Backed out changeset 1f6f908368e5 (bug 1305289) for gtest failures

2016-10-10 09:33:01 +02:00 · 2016-10-10 09:33:01 +02:00 · 401922b6ce
--- a/browser/base/content/pageinfo/pageInfo.xul
+++ b/browser/base/content/pageinfo/pageInfo.xul
@ -417,7 +417,6 @@
          <label id="security-technical-shortform" class="fieldValue"/>
          <description id="security-technical-longform1" class="fieldLabel"/>
          <description id="security-technical-longform2" class="fieldLabel"/>
-          <description id="security-technical-certificate-transparency" class="fieldLabel"/>
        </vbox>
      </groupbox>
      <hbox pack="end">
--- a/browser/base/content/pageinfo/security.js
+++ b/browser/base/content/pageinfo/security.js
@ -65,8 +65,7 @@ var security = {
        isBroken : isBroken,
        isMixed : isMixed,
        isEV : isEV,
-        cert : cert,
-        certificateTransparency : undefined
+        cert : cert
      };

      var version;
@ -96,27 +95,6 @@ var security = {
          break;
      }

-      // Select status text to display for Certificate Transparency.
-      switch (status.certificateTransparencyStatus) {
-        case nsISSLStatus.CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE:
-          // CT compliance checks were not performed,
-          // do not display any status text.
-          retval.certificateTransparency = null;
-          break;
-        case nsISSLStatus.CERTIFICATE_TRANSPARENCY_NONE:
-          retval.certificateTransparency = "None";
-          break;
-        case nsISSLStatus.CERTIFICATE_TRANSPARENCY_OK:
-          retval.certificateTransparency = "OK";
-          break;
-        case nsISSLStatus.CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG:
-          retval.certificateTransparency = "UnknownLog";
-          break;
-        case nsISSLStatus.CERTIFICATE_TRANSPARENCY_INVALID:
-          retval.certificateTransparency = "Invalid";
-          break;
-      }
-
      return retval;
    }
    return {
@ -128,8 +106,7 @@ var security = {
      isBroken : isBroken,
      isMixed : isMixed,
      isEV : isEV,
-      cert : null,
-      certificateTransparency : null
+      cert : null
    };
  },

@ -306,16 +283,6 @@ function securityOnLoad(uri, windowInfo) {
  setText("security-technical-shortform", hdr);
  setText("security-technical-longform1", msg1);
  setText("security-technical-longform2", msg2);
-
-  const ctStatus =
-    document.getElementById("security-technical-certificate-transparency");
-  if (info.certificateTransparency) {
-    ctStatus.hidden = false;
-    ctStatus.value = pkiBundle.getString(
-      "pageInfo_CertificateTransparency_" + info.certificateTransparency);
-  } else {
-    ctStatus.hidden = true;
-  }
 }

 function setText(id, value)
--- a/security/manager/locales/en-US/chrome/pippki/pippki.properties
+++ b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@ -109,10 +109,6 @@ pageInfo_Privacy_Encrypted2=Encryption makes it difficult for unauthorized peopl
 pageInfo_MixedContent=Connection Partially Encrypted
 pageInfo_MixedContent2=Parts of the page you are viewing were not encrypted before being transmitted over the Internet.
 pageInfo_WeakCipher=Your connection to this website uses weak encryption and is not private. Other people can view your information or modify the website’s behavior.
-pageInfo_CertificateTransparency_None=This website does not supply Certificate Transparency audit records.
-pageInfo_CertificateTransparency_OK=This website supplies publicly auditable Certificate Transparency records.
-pageInfo_CertificateTransparency_UnknownLog=This website claims to have Certificate Transparency audit records, but the records cannot be verified.
-pageInfo_CertificateTransparency_Invalid=This website supplies Certificate Transparency audit records, but the records failed verification.

 # Cert Viewer
 certDetails=Certificate Viewer:
--- a/security/manager/ssl/SSLServerCertVerification.cpp
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@ -1424,8 +1424,6 @@ AuthCertificate(CertVerifier& certVerifier,
      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
             ("AuthCertificate setting NEW cert %p\n", nsc.get()));
    }
-
-    status->SetCertificateTransparencyInfo(certificateTransparencyInfo);
  }

  if (rv != SECSuccess) {
--- a/security/manager/ssl/nsISSLStatus.idl
+++ b/security/manager/ssl/nsISSLStatus.idl
@ -23,13 +23,6 @@ interface nsISSLStatus : nsISupports {
  const short TLS_VERSION_1_3 = 4;
  readonly attribute unsigned short protocolVersion;

-  const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE = 0;
-  const short CERTIFICATE_TRANSPARENCY_NONE           = 1;
-  const short CERTIFICATE_TRANSPARENCY_OK             = 2;
-  const short CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG    = 3;
-  const short CERTIFICATE_TRANSPARENCY_INVALID        = 4;
-  readonly attribute unsigned short certificateTransparencyStatus;
-
  readonly attribute boolean isDomainMismatch;
  readonly attribute boolean isNotValidAtThisTime;

--- a/security/manager/ssl/nsSSLStatus.cpp
+++ b/security/manager/ssl/nsSSLStatus.cpp
@ -9,7 +9,6 @@
 #include "nsIClassInfoImpl.h"
 #include "nsIObjectOutputStream.h"
 #include "nsIObjectInputStream.h"
-#include "SignedCertificateTimestamp.h"
 #include "ssl.h"

 NS_IMETHODIMP
@ -87,16 +86,6 @@ nsSSLStatus::GetProtocolVersion(uint16_t* aProtocolVersion)
  return NS_OK;
 }

-NS_IMETHODIMP
-nsSSLStatus::GetCertificateTransparencyStatus(
-  uint16_t* aCertificateTransparencyStatus)
-{
-  NS_ENSURE_ARG_POINTER(aCertificateTransparencyStatus);
-
-  *aCertificateTransparencyStatus = mCertificateTransparencyStatus;
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 nsSSLStatus::GetIsDomainMismatch(bool* aIsDomainMismatch)
 {
@ -163,8 +152,6 @@ nsSSLStatus::Read(nsIObjectInputStream* aStream)
  NS_ENSURE_SUCCESS(rv, rv);
  rv = aStream->Read16(&mProtocolVersion);
  NS_ENSURE_SUCCESS(rv, rv);
-  rv = aStream->Read16(&mCertificateTransparencyStatus);
-  NS_ENSURE_SUCCESS(rv, rv);

  rv = aStream->ReadBoolean(&mIsDomainMismatch);
  NS_ENSURE_SUCCESS(rv, rv);
@ -197,8 +184,6 @@ nsSSLStatus::Write(nsIObjectOutputStream* aStream)
  NS_ENSURE_SUCCESS(rv, rv);
  rv = aStream->Write16(mProtocolVersion);
  NS_ENSURE_SUCCESS(rv, rv);
-  rv = aStream->Write16(mCertificateTransparencyStatus);
-  NS_ENSURE_SUCCESS(rv, rv);

  rv = aStream->WriteBoolean(mIsDomainMismatch);
  NS_ENSURE_SUCCESS(rv, rv);
@ -277,8 +262,6 @@ nsSSLStatus::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
 nsSSLStatus::nsSSLStatus()
 : mCipherSuite(0)
 , mProtocolVersion(0)
-, mCertificateTransparencyStatus(nsISSLStatus::
-    CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE)
 , mIsDomainMismatch(false)
 , mIsNotValidAtThisTime(false)
 , mIsUntrusted(false)
@ -317,55 +300,3 @@ nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert,
  }
 #endif
 }
-
-void
-nsSSLStatus::SetCertificateTransparencyInfo(
-  const mozilla::psm::CertificateTransparencyInfo& info)
-{
-  using mozilla::ct::SignedCertificateTimestamp;
-
-  if (!info.enabled) {
-    // CT disabled.
-    mCertificateTransparencyStatus =
-      nsISSLStatus::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE;
-    return;
-  }
-
-  if (!info.processedSCTs) {
-    // No SCTs processed on the connection.
-    mCertificateTransparencyStatus =
-      nsISSLStatus::CERTIFICATE_TRANSPARENCY_NONE;
-    return;
-  }
-
-  bool hasOKSCTs = false;
-  bool hasUnknownLogSCTs = false;
-  bool hasInvalidSCTs = false;
-  for (const SignedCertificateTimestamp& sct : info.verifyResult.scts) {
-    switch (sct.verificationStatus) {
-      case SignedCertificateTimestamp::VerificationStatus::OK:
-        hasOKSCTs = true;
-        break;
-      case SignedCertificateTimestamp::VerificationStatus::UnknownLog:
-        hasUnknownLogSCTs = true;
-        break;
-      case SignedCertificateTimestamp::VerificationStatus::InvalidSignature:
-      case SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp:
-        hasInvalidSCTs = true;
-        break;
-      default:
-        MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type");
-    }
-  }
-
-  if (hasOKSCTs) {
-    mCertificateTransparencyStatus =
-      nsISSLStatus::CERTIFICATE_TRANSPARENCY_OK;
-  } else if (hasUnknownLogSCTs) {
-    mCertificateTransparencyStatus =
-      nsISSLStatus::CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG;
-  } else if (hasInvalidSCTs) {
-    mCertificateTransparencyStatus =
-      nsISSLStatus::CERTIFICATE_TRANSPARENCY_INVALID;
-  }
-}
--- a/security/manager/ssl/nsSSLStatus.h
+++ b/security/manager/ssl/nsSSLStatus.h
@ -7,7 +7,6 @@
 #ifndef _NSSSLSTATUS_H
 #define _NSSSLSTATUS_H

-#include "CertVerifier.h" // For CertificateTransparencyInfo
 #include "nsISSLStatus.h"
 #include "nsCOMPtr.h"
 #include "nsXPIDLString.h"
@ -38,13 +37,9 @@ public:
    return mServerCert != nullptr;
  }

-  void SetCertificateTransparencyInfo(
-    const mozilla::psm::CertificateTransparencyInfo& info);
-
  /* public for initilization in this file */
  uint16_t mCipherSuite;
  uint16_t mProtocolVersion;
-  uint16_t mCertificateTransparencyStatus;

  bool mIsDomainMismatch;
  bool mIsNotValidAtThisTime;