mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-28 23:31:56 +00:00
Backed out changeset 089c88b9657b (bug 1597600) for XPCshell failures in toolkit/components/cleardata/tests/unit/test_certs.js. CLOSED TREE
This commit is contained in:
Dorel Luca
parent
a9e55ea7fc
commit
211b017ce9
@ -494,11 +494,7 @@ var gIdentityHandler = {
|
||||
}
|
||||
let host = this._uri.host;
|
||||
let port = this._uri.port > 0 ? this._uri.port : 443;
|
||||
this._overrideService.clearValidityOverride(
|
||||
host,
|
||||
port,
|
||||
gBrowser.contentPrincipal.originAttributes
|
||||
);
|
||||
this._overrideService.clearValidityOverride(host, port);
|
||||
BrowserReloadSkipCache();
|
||||
if (this._popupInitialized) {
|
||||
PanelMultiView.hidePopup(this._identityPopup);
|
||||
|
||||
@ -593,7 +593,7 @@ add_task(async function checkViewSource() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1, {});
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1);
|
||||
|
||||
loaded = BrowserTestUtils.waitForErrorPage(browser);
|
||||
BrowserReloadSkipCache();
|
||||
|
||||
@ -36,7 +36,7 @@ add_task(async function checkExceptionDialogButton() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1, {});
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1);
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
});
|
||||
|
||||
@ -89,7 +89,6 @@ add_task(async function checkPermanentExceptionPref() {
|
||||
let hasException = certOverrideService.hasMatchingOverride(
|
||||
"expired.example.com",
|
||||
-1,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
isTemporary
|
||||
@ -103,7 +102,7 @@ add_task(async function checkPermanentExceptionPref() {
|
||||
} exception for the page.`
|
||||
);
|
||||
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1, {});
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1);
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
}
|
||||
|
||||
|
||||
@ -143,11 +143,7 @@ add_task(async function checkTelemetryClickEvents() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride(
|
||||
"expired.example.com",
|
||||
-1,
|
||||
{}
|
||||
);
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1);
|
||||
}
|
||||
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
|
||||
@ -141,6 +141,6 @@ add_task(async function testCaptivePortalAdvancedPanel() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1, {});
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1);
|
||||
await BrowserTestUtils.removeTab(tab);
|
||||
});
|
||||
|
||||
@ -72,6 +72,6 @@ add_task(async function() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1, {});
|
||||
certOverrideService.clearValidityOverride("expired.example.com", -1);
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
});
|
||||
|
||||
@ -63,7 +63,7 @@ add_task(async function() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("self-signed.example.com", -1, {});
|
||||
certOverrideService.clearValidityOverride("self-signed.example.com", -1);
|
||||
|
||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||
});
|
||||
|
||||
@ -147,7 +147,6 @@ add_task(async function() {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"localhost",
|
||||
server.port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
@ -155,7 +154,7 @@ add_task(async function() {
|
||||
|
||||
// Un-do configuration changes we've made when the test is done.
|
||||
registerCleanupFunction(() => {
|
||||
certOverrideService.clearValidityOverride("localhost", server.port, {});
|
||||
certOverrideService.clearValidityOverride("localhost", server.port);
|
||||
server.close();
|
||||
});
|
||||
|
||||
|
||||
@ -153,7 +153,6 @@ add_task(async function() {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"localhost",
|
||||
server.port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
@ -181,7 +180,7 @@ add_task(async function() {
|
||||
);
|
||||
// Register cleanup to undo the configuration changes we've made.
|
||||
registerCleanupFunction(() => {
|
||||
certOverrideService.clearValidityOverride("localhost", server.port, {});
|
||||
certOverrideService.clearValidityOverride("localhost", server.port);
|
||||
Services.prefs.setIntPref("network.proxy.type", oldProxyType);
|
||||
MockRegistrar.unregister(mockProxy);
|
||||
server.close();
|
||||
|
||||
@ -167,7 +167,6 @@ add_task(async function setup() {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"localhost",
|
||||
server.port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
@ -176,7 +175,7 @@ add_task(async function setup() {
|
||||
registerCleanupFunction(async function() {
|
||||
await PlacesUtils.history.clear();
|
||||
MockRegistrar.unregister(clientAuthDialogsCID);
|
||||
certOverrideService.clearValidityOverride("localhost", server.port, {});
|
||||
certOverrideService.clearValidityOverride("localhost", server.port);
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@ -402,7 +402,6 @@ function _storeCertOverride(s, host, port) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
host,
|
||||
port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true /* temporary */
|
||||
|
||||
@ -1610,9 +1610,7 @@ already_AddRefed<mozilla::dom::Promise> Document::AddCertException(
|
||||
|
||||
ContentChild* cc = ContentChild::GetSingleton();
|
||||
MOZ_ASSERT(cc);
|
||||
OriginAttributes const& attrs = NodePrincipal()->OriginAttributesRef();
|
||||
cc->SendAddCertException(certSerialized, flags, host, port, attrs,
|
||||
aIsTemporary)
|
||||
cc->SendAddCertException(certSerialized, flags, host, port, aIsTemporary)
|
||||
->Then(GetCurrentSerialEventTarget(), __func__,
|
||||
[promise](const mozilla::MozPromise<
|
||||
nsresult, mozilla::ipc::ResponseRejectReason,
|
||||
@ -1634,9 +1632,8 @@ already_AddRefed<mozilla::dom::Promise> Document::AddCertException(
|
||||
return promise.forget();
|
||||
}
|
||||
|
||||
OriginAttributes const& attrs = NodePrincipal()->OriginAttributesRef();
|
||||
rv = overrideService->RememberValidityOverride(host, port, attrs, cert,
|
||||
flags, aIsTemporary);
|
||||
rv = overrideService->RememberValidityOverride(host, port, cert, flags,
|
||||
aIsTemporary);
|
||||
if (NS_WARN_IF(NS_FAILED(rv))) {
|
||||
promise->MaybeReject(rv);
|
||||
return promise.forget();
|
||||
|
||||
@ -6336,8 +6336,7 @@ mozilla::ipc::IPCResult ContentParent::RecvBHRThreadHang(
|
||||
|
||||
mozilla::ipc::IPCResult ContentParent::RecvAddCertException(
|
||||
const nsACString& aSerializedCert, uint32_t aFlags,
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes, bool aIsTemporary,
|
||||
const nsACString& aHostName, int32_t aPort, bool aIsTemporary,
|
||||
AddCertExceptionResolver&& aResolver) {
|
||||
nsCOMPtr<nsISupports> certObj;
|
||||
nsresult rv = NS_DeserializeObject(aSerializedCert, getter_AddRefs(certObj));
|
||||
@ -6351,8 +6350,8 @@ mozilla::ipc::IPCResult ContentParent::RecvAddCertException(
|
||||
if (!overrideService) {
|
||||
rv = NS_ERROR_FAILURE;
|
||||
} else {
|
||||
rv = overrideService->RememberValidityOverride(
|
||||
aHostName, aPort, aOriginAttributes, cert, aFlags, aIsTemporary);
|
||||
rv = overrideService->RememberValidityOverride(aHostName, aPort, cert,
|
||||
aFlags, aIsTemporary);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1258,8 +1258,7 @@ class ContentParent final
|
||||
|
||||
mozilla::ipc::IPCResult RecvAddCertException(
|
||||
const nsACString& aSerializedCert, uint32_t aFlags,
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes, bool aIsTemporary,
|
||||
const nsACString& aHostName, int32_t aPort, bool aIsTemporary,
|
||||
AddCertExceptionResolver&& aResolver);
|
||||
|
||||
mozilla::ipc::IPCResult RecvAutomaticStorageAccessPermissionCanBeGranted(
|
||||
|
||||
@ -1547,7 +1547,7 @@ parent:
|
||||
* Adds a certificate exception for the given hostname and port.
|
||||
*/
|
||||
async AddCertException(nsCString aSerializedCert, uint32_t aFlags,
|
||||
nsCString aHostName, int32_t aPort, OriginAttributes aOriginAttributes,
|
||||
nsCString aHostName, int32_t aPort,
|
||||
bool aIsTemporary)
|
||||
returns (nsresult success);
|
||||
|
||||
|
||||
@ -41,8 +41,8 @@ const APIS = {
|
||||
GetActive({ tab }) {
|
||||
return browser.test.getActive(tab.id);
|
||||
},
|
||||
RemoveAllCertOverrides() {
|
||||
browser.test.removeAllCertOverrides();
|
||||
RemoveCertOverride({ host, port }) {
|
||||
browser.test.removeCertOverride(host, port);
|
||||
},
|
||||
RestorePrefs({ oldPrefs }) {
|
||||
return browser.test.restorePrefs(oldPrefs);
|
||||
|
||||
@ -174,11 +174,11 @@ this.test = class extends ExtensionAPI {
|
||||
return Services.telemetry.getHistogramById(id).add(value);
|
||||
},
|
||||
|
||||
removeAllCertOverrides() {
|
||||
removeCertOverride(host, port) {
|
||||
const overrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
overrideService.clearAllOverrides();
|
||||
overrideService.clearValidityOverride(host, port);
|
||||
},
|
||||
|
||||
async setScalar(id, value) {
|
||||
|
||||
@ -90,11 +90,20 @@
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "removeAllCertOverrides",
|
||||
"name": "removeCertOverride",
|
||||
"type": "function",
|
||||
"async": true,
|
||||
"description": "Revokes SSL certificate overrides.",
|
||||
"parameters": []
|
||||
"description": "Revokes SSL certificate overrides for the given host+port.",
|
||||
"parameters": [
|
||||
{
|
||||
"type": "string",
|
||||
"name": "host"
|
||||
},
|
||||
{
|
||||
"type": "number",
|
||||
"name": "port"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "setScalar",
|
||||
|
||||
@ -256,7 +256,7 @@ class NavigationDelegateTest : BaseSessionTest() {
|
||||
@AssertCalled(count = 1, order = [2])
|
||||
override fun onPageStop(session: GeckoSession, success: Boolean) {
|
||||
assertThat("Load should succeed", success, equalTo(true))
|
||||
sessionRule.removeAllCertOverrides()
|
||||
sessionRule.removeCertOverride(host, -1)
|
||||
}
|
||||
})
|
||||
mainSession.evaluateJS("location.reload()")
|
||||
|
||||
@ -2136,10 +2136,16 @@ public class GeckoSessionTestRule implements TestRule {
|
||||
}
|
||||
|
||||
/**
|
||||
* Revokes all SSL overrides
|
||||
* Revokes SSL overrides set for a given host and port
|
||||
*
|
||||
* @param host the host.
|
||||
* @param port the port (-1 == 443).
|
||||
*/
|
||||
public void removeAllCertOverrides() {
|
||||
webExtensionApiCall("RemoveAllCertOverrides", null);
|
||||
public void removeCertOverride(final String host, final long port) {
|
||||
webExtensionApiCall("RemoveCertOverride", args -> {
|
||||
args.put("host", host);
|
||||
args.put("port", port);
|
||||
});
|
||||
}
|
||||
|
||||
private interface SetArgs {
|
||||
|
||||
@ -166,7 +166,6 @@ function storeCertOverride(port, cert) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
hostname,
|
||||
port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
|
||||
@ -166,7 +166,6 @@ function storeCertOverride(port, cert) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
hostname,
|
||||
port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
|
||||
@ -181,7 +181,6 @@ function storeCertOverride(port, cert) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
hostname,
|
||||
port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
|
||||
@ -121,7 +121,6 @@ function storeCertOverride(port, cert) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"127.0.0.1",
|
||||
port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
|
||||
@ -85,7 +85,6 @@ function storeCertOverride(port, cert) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"127.0.0.1",
|
||||
port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
|
||||
@ -70,7 +70,6 @@ var serverRichList = {
|
||||
dbKey: item.dbKey,
|
||||
asciiHost: item.asciiHost,
|
||||
port: item.port,
|
||||
originAttributes: item.originAttributes,
|
||||
isTemporary: item.isTemporary,
|
||||
displayName: cert !== null ? cert.displayName : "",
|
||||
};
|
||||
@ -107,10 +106,6 @@ var serverRichList = {
|
||||
richlistitem.setAttribute("host", item.asciiHost);
|
||||
richlistitem.setAttribute("port", item.port);
|
||||
richlistitem.setAttribute("hostPort", item.hostPort);
|
||||
richlistitem.setAttribute(
|
||||
"originAttributes",
|
||||
JSON.stringify(item.originAttributes)
|
||||
);
|
||||
|
||||
let hbox = document.createXULElement("hbox");
|
||||
hbox.setAttribute("flex", "1");
|
||||
@ -160,8 +155,7 @@ var serverRichList = {
|
||||
if (retVals.deleteConfirmed) {
|
||||
overrideService.clearValidityOverride(
|
||||
selectedItem.attributes.host.value,
|
||||
selectedItem.attributes.port.value,
|
||||
JSON.parse(selectedItem.attributes.originAttributes.value)
|
||||
selectedItem.attributes.port.value
|
||||
);
|
||||
this.buildRichList();
|
||||
}
|
||||
|
||||
@ -971,8 +971,8 @@ PRErrorCode AuthCertificateParseResults(
|
||||
return SEC_ERROR_NO_MEMORY;
|
||||
}
|
||||
nsresult rv = overrideService->HasMatchingOverride(
|
||||
aHostName, aPort, aOriginAttributes, nssCert, &overrideBits,
|
||||
&isTemporaryOverride, &haveOverride);
|
||||
aHostName, aPort, nssCert, &overrideBits, &isTemporaryOverride,
|
||||
&haveOverride);
|
||||
if (NS_SUCCEEDED(rv) && haveOverride) {
|
||||
// remove the errors that are already overriden
|
||||
remainingDisplayErrors &= ~overrideBits;
|
||||
|
||||
@ -44,8 +44,7 @@ class MainThreadClearer : public SyncRunnableBase {
|
||||
nsCOMPtr<nsICertOverrideService> icos =
|
||||
do_GetService(NS_CERTOVERRIDE_CONTRACTID);
|
||||
if (icos) {
|
||||
icos->ClearValidityOverride("all:temporary-certificates"_ns, 0,
|
||||
OriginAttributes());
|
||||
icos->ClearValidityOverride("all:temporary-certificates"_ns, 0);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -14,7 +14,6 @@
|
||||
#include "mozilla/TaskQueue.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/TextUtils.h"
|
||||
#include "mozilla/Tokenizer.h"
|
||||
#include "mozilla/Unused.h"
|
||||
#include "nsAppDirectoryServiceDefs.h"
|
||||
#include "nsCRT.h"
|
||||
@ -128,15 +127,6 @@ nsCertOverride::GetHostPort(/*out*/ nsACString& aHostPort) {
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverride::GetOriginAttributes(
|
||||
JSContext* aCtx, /*out*/ JS::MutableHandle<JS::Value> aValue) {
|
||||
if (ToJSValue(aCtx, mOriginAttributes, aValue)) {
|
||||
return NS_OK;
|
||||
}
|
||||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
void nsCertOverride::convertBitsToString(OverrideBits ob,
|
||||
/*out*/ nsACString& str) {
|
||||
str.Truncate();
|
||||
@ -281,7 +271,6 @@ void nsCertOverrideService::RemoveAllTemporaryOverrides() {
|
||||
// no need to write, as temporaries are never written to disk
|
||||
}
|
||||
|
||||
static const char sSHA256OIDString[] = "OID.2.16.840.1.101.3.4.2.1";
|
||||
nsresult nsCertOverrideService::Read(const MutexAutoLock& aProofOfLock) {
|
||||
// If we don't have a profile, then we won't try to read any settings file.
|
||||
if (!mSettingsFile) return NS_OK;
|
||||
@ -302,11 +291,12 @@ nsresult nsCertOverrideService::Read(const MutexAutoLock& aProofOfLock) {
|
||||
|
||||
nsAutoCString buffer;
|
||||
bool isMore = true;
|
||||
int32_t hostIndex = 0, algoIndex, fingerprintIndex, overrideBitsIndex,
|
||||
dbKeyIndex;
|
||||
|
||||
/* file format is:
|
||||
*
|
||||
* host:port:originattributes \t fingerprint-algorithm \t fingerprint \t
|
||||
* override-mask \t dbKey
|
||||
* host:port \t fingerprint-algorithm \t fingerprint \t override-mask \t dbKey
|
||||
*
|
||||
* where override-mask is a sequence of characters,
|
||||
* M meaning hostname-Mismatch-override
|
||||
@ -321,58 +311,53 @@ nsresult nsCertOverrideService::Read(const MutexAutoLock& aProofOfLock) {
|
||||
continue;
|
||||
}
|
||||
|
||||
Tokenizer parser(buffer);
|
||||
nsDependentCSubstring host;
|
||||
if (!parser.ReadUntil(Tokenizer::Token::Char(':'), host) ||
|
||||
host.Length() == 0) {
|
||||
// this is a cheap, cheesy way of parsing a tab-delimited line into
|
||||
// string indexes, which can be lopped off into substrings. just for
|
||||
// purposes of obfuscation, it also checks that each token was found.
|
||||
// todo: use iterators?
|
||||
if ((algoIndex = buffer.FindChar('\t', hostIndex) + 1) == 0 ||
|
||||
(fingerprintIndex = buffer.FindChar('\t', algoIndex) + 1) == 0 ||
|
||||
(overrideBitsIndex = buffer.FindChar('\t', fingerprintIndex) + 1) ==
|
||||
0 ||
|
||||
(dbKeyIndex = buffer.FindChar('\t', overrideBitsIndex) + 1) == 0) {
|
||||
continue;
|
||||
}
|
||||
int32_t port = -1;
|
||||
if (!parser.ReadInteger(&port)) {
|
||||
continue;
|
||||
}
|
||||
OriginAttributes attributes;
|
||||
if (parser.CheckChar(':')) {
|
||||
nsDependentCSubstring attributesString;
|
||||
if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), attributesString) ||
|
||||
!attributes.PopulateFromSuffix(attributesString)) {
|
||||
continue;
|
||||
}
|
||||
} else if (!parser.CheckWhite()) {
|
||||
continue;
|
||||
}
|
||||
nsDependentCSubstring algorithm;
|
||||
if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), algorithm) ||
|
||||
algorithm != sSHA256OIDString) {
|
||||
continue;
|
||||
}
|
||||
nsDependentCSubstring fingerprint;
|
||||
if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), fingerprint) ||
|
||||
fingerprint.Length() == 0) {
|
||||
continue;
|
||||
}
|
||||
nsDependentCSubstring bitsString;
|
||||
if (!parser.ReadUntil(Tokenizer::Token::Whitespace(), bitsString) ||
|
||||
bitsString.Length() == 0) {
|
||||
continue;
|
||||
}
|
||||
nsDependentCSubstring dbKey;
|
||||
if (!parser.ReadUntil(Tokenizer::Token::EndOfFile(), dbKey) ||
|
||||
dbKey.Length() == 0) {
|
||||
continue;
|
||||
}
|
||||
nsCertOverride::OverrideBits bits;
|
||||
nsCertOverride::convertStringToBits(bitsString, bits);
|
||||
|
||||
AddEntryToList(host, port, attributes,
|
||||
const nsACString& tmp =
|
||||
Substring(buffer, hostIndex, algoIndex - hostIndex - 1);
|
||||
// We just ignore the algorithm string.
|
||||
const nsACString& fingerprint = Substring(
|
||||
buffer, fingerprintIndex, overrideBitsIndex - fingerprintIndex - 1);
|
||||
const nsACString& bits_string = Substring(
|
||||
buffer, overrideBitsIndex, dbKeyIndex - overrideBitsIndex - 1);
|
||||
const nsACString& db_key =
|
||||
Substring(buffer, dbKeyIndex, buffer.Length() - dbKeyIndex);
|
||||
|
||||
nsAutoCString host(tmp);
|
||||
nsCertOverride::OverrideBits bits;
|
||||
nsCertOverride::convertStringToBits(bits_string, bits);
|
||||
|
||||
int32_t port;
|
||||
int32_t portIndex = host.RFindChar(':');
|
||||
if (portIndex == kNotFound) continue; // Ignore broken entries
|
||||
|
||||
nsresult portParseError;
|
||||
nsAutoCString portString(Substring(host, portIndex + 1));
|
||||
port = portString.ToInteger(&portParseError);
|
||||
if (NS_FAILED(portParseError)) continue; // Ignore broken entries
|
||||
|
||||
host.Truncate(portIndex);
|
||||
|
||||
AddEntryToList(host, port,
|
||||
nullptr, // don't have the cert
|
||||
false, // not temporary
|
||||
fingerprint, bits, dbKey, aProofOfLock);
|
||||
fingerprint, bits, db_key, aProofOfLock);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
static const char sSHA256OIDString[] = "OID.2.16.840.1.101.3.4.2.1";
|
||||
nsresult nsCertOverrideService::Write(const MutexAutoLock& aProofOfLock) {
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
if (!NS_IsMainThread()) {
|
||||
@ -403,16 +388,16 @@ nsresult nsCertOverrideService::Write(const MutexAutoLock& aProofOfLock) {
|
||||
continue;
|
||||
}
|
||||
|
||||
nsAutoCString bitsString;
|
||||
nsCertOverride::convertBitsToString(settings->mOverrideBits, bitsString);
|
||||
nsAutoCString bits_string;
|
||||
nsCertOverride::convertBitsToString(settings->mOverrideBits, bits_string);
|
||||
|
||||
output.Append(entry->mKeyString);
|
||||
output.Append(entry->mHostWithPort);
|
||||
output.Append(kTab);
|
||||
output.Append(sSHA256OIDString);
|
||||
output.Append(kTab);
|
||||
output.Append(settings->mFingerprint);
|
||||
output.Append(kTab);
|
||||
output.Append(bitsString);
|
||||
output.Append(bits_string);
|
||||
output.Append(kTab);
|
||||
output.Append(settings->mDBKey);
|
||||
output.Append(NS_LINEBREAK);
|
||||
@ -453,10 +438,11 @@ static nsresult GetCertSha256Fingerprint(nsIX509Cert* aCert,
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::RememberValidityOverride(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes, nsIX509Cert* aCert,
|
||||
uint32_t aOverrideBits, bool aTemporary) {
|
||||
nsCertOverrideService::RememberValidityOverride(const nsACString& aHostName,
|
||||
int32_t aPort,
|
||||
nsIX509Cert* aCert,
|
||||
uint32_t aOverrideBits,
|
||||
bool aTemporary) {
|
||||
NS_ENSURE_ARG_POINTER(aCert);
|
||||
if (aHostName.IsEmpty() || !IsAscii(aHostName)) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
@ -504,8 +490,7 @@ nsCertOverrideService::RememberValidityOverride(
|
||||
|
||||
{
|
||||
MutexAutoLock lock(mMutex);
|
||||
AddEntryToList(aHostName, aPort, aOriginAttributes,
|
||||
aTemporary ? aCert : nullptr,
|
||||
AddEntryToList(aHostName, aPort, aTemporary ? aCert : nullptr,
|
||||
// keep a reference to the cert for temporary overrides
|
||||
aTemporary, fpStr,
|
||||
(nsCertOverride::OverrideBits)aOverrideBits, dbkey, lock);
|
||||
@ -517,24 +502,9 @@ nsCertOverrideService::RememberValidityOverride(
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::RememberValidityOverrideScriptable(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
JS::Handle<JS::Value> aOriginAttributes, nsIX509Cert* aCert,
|
||||
uint32_t aOverrideBits, bool aTemporary, JSContext* aCx) {
|
||||
OriginAttributes attrs;
|
||||
if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
return RememberValidityOverride(aHostName, aPort, attrs, aCert, aOverrideBits,
|
||||
aTemporary);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::RememberTemporaryValidityOverrideUsingFingerprint(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes,
|
||||
const nsACString& aCertFingerprint, uint32_t aOverrideBits) {
|
||||
if (aCertFingerprint.IsEmpty() || aHostName.IsEmpty() ||
|
||||
!IsAscii(aCertFingerprint) || !IsAscii(aHostName) || (aPort < -1)) {
|
||||
@ -542,7 +512,7 @@ nsCertOverrideService::RememberTemporaryValidityOverrideUsingFingerprint(
|
||||
}
|
||||
|
||||
MutexAutoLock lock(mMutex);
|
||||
AddEntryToList(aHostName, aPort, aOriginAttributes,
|
||||
AddEntryToList(aHostName, aPort,
|
||||
nullptr, // No cert to keep alive
|
||||
true, // temporary
|
||||
aCertFingerprint, (nsCertOverride::OverrideBits)aOverrideBits,
|
||||
@ -553,26 +523,10 @@ nsCertOverrideService::RememberTemporaryValidityOverrideUsingFingerprint(
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::
|
||||
RememberTemporaryValidityOverrideUsingFingerprintScriptable(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
JS::Handle<JS::Value> aOriginAttributes,
|
||||
const nsACString& aCertFingerprint, uint32_t aOverrideBits,
|
||||
JSContext* aCx) {
|
||||
OriginAttributes attrs;
|
||||
if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
return RememberTemporaryValidityOverrideUsingFingerprint(
|
||||
aHostName, aPort, attrs, aCertFingerprint, aOverrideBits);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::HasMatchingOverride(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes, nsIX509Cert* aCert,
|
||||
uint32_t* aOverrideBits, bool* aIsTemporary, bool* aRetval) {
|
||||
nsCertOverrideService::HasMatchingOverride(const nsACString& aHostName,
|
||||
int32_t aPort, nsIX509Cert* aCert,
|
||||
uint32_t* aOverrideBits,
|
||||
bool* aIsTemporary, bool* _retval) {
|
||||
bool disableAllSecurityCheck = false;
|
||||
{
|
||||
MutexAutoLock lock(mMutex);
|
||||
@ -584,7 +538,7 @@ nsCertOverrideService::HasMatchingOverride(
|
||||
nsCertOverride::OverrideBits::Time;
|
||||
*aOverrideBits = static_cast<uint32_t>(all);
|
||||
*aIsTemporary = false;
|
||||
*aRetval = true;
|
||||
*_retval = true;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -596,17 +550,17 @@ nsCertOverrideService::HasMatchingOverride(
|
||||
NS_ENSURE_ARG_POINTER(aCert);
|
||||
NS_ENSURE_ARG_POINTER(aOverrideBits);
|
||||
NS_ENSURE_ARG_POINTER(aIsTemporary);
|
||||
NS_ENSURE_ARG_POINTER(aRetval);
|
||||
*aRetval = false;
|
||||
NS_ENSURE_ARG_POINTER(_retval);
|
||||
*_retval = false;
|
||||
*aOverrideBits = static_cast<uint32_t>(nsCertOverride::OverrideBits::None);
|
||||
|
||||
nsAutoCString hostPort;
|
||||
GetHostWithPort(aHostName, aPort, hostPort);
|
||||
RefPtr<nsCertOverride> settings;
|
||||
|
||||
{
|
||||
nsAutoCString keyString;
|
||||
GetKeyString(aHostName, aPort, aOriginAttributes, keyString);
|
||||
MutexAutoLock lock(mMutex);
|
||||
nsCertOverrideEntry* entry = mSettingsTable.GetEntry(keyString.get());
|
||||
nsCertOverrideEntry* entry = mSettingsTable.GetEntry(hostPort.get());
|
||||
|
||||
if (!entry) return NS_OK;
|
||||
|
||||
@ -622,48 +576,31 @@ nsCertOverrideService::HasMatchingOverride(
|
||||
return rv;
|
||||
}
|
||||
|
||||
*aRetval = settings->mFingerprint.Equals(fpStr);
|
||||
*_retval = settings->mFingerprint.Equals(fpStr);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::HasMatchingOverrideScriptable(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
JS::Handle<JS::Value> aOriginAttributes, nsIX509Cert* aCert,
|
||||
uint32_t* aOverrideBits, bool* aIsTemporary, JSContext* aCx,
|
||||
bool* aRetval) {
|
||||
OriginAttributes attrs;
|
||||
if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
return HasMatchingOverride(aHostName, aPort, attrs, aCert, aOverrideBits,
|
||||
aIsTemporary, aRetval);
|
||||
}
|
||||
|
||||
nsresult nsCertOverrideService::AddEntryToList(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes, nsIX509Cert* aCert,
|
||||
const nsACString& aHostName, int32_t aPort, nsIX509Cert* aCert,
|
||||
const bool aIsTemporary, const nsACString& fingerprint,
|
||||
nsCertOverride::OverrideBits ob, const nsACString& dbKey,
|
||||
const MutexAutoLock& aProofOfLock) {
|
||||
nsAutoCString keyString;
|
||||
GetKeyString(aHostName, aPort, aOriginAttributes, keyString);
|
||||
nsAutoCString hostPort;
|
||||
GetHostWithPort(aHostName, aPort, hostPort);
|
||||
|
||||
nsCertOverrideEntry* entry = mSettingsTable.PutEntry(keyString.get());
|
||||
nsCertOverrideEntry* entry = mSettingsTable.PutEntry(hostPort.get());
|
||||
|
||||
if (!entry) {
|
||||
NS_ERROR("can't insert a null entry!");
|
||||
return NS_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
entry->mKeyString = keyString;
|
||||
entry->mHostWithPort = hostPort;
|
||||
|
||||
RefPtr<nsCertOverride> settings(new nsCertOverride());
|
||||
|
||||
settings->mAsciiHost = aHostName;
|
||||
settings->mPort = aPort;
|
||||
settings->mOriginAttributes = aOriginAttributes;
|
||||
settings->mIsTemporary = aIsTemporary;
|
||||
settings->mFingerprint = fingerprint;
|
||||
settings->mOverrideBits = ob;
|
||||
@ -677,9 +614,8 @@ nsresult nsCertOverrideService::AddEntryToList(
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::ClearValidityOverride(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes) {
|
||||
nsCertOverrideService::ClearValidityOverride(const nsACString& aHostName,
|
||||
int32_t aPort) {
|
||||
if (aHostName.IsEmpty() || !IsAscii(aHostName)) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
@ -691,11 +627,11 @@ nsCertOverrideService::ClearValidityOverride(
|
||||
RemoveAllTemporaryOverrides();
|
||||
return NS_OK;
|
||||
}
|
||||
nsAutoCString keyString;
|
||||
GetKeyString(aHostName, aPort, aOriginAttributes, keyString);
|
||||
nsAutoCString hostPort;
|
||||
GetHostWithPort(aHostName, aPort, hostPort);
|
||||
{
|
||||
MutexAutoLock lock(mMutex);
|
||||
mSettingsTable.RemoveEntry(keyString.get());
|
||||
mSettingsTable.RemoveEntry(hostPort.get());
|
||||
Write(lock);
|
||||
}
|
||||
|
||||
@ -708,17 +644,6 @@ nsCertOverrideService::ClearValidityOverride(
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::ClearValidityOverrideScriptable(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
JS::Handle<JS::Value> aOriginAttributes, JSContext* aCx) {
|
||||
OriginAttributes attrs;
|
||||
if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
|
||||
return NS_ERROR_INVALID_ARG;
|
||||
}
|
||||
|
||||
return ClearValidityOverride(aHostName, aPort, attrs);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsCertOverrideService::ClearAllOverrides() {
|
||||
@ -767,9 +692,9 @@ NS_IMETHODIMP
|
||||
nsCertOverrideService::IsCertUsedForOverrides(nsIX509Cert* aCert,
|
||||
bool aCheckTemporaries,
|
||||
bool aCheckPermanents,
|
||||
uint32_t* aRetval) {
|
||||
uint32_t* _retval) {
|
||||
NS_ENSURE_ARG(aCert);
|
||||
NS_ENSURE_ARG(aRetval);
|
||||
NS_ENSURE_ARG(_retval);
|
||||
|
||||
uint32_t counter = 0;
|
||||
{
|
||||
@ -792,7 +717,7 @@ nsCertOverrideService::IsCertUsedForOverrides(nsIX509Cert* aCert,
|
||||
}
|
||||
}
|
||||
}
|
||||
*aRetval = counter;
|
||||
*_retval = counter;
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@ -846,7 +771,7 @@ nsCertOverrideService::GetOverrides(
|
||||
|
||||
void nsCertOverrideService::GetHostWithPort(const nsACString& aHostName,
|
||||
int32_t aPort,
|
||||
nsACString& aRetval) {
|
||||
nsACString& _retval) {
|
||||
nsAutoCString hostPort(aHostName);
|
||||
if (aPort == -1) {
|
||||
aPort = 443;
|
||||
@ -855,22 +780,7 @@ void nsCertOverrideService::GetHostWithPort(const nsACString& aHostName,
|
||||
hostPort.Append(':');
|
||||
hostPort.AppendInt(aPort);
|
||||
}
|
||||
aRetval.Assign(hostPort);
|
||||
}
|
||||
|
||||
void nsCertOverrideService::GetKeyString(
|
||||
const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes, nsACString& aRetval) {
|
||||
nsAutoCString keyString;
|
||||
GetHostWithPort(aHostName, aPort, keyString);
|
||||
keyString.Append(':');
|
||||
OriginAttributes strippedAttributes(aOriginAttributes);
|
||||
strippedAttributes.StripAttributes(
|
||||
~OriginAttributes::STRIP_PRIVATE_BROWSING_ID);
|
||||
nsAutoCString attributeSuffix;
|
||||
strippedAttributes.CreateSuffix(attributeSuffix);
|
||||
keyString.Append(attributeSuffix);
|
||||
aRetval.Assign(keyString);
|
||||
_retval.Assign(hostPort);
|
||||
}
|
||||
|
||||
// nsIAsyncShutdownBlocker implementation
|
||||
|
||||
@ -39,7 +39,6 @@ class nsCertOverride final : public nsICertOverride {
|
||||
|
||||
nsCString mAsciiHost;
|
||||
int32_t mPort;
|
||||
OriginAttributes mOriginAttributes;
|
||||
bool mIsTemporary; // true: session only, false: stored on disk
|
||||
nsCString mFingerprint;
|
||||
OverrideBits mOverrideBits;
|
||||
@ -68,16 +67,16 @@ class nsCertOverrideEntry final : public PLDHashEntryHdr {
|
||||
nsCertOverrideEntry(nsCertOverrideEntry&& toMove)
|
||||
: PLDHashEntryHdr(std::move(toMove)),
|
||||
mSettings(std::move(toMove.mSettings)),
|
||||
mKeyString(std::move(toMove.mKeyString)) {}
|
||||
mHostWithPort(std::move(toMove.mHostWithPort)) {}
|
||||
|
||||
~nsCertOverrideEntry() = default;
|
||||
|
||||
KeyType GetKey() const { return KeyStringPtr(); }
|
||||
KeyType GetKey() const { return HostWithPortPtr(); }
|
||||
|
||||
KeyTypePointer GetKeyPointer() const { return KeyStringPtr(); }
|
||||
KeyTypePointer GetKeyPointer() const { return HostWithPortPtr(); }
|
||||
|
||||
bool KeyEquals(KeyTypePointer aKey) const {
|
||||
return !strcmp(KeyStringPtr(), aKey);
|
||||
return !strcmp(HostWithPortPtr(), aKey);
|
||||
}
|
||||
|
||||
static KeyTypePointer KeyToPointer(KeyType aKey) { return aKey; }
|
||||
@ -89,12 +88,12 @@ class nsCertOverrideEntry final : public PLDHashEntryHdr {
|
||||
enum { ALLOW_MEMMOVE = false };
|
||||
|
||||
// get methods
|
||||
inline const nsCString& KeyString() const { return mKeyString; }
|
||||
inline const nsCString& HostWithPort() const { return mHostWithPort; }
|
||||
|
||||
inline KeyTypePointer KeyStringPtr() const { return mKeyString.get(); }
|
||||
inline KeyTypePointer HostWithPortPtr() const { return mHostWithPort.get(); }
|
||||
|
||||
RefPtr<nsCertOverride> mSettings;
|
||||
nsCString mKeyString;
|
||||
nsCString mHostWithPort;
|
||||
};
|
||||
|
||||
class nsCertOverrideService final : public nsICertOverrideService,
|
||||
@ -112,16 +111,11 @@ class nsCertOverrideService final : public nsICertOverrideService,
|
||||
nsresult Init();
|
||||
void RemoveAllTemporaryOverrides();
|
||||
|
||||
// Concatenates host name and the port number. If the port number is -1 then
|
||||
// Concates host name and the port number. If the port number is -1 then
|
||||
// port 443 is automatically used. This method ensures there is always a port
|
||||
// number separated with colon.
|
||||
static void GetHostWithPort(const nsACString& aHostName, int32_t aPort,
|
||||
nsACString& aRetval);
|
||||
|
||||
// Concatenates host name, port number, and origin attributes.
|
||||
static void GetKeyString(const nsACString& aHostName, int32_t aPort,
|
||||
const OriginAttributes& aOriginAttributes,
|
||||
nsACString& aRetval);
|
||||
nsACString& _retval);
|
||||
|
||||
void AssertOnTaskQueue() const {
|
||||
MOZ_ASSERT(mWriterTaskQueue->IsOnCurrentThread());
|
||||
@ -144,7 +138,6 @@ class nsCertOverrideService final : public nsICertOverrideService,
|
||||
nsresult Read(const mozilla::MutexAutoLock& aProofOfLock);
|
||||
nsresult Write(const mozilla::MutexAutoLock& aProofOfLock);
|
||||
nsresult AddEntryToList(const nsACString& host, int32_t port,
|
||||
const OriginAttributes& aOriginAttributes,
|
||||
nsIX509Cert* aCert, const bool aIsTemporary,
|
||||
const nsACString& fingerprint,
|
||||
nsCertOverride::OverrideBits ob,
|
||||
|
||||
@ -9,14 +9,8 @@
|
||||
interface nsIArray;
|
||||
interface nsIX509Cert;
|
||||
|
||||
[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
|
||||
|
||||
%{C++
|
||||
#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
|
||||
|
||||
namespace mozilla {
|
||||
class OriginAttributes;
|
||||
}
|
||||
%}
|
||||
|
||||
[scriptable, builtinclass, uuid(ed735e24-fa55-4163-906d-17fb78851fe1)]
|
||||
@ -49,12 +43,6 @@ interface nsICertOverride : nsISupports {
|
||||
* existing function of nsCertOverrideService to create this property.
|
||||
*/
|
||||
readonly attribute ACString hostPort;
|
||||
|
||||
/**
|
||||
* The origin attributes associated with this override.
|
||||
*/
|
||||
[implicit_jscontext]
|
||||
readonly attribute jsval originAttributes;
|
||||
};
|
||||
|
||||
/**
|
||||
@ -97,17 +85,9 @@ interface nsICertOverrideService : nsISupports {
|
||||
* @param aCert The cert that should always be accepted
|
||||
* @param aOverrideBits The precise set of errors we want to be overriden
|
||||
*/
|
||||
[binaryname(RememberValidityOverride), noscript, must_use]
|
||||
void rememberValidityOverrideNative(in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in const_OriginAttributesRef aOriginAttributes,
|
||||
in nsIX509Cert aCert,
|
||||
in uint32_t aOverrideBits,
|
||||
in boolean aTemporary);
|
||||
[binaryname(RememberValidityOverrideScriptable), implicit_jscontext, must_use]
|
||||
[must_use]
|
||||
void rememberValidityOverride(in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in jsval aOriginAttributes,
|
||||
in nsIX509Cert aCert,
|
||||
in uint32_t aOverrideBits,
|
||||
in boolean aTemporary);
|
||||
@ -125,18 +105,10 @@ interface nsICertOverrideService : nsISupports {
|
||||
* the format 'AA:BB:...' (colon-separated upper-case hex bytes).
|
||||
* @param aOverrideBits The errors we want to be overriden
|
||||
*/
|
||||
[binaryname(RememberTemporaryValidityOverrideUsingFingerprint), noscript, must_use]
|
||||
void rememberTemporaryValidityOverrideUsingFingerprintNative(
|
||||
in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in const_OriginAttributesRef aOriginAttributes,
|
||||
in AUTF8String aCertFingerprint,
|
||||
in uint32_t aOverrideBits);
|
||||
[binaryname(RememberTemporaryValidityOverrideUsingFingerprintScriptable), implicit_jscontext, must_use]
|
||||
[must_use]
|
||||
void rememberTemporaryValidityOverrideUsingFingerprint(
|
||||
in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in jsval aOriginAttributes,
|
||||
in AUTF8String aCertFingerprint,
|
||||
in uint32_t aOverrideBits);
|
||||
|
||||
@ -155,17 +127,9 @@ interface nsICertOverrideService : nsISupports {
|
||||
* or permanent
|
||||
* @return Whether an override has been stored for this host+port+cert
|
||||
*/
|
||||
[binaryname(HasMatchingOverride), noscript, must_use]
|
||||
boolean hasMatchingOverrideNative(in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in const_OriginAttributesRef aOriginAttributes,
|
||||
in nsIX509Cert aCert,
|
||||
out uint32_t aOverrideBits,
|
||||
out boolean aIsTemporary);
|
||||
[binaryname(HasMatchingOverrideScriptable), implicit_jscontext, must_use]
|
||||
[must_use]
|
||||
boolean hasMatchingOverride(in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in jsval aOriginAttributes,
|
||||
in nsIX509Cert aCert,
|
||||
out uint32_t aOverrideBits,
|
||||
out boolean aIsTemporary);
|
||||
@ -179,14 +143,8 @@ interface nsICertOverrideService : nsISupports {
|
||||
* If it is 0 and aHostName is "all:temporary-certificates",
|
||||
* then all temporary certificates should be cleared.
|
||||
*/
|
||||
[binaryname(ClearValidityOverride), noscript]
|
||||
void clearValidityOverrideNative(in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in const_OriginAttributesRef aOriginAttributes);
|
||||
[binaryname(ClearValidityOverrideScriptable), implicit_jscontext]
|
||||
void clearValidityOverride(in AUTF8String aHostName,
|
||||
in int32_t aPort,
|
||||
in jsval aOriginAttributes);
|
||||
in int32_t aPort);
|
||||
|
||||
/**
|
||||
* Remove all overrides.
|
||||
|
||||
@ -2371,8 +2371,7 @@ nsresult nsNSSComponent::LogoutAuthenticatedPK11() {
|
||||
nsCOMPtr<nsICertOverrideService> icos =
|
||||
do_GetService("@mozilla.org/security/certoverride;1");
|
||||
if (icos) {
|
||||
icos->ClearValidityOverride("all:temporary-certificates"_ns, 0,
|
||||
OriginAttributes());
|
||||
icos->ClearValidityOverride("all:temporary-certificates"_ns, 0);
|
||||
}
|
||||
|
||||
ClearSSLExternalAndInternalSessionCache();
|
||||
|
||||
@ -123,7 +123,6 @@ add_task(async function test_cert_manager_server_tab() {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"example.com",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
Ci.nsICertOverrideService.ERROR_UNTRUSTED,
|
||||
false
|
||||
@ -145,7 +144,6 @@ add_task(async function test_cert_manager_server_tab() {
|
||||
certOverrideService.rememberTemporaryValidityOverrideUsingFingerprint(
|
||||
"example.com",
|
||||
9999,
|
||||
{},
|
||||
"40:20:3E:57:FB:82:95:0D:3F:62:D7:04:39:F6:32:CC:B2:2F:70:9F:3E:66:C5:35:64:6E:49:2A:F1:02:75:9F",
|
||||
Ci.nsICertOverrideService.ERROR_UNTRUSTED
|
||||
);
|
||||
|
||||
@ -33,7 +33,6 @@ const gEVExpected = isDebugBuild;
|
||||
const CLIENT_AUTH_FILE_NAME = "ClientAuthRememberList.txt";
|
||||
const SSS_STATE_FILE_NAME = "SiteSecurityServiceState.txt";
|
||||
const PRELOAD_STATE_FILE_NAME = "SecurityPreloadState.txt";
|
||||
const CERT_OVERRIDE_FILE_NAME = "cert_override.txt";
|
||||
|
||||
const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
|
||||
const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
|
||||
@ -916,7 +915,6 @@ function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
aHost,
|
||||
8443,
|
||||
{},
|
||||
cert,
|
||||
aExpectedBits,
|
||||
true
|
||||
@ -983,7 +981,6 @@ function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
aHost,
|
||||
8443,
|
||||
{},
|
||||
cert,
|
||||
aExpectedBits,
|
||||
true
|
||||
|
||||
@ -28,11 +28,10 @@ function add_override_bits_mismatch_test(
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
for (let overrideBits = 0; overrideBits <= MAX_BITS; overrideBits++) {
|
||||
add_test(function() {
|
||||
certOverrideService.clearValidityOverride(host, 8443, {});
|
||||
certOverrideService.clearValidityOverride(host, 8443);
|
||||
certOverrideService.rememberValidityOverride(
|
||||
host,
|
||||
8443,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
|
||||
@ -1,224 +0,0 @@
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
"use strict";
|
||||
|
||||
// This test checks parsing of the the certificate override file
|
||||
|
||||
function run_test() {
|
||||
// These are hard-coded to avoid initialization of NSS before setup is complete
|
||||
// bad_certs/mitm.pem
|
||||
let cert1 = {
|
||||
sha256Fingerprint:
|
||||
"AF:89:F3:E8:0A:AD:58:96:05:C4:AC:D7:A2:A3:07:42:E6:F9:85:FA:9D:D7:D4:43:EC:9F:87:52:94:9C:4D:A6",
|
||||
dbKey:
|
||||
"AAAAAAAAAAAAAAAUAAAAG0uHZ2GoTSZsZNE9WdB/lvAPubXIMBkxFzAVBgNVBAMMDlRlc3QgTUlUTSBSb290",
|
||||
};
|
||||
// bad_certs/selfsigned.pem
|
||||
let cert2 = {
|
||||
sha256Fingerprint:
|
||||
"5D:13:3E:90:DF:34:C4:E8:27:E8:88:4A:28:12:84:1D:1B:E8:0C:73:20:C4:90:8A:A7:AC:A5:8D:7E:42:7E:6E",
|
||||
dbKey:
|
||||
"AAAAAAAAAAAAAAAUAAAAKEdUzTa/lL+mUeJpdBfMepsMAP5RMCYxJDAiBgNVBAMMG1NlbGYtc2lnbmVkIFRlc3QgRW5kLWVudGl0eQ==",
|
||||
};
|
||||
// bad_certs/noValidNames.pem
|
||||
let cert3 = {
|
||||
sha256Fingerprint:
|
||||
"40:56:30:2B:C3:AE:DA:22:40:8A:2D:C5:45:00:5E:EC:9B:AA:38:99:D6:4E:29:05:6B:4E:CB:E8:F9:10:30:D6",
|
||||
dbKey:
|
||||
"AAAAAAAAAAAAAAAUAAAAFHPQYJXEeVUul+u7/ZQOjaI3fYD1MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
|
||||
};
|
||||
|
||||
let profileDir = do_get_profile();
|
||||
let overrideFile = profileDir.clone();
|
||||
overrideFile.append(CERT_OVERRIDE_FILE_NAME);
|
||||
// Assuming we're working with a clean slate, the file shouldn't exist
|
||||
// until we create it.
|
||||
ok(!overrideFile.exists());
|
||||
let outputStream = FileUtils.openFileOutputStream(overrideFile);
|
||||
let lines = [
|
||||
"# PSM Certificate Override Settings file",
|
||||
"# This is a generated file! Do not edit.",
|
||||
"test.example.com:443:^privateBrowsingId=1\tOID.2.16.840.1.101.3.4.2.1\t" +
|
||||
cert1.sha256Fingerprint +
|
||||
"\tM\t" +
|
||||
cert1.dbKey,
|
||||
"test.example.com:443:^privateBrowsingId=2\tOID.2.16.840.1.101.3.4.2.1\t" +
|
||||
cert1.sha256Fingerprint +
|
||||
"\tM\t" +
|
||||
cert1.dbKey,
|
||||
"example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" +
|
||||
cert2.sha256Fingerprint +
|
||||
"\tU\t" +
|
||||
cert2.dbKey,
|
||||
"old.example.com:443\tOID.2.16.840.1.101.3.4.2.1\t" + // missing attributes (defaulted)
|
||||
cert1.sha256Fingerprint +
|
||||
"\tM\t" +
|
||||
cert1.dbKey,
|
||||
":443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing host name
|
||||
cert3.sha256Fingerprint +
|
||||
"\tU\t" +
|
||||
cert3.dbKey,
|
||||
"example.com::\tOID.2.16.840.1.101.3.4.2.1\t" + // missing port
|
||||
cert3.sha256Fingerprint +
|
||||
"\tU\t" +
|
||||
cert3.dbKey,
|
||||
"example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // wrong fingerprint/dbkey
|
||||
cert2.sha256Fingerprint +
|
||||
"\tU\t" +
|
||||
cert3.dbKey,
|
||||
"example.com:443:\tOID.0.00.000.0.000.0.0.0.0\t" + // bad OID
|
||||
cert3.sha256Fingerprint +
|
||||
"\tU\t" +
|
||||
cert3.dbKey,
|
||||
"example.com:443:\t.0.0.0.0\t" + // malformed OID
|
||||
cert3.sha256Fingerprint +
|
||||
"\tU\t" +
|
||||
cert3.dbKey,
|
||||
"example.com:443:\t\t" + // missing OID
|
||||
cert3.sha256Fingerprint +
|
||||
"\tU\t" +
|
||||
cert3.dbKey,
|
||||
"example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing fingerprint
|
||||
"\tU\t" +
|
||||
cert3.dbKey,
|
||||
"example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing override bits
|
||||
cert3.sha256Fingerprint +
|
||||
"\t\t" +
|
||||
cert3.dbKey,
|
||||
"example.com:443:\tOID.2.16.840.1.101.3.4.2.1\t" + // missing dbkey
|
||||
cert3.sha256Fingerprint +
|
||||
"\tU\t",
|
||||
];
|
||||
writeLinesAndClose(lines, outputStream);
|
||||
let overrideService = Cc["@mozilla.org/security/certoverride;1"].getService(
|
||||
Ci.nsICertOverrideService
|
||||
);
|
||||
notEqual(overrideService, null);
|
||||
|
||||
// Now that the override service is initialized we can actually read the certificates
|
||||
cert1 = constructCertFromFile("bad_certs/mitm.pem");
|
||||
cert2 = constructCertFromFile("bad_certs/selfsigned.pem");
|
||||
cert3 = constructCertFromFile("bad_certs/noValidNames.pem");
|
||||
|
||||
const OVERRIDES = [
|
||||
{
|
||||
host: "test.example.com",
|
||||
port: 443,
|
||||
cert: cert1,
|
||||
bits: Ci.nsICertOverrideService.ERROR_MISMATCH,
|
||||
attributes: { privateBrowsingId: 1 },
|
||||
},
|
||||
{
|
||||
host: "test.example.com",
|
||||
port: 443,
|
||||
cert: cert1,
|
||||
bits: Ci.nsICertOverrideService.ERROR_MISMATCH,
|
||||
attributes: { privateBrowsingId: 2 },
|
||||
},
|
||||
{
|
||||
host: "example.com",
|
||||
port: 443,
|
||||
cert: cert2,
|
||||
bits: Ci.nsICertOverrideService.ERROR_UNTRUSTED,
|
||||
attributes: {},
|
||||
},
|
||||
{
|
||||
host: "example.com",
|
||||
port: 443,
|
||||
cert: cert2,
|
||||
bits: Ci.nsICertOverrideService.ERROR_UNTRUSTED,
|
||||
attributes: { userContextId: 1 }, // only privateBrowsingId is used
|
||||
},
|
||||
{
|
||||
host: "old.example.com",
|
||||
port: 443,
|
||||
cert: cert1,
|
||||
bits: Ci.nsICertOverrideService.ERROR_MISMATCH,
|
||||
attributes: {},
|
||||
},
|
||||
];
|
||||
const BAD_OVERRIDES = [
|
||||
{
|
||||
host: "test.example.com",
|
||||
port: 443,
|
||||
cert: cert1,
|
||||
bits: Ci.nsICertOverrideService.ERROR_MISMATCH,
|
||||
attributes: { privateBrowsingId: 3 }, // wrong attributes
|
||||
},
|
||||
{
|
||||
host: "test.example.com",
|
||||
port: 443,
|
||||
cert: cert3, // wrong certificate
|
||||
bits: Ci.nsICertOverrideService.ERROR_UNTRUSTED,
|
||||
attributes: { privateBrowsingId: 1 },
|
||||
},
|
||||
{
|
||||
host: "example.com",
|
||||
port: 443,
|
||||
cert: cert3,
|
||||
bits: Ci.nsICertOverrideService.ERROR_UNTRUSTED,
|
||||
attributes: {},
|
||||
},
|
||||
];
|
||||
const BAD_BIT_OVERRIDES = [
|
||||
{
|
||||
host: "example.com",
|
||||
port: 443,
|
||||
cert: cert2,
|
||||
bits: Ci.nsICertOverrideService.ERROR_MISMATCH, // wrong bits
|
||||
attributes: {},
|
||||
},
|
||||
];
|
||||
|
||||
for (let override of OVERRIDES) {
|
||||
let actualBits = {};
|
||||
let temp = {};
|
||||
ok(
|
||||
overrideService.hasMatchingOverride(
|
||||
override.host,
|
||||
override.port,
|
||||
override.attributes,
|
||||
override.cert,
|
||||
actualBits,
|
||||
temp
|
||||
),
|
||||
`${JSON.stringify(override)} should have an override`
|
||||
);
|
||||
equal(actualBits.value, override.bits);
|
||||
equal(temp.value, false);
|
||||
}
|
||||
|
||||
for (let override of BAD_OVERRIDES) {
|
||||
let actualBits = {};
|
||||
let temp = {};
|
||||
ok(
|
||||
!overrideService.hasMatchingOverride(
|
||||
override.host,
|
||||
override.port,
|
||||
override.attributes,
|
||||
override.cert,
|
||||
actualBits,
|
||||
temp
|
||||
),
|
||||
`${override} should not have an override`
|
||||
);
|
||||
}
|
||||
|
||||
for (let override of BAD_BIT_OVERRIDES) {
|
||||
let actualBits = {};
|
||||
let temp = {};
|
||||
ok(
|
||||
overrideService.hasMatchingOverride(
|
||||
override.host,
|
||||
override.port,
|
||||
override.attributes,
|
||||
override.cert,
|
||||
actualBits,
|
||||
temp
|
||||
),
|
||||
`${override} should have an override`
|
||||
);
|
||||
notEqual(actualBits.value, override.bits);
|
||||
}
|
||||
}
|
||||
@ -151,7 +151,6 @@ function run_port_equivalency_test(inPort, outPort) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"example.com",
|
||||
inPort,
|
||||
{},
|
||||
cert,
|
||||
expectedBits,
|
||||
expectedTemporary
|
||||
@ -162,7 +161,6 @@ function run_port_equivalency_test(inPort, outPort) {
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"example.com",
|
||||
outPort,
|
||||
{},
|
||||
cert,
|
||||
actualBits,
|
||||
actualTemporary
|
||||
@ -180,22 +178,14 @@ function run_port_equivalency_test(inPort, outPort) {
|
||||
"input override temporary value should match output temporary value"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.com",
|
||||
563,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
!certOverrideService.hasMatchingOverride("example.com", 563, cert, {}, {}),
|
||||
`override set on port ${inPort} should not match port 563`
|
||||
);
|
||||
certOverrideService.clearValidityOverride("example.com", inPort, {});
|
||||
certOverrideService.clearValidityOverride("example.com", inPort);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.com",
|
||||
outPort,
|
||||
{},
|
||||
cert,
|
||||
actualBits,
|
||||
{}
|
||||
@ -325,7 +315,7 @@ function add_simple_tests() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("mitm.example.com", 8443, {});
|
||||
certOverrideService.clearValidityOverride("mitm.example.com", 8443);
|
||||
run_next_test();
|
||||
});
|
||||
add_cert_override_test(
|
||||
@ -341,7 +331,7 @@ function add_simple_tests() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("mitm.example.com", 8443, {});
|
||||
certOverrideService.clearValidityOverride("mitm.example.com", 8443);
|
||||
run_next_test();
|
||||
});
|
||||
// If the canary issuer doesn't match the one we see, we exepct and unknown
|
||||
@ -361,7 +351,7 @@ function add_simple_tests() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride("mitm.example.com", 8443, {});
|
||||
certOverrideService.clearValidityOverride("mitm.example.com", 8443);
|
||||
run_next_test();
|
||||
});
|
||||
add_cert_override_test(
|
||||
@ -423,8 +413,7 @@ function add_simple_tests() {
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride(
|
||||
"end-entity-issued-by-v1-cert.example.com",
|
||||
8443,
|
||||
{}
|
||||
8443
|
||||
);
|
||||
let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem");
|
||||
setCertTrust(v1Cert, "CTu,,");
|
||||
@ -493,7 +482,6 @@ function add_simple_tests() {
|
||||
certOverrideService.hasMatchingOverride(
|
||||
uri.asciiHost,
|
||||
8443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
@ -505,7 +493,6 @@ function add_simple_tests() {
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
uri.displayHost,
|
||||
8443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
@ -521,7 +508,6 @@ function add_simple_tests() {
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
invalidHost,
|
||||
8443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
@ -542,172 +528,48 @@ function add_simple_tests() {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"example.com",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
expectedBits,
|
||||
false
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"example.com",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
certOverrideService.hasMatchingOverride("example.com", 443, cert, {}, {}),
|
||||
"Should have added override for example.com:443"
|
||||
);
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"example.com",
|
||||
80,
|
||||
{},
|
||||
cert,
|
||||
expectedBits,
|
||||
false
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"example.com",
|
||||
80,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
certOverrideService.hasMatchingOverride("example.com", 80, cert, {}, {}),
|
||||
"Should have added override for example.com:80"
|
||||
);
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
expectedBits,
|
||||
false
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
certOverrideService.hasMatchingOverride("example.org", 443, cert, {}, {}),
|
||||
"Should have added override for example.org:443"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should not have override for example.org:443 with privateBrowsingId 1"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{ privateBrowsingId: 2 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should not have override for example.org:443 with privateBrowsingId 2"
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{ firstPartyDomain: "example.org", userContextId: 1 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should ignore firstPartyDomain and userContextId when checking overrides"
|
||||
);
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"example.org",
|
||||
80,
|
||||
{},
|
||||
cert,
|
||||
expectedBits,
|
||||
true
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
80,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
certOverrideService.hasMatchingOverride("example.org", 80, cert, {}, {}),
|
||||
"Should have added override for example.org:80"
|
||||
);
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"test.example.org",
|
||||
443,
|
||||
{ firstPartyDomain: "example.org", userContextId: 1 },
|
||||
cert,
|
||||
expectedBits,
|
||||
false
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"test.example.org",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should ignore firstPartyDomain and userContextId when adding overrides"
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"test.example.org",
|
||||
443,
|
||||
{ firstPartyDomain: "example.com", userContextId: 2 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should ignore firstPartyDomain and userContextId when checking overrides"
|
||||
);
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
expectedBits,
|
||||
false
|
||||
);
|
||||
Assert.ok(
|
||||
certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should have added override for example.org:443 with privateBrowsingId 1"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{ privateBrowsingId: 2 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should not have override for example.org:443 with privateBrowsingId 2"
|
||||
);
|
||||
|
||||
// Clear them all...
|
||||
certOverrideService.clearAllOverrides();
|
||||
|
||||
@ -716,7 +578,6 @@ function add_simple_tests() {
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.com",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
@ -724,21 +585,13 @@ function add_simple_tests() {
|
||||
"Should have removed override for example.com:443"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.com",
|
||||
80,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
!certOverrideService.hasMatchingOverride("example.com", 80, cert, {}, {}),
|
||||
"Should have removed override for example.com:80"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
@ -746,27 +599,9 @@ function add_simple_tests() {
|
||||
"Should have removed override for example.org:443"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
80,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
!certOverrideService.hasMatchingOverride("example.org", 80, cert, {}, {}),
|
||||
"Should have removed override for example.org:80"
|
||||
);
|
||||
Assert.ok(
|
||||
!certOverrideService.hasMatchingOverride(
|
||||
"example.org",
|
||||
443,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
"Should have removed override for example.org:443 with privateBrowsingId 1"
|
||||
);
|
||||
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
@ -35,7 +35,6 @@ function add_read_only_cert_override(aHost, aExpectedBits, aSecurityInfo) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
aHost,
|
||||
8443,
|
||||
{},
|
||||
cert,
|
||||
aExpectedBits,
|
||||
false
|
||||
|
||||
@ -169,7 +169,6 @@ function storeCertOverride(port, cert) {
|
||||
certOverrideService.rememberValidityOverride(
|
||||
hostname,
|
||||
port,
|
||||
{},
|
||||
cert,
|
||||
overrideBits,
|
||||
true
|
||||
|
||||
@ -34,7 +34,7 @@ function add_clear_override(host) {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride(host, 8443, {});
|
||||
certOverrideService.clearValidityOverride(host, 8443);
|
||||
run_next_test();
|
||||
});
|
||||
}
|
||||
|
||||
@ -75,11 +75,7 @@ function add_resume_non_ev_with_override_test() {
|
||||
let certOverrideService = Cc[
|
||||
"@mozilla.org/security/certoverride;1"
|
||||
].getService(Ci.nsICertOverrideService);
|
||||
certOverrideService.clearValidityOverride(
|
||||
"expired.example.com",
|
||||
8443,
|
||||
{}
|
||||
);
|
||||
certOverrideService.clearValidityOverride("expired.example.com", 8443);
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
@ -82,7 +82,6 @@ run-sequentially = hardcoded ports
|
||||
run-sequentially = hardcoded ports
|
||||
[test_cert_override_bits_mismatches.js]
|
||||
run-sequentially = hardcoded ports
|
||||
[test_cert_override_read.js]
|
||||
[test_cert_sha1.js]
|
||||
[test_cert_signatures.js]
|
||||
[test_cert_trust.js]
|
||||
|
||||
@ -171,7 +171,7 @@ const CertCleaner = {
|
||||
Ci.nsICertOverrideService
|
||||
);
|
||||
|
||||
overrideService.clearValidityOverride(aHost, -1, aOriginAttributes);
|
||||
overrideService.clearValidityOverride(aHost, -1);
|
||||
},
|
||||
|
||||
deleteByPrincipal(aPrincipal) {
|
||||
|
||||
@ -36,7 +36,6 @@ add_task(async function() {
|
||||
overrideService.rememberValidityOverride(
|
||||
TEST_URI.asciiHost,
|
||||
TEST_URI.port,
|
||||
{},
|
||||
cert,
|
||||
flags,
|
||||
false
|
||||
@ -70,7 +69,6 @@ add_task(async function() {
|
||||
overrideService.rememberValidityOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{},
|
||||
cert,
|
||||
flags,
|
||||
false
|
||||
@ -79,54 +77,12 @@ add_task(async function() {
|
||||
overrideService.hasMatchingOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
`Should have added override for ${uri.asciiHost}:${uri.port}`
|
||||
);
|
||||
Assert.ok(
|
||||
!overrideService.hasMatchingOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
`Should not have added override for ${uri.asciiHost}:${uri.port} with private browsing ID`
|
||||
);
|
||||
overrideService.rememberValidityOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
flags,
|
||||
false
|
||||
);
|
||||
Assert.ok(
|
||||
overrideService.hasMatchingOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
`Should have added override for ${uri.asciiHost}:${uri.port} with private browsing ID`
|
||||
);
|
||||
Assert.ok(
|
||||
!overrideService.hasMatchingOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{ privateBrowsingId: 2 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
`Should not have added override for ${uri.asciiHost}:${uri.port} with private browsing ID 2`
|
||||
);
|
||||
}
|
||||
|
||||
await new Promise(aResolve => {
|
||||
@ -141,24 +97,12 @@ add_task(async function() {
|
||||
!overrideService.hasMatchingOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{},
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
`Should have removed override for ${uri.asciiHost}:${uri.port}`
|
||||
);
|
||||
Assert.ok(
|
||||
!overrideService.hasMatchingOverride(
|
||||
uri.asciiHost,
|
||||
uri.port,
|
||||
{ privateBrowsingId: 1 },
|
||||
cert,
|
||||
{},
|
||||
{}
|
||||
),
|
||||
`Should have removed override for ${uri.asciiHost}:${uri.port} with private browsing attribute`
|
||||
);
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@ -31,10 +31,10 @@ function test() {
|
||||
var cos = Cc["@mozilla.org/security/certoverride;1"].getService(
|
||||
Ci.nsICertOverrideService
|
||||
);
|
||||
cos.clearValidityOverride("nocert.example.com", -1, {});
|
||||
cos.clearValidityOverride("self-signed.example.com", -1, {});
|
||||
cos.clearValidityOverride("untrusted.example.com", -1, {});
|
||||
cos.clearValidityOverride("expired.example.com", -1, {});
|
||||
cos.clearValidityOverride("nocert.example.com", -1);
|
||||
cos.clearValidityOverride("self-signed.example.com", -1);
|
||||
cos.clearValidityOverride("untrusted.example.com", -1);
|
||||
cos.clearValidityOverride("expired.example.com", -1);
|
||||
|
||||
if (gPendingInstall) {
|
||||
gTests = [];
|
||||
|
||||
@ -71,10 +71,10 @@ function end_test() {
|
||||
var cos = Cc["@mozilla.org/security/certoverride;1"].getService(
|
||||
Ci.nsICertOverrideService
|
||||
);
|
||||
cos.clearValidityOverride("nocert.example.com", -1, {});
|
||||
cos.clearValidityOverride("self-signed.example.com", -1, {});
|
||||
cos.clearValidityOverride("untrusted.example.com", -1, {});
|
||||
cos.clearValidityOverride("expired.example.com", -1, {});
|
||||
cos.clearValidityOverride("nocert.example.com", -1);
|
||||
cos.clearValidityOverride("self-signed.example.com", -1);
|
||||
cos.clearValidityOverride("untrusted.example.com", -1);
|
||||
cos.clearValidityOverride("expired.example.com", -1);
|
||||
|
||||
info("All tests completed in " + (Date.now() - gStart) + "ms");
|
||||
finish();
|
||||
|
||||
@ -618,7 +618,6 @@ function addCertOverride(host, bits) {
|
||||
cos.rememberValidityOverride(
|
||||
host,
|
||||
-1,
|
||||
{},
|
||||
securityInfo.serverCert,
|
||||
bits,
|
||||
false
|
||||
|
||||
Loading…
Reference in New Issue
Block a user