Bug 1885652 - Add Enterprise Policies setting to allow installing XPI files signed using deprecated signatures algorithms. r=mkaply,willdurand

Differential Revision: https://phabricator.services.mozilla.com/D204814
This commit is contained in:
Luca Greco 2024-03-27 20:34:18 +00:00
parent c145757c68
commit 4b62f693f8
4 changed files with 150 additions and 8 deletions

View File

@ -662,6 +662,9 @@
"items": {
"type": "string"
}
},
"temporarily_allow_weak_signatures": {
"type": "boolean"
}
}
}
@ -691,6 +694,9 @@
"default_area": {
"type": "string",
"enum": ["navbar", "menupanel"]
},
"temporarily_allow_weak_signatures": {
"type": "boolean"
}
}
}

View File

@ -21,7 +21,7 @@ let themeID = "policytheme@mozilla.com";
let fileURL;
add_task(async function setup() {
add_setup(async function setup() {
await AddonTestUtils.promiseStartupManager();
let webExtensionFile = AddonTestUtils.createTempWebExtensionFile({
@ -34,6 +34,10 @@ add_task(async function setup() {
},
});
server.registerFile(
"/data/amosigned-sha1only.xpi",
do_get_file("amosigned-sha1only.xpi")
);
server.registerFile("/data/policy_test.xpi", webExtensionFile);
fileURL = Services.io
.newFileURI(webExtensionFile)
@ -289,3 +293,112 @@ add_task(async function test_addon_normalinstalled_file() {
await addon.uninstall();
});
add_task(async function test_allow_weak_signatures() {
// Make sure weak signatures are restricted.
const resetWeakSignaturePref =
AddonTestUtils.setWeakSignatureInstallAllowed(false);
const id = "amosigned-xpi@tests.mozilla.org";
const perAddonSettings = {
installation_mode: "normal_installed",
install_url: BASE_URL + "/amosigned-sha1only.xpi",
};
info(
"Sanity check: expect install to fail if not allowed through enterprise policy settings"
);
await Promise.all([
AddonTestUtils.promiseInstallEvent("onDownloadFailed"),
setupPolicyEngineWithJson({
policies: {
ExtensionSettings: {
[id]: { ...perAddonSettings },
},
},
}),
]);
let addon = await AddonManager.getAddonByID(id);
equal(addon, null, "Add-on not installed");
info(
"Expect install to be allowed through per-addon enterprise policy settings"
);
await Promise.all([
AddonTestUtils.promiseInstallEvent("onInstallEnded"),
setupPolicyEngineWithJson({
policies: {
ExtensionSettings: {
[id]: {
...perAddonSettings,
temporarily_allow_weak_signatures: true,
},
},
},
}),
]);
addon = await AddonManager.getAddonByID(id);
notEqual(addon, null, "Add-on not installed");
await addon.uninstall();
info(
"Expect install to be allowed through global enterprise policy settings"
);
await Promise.all([
AddonTestUtils.promiseInstallEvent("onInstallEnded"),
setupPolicyEngineWithJson({
policies: {
ExtensionSettings: {
"*": { temporarily_allow_weak_signatures: true },
[id]: { ...perAddonSettings },
},
},
}),
]);
addon = await AddonManager.getAddonByID(id);
notEqual(addon, null, "Add-on installed");
await addon.uninstall();
info(
"Expect install to fail if allowed globally but disallowed by per-addon settings"
);
await Promise.all([
AddonTestUtils.promiseInstallEvent("onDownloadFailed"),
setupPolicyEngineWithJson({
policies: {
ExtensionSettings: {
"*": { temporarily_allow_weak_signatures: true },
[id]: {
...perAddonSettings,
temporarily_allow_weak_signatures: false,
},
},
},
}),
]);
addon = await AddonManager.getAddonByID(id);
equal(addon, null, "Add-on not installed");
info(
"Expect install to be allowed through per addon setting when globally disallowed"
);
await Promise.all([
AddonTestUtils.promiseInstallEvent("onInstallEnded"),
setupPolicyEngineWithJson({
policies: {
ExtensionSettings: {
"*": { temporarily_allow_weak_signatures: false },
[id]: {
...perAddonSettings,
temporarily_allow_weak_signatures: true,
},
},
},
}),
]);
addon = await AddonManager.getAddonByID(id);
notEqual(addon, null, "Add-on installed");
await addon.uninstall();
resetWeakSignaturePref();
});

View File

@ -2,7 +2,10 @@
skip-if = ["os == 'android'"] # bug 1730213
firefox-appdir = "browser"
head = "head.js"
support-files = ["policytest_v0.1.xpi"]
support-files = [
"policytest_v0.1.xpi",
"../../../../../toolkit/mozapps/extensions/test/xpinstall/amosigned-sha1only.xpi"
]
["test_3rdparty.js"]

View File

@ -1654,20 +1654,40 @@ class AddonInstall {
!XPIInstall.isWeakSignatureInstallAllowed() &&
this.addon.signedDate &&
!hasStrongSignature(this.addon)
) {
const addonAllowedByPolicies = Services.policies.getExtensionSettings(
this.addon.id
)?.temporarily_allow_weak_signatures;
const globallyAllowedByPolicies =
Services.policies.getExtensionSettings(
"*"
)?.temporarily_allow_weak_signatures;
const allowedByPolicies =
(globallyAllowedByPolicies &&
(addonAllowedByPolicies || addonAllowedByPolicies == null)) ||
addonAllowedByPolicies;
if (
!allowedByPolicies &&
(!this.existingAddon || hasStrongSignature(this.existingAddon))
) {
// Reject if it is a new install or installing over an existing addon including
// strong cryptographic signatures.
if (!this.existingAddon || hasStrongSignature(this.existingAddon)) {
return Promise.reject([
AddonManager.ERROR_CORRUPT_FILE,
"install rejected due to the package not including a strong cryptographic signature",
]);
}
// Still allow installs using weak signatures to install if the existing addon also had a
// weak signature.
// Still allow installs using weak signatures to install if either:
// - it is explicitly allowed through Enterprise Policies Settings
// - or there is an existing addon with a weak signature.
logger.warn(
`Allow weak signature install over existing "${this.existingAddon.id}" XPI`
allowedByPolicies
? `Allow weak signature install for ${this.addon.id} XPI due to Enterprise Policies`
: `Allow weak signature install over existing "${this.existingAddon.id}" XPI`
);
}
}