Bug 1526018 - Initialize PSM clients in their own service r=Gijs,jcj

Differential Revision: https://phabricator.services.mozilla.com/D31603 --HG-- extra : moz-landing-system : lando
2019-05-21 21:14:11 +00:00 · 2019-05-21 21:14:11 +00:00 · 8eb7224e54
--- a/browser/components/BrowserGlue.jsm
+++ b/browser/components/BrowserGlue.jsm
@ -450,6 +450,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
  PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.jsm",
  ProcessHangMonitor: "resource:///modules/ProcessHangMonitor.jsm",
  RemoteSettings: "resource://services-settings/remote-settings.js",
+  RemoteSecuritySettings: "resource://gre/modules/psm/RemoteSecuritySettings.jsm",
  RFPHelper: "resource://gre/modules/RFPHelper.jsm",
  SafeBrowsing: "resource://gre/modules/SafeBrowsing.jsm",
  Sanitizer: "resource:///modules/Sanitizer.jsm",
@ -1822,6 +1823,10 @@ BrowserGlue.prototype = {
    Services.tm.idleDispatchToMainThread(() => {
      RemoteSettings.init();
    });
+
+    Services.tm.idleDispatchToMainThread(() => {
+      RemoteSecuritySettings.init();
+    });
  },

  _onQuitRequest: function BG__onQuitRequest(aCancelQuit, aQuitType) {
--- a/security/manager/ssl/RemoteSecuritySettings.jsm
+++ b/security/manager/ssl/RemoteSecuritySettings.jsm
@ -6,7 +6,9 @@
 const EXPORTED_SYMBOLS = ["RemoteSecuritySettings"];

 const {RemoteSettings} = ChromeUtils.import("resource://services-settings/remote-settings.js");
+ChromeUtils.defineModuleGetter(this, "BlocklistClients", "resource://services-common/blocklist-clients.js");

+const {AppConstants} = ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
 const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
 const {XPCOMUtils} = ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
 const {X509} = ChromeUtils.import("resource://gre/modules/psm/X509.jsm", null);
@ -93,6 +95,19 @@ class CertInfo {
 CertInfo.prototype.QueryInterface = ChromeUtils.generateQI([Ci.nsICertInfo]);

 this.RemoteSecuritySettings = class RemoteSecuritySettings {
+    /**
+     * Initialize the clients (cheap instantiation) and setup their sync event.
+     * This static method is called from BrowserGlue.jsm soon after startup.
+     */
+    static init() {
+      // In Bug 1543598, the OneCRL and Pinning clients will be moved in this module.
+      BlocklistClients.initialize();
+
+      if (AppConstants.MOZ_NEW_CERT_STORAGE) {
+        new RemoteSecuritySettings();
+      }
+    }
+
    constructor() {
        this.client = RemoteSettings(Services.prefs.getCharPref(INTERMEDIATES_COLLECTION_PREF), {
          bucketNamePref: INTERMEDIATES_BUCKET_PREF,
--- a/services/common/blocklist-clients.js
+++ b/services/common/blocklist-clients.js
@ -184,7 +184,6 @@ async function updatePinningList({ data: { current: records } }) {

 var OneCRLBlocklistClient;
 var PinningBlocklistClient;
-var RemoteSecuritySettingsClient;

 function initialize(options = {}) {
  const { verifySignature = true } = options;
@ -205,21 +204,6 @@ function initialize(options = {}) {
  PinningBlocklistClient.verifySignature = verifySignature;
  PinningBlocklistClient.on("sync", updatePinningList);

-  if (AppConstants.MOZ_NEW_CERT_STORAGE) {
-    const { RemoteSecuritySettings } = ChromeUtils.import("resource://gre/modules/psm/RemoteSecuritySettings.jsm");
-
-    // In Bug 1526018 this will move into its own service, as it's not quite like
-    // the others.
-    RemoteSecuritySettingsClient = new RemoteSecuritySettings();
-    RemoteSecuritySettingsClient.verifySignature = verifySignature;
-
-    return {
-      OneCRLBlocklistClient,
-      PinningBlocklistClient,
-      RemoteSecuritySettingsClient,
-    };
-  }
-
  return {
    OneCRLBlocklistClient,
    PinningBlocklistClient,
--- a/toolkit/mozapps/extensions/Blocklist.jsm
+++ b/toolkit/mozapps/extensions/Blocklist.jsm
@ -19,11 +19,6 @@ ChromeUtils.defineModuleGetter(this, "AddonManager",
                               "resource://gre/modules/AddonManager.jsm");
 ChromeUtils.defineModuleGetter(this, "AddonManagerPrivate",
                               "resource://gre/modules/AddonManager.jsm");
-// The remote settings updater is the new system in charge of fetching remote data
-// securely and efficiently. It will replace the current XML-based system.
-// See Bug 1257565 and Bug 1252456.
-ChromeUtils.defineModuleGetter(this, "BlocklistClients",
-                               "resource://services-common/blocklist-clients.js");
 ChromeUtils.defineModuleGetter(this, "CertUtils",
                               "resource://gre/modules/CertUtils.jsm");
 ChromeUtils.defineModuleGetter(this, "FileUtils",
@ -2561,10 +2556,6 @@ let BlocklistRS = {
    ExtensionBlocklistRS._onUpdate();
    PluginBlocklistRS._onUpdate();
  },
-
-  initializeClients() {
-    BlocklistClients.initialize();
-  },
 };

 const kSharedAPIs = [
@ -2586,12 +2577,6 @@ let Blocklist = {
    Services.prefs.addObserver("extensions.blocklist.", this);
    Services.prefs.addObserver(PREF_EM_LOGGING_ENABLED, this);

-    // Instantiate Remote Settings clients for blocklists.
-    // Their initialization right here serves two purposes:
-    // - Make sure they are instantiated (it's cheap) in order to be included in the synchronization process;
-    // - Ensure that onecrl and other consumers in there are loaded.
-    // Ideally, this should happen only when BlocklistRS is initialized.
-    BlocklistRS.initializeClients();
    // Define forwarding functions:
    for (let k of kSharedAPIs) {
      this[k] = (...args) => this._impl[k](...args);