Bug 1531176 - Split the Google key management between gls and safe browsing r=glandium

Differential Revision: https://phabricator.services.mozilla.com/D21459 --HG-- extra : moz-landing-system : lando
2019-03-07 21:05:32 +00:00 · 2019-03-07 21:05:32 +00:00 · e4906acdf0
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@ -1379,7 +1379,7 @@ pref("dom.debug.propagate_gesture_events_through_content", false);
 // All the Geolocation preferences are here.
 //
 #ifndef EARLY_BETA_OR_EARLIER
-pref("geo.wifi.uri", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_API_KEY%");
+pref("geo.wifi.uri", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%");
 #else
 // Use MLS on Nightly and early Beta.
 pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
--- a/browser/config/mozconfigs/linux32/common-opt
+++ b/browser/config/mozconfigs/linux32/common-opt
@ -3,7 +3,8 @@
 . $topsrcdir/build/mozconfig.stylo

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key

 . $topsrcdir/build/unix/mozconfig.linux32
--- a/browser/config/mozconfigs/linux64/common-opt
+++ b/browser/config/mozconfigs/linux64/common-opt
@ -3,7 +3,8 @@
 . $topsrcdir/build/mozconfig.stylo

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key

 . $topsrcdir/build/unix/mozconfig.linux
--- a/browser/config/mozconfigs/linux64/nightly-asan-reporter
+++ b/browser/config/mozconfigs/linux64/nightly-asan-reporter
@ -2,7 +2,8 @@
 ac_add_options --disable-debug
 ac_add_options --enable-optimize="-O2 -gline-tables-only"
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key

 . $topsrcdir/build/mozconfig.stylo
--- a/browser/config/mozconfigs/macosx64/common-opt
+++ b/browser/config/mozconfigs/macosx64/common-opt
@ -3,7 +3,8 @@
 . $topsrcdir/build/macosx/mozconfig.common

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key

 # Needed to enable breakpad in application.ini
--- a/browser/config/mozconfigs/win32/common-opt
+++ b/browser/config/mozconfigs/win32/common-opt
@ -6,7 +6,8 @@

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}

-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data

 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key

--- a/browser/config/mozconfigs/win64-aarch64/common-opt
+++ b/browser/config/mozconfigs/win64-aarch64/common-opt
@ -6,7 +6,8 @@

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}

-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data

 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key

--- a/browser/config/mozconfigs/win64/common-opt
+++ b/browser/config/mozconfigs/win64/common-opt
@ -6,7 +6,8 @@

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}

-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data

 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key

--- a/browser/config/mozconfigs/win64/nightly-asan-reporter
+++ b/browser/config/mozconfigs/win64/nightly-asan-reporter
@ -1,7 +1,8 @@
 MOZ_AUTOMATION_L10N_CHECK=0

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key

 . "$topsrcdir/build/mozconfig.win-common"
--- a/mobile/android/config/mozconfigs/android-api-16-gradle-dependencies/nightly
+++ b/mobile/android/config/mozconfigs/android-api-16-gradle-dependencies/nightly
@ -48,7 +48,8 @@ export MOZ_ANDROID_POCKET=1
 # Disable Keyfile Loading (and checks) since dependency fetching doesn't need these keys.
 # This overrides the settings in the common android mozconfig
 ac_add_options --without-mozilla-api-keyfile
-ac_add_options --without-google-api-keyfile
+ac_add_options --without-google-location-service-api-keyfile
+ac_add_options --without-google-safebrowsing-api-keyfile
 # We need dummy Keyfiles in order to enable features we care about.
 ac_add_options --with-adjust-sdk-keyfile="$topsrcdir/mobile/android/base/adjust-sdk-sandbox.token"
 ac_add_options --with-leanplum-sdk-keyfile="$topsrcdir/mobile/android/base/leanplum-sdk-sandbox.token"
--- a/mobile/android/config/mozconfigs/common
+++ b/mobile/android/config/mozconfigs/common
@ -36,7 +36,8 @@ fi

 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}

-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-fennec-geoloc-api.key

 ac_add_options --enable-marionette
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -5619,7 +5619,7 @@ pref("browser.safebrowsing.id", "Firefox");
 pref("browser.safebrowsing.downloads.enabled", true);
 pref("browser.safebrowsing.downloads.remote.enabled", true);
 pref("browser.safebrowsing.downloads.remote.timeout_ms", 15000);
-pref("browser.safebrowsing.downloads.remote.url", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
+pref("browser.safebrowsing.downloads.remote.url", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%");
 pref("browser.safebrowsing.downloads.remote.block_dangerous",            true);
 pref("browser.safebrowsing.downloads.remote.block_dangerous_host",       true);
 pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", true);
@ -5628,7 +5628,7 @@ pref("browser.safebrowsing.downloads.remote.block_uncommon",             true);
 // Google Safe Browsing provider (legacy)
 pref("browser.safebrowsing.provider.google.pver", "2.2");
 pref("browser.safebrowsing.provider.google.lists", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar");
-pref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
+pref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_SAFEBROWSING_API_KEY%");
 pref("browser.safebrowsing.provider.google.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2");
 pref("browser.safebrowsing.provider.google.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
 pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
@ -5639,14 +5639,14 @@ pref("browser.safebrowsing.provider.google.advisoryName", "Google Safe Browsing"
 // Google Safe Browsing provider
 pref("browser.safebrowsing.provider.google4.pver", "4");
 pref("browser.safebrowsing.provider.google4.lists", "goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto,goog-harmful-proto,goog-passwordwhite-proto");
-pref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
-pref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
+pref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
+pref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
 pref("browser.safebrowsing.provider.google4.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
 pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
 pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
 pref("browser.safebrowsing.provider.google4.advisoryURL", "https://developers.google.com/safe-browsing/v4/advisory");
 pref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing");
-pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
+pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
 pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);

 pref("browser.safebrowsing.reportPhishURL", "https://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%&url=");
--- a/toolkit/components/url-classifier/SafeBrowsing.jsm
+++ b/toolkit/components/url-classifier/SafeBrowsing.jsm
@ -352,10 +352,10 @@ var SafeBrowsing = {
      gethashURL = gethashURL.replace("SAFEBROWSING_ID", clientID);

      // Disable updates and gethash if the Google API key is missing.
-      let googleKey = Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
+      let googleSBKey = Services.urlFormatter.formatURL("%GOOGLE_SAFEBROWSING_API_KEY%").trim();
      if ((provider == "google" || provider == "google4") &&
-          (!googleKey || googleKey == "no-google-api-key")) {
-        log("Missing Google API key, clearing updateURL and gethashURL.");
+          (!googleSBKey || googleSBKey == "no-google-safebrowsing-api-key")) {
+        log("Missing Google SafeBrowsing API key, clearing updateURL and gethashURL.");
        updateURL = "";
        gethashURL = "";
      }
--- a/toolkit/components/url-classifier/tests/mochitest/test_safebrowsing_bug1272239.html
+++ b/toolkit/components/url-classifier/tests/mochitest/test_safebrowsing_bug1272239.html
@ -60,7 +60,7 @@ for (let pref of prefs) {
 var listmanager = Cc["@mozilla.org/url-classifier/listmanager;1"].
                  getService(Ci.nsIUrlListManager);

-let googleKey = SpecialPowers.Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
+let googleKey = SpecialPowers.Services.urlFormatter.formatURL("%GOOGLE_SAFEBROWSING_API_KEY%").trim();

 for (let list of lists) {
  if (!list)
@ -75,7 +75,7 @@ for (let list of lists) {
    let provider = listsToProvider[index];
    let pref = "browser.safebrowsing.provider." + provider + ".gethashURL";
    if ((provider == "google" || provider == "google4") &&
-        (!googleKey || googleKey == "no-google-api-key")) {
+        (!googleKey || googleKey == "no-google-safebrowsing-api-key")) {
      is(url, "", "getHash url of " + list + " should be empty");
    } else {
      is(url, SpecialPowers.getCharPref(pref), list + " matches its gethash url");
--- a/toolkit/components/urlformatter/URLFormatter.jsm
+++ b/toolkit/components/urlformatter/URLFormatter.jsm
@ -85,7 +85,8 @@ nsURLFormatterService.prototype = {
    OS_VERSION() { return this.OSVersion; },
    CHANNEL:          () => UpdateUtils.UpdateChannel,
    MOZILLA_API_KEY:  () => AppConstants.MOZ_MOZILLA_API_KEY,
-    GOOGLE_API_KEY:   () => AppConstants.MOZ_GOOGLE_API_KEY,
+    GOOGLE_LOCATION_SERVICE_API_KEY:   () => AppConstants.MOZ_GOOGLE_LOCATION_SERVICE_API_KEY,
+    GOOGLE_SAFEBROWSING_API_KEY:   () => AppConstants.MOZ_GOOGLE_SAFEBROWSING_API_KEY,
    BING_API_CLIENTID: () => AppConstants.MOZ_BING_API_CLIENTID,
    BING_API_KEY:     () => AppConstants.MOZ_BING_API_KEY,
    DISTRIBUTION() { return this.distribution.id; },
@ -126,8 +127,11 @@ nsURLFormatterService.prototype = {
  },

  trimSensitiveURLs: function uf_trimSensitiveURLs(aMsg) {
-    // Only the google API key is sensitive for now.
-    return AppConstants.MOZ_GOOGLE_API_KEY ? aMsg.replace(RegExp(AppConstants.MOZ_GOOGLE_API_KEY, "g"),
+    // Only the google API keys is sensitive for now.
+    aMsg = AppConstants.MOZ_GOOGLE_LOCATION_SERVICE_API_KEY ? aMsg.replace(RegExp(AppConstants.MOZ_GOOGLE_LOCATION_SERVICE_API_KEY, "g"),
+                                                 "[trimmed-google-api-key]")
+                                  : aMsg;
+    return AppConstants.MOZ_GOOGLE_SAFEBROWSING_API_KEY ? aMsg.replace(RegExp(AppConstants.MOZ_GOOGLE_SAFEBROWSING_API_KEY, "g"),
                                                 "[trimmed-google-api-key]")
                                  : aMsg;
  },
--- a/toolkit/components/urlformatter/tests/unit/test_urlformatter.js
+++ b/toolkit/components/urlformatter/tests/unit/test_urlformatter.js
@ -46,11 +46,14 @@ function run_test() {

  Assert.equal(formatter.formatURL(advancedUrl), advancedUrlRef);

-  for (let val of ["MOZILLA_API_KEY", "GOOGLE_API_KEY", "BING_API_CLIENTID", "BING_API_KEY"]) {
+  for (let val of ["MOZILLA_API_KEY", "GOOGLE_LOCATION_SERVICE_API_KEY", "GOOGLE_SAFEBROWSING_API_KEY", "BING_API_CLIENTID", "BING_API_KEY"]) {
    let url = "http://test.mozilla.com/?val=%" + val + "%";
    Assert.notEqual(formatter.formatURL(url), url);
  }

-  let url = "http://test.mozilla.com/%GOOGLE_API_KEY%/?val=%GOOGLE_API_KEY%";
-  Assert.equal(formatter.trimSensitiveURLs(formatter.formatURL(url)), "http://test.mozilla.com/[trimmed-google-api-key]/?val=[trimmed-google-api-key]");
+  let url_sb = "http://test.mozilla.com/%GOOGLE_SAFEBROWSING_API_KEY%/?val=%GOOGLE_SAFEBROWSING_API_KEY%";
+  Assert.equal(formatter.trimSensitiveURLs(formatter.formatURL(url_sb)), "http://test.mozilla.com/[trimmed-google-api-key]/?val=[trimmed-google-api-key]");
+
+  let url_gls = "http://test.mozilla.com/%GOOGLE_LOCATION_SERVICE_API_KEY%/?val=%GOOGLE_LOCATION_SERVICE_API_KEY%";
+  Assert.equal(formatter.trimSensitiveURLs(formatter.formatURL(url_gls)), "http://test.mozilla.com/[trimmed-google-api-key]/?val=[trimmed-google-api-key]");
 }
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@ -320,7 +320,8 @@ this.AppConstants = Object.freeze({

  MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@",
  MOZ_BING_API_KEY: "@MOZ_BING_API_KEY@",
-  MOZ_GOOGLE_API_KEY: "@MOZ_GOOGLE_API_KEY@",
+  MOZ_GOOGLE_LOCATION_SERVICE_API_KEY: "@MOZ_GOOGLE_LOCATION_SERVICE_API_KEY@",
+  MOZ_GOOGLE_SAFEBROWSING_API_KEY: "@MOZ_GOOGLE_SAFEBROWSING_API_KEY@",
  MOZ_MOZILLA_API_KEY: "@MOZ_MOZILLA_API_KEY@",

  BROWSER_CHROME_URL: "@BROWSER_CHROME_URL@",
--- a/toolkit/modules/Troubleshoot.jsm
+++ b/toolkit/modules/Troubleshoot.jsm
@ -226,8 +226,11 @@ var dataProviders = {
      data.policiesStatus = Services.policies.status;
    }

-    const keyGoogle = Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
-    data.keyGoogleFound = keyGoogle != "no-google-api-key" && keyGoogle.length > 0;
+    const keyGLSGoogle = Services.urlFormatter.formatURL("%GOOGLE_LOCATION_SERVICE_API_KEY%").trim();
+    data.keyGLSGoogleFound = keyGLSGoogle != "no-google-location-service-api-key" && keyGLSGoogle.length > 0;
+
+    const keySBGoogle = Services.urlFormatter.formatURL("%GOOGLE_SAFEBROWSING_API_KEY%").trim();
+    data.keySBGoogleFound = keySBGoogle != "no-google-safebrowsing-api-key" && keySBGoogle.length > 0;

    const keyMozilla = Services.urlFormatter.formatURL("%MOZILLA_API_KEY%").trim();
    data.keyMozillaFound = keyMozilla != "no-mozilla-api-key" && keyMozilla.length > 0;
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@ -302,7 +302,8 @@ for var in ('ANDROID_PACKAGE_NAME',
            'MOZ_APP_VERSION_DISPLAY',
            'MOZ_BING_API_CLIENTID',
            'MOZ_BING_API_KEY',
-            'MOZ_GOOGLE_API_KEY',
+            'MOZ_GOOGLE_LOCATION_SERVICE_API_KEY',
+            'MOZ_GOOGLE_SAFEBROWSING_API_KEY',
            'MOZ_MACBUNDLE_NAME',
            'MOZ_MOZILLA_API_KEY',
            'MOZ_WIDGET_TOOLKIT',
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
@ -655,7 +655,9 @@ include('../build/moz.configure/keyfiles.configure')

 simple_keyfile('Mozilla API')

-simple_keyfile('Google API')
+simple_keyfile('Google Location Service API')
+
+simple_keyfile('Google Safebrowsing API')

 id_and_secret_keyfile('Bing API')