mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-26 14:18:48 +00:00
roytam1
c8732098b3
- Bug 1246851 (Part 1) - Add a new SurfacePipe API for writing to image surfaces in a safe and composable manner. r=njn (2e3353a6a7) - Bug 1246851 (Part 2) - Add SurfaceFilter implementations for basic surface output operations. r=njn (fa30948a3f) - Bug 1246851 (Part 3) - Add a factory for constructing SurfacePipes. r=njn (7a746d3ec8) - Bug 1191347 - Explicitly release surfaces on the main thread in TestDecodeToSurface. r=me (fa1a68dc9a) - Bug 1246851 (Part 4) - Add a test suite for SurfacePipes and SurfaceFilters. r=njn (380dc94c08) - Bug 1247152 (Part 1) - Use SurfacePipe in the GIF decoder. r=njn (8b3d76f017) - Bug 1247152 (Part 2) - Remove even more code from the GIF decoder. r=edwin (80c8cc5e1c) - side effects Bug 1247152 (Part 1) (5b6cbf0ad5) - Bug 1237232 - Properly check the result of Vector append() calls in security/. r=keeler (b06dce061f) - Bug 1235308 - Fix -Wimplicit-fallthrough warnings in security/. r=keeler (ac5c3bf540) - Bug 1235188 - Fix -Wformat warnings in security/certverifier/. r=keeler (25ee7ee77c) - Bug 1004149 - Remove some dead code. r=keeler (59fedcb6a6) - Bug 1004149 - Return mozilla::pkix::Result values in nsNSSHttpInterface functions. r=keeler (76933c7d94) - Bug 1187173 - Disable warning C4623 on security/certverifier. r=briansmith (c1353b0577) - Bug 1256484 - Disable C4456 and C4458 to unblock compilation on VS2015; r=keeler (b51ac368ba) - Bug 1251009 - Remove unused nsICertificateDialogs.notifyCACertExists() method. r=keeler, r=mfinkle (9ca9aee3d0) - Bug 1249224 - window.open() should open a new window in the same container, r=bz (c57c76ec2f) - Bug 1245451 - add default nullptr value to mChrome. r=bsmedberg (3236ea34df) - Bug 1255849. Add some documentation for AutoJSAPI instances that seem to be used just for cxpushing. r=bholley (60a81652de) - Bug 1189554 - Make Saved Passwords dialog resizable on Windows again. r=smaug (a367796251) - Bug 1252974 - Convert screen's available dimensions to CSS-pixel units in nsWindowWatcher. r=emk (5524055ab0) - Bug 1233328 - Part 1: Ignore SHA-1 pins in PublicKeyPinningService.cpp. r=keeler (e5fe732a4b) - Bug 1233328 - Part 2: Use SHA-256 StaticFingerprints directly instead창 of StaticPinset since the SHA-1 StaticFingerprints entry will always be null. r=keeler (50f88c76da) - Bug 1256089 - Fix Mutex support for tier-3 platforms; r=froydnj (76ab483843) - Bug 1257019 - Add move construction to js::Mutex<T>. r=terrence (383ad474ba) - No bug, Automated HPKP preload list update from host bld-linux64-spot-309 - a=hpkp-update (0a6d3b9c40) - No bug, Automated HPKP preload list update from host bld-linux64-spot-223 - a=hpkp-update (7b3dbac6f8) - Bug 1255655 - Const-ify kPinset_* arrays. r=cykesiopka. (ddbaad40a0) - No bug, Automated HPKP preload list update from host bld-linux64-spot-543 - a=hpkp-update (f5c37e366a) - bug 1233853 - make nsSyncJPAKE aware of NSS shutdown r=jcj (9f74b5a46f) - Bug 1215734 - Expand GeckoMediaPlugin sandbox policy for Clang 3.7 ASan. r=kang (a96e0429e5) - part Bug 1154738 - Fixed WMFUtils.cpp compilation on mingw (9ba8bd1481) - Bug 1256498. Explicitly convert to float. r=bas (ce97ef100e) - Bug 1223736 - Part 1: Set correct effective transform on mask layers. r=thinker (a87514ac4f) - Bug 1249813 - part 1 - revise nsShmImage to allow draw targets anywhere inside its bounds. r=jrmuizel (cba4cdf8c9) - Bug 1249813 - part 2 - make Cairo mark a surface as clear if clip covers entire surface. r=jrmuizel (45ccfcfc15) - Bug 1249813 - part 3 - tell the compositor if the root layer has opaque content so it can skip clears. r=mattwoodrow (2abaa0cf8b) - Bug 1255303 - Use SurfaceFormat::B8G8R8X8 as back buffer if possible r=jrmuizel (5f81a83123) - Bug 1253860 - Don't update the scrollbar unless we're actually painting. r=mstange (d3a2482408) - Bug 1253860 - Add a flag on scroll frames indicating if they have an APZ counterpart. r=mstange (2aef746ee1) - Bug 1253860 - Skip paints for main thread scrolls if we can ask APZ to handle the scrolling for us. r=mstange (4483da1f16) - Bug 1244116 - Telemetry for mixed content requests by plugins. r=smaug, p=ally (fd5f87f666) - Bug 1252829 - CSP Telemetry. r=ckerschb, p=bsmedberg (8d340fa824) - Bug 1246464: Add 'const' to some stylesheet args in nsDocument methods. r=heycam (4e744d81d2) - Bug 1255705 - Add some useful logging that can be enabled at compile time. r=botond (80f0202160) - Bug 1255856 - Don't allow paint-skipping if there are windowed plugins on the page. r=mstange,jimm (25e6d8ed22) - Bug 1256727 - Don't allow paint-skipping on pages with scroll-linked effects. r=mstange (a8bace52ff) - Bug 1247098 - Take document resolution into account when computing root composition bounds for displayport base. r=tnikkel (1b7b61c82e) - Bug 1250550 - Ensure a scroll event posted during a refresh driver tick fires during that same tick. r=mats (d5bfc24524) - Bug 1253739 - Fix incorrect namespace on forward declaration. r=botond (dfc7aac51e) - Bug 1253489 - Update SendFenceHandleIfPresent() r=nical (798c209dff) - Bug 1253860 - Stop APZC from reprocessing stale metrics on unrelated layer tree updates. r=botond (1013df0068) - Bug 1253860 - Add machinery to update APZ's scroll offset without a main-thread paint. r=botond (cb95baf9c6) - Bug 1239564 - Post translate maskSurface to renderTarget. r=roc (66c56d227d) - Bug 1223736 - Part 2: Draw masks in the correct coordinate space when doing 3d transforms in BasicCompositor. r=lsalzman (2d62616534) - Bug 1223736 - Part 3: Remove the distinction between 2d and 3d masks since it only adds complexity. r=Bas (61c2306875) - Bug 1137561 - Follow up VS2015 build error. r=masayuki (f12716a1ab) - Bug 1217275 Fix missing \n in IMMHandler::HandleDocumentFeed(), it was replaced to empty string accidentally r=m_kato (3315b1c270) - Bug 1243268 - Adjust ATOK workaround. r=masayuki (13af7184d1) - Bug 1242690 - If a drag block is interrupted by something else, have it create a new drag block when it resumes. r=rbarker (fe3dc8deac) - Bug 1242690 - Add untransforming of mouse events not in a drag block. r=rbarker (a39e715efe) - Bug 1241991 - Switch mTreeLock from a Monitor to a Mutex. r=kats (0eca284591) - Bug 1242690 - Further refine the mouse event untransformation code to only apply to events directed at a scrollbar. r=rbarker (5c92ca2807) - Bug 1251608 - Add a root-content annotation to the APZ test data structure. r=botond (a1ee8e496a) - Bug 1249748 - Ensure the mHandledByAPZ flag is set on WidgetTouchEvents that are handled by APZ. r=botond (11bdfae896) - Bug 1242690 - Don't apply the main-thread callback transform for events in a drag block. r=rbarker (3db1405b68) - Bug 1243589 - Use SingleTiledContentClient even for scrollable layers if the layer is smaller than a single tile. r=mattwoodrow (56bb664de1) - Bug 1250517 - Differentiate between no critical display port and empty critical display port in ClientTiledPaintedLayer; r=kats (1b809fac8e) - Bug 1255448 - Call ClientMultiTiledLayerBuffer::PaintThebes even when region to paint is empty. r=mattwoodrow (31ac878dc0) - Bug 1255907 - Fix unification build issues in APZ & Layers. r=kats (9829525402) - Bug 1256344 - If a long-press is interrupted by a non-touch block, don't dispatch the long-press event. r=botond (b3bdd0e58e) - Bug 1256341 - Guard against scenarios where GenerateSingleTap is called without an active touch block. r=botond (d4ec208407) - Bug 1230552 - Minor follow-up to add an assertion. rs=kats (6f9eec7bd4) - Bug 1247964 - Allow InputBlockState::SetScrolledApzc to accept new APZC when it is an ancestor of the current APZC r=kats # Please enter the commit message for your changes. Lines starting (08ce9cfa98) - Bug 1257264 - When apz.allow_immediate_handoff=false, APZ handoff should not occur when panning changes direction r=botond (6ec9ec22e6) - Bug 1250213 - Ensure the scroll offset does not go outside the page bounds when going full screen r=kats (ace8e8a80c) - Bug 1241332 - part 1, Request content repaint at end of APZ animation r=kats (74f7e249f2) - Bug 1255705 - Generalize the NotifyLayersUpdated short-circuit codepath to trigger on empty transactions as well. r=botond (0344d44844) - Bug 1250614 - Repeated zooming in bug on mobile Wikipedia site r=botond (459f02b8d3) - Bug 1251001 - Input fields at the bottom of a page do not pan into view when gaining focus. r=botond (770102bf9f) - Bug 1190093 (Comment Tweak) - Add better comments for nsIDocument::mIsShowing and mVisible. r=me DONTBUILD (e3822ef086) - Bug 1217226: P1. Use VideoInfo display size data rather than attempt to detect value in stream. r=cpearce (a4a7e9b19a) - Bug 1217226: P2. Implement WMFMediaDataDecoder::ConfigurationChanged. r=cpearce (52177525c5) - fix misspatch (61a694fe3d) - Bug 1249706: Added telemetry for the proportion of frames dropped keyed by several details. r=jya (cb459d971c) - Bug 1202296 - Recreate the MFTDecoder when we want to disable DXVA. r=cpearce (d82999e94f) - Bug 1176071 - Handle WMF MFTDecoder returning success but no output, with telemetry. r=mattwoodrow,r=vladan (da8017c92b) - align, cleanup (9a86d51dfd) - no bug - fix case of nsIDocShell.h in WindowsUIUtils.cpp (0ccabaa445) - Bug 1187724 Don't dispatch KeyboardEvents when the target of WM_APPCOMMAND is a windowed plug-in for preventing deadlock r=jimm (7b6d83559c) - Bug 1187178 - Use MOZ_WINSDK_MAXVER instead of #ifndef. r=jimm (06c949ddb9) - bits of Bug 1165515 - Part 13-2: Replace usage of PRLogModuleLevel (7beaa2dcc4) - Bug 1257791: Return correct DPI and printing scale from nsDeviceContextSpecWin when printing to PDF. r=jimm (87360301ea) - Bug 1242295 - Fix compile error in nsDeviceContextSpecWin. r=jimm (d1d4680319) - Bug 1229881 - fix off-by-one error in nsPrinterEnumeratorWin::GetPrinterNameList; r=dbaron; a=KWierso (439061ba50) - Bug 1239683 - Replace NS_UNCONSTRAINEDSIZE with NS_MAXSIZE in windows/nsWindow.cpp. r=mats (4135189bec) - Bug 1033488 - Send RTL information to child process by WM_INPUTLANGCHANGE. r=masayuki (eaf8f70d34) - Bug 1238137 - Telemetry pings for main thread touch scrolling (Windows only). r=kats (f2194a2965) - Bug 1156182 - Ensure nsWindow::Destroy() is called before destroying mPresentLock to avoid a race with the compositor thread. r=Bas (0452ffc641) - Bug 1173617. Don't cache titlebar caption sizes unless the widget has a titlebar. r=jimm (b29e190504) - Bug 580165 - Clean up dead code related to missing screen managers in widget. r=jimm (bf83f21ddc) - Bug 1256501: Fix warning C4312 with 64-bit VS2015 in widget/windows/nsWindow.cpp; r=jimm (635151964e) - Bug 1242690 - Squash together DispatchAPZAwareEvent and DispatchInputEvent. r=dvander (d7b4fea361) - Bug 1242616: Add break in nsWindow.cpp WM_GETOBJECT handling. r=tbsaunde (eb516d4119) - Bug 1239353 - Don't try to change DPI on the fly for popup windows, they remain connected to their parent's presShell and therefore need to share its resolution. r=emk (1491b84fd1) - Bug 1246389 - Resize window appropriately on WM_DPICHANGED messages for dynamic resolution changes. r=emk (f3dbfcdbb1) - Bug 1254019 - Don't attempt to resize a maximized window on DPI change; and when handling a DPI change, constrain the resized window to the screen bounds. r=emk (2047c2dcb5) - Bug 1252191 - use UniquePtr instead of ScopedFreePtr in PoisonIOInterposerMac.cpp; r=aklotz (7c26e55b76) - Bug 1233208: Disable IOInterposer on Beta and Release; r=froydnj (04a6f8b07c) - crashreporter (377572bbb1) - Bug 1055322 - The realloc for libnestegg should free with size 0. r=froydnj (ea624646ca) - Bug 1236789. Avoid creating an unnecessary thread pool thread for tail-dispatch in TaskQueue. r=bholley (e7fb9e4373) - Bug 1255655 - Const-ify named CIDs. r=froydnj. (03b414d92b) - Bug 1250396 (part 1) - Document a subtle contraint on nsIAtom. r=froydnj. (ff279149ac) - Bug 1250396 (part 2) - Remove nsStaticAtomStringType. r=froydnj. (5520507680) - Bug 1255343 - Stop returning nsresult from NS_RegisterStaticAtoms; r=ehsan (de1d387937) - Bug 1251495 - remove unnecessary Logging.h include from nsStaticAtom.h; r=erahm (5226a840fa)
375 lines
13 KiB
C++
375 lines
13 KiB
C++
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "PublicKeyPinningService.h"
|
|
|
|
#include "mozilla/Base64.h"
|
|
#include "mozilla/Telemetry.h"
|
|
#include "nsISiteSecurityService.h"
|
|
#include "nsServiceManagerUtils.h"
|
|
#include "nsSiteSecurityService.h"
|
|
#include "nssb64.h"
|
|
#include "pkix/pkixtypes.h"
|
|
#include "mozilla/Logging.h"
|
|
#include "RootCertificateTelemetryUtils.h"
|
|
#include "ScopedNSSTypes.h"
|
|
#include "seccomon.h"
|
|
#include "sechash.h"
|
|
|
|
#include "StaticHPKPins.h" // autogenerated by genHPKPStaticpins.js
|
|
|
|
using namespace mozilla;
|
|
using namespace mozilla::pkix;
|
|
using namespace mozilla::psm;
|
|
|
|
LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService");
|
|
|
|
/**
|
|
Computes in the location specified by base64Out the SHA256 digest
|
|
of the DER Encoded subject Public Key Info for the given cert
|
|
*/
|
|
static nsresult
|
|
GetBase64HashSPKI(const CERTCertificate* cert, nsACString& hashSPKIDigest)
|
|
{
|
|
hashSPKIDigest.Truncate();
|
|
Digest digest;
|
|
nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->derPublicKey.data,
|
|
cert->derPublicKey.len);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
return Base64Encode(nsDependentCSubstring(
|
|
reinterpret_cast<const char*>(digest.get().data),
|
|
digest.get().len),
|
|
hashSPKIDigest);
|
|
}
|
|
|
|
/*
|
|
* Sets certMatchesPinset to true if a given cert matches any fingerprints from
|
|
* the given pinset or the dynamicFingerprints array, or to false otherwise.
|
|
*/
|
|
static nsresult
|
|
EvalCert(const CERTCertificate* cert, const StaticFingerprints* fingerprints,
|
|
const nsTArray<nsCString>* dynamicFingerprints,
|
|
/*out*/ bool& certMatchesPinset)
|
|
{
|
|
certMatchesPinset = false;
|
|
if (!fingerprints && !dynamicFingerprints) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: No hashes found\n"));
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
|
|
nsAutoCString base64Out;
|
|
nsresult rv = GetBase64HashSPKI(cert, base64Out);
|
|
if (NS_FAILED(rv)) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: GetBase64HashSPKI failed!\n"));
|
|
return rv;
|
|
}
|
|
|
|
if (fingerprints) {
|
|
for (size_t i = 0; i < fingerprints->size; i++) {
|
|
if (base64Out.Equals(fingerprints->data[i])) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
|
|
certMatchesPinset = true;
|
|
return NS_OK;
|
|
}
|
|
}
|
|
}
|
|
if (dynamicFingerprints) {
|
|
for (size_t i = 0; i < dynamicFingerprints->Length(); i++) {
|
|
if (base64Out.Equals((*dynamicFingerprints)[i])) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
|
|
certMatchesPinset = true;
|
|
return NS_OK;
|
|
}
|
|
}
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
/*
|
|
* Sets certListIntersectsPinset to true if a given chain matches any
|
|
* fingerprints from the given static fingerprints or the
|
|
* dynamicFingerprints array, or to false otherwise.
|
|
*/
|
|
static nsresult
|
|
EvalChain(const CERTCertList* certList, const StaticFingerprints* fingerprints,
|
|
const nsTArray<nsCString>* dynamicFingerprints,
|
|
/*out*/ bool& certListIntersectsPinset)
|
|
{
|
|
certListIntersectsPinset = false;
|
|
CERTCertificate* currentCert;
|
|
|
|
if (!fingerprints && !dynamicFingerprints) {
|
|
MOZ_ASSERT(false, "Must pass in at least one type of pinset");
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
|
|
CERTCertListNode* node;
|
|
for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
|
|
node = CERT_LIST_NEXT(node)) {
|
|
currentCert = node->cert;
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: certArray subject: '%s'\n", currentCert->subjectName));
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: certArray issuer: '%s'\n", currentCert->issuerName));
|
|
nsresult rv = EvalCert(currentCert, fingerprints, dynamicFingerprints,
|
|
certListIntersectsPinset);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
if (certListIntersectsPinset) {
|
|
return NS_OK;
|
|
}
|
|
}
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, ("pkpin: no matches found\n"));
|
|
return NS_OK;
|
|
}
|
|
|
|
/**
|
|
Comparator for the is public key pinned host.
|
|
*/
|
|
static int
|
|
TransportSecurityPreloadCompare(const void *key, const void *entry) {
|
|
const char *keyStr = reinterpret_cast<const char *>(key);
|
|
const TransportSecurityPreload *preloadEntry =
|
|
reinterpret_cast<const TransportSecurityPreload *>(entry);
|
|
|
|
return strcmp(keyStr, preloadEntry->mHost);
|
|
}
|
|
|
|
nsresult
|
|
PublicKeyPinningService::ChainMatchesPinset(const CERTCertList* certList,
|
|
const nsTArray<nsCString>& aSHA256keys,
|
|
/*out*/ bool& chainMatchesPinset)
|
|
{
|
|
return EvalChain(certList, nullptr, &aSHA256keys, chainMatchesPinset);
|
|
}
|
|
|
|
// Returns via one of the output parameters the most relevant pinning
|
|
// information that is valid for the given host at the given time.
|
|
// Dynamic pins are prioritized over static pins.
|
|
static nsresult
|
|
FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
|
|
/*out*/ nsTArray<nsCString>& dynamicFingerprints,
|
|
/*out*/ TransportSecurityPreload*& staticFingerprints)
|
|
{
|
|
if (!hostname || hostname[0] == 0) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
staticFingerprints = nullptr;
|
|
dynamicFingerprints.Clear();
|
|
nsCOMPtr<nsISiteSecurityService> sssService =
|
|
do_GetService(NS_SSSERVICE_CONTRACTID);
|
|
if (!sssService) {
|
|
return NS_ERROR_FAILURE;
|
|
}
|
|
TransportSecurityPreload* foundEntry = nullptr;
|
|
char* evalHost = const_cast<char*>(hostname);
|
|
char* evalPart;
|
|
// Notice how the (xx = strchr) prevents pins for unqualified domain names.
|
|
while (!foundEntry && (evalPart = strchr(evalHost, '.'))) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Querying pinsets for host: '%s'\n", evalHost));
|
|
// Attempt dynamic pins first
|
|
nsresult rv;
|
|
bool found;
|
|
bool includeSubdomains;
|
|
nsTArray<nsCString> pinArray;
|
|
rv = sssService->GetKeyPinsForHostname(evalHost, time, pinArray,
|
|
&includeSubdomains, &found);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
if (found && (evalHost == hostname || includeSubdomains)) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Found dyn match for host: '%s'\n", evalHost));
|
|
dynamicFingerprints = pinArray;
|
|
return NS_OK;
|
|
}
|
|
|
|
foundEntry = (TransportSecurityPreload *)bsearch(evalHost,
|
|
kPublicKeyPinningPreloadList,
|
|
sizeof(kPublicKeyPinningPreloadList) / sizeof(TransportSecurityPreload),
|
|
sizeof(TransportSecurityPreload),
|
|
TransportSecurityPreloadCompare);
|
|
if (foundEntry) {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Found pinset for host: '%s'\n", evalHost));
|
|
if (evalHost != hostname) {
|
|
if (!foundEntry->mIncludeSubdomains) {
|
|
// Does not apply to this host, continue iterating
|
|
foundEntry = nullptr;
|
|
}
|
|
}
|
|
} else {
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Didn't find pinset for host: '%s'\n", evalHost));
|
|
}
|
|
// Add one for '.'
|
|
evalHost = evalPart + 1;
|
|
}
|
|
|
|
if (foundEntry && foundEntry->pinset) {
|
|
if (time > TimeFromEpochInSeconds(kPreloadPKPinsExpirationTime /
|
|
PR_USEC_PER_SEC)) {
|
|
return NS_OK;
|
|
}
|
|
staticFingerprints = foundEntry;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
// Returns true via the output parameter if the given certificate list meets
|
|
// pinning requirements for the given host at the given time. It must be the
|
|
// case that either there is an intersection between the set of hashes of
|
|
// subject public key info data in the list and the most relevant non-expired
|
|
// pinset for the host or there is no pinning information for the host.
|
|
static nsresult
|
|
CheckPinsForHostname(const CERTCertList* certList, const char* hostname,
|
|
bool enforceTestMode, mozilla::pkix::Time time,
|
|
/*out*/ bool& chainHasValidPins,
|
|
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
|
|
{
|
|
chainHasValidPins = false;
|
|
if (!certList) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
if (!hostname || hostname[0] == 0) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
|
|
nsTArray<nsCString> dynamicFingerprints;
|
|
TransportSecurityPreload* staticFingerprints = nullptr;
|
|
nsresult rv = FindPinningInformation(hostname, time, dynamicFingerprints,
|
|
staticFingerprints);
|
|
// If we have no pinning information, the certificate chain trivially
|
|
// validates with respect to pinning.
|
|
if (dynamicFingerprints.Length() == 0 && !staticFingerprints) {
|
|
chainHasValidPins = true;
|
|
return NS_OK;
|
|
}
|
|
if (dynamicFingerprints.Length() > 0) {
|
|
return EvalChain(certList, nullptr, &dynamicFingerprints, chainHasValidPins);
|
|
}
|
|
if (staticFingerprints) {
|
|
bool enforceTestModeResult;
|
|
rv = EvalChain(certList, staticFingerprints->pinset, nullptr,
|
|
enforceTestModeResult);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
chainHasValidPins = enforceTestModeResult;
|
|
Telemetry::ID histogram = staticFingerprints->mIsMoz
|
|
? Telemetry::CERT_PINNING_MOZ_RESULTS
|
|
: Telemetry::CERT_PINNING_RESULTS;
|
|
if (staticFingerprints->mTestMode) {
|
|
histogram = staticFingerprints->mIsMoz
|
|
? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS
|
|
: Telemetry::CERT_PINNING_TEST_RESULTS;
|
|
if (!enforceTestMode) {
|
|
chainHasValidPins = true;
|
|
}
|
|
}
|
|
// We can collect per-host pinning violations for this host because it is
|
|
// operationally critical to Firefox.
|
|
if (pinningTelemetryInfo) {
|
|
if (staticFingerprints->mId != kUnknownId) {
|
|
int32_t bucket = staticFingerprints->mId * 2
|
|
+ (enforceTestModeResult ? 1 : 0);
|
|
histogram = staticFingerprints->mTestMode
|
|
? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
|
|
: Telemetry::CERT_PINNING_MOZ_RESULTS_BY_HOST;
|
|
pinningTelemetryInfo->certPinningResultBucket = bucket;
|
|
} else {
|
|
pinningTelemetryInfo->certPinningResultBucket =
|
|
enforceTestModeResult ? 1 : 0;
|
|
}
|
|
pinningTelemetryInfo->accumulateResult = true;
|
|
pinningTelemetryInfo->certPinningResultHistogram = histogram;
|
|
}
|
|
|
|
// We only collect per-CA pinning statistics upon failures.
|
|
CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
|
|
// Only log telemetry if the certificate list is non-empty.
|
|
if (!CERT_LIST_END(rootNode, certList)) {
|
|
if (!enforceTestModeResult && pinningTelemetryInfo) {
|
|
int32_t binNumber = RootCABinNumber(&rootNode->cert->derCert);
|
|
if (binNumber != ROOT_CERTIFICATE_UNKNOWN ) {
|
|
pinningTelemetryInfo->accumulateForRoot = true;
|
|
pinningTelemetryInfo->rootBucket = binNumber;
|
|
}
|
|
}
|
|
}
|
|
|
|
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
|
|
("pkpin: Pin check %s for %s host '%s' (mode=%s)\n",
|
|
enforceTestModeResult ? "passed" : "failed",
|
|
staticFingerprints->mIsMoz ? "mozilla" : "non-mozilla",
|
|
hostname, staticFingerprints->mTestMode ? "test" : "production"));
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
nsresult
|
|
PublicKeyPinningService::ChainHasValidPins(const CERTCertList* certList,
|
|
const char* hostname,
|
|
mozilla::pkix::Time time,
|
|
bool enforceTestMode,
|
|
/*out*/ bool& chainHasValidPins,
|
|
/*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
|
|
{
|
|
chainHasValidPins = false;
|
|
if (!certList) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
if (!hostname || hostname[0] == 0) {
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
|
|
return CheckPinsForHostname(certList, canonicalizedHostname.get(),
|
|
enforceTestMode, time, chainHasValidPins,
|
|
pinningTelemetryInfo);
|
|
}
|
|
|
|
nsresult
|
|
PublicKeyPinningService::HostHasPins(const char* hostname,
|
|
mozilla::pkix::Time time,
|
|
bool enforceTestMode,
|
|
/*out*/ bool& hostHasPins)
|
|
{
|
|
hostHasPins = false;
|
|
nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
|
|
nsTArray<nsCString> dynamicFingerprints;
|
|
TransportSecurityPreload* staticFingerprints = nullptr;
|
|
nsresult rv = FindPinningInformation(canonicalizedHostname.get(), time,
|
|
dynamicFingerprints, staticFingerprints);
|
|
if (NS_FAILED(rv)) {
|
|
return rv;
|
|
}
|
|
if (dynamicFingerprints.Length() > 0) {
|
|
hostHasPins = true;
|
|
} else if (staticFingerprints) {
|
|
hostHasPins = !staticFingerprints->mTestMode || enforceTestMode;
|
|
}
|
|
return NS_OK;
|
|
}
|
|
|
|
nsAutoCString
|
|
PublicKeyPinningService::CanonicalizeHostname(const char* hostname)
|
|
{
|
|
nsAutoCString canonicalizedHostname(hostname);
|
|
ToLowerCase(canonicalizedHostname);
|
|
while (canonicalizedHostname.Length() > 0 &&
|
|
canonicalizedHostname.Last() == '.') {
|
|
canonicalizedHostname.Truncate(canonicalizedHostname.Length() - 1);
|
|
}
|
|
return canonicalizedHostname;
|
|
}
|