Bug 1178518 - Add an AppTrustedRoot for signed packaged app. r=keeler

2025-02-26 04:09:50 +00:00 · 2015-09-07 15:28:21 +08:00 · 2015-09-07 15:28:21 +08:00 · e2da61623b
commit e2da61623b
parent 077ea1aeb2
6 changed files with 12 additions and 1 deletions
--- a/dom/apps/StoreTrustAnchor.jsm
+++ b/dom/apps/StoreTrustAnchor.jsm
@ -16,6 +16,7 @@ const APP_TRUSTED_ROOTS= ["AppMarketplaceProdPublicRoot",
                          "AppMarketplaceDevPublicRoot",
                          "AppMarketplaceDevReviewersRoot",
                          "AppMarketplaceStageRoot",
+                          "PrivilegedPackageRoot",
                          "AppXPCShellRoot"];

 this.TrustedRootCertificate = {
--- a/security/apps/AppTrustDomain.cpp
+++ b/security/apps/AppTrustDomain.cpp
@ -26,6 +26,8 @@
 // Add-on signing Certificates
 #include "addons-public.inc"
 #include "addons-stage.inc"
+// Privileged Package Certificates
+#include "privileged-package-root.inc"

 using namespace mozilla::pkix;

@ -94,6 +96,11 @@ AppTrustDomain::SetTrustedRoot(AppTrustedRoot trustedRoot)
      trustedDER.len = mozilla::ArrayLength(addonsStageRoot);
      break;

+    case nsIX509CertDB::PrivilegedPackageRoot:
+      trustedDER.data = const_cast<uint8_t*>(privilegedPackageRoot);
+      trustedDER.len = mozilla::ArrayLength(privilegedPackageRoot);
+      break;
+
    default:
      PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
      return SECFailure;
--- a/security/apps/gen_cert_header.py
+++ b/security/apps/gen_cert_header.py
@ -37,6 +37,7 @@ array_names = [
  'xpcshellRoot',
  'addonsPublicRoot',
  'addonsStageRoot',
+  'privilegedPackageRoot',
 ]

 for n in array_names:
--- a/security/apps/moz.build
+++ b/security/apps/moz.build
@ -34,6 +34,7 @@ headers_arrays_certs = [
    ('xpcshell.inc', 'xpcshellRoot', test_ssl_path + '/test_signed_apps/trusted_ca1.der'),
    ('addons-public.inc', 'addonsPublicRoot', 'addons-public.crt'),
    ('addons-stage.inc', 'addonsStageRoot', 'addons-stage.crt'),
+    ('privileged-package-root.inc', 'privilegedPackageRoot', 'privileged-package-root.der'),
 ]

 for header, array_name, cert in headers_arrays_certs:
--- a/security/apps/privileged-package-root.der
+++ b/security/apps/privileged-package-root.der
--- a/security/manager/ssl/nsIX509CertDB.idl
+++ b/security/manager/ssl/nsIX509CertDB.idl
@ -46,7 +46,7 @@ interface nsIVerifySignedManifestCallback : nsISupports
 * This represents a service to access and manipulate
 * X.509 certificates stored in a database.
 */
-[scriptable, uuid(3fe3702b-766b-47dd-8f77-c08c3a339a74)]
+[scriptable, uuid(0a47571d-602c-4b21-9f52-c3d0e681d83a)]
 interface nsIX509CertDB : nsISupports {

  /**
@ -318,6 +318,7 @@ interface nsIX509CertDB : nsISupports {
  const AppTrustedRoot AppXPCShellRoot = 6;
  const AppTrustedRoot AddonsPublicRoot = 7;
  const AppTrustedRoot AddonsStageRoot = 8;
+  const AppTrustedRoot PrivilegedPackageRoot = 9;
  void openSignedAppFileAsync(in AppTrustedRoot trustedRoot,
                              in nsIFile aJarFile,
                              in nsIOpenSignedAppFileCallback callback);