Bug 1493249 - Add policy for security devices. r=Felipe

Differential Revision: https://phabricator.services.mozilla.com/D6525

--HG--
extra : moz-landing-system : lando

browser/components/enterprisepolicies/EnterprisePolicies.js

@@ -137,7 +137,7 @@ EnterprisePoliciesManager.prototype = {
   },
 
   _callbacks: {
-    // The earlist that a policy callback can run. This will
+    // The earliest that a policy callback can run. This will
     // happen right after the Policy Engine itself has started,
     // and before the Add-ons Manager has started.
     onBeforeAddons: [],

browser/components/enterprisepolicies/Policies.jsm

@@ -754,6 +754,25 @@ var Policies = {
     },
   },
 
+  "SecurityDevices": {
+    onProfileAfterChange(manager, param) {
+      let securityDevices = param;
+      runOncePerModification("securityDevices",
+                             JSON.stringify(securityDevices),
+                             () => {
+        let pkcs11 = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService(Ci.nsIPKCS11ModuleDB);
+        for (let deviceName in securityDevices) {
+          try {
+            pkcs11.addModule(deviceName, securityDevices[deviceName], 0, 0);
+          } catch (ex) {
+            log.error("Unable to add security device ${deviceName}");
+            log.debug(ex);
+          }
+        }
+      });
+    },
+  },
+
   "WebsiteFilter": {
     onBeforeUIStartup(manager, param) {
       this.filter = new WebsiteFilter(param.Block || [], param.Exceptions || []);

browser/components/enterprisepolicies/schemas/policies-schema.json

@@ -632,6 +632,13 @@
       }
     },
 
+    "SecurityDevices": {
+      "type": "object",
+      "patternProperties": {
+        "^.*$": { "type": "string" }
+      }
+    },
+
     "WebsiteFilter": {
       "machine_only": "true",
 

toolkit/components/utils/JsonSchemaValidator.jsm

@@ -108,26 +108,52 @@ function validateAndParseParamRecursive(param, properties) {
       }
 
       let parsedObj = {};
-      for (let property of Object.keys(properties.properties)) {
-        log.debug(`in object, checking\n    property: ${property}\n    value: ${param[property]}\n    expected type: ${properties.properties[property].type}`);
-
-        if (!param.hasOwnProperty(property)) {
-          if (properties.required && properties.required.includes(property)) {
-            log.error(`Object is missing required property ${property}`);
-            return [false, null];
+      let patternProperties = [];
+      if ("patternProperties" in properties) {
+        for (let propName of Object.keys(properties.patternProperties || {})) {
+          let pattern;
+          try {
+            pattern = new RegExp(propName);
+          } catch (e) {
+            throw new Error(`Internal error: Invalid property pattern ${propName}`);
           }
-          continue;
+          patternProperties.push({
+            pattern,
+            schema: properties.patternProperties[propName],
+          });
         }
-
-        let [valid, parsedValue] = validateAndParseParamRecursive(param[property], properties.properties[property]);
-
-        if (!valid) {
-          return [false, null];
-        }
-
-        parsedObj[property] = parsedValue;
       }
 
+      if (properties.required) {
+        for (let required of properties.required) {
+          if (!(required in param)) {
+            log.error(`Object is missing required property ${required}`);
+            return [false, null];
+          }
+        }
+      }
+
+      for (let item of Object.keys(param)) {
+        let schema;
+        if ("properties" in properties &&
+            properties.properties.hasOwnProperty(item)) {
+          schema = properties.properties[item];
+        } else if (patternProperties.length) {
+          for (let patternProperty of patternProperties) {
+            if (patternProperty.pattern.test(item)) {
+              schema = patternProperty.schema;
+              break;
+            }
+          }
+        }
+        if (schema) {
+          let [valid, parsedValue] = validateAndParseParamRecursive(param[item], schema);
+          if (!valid) {
+            return [false, null];
+          }
+          parsedObj[item] = parsedValue;
+        }
+      }
       return [true, parsedObj];
     }
   }

toolkit/components/utils/test/browser/browser_JsonSchemaValidator.js

@@ -396,3 +396,54 @@ add_task(async function test_number_or_array_values() {
   ok(!JsonSchemaValidator.validateAndParseParameters([[]], schema)[0], "Invalid value");
   ok(!JsonSchemaValidator.validateAndParseParameters([0, 1, [2, 3]], schema)[0], "Invalid value");
 });
+
+add_task(async function test_patternProperties() {
+  let schema = {
+    type: "object",
+    properties: {
+      "S-bool-property": { "type": "boolean" },
+    },
+    patternProperties: {
+      "^S-": { "type": "string" },
+      "^N-": { "type": "number" },
+      "^B-": { "type": "boolean" },
+    },
+  };
+
+  let valid, parsed;
+  [valid, parsed] = JsonSchemaValidator.validateAndParseParameters({
+    "S-string": "test",
+    "N-number": 5,
+    "B-boolean": true,
+    "S-bool-property": false,
+  }, schema);
+
+  ok(valid, "Object is valid");
+  is(parsed["S-string"], "test", "parsedProperty is correct");
+  is(parsed["N-number"], 5, "parsedProperty is correct");
+  is(parsed["B-boolean"], true, "parsedProperty is correct");
+  is(parsed["S-bool-property"], false, "property is correct");
+
+  [valid, parsed] = JsonSchemaValidator.validateAndParseParameters({
+    "N-string": "test",
+  }, schema);
+
+  ok(!valid, "Object is not valid since there is a type mismatch");
+
+  [valid, parsed] = JsonSchemaValidator.validateAndParseParameters({
+    "S-number": 5,
+  }, schema);
+
+  ok(!valid, "Object is not valid since there is a type mismatch");
+
+  schema = {
+    type: "object",
+    patternProperties: {
+      "[": {" type": "string" },
+    },
+  };
+
+  Assert.throws(() => {
+    [valid, parsed] = JsonSchemaValidator.validateAndParseParameters({}, schema);
+  }, /Invalid property pattern/, "Checking that invalid property patterns throw");
+});