener. It's job is to prevent "bad cert"
* security dialogs from being shown to the user. It is better to simply fail
* if the certificate is bad. See bug 304286.
*/
function BadCertHandler() {
}
BadCertHandler.prototype = {
/**
* See nsIBadCertListener
*/
confirmUnknownIssuer: function(socketInfo, cert, certAddType) {
return false;
},
confirmMismatchDomain: function(socketInfo, targetURL, cert) {
return false;
},
confirmCertExpired: function(socketInfo, cert) {
return false;
},
notifyCrlNextupdate: function(socketInfo, targetURL, cert) {
},
/**
* See nsIChannelEventSink
*/
onChannelRedirect: function(oldChannel, newChannel, flags) {
// make sure the certificate of the old channel checks out before we follow
// a redirect from it. See bug 340198.
checkCert(oldChannel);
},
/**
* See nsIInterfaceRequestor
*/
getInterface: function(iid) {
if (iid.equals(Components.interfaces.nsIBadCertListener) ||
iid.equals(Components.interfaces.nsIChannelEventSink))
return this;
Components.returnCode = Components.results.NS_ERROR_NO_INTERFACE;
return null;
},
/**
* See nsISupports
*/
QueryInterface: function(iid) {
if (!iid.equals(Components.interfaces.nsIBadCertListener) &&
!iid.equals(Components.interfaces.nsIChannelEventSink) &&
!iid.equals(Components.interfaces.nsIInterfaceRequestor) &&
!iid.equals(Components.interfaces.nsISupports))
throw Components.results.NS_ERROR_NO_INTERFACE;
return this;
}
};
/**
* Checker