mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1777366 - remove unused `source` and `cached` parameters from nsISiteSecurityService APIs r=rmf,necko-reviewers,kershaw 

These parameters are no longer used and can be removed, along with the expired
telemetry HSTS_UPGRADE_SOURCE.

Differential Revision: https://phabricator.services.mozilla.com/D150786
This commit is contained in:
Dana Keeler 2022-07-05 18:33:18 +00:00
Родитель 4d805f7ff0
Коммит dc4ce8d406
27 изменённых файлов: 84 добавлений и 345 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
docshell/base/nsDocShell.cpp
Просмотреть файл

@ -3659,7 +3659,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
nsCOMPtr<nsISiteSecurityService> sss =
do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
rv = sss->IsSecureURI(aURI, attrsForHSTS, nullptr, nullptr, &isStsHost);
rv = sss->IsSecureURI(aURI, attrsForHSTS, &isStsHost);
NS_ENSURE_SUCCESS(rv, rv);
} else {
mozilla::dom::ContentChild* cc =

4
dom/base/Document.cpp
Просмотреть файл

@ -1934,8 +1934,8 @@ void Document::GetFailedCertSecurityInfo(FailedCertSecurityInfo& aInfo,
if (NS_WARN_IF(!sss)) {
return;
}
Unused << NS_WARN_IF(NS_FAILED(
sss->IsSecureURI(aURI, attrs, nullptr, nullptr, &aInfo.mHasHSTS)));
Unused << NS_WARN_IF(
NS_FAILED(sss->IsSecureURI(aURI, attrs, &aInfo.mHasHSTS)));
}
nsCOMPtr<nsIPublicKeyPinningService> pkps =
do_GetService(NS_PKPSERVICE_CONTRACTID);

3
dom/ipc/ContentParent.cpp
Просмотреть файл

@ -4507,8 +4507,7 @@ mozilla::ipc::IPCResult ContentParent::RecvIsSecureURI(
if (!aURI) {
return IPC_FAIL_NO_REASON(this);
}
nsresult rv =
sss->IsSecureURI(aURI, aOriginAttributes, nullptr, nullptr, aIsSecureURI);
nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, aIsSecureURI);
if (NS_FAILED(rv)) {
return IPC_FAIL_NO_REASON(this);
}

2
dom/security/nsMixedContentBlocker.cpp
Просмотреть файл

@ -1012,7 +1012,7 @@ void nsMixedContentBlocker::AccumulateMixedContentHSTS(
if (NS_FAILED(rv)) {
return;
}
rv = sss->IsSecureURI(aURI, aOriginAttributes, nullptr, nullptr, &hsts);
rv = sss->IsSecureURI(aURI, aOriginAttributes, &hsts);
if (NS_FAILED(rv)) {
return;
}

29
netwerk/base/nsNetUtil.cpp
Просмотреть файл

@ -2869,25 +2869,12 @@ bool NS_IsSrcdocChannel(nsIChannel* aChannel) {
}
// helper function for NS_ShouldSecureUpgrade for checking HSTS
bool handleResultFunc(bool aAllowSTS, bool aIsStsHost, uint32_t aHstsSource) {
bool handleResultFunc(bool aAllowSTS, bool aIsStsHost) {
if (aIsStsHost) {
LOG(("nsHttpChannel::Connect() STS permissions found\n"));
if (aAllowSTS) {
Telemetry::AccumulateCategorical(
Telemetry::LABELS_HTTP_SCHEME_UPGRADE_TYPE::STS);
switch (aHstsSource) {
case nsISiteSecurityService::SOURCE_PRELOAD_LIST:
Telemetry::Accumulate(Telemetry::HSTS_UPGRADE_SOURCE, 0);
break;
case nsISiteSecurityService::SOURCE_ORGANIC_REQUEST:
Telemetry::Accumulate(Telemetry::HSTS_UPGRADE_SOURCE, 1);
break;
case nsISiteSecurityService::SOURCE_UNKNOWN:
default:
// record this as an organic request
Telemetry::Accumulate(Telemetry::HSTS_UPGRADE_SOURCE, 1);
break;
}
return true;
}
Telemetry::AccumulateCategorical(
@ -3018,7 +3005,6 @@ nsresult NS_ShouldSecureUpgrade(
NS_ENSURE_TRUE(sss, NS_ERROR_OUT_OF_MEMORY);
bool isStsHost = false;
uint32_t hstsSource = 0;
// Calling |IsSecureURI| before the storage is ready to read will
// block the main thread. Once the storage is ready, we can call it
// from main thread.
@ -3052,15 +3038,13 @@ nsresult NS_ShouldSecureUpgrade(
callbackWrapper{std::move(callbackWrapper)},
allowSTS{std::move(aAllowSTS)}]() mutable {
bool isStsHost = false;
uint32_t hstsSource = 0;
nsresult rv = service->IsSecureURI(uri, originAttributes, nullptr,
&hstsSource, &isStsHost);
nsresult rv =
service->IsSecureURI(uri, originAttributes, &isStsHost);
// Successfully get the result from |IsSecureURI| implies that
// the storage is ready to read.
storageReady = NS_SUCCEEDED(rv);
bool shouldUpgrade =
handleResultFunc(allowSTS, isStsHost, hstsSource);
bool shouldUpgrade = handleResultFunc(allowSTS, isStsHost);
// Check if request should be upgraded.
NS_DispatchToMainThread(NS_NewRunnableFunction(
"net::NS_ShouldSecureUpgrade::ResultCallback",
@ -3074,15 +3058,14 @@ nsresult NS_ShouldSecureUpgrade(
return rv;
}
nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, nullptr, &hstsSource,
&isStsHost);
nsresult rv = sss->IsSecureURI(aURI, aOriginAttributes, &isStsHost);
// if the SSS check fails, it's likely because this load is on a
// malformed URI or something else in the setup is wrong, so any error
// should be reported.
NS_ENSURE_SUCCESS(rv, rv);
aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost, hstsSource);
aShouldUpgrade = handleResultFunc(aAllowSTS, isStsHost);
if (!aShouldUpgrade) {
// Check for CSP upgrade-insecure-requests, Mixed content auto upgrading
// and Https-Only / -First.

5
netwerk/protocol/http/nsHttpChannel.cpp
Просмотреть файл

@ -1800,9 +1800,8 @@ nsresult nsHttpChannel::ProcessHSTSHeader(nsITransportSecurityInfo* aSecInfo) {
}
uint32_t failureResult;
uint32_t headerSource = nsISiteSecurityService::SOURCE_ORGANIC_REQUEST;
rv = sss->ProcessHeader(mURI, securityHeader, aSecInfo, headerSource,
originAttributes, nullptr, nullptr, &failureResult);
rv = sss->ProcessHeader(mURI, securityHeader, aSecInfo, originAttributes,
nullptr, nullptr, &failureResult);
if (NS_FAILED(rv)) {
nsAutoString consoleErrorCategory(u"Invalid HSTS Headers"_ns);
nsAutoString consoleErrorTag;

3
netwerk/protocol/http/nsHttpHandler.cpp
Просмотреть файл

@ -2277,8 +2277,7 @@ nsresult nsHttpHandler::SpeculativeConnectInternal(
aURI, originAttributes);
nsCOMPtr<nsIURI> clone;
if (NS_SUCCEEDED(sss->IsSecureURI(aURI, originAttributes, nullptr, nullptr,
&isStsHost)) &&
if (NS_SUCCEEDED(sss->IsSecureURI(aURI, originAttributes, &isStsHost)) &&
isStsHost) {
if (NS_SUCCEEDED(NS_GetSecureUpgradedURI(aURI, getter_AddRefs(clone)))) {
aURI = clone.get();

4
security/manager/ssl/SSLServerCertVerification.cpp
Просмотреть файл

@ -439,8 +439,8 @@ static nsresult OverrideAllowedForHost(
return rv;
}
rv = sss->IsSecureURI(uri, aOriginAttributes, nullptr, nullptr,
&strictTransportSecurityEnabled);
rv =
sss->IsSecureURI(uri, aOriginAttributes, &strictTransportSecurityEnabled);
if (NS_FAILED(rv)) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("[0x%" PRIx64 "] checking for HSTS failed", aPtrForLog));

26
security/manager/ssl/nsISiteSecurityService.idl
Просмотреть файл

@ -63,15 +63,6 @@ interface nsISiteSecurityService : nsISupports
const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
// ERROR_ROOT_NOT_BUILT_IN was 14
/**
* nsISiteSecurityService::IsSecureURI can optionally return a flag
* indicating the source of the HSTS cache entry, if it comes from the
* preload list, was seen naturally, or is a result of HSTS priming.
*/
const uint32_t SOURCE_UNKNOWN = 0;
const uint32_t SOURCE_PRELOAD_LIST = 1;
const uint32_t SOURCE_ORGANIC_REQUEST = 2;
/**
* Parses a given HTTP header and records the results internally.
* Currently one header type is supported: HSTS (aka STS).
@ -90,8 +81,6 @@ interface nsISiteSecurityService : nsISupports
* happens).
* If mPrivateBrowsingId > 0, information gathered
* from this header will not be saved persistently.
* @param aSource the source of the header, whether it was from the preload
* list, an organic header, or unknown.
* @param aMaxAge the parsed max-age directive of the header.
* @param aIncludeSubdomains the parsed includeSubdomains directive.
* @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
@ -105,7 +94,6 @@ interface nsISiteSecurityService : nsISupports
void processHeaderNative(in nsIURI aSourceURI,
in ACString aHeader,
in nsITransportSecurityInfo aSecInfo,
in uint32_t aSource,
in const_OriginAttributesRef aOriginAttributes,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains,
@ -116,7 +104,6 @@ interface nsISiteSecurityService : nsISupports
void processHeader(in nsIURI aSourceURI,
in ACString aHeader,
in nsITransportSecurityInfo aSecInfo,
in uint32_t aSource,
[optional] in jsval aOriginAttributes,
[optional] out unsigned long long aMaxAge,
[optional] out boolean aIncludeSubdomains,
@ -154,23 +141,14 @@ interface nsISiteSecurityService : nsISupports
* by userContextId because of the risk of man-in-
* the-middle attacks before trust-on-second-use
* happens).
* @param aCached true if we have cached information about this host, even
* if the security state is false.
* @param aSource the source of the HSTS entry. One of SOURCE_PRELOAD_LIST,
* SOURCE_ORGANIC_REQUEST, or SOURCE_UNKNOWN.
*/
[binaryname(IsSecureURI), noscript, must_use]
boolean isSecureURINative(in nsIURI aURI,
in const_OriginAttributesRef aOriginAttributes,
[optional] out boolean aCached,
[optional] out uint32_t aSource);
in const_OriginAttributesRef aOriginAttributes);
[binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc,
must_use]
boolean isSecureURI(in nsIURI aURI,
[optional] in jsval aOriginAttributes,
[optional] out boolean aCached,
[optional] out uint32_t aSource);
boolean isSecureURI(in nsIURI aURI, [optional] in jsval aOriginAttributes);
/**
* Removes all non-preloaded HSTS state by resetting to factory-original

161
security/manager/ssl/nsSiteSecurityService.cpp
Просмотреть файл

@ -89,33 +89,13 @@ class SSSTokenizer final : public Tokenizer {
return true;
}
[[nodiscard]] bool ReadSource(/*out*/ SecurityPropertySource& source) {
uint32_t rawValue;
if (!ReadInteger(&rawValue)) {
return false;
}
source = static_cast<SecurityPropertySource>(rawValue);
switch (source) {
case SourceUnknown:
case SourcePreload:
case SourceOrganic:
break;
default:
return false;
}
return true;
}
};
// Parses a state string like "1500918564034,1,1" into its constituent parts.
bool ParseHSTSState(const nsCString& stateString,
/*out*/ PRTime& expireTime,
/*out*/ SecurityPropertyState& state,
/*out*/ bool& includeSubdomains,
/*out*/ SecurityPropertySource& source) {
/*out*/ bool& includeSubdomains) {
SSSTokenizer tokenizer(stateString);
SSSLOG(("Parsing state from %s", stateString.get()));
@ -139,9 +119,10 @@ bool ParseHSTSState(const nsCString& stateString,
return false;
}
source = SourceUnknown;
if (tokenizer.CheckChar(',')) {
if (!tokenizer.ReadSource(source)) {
// Read now-unused "source" field.
uint32_t unused;
if (!tokenizer.ReadInteger(&unused)) {
return false;
}
}
@ -158,16 +139,14 @@ SiteHSTSState::SiteHSTSState(const nsCString& aHost,
mOriginAttributes(aOriginAttributes),
mHSTSExpireTime(0),
mHSTSState(SecurityPropertyUnset),
mHSTSIncludeSubdomains(false),
mHSTSSource(SourceUnknown) {
mHSTSIncludeSubdomains(false) {
bool valid = ParseHSTSState(aStateString, mHSTSExpireTime, mHSTSState,
mHSTSIncludeSubdomains, mHSTSSource);
mHSTSIncludeSubdomains);
if (!valid) {
SSSLOG(("%s is not a valid SiteHSTSState", aStateString.get()));
mHSTSExpireTime = 0;
mHSTSState = SecurityPropertyUnset;
mHSTSIncludeSubdomains = false;
mHSTSSource = SourceUnknown;
}
}
@ -175,15 +154,13 @@ SiteHSTSState::SiteHSTSState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
PRTime aHSTSExpireTime,
SecurityPropertyState aHSTSState,
bool aHSTSIncludeSubdomains,
SecurityPropertySource aSource)
bool aHSTSIncludeSubdomains)
: mHostname(aHost),
mOriginAttributes(aOriginAttributes),
mHSTSExpireTime(aHSTSExpireTime),
mHSTSState(aHSTSState),
mHSTSIncludeSubdomains(aHSTSIncludeSubdomains),
mHSTSSource(aSource) {}
mHSTSIncludeSubdomains(aHSTSIncludeSubdomains) {}
void SiteHSTSState::ToString(nsCString& aString) {
aString.Truncate();
@ -192,8 +169,6 @@ void SiteHSTSState::ToString(nsCString& aString) {
aString.AppendInt(mHSTSState);
aString.Append(',');
aString.AppendInt(static_cast<uint32_t>(mHSTSIncludeSubdomains));
aString.Append(',');
aString.AppendInt(mHSTSSource);
}
NS_IMETHODIMP
@ -309,27 +284,22 @@ static int64_t ExpireTimeFromMaxAge(uint64_t maxAge) {
nsresult nsSiteSecurityService::SetHSTSState(
const char* aHost, int64_t maxage, bool includeSubdomains,
SecurityPropertyState aHSTSState, SecurityPropertySource aSource,
SecurityPropertyState aHSTSState,
const OriginAttributes& aOriginAttributes) {
nsAutoCString hostname(aHost);
bool isPreload = (aSource == SourcePreload);
// If max-age is zero, the host is no longer considered HSTS. If the host was
// preloaded, we store an entry indicating that this host is not HSTS, causing
// the preloaded information to be ignored.
if (maxage == 0) {
return MarkHostAsNotHSTS(hostname, isPreload, aOriginAttributes);
return MarkHostAsNotHSTS(hostname, aOriginAttributes);
}
MOZ_ASSERT(aHSTSState == SecurityPropertySet,
"HSTS State must be SecurityPropertySet");
if (isPreload && aOriginAttributes != OriginAttributes()) {
return NS_ERROR_INVALID_ARG;
}
int64_t expiretime = ExpireTimeFromMaxAge(maxage);
RefPtr<SiteHSTSState> siteState =
new SiteHSTSState(hostname, aOriginAttributes, expiretime, aHSTSState,
includeSubdomains, aSource);
RefPtr<SiteHSTSState> siteState = new SiteHSTSState(
hostname, aOriginAttributes, expiretime, aHSTSState, includeSubdomains);
nsAutoCString stateString;
siteState->ToString(stateString);
SSSLOG(("SSS: setting state for %s", hostname.get()));
@ -343,10 +313,7 @@ nsresult nsSiteSecurityService::SetHSTSState(
nsCString value = mSiteStateStorage->Get(storageKey, storageType);
RefPtr<SiteHSTSState> curSiteState =
new SiteHSTSState(hostname, aOriginAttributes, value);
if (curSiteState->mHSTSState != SecurityPropertyUnset &&
curSiteState->mHSTSSource != SourceUnknown) {
// don't override the source
siteState->mHSTSSource = curSiteState->mHSTSSource;
if (curSiteState->mHSTSState != SecurityPropertyUnset) {
siteState->ToString(stateString);
}
nsresult rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
@ -360,12 +327,7 @@ nsresult nsSiteSecurityService::SetHSTSState(
// entry that indicates this host is not HSTS to prevent the implementation
// using the preloaded information.
nsresult nsSiteSecurityService::MarkHostAsNotHSTS(
const nsAutoCString& aHost, bool aIsPreload,
const OriginAttributes& aOriginAttributes) {
if (aIsPreload && aOriginAttributes != OriginAttributes()) {
return NS_ERROR_INVALID_ARG;
}
const nsAutoCString& aHost, const OriginAttributes& aOriginAttributes) {
bool isPrivate = aOriginAttributes.mPrivateBrowsingId > 0;
mozilla::DataStorageType storageType = isPrivate
? mozilla::DataStorage_Private
@ -375,9 +337,8 @@ nsresult nsSiteSecurityService::MarkHostAsNotHSTS(
if (GetPreloadStatus(aHost)) {
SSSLOG(("SSS: storing knockout entry for %s", aHost.get()));
RefPtr<SiteHSTSState> siteState =
new SiteHSTSState(aHost, aOriginAttributes, 0, SecurityPropertyKnockout,
false, SourceUnknown);
RefPtr<SiteHSTSState> siteState = new SiteHSTSState(
aHost, aOriginAttributes, 0, SecurityPropertyKnockout, false);
nsAutoCString stateString;
siteState->ToString(stateString);
nsresult rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
@ -445,10 +406,9 @@ bool nsSiteSecurityService::HostIsIPAddress(const nsCString& hostname) {
NS_IMETHODIMP
nsSiteSecurityService::ProcessHeaderScriptable(
nsIURI* aSourceURI, const nsACString& aHeader,
nsITransportSecurityInfo* aSecInfo, uint32_t aSource,
JS::HandleValue aOriginAttributes, uint64_t* aMaxAge,
bool* aIncludeSubdomains, uint32_t* aFailureResult, JSContext* aCx,
uint8_t aArgc) {
nsITransportSecurityInfo* aSecInfo, JS::HandleValue aOriginAttributes,
uint64_t* aMaxAge, bool* aIncludeSubdomains, uint32_t* aFailureResult,
JSContext* aCx, uint8_t aArgc) {
OriginAttributes originAttributes;
if (aArgc > 0) {
if (!aOriginAttributes.isObject() ||
@ -456,39 +416,30 @@ nsSiteSecurityService::ProcessHeaderScriptable(
return NS_ERROR_INVALID_ARG;
}
}
return ProcessHeader(aSourceURI, aHeader, aSecInfo, aSource, originAttributes,
aMaxAge, aIncludeSubdomains, aFailureResult);
return ProcessHeader(aSourceURI, aHeader, aSecInfo, originAttributes, aMaxAge,
aIncludeSubdomains, aFailureResult);
}
NS_IMETHODIMP
nsSiteSecurityService::ProcessHeader(
nsIURI* aSourceURI, const nsACString& aHeader,
nsITransportSecurityInfo* aSecInfo, uint32_t aHeaderSource,
const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge,
bool* aIncludeSubdomains, uint32_t* aFailureResult) {
nsSiteSecurityService::ProcessHeader(nsIURI* aSourceURI,
const nsACString& aHeader,
nsITransportSecurityInfo* aSecInfo,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge,
bool* aIncludeSubdomains,
uint32_t* aFailureResult) {
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
SecurityPropertySource source =
static_cast<SecurityPropertySource>(aHeaderSource);
switch (source) {
case SourceUnknown:
case SourcePreload:
case SourceOrganic:
break;
default:
return NS_ERROR_INVALID_ARG;
}
NS_ENSURE_ARG(aSecInfo);
return ProcessHeaderInternal(aSourceURI, PromiseFlatCString(aHeader),
aSecInfo, source, aOriginAttributes, aMaxAge,
aSecInfo, aOriginAttributes, aMaxAge,
aIncludeSubdomains, aFailureResult);
}
nsresult nsSiteSecurityService::ProcessHeaderInternal(
nsIURI* aSourceURI, const nsCString& aHeader,
nsITransportSecurityInfo* aSecInfo, SecurityPropertySource aSource,
nsITransportSecurityInfo* aSecInfo,
const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge,
bool* aIncludeSubdomains, uint32_t* aFailureResult) {
if (aFailureResult) {
@ -535,8 +486,8 @@ nsresult nsSiteSecurityService::ProcessHeaderInternal(
return NS_OK;
}
return ProcessSTSHeader(aSourceURI, aHeader, aSource, aOriginAttributes,
aMaxAge, aIncludeSubdomains, aFailureResult);
return ProcessSTSHeader(aSourceURI, aHeader, aOriginAttributes, aMaxAge,
aIncludeSubdomains, aFailureResult);
}
static uint32_t ParseSSSHeaders(const nsCString& aHeader,
@ -626,8 +577,8 @@ static uint32_t ParseSSSHeaders(const nsCString& aHeader,
nsresult nsSiteSecurityService::ProcessSTSHeader(
nsIURI* aSourceURI, const nsCString& aHeader,
SecurityPropertySource aSource, const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge, bool* aIncludeSubdomains, uint32_t* aFailureResult) {
const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge,
bool* aIncludeSubdomains, uint32_t* aFailureResult) {
if (aFailureResult) {
*aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
}
@ -663,7 +614,7 @@ nsresult nsSiteSecurityService::ProcessSTSHeader(
// record the successfully parsed header data.
rv = SetHSTSState(hostname.get(), maxAge, foundIncludeSubdomains,
SecurityPropertySet, aSource, aOriginAttributes);
SecurityPropertySet, aOriginAttributes);
if (NS_FAILED(rv)) {
SSSLOG(("SSS: failed to set STS state"));
if (aFailureResult) {
@ -687,7 +638,6 @@ nsresult nsSiteSecurityService::ProcessSTSHeader(
NS_IMETHODIMP
nsSiteSecurityService::IsSecureURIScriptable(nsIURI* aURI,
JS::HandleValue aOriginAttributes,
bool* aCached, uint32_t* aSource,
JSContext* aCx, uint8_t aArgc,
bool* aResult) {
OriginAttributes originAttributes;
@ -697,13 +647,12 @@ nsSiteSecurityService::IsSecureURIScriptable(nsIURI* aURI,
return NS_ERROR_INVALID_ARG;
}
}
return IsSecureURI(aURI, originAttributes, aCached, aSource, aResult);
return IsSecureURI(aURI, originAttributes, aResult);
}
NS_IMETHODIMP
nsSiteSecurityService::IsSecureURI(nsIURI* aURI,
const OriginAttributes& aOriginAttributes,
bool* aCached, uint32_t* aSource,
bool* aResult) {
NS_ENSURE_ARG(aURI);
NS_ENSURE_ARG(aResult);
@ -717,10 +666,7 @@ nsSiteSecurityService::IsSecureURI(nsIURI* aURI,
return NS_OK;
}
SecurityPropertySource* source =
BitwiseCast<SecurityPropertySource*>(aSource);
return IsSecureHost(hostname, aOriginAttributes, aCached, source, aResult);
return IsSecureHost(hostname, aOriginAttributes, aResult);
}
// Checks if the given host is in the preload list.
@ -756,14 +702,7 @@ bool nsSiteSecurityService::GetPreloadStatus(const nsACString& aHost,
// to be set on the entry (with the other parameters being as per IsSecureHost).
bool nsSiteSecurityService::HostHasHSTSEntry(
const nsAutoCString& aHost, bool aRequireIncludeSubdomains,
const OriginAttributes& aOriginAttributes, bool* aResult, bool* aCached,
SecurityPropertySource* aSource) {
if (aSource) {
*aSource = SourceUnknown;
}
if (aCached) {
*aCached = false;
}
const OriginAttributes& aOriginAttributes, bool* aResult) {
// First we check for an entry in site security storage. If that entry exists,
// we don't want to check in the preload lists. We only want to use the
// stored value if it is not a knockout entry, however.
@ -788,15 +727,6 @@ bool nsSiteSecurityService::HostHasHSTSEntry(
if (siteState->mHSTSState == SecurityPropertySet) {
*aResult = aRequireIncludeSubdomains ? siteState->mHSTSIncludeSubdomains
: true;
if (aCached) {
// Only set cached if this includes subdomains
*aCached = aRequireIncludeSubdomains
? siteState->mHSTSIncludeSubdomains
: true;
}
if (aSource) {
*aSource = siteState->mHSTSSource;
}
return true;
}
}
@ -818,13 +748,6 @@ bool nsSiteSecurityService::HostHasHSTSEntry(
GetPreloadStatus(aHost, &includeSubdomains)) {
SSSLOG(("%s is a preloaded HSTS host", aHost.get()));
*aResult = aRequireIncludeSubdomains ? includeSubdomains : true;
if (aCached) {
// Only set cached if this includes subdomains
*aCached = aRequireIncludeSubdomains ? includeSubdomains : true;
}
if (aSource) {
*aSource = SourcePreload;
}
return true;
}
@ -833,7 +756,7 @@ bool nsSiteSecurityService::HostHasHSTSEntry(
nsresult nsSiteSecurityService::IsSecureHost(
const nsACString& aHost, const OriginAttributes& aOriginAttributes,
bool* aCached, SecurityPropertySource* aSource, bool* aResult) {
bool* aResult) {
NS_ENSURE_ARG(aResult);
// set default in case if we can't find any STS information
@ -849,8 +772,7 @@ nsresult nsSiteSecurityService::IsSecureHost(
PublicKeyPinningService::CanonicalizeHostname(flatHost.get()));
// First check the exact host.
if (HostHasHSTSEntry(host, false, aOriginAttributes, aResult, aCached,
aSource)) {
if (HostHasHSTSEntry(host, false, aOriginAttributes, aResult)) {
return NS_OK;
}
@ -872,8 +794,7 @@ nsresult nsSiteSecurityService::IsSecureHost(
// that the entry includes subdomains.
nsAutoCString subdomainString(subdomain);
if (HostHasHSTSEntry(subdomainString, true, aOriginAttributes, aResult,
aCached, aSource)) {
if (HostHasHSTSEntry(subdomainString, true, aOriginAttributes, aResult)) {
break;
}

18
security/manager/ssl/nsSiteSecurityService.h
Просмотреть файл

@ -45,12 +45,6 @@ enum SecurityPropertyState {
SecurityPropertyKnockout = nsISiteSecurityState::SECURITY_PROPERTY_KNOCKOUT,
};
enum SecurityPropertySource {
SourceUnknown = nsISiteSecurityService::SOURCE_UNKNOWN,
SourcePreload = nsISiteSecurityService::SOURCE_PRELOAD_LIST,
SourceOrganic = nsISiteSecurityService::SOURCE_ORGANIC_REQUEST,
};
/**
* SiteHSTSState: A utility class that encodes/decodes a string describing
* the security state of a site. Currently only handles HSTS.
@ -73,14 +67,13 @@ class SiteHSTSState : public nsISiteHSTSState {
SiteHSTSState(const nsCString& aHost,
const OriginAttributes& aOriginAttributes,
PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
bool aHSTSIncludeSubdomains, SecurityPropertySource aSource);
bool aHSTSIncludeSubdomains);
nsCString mHostname;
OriginAttributes mOriginAttributes;
PRTime mHSTSExpireTime;
SecurityPropertyState mHSTSState;
bool mHSTSIncludeSubdomains;
SecurityPropertySource mHSTSSource;
bool IsExpired() {
// If mHSTSExpireTime is 0, this entry never expires (this is the case for
@ -125,34 +118,29 @@ class nsSiteSecurityService : public nsISiteSecurityService,
nsresult SetHSTSState(const char* aHost, int64_t maxage,
bool includeSubdomains,
SecurityPropertyState aHSTSState,
SecurityPropertySource aSource,
const OriginAttributes& aOriginAttributes);
nsresult ProcessHeaderInternal(nsIURI* aSourceURI, const nsCString& aHeader,
nsITransportSecurityInfo* aSecInfo,
SecurityPropertySource aSource,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge, bool* aIncludeSubdomains,
uint32_t* aFailureResult);
nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader,
SecurityPropertySource aSource,
const OriginAttributes& aOriginAttributes,
uint64_t* aMaxAge, bool* aIncludeSubdomains,
uint32_t* aFailureResult);
nsresult MarkHostAsNotHSTS(const nsAutoCString& aHost, bool aIsPreload,
nsresult MarkHostAsNotHSTS(const nsAutoCString& aHost,
const OriginAttributes& aOriginAttributes);
nsresult ResetStateInternal(nsIURI* aURI,
const OriginAttributes& aOriginAttributes);
bool HostHasHSTSEntry(const nsAutoCString& aHost,
bool aRequireIncludeSubdomains,
const OriginAttributes& aOriginAttributes,
bool* aResult, bool* aCached,
SecurityPropertySource* aSource);
bool* aResult);
bool GetPreloadStatus(
const nsACString& aHost,
/*optional out*/ bool* aIncludeSubdomains = nullptr) const;
nsresult IsSecureHost(const nsACString& aHost,
const OriginAttributes& aOriginAttributes,
bool* aCached, SecurityPropertySource* aSource,
bool* aResult);
bool mUsePreloadList;

1
security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
Просмотреть файл

@ -41,7 +41,6 @@ function test() {
uri,
"max-age=1000",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes(aIsPrivateMode)
);
ok(

37
security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
Просмотреть файл

@ -44,12 +44,7 @@ function add_tests() {
// that the platform doesn't consider a.pinning.example.com to be HSTS any
// longer.
add_task(async function() {
sss.processHeader(
uri,
GOOD_MAX_AGE,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
sss.processHeader(uri, GOOD_MAX_AGE, secInfo);
Assert.ok(sss.isSecureURI(uri), "a.pinning.example.com should be HSTS");
@ -66,12 +61,7 @@ function add_tests() {
// doesn't consider the subdomain to be HSTS any longer. Also test that
// unrelated sites don't also get removed.
add_task(async function() {
sss.processHeader(
uri,
GOOD_MAX_AGE,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
sss.processHeader(uri, GOOD_MAX_AGE, secInfo);
Assert.ok(
sss.isSecureURI(uri),
@ -80,12 +70,7 @@ function add_tests() {
// Add an unrelated site to HSTS.
let unrelatedURI = Services.io.newURI("https://example.org");
sss.processHeader(
unrelatedURI,
GOOD_MAX_AGE,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
sss.processHeader(unrelatedURI, GOOD_MAX_AGE, secInfo);
Assert.ok(sss.isSecureURI(unrelatedURI), "example.org should be HSTS");
await ForgetAboutSite.removeDataFromDomain("example.com");
@ -117,13 +102,7 @@ function add_tests() {
let unrelatedURI = Services.io.newURI("https://example.org");
for (let originAttributes of originAttributesList) {
sss.processHeader(
uri,
GOOD_MAX_AGE,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes
);
sss.processHeader(uri, GOOD_MAX_AGE, secInfo, originAttributes);
Assert.ok(
sss.isSecureURI(uri, originAttributes),
@ -131,13 +110,7 @@ function add_tests() {
);
// Add an unrelated site to HSTS.
sss.processHeader(
unrelatedURI,
GOOD_MAX_AGE,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes
);
sss.processHeader(unrelatedURI, GOOD_MAX_AGE, secInfo, originAttributes);
Assert.ok(
sss.isSecureURI(unrelatedURI, originAttributes),
"example.org should be HSTS (originAttributes case)"

7
security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
Просмотреть файл

@ -50,12 +50,7 @@ function run_test() {
let secInfo = Cc[
"@mozilla.org/security/transportsecurityinfo;1"
].createInstance(Ci.nsITransportSecurityInfo);
SSService.processHeader(
uri,
"max-age=10000",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
SSService.processHeader(uri, "max-age=10000", secInfo);
ok(
SSService.isSecureURI(uri),
"Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" +

7
security/manager/ssl/tests/unit/test_sss_enumerate.js
Просмотреть файл

@ -70,12 +70,7 @@ function add_tests() {
if (testcase.includeSubdomains) {
header += "; includeSubdomains";
}
sss.processHeader(
uri,
header,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
sss.processHeader(uri, header, secInfo);
}
);
}

7
security/manager/ssl/tests/unit/test_sss_eviction.js
Просмотреть файл

@ -61,12 +61,7 @@ function do_state_read(aSubject, aTopic, aData) {
].createInstance(Ci.nsITransportSecurityInfo);
for (let i = 0; i < 2000; i++) {
let uri = Services.io.newURI("http://bad" + i + ".example.com");
gSSService.processHeader(
uri,
"max-age=1000",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
gSSService.processHeader(uri, "max-age=1000", secInfo);
}
do_test_pending();
Services.obs.addObserver(do_state_written, "data-storage-written");

17
security/manager/ssl/tests/unit/test_sss_originAttributes.js
Просмотреть файл

@ -23,13 +23,7 @@ function doTest(secInfo, originAttributes1, originAttributes2, shouldShare) {
sss.clearAll();
let header = GOOD_MAX_AGE;
// Set HSTS for originAttributes1.
sss.processHeader(
uri,
header,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes1
);
sss.processHeader(uri, header, secInfo, originAttributes1);
ok(
sss.isSecureURI(uri, originAttributes1),
"URI should be secure given original origin attributes"
@ -64,14 +58,7 @@ function testInvalidOriginAttributes(secInfo, originAttributes) {
let header = GOOD_MAX_AGE;
let callbacks = [
() =>
sss.processHeader(
uri,
header,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes
),
() => sss.processHeader(uri, header, secInfo, originAttributes),
() => sss.isSecureURI(uri, originAttributes),
() => sss.resetState(uri, originAttributes),
];

4
security/manager/ssl/tests/unit/test_sss_resetState.js
Просмотреть файл

@ -25,7 +25,6 @@ function test_removeState(secInfo, originAttributes) {
notPreloadedURI,
"max-age=1000;",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes
);
ok(gSSService.isSecureURI(notPreloadedURI, originAttributes));
@ -40,7 +39,6 @@ function test_removeState(secInfo, originAttributes) {
notPreloadedURI,
"max-age=0;",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes
);
ok(!gSSService.isSecureURI(notPreloadedURI, originAttributes));
@ -57,7 +55,6 @@ function test_removeState(secInfo, originAttributes) {
preloadedURI,
"max-age=1000;",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes
);
ok(gSSService.isSecureURI(preloadedURI, originAttributes));
@ -72,7 +69,6 @@ function test_removeState(secInfo, originAttributes) {
preloadedURI,
"max-age=0;",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
originAttributes
);
ok(!gSSService.isSecureURI(preloadedURI, originAttributes));

3
security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js
Просмотреть файл

@ -42,8 +42,7 @@ add_task(async function run_test() {
SSService.processHeader(
Services.io.newURI("http://example.com"),
header,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
secInfo
);
await TestUtils.topicObserved(
"data-storage-written",

5
security/manager/ssl/tests/unit/test_sss_savestate.js
Просмотреть файл

@ -7,7 +7,7 @@
// writes its state file.
const EXPECTED_ENTRIES = 5;
const EXPECTED_HSTS_COLUMNS = 4;
const EXPECTED_HSTS_COLUMNS = 3;
var gProfileDir = null;
const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
@ -110,8 +110,7 @@ function run_test() {
SSService.processHeader(
uris[uriIndex],
maxAge + includeSubdomains,
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
secInfo
);
}

7
security/manager/ssl/tests/unit/test_sts_fqdn.js
Просмотреть файл

@ -19,12 +19,7 @@ function run_test() {
let secInfo = Cc[
"@mozilla.org/security/transportsecurityinfo;1"
].createInstance(Ci.nsITransportSecurityInfo);
SSService.processHeader(
uri,
"max-age=1000;includeSubdomains",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
SSService.processHeader(uri, "max-age=1000;includeSubdomains", secInfo);
ok(SSService.isSecureURI(uri));
ok(SSService.isSecureURI(uri1));
ok(SSService.isSecureURI(uri2));

1
security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
Просмотреть файл

@ -24,7 +24,6 @@ function check_ip(s, v, ip) {
uri,
"max-age=1000;includeSubdomains",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
{},
parsedMaxAge,
parsedIncludeSubdomains

11
security/manager/ssl/tests/unit/test_sts_parser.js
Просмотреть файл

@ -18,15 +18,7 @@ function testSuccess(header, expectedMaxAge, expectedIncludeSubdomains) {
let maxAge = {};
let includeSubdomains = {};
sss.processHeader(
dummyUri,
header,
secInfo,
sss.SOURCE_ORGANIC_REQUEST,
{},
maxAge,
includeSubdomains
);
sss.processHeader(dummyUri, header, secInfo, {}, maxAge, includeSubdomains);
equal(maxAge.value, expectedMaxAge, "Did not correctly parse maxAge");
equal(
@ -47,7 +39,6 @@ function testFailure(header) {
dummyUri,
header,
secInfo,
sss.SOURCE_ORGANIC_REQUEST,
{},
maxAge,
includeSubdomains

46
security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
Просмотреть файл

@ -101,22 +101,12 @@ function test_part1() {
let subDomainUri = Services.io.newURI(
"https://subdomain.includesubdomains.preloaded.test"
);
gSSService.processHeader(
uri,
"max-age=0",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
gSSService.processHeader(uri, "max-age=0", secInfo);
ok(!gSSService.isSecureURI(uri));
ok(!gSSService.isSecureURI(subDomainUri));
// check that processing another header (with max-age non-zero) will
// re-enable a site's sts status
gSSService.processHeader(
uri,
"max-age=1000",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
gSSService.processHeader(uri, "max-age=1000", secInfo);
ok(gSSService.isSecureURI(uri));
// but this time include subdomains was not set, so test for that
ok(!gSSService.isSecureURI(subDomainUri));
@ -127,12 +117,7 @@ function test_part1() {
uri = Services.io.newURI(
"https://subdomain.noincludesubdomains.preloaded.test"
);
gSSService.processHeader(
uri,
"max-age=0",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
gSSService.processHeader(uri, "max-age=0", secInfo);
ok(
gSSService.isSecureURI(
Services.io.newURI("https://noincludesubdomains.preloaded.test")
@ -143,12 +128,7 @@ function test_part1() {
uri = Services.io.newURI(
"https://subdomain.includesubdomains.preloaded.test"
);
gSSService.processHeader(
uri,
"max-age=0",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
gSSService.processHeader(uri, "max-age=0", secInfo);
// we received a header with "max-age=0", so we have "no information"
// regarding the sts state of subdomain.includesubdomains.preloaded.test specifically,
// but it is actually still an STS host, because of the preloaded
@ -181,12 +161,7 @@ function test_part1() {
)
);
gSSService.processHeader(
uri,
"max-age=1000",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
gSSService.processHeader(uri, "max-age=1000", secInfo);
// Here's what we have now:
// |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
// |-- subdomain.includesubdomains.preloaded.test (include subdomains is false) IS sts host
@ -218,12 +193,7 @@ function test_part1() {
// (sanity check first - this should be in the preload list)
uri = Services.io.newURI("https://includesubdomains2.preloaded.test");
ok(gSSService.isSecureURI(uri));
gSSService.processHeader(
uri,
"max-age=1",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
);
gSSService.processHeader(uri, "max-age=1", secInfo);
do_timeout(1250, function() {
ok(!gSSService.isSecureURI(uri));
run_next_test();
@ -246,7 +216,6 @@ function test_private_browsing1() {
uri,
"max-age=0",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
PRIVATE_ORIGIN_ATTRIBUTES
);
ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
@ -257,7 +226,6 @@ function test_private_browsing1() {
uri,
"max-age=1000",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
PRIVATE_ORIGIN_ATTRIBUTES
);
ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
@ -269,7 +237,6 @@ function test_private_browsing1() {
uri,
"max-age=0",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
PRIVATE_ORIGIN_ATTRIBUTES
);
ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
@ -287,7 +254,6 @@ function test_private_browsing1() {
uri,
"max-age=1",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
PRIVATE_ORIGIN_ATTRIBUTES
);
do_timeout(1250, function() {

1
taskcluster/docker/periodic-updates/scripts/getHSTSPreloadList.js
Просмотреть файл

@ -123,7 +123,6 @@ function processStsHeader(host, header, status, securityInfo) {
uri,
header,
secInfo,
Ci.nsISiteSecurityService.SOURCE_PRELOAD_LIST,
{},
maxAge,
includeSubdomains

8
toolkit/components/cleardata/tests/unit/test_security_settings.js
Просмотреть файл

@ -32,13 +32,7 @@ function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) {
"@mozilla.org/security/transportsecurityinfo;1"
].createInstance(Ci.nsITransportSecurityInfo);
gSSService.processHeader(
uri,
"max-age=1000;",
secInfo,
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
attrs
);
gSSService.processHeader(uri, "max-age=1000;", secInfo, attrs);
cars.rememberDecisionScriptable(host, attrs, serverCert, clientCert);
}

10
toolkit/components/telemetry/Histograms.json
Просмотреть файл

@ -12205,16 +12205,6 @@
"bug_numbers": [1435713],
"description": "Result of the content signature verification keyed by application (certificate fingerprint). 0=valid, 1=invalid, 2=noCertChain, 3=createContextFailedWithOtherError, 4=expiredCert, 5=certNotValidYet, 6=buildCertChainFailed, 7=eeCertForWrongHost, 8=extractKeyError, 9=vfyContextError"
},
"HSTS_UPGRADE_SOURCE": {
"record_in_processes": [ "main" ],
"products": ["firefox", "fennec"],
"alert_emails": ["seceng-telemetry@mozilla.com"],
"bug_numbers": [1363546],
"expires_in_version": "62",
"kind": "enumerated",
"n_values": 8,
"description": "When we record an upgrade due to HSTS, record the source of that HSTS entry. (0: HSTS preload list, 1: HSTS Header seen naturally, 2: HSTS priming)"
},
"COOKIE_TIME_MOVING_MS": {
"record_in_processes": ["content"],
"products": ["firefox", "fennec"],