Bug 1781104 - remove unused 'add override by fingerprint' API from ns…

…ICertOverrideService r=djackson `rememberTemporaryValidityOverrideUsingFingerprint` is no longer used in `nsICertOverrideService` and can be removed. Differential Revision: https://phabricator.services.mozilla.com/D152825
dothq · Aug 26, 2022 · 40cd3d5 · 40cd3d5
1 parent 48caf0f
commit 40cd3d5
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 106 deletions.
diff --git a/security/manager/ssl/nsCertOverrideService.cpp b/security/manager/ssl/nsCertOverrideService.cpp
@@ -527,43 +527,6 @@ nsCertOverrideService::RememberValidityOverrideScriptable(
                                   aTemporary);
 }
 
-NS_IMETHODIMP
-nsCertOverrideService::RememberTemporaryValidityOverrideUsingFingerprint(
-    const nsACString& aHostName, int32_t aPort,
-    const OriginAttributes& aOriginAttributes,
-    const nsACString& aCertFingerprint, uint32_t aOverrideBits) {
-  if (aCertFingerprint.IsEmpty() || aHostName.IsEmpty() ||
-      !IsAscii(aCertFingerprint) || !IsAscii(aHostName) || (aPort < -1)) {
-    return NS_ERROR_INVALID_ARG;
-  }
-
-  MutexAutoLock lock(mMutex);
-  AddEntryToList(aHostName, aPort, aOriginAttributes,
-                 nullptr,  // No cert to keep alive
-                 true,     // temporary
-                 aCertFingerprint, (nsCertOverride::OverrideBits)aOverrideBits,
-                 ""_ns,  // dbkey
-                 lock);
-
-  return NS_OK;
-}
-
-NS_IMETHODIMP
-nsCertOverrideService::
-    RememberTemporaryValidityOverrideUsingFingerprintScriptable(
-        const nsACString& aHostName, int32_t aPort,
-        JS::Handle<JS::Value> aOriginAttributes,
-        const nsACString& aCertFingerprint, uint32_t aOverrideBits,
-        JSContext* aCx) {
-  OriginAttributes attrs;
-  if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
-    return NS_ERROR_INVALID_ARG;
-  }
-
-  return RememberTemporaryValidityOverrideUsingFingerprint(
-      aHostName, aPort, attrs, aCertFingerprint, aOverrideBits);
-}
-
 NS_IMETHODIMP
 nsCertOverrideService::HasMatchingOverride(
     const nsACString& aHostName, int32_t aPort,

diff --git a/security/manager/ssl/nsICertOverrideService.idl b/security/manager/ssl/nsICertOverrideService.idl
@@ -112,34 +112,6 @@ interface nsICertOverrideService : nsISupports {
                                 in uint32_t aOverrideBits,
                                 in boolean aTemporary);
 
-  /**
-   *  Certs with the given fingerprint should always be accepted for the
-   *  given hostname:port, regardless of errors verifying the cert.
-   *  Host:Port is a primary key, only one entry per host:port can exist.
-   *  The fingerprint should be an SHA-256 hash of the certificate.
-   *
-   *  @param aHostName The host (punycode) this mapping belongs to
-   *  @param aPort The port this mapping belongs to, if it is -1 then it
-   *          is internaly treated as 443
-   *  @param aCertFingerprint The cert fingerprint that should be accepted, in
-   *          the format 'AA:BB:...' (colon-separated upper-case hex bytes).
-   *  @param aOverrideBits The errors we want to be overriden
-   */
-  [binaryname(RememberTemporaryValidityOverrideUsingFingerprint), noscript, must_use]
-  void rememberTemporaryValidityOverrideUsingFingerprintNative(
-      in AUTF8String aHostName,
-      in int32_t aPort,
-      in const_OriginAttributesRef aOriginAttributes,
-      in AUTF8String aCertFingerprint,
-      in uint32_t aOverrideBits);
-  [binaryname(RememberTemporaryValidityOverrideUsingFingerprintScriptable), implicit_jscontext, must_use]
-  void rememberTemporaryValidityOverrideUsingFingerprint(
-      in AUTF8String aHostName,
-      in int32_t aPort,
-      in jsval aOriginAttributes,
-      in AUTF8String aCertFingerprint,
-      in uint32_t aOverrideBits);
-
   /**
    *  Return whether this host, port, cert triple has a stored override.
    *  If so, the outparams will contain the specific errors that were

diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js b/security/manager/ssl/tests/mochitest/browser/browser_certificateManager.js
@@ -74,13 +74,6 @@ async function deleteOverride(win, expectedLength) {
 }
 
 async function testViewButton(win) {
-  win.document.getElementById("serverList").selectedIndex = 1;
-
-  Assert.ok(
-    win.document.getElementById("websites_viewButton").disabled,
-    "View button should be disabled for override without cert"
-  );
-
   win.document.getElementById("serverList").selectedIndex = 0;
 
   Assert.ok(
@@ -139,43 +132,11 @@ add_task(async function test_cert_manager_server_tab() {
     },
   ]);
 
-  win.document.getElementById("certmanager").acceptDialog();
-  await BrowserTestUtils.windowClosed(win);
-
-  certOverrideService.rememberTemporaryValidityOverrideUsingFingerprint(
-    "example.com",
-    9999,
-    {},
-    "40:20:3E:57:FB:82:95:0D:3F:62:D7:04:39:F6:32:CC:B2:2F:70:9F:3E:66:C5:35:64:6E:49:2A:F1:02:75:9F",
-    Ci.nsICertOverrideService.ERROR_UNTRUSTED
-  );
-
-  win = await openCertManager();
-
-  await checkServerCertificates(win, [
-    {
-      hostPort: "example.com:443",
-      certName: "md5-ee",
-      isTemporary: false,
-    },
-    {
-      hostPort: "example.com:9999",
-      certName: "(Not Stored)",
-      isTemporary: true,
-    },
-  ]);
-
   await testViewButton(win);
 
-  await deleteOverride(win, 2);
+  await deleteOverride(win, 1);
 
-  await checkServerCertificates(win, [
-    {
-      hostPort: "example.com:9999",
-      certName: "(Not Stored)",
-      isTemporary: true,
-    },
-  ]);
+  await checkServerCertificates(win, []);
 
   win.document.getElementById("certmanager").acceptDialog();
   await BrowserTestUtils.windowClosed(win);