From f3c620e4c32197e0235778cb1aeabac61eef6d8c Mon Sep 17 00:00:00 2001 From: Dana Keeler Date: Thu, 10 Jun 2021 22:13:32 +0000 Subject: [PATCH] Bug 1715142 - introduce nsIPublicKeyPinningService and remove 'type' parameter from nsISiteSecurityService r=rmf,necko-reviewers The public key pinning implementation is much less complex than the HSTS implementation, and only needs a small subset of the parameters of the latter. Furthermore, the information it relies on is static, and so is safe to access from content processes. This patch separates the two implementations, thus simplifying both of them and avoiding some unnecessary IPC calls in the process. Differential Revision: https://phabricator.services.mozilla.com/D117096 --- .../content/test/general/browser_star_hsts.js | 1 - devtools/shared/webconsole/network-helper.js | 7 +- .../chrome/test_network_security-hsts.html | 2 +- docshell/base/nsDocShell.cpp | 18 +- dom/base/Document.cpp | 20 +-- dom/ipc/ContentParent.cpp | 6 +- dom/ipc/ContentParent.h | 2 +- dom/ipc/PContent.ipdl | 2 +- dom/security/nsMixedContentBlocker.cpp | 3 +- netwerk/base/nsNetUtil.cpp | 11 +- netwerk/protocol/http/nsHttpChannel.cpp | 3 +- netwerk/protocol/http/nsHttpHandler.cpp | 5 +- .../manager/ssl/PublicKeyPinningService.cpp | 29 ++- .../manager/ssl/PublicKeyPinningService.h | 22 ++- .../manager/ssl/SSLServerCertVerification.cpp | 19 +- security/manager/ssl/components.conf | 6 + security/manager/ssl/moz.build | 1 + .../ssl/nsIPublicKeyPinningService.idl | 22 +++ .../manager/ssl/nsISiteSecurityService.idl | 42 ++--- .../manager/ssl/nsSiteSecurityService.cpp | 169 +++++------------- security/manager/ssl/nsSiteSecurityService.h | 29 +-- .../browser/browser_bug627234_perwindowpb.js | 9 +- .../tests/unit/sss_readstate_child_worker.js | 13 +- ...test_forget_about_site_security_headers.js | 51 ++---- .../tests/unit/test_ocsp_no_hsts_upgrade.js | 3 +- .../ssl/tests/unit/test_sss_enumerate.js | 9 +- .../ssl/tests/unit/test_sss_eviction.js | 2 - .../tests/unit/test_sss_originAttributes.js | 60 +------ .../ssl/tests/unit/test_sss_readstate.js | 16 -- .../tests/unit/test_sss_readstate_empty.js | 3 - .../tests/unit/test_sss_readstate_garbage.js | 12 +- .../ssl/tests/unit/test_sss_readstate_huge.js | 7 - .../ssl/tests/unit/test_sss_resetState.js | 44 ++--- .../tests/unit/test_sss_sanitizeOnShutdown.js | 1 - .../ssl/tests/unit/test_sss_savestate.js | 1 - .../manager/ssl/tests/unit/test_sts_fqdn.js | 23 ++- .../ssl/tests/unit/test_sts_ipv4_ipv6.js | 5 +- .../manager/ssl/tests/unit/test_sts_parser.js | 2 - .../unit/test_sts_preloadlist_perwindowpb.js | 142 ++------------- .../unit/test_sts_preloadlist_selfdestruct.js | 6 +- .../scripts/getHSTSPreloadList.js | 1 - .../content/SpecialPowersParent.jsm | 2 +- .../browser/browser_staticPartition_HSTS.js | 7 +- .../components/cleardata/ClearDataService.jsm | 18 +- .../tests/unit/test_security_settings.js | 2 - .../extensions/webrequest/SecurityInfo.jsm | 10 +- 46 files changed, 276 insertions(+), 592 deletions(-) create mode 100644 security/manager/ssl/nsIPublicKeyPinningService.idl diff --git a/browser/base/content/test/general/browser_star_hsts.js b/browser/base/content/test/general/browser_star_hsts.js index dbad35fb829b8..116da7c3ddce3 100644 --- a/browser/base/content/test/general/browser_star_hsts.js +++ b/browser/base/content/test/general/browser_star_hsts.js @@ -15,7 +15,6 @@ add_task(async function test_star_redirect() { Ci.nsISiteSecurityService ); sss.resetState( - Ci.nsISiteSecurityService.HEADER_HSTS, NetUtil.newURI("http://example.com/"), 0, Services.prefs.getBoolPref("privacy.partition.network_state") diff --git a/devtools/shared/webconsole/network-helper.js b/devtools/shared/webconsole/network-helper.js index 98efe88984182..ed25fa83606ed 100644 --- a/devtools/shared/webconsole/network-helper.js +++ b/devtools/shared/webconsole/network-helper.js @@ -685,6 +685,9 @@ var NetworkHelper = { const sss = Cc["@mozilla.org/ssservice;1"].getService( Ci.nsISiteSecurityService ); + const pkps = Cc[ + "@mozilla.org/security/publickeypinningservice;1" + ].getService(Ci.nsIPublicKeyPinningService); // SiteSecurityService uses different storage if the channel is // private. Thus we must give isSecureURI correct flags or we @@ -699,8 +702,8 @@ var NetworkHelper = { uri = Services.io.newURI("https://" + host); } - info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags); - info.hpkp = sss.isSecureURI(sss.STATIC_PINNING, uri, flags); + info.hsts = sss.isSecureURI(uri, flags); + info.hpkp = pkps.hostHasPins(uri); } else { DevToolsUtils.reportException( "NetworkHelper.parseSecurityInfo", diff --git a/devtools/shared/webconsole/test/chrome/test_network_security-hsts.html b/devtools/shared/webconsole/test/chrome/test_network_security-hsts.html index 031a8d26e0a9f..2ef6e33a4b8a7 100644 --- a/devtools/shared/webconsole/test/chrome/test_network_security-hsts.html +++ b/devtools/shared/webconsole/test/chrome/test_network_security-hsts.html @@ -47,7 +47,7 @@ // Reset HSTS state. const gSSService = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService); const uri = Services.io.newURI(TEST_CASES[0].url); - gSSService.resetState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + gSSService.resetState(uri, 0); SimpleTest.finish(); } diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp index b4801e756a554..58017b49e3d03 100644 --- a/docshell/base/nsDocShell.cpp +++ b/docshell/base/nsDocShell.cpp @@ -139,6 +139,7 @@ #include "nsIPrompt.h" #include "nsIPromptCollection.h" #include "nsIPromptFactory.h" +#include "nsIPublicKeyPinningService.h" #include "nsIReflowObserver.h" #include "nsIScriptChannel.h" #include "nsIScriptObjectPrincipal.h" @@ -3714,21 +3715,18 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI, nsCOMPtr sss = do_GetService(NS_SSSERVICE_CONTRACTID, &rv); NS_ENSURE_SUCCESS(rv, rv); - rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags, - attrsForHSTS, nullptr, nullptr, &isStsHost); - NS_ENSURE_SUCCESS(rv, rv); - rv = sss->IsSecureURI(nsISiteSecurityService::STATIC_PINNING, aURI, - flags, GetOriginAttributes(), nullptr, nullptr, - &isPinnedHost); + rv = sss->IsSecureURI(aURI, flags, attrsForHSTS, nullptr, nullptr, + &isStsHost); NS_ENSURE_SUCCESS(rv, rv); } else { mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton(); - cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags, - attrsForHSTS, &isStsHost); - cc->SendIsSecureURI(nsISiteSecurityService::STATIC_PINNING, aURI, flags, - GetOriginAttributes(), &isPinnedHost); + cc->SendIsSecureURI(aURI, flags, attrsForHSTS, &isStsHost); } + nsCOMPtr pkps = + do_GetService(NS_PKPSERVICE_CONTRACTID, &rv); + NS_ENSURE_SUCCESS(rv, rv); + rv = pkps->HostHasPins(aURI, &isPinnedHost); if (Preferences::GetBool("browser.xul.error_pages.expert_bad_cert", false)) { diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp index 7091410f9b2f3..ca64a0add3e5f 100644 --- a/dom/base/Document.cpp +++ b/dom/base/Document.cpp @@ -341,6 +341,7 @@ #include "nsIPermission.h" #include "nsIPrompt.h" #include "nsIPropertyBag2.h" +#include "nsIPublicKeyPinningService.h" #include "nsIReferrerInfo.h" #include "nsIRefreshURI.h" #include "nsIRequest.h" @@ -1890,23 +1891,22 @@ void Document::GetFailedCertSecurityInfo(FailedCertSecurityInfo& aInfo, if (XRE_IsContentProcess()) { ContentChild* cc = ContentChild::GetSingleton(); MOZ_ASSERT(cc); - cc->SendIsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags, attrs, - &aInfo.mHasHSTS); - cc->SendIsSecureURI(nsISiteSecurityService::STATIC_PINNING, aURI, flags, - attrs, &aInfo.mHasHPKP); + cc->SendIsSecureURI(aURI, flags, attrs, &aInfo.mHasHSTS); } else { nsCOMPtr sss = do_GetService(NS_SSSERVICE_CONTRACTID); if (NS_WARN_IF(!sss)) { return; } - Unused << NS_WARN_IF(NS_FAILED( - sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags, - attrs, nullptr, nullptr, &aInfo.mHasHSTS))); - Unused << NS_WARN_IF(NS_FAILED( - sss->IsSecureURI(nsISiteSecurityService::STATIC_PINNING, aURI, flags, - attrs, nullptr, nullptr, &aInfo.mHasHPKP))); + Unused << NS_WARN_IF(NS_FAILED(sss->IsSecureURI(aURI, flags, attrs, nullptr, + nullptr, &aInfo.mHasHSTS))); } + nsCOMPtr pkps = + do_GetService(NS_PKPSERVICE_CONTRACTID); + if (NS_WARN_IF(!pkps)) { + return; + } + Unused << NS_WARN_IF(NS_FAILED(pkps->HostHasPins(aURI, &aInfo.mHasHPKP))); } bool Document::AllowDeprecatedTls() { diff --git a/dom/ipc/ContentParent.cpp b/dom/ipc/ContentParent.cpp index 5f69e9eef378a..c9c790b1e9d7e 100644 --- a/dom/ipc/ContentParent.cpp +++ b/dom/ipc/ContentParent.cpp @@ -4399,7 +4399,7 @@ mozilla::ipc::IPCResult ContentParent::RecvSetURITitle(nsIURI* uri, } mozilla::ipc::IPCResult ContentParent::RecvIsSecureURI( - const uint32_t& aType, nsIURI* aURI, const uint32_t& aFlags, + nsIURI* aURI, const uint32_t& aFlags, const OriginAttributes& aOriginAttributes, bool* aIsSecureURI) { nsCOMPtr sss(do_GetService(NS_SSSERVICE_CONTRACTID)); if (!sss) { @@ -4408,8 +4408,8 @@ mozilla::ipc::IPCResult ContentParent::RecvIsSecureURI( if (!aURI) { return IPC_FAIL_NO_REASON(this); } - nsresult rv = sss->IsSecureURI(aType, aURI, aFlags, aOriginAttributes, - nullptr, nullptr, aIsSecureURI); + nsresult rv = sss->IsSecureURI(aURI, aFlags, aOriginAttributes, nullptr, + nullptr, aIsSecureURI); if (NS_FAILED(rv)) { return IPC_FAIL_NO_REASON(this); } diff --git a/dom/ipc/ContentParent.h b/dom/ipc/ContentParent.h index e686f9ef65d8c..4ae54c227d52f 100644 --- a/dom/ipc/ContentParent.h +++ b/dom/ipc/ContentParent.h @@ -941,7 +941,7 @@ class ContentParent final const uint32_t& chromeFlags); mozilla::ipc::IPCResult RecvIsSecureURI( - const uint32_t& aType, nsIURI* aURI, const uint32_t& aFlags, + nsIURI* aURI, const uint32_t& aFlags, const OriginAttributes& aOriginAttributes, bool* aIsSecureURI); mozilla::ipc::IPCResult RecvAccumulateMixedContentHSTS( diff --git a/dom/ipc/PContent.ipdl b/dom/ipc/PContent.ipdl index 57b61cb184098..2bdc9d5cb34dd 100644 --- a/dom/ipc/PContent.ipdl +++ b/dom/ipc/PContent.ipdl @@ -998,7 +998,7 @@ parent: async InitCrashReporter(NativeThreadId tid); - sync IsSecureURI(uint32_t aType, nsIURI aURI, uint32_t aFlags, + sync IsSecureURI(nsIURI aURI, uint32_t aFlags, OriginAttributes aOriginAttributes) returns (bool isSecureURI); diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp index f7d722d3f5cdd..c79b60ecbedb6 100644 --- a/dom/security/nsMixedContentBlocker.cpp +++ b/dom/security/nsMixedContentBlocker.cpp @@ -979,8 +979,7 @@ void nsMixedContentBlocker::AccumulateMixedContentHSTS( if (NS_FAILED(rv)) { return; } - rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, 0, - aOriginAttributes, nullptr, nullptr, &hsts); + rv = sss->IsSecureURI(aURI, 0, aOriginAttributes, nullptr, nullptr, &hsts); if (NS_FAILED(rv)) { return; } diff --git a/netwerk/base/nsNetUtil.cpp b/netwerk/base/nsNetUtil.cpp index 2b20d4a1583b4..c9ee73f1c6c7a 100644 --- a/netwerk/base/nsNetUtil.cpp +++ b/netwerk/base/nsNetUtil.cpp @@ -2964,9 +2964,9 @@ nsresult NS_ShouldSecureUpgrade( resultCallback{std::move(aResultCallback)}]() mutable { uint32_t hstsSource = 0; bool isStsHost = false; - nsresult rv = service->IsSecureURI( - nsISiteSecurityService::HEADER_HSTS, uri, flags, - originAttributes, nullptr, &hstsSource, &isStsHost); + nsresult rv = + service->IsSecureURI(uri, flags, originAttributes, nullptr, + &hstsSource, &isStsHost); // Successfully get the result from |IsSecureURI| implies that // the storage is ready to read. @@ -2985,9 +2985,8 @@ nsresult NS_ShouldSecureUpgrade( return rv; } - nsresult rv = - sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, flags, - aOriginAttributes, nullptr, &hstsSource, &isStsHost); + nsresult rv = sss->IsSecureURI(aURI, flags, aOriginAttributes, nullptr, + &hstsSource, &isStsHost); // if the SSS check fails, it's likely because this load is on a // malformed URI or something else in the setup is wrong, so any error diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index 0ac2f787fb599..18bfc5c627741 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -1785,8 +1785,7 @@ nsresult nsHttpChannel::ProcessHSTSHeader(nsITransportSecurityInfo* aSecInfo, uint32_t failureResult; uint32_t headerSource = nsISiteSecurityService::SOURCE_ORGANIC_REQUEST; - rv = sss->ProcessHeader(nsISiteSecurityService::HEADER_HSTS, mURI, - securityHeader, aSecInfo, aFlags, headerSource, + rv = sss->ProcessHeader(mURI, securityHeader, aSecInfo, aFlags, headerSource, originAttributes, nullptr, nullptr, &failureResult); if (NS_FAILED(rv)) { nsAutoString consoleErrorCategory(u"Invalid HSTS Headers"_ns); diff --git a/netwerk/protocol/http/nsHttpHandler.cpp b/netwerk/protocol/http/nsHttpHandler.cpp index 2ff4a656e0af9..1e9bc2137df50 100644 --- a/netwerk/protocol/http/nsHttpHandler.cpp +++ b/netwerk/protocol/http/nsHttpHandler.cpp @@ -2436,9 +2436,8 @@ nsresult nsHttpHandler::SpeculativeConnectInternal( aURI, originAttributes); nsCOMPtr clone; - if (NS_SUCCEEDED(sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aURI, - flags, originAttributes, nullptr, nullptr, - &isStsHost)) && + if (NS_SUCCEEDED(sss->IsSecureURI(aURI, flags, originAttributes, nullptr, + nullptr, &isStsHost)) && isStsHost) { if (NS_SUCCEEDED(NS_GetSecureUpgradedURI(aURI, getter_AddRefs(clone)))) { aURI = clone.get(); diff --git a/security/manager/ssl/PublicKeyPinningService.cpp b/security/manager/ssl/PublicKeyPinningService.cpp index 9570f64ef8b4a..e3d02ce326d4c 100644 --- a/security/manager/ssl/PublicKeyPinningService.cpp +++ b/security/manager/ssl/PublicKeyPinningService.cpp @@ -15,6 +15,7 @@ #include "mozilla/Telemetry.h" #include "nsDependentString.h" #include "nsServiceManagerUtils.h" +#include "nsSiteSecurityService.h" #include "mozpkix/pkixtypes.h" #include "mozpkix/pkixutil.h" #include "seccomon.h" @@ -28,6 +29,8 @@ using namespace mozilla::psm; LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService"); +NS_IMPL_ISUPPORTS(PublicKeyPinningService, nsIPublicKeyPinningService) + enum class PinningMode : uint32_t { Disabled = 0, AllowUserCAMITM = 1, @@ -348,24 +351,32 @@ nsresult PublicKeyPinningService::ChainHasValidPins( pinningTelemetryInfo); } -nsresult PublicKeyPinningService::HostHasPins(const char* hostname, - mozilla::pkix::Time time, - /*out*/ bool& hostHasPins) { - hostHasPins = false; +NS_IMETHODIMP +PublicKeyPinningService::HostHasPins(nsIURI* aURI, bool* hostHasPins) { + NS_ENSURE_ARG(aURI); + NS_ENSURE_ARG(hostHasPins); + *hostHasPins = false; PinningMode pinningMode(GetPinningMode()); if (pinningMode == PinningMode::Disabled) { return NS_OK; } - nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname)); + nsAutoCString hostname; + nsresult rv = nsSiteSecurityService::GetHost(aURI, hostname); + if (NS_FAILED(rv)) { + return rv; + } + if (nsSiteSecurityService::HostIsIPAddress(hostname)) { + return NS_OK; + } + const TransportSecurityPreload* staticFingerprints = nullptr; - nsresult rv = FindPinningInformation(canonicalizedHostname.get(), time, - staticFingerprints); + rv = FindPinningInformation(hostname.get(), Now(), staticFingerprints); if (NS_FAILED(rv)) { return rv; } if (staticFingerprints) { - hostHasPins = !staticFingerprints->mTestMode || - pinningMode == PinningMode::EnforceTestMode; + *hostHasPins = !staticFingerprints->mTestMode || + pinningMode == PinningMode::EnforceTestMode; } return NS_OK; } diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h index 47f8bbd4562ab..46bcf01d1812f 100644 --- a/security/manager/ssl/PublicKeyPinningService.h +++ b/security/manager/ssl/PublicKeyPinningService.h @@ -6,9 +6,7 @@ #define PublicKeyPinningService_h #include "CertVerifier.h" -#include "ScopedNSSTypes.h" -#include "cert.h" -#include "nsNSSCertificate.h" +#include "nsIPublicKeyPinningService.h" #include "nsString.h" #include "nsTArray.h" #include "mozilla/Span.h" @@ -17,8 +15,13 @@ namespace mozilla { namespace psm { -class PublicKeyPinningService { +class PublicKeyPinningService final : public nsIPublicKeyPinningService { public: + PublicKeyPinningService() = default; + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIPUBLICKEYPINNINGSERVICE + /** * Sets chainHasValidPins to true if the given (host, certList) passes pinning * checks, or to false otherwise. If the host is pinned, returns true via @@ -34,20 +37,15 @@ class PublicKeyPinningService { /*out*/ bool& chainHasValidPins, /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo); - /** - * Returns true via the output parameter hostHasPins if there is pinning - * information for the given host that is valid at the given time, and false - * otherwise. - */ - static nsresult HostHasPins(const char* hostname, mozilla::pkix::Time time, - /*out*/ bool& hostHasPins); - /** * Given a hostname of potentially mixed case with potentially multiple * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no * trailing '.'. */ static nsAutoCString CanonicalizeHostname(const char* hostname); + + private: + ~PublicKeyPinningService() = default; }; } // namespace psm diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp index 6f2a50aa43e6d..c20c1c0583784 100644 --- a/security/manager/ssl/SSLServerCertVerification.cpp +++ b/security/manager/ssl/SSLServerCertVerification.cpp @@ -117,6 +117,7 @@ #include "nsComponentManagerUtils.h" #include "nsContentUtils.h" #include "nsICertOverrideService.h" +#include "nsIPublicKeyPinningService.h" #include "nsISiteSecurityService.h" #include "nsISocketProvider.h" #include "nsThreadPool.h" @@ -428,18 +429,24 @@ static nsresult OverrideAllowedForHost( return rv; } - rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, uri, - aProviderFlags, aOriginAttributes, nullptr, nullptr, - &strictTransportSecurityEnabled); + rv = sss->IsSecureURI(uri, aProviderFlags, aOriginAttributes, nullptr, + nullptr, &strictTransportSecurityEnabled); if (NS_FAILED(rv)) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[0x%" PRIx64 "] checking for HSTS failed", aPtrForLog)); return rv; } - rv = sss->IsSecureURI(nsISiteSecurityService::STATIC_PINNING, uri, - aProviderFlags, aOriginAttributes, nullptr, nullptr, - &isStaticallyPinned); + nsCOMPtr pkps = + do_GetService(NS_PKPSERVICE_CONTRACTID, &rv); + if (!pkps) { + MOZ_LOG(gPIPNSSLog, LogLevel::Debug, + ("[0x%" PRIx64 + "] Couldn't get nsIPublicKeyPinningService to check pinning", + aPtrForLog)); + return NS_ERROR_FAILURE; + } + rv = pkps->HostHasPins(uri, &isStaticallyPinned); if (NS_FAILED(rv)) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[0x%" PRIx64 "] checking for static pin failed", aPtrForLog)); diff --git a/security/manager/ssl/components.conf b/security/manager/ssl/components.conf index e76ed7edbd93a..9f637e6a7731a 100644 --- a/security/manager/ssl/components.conf +++ b/security/manager/ssl/components.conf @@ -147,6 +147,12 @@ Classes = [ 'headers': ['/security/manager/ssl/cert_storage/src/cert_storage.h'], 'legacy_constructor': 'cert_storage_constructor', }, + { + 'cid': '{f64432b9-e8c6-41b4-b2da-8eb004344bba}', + 'contract_ids': ['@mozilla.org/security/publickeypinningservice;1'], + 'type': 'psm::PublicKeyPinningService', + 'headers': ['/security/manager/ssl/PublicKeyPinningService.h'], + }, ] if defined('MOZ_XUL'): diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build index 50c36d13c9921..8638f6e3b9b47 100644 --- a/security/manager/ssl/moz.build +++ b/security/manager/ssl/moz.build @@ -36,6 +36,7 @@ XPIDL_SOURCES += [ "nsIPKCS11ModuleDB.idl", "nsIPKCS11Slot.idl", "nsIProtectedAuthThread.idl", + "nsIPublicKeyPinningService.idl", "nsISecretDecoderRing.idl", "nsISecurityUITelemetry.idl", "nsISiteSecurityService.idl", diff --git a/security/manager/ssl/nsIPublicKeyPinningService.idl b/security/manager/ssl/nsIPublicKeyPinningService.idl new file mode 100644 index 0000000000000..b48f86dbb7698 --- /dev/null +++ b/security/manager/ssl/nsIPublicKeyPinningService.idl @@ -0,0 +1,22 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIURI; + +[scriptable, uuid(f64432b9-e8c6-41b4-b2da-8eb004344bba), builtinclass] +interface nsIPublicKeyPinningService : nsISupports +{ + /** + * Returns true if the host of the given URI has pinning information, and + * false otherwise. + */ + [must_use] + bool hostHasPins(in nsIURI aURI); +}; + +%{C++ +#define NS_PKPSERVICE_CONTRACTID "@mozilla.org/security/publickeypinningservice;1" +%} diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl index 8fbf750a78d55..9af07832a2e98 100644 --- a/security/manager/ssl/nsISiteSecurityService.idl +++ b/security/manager/ssl/nsISiteSecurityService.idl @@ -45,10 +45,6 @@ interface nsISiteHSTSState : nsISiteSecurityState [scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)] interface nsISiteSecurityService : nsISupports { - const uint32_t HEADER_HSTS = 0; - const uint32_t STATIC_PINNING = 1; // was HEADER_HPKP - // HEADER_OMS was 2 (but was never implemented) - const uint32_t Success = 0; const uint32_t ERROR_UNKNOWN = 1; const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2; @@ -84,7 +80,6 @@ interface nsISiteSecurityService : nsISupports * and allows a host to specify that future HTTP requests should be * upgraded to HTTPS. * - * @param aType the type of security header in question. * @param aSourceURI the URI of the resource with the HTTP header. * @param aHeader the HTTP response header specifying security data. * @param aSecInfo the TransportSecurityInfo of the current channel. @@ -107,8 +102,7 @@ interface nsISiteSecurityService : nsISupports * if there are unrecognized tokens in the header. */ [binaryname(ProcessHeader), noscript, must_use] - void processHeaderNative(in uint32_t aType, - in nsIURI aSourceURI, + void processHeaderNative(in nsIURI aSourceURI, in ACString aHeader, in nsITransportSecurityInfo aSecInfo, in uint32_t aFlags, @@ -120,8 +114,7 @@ interface nsISiteSecurityService : nsISupports [binaryname(ProcessHeaderScriptable), implicit_jscontext, optional_argc, must_use] - void processHeader(in uint32_t aType, - in nsIURI aSourceURI, + void processHeader(in nsIURI aSourceURI, in ACString aHeader, in nsITransportSecurityInfo aSecInfo, in uint32_t aFlags, @@ -132,14 +125,12 @@ interface nsISiteSecurityService : nsISupports [optional] out uint32_t aFailureResult); /** - * Given a header type, resets state relating to that header of a host, - * including the includeSubdomains state that would affect subdomains. - * This essentially removes the state for the domain tree rooted at this - * host. If any preloaded information is present for that host, that - * information will then be used instead of any other previously existing - * state. + * Resets HSTS state a host, including the includeSubdomains state that + * would affect subdomains. This essentially removes the state for the + * domain tree rooted at this host. If any preloaded information is present + * for that host, that information will then be used instead of any other + * previously existing state. * - * @param aType the type of security state in question * @param aURI the URI of the target host * @param aFlags options for this request as defined in nsISocketProvider: * NO_PERMANENT_STORAGE @@ -150,21 +141,19 @@ interface nsISiteSecurityService : nsISupports * happens). */ [implicit_jscontext, optional_argc, must_use] - void resetState(in uint32_t aType, - in nsIURI aURI, + void resetState(in nsIURI aURI, in uint32_t aFlags, [optional] in jsval aOriginAttributes); /** - * Checks whether or not the URI's hostname has a given security state set. - * For example, for HSTS: + * Checks whether or not the URI's hostname has HSTS set. + * For example: * The URI is an HSTS URI if either the host has the HSTS state set, or one * of its super-domains has the HSTS "includeSubdomains" flag set. * NOTE: this function makes decisions based only on the * host contained in the URI, and disregards other portions of the URI * such as path and port. * - * @param aType the type of security state in question. * @param aURI the URI to query for STS state. * @param aFlags options for this request as defined in nsISocketProvider: * NO_PERMANENT_STORAGE @@ -179,21 +168,20 @@ interface nsISiteSecurityService : nsISupports * SOURCE_ORGANIC_REQUEST, or SOURCE_UNKNOWN. */ [binaryname(IsSecureURI), noscript, must_use] - boolean isSecureURINative(in uint32_t aType, in nsIURI aURI, - in uint32_t aFlags, + boolean isSecureURINative(in nsIURI aURI, in uint32_t aFlags, in const_OriginAttributesRef aOriginAttributes, [optional] out boolean aCached, [optional] out uint32_t aSource); [binaryname(IsSecureURIScriptable), implicit_jscontext, optional_argc, must_use] - boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags, + boolean isSecureURI(in nsIURI aURI, in uint32_t aFlags, [optional] in jsval aOriginAttributes, [optional] out boolean aCached, [optional] out uint32_t aSource); /** - * Removes all non-preloaded security state by resetting to factory-original + * Removes all non-preloaded HSTS state by resetting to factory-original * settings. */ [must_use] @@ -204,11 +192,9 @@ interface nsISiteSecurityService : nsISupports * the enumeration is a nsISiteSecurityState that can be QueryInterfaced to * nsISiteHSTSState. * Doesn't include hard-coded preloaded entries. - * - * @param aType the type of security state in question. */ [must_use] - nsISimpleEnumerator enumerate(in uint32_t aType); + nsISimpleEnumerator enumerate(); }; %{C++ diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp index b217d2c760741..2c876899bc72a 100644 --- a/security/manager/ssl/nsSiteSecurityService.cpp +++ b/security/manager/ssl/nsSiteSecurityService.cpp @@ -45,7 +45,7 @@ static LazyLogModule gSSSLog("nsSSService"); #define SSSLOG(args) MOZ_LOG(gSSSLog, mozilla::LogLevel::Debug, args) -const char kHSTSKeySuffix[] = ":HSTS"; +static const nsLiteralCString kHSTSKeySuffix = ":HSTS"_ns; //////////////////////////////////////////////////////////////////////////////// @@ -286,7 +286,7 @@ nsresult nsSiteSecurityService::GetHost(nsIURI* aURI, nsACString& aResult) { return NS_OK; } -static void SetStorageKey(const nsACString& hostname, uint32_t aType, +static void SetStorageKey(const nsACString& hostname, const OriginAttributes& aOriginAttributes, /*out*/ nsAutoCString& storageKey) { storageKey = hostname; @@ -298,13 +298,7 @@ static void SetStorageKey(const nsACString& hostname, uint32_t aType, nsAutoCString originAttributesSuffix; originAttributesNoUserContext.CreateSuffix(originAttributesSuffix); storageKey.Append(originAttributesSuffix); - switch (aType) { - case nsISiteSecurityService::HEADER_HSTS: - storageKey.AppendASCII(kHSTSKeySuffix); - break; - default: - MOZ_ASSERT_UNREACHABLE("SSS:SetStorageKey got invalid type"); - } + storageKey.Append(kHSTSKeySuffix); } // Expire times are in millis. Since Headers max-age is in seconds, and @@ -314,17 +308,16 @@ static int64_t ExpireTimeFromMaxAge(uint64_t maxAge) { } nsresult nsSiteSecurityService::SetHSTSState( - uint32_t aType, const char* aHost, int64_t maxage, bool includeSubdomains, - uint32_t flags, SecurityPropertyState aHSTSState, - SecurityPropertySource aSource, const OriginAttributes& aOriginAttributes) { + const char* aHost, int64_t maxage, bool includeSubdomains, uint32_t flags, + SecurityPropertyState aHSTSState, SecurityPropertySource aSource, + const OriginAttributes& aOriginAttributes) { nsAutoCString hostname(aHost); bool isPreload = (aSource == SourcePreload); // If max-age is zero, the host is no longer considered HSTS. If the host was // preloaded, we store an entry indicating that this host is not HSTS, causing // the preloaded information to be ignored. if (maxage == 0) { - return MarkHostAsNotHSTS(aType, hostname, flags, isPreload, - aOriginAttributes); + return MarkHostAsNotHSTS(hostname, flags, isPreload, aOriginAttributes); } MOZ_ASSERT(aHSTSState == SecurityPropertySet, @@ -345,7 +338,7 @@ nsresult nsSiteSecurityService::SetHSTSState( ? mozilla::DataStorage_Private : mozilla::DataStorage_Persistent; nsAutoCString storageKey; - SetStorageKey(hostname, aType, aOriginAttributes, storageKey); + SetStorageKey(hostname, aOriginAttributes, storageKey); SSSLOG(("SSS: storing HSTS site entry for %s", hostname.get())); nsCString value = mSiteStateStorage->Get(storageKey, storageType); RefPtr curSiteState = @@ -367,12 +360,8 @@ nsresult nsSiteSecurityService::SetHSTSState( // entry that indicates this host is not HSTS to prevent the implementation // using the preloaded information. nsresult nsSiteSecurityService::MarkHostAsNotHSTS( - uint32_t aType, const nsAutoCString& aHost, uint32_t aFlags, - bool aIsPreload, const OriginAttributes& aOriginAttributes) { - // This only applies to HSTS. - if (aType != nsISiteSecurityService::HEADER_HSTS) { - return NS_ERROR_INVALID_ARG; - } + const nsAutoCString& aHost, uint32_t aFlags, bool aIsPreload, + const OriginAttributes& aOriginAttributes) { if (aIsPreload && aOriginAttributes != OriginAttributes()) { return NS_ERROR_INVALID_ARG; } @@ -382,7 +371,7 @@ nsresult nsSiteSecurityService::MarkHostAsNotHSTS( ? mozilla::DataStorage_Private : mozilla::DataStorage_Persistent; nsAutoCString storageKey; - SetStorageKey(aHost, aType, aOriginAttributes, storageKey); + SetStorageKey(aHost, aOriginAttributes, storageKey); if (GetPreloadStatus(aHost)) { SSSLOG(("SSS: storing knockout entry for %s", aHost.get())); @@ -402,7 +391,7 @@ nsresult nsSiteSecurityService::MarkHostAsNotHSTS( } NS_IMETHODIMP -nsSiteSecurityService::ResetState(uint32_t aType, nsIURI* aURI, uint32_t aFlags, +nsSiteSecurityService::ResetState(nsIURI* aURI, uint32_t aFlags, JS::HandleValue aOriginAttributes, JSContext* aCx, uint8_t aArgc) { if (!XRE_IsParentProcess()) { @@ -423,7 +412,7 @@ nsSiteSecurityService::ResetState(uint32_t aType, nsIURI* aURI, uint32_t aFlags, } } - return ResetStateInternal(aType, aURI, aFlags, originAttributes); + return ResetStateInternal(aURI, aFlags, originAttributes); } // Helper function to reset stored state of the given type for the host @@ -433,21 +422,17 @@ nsSiteSecurityService::ResetState(uint32_t aType, nsIURI* aURI, uint32_t aFlags, // header with max-age=0 (meaning preloaded information will then not be used // for that host). nsresult nsSiteSecurityService::ResetStateInternal( - uint32_t aType, nsIURI* aURI, uint32_t aFlags, - const OriginAttributes& aOriginAttributes) { + nsIURI* aURI, uint32_t aFlags, const OriginAttributes& aOriginAttributes) { if (!aURI) { return NS_ERROR_INVALID_ARG; } - if (aType != nsISiteSecurityService::HEADER_HSTS) { - return NS_ERROR_INVALID_ARG; - } nsAutoCString hostname; nsresult rv = GetHost(aURI, hostname); if (NS_FAILED(rv)) { return rv; } nsAutoCString storageKey; - SetStorageKey(hostname, aType, aOriginAttributes, storageKey); + SetStorageKey(hostname, aOriginAttributes, storageKey); bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE; mozilla::DataStorageType storageType = isPrivate ? mozilla::DataStorage_Private @@ -456,7 +441,7 @@ nsresult nsSiteSecurityService::ResetStateInternal( return NS_OK; } -static bool HostIsIPAddress(const nsCString& hostname) { +bool nsSiteSecurityService::HostIsIPAddress(const nsCString& hostname) { PRNetAddr hostAddr; PRErrorCode prv = PR_StringToNetAddr(hostname.get(), &hostAddr); return (prv == PR_SUCCESS); @@ -464,7 +449,7 @@ static bool HostIsIPAddress(const nsCString& hostname) { NS_IMETHODIMP nsSiteSecurityService::ProcessHeaderScriptable( - uint32_t aType, nsIURI* aSourceURI, const nsACString& aHeader, + nsIURI* aSourceURI, const nsACString& aHeader, nsITransportSecurityInfo* aSecInfo, uint32_t aFlags, uint32_t aSource, JS::HandleValue aOriginAttributes, uint64_t* aMaxAge, bool* aIncludeSubdomains, uint32_t* aFailureResult, JSContext* aCx, @@ -476,14 +461,14 @@ nsSiteSecurityService::ProcessHeaderScriptable( return NS_ERROR_INVALID_ARG; } } - return ProcessHeader(aType, aSourceURI, aHeader, aSecInfo, aFlags, aSource, + return ProcessHeader(aSourceURI, aHeader, aSecInfo, aFlags, aSource, originAttributes, aMaxAge, aIncludeSubdomains, aFailureResult); } NS_IMETHODIMP nsSiteSecurityService::ProcessHeader( - uint32_t aType, nsIURI* aSourceURI, const nsACString& aHeader, + nsIURI* aSourceURI, const nsACString& aHeader, nsITransportSecurityInfo* aSecInfo, uint32_t aFlags, uint32_t aHeaderSource, const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge, bool* aIncludeSubdomains, uint32_t* aFailureResult) { @@ -497,8 +482,6 @@ nsSiteSecurityService::ProcessHeader( if (aFailureResult) { *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; } - NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS, - NS_ERROR_NOT_IMPLEMENTED); SecurityPropertySource source = static_cast(aHeaderSource); switch (source) { @@ -511,23 +494,19 @@ nsSiteSecurityService::ProcessHeader( } NS_ENSURE_ARG(aSecInfo); - return ProcessHeaderInternal(aType, aSourceURI, PromiseFlatCString(aHeader), + return ProcessHeaderInternal(aSourceURI, PromiseFlatCString(aHeader), aSecInfo, aFlags, source, aOriginAttributes, aMaxAge, aIncludeSubdomains, aFailureResult); } nsresult nsSiteSecurityService::ProcessHeaderInternal( - uint32_t aType, nsIURI* aSourceURI, const nsCString& aHeader, + nsIURI* aSourceURI, const nsCString& aHeader, nsITransportSecurityInfo* aSecInfo, uint32_t aFlags, SecurityPropertySource aSource, const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge, bool* aIncludeSubdomains, uint32_t* aFailureResult) { if (aFailureResult) { *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN; } - // Only HSTS is supported at the moment. - NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS, - NS_ERROR_NOT_IMPLEMENTED); - if (aMaxAge != nullptr) { *aMaxAge = 0; } @@ -569,19 +548,12 @@ nsresult nsSiteSecurityService::ProcessHeaderInternal( return NS_OK; } - switch (aType) { - case nsISiteSecurityService::HEADER_HSTS: - rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aSource, - aOriginAttributes, aMaxAge, aIncludeSubdomains, - aFailureResult); - break; - default: - MOZ_CRASH("unexpected header type"); - } - return rv; + return ProcessSTSHeader(aSourceURI, aHeader, aFlags, aSource, + aOriginAttributes, aMaxAge, aIncludeSubdomains, + aFailureResult); } -static uint32_t ParseSSSHeaders(uint32_t aType, const nsCString& aHeader, +static uint32_t ParseSSSHeaders(const nsCString& aHeader, bool& foundIncludeSubdomains, bool& foundMaxAge, bool& foundUnrecognizedDirective, uint64_t& maxAge) { @@ -675,16 +647,13 @@ nsresult nsSiteSecurityService::ProcessSTSHeader( } SSSLOG(("SSS: processing HSTS header '%s'", aHeader.get())); - const uint32_t aType = nsISiteSecurityService::HEADER_HSTS; bool foundMaxAge = false; bool foundIncludeSubdomains = false; bool foundUnrecognizedDirective = false; uint64_t maxAge = 0; - nsTArray unusedSHA256keys; // Required for sane internal interface - uint32_t sssrv = - ParseSSSHeaders(aType, aHeader, foundIncludeSubdomains, foundMaxAge, - foundUnrecognizedDirective, maxAge); + uint32_t sssrv = ParseSSSHeaders(aHeader, foundIncludeSubdomains, foundMaxAge, + foundUnrecognizedDirective, maxAge); if (sssrv != nsISiteSecurityService::Success) { if (aFailureResult) { *aFailureResult = sssrv; @@ -707,8 +676,8 @@ nsresult nsSiteSecurityService::ProcessSTSHeader( NS_ENSURE_SUCCESS(rv, rv); // record the successfully parsed header data. - rv = SetHSTSState(aType, hostname.get(), maxAge, foundIncludeSubdomains, - aFlags, SecurityPropertySet, aSource, aOriginAttributes); + rv = SetHSTSState(hostname.get(), maxAge, foundIncludeSubdomains, aFlags, + SecurityPropertySet, aSource, aOriginAttributes); if (NS_FAILED(rv)) { SSSLOG(("SSS: failed to set STS state")); if (aFailureResult) { @@ -730,8 +699,7 @@ nsresult nsSiteSecurityService::ProcessSTSHeader( } NS_IMETHODIMP -nsSiteSecurityService::IsSecureURIScriptable(uint32_t aType, nsIURI* aURI, - uint32_t aFlags, +nsSiteSecurityService::IsSecureURIScriptable(nsIURI* aURI, uint32_t aFlags, JS::HandleValue aOriginAttributes, bool* aCached, uint32_t* aSource, JSContext* aCx, uint8_t aArgc, @@ -743,31 +711,17 @@ nsSiteSecurityService::IsSecureURIScriptable(uint32_t aType, nsIURI* aURI, return NS_ERROR_INVALID_ARG; } } - return IsSecureURI(aType, aURI, aFlags, originAttributes, aCached, aSource, - aResult); + return IsSecureURI(aURI, aFlags, originAttributes, aCached, aSource, aResult); } NS_IMETHODIMP -nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI, - uint32_t aFlags, +nsSiteSecurityService::IsSecureURI(nsIURI* aURI, uint32_t aFlags, const OriginAttributes& aOriginAttributes, bool* aCached, uint32_t* aSource, bool* aResult) { - // Child processes are not allowed direct access to this. - if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) { - MOZ_CRASH( - "Child process: no direct access to " - "nsISiteSecurityService::IsSecureURI for non-HSTS entries"); - } - NS_ENSURE_ARG(aURI); NS_ENSURE_ARG(aResult); - // Only HSTS and static pinning are supported. - NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS || - aType == nsISiteSecurityService::STATIC_PINNING, - NS_ERROR_NOT_IMPLEMENTED); - nsAutoCString hostname; nsresult rv = GetHost(aURI, hostname); NS_ENSURE_SUCCESS(rv, rv); @@ -780,8 +734,8 @@ nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI, SecurityPropertySource* source = BitwiseCast(aSource); - return IsSecureHost(aType, hostname, aFlags, aOriginAttributes, aCached, - source, aResult); + return IsSecureHost(hostname, aFlags, aOriginAttributes, aCached, source, + aResult); } // Checks if the given host is in the preload list. @@ -837,17 +791,13 @@ bool nsSiteSecurityService::HostHasHSTSEntry( : mozilla::DataStorage_Persistent; nsAutoCString storageKey; SSSLOG(("Seeking HSTS entry for %s", aHost.get())); - SetStorageKey(aHost, nsISiteSecurityService::HEADER_HSTS, aOriginAttributes, - storageKey); - nsAutoCString preloadKey; - SetStorageKey(aHost, nsISiteSecurityService::HEADER_HSTS, OriginAttributes(), - preloadKey); + SetStorageKey(aHost, aOriginAttributes, storageKey); nsCString value = mSiteStateStorage->Get(storageKey, storageType); RefPtr siteState = new SiteHSTSState(aHost, aOriginAttributes, value); if (siteState->mHSTSState != SecurityPropertyUnset) { SSSLOG(("Found HSTS entry for %s", aHost.get())); - bool expired = siteState->IsExpired(nsISiteSecurityService::HEADER_HSTS); + bool expired = siteState->IsExpired(); if (!expired) { SSSLOG(("Entry for %s is not expired", aHost.get())); if (siteState->mHSTSState == SecurityPropertySet) { @@ -897,23 +847,11 @@ bool nsSiteSecurityService::HostHasHSTSEntry( } nsresult nsSiteSecurityService::IsSecureHost( - uint32_t aType, const nsACString& aHost, uint32_t aFlags, + const nsACString& aHost, uint32_t aFlags, const OriginAttributes& aOriginAttributes, bool* aCached, SecurityPropertySource* aSource, bool* aResult) { - // Child processes are not allowed direct access to this. - if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) { - MOZ_CRASH( - "Child process: no direct access to " - "nsISiteSecurityService::IsSecureHost for non-HSTS entries"); - } - NS_ENSURE_ARG(aResult); - // Only HSTS and static pinning are supported. - NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS || - aType == nsISiteSecurityService::STATIC_PINNING, - NS_ERROR_NOT_IMPLEMENTED); - // set default in case if we can't find any STS information *aResult = false; @@ -923,11 +861,6 @@ nsresult nsSiteSecurityService::IsSecureHost( return NS_OK; } - if (aType == nsISiteSecurityService::STATIC_PINNING) { - return PublicKeyPinningService::HostHasPins(flatHost.get(), - mozilla::pkix::Now(), *aResult); - } - nsAutoCString host( PublicKeyPinningService::CanonicalizeHostname(flatHost.get())); @@ -979,46 +912,28 @@ nsSiteSecurityService::ClearAll() { } NS_IMETHODIMP -nsSiteSecurityService::Enumerate(uint32_t aType, - nsISimpleEnumerator** aEnumerator) { +nsSiteSecurityService::Enumerate(nsISimpleEnumerator** aEnumerator) { NS_ENSURE_ARG(aEnumerator); - nsAutoCString keySuffix; - switch (aType) { - case nsISiteSecurityService::HEADER_HSTS: - keySuffix.AssignASCII(kHSTSKeySuffix); - break; - default: - return NS_ERROR_INVALID_ARG; - } - nsTArray items; mSiteStateStorage->GetAll(&items); - nsCOMArray states; for (const mozilla::psm::DataStorageItem& item : items) { - if (!StringEndsWith(item.key(), keySuffix)) { + if (!StringEndsWith(item.key(), kHSTSKeySuffix)) { // The key does not end with correct suffix, so is not the type we want. continue; } nsCString origin( - StringHead(item.key(), item.key().Length() - keySuffix.Length())); + StringHead(item.key(), item.key().Length() - kHSTSKeySuffix.Length())); nsAutoCString hostname; OriginAttributes originAttributes; if (!originAttributes.PopulateFromOrigin(origin, hostname)) { return NS_ERROR_FAILURE; } - nsCOMPtr state; - switch (aType) { - case nsISiteSecurityService::HEADER_HSTS: - state = new SiteHSTSState(hostname, originAttributes, item.value()); - break; - default: - MOZ_ASSERT_UNREACHABLE("SSS:Enumerate got invalid type"); - } - + nsCOMPtr state( + new SiteHSTSState(hostname, originAttributes, item.value())); states.AppendObject(state); } diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h index 232174c4c03c9..279fa2985c81d 100644 --- a/security/manager/ssl/nsSiteSecurityService.h +++ b/security/manager/ssl/nsSiteSecurityService.h @@ -82,7 +82,7 @@ class SiteHSTSState : public nsISiteHSTSState { bool mHSTSIncludeSubdomains; SecurityPropertySource mHSTSSource; - bool IsExpired(uint32_t aType) { + bool IsExpired() { // If mHSTSExpireTime is 0, this entry never expires (this is the case for // knockout entries). if (mHSTSExpireTime == 0) { @@ -115,30 +115,34 @@ class nsSiteSecurityService : public nsISiteSecurityService, nsSiteSecurityService(); nsresult Init(); + static nsresult GetHost(nsIURI* aURI, nsACString& aResult); + static bool HostIsIPAddress(const nsCString& hostname); + protected: virtual ~nsSiteSecurityService(); private: - nsresult GetHost(nsIURI* aURI, nsACString& aResult); - nsresult SetHSTSState(uint32_t aType, const char* aHost, int64_t maxage, + nsresult SetHSTSState(const char* aHost, int64_t maxage, bool includeSubdomains, uint32_t flags, SecurityPropertyState aHSTSState, SecurityPropertySource aSource, const OriginAttributes& aOriginAttributes); - nsresult ProcessHeaderInternal( - uint32_t aType, nsIURI* aSourceURI, const nsCString& aHeader, - nsITransportSecurityInfo* aSecInfo, uint32_t aFlags, - SecurityPropertySource aSource, const OriginAttributes& aOriginAttributes, - uint64_t* aMaxAge, bool* aIncludeSubdomains, uint32_t* aFailureResult); + nsresult ProcessHeaderInternal(nsIURI* aSourceURI, const nsCString& aHeader, + nsITransportSecurityInfo* aSecInfo, + uint32_t aFlags, + SecurityPropertySource aSource, + const OriginAttributes& aOriginAttributes, + uint64_t* aMaxAge, bool* aIncludeSubdomains, + uint32_t* aFailureResult); nsresult ProcessSTSHeader(nsIURI* aSourceURI, const nsCString& aHeader, uint32_t flags, SecurityPropertySource aSource, const OriginAttributes& aOriginAttributes, uint64_t* aMaxAge, bool* aIncludeSubdomains, uint32_t* aFailureResult); - nsresult MarkHostAsNotHSTS(uint32_t aType, const nsAutoCString& aHost, - uint32_t aFlags, bool aIsPreload, + nsresult MarkHostAsNotHSTS(const nsAutoCString& aHost, uint32_t aFlags, + bool aIsPreload, const OriginAttributes& aOriginAttributes); - nsresult ResetStateInternal(uint32_t aType, nsIURI* aURI, uint32_t aFlags, + nsresult ResetStateInternal(nsIURI* aURI, uint32_t aFlags, const OriginAttributes& aOriginAttributes); bool HostHasHSTSEntry(const nsAutoCString& aHost, bool aRequireIncludeSubdomains, uint32_t aFlags, @@ -148,8 +152,7 @@ class nsSiteSecurityService : public nsISiteSecurityService, bool GetPreloadStatus( const nsACString& aHost, /*optional out*/ bool* aIncludeSubdomains = nullptr) const; - nsresult IsSecureHost(uint32_t aType, const nsACString& aHost, - uint32_t aFlags, + nsresult IsSecureHost(const nsACString& aHost, uint32_t aFlags, const OriginAttributes& aOriginAttributes, bool* aCached, SecurityPropertySource* aSource, bool* aResult); diff --git a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js index a1be1d2a29dcc..a57572bae2188 100644 --- a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js +++ b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js @@ -38,7 +38,6 @@ function test() { ].createInstance(Ci.nsITransportSecurityInfo); uri = aWindow.Services.io.newURI("https://localhost/img.png"); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000", secInfo, @@ -46,11 +45,7 @@ function test() { Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); ok( - gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - privacyFlags(aIsPrivateMode) - ), + gSSService.isSecureURI(uri, privacyFlags(aIsPrivateMode)), "checking sts host" ); @@ -79,7 +74,7 @@ function test() { aWin.close(); }); uri = Services.io.newURI("http://localhost"); - gSSService.resetState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + gSSService.resetState(uri, 0); }); // test first when on private mode diff --git a/security/manager/ssl/tests/unit/sss_readstate_child_worker.js b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js index 851a4e26cecfe..f6539ddcebcdd 100644 --- a/security/manager/ssl/tests/unit/sss_readstate_child_worker.js +++ b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js @@ -7,57 +7,46 @@ function run_test() { ); ok( - !SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - Services.io.newURI("https://expired.example.com"), - 0 - ) + !SSService.isSecureURI(Services.io.newURI("https://expired.example.com"), 0) ); ok( SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://notexpired.example.com"), 0 ) ); ok( SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) ); ok( !SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.includesubdomains.preloaded.test"), 0 ) ); ok( SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://incsubdomain.example.com"), 0 ) ); ok( SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.incsubdomain.example.com"), 0 ) ); ok( !SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains2.preloaded.test"), 0 ) ); ok( !SSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.includesubdomains2.preloaded.test"), 0 ) diff --git a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js index cf697d94e7226..8eda644878e81 100644 --- a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js +++ b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js @@ -45,7 +45,6 @@ function add_tests() { // longer. add_task(async function() { sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE, secInfo, @@ -53,15 +52,12 @@ function add_tests() { Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - Assert.ok( - sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0), - "a.pinning.example.com should be HSTS" - ); + Assert.ok(sss.isSecureURI(uri, 0), "a.pinning.example.com should be HSTS"); await ForgetAboutSite.removeDataFromDomain("a.pinning.example.com"); Assert.ok( - !sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0), + !sss.isSecureURI(uri, 0), "a.pinning.example.com should not be HSTS now" ); }); @@ -72,7 +68,6 @@ function add_tests() { // unrelated sites don't also get removed. add_task(async function() { sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE, secInfo, @@ -81,34 +76,30 @@ function add_tests() { ); Assert.ok( - sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0), + sss.isSecureURI(uri, 0), "a.pinning.example.com should be HSTS (subdomain case)" ); // Add an unrelated site to HSTS. let unrelatedURI = Services.io.newURI("https://example.org"); sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, unrelatedURI, GOOD_MAX_AGE, secInfo, 0, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - Assert.ok( - sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, unrelatedURI, 0), - "example.org should be HSTS" - ); + Assert.ok(sss.isSecureURI(unrelatedURI, 0), "example.org should be HSTS"); await ForgetAboutSite.removeDataFromDomain("example.com"); Assert.ok( - !sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0), + !sss.isSecureURI(uri, 0), "a.pinning.example.com should not be HSTS now (subdomain case)" ); Assert.ok( - sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, unrelatedURI, 0), + sss.isSecureURI(unrelatedURI, 0), "example.org should still be HSTS" ); }); @@ -130,7 +121,6 @@ function add_tests() { for (let originAttributes of originAttributesList) { sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE, secInfo, @@ -140,18 +130,12 @@ function add_tests() { ); Assert.ok( - sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes - ), + sss.isSecureURI(uri, 0, originAttributes), "a.pinning.example.com should be HSTS (originAttributes case)" ); // Add an unrelated site to HSTS. sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, unrelatedURI, GOOD_MAX_AGE, secInfo, @@ -160,12 +144,7 @@ function add_tests() { originAttributes ); Assert.ok( - sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - unrelatedURI, - 0, - originAttributes - ), + sss.isSecureURI(unrelatedURI, 0, originAttributes), "example.org should be HSTS (originAttributes case)" ); } @@ -174,23 +153,13 @@ function add_tests() { for (let originAttributes of originAttributesList) { Assert.ok( - !sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes - ), + !sss.isSecureURI(uri, 0, originAttributes), "a.pinning.example.com should not be HSTS now " + "(originAttributes case)" ); Assert.ok( - sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - unrelatedURI, - 0, - originAttributes - ), + sss.isSecureURI(unrelatedURI, 0, originAttributes), "example.org should still be HSTS (originAttributes case)" ); } diff --git a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js index 1c9ba6dcce161..b9029906b4c68 100644 --- a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js +++ b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js @@ -51,7 +51,6 @@ function run_test() { "@mozilla.org/security/transportsecurityinfo;1" ].createInstance(Ci.nsITransportSecurityInfo); SSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=10000", secInfo, @@ -59,7 +58,7 @@ function run_test() { Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); ok( - SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0), + SSService.isSecureURI(uri, 0), "Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" + " we wouldn't be testing what we think we're testing" ); diff --git a/security/manager/ssl/tests/unit/test_sss_enumerate.js b/security/manager/ssl/tests/unit/test_sss_enumerate.js index e039660f33c94..103c4eea4a207 100644 --- a/security/manager/ssl/tests/unit/test_sss_enumerate.js +++ b/security/manager/ssl/tests/unit/test_sss_enumerate.js @@ -21,8 +21,8 @@ const TESTCASES = [ let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService); -function getEntries(type) { - return Array.from(sss.enumerate(type)); +function getEntries() { + return Array.from(sss.enumerate()); } function checkSiteSecurityStateAttrs(entries) { @@ -71,7 +71,6 @@ function add_tests() { header += "; includeSubdomains"; } sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, header, secInfo, @@ -83,12 +82,12 @@ function add_tests() { } add_task(() => { - let hstsEntries = getEntries(Ci.nsISiteSecurityService.HEADER_HSTS); + let hstsEntries = getEntries(); checkSiteSecurityStateAttrs(hstsEntries); sss.clearAll(); - hstsEntries = getEntries(Ci.nsISiteSecurityService.HEADER_HSTS); + hstsEntries = getEntries(); equal(hstsEntries.length, 0, "Should clear all HSTS entries"); }); diff --git a/security/manager/ssl/tests/unit/test_sss_eviction.js b/security/manager/ssl/tests/unit/test_sss_eviction.js index dbb0880064c6e..c9ac3071e0450 100644 --- a/security/manager/ssl/tests/unit/test_sss_eviction.js +++ b/security/manager/ssl/tests/unit/test_sss_eviction.js @@ -53,7 +53,6 @@ function do_state_read(aSubject, aTopic, aData) { ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://frequentlyused.example.com"), 0 ) @@ -64,7 +63,6 @@ function do_state_read(aSubject, aTopic, aData) { for (let i = 0; i < 2000; i++) { let uri = Services.io.newURI("http://bad" + i + ".example.com"); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000", secInfo, diff --git a/security/manager/ssl/tests/unit/test_sss_originAttributes.js b/security/manager/ssl/tests/unit/test_sss_originAttributes.js index 181a57ee28dde..0197ec6fc98ab 100644 --- a/security/manager/ssl/tests/unit/test_sss_originAttributes.js +++ b/security/manager/ssl/tests/unit/test_sss_originAttributes.js @@ -24,7 +24,6 @@ function doTest(secInfo, originAttributes1, originAttributes2, shouldShare) { let header = GOOD_MAX_AGE; // Set HSTS for originAttributes1. sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, header, secInfo, @@ -33,21 +32,11 @@ function doTest(secInfo, originAttributes1, originAttributes2, shouldShare) { originAttributes1 ); ok( - sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes1 - ), + sss.isSecureURI(uri, 0, originAttributes1), "URI should be secure given original origin attributes" ); equal( - sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes2 - ), + sss.isSecureURI(uri, 0, originAttributes2), shouldShare, "URI should be secure given different origin attributes if and " + "only if shouldShare is true" @@ -55,37 +44,17 @@ function doTest(secInfo, originAttributes1, originAttributes2, shouldShare) { if (!shouldShare) { // Remove originAttributes2 from the storage. - sss.resetState( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes2 - ); + sss.resetState(uri, 0, originAttributes2); ok( - sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes1 - ), + sss.isSecureURI(uri, 0, originAttributes1), "URI should still be secure given original origin attributes" ); } // Remove originAttributes1 from the storage. - sss.resetState( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes1 - ); + sss.resetState(uri, 0, originAttributes1); ok( - !sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes1 - ), + !sss.isSecureURI(uri, 0, originAttributes1), "URI should not be secure after removeState" ); @@ -98,7 +67,6 @@ function testInvalidOriginAttributes(secInfo, originAttributes) { let callbacks = [ () => sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, header, secInfo, @@ -106,20 +74,8 @@ function testInvalidOriginAttributes(secInfo, originAttributes) { Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST, originAttributes ), - () => - sss.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes - ), - () => - sss.resetState( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes - ), + () => sss.isSecureURI(uri, 0, originAttributes), + () => sss.resetState(uri, 0, originAttributes), ]; for (let callback of callbacks) { diff --git a/security/manager/ssl/tests/unit/test_sss_readstate.js b/security/manager/ssl/tests/unit/test_sss_readstate.js index 1f3951a3f0209..076b5d5fd384e 100644 --- a/security/manager/ssl/tests/unit/test_sss_readstate.js +++ b/security/manager/ssl/tests/unit/test_sss_readstate.js @@ -17,56 +17,48 @@ function checkStateRead(aSubject, aTopic, aData) { ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://expired.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://notexpired.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.includesubdomains.preloaded.test"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://incsubdomain.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.incsubdomain.example.com"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains2.preloaded.test"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.includesubdomains2.preloaded.test"), 0 ) @@ -76,56 +68,48 @@ function checkStateRead(aSubject, aTopic, aData) { gSSService.clearAll(); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://expired.example.com"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://notexpired.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.includesubdomains.preloaded.test"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://incsubdomain.example.com"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.incsubdomain.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains2.preloaded.test"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sub.includesubdomains2.preloaded.test"), 0 ) diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_empty.js b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js index b1def6bdd8be3..58003539ad606 100644 --- a/security/manager/ssl/tests/unit/test_sss_readstate_empty.js +++ b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js @@ -12,14 +12,12 @@ function checkStateRead(aSubject, aTopic, aData) { // nonexistent.example.com should never be an HSTS host ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://nonexistent.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) @@ -28,7 +26,6 @@ function checkStateRead(aSubject, aTopic, aData) { // want to make sure that test hasn't interfered with this one. ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://notexpired.example.com"), 0 ) diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js index 94f1ca9e6b5da..2284f8f0c1887 100644 --- a/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js +++ b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js @@ -21,11 +21,7 @@ function checkStateRead(aSubject, aTopic, aData) { ]; for (let host of HSTS_HOSTS) { ok( - gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - Services.io.newURI(host), - 0 - ), + gSSService.isSecureURI(Services.io.newURI(host), 0), `${host} should be HSTS enabled` ); } @@ -45,11 +41,7 @@ function checkStateRead(aSubject, aTopic, aData) { ]; for (let host of NOT_HSTS_HOSTS) { ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - Services.io.newURI(host), - 0 - ), + !gSSService.isSecureURI(Services.io.newURI(host), 0), `${host} should not be HSTS enabled` ); } diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_huge.js b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js index d0c7a7541d325..2bc4212a60327 100644 --- a/security/manager/ssl/tests/unit/test_sss_readstate_huge.js +++ b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js @@ -18,49 +18,42 @@ function checkStateRead(aSubject, aTopic, aData) { ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://example0.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://example423.example.com"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://example1023.example.com"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://example1024.example.com"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://example1025.example.com"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://example9000.example.com"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://example99999.example.com"), 0 ) diff --git a/security/manager/ssl/tests/unit/test_sss_resetState.js b/security/manager/ssl/tests/unit/test_sss_resetState.js index 1850442b64deb..6680245760916 100644 --- a/security/manager/ssl/tests/unit/test_sss_resetState.js +++ b/security/manager/ssl/tests/unit/test_sss_resetState.js @@ -14,74 +14,70 @@ var gSSService = Cc["@mozilla.org/ssservice;1"].getService( Ci.nsISiteSecurityService ); -function test_removeState(secInfo, type, flags) { - info(`running test_removeState(type=${type}, flags=${flags})`); +function test_removeState(secInfo, flags) { + info(`running test_removeState(flags=${flags})`); // Simulate visiting a non-preloaded site by processing an HSTS header check // that the HSTS bit gets set, simulate "forget about this site" (call // removeState), and then check that the HSTS bit isn't set. let notPreloadedURI = Services.io.newURI("https://not-preloaded.example.com"); - ok(!gSSService.isSecureURI(type, notPreloadedURI, flags)); + ok(!gSSService.isSecureURI(notPreloadedURI, flags)); gSSService.processHeader( - type, notPreloadedURI, "max-age=1000;", secInfo, flags, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok(gSSService.isSecureURI(type, notPreloadedURI, flags)); - gSSService.resetState(type, notPreloadedURI, flags); - ok(!gSSService.isSecureURI(type, notPreloadedURI, flags)); + ok(gSSService.isSecureURI(notPreloadedURI, flags)); + gSSService.resetState(notPreloadedURI, flags); + ok(!gSSService.isSecureURI(notPreloadedURI, flags)); // Simulate visiting a non-preloaded site that unsets HSTS by processing // an HSTS header with "max-age=0", check that the HSTS bit isn't // set, simulate "forget about this site" (call removeState), and then check // that the HSTS bit isn't set. gSSService.processHeader( - type, notPreloadedURI, "max-age=0;", secInfo, flags, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok(!gSSService.isSecureURI(type, notPreloadedURI, flags)); - gSSService.resetState(type, notPreloadedURI, flags); - ok(!gSSService.isSecureURI(type, notPreloadedURI, flags)); + ok(!gSSService.isSecureURI(notPreloadedURI, flags)); + gSSService.resetState(notPreloadedURI, flags); + ok(!gSSService.isSecureURI(notPreloadedURI, flags)); // Simulate visiting a preloaded site by processing an HSTS header, check // that the HSTS bit is still set, simulate "forget about this site" // (call removeState), and then check that the HSTS bit is still set. let preloadedHost = "includesubdomains.preloaded.test"; let preloadedURI = Services.io.newURI(`https://${preloadedHost}`); - ok(gSSService.isSecureURI(type, preloadedURI, flags)); + ok(gSSService.isSecureURI(preloadedURI, flags)); gSSService.processHeader( - type, preloadedURI, "max-age=1000;", secInfo, flags, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok(gSSService.isSecureURI(type, preloadedURI, flags)); - gSSService.resetState(type, preloadedURI, flags); - ok(gSSService.isSecureURI(type, preloadedURI, flags)); + ok(gSSService.isSecureURI(preloadedURI, flags)); + gSSService.resetState(preloadedURI, flags); + ok(gSSService.isSecureURI(preloadedURI, flags)); // Simulate visiting a preloaded site that unsets HSTS by processing an // HSTS header with "max-age=0", check that the HSTS bit is what we // expect (see below), simulate "forget about this site" (call removeState), // and then check that the HSTS bit is set. gSSService.processHeader( - type, preloadedURI, "max-age=0;", secInfo, flags, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok(!gSSService.isSecureURI(type, preloadedURI, flags)); - gSSService.resetState(type, preloadedURI, flags); - ok(gSSService.isSecureURI(type, preloadedURI, flags)); + ok(!gSSService.isSecureURI(preloadedURI, flags)); + gSSService.resetState(preloadedURI, flags); + ok(gSSService.isSecureURI(preloadedURI, flags)); } function add_tests() { @@ -96,12 +92,8 @@ function add_tests() { ); add_task(() => { - test_removeState(secInfo, Ci.nsISiteSecurityService.HEADER_HSTS, 0); - test_removeState( - secInfo, - Ci.nsISiteSecurityService.HEADER_HSTS, - Ci.nsISocketProvider.NO_PERMANENT_STORAGE - ); + test_removeState(secInfo, 0); + test_removeState(secInfo, Ci.nsISocketProvider.NO_PERMANENT_STORAGE); }); } diff --git a/security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js b/security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js index 6e1142b4b4226..b2fadd0aaac4b 100644 --- a/security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js +++ b/security/manager/ssl/tests/unit/test_sss_sanitizeOnShutdown.js @@ -40,7 +40,6 @@ add_task(async function run_test() { ].createInstance(Ci.nsITransportSecurityInfo); let header = "max-age=50000"; SSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("http://example.com"), header, secInfo, diff --git a/security/manager/ssl/tests/unit/test_sss_savestate.js b/security/manager/ssl/tests/unit/test_sss_savestate.js index 300afe4983270..19e6c2f17e219 100644 --- a/security/manager/ssl/tests/unit/test_sss_savestate.js +++ b/security/manager/ssl/tests/unit/test_sss_savestate.js @@ -108,7 +108,6 @@ function run_test() { "@mozilla.org/security/transportsecurityinfo;1" ].createInstance(Ci.nsITransportSecurityInfo); SSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uris[uriIndex], maxAge + includeSubdomains, secInfo, diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js index d8ecbf153015f..d93e898a7cc82 100644 --- a/security/manager/ssl/tests/unit/test_sts_fqdn.js +++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js @@ -11,30 +11,29 @@ function run_test() { let uri = Services.io.newURI("https://example.com"); let uri1 = Services.io.newURI("https://example.com."); let uri2 = Services.io.newURI("https://example.com.."); - ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); - ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri1, 0)); + ok(!SSService.isSecureURI(uri, 0)); + ok(!SSService.isSecureURI(uri1, 0)); // These cases are only relevant as long as bug 1118522 hasn't been fixed. - ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri2, 0)); + ok(!SSService.isSecureURI(uri2, 0)); let secInfo = Cc[ "@mozilla.org/security/transportsecurityinfo;1" ].createInstance(Ci.nsITransportSecurityInfo); SSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000;includeSubdomains", secInfo, 0, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); - ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri1, 0)); - ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri2, 0)); + ok(SSService.isSecureURI(uri, 0)); + ok(SSService.isSecureURI(uri1, 0)); + ok(SSService.isSecureURI(uri2, 0)); - SSService.resetState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); - ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); - ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri1, 0)); - ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri2, 0)); + SSService.resetState(uri, 0); + ok(!SSService.isSecureURI(uri, 0)); + ok(!SSService.isSecureURI(uri1, 0)); + ok(!SSService.isSecureURI(uri2, 0)); // Somehow creating this malformed URI succeeds - we need to handle it // gracefully. @@ -42,7 +41,7 @@ function run_test() { equal(uri.host, ".."); throws( () => { - SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + SSService.isSecureURI(uri, 0); }, /NS_ERROR_UNEXPECTED/, "Malformed URI should be rejected" diff --git a/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js index 1950d7b1bddb0..fb5a81e1b5e9c 100644 --- a/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js +++ b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js @@ -16,12 +16,11 @@ function check_ip(s, v, ip) { str += "/"; let uri = Services.io.newURI(str); - ok(!s.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(!s.isSecureURI(uri, 0)); let parsedMaxAge = {}; let parsedIncludeSubdomains = {}; s.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000;includeSubdomains", secInfo, @@ -32,7 +31,7 @@ function check_ip(s, v, ip) { parsedIncludeSubdomains ); ok( - !s.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0), + !s.isSecureURI(uri, 0), "URI should not be secure if it contains an IP address" ); diff --git a/security/manager/ssl/tests/unit/test_sts_parser.js b/security/manager/ssl/tests/unit/test_sts_parser.js index 8475d2e558b69..6d71d3e736200 100644 --- a/security/manager/ssl/tests/unit/test_sts_parser.js +++ b/security/manager/ssl/tests/unit/test_sts_parser.js @@ -19,7 +19,6 @@ function testSuccess(header, expectedMaxAge, expectedIncludeSubdomains) { let includeSubdomains = {}; sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, dummyUri, header, secInfo, @@ -46,7 +45,6 @@ function testFailure(header) { throws( () => { sss.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, dummyUri, header, secInfo, diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js index 142825829e795..15212513d896f 100644 --- a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js +++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js @@ -40,20 +40,13 @@ function test_part1() { // check that a host not in the list is not identified as an sts host ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://nonexistent.example.com"), 0 ) ); // check that an ancestor domain is not identified as an sts host - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - Services.io.newURI("https://com"), - 0 - ) - ); + ok(!gSSService.isSecureURI(Services.io.newURI("https://com"), 0)); // check that the pref to toggle using the preload list works Services.prefs.setBoolPref( @@ -62,7 +55,6 @@ function test_part1() { ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) @@ -73,7 +65,6 @@ function test_part1() { ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) @@ -82,7 +73,6 @@ function test_part1() { // check that a subdomain is an sts host (includeSubdomains is set) ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://subdomain.includesubdomains.preloaded.test"), 0 ) @@ -91,7 +81,6 @@ function test_part1() { // check that another subdomain is an sts host (includeSubdomains is set) ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://a.b.c.def.includesubdomains.preloaded.test"), 0 ) @@ -100,7 +89,6 @@ function test_part1() { // check that a subdomain is not an sts host (includeSubdomains is not set) ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI( "https://subdomain.noincludesubdomains.preloaded.test" ), @@ -111,7 +99,6 @@ function test_part1() { // check that a host with a dot on the end won't break anything ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://notsts.nonexistent.example.com."), 0 ) @@ -124,40 +111,26 @@ function test_part1() { "https://subdomain.includesubdomains.preloaded.test" ); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=0", secInfo, 0, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - subDomainUri, - 0 - ) - ); + ok(!gSSService.isSecureURI(uri, 0)); + ok(!gSSService.isSecureURI(subDomainUri, 0)); // check that processing another header (with max-age non-zero) will // re-enable a site's sts status gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000", secInfo, 0, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(gSSService.isSecureURI(uri, 0)); // but this time include subdomains was not set, so test for that - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - subDomainUri, - 0 - ) - ); + ok(!gSSService.isSecureURI(subDomainUri, 0)); gSSService.clearAll(); // check that processing a header with max-age: 0 from a subdomain of a site @@ -166,7 +139,6 @@ function test_part1() { "https://subdomain.noincludesubdomains.preloaded.test" ); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=0", secInfo, @@ -175,18 +147,16 @@ function test_part1() { ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://noincludesubdomains.preloaded.test"), 0 ) ); - ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(!gSSService.isSecureURI(uri, 0)); uri = Services.io.newURI( "https://subdomain.includesubdomains.preloaded.test" ); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=0", secInfo, @@ -204,28 +174,24 @@ function test_part1() { // `-- sibling.includesubdomains.preloaded.test IS sts host ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://subdomain.includesubdomains.preloaded.test"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sibling.includesubdomains.preloaded.test"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI( "https://another.subdomain.includesubdomains.preloaded.test" ), @@ -234,7 +200,6 @@ function test_part1() { ); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000", secInfo, @@ -248,21 +213,18 @@ function test_part1() { // `-- sibling.includesubdomains.preloaded.test IS sts host ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://subdomain.includesubdomains.preloaded.test"), 0 ) ); ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://sibling.includesubdomains.preloaded.test"), 0 ) ); ok( !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI( "https://another.subdomain.includesubdomains.preloaded.test" ), @@ -277,9 +239,8 @@ function test_part1() { // then treat that host as no longer an sts host.) // (sanity check first - this should be in the preload list) uri = Services.io.newURI("https://includesubdomains2.preloaded.test"); - ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(gSSService.isSecureURI(uri, 0)); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1", secInfo, @@ -287,7 +248,7 @@ function test_part1() { Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); do_timeout(1250, function() { - ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(!gSSService.isSecureURI(uri, 0)); run_next_test(); }); } @@ -301,92 +262,41 @@ function test_private_browsing1() { "https://a.b.c.subdomain.includesubdomains.preloaded.test" ); // sanity - includesubdomains.preloaded.test is preloaded, includeSubdomains set - ok( - gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - IS_PRIVATE - ) - ); - ok( - gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - subDomainUri, - IS_PRIVATE - ) - ); + ok(gSSService.isSecureURI(uri, IS_PRIVATE)); + ok(gSSService.isSecureURI(subDomainUri, IS_PRIVATE)); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=0", secInfo, IS_PRIVATE, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - IS_PRIVATE - ) - ); - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - subDomainUri, - IS_PRIVATE - ) - ); + ok(!gSSService.isSecureURI(uri, IS_PRIVATE)); + ok(!gSSService.isSecureURI(subDomainUri, IS_PRIVATE)); // check adding it back in gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000", secInfo, IS_PRIVATE, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok( - gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - IS_PRIVATE - ) - ); + ok(gSSService.isSecureURI(uri, IS_PRIVATE)); // but no includeSubdomains this time - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - subDomainUri, - IS_PRIVATE - ) - ); + ok(!gSSService.isSecureURI(subDomainUri, IS_PRIVATE)); // do the hokey-pokey... gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=0", secInfo, IS_PRIVATE, Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - IS_PRIVATE - ) - ); - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - subDomainUri, - IS_PRIVATE - ) - ); + ok(!gSSService.isSecureURI(uri, IS_PRIVATE)); + ok(!gSSService.isSecureURI(subDomainUri, IS_PRIVATE)); // Test that an expired private browsing entry results in correctly // identifying a host that is on the preload list as no longer sts. @@ -395,15 +305,8 @@ function test_private_browsing1() { // then treat that host as no longer an sts host.) // (sanity check first - this should be in the preload list) uri = Services.io.newURI("https://includesubdomains2.preloaded.test"); - ok( - gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - IS_PRIVATE - ) - ); + ok(gSSService.isSecureURI(uri, IS_PRIVATE)); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1", secInfo, @@ -411,13 +314,7 @@ function test_private_browsing1() { Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST ); do_timeout(1250, function() { - ok( - !gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - IS_PRIVATE - ) - ); + ok(!gSSService.isSecureURI(uri, IS_PRIVATE)); // Simulate leaving private browsing mode Services.obs.notifyObservers(null, "last-pb-context-exited"); }); @@ -427,7 +324,6 @@ function test_private_browsing2() { // if this test gets this far, it means there's a private browsing service ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains.preloaded.test"), 0 ) @@ -435,7 +331,6 @@ function test_private_browsing2() { // the includesubdomains.preloaded.test entry has includeSubdomains set ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://subdomain.includesubdomains.preloaded.test"), 0 ) @@ -445,7 +340,6 @@ function test_private_browsing2() { // we've "forgotten" that we "forgot" this site's sts status. ok( gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, Services.io.newURI("https://includesubdomains2.preloaded.test"), 0 ) diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js index 897fcbd3bec3f..4850c9d4309f3 100644 --- a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js +++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js @@ -7,16 +7,16 @@ function run_test() { let uri = Services.io.newURI("https://includesubdomains.preloaded.test"); // check that a host on the preload list is identified as an sts host - ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(SSService.isSecureURI(uri, 0)); // now simulate that it's 19 weeks later than it actually is let offsetSeconds = 19 * 7 * 24 * 60 * 60; Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds); // check that the preloaded host is no longer considered sts - ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(!SSService.isSecureURI(uri, 0)); // just make sure we can get everything back to normal Services.prefs.clearUserPref("test.currentTimeOffsetSeconds"); - ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + ok(SSService.isSecureURI(uri, 0)); } diff --git a/taskcluster/docker/periodic-updates/scripts/getHSTSPreloadList.js b/taskcluster/docker/periodic-updates/scripts/getHSTSPreloadList.js index 98bac55f4aa27..dd9bde9e060ca 100644 --- a/taskcluster/docker/periodic-updates/scripts/getHSTSPreloadList.js +++ b/taskcluster/docker/periodic-updates/scripts/getHSTSPreloadList.js @@ -120,7 +120,6 @@ function processStsHeader(host, header, status, securityInfo) { let uri = Services.io.newURI("https://" + host.name); let secInfo = securityInfo.QueryInterface(Ci.nsITransportSecurityInfo); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, header, secInfo, diff --git a/testing/specialpowers/content/SpecialPowersParent.jsm b/testing/specialpowers/content/SpecialPowersParent.jsm index 2e30f8246fee2..70c938640953a 100644 --- a/testing/specialpowers/content/SpecialPowersParent.jsm +++ b/testing/specialpowers/content/SpecialPowersParent.jsm @@ -1039,7 +1039,7 @@ class SpecialPowersParent extends JSWindowActorParent { let sss = Cc["@mozilla.org/ssservice;1"].getService( Ci.nsISiteSecurityService ); - sss.resetState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, flags); + sss.resetState(uri, flags); return undefined; } diff --git a/toolkit/components/antitracking/test/browser/browser_staticPartition_HSTS.js b/toolkit/components/antitracking/test/browser/browser_staticPartition_HSTS.js index 8f376be7f1b14..b090befd31850 100644 --- a/toolkit/components/antitracking/test/browser/browser_staticPartition_HSTS.js +++ b/toolkit/components/antitracking/test/browser/browser_staticPartition_HSTS.js @@ -42,12 +42,7 @@ function cleanupHSTS(aPartitionEnabled, aUseSite) { } } - sss.resetState( - Ci.nsISiteSecurityService.HEADER_HSTS, - NetUtil.newURI("http://example.com/"), - 0, - originAttributes - ); + sss.resetState(NetUtil.newURI("http://example.com/"), 0, originAttributes); } } diff --git a/toolkit/components/cleardata/ClearDataService.jsm b/toolkit/components/cleardata/ClearDataService.jsm index 97c7d975f2134..3fc02fa87da05 100644 --- a/toolkit/components/cleardata/ClearDataService.jsm +++ b/toolkit/components/cleardata/ClearDataService.jsm @@ -1055,17 +1055,12 @@ const SecuritySettingsCleaner = { ); // Also remove HSTS information for subdomains by enumerating // the information in the site security service. - for (let entry of sss.enumerate(Ci.nsISiteSecurityService.HEADER_HSTS)) { + for (let entry of sss.enumerate()) { let hostname = entry.hostname; if (Services.eTLD.hasRootDomain(hostname, aHost)) { // This uri is used as a key to reset the state. let uri = Services.io.newURI("https://" + hostname); - sss.resetState( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - entry.originAttributes - ); + sss.resetState(uri, 0, entry.originAttributes); } } let cars = Cc[ @@ -1086,19 +1081,14 @@ const SecuritySettingsCleaner = { // Remove HSTS information by enumerating entries of the site security // service. - Array.from(sss.enumerate(Ci.nsISiteSecurityService.HEADER_HSTS)) + Array.from(sss.enumerate()) .filter(({ hostname, originAttributes }) => hasBaseDomain({ host: hostname, originAttributes }, aDomain) ) .forEach(({ hostname, originAttributes }) => { // This uri is used as a key to reset the state. let uri = Services.io.newURI("https://" + hostname); - sss.resetState( - Ci.nsISiteSecurityService.HEADER_HSTS, - uri, - 0, - originAttributes - ); + sss.resetState(uri, 0, originAttributes); }); let cars = Cc[ diff --git a/toolkit/components/cleardata/tests/unit/test_security_settings.js b/toolkit/components/cleardata/tests/unit/test_security_settings.js index 78a36cf8efb97..e1e57efad027c 100644 --- a/toolkit/components/cleardata/tests/unit/test_security_settings.js +++ b/toolkit/components/cleardata/tests/unit/test_security_settings.js @@ -19,7 +19,6 @@ function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) { ].createInstance(Ci.nsITransportSecurityInfo); gSSService.processHeader( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, "max-age=1000;", secInfo, @@ -63,7 +62,6 @@ function testSecurityInfo({ }) { let uri = Services.io.newURI(`https://${host}`); let isSecure = gSSService.isSecureURI( - Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0, getOAWithPartitionKey(topLevelBaseDomain, originAttributes) diff --git a/toolkit/components/extensions/webrequest/SecurityInfo.jsm b/toolkit/components/extensions/webrequest/SecurityInfo.jsm index 4652aa28daca9..cc643f1af6b99 100644 --- a/toolkit/components/extensions/webrequest/SecurityInfo.jsm +++ b/toolkit/components/extensions/webrequest/SecurityInfo.jsm @@ -23,6 +23,12 @@ XPCOMUtils.defineLazyServiceGetter( "@mozilla.org/ssservice;1", "nsISiteSecurityService" ); +XPCOMUtils.defineLazyServiceGetter( + this, + "pkps", + "@mozilla.org/security/publickeypinningservice;1", + "nsIPublicKeyPinningService" +); // NOTE: SecurityInfo is largely reworked from the devtools NetworkHelper with changes // to better support the WebRequest api. The objects returned are formatted specifically @@ -193,8 +199,8 @@ const SecurityInfo = { flags = Ci.nsISocketProvider.NO_PERMANENT_STORAGE; } - info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags); - info.hpkp = sss.isSecureURI(sss.STATIC_PINNING, uri, flags); + info.hsts = sss.isSecureURI(uri, flags); + info.hpkp = pkps.hostHasPins(uri); } else { info.hsts = false; info.hpkp = false;