зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1456051 - Make cert an ES module. r=maja_zf
In addition to the way symbols are exposed, this patch makes a few changes to what is exposed. Unexposing currentOverride and the error override bitmasks should not cause any problems. MozReview-Commit-ID: 9CWZHVyAKbg --HG-- extra : rebase_source : 6411f842c1eec26661cbe6f4d9e821904ffc4811
This commit is contained in:
Родитель
916ef8de56
Коммит
d458b76e52
|
@ -7,97 +7,84 @@
|
|||
ChromeUtils.import("resource://gre/modules/Preferences.jsm");
|
||||
ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
|
||||
|
||||
this.EXPORTED_SYMBOLS = ["cert"];
|
||||
this.EXPORTED_SYMBOLS = [
|
||||
"CertificateOverrideManager",
|
||||
"InsecureSweepingOverride",
|
||||
];
|
||||
|
||||
const registrar =
|
||||
Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
|
||||
const sss = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
|
||||
const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
|
||||
const CID = Components.ID("{4b67cce0-a51c-11e6-9598-0800200c9a66}");
|
||||
const CONTRACT_ID = "@mozilla.org/security/certoverride;1";
|
||||
const CERT_PINNING_ENFORCEMENT_PREF =
|
||||
"security.cert_pinning.enforcement_level";
|
||||
const HSTS_PRELOAD_LIST_PREF =
|
||||
"network.stricttransportsecurity.preloadlist";
|
||||
const DESC = "All-encompassing cert service that matches on a bitflag";
|
||||
const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";
|
||||
|
||||
/**
|
||||
* TLS certificate service override management for Marionette.
|
||||
*
|
||||
* @namespace
|
||||
*/
|
||||
this.cert = {
|
||||
Error: {
|
||||
Untrusted: 1,
|
||||
Mismatch: 2,
|
||||
Time: 4,
|
||||
},
|
||||
|
||||
currentOverride: null,
|
||||
const Error = {
|
||||
Untrusted: 1,
|
||||
Mismatch: 2,
|
||||
Time: 4,
|
||||
};
|
||||
|
||||
/**
|
||||
* Installs a TLS certificate service override.
|
||||
*
|
||||
* The provided |service| must implement the |register| and |unregister|
|
||||
* functions that causes a new |nsICertOverrideService| interface
|
||||
* implementation to be registered with the |nsIComponentRegistrar|.
|
||||
*
|
||||
* After |service| is registered and made the |cert.currentOverride|,
|
||||
* |nsICertOverrideService| is reinitialised to cause all Gecko components
|
||||
* to pick up the new service.
|
||||
*
|
||||
* If an override is already installed, i.e. when |cert.currentOverride|
|
||||
* is not null, this functions acts as a NOOP.
|
||||
*
|
||||
* @param {cert.Override} service
|
||||
* Service generator that registers and unregisters the XPCOM service.
|
||||
*
|
||||
* @throws {Components.Exception}
|
||||
* If unable to register or initialise |service|.
|
||||
*/
|
||||
cert.installOverride = function(service) {
|
||||
if (this.currentOverride) {
|
||||
return;
|
||||
let currentOverride = null;
|
||||
|
||||
/** TLS certificate service override management for Marionette. */
|
||||
class CertificateOverrideManager {
|
||||
/**
|
||||
* Installs a TLS certificate service override.
|
||||
*
|
||||
* The provided `service` must implement the `register` and `unregister`
|
||||
* functions that causes a new `nsICertOverrideService` interface
|
||||
* implementation to be registered with the `nsIComponentRegistrar`.
|
||||
*
|
||||
* After `service` is registered, `nsICertOverrideService` is
|
||||
* reinitialised to cause all Gecko components to pick up the
|
||||
* new service.
|
||||
*
|
||||
* If an override is already installed this functions acts as a no-op.
|
||||
*
|
||||
* @param {cert.Override} service
|
||||
* Service generator that registers and unregisters the XPCOM service.
|
||||
*
|
||||
* @throws {Components.Exception}
|
||||
* If unable to register or initialise `service`.
|
||||
*/
|
||||
static install(service) {
|
||||
if (currentOverride) {
|
||||
return;
|
||||
}
|
||||
|
||||
service.register();
|
||||
currentOverride = service;
|
||||
}
|
||||
|
||||
service.register();
|
||||
cert.currentOverride = service;
|
||||
};
|
||||
|
||||
/**
|
||||
* Uninstall a TLS certificate service override.
|
||||
*
|
||||
* After the service has been unregistered, |cert.currentOverride|
|
||||
* is reset to null.
|
||||
*
|
||||
* If there no current override installed, i.e. if |cert.currentOverride|
|
||||
* is null, this function acts as a NOOP.
|
||||
*/
|
||||
cert.uninstallOverride = function() {
|
||||
if (!cert.currentOverride) {
|
||||
return;
|
||||
/**
|
||||
* Uninstall a TLS certificate service override.
|
||||
*
|
||||
* If there is no current override installed this function acts
|
||||
* as a no-op.
|
||||
*/
|
||||
static uninstall() {
|
||||
if (!currentOverride) {
|
||||
return;
|
||||
}
|
||||
currentOverride.unregister();
|
||||
currentOverride = null;
|
||||
}
|
||||
cert.currentOverride.unregister();
|
||||
this.currentOverride = null;
|
||||
};
|
||||
}
|
||||
this.CertificateOverrideManager = CertificateOverrideManager;
|
||||
|
||||
/**
|
||||
* Certificate override service that acts in an all-inclusive manner
|
||||
* on TLS certificates.
|
||||
*
|
||||
* When an invalid certificate is encountered, it is overriden
|
||||
* with the |matching| bit level, which is typically a combination of
|
||||
* |cert.Error.Untrusted|, |cert.Error.Mismatch|, and |cert.Error.Time|.
|
||||
*
|
||||
* @type cert.Override
|
||||
*
|
||||
* @throws {Components.Exception}
|
||||
* If there are any problems registering the service.
|
||||
*/
|
||||
cert.InsecureSweepingOverride = function() {
|
||||
const CID = Components.ID("{4b67cce0-a51c-11e6-9598-0800200c9a66}");
|
||||
const DESC = "All-encompassing cert service that matches on a bitflag";
|
||||
|
||||
function InsecureSweepingOverride() {
|
||||
// This needs to be an old-style class with a function constructor
|
||||
// and prototype assignment because... XPCOM. Any attempt at
|
||||
// modernisation will be met with cryptic error messages which will
|
||||
|
@ -107,8 +94,7 @@ cert.InsecureSweepingOverride = function() {
|
|||
hasMatchingOverride(
|
||||
aHostName, aPort, aCert, aOverrideBits, aIsTemporary) {
|
||||
aIsTemporary.value = false;
|
||||
aOverrideBits.value =
|
||||
cert.Error.Untrusted | cert.Error.Mismatch | cert.Error.Time;
|
||||
aOverrideBits.value = Error.Untrusted | Error.Mismatch | Error.Time;
|
||||
|
||||
return true;
|
||||
},
|
||||
|
@ -139,4 +125,5 @@ cert.InsecureSweepingOverride = function() {
|
|||
sss.clearPreloads();
|
||||
},
|
||||
};
|
||||
};
|
||||
}
|
||||
this.InsecureSweepingOverride = InsecureSweepingOverride;
|
||||
|
|
|
@ -1,4 +1,12 @@
|
|||
cert module
|
||||
===========
|
||||
.. js:autoclass:: cert
|
||||
|
||||
CertificateOverrideManager
|
||||
--------------------------
|
||||
.. js:autoclass:: CertificateOverrideManager
|
||||
:members:
|
||||
|
||||
InsecureSweepingOverride
|
||||
------------------------
|
||||
.. js:autoclass:: InsecureSweepingOverride
|
||||
:members:
|
||||
|
|
|
@ -20,7 +20,10 @@ const {
|
|||
WindowState,
|
||||
} = ChromeUtils.import("chrome://marionette/content/browser.js", {});
|
||||
ChromeUtils.import("chrome://marionette/content/capture.js");
|
||||
ChromeUtils.import("chrome://marionette/content/cert.js");
|
||||
const {
|
||||
CertificateOverrideManager,
|
||||
InsecureSweepingOverride,
|
||||
} = ChromeUtils.import("chrome://marionette/content/cert.js", {});
|
||||
ChromeUtils.import("chrome://marionette/content/cookie.js");
|
||||
const {
|
||||
ChromeWebElement,
|
||||
|
@ -692,8 +695,8 @@ GeckoDriver.prototype.newSession = async function(cmd) {
|
|||
|
||||
if (!this.secureTLS) {
|
||||
logger.warn("TLS certificate errors will be ignored for this session");
|
||||
let acceptAllCerts = new cert.InsecureSweepingOverride();
|
||||
cert.installOverride(acceptAllCerts);
|
||||
let acceptAllCerts = new InsecureSweepingOverride();
|
||||
CertificateOverrideManager.install(acceptAllCerts);
|
||||
}
|
||||
|
||||
if (this.proxy.init()) {
|
||||
|
@ -2815,7 +2818,7 @@ GeckoDriver.prototype.deleteSession = function() {
|
|||
modal.removeHandler(this.dialogHandler);
|
||||
|
||||
this.sandboxes.clear();
|
||||
cert.uninstallOverride();
|
||||
CertificateOverrideManager.uninstall();
|
||||
|
||||
this.sessionID = null;
|
||||
this.capabilities = new session.Capabilities();
|
||||
|
|
Загрузка…
Ссылка в новой задаче