Backed out changeset 2e0c2fea2799 (bug 1577428) linting doc failure on a CLOSED TREE

--HG-- rename : security/manager/ssl/tests/unit/test_allow_all_cert_errors.js => security/manager/ssl/tests/unit/test_js_cert_override_service.js
2024-10-21 17:25:36 +00:00 · 2019-09-03 18:25:52 +03:00 · 2019-09-03 18:25:52 +03:00 · aa258365a2
commit aa258365a2
parent 553eb88c50
8 changed files with 177 additions and 99 deletions
--- a/security/manager/ssl/nsCertOverrideService.cpp
+++ b/security/manager/ssl/nsCertOverrideService.cpp
@ -82,7 +82,7 @@ NS_IMPL_ISUPPORTS(nsCertOverrideService, nsICertOverrideService, nsIObserver,
                  nsISupportsWeakReference)

 nsCertOverrideService::nsCertOverrideService()
-    : mDisableAllSecurityCheck(false), mMutex("nsCertOverrideService.mutex") {}
+    : mMutex("nsCertOverrideService.mutex") {}

 nsCertOverrideService::~nsCertOverrideService() {}

@ -412,21 +412,6 @@ nsCertOverrideService::HasMatchingOverride(const nsACString& aHostName,
                                           int32_t aPort, nsIX509Cert* aCert,
                                           uint32_t* aOverrideBits,
                                           bool* aIsTemporary, bool* _retval) {
-  bool disableAllSecurityCheck = false;
-  {
-    MutexAutoLock lock(mMutex);
-    disableAllSecurityCheck = mDisableAllSecurityCheck;
-  }
-  if (disableAllSecurityCheck) {
-    nsCertOverride::OverrideBits all = nsCertOverride::OverrideBits::Untrusted |
-                                       nsCertOverride::OverrideBits::Mismatch |
-                                       nsCertOverride::OverrideBits::Time;
-    *aOverrideBits = static_cast<uint32_t>(all);
-    *aIsTemporary = false;
-    *_retval = true;
-    return NS_OK;
-  }
-
  if (aHostName.IsEmpty() || !IsASCII(aHostName)) {
    return NS_ERROR_INVALID_ARG;
  }
@ -607,19 +592,6 @@ nsCertOverrideService::IsCertUsedForOverrides(nsIX509Cert* aCert,
  return NS_OK;
 }

-NS_IMETHODIMP
-nsCertOverrideService::
-    SetDisableAllSecurityChecksAndLetAttackersInterceptMyData(bool aDisable) {
-  if (!(PR_GetEnv("XPCSHELL_TEST_PROFILE_DIR") ||
-        PR_GetEnv("MOZ_MARIONETTE"))) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
-  MutexAutoLock lock(mMutex);
-  mDisableAllSecurityCheck = aDisable;
-  return NS_OK;
-}
-
 nsresult nsCertOverrideService::EnumerateCertOverrides(
    nsIX509Cert* aCert, CertOverrideEnumerator aEnumerator, void* aUserData) {
  MutexAutoLock lock(mMutex);
--- a/security/manager/ssl/nsCertOverrideService.h
+++ b/security/manager/ssl/nsCertOverrideService.h
@ -131,7 +131,6 @@ class nsCertOverrideService final : public nsICertOverrideService,
 protected:
  ~nsCertOverrideService();

-  bool mDisableAllSecurityCheck;
  mozilla::Mutex mMutex;
  nsCOMPtr<nsIFile> mSettingsFile;
  nsTHashtable<nsCertOverrideEntry> mSettingsTable;
--- a/security/manager/ssl/nsICertOverrideService.idl
+++ b/security/manager/ssl/nsICertOverrideService.idl
@ -18,7 +18,7 @@ interface nsIX509Cert;
 *   {host:port, cert-fingerprint, allowed-overrides}
 * that the user wants to accept without further warnings.
 */
-[scriptable, builtinclass, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
+[scriptable, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
 interface nsICertOverrideService : nsISupports {

  /**
@ -130,12 +130,4 @@ interface nsICertOverrideService : nsISupports {
  uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
                                  in boolean aCheckTemporaries,
                                  in boolean aCheckPermanents);
-
-  /**
-   *  NOTE: This function is used only for testing!
-   *
-   *  @param aDisable If true, disable all security check and make
-   *                  hasMatchingOverride always return true.
-   */
-  void setDisableAllSecurityChecksAndLetAttackersInterceptMyData(in boolean aDisable);
 };
--- a/security/manager/ssl/tests/unit/test_allow_all_cert_errors.js
+++ b/security/manager/ssl/tests/unit/test_allow_all_cert_errors.js
@ -1,25 +0,0 @@
-/* -*- tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* vim: set ts=8 sts=2 et sw=2 tw=80: */
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-"use strict";
-
-function run_test() {
-  do_get_profile();
-  let certOverrideService = Cc[
-    "@mozilla.org/security/certoverride;1"
-  ].getService(Ci.nsICertOverrideService);
-  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
-    true
-  );
-
-  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
-  add_connection_test("expired.example.com", PRErrorCodeSuccess);
-  add_test(function() {
-    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
-      false
-    );
-    run_next_test();
-  });
-  run_next_test();
-}
--- a/security/manager/ssl/tests/unit/test_js_cert_override_service.js
+++ b/security/manager/ssl/tests/unit/test_js_cert_override_service.js
@ -0,0 +1,60 @@
+/* -*- tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+// This test ensures that nsICertOverrideService can be implemented in JS.
+// It does so by creating and registering a mock implementation that indicates
+// a specific host ("expired.example.com") has a matching override (ERROR_TIME).
+// Connections to that host should succeed.
+
+// Mock implementation of nsICertOverrideService
+const gCertOverrideService = {
+  rememberValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  rememberTemporaryValidityOverrideUsingFingerprint() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  hasMatchingOverride(hostname, port, cert, overrideBits, isTemporary) {
+    Assert.equal(
+      hostname,
+      "expired.example.com",
+      "hasMatchingOverride: hostname should be expired.example.com"
+    );
+    overrideBits.value = Ci.nsICertOverrideService.ERROR_TIME;
+    isTemporary.value = false;
+    return true;
+  },
+
+  clearValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  clearAllOverrides() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  isCertUsedForOverrides() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  QueryInterface: ChromeUtils.generateQI([Ci.nsICertOverrideService]),
+};
+
+function run_test() {
+  do_get_profile();
+  let certOverrideServiceCID = MockRegistrar.register(
+    "@mozilla.org/security/certoverride;1",
+    gCertOverrideService
+  );
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(certOverrideServiceCID);
+  });
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+  add_connection_test("expired.example.com", PRErrorCodeSuccess);
+  run_next_test();
+}
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@ -129,7 +129,7 @@ tags = blocklist psm
 skip-if = toolkit == 'android'
 [test_imminent_distrust.js]
 run-sequentially = hardcoded ports
-[test_allow_all_cert_errors.js]
+[test_js_cert_override_service.js]
 run-sequentially = hardcoded ports
 [test_keysize.js]
 [test_keysize_ev.js]
--- a/testing/marionette/cert.js
+++ b/testing/marionette/cert.js
@ -11,44 +11,122 @@ const { XPCOMUtils } = ChromeUtils.import(
  "resource://gre/modules/XPCOMUtils.jsm"
 );

-this.EXPORTED_SYMBOLS = ["allowAllCerts"];
+this.EXPORTED_SYMBOLS = [
+  "CertificateOverrideManager",
+  "InsecureSweepingOverride",
+];

+const registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
 const sss = Cc["@mozilla.org/ssservice;1"].getService(
  Ci.nsISiteSecurityService
 );

-const certOverrideService = Cc[
-  "@mozilla.org/security/certoverride;1"
-].getService(Ci.nsICertOverrideService);
-
 const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
+const CID = Components.ID("{4b67cce0-a51c-11e6-9598-0800200c9a66}");
+const CONTRACT_ID = "@mozilla.org/security/certoverride;1";
+const DESC = "All-encompassing cert service that matches on a bitflag";
 const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";

-// Provide two functions to control whether to disable or
-// enable security checks on certs.
-this.allowAllCerts = {};
-
-allowAllCerts.enable = function() {
-  // make it possible to register certificate overrides for domains
-  // that use HSTS or HPKP
-  Preferences.set(HSTS_PRELOAD_LIST_PREF, false);
-  Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0);
-
-  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
-    true
-  );
+const Error = {
+  Untrusted: 1,
+  Mismatch: 2,
+  Time: 4,
 };

-allowAllCerts.disable = function() {
-  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
-    false
-  );
+let currentOverride = null;

-  Preferences.reset(HSTS_PRELOAD_LIST_PREF);
-  Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF);
+/** TLS certificate service override management for Marionette. */
+class CertificateOverrideManager {
+  /**
+   * Installs a TLS certificate service override.
+   *
+   * The provided `service` must implement the `register` and `unregister`
+   * functions that causes a new `nsICertOverrideService` interface
+   * implementation to be registered with the `nsIComponentRegistrar`.
+   *
+   * After `service` is registered, `nsICertOverrideService` is
+   * reinitialised to cause all Gecko components to pick up the
+   * new service.
+   *
+   * If an override is already installed this functions acts as a no-op.
+   *
+   * @param {cert.Override} service
+   *     Service generator that registers and unregisters the XPCOM service.
+   *
+   * @throws {Components.Exception}
+   *     If unable to register or initialise `service`.
+   */
+  static install(service) {
+    if (currentOverride) {
+      return;
+    }

-  // clear collected HSTS and HPKP state
-  // through the site security service
-  sss.clearAll();
-  sss.clearPreloads();
-};
+    service.register();
+    currentOverride = service;
+  }
+
+  /**
+   * Uninstall a TLS certificate service override.
+   *
+   * If there is no current override installed this function acts
+   * as a no-op.
+   */
+  static uninstall() {
+    if (!currentOverride) {
+      return;
+    }
+    currentOverride.unregister();
+    currentOverride = null;
+  }
+}
+this.CertificateOverrideManager = CertificateOverrideManager;
+
+/**
+ * Certificate override service that acts in an all-inclusive manner
+ * on TLS certificates.
+ *
+ * @throws {Components.Exception}
+ *     If there are any problems registering the service.
+ */
+function InsecureSweepingOverride() {
+  // This needs to be an old-style class with a function constructor
+  // and prototype assignment because... XPCOM.  Any attempt at
+  // modernisation will be met with cryptic error messages which will
+  // make your life miserable.
+  let service = function() {};
+  service.prototype = {
+    hasMatchingOverride(aHostName, aPort, aCert, aOverrideBits, aIsTemporary) {
+      aIsTemporary.value = false;
+      aOverrideBits.value = Error.Untrusted | Error.Mismatch | Error.Time;
+
+      return true;
+    },
+
+    QueryInterface: ChromeUtils.generateQI([Ci.nsICertOverrideService]),
+  };
+  let factory = XPCOMUtils.generateSingletonFactory(service);
+
+  return {
+    register() {
+      // make it possible to register certificate overrides for domains
+      // that use HSTS or HPKP
+      Preferences.set(HSTS_PRELOAD_LIST_PREF, false);
+      Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0);
+
+      registrar.registerFactory(CID, DESC, CONTRACT_ID, factory);
+    },
+
+    unregister() {
+      registrar.unregisterFactory(CID, factory);
+
+      Preferences.reset(HSTS_PRELOAD_LIST_PREF);
+      Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF);
+
+      // clear collected HSTS and HPKP state
+      // through the site security service
+      sss.clearAll();
+      sss.clearPreloads();
+    },
+  };
+}
+this.InsecureSweepingOverride = InsecureSweepingOverride;
--- a/testing/marionette/driver.js
+++ b/testing/marionette/driver.js
@ -25,9 +25,10 @@ const { Capabilities, Timeouts, UnhandledPromptBehavior } = ChromeUtils.import(
 const { capture } = ChromeUtils.import(
  "chrome://marionette/content/capture.js"
 );
-const { allowAllCerts } = ChromeUtils.import(
-  "chrome://marionette/content/cert.js"
-);
+const {
+  CertificateOverrideManager,
+  InsecureSweepingOverride,
+} = ChromeUtils.import("chrome://marionette/content/cert.js");
 const { cookie } = ChromeUtils.import("chrome://marionette/content/cookie.js");
 const { WebElementEventTarget } = ChromeUtils.import(
  "chrome://marionette/content/dom.js"
@ -732,7 +733,8 @@ GeckoDriver.prototype.newSession = async function(cmd) {

    if (!this.secureTLS) {
      logger.warn("TLS certificate errors will be ignored for this session");
-      allowAllCerts.enable();
+      let acceptAllCerts = new InsecureSweepingOverride();
+      CertificateOverrideManager.install(acceptAllCerts);
    }

    if (this.proxy.init()) {
@ -2981,7 +2983,7 @@ GeckoDriver.prototype.deleteSession = function() {
  }

  this.sandboxes.clear();
-  allowAllCerts.disable();
+  CertificateOverrideManager.uninstall();

  this.sessionID = null;
  this.capabilities = new Capabilities();