mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:30:27 +00:00
roytam1
b564bd67d3
- Use CompositorWidgetProxy for dispatching vsync to the compositor. (bug 1269037 part 1, r=mchang) (c8b7a4240c) - Remove unused null widget checks. (bug 1269037 part 2, r=mchang) (4f4cc9952b) - Bug 1269422: Wrap Gonk widget in |CompositorWidgetProxyWrapper|. r=dvander (4513035cbf) - Remove nsBaseWidget::NewCompositorBridgeParent. (bug 1272472 part 1, r=kats) (ca813c1f2b) - Use IPDL to schedule composites on GTK. (bug 1272472 part 2, r=nical) (7402cf834e) - Use IPC to schedule composites on Windows. (bug 1272472 part 3, r=jimm) (e5d7281dd7) - Don't use nsIWidget to check APZ in LayerManagerComposite. (bug 1269653 part 1, r=kats) (79a1644111) - Restrict SetDispAcquireFence's nsIWidget access to Gonk. (bug 1269653 part 2, r=kats) (72110b7bc7) - Bug 1264764 - Move PTexture under PCompositorBridge r=nical,dvander (17e6ec7fc1) - Move CompositorThreadHolder into its own file. (bug 1273017 part 1, r=mattwoodrow) (464ede8be1) - Move CompositorBridgeParent::CompositorLoop to CompositorThreadHolder. (bug 1273017 part 2, r=mattwoodrow) (85708f3cde) - Bug 1268313: Part 1 - Be explicit about which NewRunnableMethod callers want to be able to cancel. r=froydnj (faa07aa139) - Bug 1268313: Part 2 - Replace some NewRunnableMethods with NS_NewNonOwningRunnableMethod. r=froydnj (010c43d000) - Bug 1268313: Part 3 - Replace some NewCancelableRunnableMethod with NS_NewNonOwningCancelableRunnableMethod. r=froydnj (55018ef234) - Bug 1268313: Part 4 - Replace NewCancelableRunnableMethod with NS_NewCancelableRunnableMethod. r=froydnj (c22711b35d) - Bug 1268313: Part 5 - Make NS_NewRunnableMethod able to call const functions. r=froydnj (b0f60963a3) - Bug 1268313: Part 6 - Replace NewRunnableMethod with NS_NewRunnableMethod. r=froydnj (18d40def2c) - Bug 1260950 - Set mInitialSizeFound to true when the initial size id found. r=jesup, r=pehrsons a=kwierso (5d6abe57e0) - Bug 1237176 - Notify synth start if we get a finished event without a blocking-changed event. r=roc (c1aebe903a) - Bug 911546, use a runnable so that popups don't rollup during a grab, r=karlt (a06bd44e6c) - Bug 1237617 - Call nsWindow::ForcePresent during going active r=bas.schouten (066cad8f89) - Bug 1268313: Part 7 - Move NS_NewRunnableMethod and friends to mozilla::NewRunnableMethod. r=froydnj (8b4bf34961) - Bug 1266595: Followup to fix IPDL tests. r=billm (216f2dcff5) - Bug 1268313: Fix up IPDL tests. r=billm (228348d642) - Add WinCompositorWidgetProxy. (bug 1265975 part 1, r=jimm) (bfafe7a8e2) - Implement WinCompositorWidgetProxy::GetClientSize. (bug 1265975 part 2, r=jimm) (a8710a3259) - Move the WM_SETTEXT present lock to CompositorWidgetProxy. (bug 1265975 part 3, r=jimm) (297ce28c8a) - Move transparency handling to WinCompositorWigetProxy. (bug 1265975 part 4, r=jimm) (46ba0c6d01) - Remove Windows-specific compositor calls to nsIWidget. (bug 1265975 part 5, r=jimm) (3ef157c160) - Remove plugin-related CompositorBridgeParent use of nsIWidget. (bug 1265975 part 6, r=jimm) (6d80cdd6fd) - Hide top-level CompositorBridgeParents behind a new API. (bug 1272472 part 4, r=mattwoodrow,kats,gwagner) (228c0efdb7) - Bug 1253424 - part 1 - add a already_AddRefed nsTransactionStack::Push overload; r=erahm (7059e20914) - Bug 1253424 - part 2 - add nsTransactionStack::IsEmpty; r=erahm (7e9764a146) - Bug 1254618 - modify nsTransactionStack to use nsDeque rather than std::deque; r=ehsan (5e47ea431e) - Bug 1136857 - Make DOMStorageCache::mLoaded flag atomic to prevent potential races, r=nfroyd (39aaea1de3) - Bug 1265408 - Add webidl for IIRFilterNode; r=smaug (040ce9aa43) - Bug 1265408 - Implement IIRFilterNode; r=padenot (6bf569a412) - Bug 1265408 - Import IIRFilter from blink; r=padenot (71b28c0ad2) - Bug 1265408 - Use IIRFilter from blink; r=padenot (5d058d8568) - Bug 1265408 - Add buffersAreZero to IIRFilter; r=karlt (45edba3e13) - Bug 1265408 - Avoid subnormals in IIRFilter; r=karlt (0e1ae93f0b) - Bug 1265408 - Add LogToDeveloperConsole to WebAudioUtils; r=padenot (88d5f0222a) - Bug 1268984 - Store GMPStorage on GMPServiceParent so that it persists inside the same PB session. r=gerald (17d4d0abaf) - Bug 1267905 - Replace uses of ScopedCERTCertList with UniqueCERTCertList. r=keeler (783bf11b2a) - Bug 1270005 - Replace uses of ScopedPK11SlotInfo with UniquePK11SlotInfo in PSM. r=keeler (ea9a4011aa) - Bug 1271501 - Remove unnecessary uses of reinterpret_cast in PSM. r=keeler (6be40f0a85) - Bug 1271501 - Downgrade unnecessarily strong reinterpret_casts in PSM. r=keeler (95245f00ce) - Bug 1082346 - 01. Convert PKCS12 password endian using copyAndSwapToBigEndian. r=keeler (9cc58fc550) - Bug 1082346 - 02. Test case. r=keeler r=Cykesiopka (7fb0e8abc4) - Bug 160122 - Stop using PR_smprintf in PSM. r=keeler (1e5b68819c) - Bug 1271501 - Use mozilla::BitwiseCast instead of reinterpret_cast in PSM. r=keeler (894966a2ef) - Bug 1273855: TraceLogger - Include PID in the log names in order to support browser with e10s, r=bbouvier (8cf2233db3) - Bug 1274189. Part 1 - rename some functions to be consistent with other MediaDataDecoder sub-classes. r=jya. (4511b3d3f7) - Bug 1274189. Part 2 - remove use of FlushableTaskQueue::Flush(). r=jya. (77e745fdd1) - Bug 1274189. Part 3 - remove use of FlushableTaskQueue. r=jya (aac61dcd02) - Bug 1269963. Part 1 - Add a SyncRunnable::DispatchToThread() overload for AbstractThread. r=bobbyholley. (839752aff4) - Bug 1269672 - part1 : revert sampling rate changing of the bug1235612. (9015782e13) - Bug 1270698 - check if we need to enter buffering periodically to ensure we start buffering when running out of decoded audio/video data. r=cpearce. (16734549b7) - Bug 1271581 - use newCurrentTime, instead of GetMediaTime() to decide the nextState; r=jwwang (9c5075eada) - Bug 1224973 - Part 1: Remove MediaDecoderOwner->IsHidden(). r=cpearce,jwwang (4fde3ede5a) - Bug 1224973 - Part 2: Set MediaDecoder visibility via NotifyOwnerActivityChanged. r=cpearce,jwwang (be917202eb) - Bug 1224973 - Part 3: Plumb element visibility into MDSM. r=jya,jwwang (9ec83fa243) - Bug 1224973 - Part 4: Pref media.suspend-bkgnd-video.enabled. r=cpearce,jwwang (43413a025f) - Bug 1269408: P1. Retry InternalSeek if previous attempt failed once more data is available. r=gerald (05db58dc7c) - crude fix (0097068989) - Bug 1269408: P2. Update mochitest. r=gerald (464b4c0724) - Bug 1269408: P3. Ensure a new seek request will cancel the previous internal seek. r=gerald (6ed4b8dc95) - Bug 1269408: P4. Ensure the decoders are flushed prior performing an internal seek. r=gerald (074234067b) - Bug 1269408: P5. Only drop the seek target if it's exactly the seek target. r=gerald (88701eb05a) - Bug 1269408: P6. Add debugging information, useful when a mochitest timeout. r=gerald (ef0270ab0d) - Bug 1269408: P7. Start skip to next keyframe logic when resume point is behind current time. r=gerald (bd40ebf3bc) - Bug 1269408: P8. Add debugging log. r=gerald (e6dbd1f0a6) - Bug 1269408: P9. Move handling logic of skip to next keyframe to its own function. r=gerald (3c8039e417) - Bug 1269408: P10. Reject promise early if in error state. r=me (8af54c574e) - Bug 1224973 - Part 5: Implement suspend decoding for background video. r=cpearce,jwwang,jya (22081521e3) - Bug 1242874 - part1 : create suspened types. r=baku (d3ac9548e5) - Bug 1242874 - part2 : window's suspend attribute. r=baku, r=ehsan (1fd9dc2647) - remove allowscirpted (39ab523036) - Bug 1242874 - part3 : implement different suspended methods. r=baku, r=jwwang (25d1f27a03) - Bug 1242874 - part4 : wrap the volume/mute/suspend for notifyStartedPlaying. r=baku (b8ba3238c2) - bug 1242874 - part5 : add test. r=baku, r=ehsan (f840139b5a) - Bug 1235612 - Part 1: Implement notify media-playback. r=baku (b5ec29da20) - Bug 1235612 - Part 2: Notify audible state in NotifyStartedPlaying. r=baku (dc38583a62) - Bug 1235612 - Part 3: Implement the logic of audible state notification for agent owners. r=baku (f65b3952fa) - Bug 1235612 - Part 4: Modify check audible method. r=jwwang (73457e39eb) - Bug 1269672 - part2 : move audible data checking from MDSM to DecodedAudioDataSink. (d2c3b6874c) - Bug 1269936 - Introduce and call a runtime-wide servo initialization hook. r=heycam (d4d505d4c2) - Bug 1263778 - Rename a bunch of low-level [[Prototype]] access methods to make their interactions with statically-known and dynamically-computed [[Prototype]]s clearer. r=efaust (66bbe8e7db) - Bug 888969 - Permit a cyclic [[Prototype]] chain to be created through a Location object. r=bz, r=efaust (3e3b9cbb16) - re-apply Bug 1054906 - Implement ES6 Symbol.hasInstance 2/2; r=jandem (8d5c7573ff) - Bug 1054906 - Implement ES6 Symbol.hasInstance 1/2; r=evilpie,bz (a836904e5d) - fix misspatch (54a5f2d708) - Bug 1270349 part 1. Add IDL parser support for [LegacyUnenumerableNamedProperties]. r=peterv (8c836bc74a) - Bug 1270349 part 2. Add [LegacyUnenumerableNamedProperties] to the interfaces that specify it in DOM and HTML. r=peterv (25d3cc1377) - Bug 1270349 part 3. Add a way to ask an interface descriptor for a proxy whether its named props should be enumerable. r=peterv (0a9f804867) - Bug 1270349 part 4. Use LegacyUnenumerableNamedProperties instead of NameIsEnumerable() calls to determine whether named props on DOM proxies should be enumerable. r=peterv (82f5158963) - Bug 1270349 part 5. Use LegacyUnenumerableNamedProperties instead of passing flags to GetSupportedNames to determine whether named props on DOM proxies should be reflected in ownPropertyKeys. r=peterv (3984176834) - Bug 1270349 followup to address a review comment. r=peterv (b49f4c5335)
375 lines
13 KiB
C++
375 lines
13 KiB
C++
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "PublicKeyPinningService.h"
|
|
|
|
#include "RootCertificateTelemetryUtils.h"
|
|
#include "mozilla/Base64.h"
|
|
#include "mozilla/Casting.h"
|
|
#include "mozilla/Logging.h"
|
|
#include "mozilla/Telemetry.h"
|
|
#include "nsISiteSecurityService.h"
|
|
#include "nsServiceManagerUtils.h"
|
|
#include "nsSiteSecurityService.h"
|
|
#include "nssb64.h"
|
|
#include "pkix/pkixtypes.h"
|
|
#include "seccomon.h"
|
|
#include "sechash.h"
|
|
|
|
#include "StaticHPKPins.h" // autogenerated by genHPKPStaticpins.js
|
|
|
|
using namespace mozilla;
|
|
using namespace mozilla::pkix;
|
|
using namespace mozilla::psm;
|
|
|
|
LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService");
|
|
|
|
/**
|
|
Computes in the location specified by base64Out the SHA256 digest
|
|
of the DER Encoded subject Public Key Info for the given cert
|
|
*/
|
|
static nsresult
|
|
GetBase64HashSPKI(const CERTCertificate* cert, nsACString& hashSPKIDigest)
|
|
{
|
|
hashSPKIDigest.Truncate();
|
|
Digest digest;
|
|
nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->derPublicKey.data,
|
|
cert->derPublicKey.len);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
return Base64Encode(nsDependentCSubstring(
|
|
BitwiseCast<char*, unsigned char*>(digest.get().data),
|
|
digest.get().len),
|
|
hashSPKIDigest);
|
|
}
|
|
|
|
/*
|
|
* Sets certMatchesPinset to true if a given cert matches any fingerprints from
|
|
* the given pinset or the dynamicFingerprints array, or to false otherwise.
|
|
*/
|
|
static nsresult
|
|
EvalCert(const CERTCertificate* cert, const StaticFingerprints* fingerprints,
|
|
const nsTArray<nsCString>* dynamicFingerprints,
|
|
/*out*/ bool& certMatchesPinset)
|
|
{
|
|
certMatchesPinset = false;
|
|
if (!fingerprints && !dynamicFingerprints) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: No hashes found\n"));
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
|
|
nsAutoCString base64Out;
|
|
nsresult rv = GetBase64HashSPKI(cert, base64Out);
|
|
if (NS_FAILED(rv)) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: GetBase64HashSPKI failed!\n"));
|
|
return rv;
|
|
}
|
|
|
|
if (fingerprints) {
|
|
for (size_t i = 0; i < fingerprints->size; i++) {
|
|
if (base64Out.Equals(fingerprints->data[i])) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
|
|
certMatchesPinset = true;
|
|
return NS_OK;
|
|
}
|
|
}
|
|
}
|
|
if (dynamicFingerprints) {
|
|
for (size_t i = 0; i < dynamicFingerprints->Length(); i++) {
|
|
if (base64Out.Equals((*dynamicFingerprints)[i])) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
|
|
certMatchesPinset = true;
|
|
return NS_OK;
|
|
}
|
|
}
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
/*
|
|
* Sets certListIntersectsPinset to true if a given chain matches any
|
|
* fingerprints from the given static fingerprints or the
|
|
* dynamicFingerprints array, or to false otherwise.
|
|
*/
|
|
static nsresult
|
|
EvalChain(const UniqueCERTCertList& certList,
|
|
const StaticFingerprints* fingerprints,
|
|
const nsTArray<nsCString>* dynamicFingerprints,
|
|
/*out*/ bool& certListIntersectsPinset)
|
|
{
|
|
certListIntersectsPinset = false;
|
|
CERTCertificate* currentCert;
|
|
|
|
if (!fingerprints && !dynamicFingerprints) {
|
|
MOZ_ASSERT(false, "Must pass in at least one type of pinset");
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
CERTCertListNode* node;
|
|
for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
|
|
node = CERT_LIST_NEXT(node)) {
|
|
currentCert = node->cert;
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: certArray subject: '%s'\n", currentCert->subjectName));
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: certArray issuer: '%s'\n", currentCert->issuerName));
|
|
nsresult rv = EvalCert(currentCert, fingerprints, dynamicFingerprints,
|
|
certListIntersectsPinset);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
if (certListIntersectsPinset) {
|
|
return NS_OK;
|
|
}
|
|
}
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, ("pkpin: no matches found\n"));
|
|
return NS_OK;
|
|
}
|
|
|
|
/**
|
|
Comparator for the is public key pinned host.
|
|
*/
|
|
static int
|
|
TransportSecurityPreloadCompare(const void* key, const void* entry) {
|
|
auto keyStr = static_cast<const char*>(key);
|
|
auto preloadEntry = static_cast<const TransportSecurityPreload*>(entry);
|
|
|
|
return strcmp(keyStr, preloadEntry->mHost);
|
|
}
|
|
|
|
nsresult
|
|
PublicKeyPinningService::ChainMatchesPinset(const UniqueCERTCertList& certList,
|
|
const nsTArray<nsCString>& aSHA256keys,
|
|
/*out*/ bool& chainMatchesPinset)
|
|
{
|
|
return EvalChain(certList, nullptr, &aSHA256keys, chainMatchesPinset);
|
|
}
|
|
|
|
// Returns via one of the output parameters the most relevant pinning
|
|
// information that is valid for the given host at the given time.
|
|
// Dynamic pins are prioritized over static pins.
|
|
static nsresult
|
|
FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
|
|
/*out*/ nsTArray<nsCString>& dynamicFingerprints,
|
|
/*out*/ TransportSecurityPreload*& staticFingerprints)
|
|
{
|
|
if (!hostname || hostname[0] == 0) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
staticFingerprints = nullptr;
|
|
dynamicFingerprints.Clear();
|
|
nsCOMPtr<nsISiteSecurityService> sssService =
|
|
do_GetService(NS_SSSERVICE_CONTRACTID);
|
|
if (!sssService) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
TransportSecurityPreload* foundEntry = nullptr;
|
|
char* evalHost = const_cast<char*>(hostname);
|
|
char* evalPart;
|
|
// Notice how the (xx = strchr) prevents pins for unqualified domain names.
|
|
while (!foundEntry && (evalPart = strchr(evalHost, '.'))) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Querying pinsets for host: '%s'\n", evalHost));
|
|
// Attempt dynamic pins first
|
|
nsresult rv;
|
|
bool found;
|
|
bool includeSubdomains;
|
|
nsTArray<nsCString> pinArray;
|
|
rv = sssService->GetKeyPinsForHostname(evalHost, time, pinArray,
|
|
&includeSubdomains, &found);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
if (found && (evalHost == hostname || includeSubdomains)) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Found dyn match for host: '%s'\n", evalHost));
|
|
dynamicFingerprints = pinArray;
|
|
return NS_OK;
|
|
}
|
|
|
|
foundEntry = (TransportSecurityPreload *)bsearch(evalHost,
|
|
kPublicKeyPinningPreloadList,
|
|
sizeof(kPublicKeyPinningPreloadList) / sizeof(TransportSecurityPreload),
|
|
sizeof(TransportSecurityPreload),
|
|
TransportSecurityPreloadCompare);
|
|
if (foundEntry) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Found pinset for host: '%s'\n", evalHost));
|
|
if (evalHost != hostname) {
|
|
if (!foundEntry->mIncludeSubdomains) {
|
|
// Does not apply to this host, continue iterating
|
|
foundEntry = nullptr;
|
|
}
|
|
}
|
|
} else {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Didn't find pinset for host: '%s'\n", evalHost));
|
|
}
|
|
// Add one for '.'
|
|
evalHost = evalPart + 1;
|
|
}
|
|
|
|
if (foundEntry && foundEntry->pinset) {
|
|
if (time > TimeFromEpochInSeconds(kPreloadPKPinsExpirationTime /
|
|
PR_USEC_PER_SEC)) {
|
|
return NS_OK;
|
|
}
|
|
staticFingerprints = foundEntry;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
// Returns true via the output parameter if the given certificate list meets
|
|
// pinning requirements for the given host at the given time. It must be the
|
|
// case that either there is an intersection between the set of hashes of
|
|
// subject public key info data in the list and the most relevant non-expired
|
|
// pinset for the host or there is no pinning information for the host.
|
|
static nsresult
|
|
CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
|
|
bool enforceTestMode, mozilla::pkix::Time time,
|
|
/*out*/ bool& chainHasValidPins,
|
|
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
|
|
{
|
|
chainHasValidPins = false;
|
|
if (!certList) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
if (!hostname || hostname[0] == 0) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
|
|
nsTArray<nsCString> dynamicFingerprints;
|
|
TransportSecurityPreload* staticFingerprints = nullptr;
|
|
nsresult rv = FindPinningInformation(hostname, time, dynamicFingerprints,
|
|
staticFingerprints);
|
|
// If we have no pinning information, the certificate chain trivially
|
|
// validates with respect to pinning.
|
|
if (dynamicFingerprints.Length() == 0 && !staticFingerprints) {
|
|
chainHasValidPins = true;
|
|
return NS_OK;
|
|
}
|
|
if (dynamicFingerprints.Length() > 0) {
|
|
return EvalChain(certList, nullptr, &dynamicFingerprints, chainHasValidPins);
|
|
}
|
|
if (staticFingerprints) {
|
|
bool enforceTestModeResult;
|
|
rv = EvalChain(certList, staticFingerprints->pinset, nullptr,
|
|
enforceTestModeResult);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
chainHasValidPins = enforceTestModeResult;
|
|
Telemetry::ID histogram = staticFingerprints->mIsMoz
|
|
? Telemetry::CERT_PINNING_MOZ_RESULTS
|
|
: Telemetry::CERT_PINNING_RESULTS;
|
|
if (staticFingerprints->mTestMode) {
|
|
histogram = staticFingerprints->mIsMoz
|
|
? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS
|
|
: Telemetry::CERT_PINNING_TEST_RESULTS;
|
|
if (!enforceTestMode) {
|
|
chainHasValidPins = true;
|
|
}
|
|
}
|
|
// We can collect per-host pinning violations for this host because it is
|
|
// operationally critical to Firefox.
|
|
if (pinningTelemetryInfo) {
|
|
if (staticFingerprints->mId != kUnknownId) {
|
|
int32_t bucket = staticFingerprints->mId * 2
|
|
+ (enforceTestModeResult ? 1 : 0);
|
|
histogram = staticFingerprints->mTestMode
|
|
? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
|
|
: Telemetry::CERT_PINNING_MOZ_RESULTS_BY_HOST;
|
|
pinningTelemetryInfo->certPinningResultBucket = bucket;
|
|
} else {
|
|
pinningTelemetryInfo->certPinningResultBucket =
|
|
enforceTestModeResult ? 1 : 0;
|
|
}
|
|
pinningTelemetryInfo->accumulateResult = true;
|
|
pinningTelemetryInfo->certPinningResultHistogram = histogram;
|
|
}
|
|
|
|
// We only collect per-CA pinning statistics upon failures.
|
|
CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
|
|
// Only log telemetry if the certificate list is non-empty.
|
|
if (!CERT_LIST_END(rootNode, certList)) {
|
|
if (!enforceTestModeResult && pinningTelemetryInfo) {
|
|
int32_t binNumber = RootCABinNumber(&rootNode->cert->derCert);
|
|
if (binNumber != ROOT_CERTIFICATE_UNKNOWN ) {
|
|
pinningTelemetryInfo->accumulateForRoot = true;
|
|
pinningTelemetryInfo->rootBucket = binNumber;
|
|
}
|
|
}
|
|
}
|
|
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Pin check %s for %s host '%s' (mode=%s)\n",
|
|
enforceTestModeResult ? "passed" : "failed",
|
|
staticFingerprints->mIsMoz ? "mozilla" : "non-mozilla",
|
|
hostname, staticFingerprints->mTestMode ? "test" : "production"));
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult
|
|
PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList,
|
|
const char* hostname,
|
|
mozilla::pkix::Time time,
|
|
bool enforceTestMode,
|
|
/*out*/ bool& chainHasValidPins,
|
|
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
|
|
{
|
|
chainHasValidPins = false;
|
|
if (!certList) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
if (!hostname || hostname[0] == 0) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
|
|
return CheckPinsForHostname(certList, canonicalizedHostname.get(),
|
|
enforceTestMode, time, chainHasValidPins,
|
|
pinningTelemetryInfo);
|
|
}
|
|
|
|
nsresult
|
|
PublicKeyPinningService::HostHasPins(const char* hostname,
|
|
mozilla::pkix::Time time,
|
|
bool enforceTestMode,
|
|
/*out*/ bool& hostHasPins)
|
|
{
|
|
hostHasPins = false;
|
|
nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
|
|
nsTArray<nsCString> dynamicFingerprints;
|
|
TransportSecurityPreload* staticFingerprints = nullptr;
|
|
nsresult rv = FindPinningInformation(canonicalizedHostname.get(), time,
|
|
dynamicFingerprints, staticFingerprints);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
if (dynamicFingerprints.Length() > 0) {
|
|
hostHasPins = true;
|
|
} else if (staticFingerprints) {
|
|
hostHasPins = !staticFingerprints->mTestMode || enforceTestMode;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
nsAutoCString
|
|
PublicKeyPinningService::CanonicalizeHostname(const char* hostname)
|
|
{
|
|
nsAutoCString canonicalizedHostname(hostname);
|
|
ToLowerCase(canonicalizedHostname);
|
|
while (canonicalizedHostname.Length() > 0 &&
|
|
canonicalizedHostname.Last() == '.') {
|
|
canonicalizedHostname.Truncate(canonicalizedHostname.Length() - 1);
|
|
}
|
|
return canonicalizedHostname;
|
|
}
|