From ac5dfc45975520492c57332e093aae71ee57cf8b Mon Sep 17 00:00:00 2001 From: "J.C. Jones" Date: Tue, 11 Feb 2020 09:25:09 +0000 Subject: [PATCH] Bug 1333140 - Require SecureContext for WebCrypto r=bholley,keeler,baku Adds [SecureContext] for crypto.subtle, CryptoKey, and SubtleCrypto, retiring the WebCrypto WPT overrides for WebCryptoAPI/historical.any.js. Rebased on https://phabricator.services.mozilla.com/D58743 Differential Revision: https://phabricator.services.mozilla.com/D58555 --HG-- extra : moz-landing-system : lando --- dom/crypto/test/mochitest.ini | 1 + dom/crypto/test/test_indexedDB.html | 2 +- dom/indexedDB/test/mochitest.ini | 1 + dom/push/test/mochitest.ini | 2 ++ .../mochitest/general/test_interfaces.js | 4 +-- dom/webidl/Crypto.webidl | 1 + dom/webidl/SubtleCrypto.webidl | 4 ++- dom/workers/test/test_worker_interfaces.js | 2 +- js/xpconnect/tests/unit/test_crypto.js | 3 ++- .../meta/WebCryptoAPI/historical.any.js.ini | 26 ------------------- 10 files changed, 14 insertions(+), 32 deletions(-) delete mode 100644 testing/web-platform/meta/WebCryptoAPI/historical.any.js.ini diff --git a/dom/crypto/test/mochitest.ini b/dom/crypto/test/mochitest.ini index 0ccdbf5f5797..febe769bb772 100644 --- a/dom/crypto/test/mochitest.ini +++ b/dom/crypto/test/mochitest.ini @@ -1,4 +1,5 @@ [DEFAULT] +scheme = https support-files = file_indexedDB.html test-array.js diff --git a/dom/crypto/test/test_indexedDB.html b/dom/crypto/test/test_indexedDB.html index 4e0e6fad00e6..b68f0c51e83c 100644 --- a/dom/crypto/test/test_indexedDB.html +++ b/dom/crypto/test/test_indexedDB.html @@ -15,7 +15,7 @@ */ "use strict"; - const TEST_URI = "http://www.example.com/tests/" + + const TEST_URI = "https://example.com/tests/" + "dom/crypto/test/file_indexedDB.html"; SimpleTest.waitForExplicitFinish(); diff --git a/dom/indexedDB/test/mochitest.ini b/dom/indexedDB/test/mochitest.ini index a8b57261590f..10c5988132d6 100644 --- a/dom/indexedDB/test/mochitest.ini +++ b/dom/indexedDB/test/mochitest.ini @@ -267,5 +267,6 @@ support-files = [test_transaction_ordering.html] [test_unique_index_update.html] [test_upgrade_add_index.html] +scheme = https [test_view_put_get_values.html] [test_wasm_put_get_values.html] diff --git a/dom/push/test/mochitest.ini b/dom/push/test/mochitest.ini index 2ab503eee694..fa43bc730f74 100644 --- a/dom/push/test/mochitest.ini +++ b/dom/push/test/mochitest.ini @@ -14,6 +14,7 @@ support-files = [test_register.html] skip-if = os == "win" # Bug 1373346 [test_register_key.html] +scheme = https [test_multiple_register.html] [test_multiple_register_during_service_activation.html] skip-if = (os == "win") || (os == "linux") || (os == "mac") #Bug 1274773 @@ -23,6 +24,7 @@ skip-if = (os == "win") || (os == "linux") || (os == "mac") #Bug 1274773 skip-if = os == "win" # Bug 1373346 [test_data.html] skip-if = os == "win" # Bug 1373346 +scheme = https [test_try_registering_offline_disabled.html] skip-if = os == "win" # Bug 1373346 [test_serviceworker_lifetime.html] diff --git a/dom/tests/mochitest/general/test_interfaces.js b/dom/tests/mochitest/general/test_interfaces.js index 3bc6c89e59c5..3aad9d08ce36 100644 --- a/dom/tests/mochitest/general/test_interfaces.js +++ b/dom/tests/mochitest/general/test_interfaces.js @@ -237,7 +237,7 @@ var interfaceNamesInGlobalScope = [ // IMPORTANT: Do not change this list without review from a DOM peer! { name: "Crypto", insecureContext: true }, // IMPORTANT: Do not change this list without review from a DOM peer! - { name: "CryptoKey", insecureContext: true }, + { name: "CryptoKey" }, // IMPORTANT: Do not change this list without review from a DOM peer! { name: "CSS", insecureContext: true }, // IMPORTANT: Do not change this list without review from a DOM peer! @@ -1050,7 +1050,7 @@ var interfaceNamesInGlobalScope = [ // IMPORTANT: Do not change this list without review from a DOM peer! { name: "StyleSheetList", insecureContext: true }, // IMPORTANT: Do not change this list without review from a DOM peer! - { name: "SubtleCrypto", insecureContext: true }, + { name: "SubtleCrypto" }, // IMPORTANT: Do not change this list without review from a DOM peer! { name: "SubmitEvent", insecureContext: true }, // IMPORTANT: Do not change this list without review from a DOM peer! diff --git a/dom/webidl/Crypto.webidl b/dom/webidl/Crypto.webidl index 448a8631b881..7e11462bb090 100644 --- a/dom/webidl/Crypto.webidl +++ b/dom/webidl/Crypto.webidl @@ -14,6 +14,7 @@ interface mixin GlobalCrypto { [Exposed=(Window,Worker)] interface Crypto { + [SecureContext] readonly attribute SubtleCrypto subtle; [Throws] diff --git a/dom/webidl/SubtleCrypto.webidl b/dom/webidl/SubtleCrypto.webidl index f67c108e793a..82c866c08aeb 100644 --- a/dom/webidl/SubtleCrypto.webidl +++ b/dom/webidl/SubtleCrypto.webidl @@ -162,6 +162,7 @@ dictionary JsonWebKey { /***** The Main API *****/ [Serializable, + SecureContext, Exposed=Window] interface CryptoKey { readonly attribute KeyType type; @@ -179,7 +180,8 @@ dictionary CryptoKeyPair { typedef DOMString KeyFormat; typedef (object or DOMString) AlgorithmIdentifier; -[Exposed=(Window,Worker)] +[Exposed=(Window,Worker), + SecureContext] interface SubtleCrypto { [Throws] Promise encrypt(AlgorithmIdentifier algorithm, diff --git a/dom/workers/test/test_worker_interfaces.js b/dom/workers/test/test_worker_interfaces.js index 1f914a21d8ec..6379dc3c956c 100644 --- a/dom/workers/test/test_worker_interfaces.js +++ b/dom/workers/test/test_worker_interfaces.js @@ -235,7 +235,7 @@ var interfaceNamesInGlobalScope = [ // IMPORTANT: Do not change this list without review from a DOM peer! { name: "StorageManager", fennec: false }, // IMPORTANT: Do not change this list without review from a DOM peer! - { name: "SubtleCrypto", insecureContext: true }, + { name: "SubtleCrypto" }, // IMPORTANT: Do not change this list without review from a DOM peer! { name: "TextDecoder", insecureContext: true }, // IMPORTANT: Do not change this list without review from a DOM peer! diff --git a/js/xpconnect/tests/unit/test_crypto.js b/js/xpconnect/tests/unit/test_crypto.js index 189664b7892e..ffaeba442dcc 100644 --- a/js/xpconnect/tests/unit/test_crypto.js +++ b/js/xpconnect/tests/unit/test_crypto.js @@ -4,7 +4,8 @@ function run_test() { let sb = new Cu.Sandbox('https://www.example.com', { wantGlobalProperties: - ["crypto", "TextEncoder", "TextDecoder"] + ["crypto", "TextEncoder", "TextDecoder", "isSecureContext"], + forceSecureContext: true, }); sb.ok = ok; Cu.evalInSandbox('ok(this.crypto);', sb); diff --git a/testing/web-platform/meta/WebCryptoAPI/historical.any.js.ini b/testing/web-platform/meta/WebCryptoAPI/historical.any.js.ini deleted file mode 100644 index 36f92a8ef59e..000000000000 --- a/testing/web-platform/meta/WebCryptoAPI/historical.any.js.ini +++ /dev/null @@ -1,26 +0,0 @@ -[historical.any.html] - [Non-secure context window does not have access to crypto.subtle] - expected: FAIL - - [Non-secure context window does not have access to SubtleCrypto] - expected: FAIL - - [Non-secure context window does not have access to CryptoKey] - expected: FAIL - - -[historical.any.worker.html] - [Non-secure context window does not have access to crypto.subtle] - expected: FAIL - - [Non-secure context window does not have access to SubtleCrypto] - expected: FAIL - - -[historical.any.sharedworker.html] - [Non-secure context window does not have access to crypto.subtle] - expected: FAIL - - [Non-secure context window does not have access to SubtleCrypto] - expected: FAIL -