Bug 1036546 - Soft-disable proprietary window.crypto functions via the pref dom.unsafe_legacy_crypto.enabled. r=smaug

content/base/test/csp/test_CSP_evalscript_getCRMFRequest.html

@@ -44,15 +44,19 @@ var checkTestResults = function() {
   SimpleTest.finish();
 }
 
+function loadElements() {
+  // save this for last so that our listeners are registered.
+  // ... this loads the testbed of good and bad requests.
+  document.getElementById('cspframe').src = 'file_CSP_evalscript_main_getCRMFRequest.html';
+  document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_allowed_getCRMFRequest.html';
+  document.getElementById('cspframe3').src = 'file_CSP_evalscript_no_CSP_at_all.html';
+}
+
 //////////////////////////////////////////////////////////////////////
 // set up and go
 SimpleTest.waitForExplicitFinish();
-
-// save this for last so that our listeners are registered.
-// ... this loads the testbed of good and bad requests.
-document.getElementById('cspframe').src = 'file_CSP_evalscript_main_getCRMFRequest.html';
-document.getElementById('cspframe2').src = 'file_CSP_evalscript_main_allowed_getCRMFRequest.html';
-document.getElementById('cspframe3').src = 'file_CSP_evalscript_no_CSP_at_all.html';
+SpecialPowers.pushPrefEnv({"set": [["dom.unsafe_legacy_crypto.enabled", true]]},
+                          loadElements);
 </script>
 </pre>
 </body>

dom/tests/mochitest/crypto/mochitest-no-legacy.ini

@@ -1,2 +0,0 @@
-[test_no_legacy.html]
-skip-if = e10s

dom/tests/mochitest/crypto/mochitest.ini

@@ -2,3 +2,4 @@
 skip-if = e10s
 
 [test_getRandomValues.html]
+[test_no_legacy.html]

dom/tests/mochitest/crypto/test_legacy.html

@@ -2,50 +2,59 @@
 <html>
 <head>
   <title>Test presence of legacy window.crypto features when
-         MOZ_DISABLE_CRYPTOLEGACY is NOT set.</title>
+         MOZ_DISABLE_CRYPTOLEGACY is NOT set and dom.unsafe_legacy_crypto.enabled is true</title>
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <script class="testbody" type="text/javascript">
 
-ok("crypto" in window, "crypto in window");
-ok("version" in window.crypto, "version in window.crypto");
-ok("enableSmartCardEvents" in window.crypto,
-   "enableSmartCardEvents in window.crypto");
-ok("generateCRMFRequest" in window.crypto,
-   "generateCRMFRequest in window.crypto");
-ok("importUserCertificates" in window.crypto,
-   "importUserCertificates in window.crypto");
-ok("signText" in window.crypto, "signText in window.crypto");
+function test_unsafe_legacy_crypto_enabled() {
+  ok("crypto" in window, "crypto in window");
+  ok("version" in window.crypto, "version in window.crypto");
+  ok("enableSmartCardEvents" in window.crypto,
+     "enableSmartCardEvents in window.crypto");
+  ok("generateCRMFRequest" in window.crypto,
+     "generateCRMFRequest in window.crypto");
+  ok("importUserCertificates" in window.crypto,
+     "importUserCertificates in window.crypto");
+  ok("signText" in window.crypto, "signText in window.crypto");
 
-function jsCallback () {
+  function jsCallback () {
+  }
+
+  try {
+    window.crypto.generateCRMFRequest(null, null, null, null, jsCallback.toString());
+    ok(false, "window.crypto.generateCRMFRequest failed, should throw error");
+  } catch (e) {
+    ok(e.toString().search(/Failure/) > -1,
+       "Expected error: ReqDN cannot be null");
+  }
+
+  try {
+    window.crypto.generateCRMFRequest(document.documentElement, null, null, null,
+                                      null);
+    ok(false, "window.crypto.generateCRMFRequest failed, should throw error");
+  } catch (e) {
+    ok(e.toString().search(/Failure/) > -1,
+       "Expected error: jsCallback cannot be null");
+  }
+
+  try {
+    window.crypto.generateCRMFRequest(document.documentElement, null, null, null,
+                                      jsCallback.toString(), 1024);
+    ok(false, "window.crypto.generateCRMFRequest failed, should throw error");
+  } catch (e) {
+    ok(e.toString().search(/TypeError/) > -1,
+       "Expected error: Not enough arguments");
+  }
+
+  SimpleTest.finish();
 }
 
-try {
-  window.crypto.generateCRMFRequest(null, null, null, null, jsCallback.toString());
-  ok(false, "window.crypto.generateCRMFRequest failed, should throw error");
-} catch (e) {
-  ok(e.toString().search(/Failure/) > -1,
-     "Expected error: ReqDN cannot be null");
-}
+SpecialPowers.pushPrefEnv({"set": [["dom.unsafe_legacy_crypto.enabled", true]]},
+                          test_unsafe_legacy_crypto_enabled);
+SimpleTest.waitForExplicitFinish();
 
-try {
-  window.crypto.generateCRMFRequest(document.documentElement, null, null, null,
-                                    null);
-  ok(false, "window.crypto.generateCRMFRequest failed, should throw error");
-} catch (e) {
-  ok(e.toString().search(/Failure/) > -1,
-     "Expected error: jsCallback cannot be null");
-}
-
-try {
-  window.crypto.generateCRMFRequest(document.documentElement, null, null, null,
-                                    jsCallback.toString(), 1024);
-  ok(false, "window.crypto.generateCRMFRequest failed, should throw error");
-} catch (e) {
-  ok(e.toString().search(/TypeError/) > -1,
-     "Expected error: Not enough arguments");
-}
 </script>
 </body></html>

dom/tests/mochitest/crypto/test_no_legacy.html

@@ -2,7 +2,7 @@
 <html>
 <head>
   <title>Test lack of legacy window.crypto features when
-         MOZ_DISABLE_CRYPTOLEGACY is set</title>
+         MOZ_DISABLE_CRYPTOLEGACY is set or dom.unsafe_legacy_crypto.enabled is false</title>
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>

dom/tests/moz.build

@@ -48,11 +48,7 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] != 'gtk2':
         'mochitest/pointerlock/mochitest.ini',
     ]
 
-if CONFIG['MOZ_DISABLE_CRYPTOLEGACY']:
-    MOCHITEST_MANIFESTS += [
-        'mochitest/crypto/mochitest-no-legacy.ini',
-    ]
-else:
+if not CONFIG['MOZ_DISABLE_CRYPTOLEGACY']:
     MOCHITEST_MANIFESTS += [
         'mochitest/crypto/mochitest-legacy.ini',
     ]

dom/webidl/Crypto.webidl

@@ -23,12 +23,13 @@ interface Crypto {
 #ifndef MOZ_DISABLE_CRYPTOLEGACY
 [NoInterfaceObject]
 interface CryptoLegacy {
+  [Pref="dom.unsafe_legacy_crypto.enabled"]
   readonly attribute DOMString version;
 
-  [SetterThrows]
+  [SetterThrows,Pref="dom.unsafe_legacy_crypto.enabled"]
   attribute boolean enableSmartCardEvents;
 
-  [Throws,NewObject]
+  [Throws,NewObject,Pref="dom.unsafe_legacy_crypto.enabled"]
   CRMFObject? generateCRMFRequest(ByteString? reqDN,
                                   ByteString? regToken,
                                   ByteString? authenticator,
@@ -36,16 +37,17 @@ interface CryptoLegacy {
                                   ByteString? jsCallback,
                                   any... args);
 
-  [Throws]
+  [Throws,Pref="dom.unsafe_legacy_crypto.enabled"]
   DOMString importUserCertificates(DOMString nickname,
                                    DOMString cmmfResponse,
                                    boolean doForcedBackup);
 
+  [Pref="dom.unsafe_legacy_crypto.enabled"]
   DOMString signText(DOMString stringToSign,
                      DOMString caOption,
                      ByteString... args);
 
-  [Throws]
+  [Throws,Pref="dom.unsafe_legacy_crypto.enabled"]
   void logout();
 };
 

security/manager/ssl/tests/mochitest/bugs/test_generateCRMFRequest.html

@@ -10,8 +10,12 @@
 
   SimpleTest.waitForExplicitFinish();
 
-  function onWindowLoad()
-  {
+  function onWindowLoad() {
+    SpecialPowers.pushPrefEnv({"set": [["dom.unsafe_legacy_crypto.enabled", true]]},
+                              runTest);
+  }
+
+  function runTest() {
     // Does it work at all?
     try {
       var crmfObject = crypto.generateCRMFRequest("CN=undefined", "regToken",