Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-20 16:55:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3d0316a902
gecko-dev/testing/marionette/cert.js
Kris Maglione e930b89c34 Bug 1514594: Part 3 - Change ChromeUtils.import API. 
***
Bug 1514594: Part 3a - Change ChromeUtils.import to return an exports object; not pollute global. r=mccr8

This changes the behavior of ChromeUtils.import() to return an exports object,
rather than a module global, in all cases except when `null` is passed as a
second argument, and changes the default behavior not to pollute the global
scope with the module's exports. Thus, the following code written for the old
model:

  ChromeUtils.import("resource://gre/modules/Services.jsm");

is approximately the same as the following, in the new model:

  var {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");

Since the two behaviors are mutually incompatible, this patch will land with a
scripted rewrite to update all existing callers to use the new model rather
than the old.
***
Bug 1514594: Part 3b - Mass rewrite all JS code to use the new ChromeUtils.import API. rs=Gijs

This was done using the followng script:

https://bitbucket.org/kmaglione/m-c-rewrites/src/tip/processors/cu-import-exports.jsm
***
Bug 1514594: Part 3c - Update ESLint plugin for ChromeUtils.import API changes. r=Standard8

Differential Revision: https://phabricator.services.mozilla.com/D16747
***
Bug 1514594: Part 3d - Remove/fix hundreds of duplicate imports from sync tests. r=Gijs

Differential Revision: https://phabricator.services.mozilla.com/D16748
***
Bug 1514594: Part 3e - Remove no-op ChromeUtils.import() calls. r=Gijs

Differential Revision: https://phabricator.services.mozilla.com/D16749
***
Bug 1514594: Part 3f.1 - Cleanup various test corner cases after mass rewrite. r=Gijs
***
Bug 1514594: Part 3f.2 - Cleanup various non-test corner cases after mass rewrite. r=Gijs

Differential Revision: https://phabricator.services.mozilla.com/D16750

--HG--
extra : rebase_source : 359574ee3064c90f33bf36c2ebe3159a24cc8895
extra : histedit_source : b93c8f42808b1599f9122d7842d2c0b3e656a594%2C64a3a4e3359dc889e2ab2b49461bab9e27fc10a7
2019-01-17 10:18:31 -08:00

130 lines
3.9 KiB
JavaScript
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
const {Preferences} = ChromeUtils.import("resource://gre/modules/Preferences.jsm");
const {XPCOMUtils} = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
this.EXPORTED_SYMBOLS = [
"CertificateOverrideManager",
"InsecureSweepingOverride",
];
const registrar =
Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
const sss = Cc["@mozilla.org/ssservice;1"]
.getService(Ci.nsISiteSecurityService);
const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
const CID = Components.ID("{4b67cce0-a51c-11e6-9598-0800200c9a66}");
const CONTRACT_ID = "@mozilla.org/security/certoverride;1";
const DESC = "All-encompassing cert service that matches on a bitflag";
const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";
const Error = {
Untrusted: 1,
Mismatch: 2,
Time: 4,
};
let currentOverride = null;
/** TLS certificate service override management for Marionette. */
class CertificateOverrideManager {
/**
* Installs a TLS certificate service override.
*
* The provided `service` must implement the `register` and `unregister`
* functions that causes a new `nsICertOverrideService` interface
* implementation to be registered with the `nsIComponentRegistrar`.
*
* After `service` is registered, `nsICertOverrideService` is
* reinitialised to cause all Gecko components to pick up the
* new service.
*
* If an override is already installed this functions acts as a no-op.
*
* @param {cert.Override} service
* Service generator that registers and unregisters the XPCOM service.
*
* @throws {Components.Exception}
* If unable to register or initialise `service`.
*/
static install(service) {
if (currentOverride) {
return;
}
service.register();
currentOverride = service;
}
/**
* Uninstall a TLS certificate service override.
*
* If there is no current override installed this function acts
* as a no-op.
*/
static uninstall() {
if (!currentOverride) {
return;
}
currentOverride.unregister();
currentOverride = null;
}
}
this.CertificateOverrideManager = CertificateOverrideManager;
/**
* Certificate override service that acts in an all-inclusive manner
* on TLS certificates.
*
* @throws {Components.Exception}
* If there are any problems registering the service.
*/
function InsecureSweepingOverride() {
// This needs to be an old-style class with a function constructor
// and prototype assignment because... XPCOM. Any attempt at
// modernisation will be met with cryptic error messages which will
// make your life miserable.
let service = function() {};
service.prototype = {
hasMatchingOverride(
aHostName, aPort, aCert, aOverrideBits, aIsTemporary) {
aIsTemporary.value = false;
aOverrideBits.value = Error.Untrusted | Error.Mismatch | Error.Time;
return true;
},
QueryInterface: ChromeUtils.generateQI([Ci.nsICertOverrideService]),
};
let factory = XPCOMUtils.generateSingletonFactory(service);
return {
register() {
// make it possible to register certificate overrides for domains
// that use HSTS or HPKP
Preferences.set(HSTS_PRELOAD_LIST_PREF, false);
Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0);
registrar.registerFactory(CID, DESC, CONTRACT_ID, factory);
},
unregister() {
registrar.unregisterFactory(CID, factory);
Preferences.reset(HSTS_PRELOAD_LIST_PREF);
Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF);
// clear collected HSTS and HPKP state
// through the site security service
sss.clearAll();
sss.clearPreloads();
},
};
}
this.InsecureSweepingOverride = InsecureSweepingOverride;
Reference in New Issue View Git Blame Copy Permalink