Bug 1456051 - Make cert an ES module. r=maja_zf

In addition to the way symbols are exposed, this patch makes a few changes to what is exposed. Unexposing currentOverride and the error override bitmasks should not cause any problems. MozReview-Commit-ID: 9CWZHVyAKbg --HG-- extra : rebase_source : 6411f842c1eec26661cbe6f4d9e821904ffc4811
2018-04-23 10:01:40 +01:00 · 2018-04-23 10:01:40 +01:00 · d458b76e52
--- a/testing/marionette/cert.js
+++ b/testing/marionette/cert.js
@ -7,97 +7,84 @@
 ChromeUtils.import("resource://gre/modules/Preferences.jsm");
 ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");

-this.EXPORTED_SYMBOLS = ["cert"];
+this.EXPORTED_SYMBOLS = [
+  "CertificateOverrideManager",
+  "InsecureSweepingOverride",
+];

 const registrar =
    Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
 const sss = Cc["@mozilla.org/ssservice;1"]
    .getService(Ci.nsISiteSecurityService);

+const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
+const CID = Components.ID("{4b67cce0-a51c-11e6-9598-0800200c9a66}");
 const CONTRACT_ID = "@mozilla.org/security/certoverride;1";
-const CERT_PINNING_ENFORCEMENT_PREF =
-    "security.cert_pinning.enforcement_level";
-const HSTS_PRELOAD_LIST_PREF =
-    "network.stricttransportsecurity.preloadlist";
+const DESC = "All-encompassing cert service that matches on a bitflag";
+const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";

-/**
- * TLS certificate service override management for Marionette.
- *
- * @namespace
- */
-this.cert = {
-  Error: {
-    Untrusted: 1,
-    Mismatch: 2,
-    Time: 4,
-  },
-
-  currentOverride: null,
+const Error = {
+  Untrusted: 1,
+  Mismatch: 2,
+  Time: 4,
 };

-/**
- * Installs a TLS certificate service override.
- *
- * The provided |service| must implement the |register| and |unregister|
- * functions that causes a new |nsICertOverrideService| interface
- * implementation to be registered with the |nsIComponentRegistrar|.
- *
- * After |service| is registered and made the |cert.currentOverride|,
- * |nsICertOverrideService| is reinitialised to cause all Gecko components
- * to pick up the new service.
- *
- * If an override is already installed, i.e. when |cert.currentOverride|
- * is not null, this functions acts as a NOOP.
- *
- * @param {cert.Override} service
- *     Service generator that registers and unregisters the XPCOM service.
- *
- * @throws {Components.Exception}
- *     If unable to register or initialise |service|.
- */
-cert.installOverride = function(service) {
-  if (this.currentOverride) {
-    return;
+let currentOverride = null;
+
+/** TLS certificate service override management for Marionette. */
+class CertificateOverrideManager {
+  /**
+   * Installs a TLS certificate service override.
+   *
+   * The provided `service` must implement the `register` and `unregister`
+   * functions that causes a new `nsICertOverrideService` interface
+   * implementation to be registered with the `nsIComponentRegistrar`.
+   *
+   * After `service` is registered, `nsICertOverrideService` is
+   * reinitialised to cause all Gecko components to pick up the
+   * new service.
+   *
+   * If an override is already installed this functions acts as a no-op.
+   *
+   * @param {cert.Override} service
+   *     Service generator that registers and unregisters the XPCOM service.
+   *
+   * @throws {Components.Exception}
+   *     If unable to register or initialise `service`.
+   */
+  static install(service) {
+    if (currentOverride) {
+      return;
+    }
+
+    service.register();
+    currentOverride = service;
  }

-  service.register();
-  cert.currentOverride = service;
-};
-
-/**
- * Uninstall a TLS certificate service override.
- *
- * After the service has been unregistered, |cert.currentOverride|
- * is reset to null.
- *
- * If there no current override installed, i.e. if |cert.currentOverride|
- * is null, this function acts as a NOOP.
- */
-cert.uninstallOverride = function() {
-  if (!cert.currentOverride) {
-    return;
+  /**
+   * Uninstall a TLS certificate service override.
+   *
+   * If there is no current override installed this function acts
+   * as a no-op.
+   */
+  static uninstall() {
+    if (!currentOverride) {
+      return;
+    }
+    currentOverride.unregister();
+    currentOverride = null;
  }
-  cert.currentOverride.unregister();
-  this.currentOverride = null;
-};
+}
+this.CertificateOverrideManager = CertificateOverrideManager;

 /**
 * Certificate override service that acts in an all-inclusive manner
 * on TLS certificates.
 *
- * When an invalid certificate is encountered, it is overriden
- * with the |matching| bit level, which is typically a combination of
- * |cert.Error.Untrusted|, |cert.Error.Mismatch|, and |cert.Error.Time|.
- *
- * @type cert.Override
- *
 * @throws {Components.Exception}
 *     If there are any problems registering the service.
 */
-cert.InsecureSweepingOverride = function() {
-  const CID = Components.ID("{4b67cce0-a51c-11e6-9598-0800200c9a66}");
-  const DESC = "All-encompassing cert service that matches on a bitflag";
-
+function InsecureSweepingOverride() {
  // This needs to be an old-style class with a function constructor
  // and prototype assignment because... XPCOM.  Any attempt at
  // modernisation will be met with cryptic error messages which will
@ -107,8 +94,7 @@ cert.InsecureSweepingOverride = function() {
    hasMatchingOverride(
        aHostName, aPort, aCert, aOverrideBits, aIsTemporary) {
      aIsTemporary.value = false;
-      aOverrideBits.value =
-          cert.Error.Untrusted | cert.Error.Mismatch | cert.Error.Time;
+      aOverrideBits.value = Error.Untrusted | Error.Mismatch | Error.Time;

      return true;
    },
@ -139,4 +125,5 @@ cert.InsecureSweepingOverride = function() {
      sss.clearPreloads();
    },
  };
-};
+}
+this.InsecureSweepingOverride = InsecureSweepingOverride;
--- a/testing/marionette/doc/internals/cert.rst
+++ b/testing/marionette/doc/internals/cert.rst
@ -1,4 +1,12 @@
 cert module
 ===========
-.. js:autoclass:: cert
+
+CertificateOverrideManager
+--------------------------
+.. js:autoclass:: CertificateOverrideManager
+  :members:
+
+InsecureSweepingOverride
+------------------------
+.. js:autoclass:: InsecureSweepingOverride
  :members:
--- a/testing/marionette/driver.js
+++ b/testing/marionette/driver.js
@ -20,7 +20,10 @@ const {
  WindowState,
 } = ChromeUtils.import("chrome://marionette/content/browser.js", {});
 ChromeUtils.import("chrome://marionette/content/capture.js");
-ChromeUtils.import("chrome://marionette/content/cert.js");
+const {
+  CertificateOverrideManager,
+  InsecureSweepingOverride,
+} = ChromeUtils.import("chrome://marionette/content/cert.js", {});
 ChromeUtils.import("chrome://marionette/content/cookie.js");
 const {
  ChromeWebElement,
@ -692,8 +695,8 @@ GeckoDriver.prototype.newSession = async function(cmd) {

    if (!this.secureTLS) {
      logger.warn("TLS certificate errors will be ignored for this session");
-      let acceptAllCerts = new cert.InsecureSweepingOverride();
-      cert.installOverride(acceptAllCerts);
+      let acceptAllCerts = new InsecureSweepingOverride();
+      CertificateOverrideManager.install(acceptAllCerts);
    }

    if (this.proxy.init()) {
@ -2815,7 +2818,7 @@ GeckoDriver.prototype.deleteSession = function() {
  modal.removeHandler(this.dialogHandler);

  this.sandboxes.clear();
-  cert.uninstallOverride();
+  CertificateOverrideManager.uninstall();

  this.sessionID = null;
  this.capabilities = new session.Capabilities();