Bug 1894689 - update pinned cert issuers in windows maintenance service. r=bhearsum,application-update-reviewers,bytesized

Differential Revision: https://phabricator.services.mozilla.com/D209245

browser/installer/windows/nsis/defines.nsi.in

@@ -54,11 +54,11 @@
 !define IDI_PBICON_PB_EXE_ZERO_BASED "0"
 
 !define CERTIFICATE_NAME            "Mozilla Corporation"
-!define CERTIFICATE_ISSUER          "DigiCert SHA2 Assured ID Code Signing CA"
+!define CERTIFICATE_ISSUER          "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
 ; Changing the name or issuer requires us to have both the old and the new
 ;  in the registry at the same time, temporarily.
 !define CERTIFICATE_NAME_PREVIOUS   "Mozilla Corporation"
-!define CERTIFICATE_ISSUER_PREVIOUS "DigiCert Assured ID Code Signing CA-1"
+!define CERTIFICATE_ISSUER_PREVIOUS "DigiCert SHA2 Assured ID Code Signing CA"
 
 # LSP_CATEGORIES is the permitted LSP categories for the application. Each LSP
 # category value is ANDed together to set multiple permitted categories.

browser/installer/windows/nsis/maintenanceservice_installer.nsi

@@ -217,7 +217,7 @@ Section "MaintenanceService"
   ; These keys are used to bypass the installation dir is a valid installation
   ; check from the service so that tests can be run.
   ; WriteRegStr HKLM "${FallbackKey}\0" "name" "Mozilla Corporation"
-  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert SHA2 Assured ID Code Signing CA"
+  ; WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
   ${If} ${RunningX64}
   ${OrIf} ${IsNativeARM64}
     SetRegView lastused

toolkit/components/maintenanceservice/bootstrapinstaller/maintenanceservice_installer.nsi

@@ -205,7 +205,7 @@ Section "MaintenanceService"
   ; These keys are used to bypass the installation dir is a valid installation
   ; check from the service so that tests can be run.
   WriteRegStr HKLM "${FallbackKey}\0" "name" "Mozilla Corporation"
-  WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert SHA2 Assured ID Code Signing CA"
+  WriteRegStr HKLM "${FallbackKey}\0" "issuer" "DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
   WriteRegStr HKLM "${FallbackKey}\1" "name" "Mozilla Fake SPC"
   WriteRegStr HKLM "${FallbackKey}\1" "issuer" "Mozilla Fake CA"
   ${If} ${RunningX64}

toolkit/mozapps/update/docs/MaintenanceServiceTests.rst

@@ -47,11 +47,11 @@ into the registry.
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MaintenanceService\3932ecacee736d366d6436db0f55bce4]
 
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MaintenanceService\3932ecacee736d366d6436db0f55bce4\0]
-   "issuer"="DigiCert SHA2 Assured ID Code Signing CA"
+   "issuer"="DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"
    "name"="Mozilla Corporation"
 
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MaintenanceService\3932ecacee736d366d6436db0f55bce4\1]
-   "issuer"="DigiCert Assured ID Code Signing CA-1"
+   "issuer"="DigiCert SHA2 Assured ID Code Signing CA"
    "name"="Mozilla Corporation"
 
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MaintenanceService\3932ecacee736d366d6436db0f55bce4\2]