Backed out 4 changesets (bug 1266235) for test_ev_certs.js failures on pretty much every platform CLOSED TREE

Backed out changeset f684fac95bd9 (bug 1266235) Backed out changeset f560cba61749 (bug 1266235) Backed out changeset 5f321f10da1e (bug 1266235) Backed out changeset 93deaa5641bc (bug 1266235) --HG-- rename : services/common/blocklist-clients.js => services/common/KintoBlocklist.js rename : services/common/blocklist-updater.js => services/common/kinto-updater.js rename : services/common/tests/unit/test_blocklist_clients.js => services/common/tests/unit/test_kintoAddonPluginBlocklist.js rename : services/common/tests/unit/test_blocklist_certificates.js => services/common/tests/unit/test_kintoCertBlocklist.js rename : services/common/tests/unit/test_blocklist_updater.js => services/common/tests/unit/test_kinto_updater.js
2016-05-10 13:46:28 -07:00 · 2016-05-10 13:46:28 -07:00 · 26012d19b7
--- a/addon-sdk/source/test/preferences/no-connections.json
+++ b/addon-sdk/source/test/preferences/no-connections.json
@ -28,7 +28,7 @@
  "extensions.blocklist.url": "http://localhost/extensions-dummy/blocklistURL",
  "extensions.webservice.discoverURL": "http://localhost/extensions-dummy/discoveryURL",
  "extensions.getAddons.maxResults": 0,
-  "services.blocklist.base": "http://localhost/dummy-kinto/v1",
+  "services.kinto.base": "http://localhost/dummy-kinto/v1",
  "geo.wifi.uri": "http://localhost/location-dummy/locationURL",
  "browser.search.geoip.url": "http://localhost/location-dummy/locationURL",
  "browser.search.isUS": true,
--- a/b2g/app/b2g.js
+++ b/b2g/app/b2g.js
@ -1087,6 +1087,11 @@ pref("dom.performance.enable_notify_performance_timing", true);
 pref("b2g.multiscreen.chrome_remote_url", "chrome://b2g/content/shell_remote.html");
 pref("b2g.multiscreen.system_remote_url", "index_remote.html");

+// Blocklist service
+pref("extensions.blocklist.enabled", true);
+pref("extensions.blocklist.interval", 86400);
+pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
+pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");

 // Because we can't have nice things.
 #ifdef MOZ_GRAPHENE
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@ -50,6 +50,38 @@ pref("extensions.webservice.discoverURL", "https://discovery.addons.mozilla.org/
 pref("extensions.getAddons.recommended.url", "https://services.addons.mozilla.org/%LOCALE%/%APP%/api/%API_VERSION%/list/recommended/all/%MAX_RESULTS%/%OS%/%VERSION%?src=firefox");
 pref("extensions.getAddons.link.url", "https://addons.mozilla.org/%LOCALE%/firefox/");

+// Blocklist preferences
+pref("extensions.blocklist.enabled", true);
+// OneCRL freshness checking depends on this value, so if you change it,
+// please also update security.onecrl.maximum_staleness_in_seconds.
+pref("extensions.blocklist.interval", 86400);
+// Controls what level the blocklist switches from warning about items to forcibly
+// blocking them.
+pref("extensions.blocklist.level", 2);
+pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
+pref("extensions.blocklist.detailsURL", "https://www.mozilla.org/%LOCALE%/blocklist/");
+pref("extensions.blocklist.itemURL", "https://blocklist.addons.mozilla.org/%LOCALE%/%APP%/blocked/%blockID%");
+
+// Kinto blocklist preferences
+pref("services.kinto.base", "https://firefox.settings.services.mozilla.com/v1");
+pref("services.kinto.changes.path", "/buckets/monitor/collections/changes/records");
+pref("services.kinto.bucket", "blocklists");
+pref("services.kinto.onecrl.collection", "certificates");
+pref("services.kinto.onecrl.checked", 0);
+pref("services.kinto.addons.collection", "addons");
+pref("services.kinto.addons.checked", 0);
+pref("services.kinto.plugins.collection", "plugins");
+pref("services.kinto.plugins.checked", 0);
+pref("services.kinto.gfx.collection", "gfx");
+pref("services.kinto.gfx.checked", 0);
+
+// for now, let's keep kinto update out of the release channel
+#ifdef RELEASE_BUILD
+pref("services.kinto.update_enabled", false);
+#else
+pref("services.kinto.update_enabled", true);
+#endif
+
 pref("extensions.update.autoUpdateDefault", true);

 pref("extensions.hotfix.id", "firefox-hotfix@mozilla.org");
@ -1186,6 +1218,9 @@ pref("security.insecure_password.ui.enabled", false);
 // 1 = allow MITM for certificate pinning checks.
 pref("security.cert_pinning.enforcement_level", 1);

+// Required blocklist freshness for OneCRL OCSP bypass
+// (default is 1.25x extensions.blocklist.interval, or 30 hours)
+pref("security.onecrl.maximum_staleness_in_seconds", 108000);

 // Override the Gecko-default value of false for Firefox.
 pref("plain_text.wrap_long_lines", true);
--- a/mobile/android/app/mobile.js
+++ b/mobile/android/app/mobile.js
@ -236,6 +236,35 @@ pref("extensions.getAddons.getWithPerformance.url", "https://services.addons.moz
 pref("extensions.getLocales.get.url", "");
 pref("extensions.compatability.locales.buildid", "0");

+/* blocklist preferences */
+pref("extensions.blocklist.enabled", true);
+// OneCRL freshness checking depends on this value, so if you change it,
+// please also update security.onecrl.maximum_staleness_in_seconds.
+pref("extensions.blocklist.interval", 86400);
+pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
+pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");
+
+// Kinto blocklist preferences
+pref("services.kinto.base", "https://firefox.settings.services.mozilla.com/v1");
+pref("services.kinto.changes.path", "/buckets/monitor/collections/changes/records");
+pref("services.kinto.bucket", "blocklists");
+pref("services.kinto.onecrl.collection", "certificates");
+pref("services.kinto.onecrl.checked", 0);
+pref("services.kinto.addons.collection", "addons");
+pref("services.kinto.addons.checked", 0);
+pref("services.kinto.plugins.collection", "plugins");
+pref("services.kinto.plugins.checked", 0);
+pref("services.kinto.gfx.collection", "gfx");
+pref("services.kinto.gfx.checked", 0);
+
+// for now, let's keep kinto update out of the release channel (pending
+// collection signatures)
+#ifdef RELEASE_BUILD
+pref("services.kinto.update_enabled", false);
+#else
+pref("services.kinto.update_enabled", true);
+#endif
+
 /* Don't let XPIProvider install distribution add-ons; we do our own thing on mobile. */
 pref("extensions.installDistroAddons", false);

@ -500,6 +529,10 @@ pref("security.mixed_content.block_active_content", true);
 // Enable pinning
 pref("security.cert_pinning.enforcement_level", 1);

+// Required blocklist freshness for OneCRL OCSP bypass
+// (default is 1.25x extensions.blocklist.interval, or 30 hours)
+pref("security.onecrl.maximum_staleness_in_seconds", 108000);
+
 // Only fetch OCSP for EV certificates
 pref("security.OCSP.enabled", 2);

--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -2069,41 +2069,9 @@ pref("security.cert_pinning.process_headers_from_non_builtin_roots", false);
 // their protocol with the inner URI of the view-source URI
 pref("security.view-source.reachable-from-inner-protocol", false);

-// Services security settings
-pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1");
-
-// Blocklist preferences
-pref("extensions.blocklist.enabled", true);
-// OneCRL freshness checking depends on this value, so if you change it,
-// please also update security.onecrl.maximum_staleness_in_seconds.
-pref("extensions.blocklist.interval", 86400);
-// Required blocklist freshness for OneCRL OCSP bypass
-// (default is 1.25x extensions.blocklist.interval, or 30 hours)
-pref("security.onecrl.maximum_staleness_in_seconds", 108000);
-pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/");
-pref("extensions.blocklist.detailsURL", "https://www.mozilla.com/%LOCALE%/blocklist/");
-pref("extensions.blocklist.itemURL", "https://blocklist.addons.mozilla.org/%LOCALE%/%APP%/blocked/%blockID%");
-// Controls what level the blocklist switches from warning about items to forcibly
-// blocking them.
-pref("extensions.blocklist.level", 2);
-// Blocklist via settings server (Kinto)
-pref("services.blocklist.changes.path", "/buckets/monitor/collections/changes/records");
-pref("services.blocklist.bucket", "blocklists");
-pref("services.blocklist.onecrl.collection", "certificates");
-pref("services.blocklist.onecrl.checked", 0);
-pref("services.blocklist.addons.collection", "addons");
-pref("services.blocklist.addons.checked", 0);
-pref("services.blocklist.plugins.collection", "plugins");
-pref("services.blocklist.plugins.checked", 0);
-pref("services.blocklist.gfx.collection", "gfx");
-pref("services.blocklist.gfx.checked", 0);
-
-// For now, let's keep settings server update out of the release builds
 #ifdef RELEASE_BUILD
-pref("services.blocklist.update_enabled", false);
 pref("security.onecrl.via.amo", true);
 #else
-pref("services.blocklist.update_enabled", true);
 pref("security.onecrl.via.amo", false);
 #endif

--- a/security/manager/ssl/tests/unit/test_cert_blocklist.js
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@ -47,7 +47,7 @@ var data = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
 stream.write(data, data.length);
 stream.close();

-const PREF_BLOCKLIST_UPDATE_ENABLED = "services.blocklist.update_enabled";
+const PREF_KINTO_UPDATE_ENABLED = "services.kinto.update_enabled";
 const PREF_ONECRL_VIA_AMO = "security.onecrl.via.amo";

 var revocations = profile.clone();
@ -225,7 +225,7 @@ function run_test() {
                 " c2VyaWFsMi4=";

  // This test assumes OneCRL updates via AMO
-  Services.prefs.setBoolPref(PREF_BLOCKLIST_UPDATE_ENABLED, false);
+  Services.prefs.setBoolPref(PREF_KINTO_UPDATE_ENABLED, false);
  Services.prefs.setBoolPref(PREF_ONECRL_VIA_AMO, true);

  add_test(function () {
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@ -150,7 +150,7 @@ function run_test() {
    // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
    Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);
    // set the blocklist-background-update-timer value to the recent past
-    Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+    Services.prefs.setIntPref("services.kinto.onecrl.checked",
                              Math.floor(Date.now() / 1000) - 1);
    Services.prefs.setIntPref("app.update.lastUpdateTime.blocklist-background-update-timer",
                              Math.floor(Date.now() / 1000) - 1);
@ -178,7 +178,7 @@ function run_test() {
    // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
    Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);
    // set the blocklist-background-update-timer value to the more distant past
-    Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+    Services.prefs.setIntPref("services.kinto.onecrl.checked",
                              Math.floor(Date.now() / 1000) - 108080);
    Services.prefs.setIntPref("app.update.lastUpdateTime.blocklist-background-update-timer",
                              Math.floor(Date.now() / 1000) - 108080);
@ -193,13 +193,13 @@ function run_test() {

  add_test(function () {
    // test that setting "security.onecrl.via.amo" results in the correct
-    // OCSP behavior when services.blocklist.onecrl.checked is in the distant past
+    // OCSP behavior when services.kinto.onecrl.checked is in the distant past
    // and blacklist-background-update-timer is recent
    Services.prefs.setBoolPref("security.onecrl.via.amo", false);
    // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
    Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);
    // set the blocklist-background-update-timer value to the recent past
-    // (services.blocklist.onecrl.checked defaults to 0)
+    // (services.kinto.onecrl.checked defaults to 0)
    Services.prefs.setIntPref("app.update.lastUpdateTime.blocklist-background-update-timer",
                              Math.floor(Date.now() / 1000) - 1);
    clearOCSPCache();
@ -213,14 +213,14 @@ function run_test() {

  add_test(function () {
    // test that setting "security.onecrl.via.amo" results in the correct
-    // OCSP behavior when services.blocklist.onecrl.checked is recent
+    // OCSP behavior when services.kinto.onecrl.checked is recent
    Services.prefs.setBoolPref("security.onecrl.via.amo", false);

    // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
    Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 108000);

-    // now set services.blocklist.onecrl.checked to a recent value
-    Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+    // now set services.kinto.onecrl.checked to a recent value
+    Services.prefs.setIntPref("services.kinto.onecrl.checked",
                              Math.floor(Date.now() / 1000) - 1);

    clearOCSPCache();
@ -230,7 +230,7 @@ function run_test() {
    // The tests following this assume no OCSP bypass
    Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 0);
    Services.prefs.clearUserPref("security.onecrl.via.amo");
-    Services.prefs.clearUserPref("services.blocklist.onecrl.checked");
+    Services.prefs.clearUserPref("services.kinto.onecrl.checked");
    ocspResponder.stop(run_next_test);
  });

--- a/services/common/blocklist-clients.js
+++ b/services/common/blocklist-clients.js
@ -20,16 +20,16 @@ const { OS } = Cu.import("resource://gre/modules/osfile.jsm");

 const { loadKinto } = Cu.import("resource://services-common/kinto-offline-client.js");

-const PREF_SETTINGS_SERVER                   = "services.settings.server";
-const PREF_BLOCKLIST_BUCKET                  = "services.blocklist.bucket";
-const PREF_BLOCKLIST_ONECRL_COLLECTION       = "services.blocklist.onecrl.collection";
-const PREF_BLOCKLIST_ONECRL_CHECKED_SECONDS  = "services.blocklist.onecrl.checked";
-const PREF_BLOCKLIST_ADDONS_COLLECTION       = "services.blocklist.addons.collection";
-const PREF_BLOCKLIST_ADDONS_CHECKED_SECONDS  = "services.blocklist.addons.checked";
-const PREF_BLOCKLIST_PLUGINS_COLLECTION      = "services.blocklist.plugins.collection";
-const PREF_BLOCKLIST_PLUGINS_CHECKED_SECONDS = "services.blocklist.plugins.checked";
-const PREF_BLOCKLIST_GFX_COLLECTION          = "services.blocklist.gfx.collection";
-const PREF_BLOCKLIST_GFX_CHECKED_SECONDS     = "services.blocklist.gfx.checked";
+const PREF_KINTO_BASE                    = "services.kinto.base";
+const PREF_KINTO_BUCKET                  = "services.kinto.bucket";
+const PREF_KINTO_ONECRL_COLLECTION       = "services.kinto.onecrl.collection";
+const PREF_KINTO_ONECRL_CHECKED_SECONDS  = "services.kinto.onecrl.checked";
+const PREF_KINTO_ADDONS_COLLECTION       = "services.kinto.addons.collection";
+const PREF_KINTO_ADDONS_CHECKED_SECONDS  = "services.kinto.addons.checked";
+const PREF_KINTO_PLUGINS_COLLECTION      = "services.kinto.plugins.collection";
+const PREF_KINTO_PLUGINS_CHECKED_SECONDS = "services.kinto.plugins.checked";
+const PREF_KINTO_GFX_COLLECTION          = "services.kinto.gfx.collection";
+const PREF_KINTO_GFX_CHECKED_SECONDS     = "services.kinto.gfx.checked";

 this.FILENAME_ADDONS_JSON  = "blocklist-addons.json";
 this.FILENAME_GFX_JSON     = "blocklist-gfx.json";
@ -42,8 +42,8 @@ this.FILENAME_PLUGINS_JSON = "blocklist-plugins.json";
 * persist the local DB.
 */
 function kintoClient() {
-  let base = Services.prefs.getCharPref(PREF_SETTINGS_SERVER);
-  let bucket = Services.prefs.getCharPref(PREF_BLOCKLIST_BUCKET);
+  let base = Services.prefs.getCharPref(PREF_KINTO_BASE);
+  let bucket = Services.prefs.getCharPref(PREF_KINTO_BUCKET);

  let Kinto = loadKinto();

@ -161,25 +161,25 @@ function* updateJSONBlocklist(filename, records) {


 this.OneCRLBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_ONECRL_COLLECTION),
-  PREF_BLOCKLIST_ONECRL_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_ONECRL_COLLECTION),
+  PREF_KINTO_ONECRL_CHECKED_SECONDS,
  updateCertBlocklist
 );

 this.AddonBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_ADDONS_COLLECTION),
-  PREF_BLOCKLIST_ADDONS_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_ADDONS_COLLECTION),
+  PREF_KINTO_ADDONS_CHECKED_SECONDS,
  updateJSONBlocklist.bind(undefined, FILENAME_ADDONS_JSON)
 );

 this.GfxBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_GFX_COLLECTION),
-  PREF_BLOCKLIST_GFX_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_GFX_COLLECTION),
+  PREF_KINTO_GFX_CHECKED_SECONDS,
  updateJSONBlocklist.bind(undefined, FILENAME_GFX_JSON)
 );

 this.PluginBlocklistClient = new BlocklistClient(
-  Services.prefs.getCharPref(PREF_BLOCKLIST_PLUGINS_COLLECTION),
-  PREF_BLOCKLIST_PLUGINS_CHECKED_SECONDS,
+  Services.prefs.getCharPref(PREF_KINTO_PLUGINS_COLLECTION),
+  PREF_KINTO_PLUGINS_CHECKED_SECONDS,
  updateJSONBlocklist.bind(undefined, FILENAME_PLUGINS_JSON)
 );
--- a/services/common/blocklist-updater.js
+++ b/services/common/blocklist-updater.js
@ -2,21 +2,22 @@
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

-this.EXPORTED_SYMBOLS = ["checkVersions", "addTestBlocklistClient"];
+this.EXPORTED_SYMBOLS = ["checkVersions", "addTestKintoClient"];

 const { classes: Cc, Constructor: CC, interfaces: Ci, utils: Cu } = Components;

 Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/Task.jsm");
 Cu.importGlobalProperties(['fetch']);
-const BlocklistClients = Cu.import("resource://services-common/blocklist-clients.js", {});
+const BlocklistClients = Cu.import("resource://services-common/KintoBlocklist.js", {});

-const PREF_SETTINGS_SERVER              = "services.settings.server";
-const PREF_BLOCKLIST_CHANGES_PATH       = "services.blocklist.changes.path";
-const PREF_BLOCKLIST_BUCKET             = "services.blocklist.bucket";
-const PREF_BLOCKLIST_LAST_UPDATE        = "services.blocklist.last_update_seconds";
-const PREF_BLOCKLIST_LAST_ETAG          = "services.blocklist.last_etag";
-const PREF_BLOCKLIST_CLOCK_SKEW_SECONDS = "services.blocklist.clock_skew_seconds";
+const PREF_KINTO_CHANGES_PATH       = "services.kinto.changes.path";
+const PREF_KINTO_BASE               = "services.kinto.base";
+const PREF_KINTO_BUCKET             = "services.kinto.bucket";
+const PREF_KINTO_LAST_UPDATE        = "services.kinto.last_update_seconds";
+const PREF_KINTO_LAST_ETAG          = "services.kinto.last_etag";
+const PREF_KINTO_CLOCK_SKEW_SECONDS = "services.kinto.clock_skew_seconds";
+const PREF_KINTO_ONECRL_COLLECTION  = "services.kinto.onecrl.collection";


 const gBlocklistClients = {
@ -27,7 +28,7 @@ const gBlocklistClients = {
 };

 // Add a blocklist client for testing purposes. Do not use for any other purpose
-this.addTestBlocklistClient = (name, client) => { gBlocklistClients[name] = client; }
+this.addTestKintoClient = (name, client) => { gBlocklistClients[name] = client; }

 // This is called by the ping mechanism.
 // returns a promise that rejects if something goes wrong
@ -42,14 +43,14 @@ this.checkVersions = function() {
    //     "collection":"certificates"
    //    }]}
    // Right now, we only use the collection name and the last modified info
-    let kintoBase = Services.prefs.getCharPref(PREF_SETTINGS_SERVER);
-    let changesEndpoint = kintoBase + Services.prefs.getCharPref(PREF_BLOCKLIST_CHANGES_PATH);
-    let blocklistsBucket = Services.prefs.getCharPref(PREF_BLOCKLIST_BUCKET);
+    let kintoBase = Services.prefs.getCharPref(PREF_KINTO_BASE);
+    let changesEndpoint = kintoBase + Services.prefs.getCharPref(PREF_KINTO_CHANGES_PATH);
+    let blocklistsBucket = Services.prefs.getCharPref(PREF_KINTO_BUCKET);

    // Use ETag to obtain a `304 Not modified` when no change occurred.
    const headers = {};
-    if (Services.prefs.prefHasUserValue(PREF_BLOCKLIST_LAST_ETAG)) {
-      const lastEtag = Services.prefs.getCharPref(PREF_BLOCKLIST_LAST_ETAG);
+    if (Services.prefs.prefHasUserValue(PREF_KINTO_LAST_ETAG)) {
+      const lastEtag = Services.prefs.getCharPref(PREF_KINTO_LAST_ETAG);
      if (lastEtag) {
        headers["If-None-Match"] = lastEtag;
      }
@ -77,8 +78,8 @@ this.checkVersions = function() {
    // negative clockDifference means local time is behind server time
    // by the absolute of that value in seconds (positive means it's ahead)
    let clockDifference = Math.floor((Date.now() - serverTimeMillis) / 1000);
-    Services.prefs.setIntPref(PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, clockDifference);
-    Services.prefs.setIntPref(PREF_BLOCKLIST_LAST_UPDATE, serverTimeMillis / 1000);
+    Services.prefs.setIntPref(PREF_KINTO_CLOCK_SKEW_SECONDS, clockDifference);
+    Services.prefs.setIntPref(PREF_KINTO_LAST_UPDATE, serverTimeMillis / 1000);

    let firstError;
    for (let collectionInfo of versionInfo.data) {
@ -111,7 +112,7 @@ this.checkVersions = function() {
    // Save current Etag for next poll.
    if (response.headers.has("ETag")) {
      const currentEtag = response.headers.get("ETag");
-      Services.prefs.setCharPref(PREF_BLOCKLIST_LAST_ETAG, currentEtag);
+      Services.prefs.setCharPref(PREF_KINTO_LAST_ETAG, currentEtag);
    }
  });
 };
--- a/services/common/moz.build
+++ b/services/common/moz.build
@ -15,10 +15,10 @@ EXTRA_COMPONENTS += [

 EXTRA_JS_MODULES['services-common'] += [
    'async.js',
-    'blocklist-clients.js',
-    'blocklist-updater.js',
    'kinto-http-client.js',
    'kinto-offline-client.js',
+    'kinto-updater.js',
+    'KintoBlocklist.js',
    'logmanager.js',
    'observers.js',
    'rest.js',
--- a/services/common/tests/unit/test_kintoAddonPluginBlocklist.js
+++ b/services/common/tests/unit/test_kintoAddonPluginBlocklist.js
@ -9,15 +9,15 @@ const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm");
 const { OS } = Cu.import("resource://gre/modules/osfile.jsm");

 const { loadKinto } = Cu.import("resource://services-common/kinto-offline-client.js");
-const BlocklistClients = Cu.import("resource://services-common/blocklist-clients.js");
+const KintoBlocklist = Cu.import("resource://services-common/KintoBlocklist.js");

 const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1",
  "nsIBinaryInputStream", "setInputStream");

 const gBlocklistClients = [
-  {client: BlocklistClients.AddonBlocklistClient, filename: BlocklistClients.FILENAME_ADDONS_JSON, testData: ["i808","i720", "i539"]},
-  {client: BlocklistClients.PluginBlocklistClient, filename: BlocklistClients.FILENAME_PLUGINS_JSON, testData: ["p1044","p32","p28"]},
-  {client: BlocklistClients.GfxBlocklistClient, filename: BlocklistClients.FILENAME_GFX_JSON, testData: ["g204","g200","g36"]},
+  {client: KintoBlocklist.AddonBlocklistClient, filename: KintoBlocklist.FILENAME_ADDONS_JSON, testData: ["i808","i720", "i539"]},
+  {client: KintoBlocklist.PluginBlocklistClient, filename: KintoBlocklist.FILENAME_PLUGINS_JSON, testData: ["p1044","p32","p28"]},
+  {client: KintoBlocklist.GfxBlocklistClient, filename: KintoBlocklist.FILENAME_GFX_JSON, testData: ["g204","g200","g36"]},
 ];


@ -77,7 +77,7 @@ function run_test() {
  server.start(-1);

  // Point the blocklist clients to use this local HTTP server.
-  Services.prefs.setCharPref("services.settings.server",
+  Services.prefs.setCharPref("services.kinto.base",
                             `http://localhost:${server.identity.primaryPort}/v1`);

  // Setup server fake responses.
--- a/services/common/tests/unit/test_blocklist_certificates.js
+++ b/services/common/tests/unit/test_blocklist_certificates.js
@ -2,7 +2,7 @@ const { Constructor: CC } = Components;

 Cu.import("resource://testing-common/httpd.js");

-const { OneCRLBlocklistClient } = Cu.import("resource://services-common/blocklist-clients.js");
+const { OneCRLBlocklistClient } = Cu.import("resource://services-common/KintoBlocklist.js");
 const { loadKinto } = Cu.import("resource://services-common/kinto-offline-client.js");

 const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1",
@ -40,7 +40,7 @@ add_task(function* test_something(){
  const configPath = "/v1/";
  const recordsPath = "/v1/buckets/blocklists/collections/certificates/records";

-  Services.prefs.setCharPref("services.settings.server",
+  Services.prefs.setCharPref("services.kinto.base",
                             `http://localhost:${server.identity.primaryPort}/v1`);

  // register a handler
@ -93,7 +93,7 @@ add_task(function* test_something(){
  // Try to maybeSync with the current lastModified value - no connection
  // should be attempted.
  // Clear the kinto base pref so any connections will cause a test failure
-  Services.prefs.clearUserPref("services.settings.server");
+  Services.prefs.clearUserPref("services.kinto.base");
  yield OneCRLBlocklistClient.maybeSync(4000, Date.now());

  // Try again with a lastModified value at some point in the past
@ -101,9 +101,9 @@ add_task(function* test_something(){

  // Check the OneCRL check time pref is modified, even if the collection
  // hasn't changed
-  Services.prefs.setIntPref("services.blocklist.onecrl.checked", 0);
+  Services.prefs.setIntPref("services.kinto.onecrl.checked", 0);
  yield OneCRLBlocklistClient.maybeSync(3000, Date.now());
-  let newValue = Services.prefs.getIntPref("services.blocklist.onecrl.checked");
+  let newValue = Services.prefs.getIntPref("services.kinto.onecrl.checked");
  do_check_neq(newValue, 0);
 });

@ -141,7 +141,7 @@ function getSampleResponse(req, port) {
        "Server: waitress"
      ],
      "status": {status: 200, statusText: "OK"},
-      "responseBody": JSON.stringify({"settings":{"batch_max_requests":25}, "url":`http://localhost:${port}/v1/`, "documentation":"https://kinto.readthedocs.org/", "version":"1.5.1", "commit":"cbc6f58", "hello":"kinto"})
+      "responseBody": JSON.stringify({"settings":{"cliquet.batch_max_requests":25}, "url":`http://localhost:${port}/v1/`, "documentation":"https://kinto.readthedocs.org/", "version":"1.5.1", "commit":"cbc6f58", "hello":"kinto"})
    },
    "GET:/v1/buckets/blocklists/collections/certificates/records?_sort=-last_modified": {
      "sampleHeaders": [
--- a/services/common/tests/unit/test_blocklist_updater.js
+++ b/services/common/tests/unit/test_blocklist_updater.js
@ -1,11 +1,12 @@
+Cu.import("resource://services-common/kinto-updater.js")
 Cu.import("resource://testing-common/httpd.js");

 var server;

-const PREF_SETTINGS_SERVER = "services.settings.server";
-const PREF_LAST_UPDATE = "services.blocklist.last_update_seconds";
-const PREF_LAST_ETAG = "services.blocklist.last_etag";
-const PREF_CLOCK_SKEW_SECONDS = "services.blocklist.clock_skew_seconds";
+const PREF_KINTO_BASE = "services.kinto.base";
+const PREF_LAST_UPDATE = "services.kinto.last_update_seconds";
+const PREF_LAST_ETAG = "services.kinto.last_etag";
+const PREF_CLOCK_SKEW_SECONDS = "services.kinto.clock_skew_seconds";

 // Check to ensure maybeSync is called with correct values when a changes
 // document contains information on when a collection was last modified
@ -40,7 +41,7 @@ add_task(function* test_check_maybeSync(){
  server.registerPathHandler(changesPath, handleResponse.bind(null, 2000));

  // set up prefs so the kinto updater talks to the test server
-  Services.prefs.setCharPref(PREF_SETTINGS_SERVER,
+  Services.prefs.setCharPref(PREF_KINTO_BASE,
    `http://localhost:${server.identity.primaryPort}/v1`);

  // set some initial values so we can check these are updated appropriately
@ -51,12 +52,12 @@ add_task(function* test_check_maybeSync(){

  let startTime = Date.now();

-  let updater = Cu.import("resource://services-common/blocklist-updater.js");
+  let updater = Cu.import("resource://services-common/kinto-updater.js");

  let syncPromise = new Promise(function(resolve, reject) {
    // add a test kinto client that will respond to lastModified information
    // for a collection called 'test-collection'
-    updater.addTestBlocklistClient("test-collection", {
+    updater.addTestKintoClient("test-collection", {
      maybeSync(lastModified, serverTime) {
        do_check_eq(lastModified, 1000);
        do_check_eq(serverTime, 2000);
@ -85,7 +86,7 @@ add_task(function* test_check_maybeSync(){
  // Simulate a poll with up-to-date collection.
  Services.prefs.setIntPref(PREF_LAST_UPDATE, 0);
  // If server has no change, a 304 is received, maybeSync() is not called.
-  updater.addTestBlocklistClient("test-collection", {
+  updater.addTestKintoClient("test-collection", {
    maybeSync: () => {throw new Error("Should not be called");}
  });
  yield updater.checkVersions();
--- a/services/common/tests/unit/xpcshell.ini
+++ b/services/common/tests/unit/xpcshell.ini
@ -9,11 +9,10 @@ support-files =
 # Test load modules first so syntax failures are caught early.
 [test_load_modules.js]

-[test_blocklist_certificates.js]
-[test_blocklist_clients.js]
-[test_blocklist_updater.js]
-
 [test_kinto.js]
+[test_kinto_updater.js]
+[test_kintoAddonPluginBlocklist.js]
+[test_kintoCertBlocklist.js]
 [test_storage_adapter.js]

 [test_utils_atob.js]
--- a/testing/profiles/prefs_general.js
+++ b/testing/profiles/prefs_general.js
@ -109,8 +109,8 @@ user_pref("extensions.getAddons.get.url", "http://%(server)s/extensions-dummy/re
 user_pref("extensions.getAddons.getWithPerformance.url", "http://%(server)s/extensions-dummy/repositoryGetWithPerformanceURL");
 user_pref("extensions.getAddons.search.browseURL", "http://%(server)s/extensions-dummy/repositoryBrowseURL");
 user_pref("extensions.getAddons.search.url", "http://%(server)s/extensions-dummy/repositorySearchURL");
-// Ensure blocklist updates don't hit the network
-user_pref("services.settings.server", "http://%(server)s/dummy-kinto/v1");
+// Ensure kinto updates don't hit the network
+user_pref("services.kinto.base", "http://%(server)s/dummy-kinto/v1");
 // Make sure that opening the plugins check page won't hit the network
 user_pref("plugins.update.url", "http://%(server)s/plugins-dummy/updateCheckURL");
 // Make sure SNTP requests don't hit the network
--- a/toolkit/mozapps/extensions/nsBlocklistService.js
+++ b/toolkit/mozapps/extensions/nsBlocklistService.js
@ -48,7 +48,7 @@ const PREF_BLOCKLIST_PINGCOUNTTOTAL   = "extensions.blocklist.pingCountTotal";
 const PREF_BLOCKLIST_PINGCOUNTVERSION = "extensions.blocklist.pingCountVersion";
 const PREF_BLOCKLIST_SUPPRESSUI       = "extensions.blocklist.suppressUI";
 const PREF_ONECRL_VIA_AMO             = "security.onecrl.via.amo";
-const PREF_BLOCKLIST_UPDATE_ENABLED   = "services.blocklist.update_enabled";
+const PREF_KINTO_UPDATE_ENABLED       = "services.kinto.update_enabled";
 const PREF_PLUGINS_NOTIFYUSER         = "plugins.update.notifyUser";
 const PREF_GENERAL_USERAGENT_LOCALE   = "general.useragent.locale";
 const PREF_APP_DISTRIBUTION           = "distribution.id";
@ -631,11 +631,11 @@ Blocklist.prototype = {
      this._loadBlocklist();

    // If kinto update is enabled, do the kinto update
-    if (gPref.getBoolPref(PREF_BLOCKLIST_UPDATE_ENABLED)) {
-      const updater =
-        Components.utils.import("resource://services-common/blocklist-updater.js",
+    if (gPref.getBoolPref(PREF_KINTO_UPDATE_ENABLED)) {
+      let KintoUpdater =
+        Components.utils.import("resource://services-common/kinto-updater.js",
                                {});
-      updater.checkVersions().catch(() => {
+      KintoUpdater.checkVersions().catch(() => {
        // Before we enable this in release, we want to collect telemetry on
        // failed kinto updates - see bug 1254099
      });
--- a/toolkit/mozapps/extensions/test/xpcshell/head_addons.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/head_addons.js
@ -1872,7 +1872,8 @@ Services.prefs.setBoolPref("extensions.showMismatchUI", false);
 Services.prefs.setCharPref("extensions.update.url", "http://127.0.0.1/updateURL");
 Services.prefs.setCharPref("extensions.update.background.url", "http://127.0.0.1/updateBackgroundURL");
 Services.prefs.setCharPref("extensions.blocklist.url", "http://127.0.0.1/blocklistURL");
-Services.prefs.setCharPref("services.settings.server", "http://localhost/dummy-kinto/v1");
+Services.prefs.setCharPref("services.kinto.base",
+                           "http://localhost/dummy-kinto/v1");

 // By default ignore bundled add-ons
 Services.prefs.setBoolPref("extensions.installDistroAddons", false);
--- a/toolkit/mozapps/extensions/test/xpcshell/test_blocklist_regexp.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/test_blocklist_regexp.js
@ -67,7 +67,7 @@ function load_blocklist(aFile, aCallback) {
  // if we're not using the blocklist.xml for certificate blocklist state,
  // ensure that kinto update is enabled
  if (!Services.prefs.getBoolPref("security.onecrl.via.amo")) {
-    ok(Services.prefs.getBoolPref("services.blocklist.update_enabled", false),
+    ok(Services.prefs.getBoolPref("services.kinto.update_enabled", false),
                                  "Kinto update should be enabled");
  }
  blocklist.notify(null);