bug 1083085 - update where getHSTSPreloadList.js and genHPKPStaticPins.js think Chromium's lists are r=mmc DONTBUILD NPOTB

This commit is contained in:
David Keeler 2014-10-21 15:20:02 -07:00
parent b012538ad3
commit 46c48f2321
3 changed files with 36 additions and 9 deletions

View File

@ -29,8 +29,8 @@
// Geotrust Global -> *. addons.mozilla.org
{
"chromium_data" : {
"cert_file_url": "https://src.chromium.org/chrome/trunk/src/net/http/transport_security_state_static.certs",
"json_file_url": "https://src.chromium.org/chrome/trunk/src/net/http/transport_security_state_static.json",
"cert_file_url": "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.certs?format=TEXT",
"json_file_url": "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT",
"substitute_pinsets": {
// Use the larger google_root_pems pinset instead of google
"google": "google_root_pems"

View File

@ -132,7 +132,15 @@ function download(filename) {
throw("ERROR: problem downloading '" + filename + "': status " +
req.status);
}
return req.responseText;
var resultDecoded;
try {
resultDecoded = atob(req.responseText);
}
catch (e) {
throw "ERROR: could not decode data as base64 from '" + filename + "': " + e;
}
return resultDecoded;
}
function downloadAsJson(filename) {

View File

@ -30,7 +30,7 @@ Cu.import("resource://gre/modules/Services.jsm");
Cu.import("resource://gre/modules/FileUtils.jsm");
Cu.import("resource:///modules/XPCOMUtils.jsm");
const SOURCE = "https://src.chromium.org/chrome/trunk/src/net/http/transport_security_state_static.json";
const SOURCE = "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT";
const OUTPUT = "nsSTSPreloadList.inc";
const ERROR_OUTPUT = "nsSTSPreloadList.errors";
const MINIMUM_REQUIRED_MAX_AGE = 60 * 60 * 24 * 7 * 18;
@ -77,8 +77,16 @@ function download() {
throw "ERROR: problem downloading '" + SOURCE + "': status " + req.status;
}
var resultDecoded;
try {
resultDecoded = atob(req.responseText);
}
catch (e) {
throw "ERROR: could not decode data as base64 from '" + SOURCE + "': " + e;
}
// we have to filter out '//' comments
var result = req.responseText.replace(/\/\/[^\n]*\n/g, "");
var result = resultDecoded.replace(/\/\/[^\n]*\n/g, "");
var data = null;
try {
data = JSON.parse(result);
@ -156,19 +164,30 @@ function processStsHeader(host, header, status, securityInfo) {
originalIncludeSubdomains: host.originalIncludeSubdomains };
}
function RedirectStopper() {};
// RedirectAndAuthStopper prevents redirects and HTTP authentication
function RedirectAndAuthStopper() {};
RedirectStopper.prototype = {
RedirectAndAuthStopper.prototype = {
// nsIChannelEventSink
asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback) {
throw Cr.NS_ERROR_ENTITY_CHANGED;
},
// nsIAuthPrompt2
promptAuth: function(channel, level, authInfo) {
return false;
},
asyncPromptAuth: function(channel, callback, context, level, authInfo) {
throw Cr.NS_ERROR_NOT_IMPLEMENTED;
},
getInterface: function(iid) {
return this.QueryInterface(iid);
},
QueryInterface: XPCOMUtils.generateQI([Ci.nsIChannelEventSink])
QueryInterface: XPCOMUtils.generateQI([Ci.nsIChannelEventSink,
Ci.nsIAuthPrompt2])
};
function getHSTSStatus(host, resultList) {
@ -178,7 +197,7 @@ function getHSTSStatus(host, resultList) {
var uri = "https://" + host.name + "/";
req.open("GET", uri, true);
req.timeout = REQUEST_TIMEOUT;
req.channel.notificationCallbacks = new RedirectStopper();
req.channel.notificationCallbacks = new RedirectAndAuthStopper();
req.onreadystatechange = function(event) {
if (!inResultList && req.readyState == 4) {
inResultList = true;