Bug 1541450 - Add a Certs cleaner and defines that object in FLAGS_MAP. r=johannh

Differential Revision: https://phabricator.services.mozilla.com/D27193

--HG--
extra : moz-landing-system : lando

toolkit/components/cleardata/ClearDataService.jsm

@@ -81,6 +81,24 @@ const CookieCleaner = {
 
 };
 
+const CertCleaner = {
+  deleteByHost(aHost, aOriginAttributes) {
+    let overrideService = Cc["@mozilla.org/security/certoverride;1"]
+                            .getService(Ci.nsICertOverrideService);
+    return new Promise(aResolve => {
+      overrideService.clearValidityOverride(aHost, -1);
+      aResolve();
+    });
+  },
+
+  deleteAll() {
+    return new Promise(aResolve => {
+      Cu.reportError("CertCleaner.deleteAll is not implemented");
+      aResolve();
+    });
+  },
+};
+
 const NetworkCacheCleaner = {
   deleteByHost(aHost, aOriginAttributes) {
     return new Promise(aResolve => {
@@ -818,6 +836,9 @@ const ReportsCleaner = {
 
 // Here the map of Flags-Cleaner.
 const FLAGS_MAP = [
+  { flag: Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS,
+    cleaner: CertCleaner },
+
  { flag: Ci.nsIClearDataService.CLEAR_COOKIES,
    cleaner: CookieCleaner },
 

toolkit/components/cleardata/nsIClearDataService.idl

@@ -194,6 +194,11 @@ interface nsIClearDataService : nsISupports
    */
   const uint32_t CLEAR_STORAGE_ACCESS = 1 << 20;
 
+  /**
+   * Clear Cert Exceptions.
+   */
+  const uint32_t CLEAR_CERT_EXCEPTIONS = 1 << 21;
+
   /**
    * Use this value to delete all the data.
    */
@@ -223,7 +228,7 @@ interface nsIClearDataService : nsISupports
     CLEAR_COOKIES | CLEAR_EME | CLEAR_PLUGIN_DATA | CLEAR_DOWNLOADS | CLEAR_PASSWORDS |
     CLEAR_PERMISSIONS | CLEAR_DOM_STORAGES | CLEAR_CONTENT_PREFERENCES |
     CLEAR_PREDICTOR_NETWORK_DATA | CLEAR_DOM_PUSH_NOTIFICATIONS |
-    CLEAR_SECURITY_SETTINGS | CLEAR_REPORTS;
+    CLEAR_SECURITY_SETTINGS | CLEAR_REPORTS | CLEAR_CERT_EXCEPTIONS;
 };
 
 /**

toolkit/components/cleardata/tests/unit/test_certs.js

@@ -0,0 +1,49 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const certService = Cc["@mozilla.org/security/local-cert-service;1"]
+                      .getService(Ci.nsILocalCertService);
+const overrideService = Cc["@mozilla.org/security/certoverride;1"]
+                          .getService(Ci.nsICertOverrideService);
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const CERT_TEST = "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t";
+
+add_task(async function() {
+  Assert.ok(Services.clearData);
+
+  const TEST_URI = Services.io.newURI("http://test.com/");
+  let cert = certDB.constructX509FromBase64(CERT_TEST);
+  let flags = Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS;
+
+  ok(cert, "Cert was created");
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 0,
+               "Cert should not be used for override yet");
+
+  overrideService.rememberValidityOverride(
+    TEST_URI.asciiHost, TEST_URI.port,
+    cert,
+    flags,
+    false
+  );
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 1,
+               "Cert should be used for override now");
+
+  await new Promise(aResolve => {
+    Services.clearData
+            .deleteDataFromHost(TEST_URI.asciiHostPort, true /* user request */,
+                                flags,
+                                value => {
+      Assert.equal(value, 0);
+      aResolve();
+    });
+  });
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 0,
+               "Cert should not be used for override now");
+});

toolkit/components/cleardata/tests/unit/xpcshell.ini

@@ -5,6 +5,7 @@ skip-if = toolkit == 'android'
 support-files =
 
 [test_basic.js]
+[test_certs.js]
 [test_cookies.js]
 [test_downloads.js]
 [test_network_cache.js]