Bug 404726: Addon compatibility check gives many alerts (toolkit and security portions). r=gavin.sharp, r=kengert

browser/components/microsummaries/src/nsMicrosummaryService.js

@@ -1767,6 +1767,8 @@ MicrosummaryResource.prototype = {
   // Interfaces this component implements.
   interfaces: [Ci.nsIAuthPromptProvider,
                Ci.nsIAuthPrompt,
+               Ci.nsIBadCertListener2,
+               Ci.nsISSLErrorListener,
                Ci.nsIPrompt,
                Ci.nsIProgressEventSink,
                Ci.nsIInterfaceRequestor,
@@ -1797,6 +1799,19 @@ MicrosummaryResource.prototype = {
     return this.QueryInterface(iid);
   },
 
+  // nsIBadCertListener2
+  // Suppress any certificate errors
+  notifyCertProblem: function MSR_certProblem(socketInfo, status, targetSite) {
+    return true;
+  },
+
+  // nsISSLErrorListener
+  // Suppress any ssl errors
+  notifySSLError: function MSR_SSLError(socketInfo, error, targetSite) {
+    return true;
+  },
+
+  
   // Suppress UI and abort loads for files secured by authentication.
 
   // Auth requests appear to succeed when we cancel them (since the server

browser/components/search/nsSearchService.js

@@ -293,6 +293,8 @@ loadListener.prototype = {
         aIID.equals(Ci.nsIStreamListener)     ||
         aIID.equals(Ci.nsIChannelEventSink)   ||
         aIID.equals(Ci.nsIInterfaceRequestor) ||
+        aIID.equals(Ci.nsIBadCertListener2)   ||
+        aIID.equals(Ci.nsISSLErrorListener)   ||
         // See FIXME comment below
         aIID.equals(Ci.nsIHttpEventSink)      ||
         aIID.equals(Ci.nsIProgressEventSink)  ||
@@ -348,6 +350,16 @@ loadListener.prototype = {
     return this.QueryInterface(aIID);
   },
 
+  // nsIBadCertListener2
+  notifyCertProblem: function SRCH_certProblem(socketInfo, status, targetSite) {
+    return true;
+  },
+
+  // nsISSLErrorListener
+  notifySSLError: function SRCH_SSLError(socketInfo, error, targetSite) {
+    return true;
+  },
+
   // FIXME: bug 253127
   // nsIHttpEventSink
   onRedirect: function (aChannel, aNewChannel) {},

browser/components/search/nsSearchSuggestions.js

@@ -647,6 +647,7 @@ SuggestAutoComplete.prototype = {
     this._suggestURI = submission.uri;
     var method = (submission.postData ? "POST" : "GET");
     this._request.open(method, this._suggestURI.spec, true);
+    this._request.channel.notificationCallbacks = new SearchSuggestLoadListener();
 
     var self = this;
     function onReadyStateChange() {
@@ -711,6 +712,30 @@ SuggestAutoComplete.prototype = {
                                          Ci.nsIAutoCompleteObserver])
 };
 
+function SearchSuggestLoadListener() {
+}
+SearchSuggestLoadListener.prototype = {
+  // nsIBadCertListener2
+  notifyCertProblem: function SSLL_certProblem(socketInfo, status, targetSite) {
+    return true;
+  },
+
+  // nsISSLErrorListener
+  notifySSLError: function SSLL_SSLError(socketInfo, error, targetSite) {
+    return true;
+  },
+
+  // nsIInterfaceRequestor
+  getInterface: function SSLL_getInterface(iid) {
+    return this.QueryInterface(iid);
+  },
+
+  // nsISupports
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIBadCertListener2,
+                                         Ci.nsISSLErrorListener,
+                                         Ci.nsIInterfaceRequestor])
+};
+
 /**
  * SearchSuggestAutoComplete is a service implementation that handles suggest
  * results specific to web searches.

security/manager/ssl/public/Makefile.in

@@ -52,6 +52,7 @@ SDK_XPIDLSRCS = \
     nsIASN1Object.idl \
     nsIASN1Sequence.idl \
     nsIBadCertListener2.idl \
+    nsISSLErrorListener.idl \
     nsICertificateDialogs.idl \
     nsICRLInfo.idl \
     nsIX509Cert.idl \

security/manager/ssl/public/nsISSLErrorListener.idl

@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is mozilla.org code.
+ *
+ * The Initial Developer of the Original Code is
+ * Mozilla Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 2007
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *   Dave Townsend <dtownsend@oxymoronical.com>
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+
+/**
+ * A mechanism to report a broken SSL connection. The recipient should NOT block.
+ */
+[scriptable, uuid(99f8d972-bae4-414c-b39b-47587d3ded68)]
+interface nsISSLErrorListener : nsISupports {
+
+  /**
+   *  @param socketInfo A network communication context that can be used to obtain more information
+   *                    about the active connection.
+   *  @param error The code associated with the error.
+   *  @param targetSite The Site name that was used to open the current connection.
+   *
+   *  @return The consumer shall return true if it wants to suppress the error message
+   *          related to the error (the connection will still get canceled).
+   */
+  boolean notifySSLError(in nsIInterfaceRequestor socketInfo, 
+                         in PRInt32 error,
+                         in AUTF8String targetSite);
+};

security/manager/ssl/src/nsNSSIOLayer.cpp

@@ -60,6 +60,7 @@
 #include "nsIClientAuthDialogs.h"
 #include "nsICertOverrideService.h"
 #include "nsIBadCertListener2.h"
+#include "nsISSLErrorListener.h"
 #include "nsIObjectInputStream.h"
 #include "nsIObjectOutputStream.h"
 #include "nsRecentBadCerts.h"
@@ -1164,6 +1165,32 @@ nsHandleSSLError(nsNSSSocketInfo *socketInfo, PRInt32 err)
   PRInt32 port;
   socketInfo->GetPort(&port);
 
+  // Try to get a nsISSLErrorListener implementation from the socket consumer.
+  nsCOMPtr<nsIInterfaceRequestor> callbacks;
+  socketInfo->GetNotificationCallbacks(getter_AddRefs(callbacks));
+  if (callbacks) {
+    nsCOMPtr<nsISSLErrorListener> sel = do_GetInterface(callbacks);
+    if (sel) {
+      nsISSLErrorListener *proxy_sel = nsnull;
+      NS_GetProxyForObject(NS_PROXY_TO_MAIN_THREAD,
+                           NS_GET_IID(nsISSLErrorListener),
+                           sel,
+                           NS_PROXY_SYNC,
+                           (void**)&proxy_sel);
+      if (proxy_sel) {
+        nsIInterfaceRequestor *csi = static_cast<nsIInterfaceRequestor*>(socketInfo);
+        PRBool suppressMessage = PR_FALSE;
+        nsCString hostWithPortString = hostName;
+        hostWithPortString.AppendLiteral(":");
+        hostWithPortString.AppendInt(port);
+        rv = proxy_sel->NotifySSLError(csi, err, hostWithPortString, 
+                                       &suppressMessage);
+        if (NS_SUCCEEDED(rv) && suppressMessage)
+          return NS_OK;
+      }
+    }
+  }
+
   PRBool external = PR_FALSE;
   socketInfo->GetExternalErrorReporting(&external);
   
@@ -1217,7 +1244,7 @@ nsHandleInvalidCertError(nsNSSSocketInfo *socketInfo,
   
   nsString formattedString;
   rv = getInvalidCertErrorMessage(multipleCollectedErrors, errorCodeToReport,
-+                                 errTrust, errMismatch, errExpired,
+                                  errTrust, errMismatch, errExpired,
                                   hostU, hostWithPortU, port, 
                                   ix509, external, nssComponent, formattedString);
 

toolkit/components/places/src/nsLivemarkService.js

@@ -277,6 +277,7 @@ LivemarkService.prototype = {
       // Stream the result to the feed parser with this listener
       var listener = new LivemarkLoadListener(livemark);
       this.insertLivemarkLoadingItem(this._bms, livemark);
+      httpChannel.notificationCallbacks = listener;
       httpChannel.asyncOpen(listener, null);
     }
     catch (ex) {
@@ -657,6 +658,27 @@ LivemarkLoadListener.prototype = {
                                 Ci.nsIAnnotationService.EXPIRE_NEVER);
   },
 
+  /**
+   * See nsIBadCertListener2
+   */
+  notifyCertProblem: function LLL_certProblem(socketInfo, status, targetSite) {
+    return true;
+  },
+
+  /**
+   * See nsISSLErrorListener
+   */
+  notifySSLError: function LLL_SSLError(socketInfo, error, targetSite) {
+    return true;
+  },
+
+  /**
+   * See nsIInterfaceRequestor
+   */
+  getInterface: function LLL_getInterface(iid) {
+    return this.QueryInterface(iid);
+  },
+
   /**
    * See nsISupports.idl
    */
@@ -665,6 +687,9 @@ LivemarkLoadListener.prototype = {
         iid.equals(Ci.nsIStreamListener) ||
         iid.equals(Ci.nsIRequestObserver)||
         iid.equals(Ci.nsINavHistoryBatchCallback) ||
+        iid.equals(Ci.nsIBadCertListener2) ||
+        iid.equals(Ci.nsISSLErrorListener) ||
+        iid.equals(Ci.nsIInterfaceRequestor) ||
         iid.equals(Ci.nsISupports))
       return this;
     throw Cr.NS_ERROR_NO_INTERFACE;

toolkit/components/url-classifier/content/xml-fetcher.js

@@ -96,6 +96,7 @@ PROT_XMLFetcher.prototype = {
     this._callback = callback;
     var asynchronous = true;
     this._request.open("GET", page, asynchronous);
+    this._request.channel.notificationCallbacks = this;
 
     if (this._stripCookies)
       new PROT_CookieStripper(this._request.channel);
@@ -136,6 +137,30 @@ PROT_XMLFetcher.prototype = {
     }
     if (fetcher._callback)
       fetcher._callback(responseText, status);
+  },
+
+  // Suppress any certificate errors
+  notifyCertProblem: function(socketInfo, status, targetSite) {
+    return true;
+  },
+
+  // Suppress any ssl errors
+  notifySSLError: function(socketInfo, error, targetSite) {
+    return true;
+  },
+
+  // nsIInterfaceRequestor
+  getInterface: function(iid) {
+    return this.QueryInterface(iid);
+  },
+
+  QueryInterface: function(iid) {
+    if (!iid.equals(Components.interfaces.nsIBadCertListener2) &&
+        !iid.equals(Components.interfaces.nsISSLErrorListener) &&
+        !iid.equals(Components.interfaces.nsIInterfaceRequestor) &&
+        !iid.equals(Components.interfaces.nsISupports))
+      throw Components.results.NS_ERROR_NO_INTERFACE;
+    return this;
   }
 };
 

toolkit/components/url-classifier/src/nsUrlClassifierStreamUpdater.cpp

@@ -75,12 +75,15 @@ nsUrlClassifierStreamUpdater::nsUrlClassifierStreamUpdater()
 
 }
 
-NS_IMPL_ISUPPORTS5(nsUrlClassifierStreamUpdater,
+NS_IMPL_ISUPPORTS8(nsUrlClassifierStreamUpdater,
                    nsIUrlClassifierStreamUpdater,
                    nsIUrlClassifierUpdateObserver,
                    nsIRequestObserver,
                    nsIStreamListener,
-                   nsIObserver)
+                   nsIObserver,
+                   nsIBadCertListener2,
+                   nsISSLErrorListener,
+                   nsIInterfaceRequestor)
 
 /**
  * Clear out the update.
@@ -127,7 +130,7 @@ nsUrlClassifierStreamUpdater::FetchUpdate(nsIURI *aUpdateUrl,
                                           const nsACString & aRequestBody)
 {
   nsresult rv;
-  rv = NS_NewChannel(getter_AddRefs(mChannel), aUpdateUrl);
+  rv = NS_NewChannel(getter_AddRefs(mChannel), aUpdateUrl, nsnull, nsnull, this);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (!aRequestBody.IsEmpty()) {
@@ -432,3 +435,38 @@ nsUrlClassifierStreamUpdater::Observe(nsISupports *aSubject, const char *aTopic,
   }
   return NS_OK;
 }
+
+///////////////////////////////////////////////////////////////////////////////
+// nsIBadCertListener2 implementation
+
+NS_IMETHODIMP
+nsUrlClassifierStreamUpdater::NotifyCertProblem(nsIInterfaceRequestor *socketInfo, 
+                                                nsISSLStatus *status, 
+                                                const nsACString &targetSite, 
+                                                PRBool *_retval)
+{
+  *_retval = PR_TRUE;
+  return NS_OK;
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// nsISSLErrorListener implementation
+
+NS_IMETHODIMP
+nsUrlClassifierStreamUpdater::NotifySSLError(nsIInterfaceRequestor *socketInfo, 
+                                             PRInt32 error, 
+                                             const nsACString &targetSite, 
+                                             PRBool *_retval)
+{
+  *_retval = PR_TRUE;
+  return NS_OK;
+}
+
+///////////////////////////////////////////////////////////////////////////////
+// nsIInterfaceRequestor implementation
+
+NS_IMETHODIMP
+nsUrlClassifierStreamUpdater::GetInterface(const nsIID & eventSinkIID, void* *_retval)
+{
+  return QueryInterface(eventSinkIID, _retval);
+}

toolkit/components/url-classifier/src/nsUrlClassifierStreamUpdater.h

@@ -47,6 +47,8 @@
 #include "nsIStreamListener.h"
 #include "nsNetUtil.h"
 #include "nsTArray.h"
+#include "nsIBadCertListener2.h"
+#include "nsISSLErrorListener.h"
 
 // Forward declare pointers
 class nsIURI;
@@ -54,7 +56,10 @@ class nsIURI;
 class nsUrlClassifierStreamUpdater : public nsIUrlClassifierStreamUpdater,
                                      public nsIUrlClassifierUpdateObserver,
                                      public nsIStreamListener,
-                                     public nsIObserver
+                                     public nsIObserver,
+                                     public nsIBadCertListener2,
+                                     public nsISSLErrorListener,
+                                     public nsIInterfaceRequestor
 {
 public:
   nsUrlClassifierStreamUpdater();
@@ -62,8 +67,11 @@ public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSIURLCLASSIFIERSTREAMUPDATER
   NS_DECL_NSIURLCLASSIFIERUPDATEOBSERVER
+  NS_DECL_NSIINTERFACEREQUESTOR
   NS_DECL_NSIREQUESTOBSERVER
   NS_DECL_NSISTREAMLISTENER
+  NS_DECL_NSIBADCERTLISTENER2
+  NS_DECL_NSISSLERRORLISTENER
   NS_DECL_NSIOBSERVER
 
 private:

toolkit/mozapps/shared/src/badCertHandler.js

@@ -76,6 +76,16 @@ BadCertHandler.prototype = {
     checkCert(oldChannel);
   },
 
+  // Suppress any certificate errors
+  notifyCertProblem: function(socketInfo, status, targetSite) {
+    return true;
+  },
+
+  // Suppress any ssl errors
+  notifySSLError: function(socketInfo, error, targetSite) {
+    return true;
+  },
+
   // nsIInterfaceRequestor
   getInterface: function(iid) {
     return this.QueryInterface(iid);
@@ -84,6 +94,8 @@ BadCertHandler.prototype = {
   // nsISupports
   QueryInterface: function(iid) {
     if (!iid.equals(Components.interfaces.nsIChannelEventSink) &&
+        !iid.equals(Components.interfaces.nsIBadCertListener2) &&
+        !iid.equals(Components.interfaces.nsISSLErrorListener) &&
         !iid.equals(Components.interfaces.nsIInterfaceRequestor) &&
         !iid.equals(Components.interfaces.nsISupports))
       throw Components.results.NS_ERROR_NO_INTERFACE;