--- a/modules/libjar/moz.build
+++ b/modules/libjar/moz.build
@@ -5,18 +5,16 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
with Files('**'):
BUG_COMPONENT = ('Core', 'Networking: JAR')
if CONFIG['MOZ_ZIPWRITER']:
DIRS += ['zipwriter']
-MOCHITEST_CHROME_MANIFESTS += ['test/chrome/chrome.ini']
-
MOCHITEST_MANIFESTS += ['test/mochitest/mochitest.ini']
XPCSHELL_TESTS_MANIFESTS += ['test/unit/xpcshell.ini']
XPIDL_SOURCES += [
'nsIJARChannel.idl',
'nsIJARProtocolHandler.idl',
'nsIJARURI.idl',--- a/modules/libjar/nsIZipReader.idl
+++ b/modules/libjar/nsIZipReader.idl
@@ -10,17 +10,16 @@
struct PRFileDesc;
%}
[ptr] native PRFileDescStar(PRFileDesc);
interface nsIUTF8StringEnumerator;
interface nsIInputStream;
interface nsIFile;
-interface nsIX509Cert;
[scriptable, uuid(fad6f72f-13d8-4e26-9173-53007a4afe71)]
interface nsIZipEntry : nsISupports
{
/**
* The type of compression used for the item. The possible values and
* their meanings are defined in the zip file specification at
* http://www.pkware.com/business_and_developers/developer/appnote/
@@ -186,28 +185,16 @@ interface nsIZipReader : nsISupports
/**
* Returns an input stream containing the contents of the specified zip
* entry. If the entry refers to a directory (ends with '/'), a directory stream
* is opened, otherwise the contents of the file entry is returned.
* @param aJarSpec the Spec of the URI for the JAR (only used for directory streams)
* @param zipEntry the name of the entry to open the stream from
*/
nsIInputStream getInputStreamWithSpec(in AUTF8String aJarSpec, in AUTF8String zipEntry);
-
- /**
- * Returns an object describing the entity which signed
- * an entry. parseManifest must be called first. If aEntryName is an
- * entry in the jar, getInputStream must be called after parseManifest.
- * If aEntryName is an external file which has meta-information
- * stored in the jar, verifyExternalFile (not yet implemented) must
- * be called before getPrincipal.
- */
- nsIX509Cert getSigningCert(in AUTF8String aEntryName);
-
- readonly attribute uint32_t manifestEntriesCount;
};
////////////////////////////////////////////////////////////////////////////////
// nsIZipReaderCache
[scriptable, uuid(31179807-9fcd-46c4-befa-2ade209a394b)]
interface nsIZipReaderCache : nsISupports
{--- a/modules/libjar/nsJAR.cpp
+++ b/modules/libjar/nsJAR.cpp
@@ -2,95 +2,40 @@
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include <string.h>
#include "nsJARInputStream.h"
#include "nsJAR.h"
#include "nsIFile.h"
-#include "nsIX509Cert.h"
#include "nsIConsoleService.h"
#include "nsICryptoHash.h"
#include "nsIDataSignatureVerifier.h"
#include "mozilla/Omnijar.h"
#include "mozilla/Unused.h"
#ifdef XP_UNIX
#include <sys/stat.h>
#elif defined (XP_WIN)
#include <io.h>
#endif
using namespace mozilla;
//----------------------------------------------
-// nsJARManifestItem declaration
-//----------------------------------------------
-/*
- * nsJARManifestItem contains meta-information pertaining
- * to an individual JAR entry, taken from the
- * META-INF/MANIFEST.MF and META-INF/ *.SF files.
- * This is security-critical information, defined here so it is not
- * accessible from anywhere else.
- */
-typedef enum
-{
- JAR_INVALID = 1,
- JAR_INTERNAL = 2,
- JAR_EXTERNAL = 3
-} JARManifestItemType;
-
-class nsJARManifestItem
-{
-public:
- JARManifestItemType mType;
-
- // True if the second step of verification (VerifyEntry)
- // has taken place:
- bool entryVerified;
-
- // Not signed, valid, or failure code
- int16_t status;
-
- // Internal storage of digests
- nsCString calculatedSectionDigest;
- nsCString storedEntryDigest;
-
- nsJARManifestItem();
- virtual ~nsJARManifestItem();
-};
-
-//-------------------------------------------------
-// nsJARManifestItem constructors and destructor
-//-------------------------------------------------
-nsJARManifestItem::nsJARManifestItem(): mType(JAR_INTERNAL),
- entryVerified(false),
- status(JAR_NOT_SIGNED)
-{
-}
-
-nsJARManifestItem::~nsJARManifestItem()
-{
-}
-
-//----------------------------------------------
// nsJAR constructor/destructor
//----------------------------------------------
// The following initialization makes a guess of 10 entries per jarfile.
nsJAR::nsJAR(): mZip(new nsZipArchive()),
- mManifestData(8),
- mParsedManifest(false),
- mGlobalStatus(JAR_MANIFEST_NOT_PARSED),
mReleaseTime(PR_INTERVAL_NO_TIMEOUT),
mCache(nullptr),
mLock("nsJAR::mLock"),
mMtime(0),
- mTotalItemsInManifest(0),
mOpened(false),
mIsOmnijar(false)
{
}
nsJAR::~nsJAR()
{
Close();
@@ -203,20 +148,16 @@ nsJAR::GetFile(nsIFile* *result)
NS_IMETHODIMP
nsJAR::Close()
{
if (!mOpened) {
return NS_ERROR_FAILURE; // Never opened or already closed.
}
mOpened = false;
- mParsedManifest = false;
- mManifestData.Clear();
- mGlobalStatus = JAR_MANIFEST_NOT_PARSED;
- mTotalItemsInManifest = 0;
if (mIsOmnijar) {
// Reset state, but don't close the omnijar because we did not open it.
mIsOmnijar = false;
mZip = new nsZipArchive();
return NS_OK;
}
@@ -342,76 +283,16 @@ nsJAR::GetInputStreamWithSpec(const nsAC
rv = jis->InitFile(this, item);
}
if (NS_FAILED(rv)) {
NS_RELEASE(*result);
}
return rv;
}
-NS_IMETHODIMP
-nsJAR::GetSigningCert(const nsACString& aFilename, nsIX509Cert** aSigningCert)
-{
- //-- Parameter check
- if (!aSigningCert) {
- return NS_ERROR_NULL_POINTER;
- }
- *aSigningCert = nullptr;
-
- // Don't check signatures in the omnijar - this is only
- // interesting for extensions/XPIs.
- RefPtr<nsZipArchive> greOmni = mozilla::Omnijar::GetReader(mozilla::Omnijar::GRE);
- RefPtr<nsZipArchive> appOmni = mozilla::Omnijar::GetReader(mozilla::Omnijar::APP);
-
- if (mZip == greOmni || mZip == appOmni)
- return NS_OK;
-
- //-- Parse the manifest
- nsresult rv = ParseManifest();
- if (NS_FAILED(rv)) return rv;
- if (mGlobalStatus == JAR_NO_MANIFEST)
- return NS_OK;
-
- int16_t requestedStatus;
- if (!aFilename.IsEmpty())
- {
- //-- Find the item
- nsJARManifestItem* manItem = mManifestData.Get(aFilename);
- if (!manItem)
- return NS_OK;
- //-- Verify the item against the manifest
- if (!manItem->entryVerified)
- {
- nsCString entryData;
- rv = LoadEntry(aFilename, entryData);
- if (NS_FAILED(rv)) return rv;
- rv = VerifyEntry(manItem, entryData.get(), entryData.Length());
- if (NS_FAILED(rv)) return rv;
- }
- requestedStatus = manItem->status;
- }
- else // User wants identity of signer w/o verifying any entries
- requestedStatus = mGlobalStatus;
-
- if (requestedStatus != JAR_VALID_MANIFEST) {
- ReportError(aFilename, requestedStatus);
- } else { // Valid signature
- *aSigningCert = mSigningCert;
- NS_IF_ADDREF(*aSigningCert);
- }
- return NS_OK;
-}
-
-NS_IMETHODIMP
-nsJAR::GetManifestEntriesCount(uint32_t* count)
-{
- *count = mTotalItemsInManifest;
- return NS_OK;
-}
-
nsresult
nsJAR::GetJarPath(nsACString& aResult)
{
NS_ENSURE_ARG_POINTER(mZipFile);
return mZipFile->GetNativePath(aResult);
}
@@ -501,408 +382,16 @@ nsJAR::ReadLine(const char** src)
if (eol[0] == '\r' && eol[1] == '\n') // CR LF, so skip 2
*src = eol+2;
else // Either CR or LF, so skip 1
*src = eol+1;
}
return length;
}
-//-- The following #defines are used by ParseManifest()
-// and ParseOneFile(). The header strings are defined in the JAR specification.
-#define JAR_MF 1
-#define JAR_SF 2
-#define JAR_MF_SEARCH_STRING "(M|/M)ETA-INF/(M|m)(ANIFEST|anifest).(MF|mf)$"
-#define JAR_SF_SEARCH_STRING "(M|/M)ETA-INF/*.(SF|sf)$"
-#define JAR_MF_HEADER (const char*)"Manifest-Version: 1.0"
-#define JAR_SF_HEADER (const char*)"Signature-Version: 1.0"
-
-nsresult
-nsJAR::ParseManifest()
-{
- //-- Verification Step 1
- if (mParsedManifest)
- return NS_OK;
- //-- (1)Manifest (MF) file
- nsCOMPtr<nsIUTF8StringEnumerator> files;
- nsresult rv = FindEntries(nsDependentCString(JAR_MF_SEARCH_STRING), getter_AddRefs(files));
- if (!files) rv = NS_ERROR_FAILURE;
- if (NS_FAILED(rv)) return rv;
-
- //-- Load the file into memory
- bool more;
- rv = files->HasMore(&more);
- NS_ENSURE_SUCCESS(rv, rv);
- if (!more)
- {
- mGlobalStatus = JAR_NO_MANIFEST;
- mParsedManifest = true;
- return NS_OK;
- }
-
- nsAutoCString manifestFilename;
- rv = files->GetNext(manifestFilename);
- NS_ENSURE_SUCCESS(rv, rv);
-
- // Check if there is more than one manifest, if so then error!
- rv = files->HasMore(&more);
- if (NS_FAILED(rv)) return rv;
- if (more)
- {
- mParsedManifest = true;
- nsZipArchive::sFileCorruptedReason = "nsJAR: duplicate manifests";
- return NS_ERROR_FILE_CORRUPTED; // More than one MF file
- }
-
- nsCString manifestBuffer;
- rv = LoadEntry(manifestFilename, manifestBuffer);
- if (NS_FAILED(rv)) return rv;
-
- //-- Parse it
- rv = ParseOneFile(manifestBuffer.get(), JAR_MF);
- if (NS_FAILED(rv)) return rv;
-
- //-- (2)Signature (SF) file
- // If there are multiple signatures, we select one.
- rv = FindEntries(nsDependentCString(JAR_SF_SEARCH_STRING), getter_AddRefs(files));
- if (!files) rv = NS_ERROR_FAILURE;
- if (NS_FAILED(rv)) return rv;
- //-- Get an SF file
- rv = files->HasMore(&more);
- if (NS_FAILED(rv)) return rv;
- if (!more)
- {
- mGlobalStatus = JAR_NO_MANIFEST;
- mParsedManifest = true;
- return NS_OK;
- }
- rv = files->GetNext(manifestFilename);
- if (NS_FAILED(rv)) return rv;
-
- rv = LoadEntry(manifestFilename, manifestBuffer);
- if (NS_FAILED(rv)) return rv;
-
- //-- Get its corresponding signature file
- nsAutoCString sigFilename(manifestFilename);
- int32_t extension = sigFilename.RFindChar('.') + 1;
- NS_ASSERTION(extension != 0, "Manifest Parser: Missing file extension.");
- (void)sigFilename.Cut(extension, 2);
- nsCString sigBuffer;
- {
- nsAutoCString tempFilename(sigFilename); tempFilename.Append("rsa", 3);
- rv = LoadEntry(tempFilename, sigBuffer);
- }
- if (NS_FAILED(rv))
- {
- nsAutoCString tempFilename(sigFilename); tempFilename.Append("RSA", 3);
- rv = LoadEntry(tempFilename, sigBuffer);
- }
- if (NS_FAILED(rv))
- {
- mGlobalStatus = JAR_NO_MANIFEST;
- mParsedManifest = true;
- return NS_OK;
- }
-
- //-- Get the signature verifier service
- nsCOMPtr<nsIDataSignatureVerifier> verifier(
- do_GetService("@mozilla.org/security/datasignatureverifier;1", &rv));
- if (NS_FAILED(rv)) // No signature verifier available
- {
- mGlobalStatus = JAR_NO_MANIFEST;
- mParsedManifest = true;
- return NS_OK;
- }
-
- //-- Verify that the signature file is a valid signature of the SF file
- int32_t verifyError;
- rv = verifier->VerifySignature(sigBuffer, manifestBuffer,
- &verifyError, getter_AddRefs(mSigningCert));
- if (NS_FAILED(rv)) return rv;
- if (mSigningCert && verifyError == nsIDataSignatureVerifier::VERIFY_OK) {
- mGlobalStatus = JAR_VALID_MANIFEST;
- } else if (verifyError == nsIDataSignatureVerifier::VERIFY_ERROR_UNKNOWN_ISSUER) {
- mGlobalStatus = JAR_INVALID_UNKNOWN_CA;
- } else {
- mGlobalStatus = JAR_INVALID_SIG;
- }
-
- //-- Parse the SF file. If the verification above failed, principal
- // is null, and ParseOneFile will mark the relevant entries as invalid.
- // if ParseOneFile fails, then it has no effect, and we can safely
- // continue to the next SF file, or return.
- ParseOneFile(manifestBuffer.get(), JAR_SF);
- mParsedManifest = true;
-
- return NS_OK;
-}
-
-nsresult
-nsJAR::ParseOneFile(const char* filebuf, int16_t aFileType)
-{
- //-- Check file header
- const char* nextLineStart = filebuf;
- nsAutoCString curLine;
- int32_t linelen;
- linelen = ReadLine(&nextLineStart);
- curLine.Assign(filebuf, linelen);
-
- if ( ((aFileType == JAR_MF) && !curLine.Equals(JAR_MF_HEADER) ) ||
- ((aFileType == JAR_SF) && !curLine.Equals(JAR_SF_HEADER) ) ) {
- nsZipArchive::sFileCorruptedReason = "nsJAR: invalid manifest header";
- return NS_ERROR_FILE_CORRUPTED;
- }
-
- //-- Skip header section
- do {
- linelen = ReadLine(&nextLineStart);
- } while (linelen > 0);
-
- //-- Set up parsing variables
- const char* curPos;
- const char* sectionStart = nextLineStart;
-
- nsJARManifestItem* curItemMF = nullptr;
- bool foundName = false;
- if (aFileType == JAR_MF) {
- curItemMF = new nsJARManifestItem();
- }
-
- nsAutoCString curItemName;
- nsAutoCString storedSectionDigest;
-
- for(;;)
- {
- curPos = nextLineStart;
- linelen = ReadLine(&nextLineStart);
- curLine.Assign(curPos, linelen);
- if (linelen == 0)
- // end of section (blank line or end-of-file)
- {
- if (aFileType == JAR_MF)
- {
- mTotalItemsInManifest++;
- if (curItemMF->mType != JAR_INVALID)
- {
- //-- Did this section have a name: line?
- if(!foundName)
- curItemMF->mType = JAR_INVALID;
- else
- {
- //-- If it's an internal item, it must correspond
- // to a valid jar entry
- if (curItemMF->mType == JAR_INTERNAL)
- {
- bool exists;
- nsresult rv = HasEntry(curItemName, &exists);
- if (NS_FAILED(rv) || !exists)
- curItemMF->mType = JAR_INVALID;
- }
- //-- Check for duplicates
- if (mManifestData.Contains(curItemName)) {
- curItemMF->mType = JAR_INVALID;
- }
- }
- }
-
- if (curItemMF->mType == JAR_INVALID)
- delete curItemMF;
- else //-- calculate section digest
- {
- uint32_t sectionLength = curPos - sectionStart;
- CalculateDigest(sectionStart, sectionLength,
- curItemMF->calculatedSectionDigest);
- //-- Save item in the hashtable
- mManifestData.Put(curItemName, curItemMF);
- }
- if (nextLineStart == nullptr) // end-of-file
- break;
-
- sectionStart = nextLineStart;
- curItemMF = new nsJARManifestItem();
- } // (aFileType == JAR_MF)
- else
- //-- file type is SF, compare digest with calculated
- // section digests from MF file.
- {
- if (foundName)
- {
- nsJARManifestItem* curItemSF = mManifestData.Get(curItemName);
- if(curItemSF)
- {
- NS_ASSERTION(curItemSF->status == JAR_NOT_SIGNED,
- "SECURITY ERROR: nsJARManifestItem not correctly initialized");
- curItemSF->status = mGlobalStatus;
- if (curItemSF->status == JAR_VALID_MANIFEST)
- { // Compare digests
- if (storedSectionDigest.IsEmpty())
- curItemSF->status = JAR_NOT_SIGNED;
- else
- {
- if (!storedSectionDigest.Equals(curItemSF->calculatedSectionDigest))
- curItemSF->status = JAR_INVALID_MANIFEST;
- curItemSF->calculatedSectionDigest.Truncate();
- storedSectionDigest.Truncate();
- }
- } // (aPrincipal != nullptr)
- } // if(curItemSF)
- } // if(foundName)
-
- if(nextLineStart == nullptr) // end-of-file
- break;
- } // aFileType == JAR_SF
- foundName = false;
- continue;
- } // if(linelen == 0)
-
- //-- Look for continuations (beginning with a space) on subsequent lines
- // and append them to the current line.
- while(*nextLineStart == ' ')
- {
- curPos = nextLineStart;
- int32_t continuationLen = ReadLine(&nextLineStart) - 1;
- nsAutoCString continuation(curPos+1, continuationLen);
- curLine += continuation;
- linelen += continuationLen;
- }
-
- //-- Find colon in current line, this separates name from value
- int32_t colonPos = curLine.FindChar(':');
- if (colonPos == -1) // No colon on line, ignore line
- continue;
- //-- Break down the line
- nsAutoCString lineName;
- curLine.Left(lineName, colonPos);
- nsAutoCString lineData;
- curLine.Mid(lineData, colonPos+2, linelen - (colonPos+2));
-
- //-- Lines to look for:
- // (1) Digest:
- if (lineName.LowerCaseEqualsLiteral("sha1-digest"))
- //-- This is a digest line, save the data in the appropriate place
- {
- if(aFileType == JAR_MF)
- curItemMF->storedEntryDigest = lineData;
- else
- storedSectionDigest = lineData;
- continue;
- }
-
- // (2) Name: associates this manifest section with a file in the jar.
- if (!foundName && lineName.LowerCaseEqualsLiteral("name"))
- {
- curItemName = lineData;
- foundName = true;
- continue;
- }
-
- // (3) Magic: this may be an inline Javascript.
- // We can't do any other kind of magic.
- if (aFileType == JAR_MF && lineName.LowerCaseEqualsLiteral("magic"))
- {
- if (lineData.LowerCaseEqualsLiteral("javascript"))
- curItemMF->mType = JAR_EXTERNAL;
- else
- curItemMF->mType = JAR_INVALID;
- continue;
- }
-
- } // for (;;)
- return NS_OK;
-} //ParseOneFile()
-
-nsresult
-nsJAR::VerifyEntry(nsJARManifestItem* aManItem, const char* aEntryData,
- uint32_t aLen)
-{
- if (aManItem->status == JAR_VALID_MANIFEST)
- {
- if (aManItem->storedEntryDigest.IsEmpty())
- // No entry digests in manifest file. Entry is unsigned.
- aManItem->status = JAR_NOT_SIGNED;
- else
- { //-- Calculate and compare digests
- nsCString calculatedEntryDigest;
- nsresult rv = CalculateDigest(aEntryData, aLen, calculatedEntryDigest);
- if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
- if (!aManItem->storedEntryDigest.Equals(calculatedEntryDigest))
- aManItem->status = JAR_INVALID_ENTRY;
- aManItem->storedEntryDigest.Truncate();
- }
- }
- aManItem->entryVerified = true;
- return NS_OK;
-}
-
-void nsJAR::ReportError(const nsACString &aFilename, int16_t errorCode)
-{
- //-- Generate error message
- nsAutoString message;
- message.AssignLiteral("Signature Verification Error: the signature on ");
- if (!aFilename.IsEmpty())
- AppendASCIItoUTF16(aFilename, message);
- else
- message.AppendLiteral("this .jar archive");
- message.AppendLiteral(" is invalid because ");
- switch(errorCode)
- {
- case JAR_NOT_SIGNED:
- message.AppendLiteral("the archive did not contain a valid PKCS7 signature.");
- break;
- case JAR_INVALID_SIG:
- message.AppendLiteral("the digital signature (*.RSA) file is not a valid signature of the signature instruction file (*.SF).");
- break;
- case JAR_INVALID_UNKNOWN_CA:
- message.AppendLiteral("the certificate used to sign this file has an unrecognized issuer.");
- break;
- case JAR_INVALID_MANIFEST:
- message.AppendLiteral("the signature instruction file (*.SF) does not contain a valid hash of the MANIFEST.MF file.");
- break;
- case JAR_INVALID_ENTRY:
- message.AppendLiteral("the MANIFEST.MF file does not contain a valid hash of the file being verified.");
- break;
- case JAR_NO_MANIFEST:
- message.AppendLiteral("the archive did not contain a manifest.");
- break;
- default:
- message.AppendLiteral("of an unknown problem.");
- }
-
- // Report error in JS console
- nsCOMPtr<nsIConsoleService> console(do_GetService("@mozilla.org/consoleservice;1"));
- if (console)
- {
- console->LogStringMessage(message.get());
- }
-#ifdef DEBUG
- char* messageCstr = ToNewCString(message);
- if (!messageCstr) return;
- fprintf(stderr, "%s\n", messageCstr);
- free(messageCstr);
-#endif
-}
-
-
-nsresult nsJAR::CalculateDigest(const char* aInBuf, uint32_t aLen,
- nsCString& digest)
-{
- nsresult rv;
-
- nsCOMPtr<nsICryptoHash> hasher = do_CreateInstance("@mozilla.org/security/hash;1", &rv);
- if (NS_FAILED(rv)) return rv;
-
- rv = hasher->Init(nsICryptoHash::SHA1);
- if (NS_FAILED(rv)) return rv;
-
- rv = hasher->Update((const uint8_t*) aInBuf, aLen);
- if (NS_FAILED(rv)) return rv;
-
- return hasher->Finish(true, digest);
-}
-
NS_IMPL_ISUPPORTS(nsJAREnumerator, nsIUTF8StringEnumerator)
//----------------------------------------------
// nsJAREnumerator::HasMore
//----------------------------------------------
NS_IMETHODIMP
nsJAREnumerator::HasMore(bool* aResult)
{--- a/modules/libjar/nsJAR.h
+++ b/modules/libjar/nsJAR.h
@@ -24,33 +24,18 @@
#include "nsTHashtable.h"
#include "nsIZipReader.h"
#include "nsZipArchive.h"
#include "nsIObserverService.h"
#include "nsWeakReference.h"
#include "nsIObserver.h"
#include "mozilla/Attributes.h"
-class nsIX509Cert;
-class nsJARManifestItem;
class nsZipReaderCache;
-/* For mManifestStatus */
-typedef enum
-{
- JAR_MANIFEST_NOT_PARSED = 0,
- JAR_VALID_MANIFEST = 1,
- JAR_INVALID_SIG = 2,
- JAR_INVALID_UNKNOWN_CA = 3,
- JAR_INVALID_MANIFEST = 4,
- JAR_INVALID_ENTRY = 5,
- JAR_NO_MANIFEST = 6,
- JAR_NOT_SIGNED = 7
-} JARManifestStatusType;
-
/*-------------------------------------------------------------------------
* Class nsJAR declaration.
* nsJAR serves as an XPCOM wrapper for nsZipArchive with the addition of
* JAR manifest file parsing.
*------------------------------------------------------------------------*/
class nsJAR final : public nsIZipReader
{
// Allows nsJARInputStream to call the verification functions
@@ -92,44 +77,30 @@ class nsJAR final : public nsIZipReader
void SetZipReaderCache(nsZipReaderCache* cache) {
mCache = cache;
}
nsresult GetNSPRFileDesc(PRFileDesc** aNSPRFileDesc);
protected:
- typedef nsClassHashtable<nsCStringHashKey, nsJARManifestItem> ManifestDataHashtable;
//-- Private data members
nsCOMPtr<nsIFile> mZipFile; // The zip/jar file on disk
nsCString mOuterZipEntry; // The entry in the zip this zip is reading from
RefPtr<nsZipArchive> mZip; // The underlying zip archive
- ManifestDataHashtable mManifestData; // Stores metadata for each entry
- bool mParsedManifest; // True if manifest has been parsed
- nsCOMPtr<nsIX509Cert> mSigningCert; // The entity which signed this file
- int16_t mGlobalStatus; // Global signature verification status
PRIntervalTime mReleaseTime; // used by nsZipReaderCache for flushing entries
nsZipReaderCache* mCache; // if cached, this points to the cache it's contained in
mozilla::Mutex mLock;
int64_t mMtime;
- int32_t mTotalItemsInManifest;
bool mOpened;
bool mIsOmnijar;
- nsresult ParseManifest();
- void ReportError(const nsACString &aFilename, int16_t errorCode);
nsresult LoadEntry(const nsACString& aFilename, nsCString& aBuf);
int32_t ReadLine(const char** src);
- nsresult ParseOneFile(const char* filebuf, int16_t aFileType);
- nsresult VerifyEntry(nsJARManifestItem* aEntry, const char* aEntryData,
- uint32_t aLen);
-
- nsresult CalculateDigest(const char* aInBuf, uint32_t aInBufLen,
- nsCString& digest);
};
/**
* nsJARItem
*
* An individual JAR entry. A set of nsJARItems matching a
* supplied pattern are returned in a nsJAREnumerator.
*/deleted file mode 100644
--- a/modules/libjar/test/chrome/chrome.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[DEFAULT]
-support-files =
- signed-added.zip
- signed-badca.zip
- signed-tampered.zip
- signed.zip
- unsigned.zip
-
-[test_bug386153.html]
deleted file mode 100644
index c90bc250a7d8bffaa4598478fc14c2386f176c5e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index f493cbd1a78f3c2eeca9a73071363c91a6429327..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index d3b9d16cc64bb7c9bc6d481c96d4e84ae34074e3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index 94e11478378a7245b90d503cdbfb663fd6e7f628..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
--- a/modules/libjar/test/chrome/test_bug386153.html
+++ /dev/null
@@ -1,97 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=386153
--->
-<head>
- <title>Test for Bug 386153</title>
- <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
- <script type="application/javascript" src="chrome://mochikit/content/chrome-harness.js"></script>
- <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
-</head>
-<body>
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=386153">Mozilla Bug 386153</a>
-<p id="display"></p>
-<div id="content" style="display: none">
-
-</div>
-<pre id="test">
-<script type="application/javascript">
-
-/** Test for Bug 386153 **/
-
-const Cc = Components.classes;
-const Ci = Components.interfaces;
-
-// Opens a zip file from the test directory.
-function openZip(path) {
-
- var location = window.location.href;
- location = getRootDirectory(location);
- var jar = getJar(location);
- if (jar != null) {
- var resolved = extractJarToTmp(jar);
- } else {
- var resolvedURI = getResolvedURI(window.location.href);
- var resolved = getChromeDir(resolvedURI);
- }
- resolved.append(path);
-
- var zip = Cc["@mozilla.org/libjar/zip-reader;1"].
- createInstance(Ci.nsIZipReader);
- zip.open(resolved);
- return zip;
-}
-
-// Gets the pretty name from the signing cert or null if the zip is unsigned.
-function getSigner(zip) {
- var signingCert = zip.getSigningCert(null);
- if (signingCert) {
- return signingCert.organization;
- }
- return null;
-}
-
-function verifySigning(zip) {
- var signingCert = zip.getSigningCert(null);
- var count = 0;
- var entries = zip.findEntries(null);
- while (entries.hasMore()) {
- var entry = entries.getNext();
- // Nothing in META-INF is in the manifest.
- if (entry.substr(0, 9) == "META-INF/")
- continue;
- // Directory entries aren't in the manifest.
- if (entry.substr(-1) == "/")
- continue;
- count++;
- var entryCert = zip.getSigningCert(entry);
- if (!entryCert || !signingCert.equals(entryCert)) {
- return false;
- }
- }
- return zip.manifestEntriesCount == count;
-}
-
-var zip = openZip("unsigned.zip");
-is(getSigner(zip), null, "Should not be signed");
-
-zip = openZip("signed.zip");
-is(getSigner(zip), "Mozilla Testing", "Should be signed by the right cert");
-ok(verifySigning(zip), "Should be correctly signed");
-
-zip = openZip("signed-added.zip");
-is(getSigner(zip), "Mozilla Testing", "Should be signed by the right cert");
-ok(!verifySigning(zip), "Should be incorrectly signed");
-
-zip = openZip("signed-tampered.zip");
-is(getSigner(zip), "Mozilla Testing", "Should be signed by the right cert");
-ok(!verifySigning(zip), "Should be incorrectly signed");
-
-zip = openZip("signed-badca.zip");
-is(getSigner(zip), null, "Should not appear to be signed");
-
-</script>
-</pre>
-</body>
-</html>deleted file mode 100644
index f1e26b06a622ccb34dafaff72fba9b246898658c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
--- a/toolkit/locales/en-US/chrome/mozapps/extensions/xpinstallConfirm.properties
+++ b/toolkit/locales/en-US/chrome/mozapps/extensions/xpinstallConfirm.properties
@@ -1,11 +1,8 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-unverified=(Author not verified)
-signed=(%S)
-
itemWarnIntroMultiple=You have asked to install the following %S items:
itemWarnIntroSingle=You have asked to install the following item:
installButtonDisabledLabel=Install (%S)
installButtonLabel=Install Now
--- a/toolkit/mozapps/extensions/content/xpinstallConfirm.js
+++ b/toolkit/mozapps/extensions/content/xpinstallConfirm.js
@@ -55,22 +55,16 @@ XPInstallConfirm.init = function() {
installItem.name = install.addon.name;
installItem.url = install.sourceURI.spec;
var icon = install.iconURL;
if (icon)
installItem.icon = icon;
var type = install.type;
if (type)
installItem.type = type;
- if (install.certName) {
- installItem.cert = bundle.getFormattedString("signed", [install.certName]);
- } else {
- installItem.cert = bundle.getString("unverified");
- }
- installItem.signed = install.certName ? "true" : "false";
installMap.set(install.wrapped, installItem);
install.addListener(installListener);
}
var introString = bundle.getString("itemWarnIntroSingle");
if (numItemsToInstall > 4)
introString = bundle.getFormattedString("itemWarnIntroMultiple", [numItemsToInstall]);--- a/toolkit/mozapps/extensions/content/xpinstallItem.xml
+++ b/toolkit/mozapps/extensions/content/xpinstallItem.xml
@@ -18,17 +18,16 @@
<content>
<xul:hbox flex="1">
<xul:vbox align="center" pack="center" class="xpinstallIconContainer">
<xul:image class="xpinstallItemIcon" xbl:inherits="src=icon"/>
</xul:vbox>
<xul:vbox flex="1" pack="center">
<xul:hbox class="xpinstallItemNameRow" align="center">
<xul:label class="xpinstallItemName" xbl:inherits="value=name" crop="right"/>
- <xul:label class="xpinstallItemSigned" xbl:inherits="value=cert,signed"/>
</xul:hbox>
<xul:hbox class="xpinstallItemDetailsRow" align="center">
<xul:textbox class="xpinstallItemURL" xbl:inherits="value=url" flex="1" readonly="true" crop="right"/>
</xul:hbox>
</xul:vbox>
</xul:hbox>
</content>
<implementation>--- a/toolkit/mozapps/extensions/internal/XPIInstall.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.jsm
@@ -1021,47 +1021,16 @@ function getTemporaryFile() {
let random = Math.random().toString(36).replace(/0./, "").substr(-3);
file.append("tmp-" + random + ".xpi");
file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, FileUtils.PERMS_FILE);
return file;
}
/**
- * Verifies that a zip file's contents are all signed by the same principal.
- * Directory entries and anything in the META-INF directory are not checked.
- *
- * @param aZip
- * A nsIZipReader to check
- * @param aCertificate
- * The nsIX509Cert to compare against
- * @return true if all the contents that should be signed were signed by the
- * principal
- */
-function verifyZipSigning(aZip, aCertificate) {
- var count = 0;
- var entries = aZip.findEntries(null);
- while (entries.hasMore()) {
- var entry = entries.getNext();
- // Nothing in META-INF is in the manifest.
- if (entry.substr(0, 9) == "META-INF/")
- continue;
- // Directory entries aren't in the manifest.
- if (entry.substr(-1) == "/")
- continue;
- count++;
- var entryCertificate = aZip.getSigningCert(entry);
- if (!entryCertificate || !aCertificate.equals(entryCertificate)) {
- return false;
- }
- }
- return aZip.manifestEntriesCount == count;
-}
-
-/**
* Returns the signedState for a given return code and certificate by verifying
* it against the expected ID.
*/
function getSignedStatus(aRv, aCert, aAddonID) {
let expectedCommonName = aAddonID;
if (aAddonID && aAddonID.length > 64) {
let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"].
createInstance(Ci.nsIScriptableUnicodeConverter);
@@ -1449,18 +1418,16 @@ class AddonInstall {
this.logger = logger;
this.name = options.name || null;
this.type = options.type || null;
this.version = options.version || null;
this.file = null;
this.ownsTempFile = null;
- this.certificate = null;
- this.certName = null;
this.addon = null;
this.state = null;
XPIProvider.installs.add(this);
}
/**
@@ -1665,35 +1632,16 @@ class AddonInstall {
if (state == AddonManager.SIGNEDSTATE_MISSING)
return Promise.reject([AddonManager.ERROR_SIGNEDSTATE_REQUIRED,
"signature is required but missing"])
return Promise.reject([AddonManager.ERROR_CORRUPT_FILE,
"signature verification failed"])
}
- } else if (this.addon.signedState == AddonManager.SIGNEDSTATE_UNKNOWN ||
- this.addon.signedState == AddonManager.SIGNEDSTATE_NOT_REQUIRED) {
- // Check object signing certificate, if any
- let x509 = zipreader.getSigningCert(null);
- if (x509) {
- logger.debug("Verifying XPI signature");
- if (verifyZipSigning(zipreader, x509)) {
- this.certificate = x509;
- if (this.certificate.commonName.length > 0) {
- this.certName = this.certificate.commonName;
- } else {
- this.certName = this.certificate.organization;
- }
- } else {
- zipreader.close();
- return Promise.reject([AddonManager.ERROR_CORRUPT_FILE,
- "XPI is incorrectly signed"]);
- }
- }
}
zipreader.close();
this.updateAddonURIs();
this.addon._install = this;
this.name = this.addon.selectedLocale.name;
@@ -2706,17 +2654,17 @@ AddonInstallWrapper.prototype = {
},
removeListener(listener) {
installFor(this).removeListener(listener);
},
};
["name", "version", "icons", "releaseNotesURI", "file", "state", "error",
- "progress", "maxProgress", "certificate", "certName"].forEach(function(aProp) {
+ "progress", "maxProgress"].forEach(function(aProp) {
Object.defineProperty(AddonInstallWrapper.prototype, aProp, {
get() {
return installFor(this)[aProp];
},
enumerable: true,
});
});
--- a/toolkit/mozapps/extensions/test/browser/browser.ini
+++ b/toolkit/mozapps/extensions/test/browser/browser.ini
@@ -4,20 +4,16 @@ support-files =
addons/*
addon_about.xul
addon_prefs.xul
cancelCompatCheck.sjs
discovery.html
discovery_frame.html
discovery_install.html
head.js
- signed_hotfix.rdf
- signed_hotfix.xpi
- unsigned_hotfix.rdf
- unsigned_hotfix.xpi
more_options.xul
options.xul
plugin_test.html
redirect.sjs
releaseNotes.xhtml
blockNoPlugins.xml
blockPluginHard.xml
browser_bug557956.rdf
@@ -55,19 +51,16 @@ support-files =
[browser_cancelCompatCheck.js]
[browser_checkAddonCompatibility.js]
[browser_discovery_install.js]
[browser_eula.js]
skip-if = buildapp == 'mulet'
[browser_file_xpi_no_process_switch.js]
[browser_getmorethemes.js]
[browser_gmpProvider.js]
-[browser_hotfix.js]
-# Verifies the old style of signing hotfixes
-skip-if = require_signing
[browser_install.js]
[browser_installssl.js]
[browser_legacy.js]
[browser_legacy_pre57.js]
[browser_newaddon.js]
[browser_non_mpc.js]
[browser_searching.js]
[browser_system_addons_are_e10s.js]
deleted file mode 100644
--- a/toolkit/mozapps/extensions/test/browser/browser_hotfix.js
+++ /dev/null
@@ -1,171 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/
- */
-
-const PREF_EM_HOTFIX_ID = "extensions.hotfix.id";
-const PREF_EM_HOTFIX_LASTVERSION = "extensions.hotfix.lastVersion";
-const PREF_EM_HOTFIX_URL = "extensions.hotfix.url";
-const PREF_EM_HOTFIX_CERTS = "extensions.hotfix.certs.";
-const PREF_EM_CERT_CHECKATTRIBUTES = "extensions.hotfix.cert.checkAttributes";
-
-const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
-const PREF_UPDATE_REQUIREBUILTINCERTS = "extensions.update.requireBuiltInCerts";
-
-const PREF_APP_UPDATE_ENABLED = "app.update.enabled";
-const PREF_APP_UPDATE_URL = "app.update.url";
-
-const HOTFIX_ID = "hotfix@tests.mozilla.org";
-
-/*
- * Register an addon install listener and return a promise that:
- * resolves with the AddonInstall object if the install succeeds
- * rejects with the AddonInstall if the install fails
- */
-function promiseInstallListener() {
- return new Promise((resolve, reject) => {
- let listener = {
- onInstallEnded: ai => {
- AddonManager.removeInstallListener(listener);
- resolve(ai);
- },
- onDownloadCancelled: ai => {
- AddonManager.removeInstallListener(listener);
- reject(ai);
- }
- };
- AddonManager.addInstallListener(listener);
- });
-}
-
-function promiseSuccessfulInstall() {
- return promiseInstallListener().then(
- aInstall => {
- ok(true, "Should have seen the install complete");
- is(aInstall.addon.id, HOTFIX_ID, "Should have installed the right add-on");
- aInstall.addon.uninstall();
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_LASTVERSION);
- },
- aInstall => {
- ok(false, "Should not have seen the download cancelled");
- is(aInstall.addon.id, HOTFIX_ID, "Should have seen the right add-on");
- });
-}
-
-function promiseFailedInstall() {
- return promiseInstallListener().then(
- aInstall => {
- ok(false, "Should not have seen the install complete");
- is(aInstall.addon.id, HOTFIX_ID, "Should have installed the right add-on");
- aInstall.addon.uninstall();
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_LASTVERSION);
- },
- aInstall => {
- ok(true, "Should have seen the download cancelled");
- is(aInstall.addon.id, HOTFIX_ID, "Should have seen the right add-on");
- });
-}
-
-add_task(function setup() {
- var oldAusUrl = Services.prefs.getDefaultBranch(null).getCharPref(PREF_APP_UPDATE_URL);
- Services.prefs.getDefaultBranch(null).setCharPref(PREF_APP_UPDATE_URL, TESTROOT + "ausdummy.xml");
- Services.prefs.setBoolPref(PREF_APP_UPDATE_ENABLED, true);
- Services.prefs.setBoolPref(PREF_INSTALL_REQUIREBUILTINCERTS, false);
- Services.prefs.setBoolPref(PREF_UPDATE_REQUIREBUILTINCERTS, false);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_ID, HOTFIX_ID);
- var oldURL = Services.prefs.getCharPref(PREF_EM_HOTFIX_URL);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_URL, TESTROOT + "signed_hotfix.rdf");
-
- registerCleanupFunction(function() {
- Services.prefs.setBoolPref(PREF_APP_UPDATE_ENABLED, false);
- Services.prefs.getDefaultBranch(null).setCharPref(PREF_APP_UPDATE_URL, oldAusUrl);
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_ID);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_URL, oldURL);
- Services.prefs.clearUserPref(PREF_INSTALL_REQUIREBUILTINCERTS);
- Services.prefs.clearUserPref(PREF_UPDATE_REQUIREBUILTINCERTS);
-
- Services.prefs.clearUserPref(PREF_EM_CERT_CHECKATTRIBUTES);
- var prefs = Services.prefs.getChildList(PREF_EM_HOTFIX_CERTS);
- prefs.forEach(Services.prefs.clearUserPref);
- });
-});
-
-add_task(async function check_no_cert_checks() {
- Services.prefs.setBoolPref(PREF_EM_CERT_CHECKATTRIBUTES, false);
- await Promise.all([
- promiseSuccessfulInstall(),
- AddonManagerPrivate.backgroundUpdateCheck()
- ]);
-});
-
-add_task(async function check_wrong_cert_fingerprint() {
- Services.prefs.setBoolPref(PREF_EM_CERT_CHECKATTRIBUTES, true);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint", "foo");
-
- await Promise.all([
- promiseFailedInstall(),
- AddonManagerPrivate.backgroundUpdateCheck()
- ]);
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint");
-});
-
-add_task(async function check_right_cert_fingerprint() {
- Services.prefs.setBoolPref(PREF_EM_CERT_CHECKATTRIBUTES, true);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint", "3E:B9:4E:07:12:FE:3C:01:41:46:13:46:FC:84:52:1A:8C:BE:1D:A2");
-
- await Promise.all([
- promiseSuccessfulInstall(),
- AddonManagerPrivate.backgroundUpdateCheck()
- ]);
-
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint");
-});
-
-add_task(async function check_multi_cert_fingerprint_1() {
- Services.prefs.setBoolPref(PREF_EM_CERT_CHECKATTRIBUTES, true);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint", "3E:B9:4E:07:12:FE:3C:01:41:46:13:46:FC:84:52:1A:8C:BE:1D:A2");
- Services.prefs.setCharPref(PREF_EM_HOTFIX_CERTS + "2.sha1Fingerprint", "foo");
-
- await Promise.all([
- promiseSuccessfulInstall(),
- AddonManagerPrivate.backgroundUpdateCheck()
- ]);
-
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint");
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_CERTS + "2.sha1Fingerprint");
-});
-
-add_task(async function check_multi_cert_fingerprint_2() {
- Services.prefs.setBoolPref(PREF_EM_CERT_CHECKATTRIBUTES, true);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint", "foo");
- Services.prefs.setCharPref(PREF_EM_HOTFIX_CERTS + "2.sha1Fingerprint", "3E:B9:4E:07:12:FE:3C:01:41:46:13:46:FC:84:52:1A:8C:BE:1D:A2");
-
- await Promise.all([
- promiseSuccessfulInstall(),
- AddonManagerPrivate.backgroundUpdateCheck()
- ]);
-
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint");
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_CERTS + "2.sha1Fingerprint");
-});
-
-add_task(async function check_no_cert_no_checks() {
- Services.prefs.setBoolPref(PREF_EM_CERT_CHECKATTRIBUTES, false);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_URL, TESTROOT + "unsigned_hotfix.rdf");
-
- await Promise.all([
- promiseSuccessfulInstall(),
- AddonManagerPrivate.backgroundUpdateCheck()
- ]);
-});
-
-add_task(async function check_no_cert_cert_fingerprint_check() {
- Services.prefs.setBoolPref(PREF_EM_CERT_CHECKATTRIBUTES, true);
- Services.prefs.setCharPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint", "3E:B9:4E:07:12:FE:3C:01:41:46:13:46:FC:84:52:1A:8C:BE:1D:A2");
-
- await Promise.all([
- promiseFailedInstall(),
- AddonManagerPrivate.backgroundUpdateCheck()
- ]);
-
- Services.prefs.clearUserPref(PREF_EM_HOTFIX_CERTS + "1.sha1Fingerprint");
-});deleted file mode 100644
--- a/toolkit/mozapps/extensions/test/browser/signed_hotfix.rdf
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-
-<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-
- <Description about="urn:mozilla:extension:hotfix@tests.mozilla.org">
- <em:updates>
- <Seq>
- <li>
- <Description>
- <em:version>1.0</em:version>
- <em:targetApplication>
- <Description>
- <em:id>toolkit@mozilla.org</em:id>
- <em:minVersion>0</em:minVersion>
- <em:maxVersion>*</em:maxVersion>
- <em:updateLink>https://example.com/browser/toolkit/mozapps/extensions/test/browser/signed_hotfix.xpi</em:updateLink>
- </Description>
- </em:targetApplication>
- </Description>
- </li>
- </Seq>
- </em:updates>
- </Description>
-
-</RDF>
deleted file mode 100644
index bd1890573800d2213c44ac63b261f5077993aa6e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
--- a/toolkit/mozapps/extensions/test/browser/unsigned_hotfix.rdf
+++ /dev/null
@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-
-<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
- xmlns:em="http://www.mozilla.org/2004/em-rdf#">
-
- <Description about="urn:mozilla:extension:hotfix@tests.mozilla.org">
- <em:updates>
- <Seq>
- <li>
- <Description>
- <em:version>1.0</em:version>
- <em:targetApplication>
- <Description>
- <em:id>toolkit@mozilla.org</em:id>
- <em:minVersion>0</em:minVersion>
- <em:maxVersion>*</em:maxVersion>
- <em:updateLink>https://example.com/browser/toolkit/mozapps/extensions/test/browser/unsigned_hotfix.xpi</em:updateLink>
- </Description>
- </em:targetApplication>
- </Description>
- </li>
- </Seq>
- </em:updates>
- </Description>
-
-</RDF>
deleted file mode 100644
index f2d475bd2339df39954a6ddc7b1ca9aed49abed6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
--- a/toolkit/mozapps/extensions/test/xpinstall/browser.ini
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser.ini
@@ -75,20 +75,16 @@ skip-if = true # Bug 1084646
[browser_localfile4.js]
[browser_navigateaway.js]
[browser_navigateaway2.js]
[browser_navigateaway3.js]
skip-if = (os == "mac" || os == "win") # Bug 1198261
[browser_navigateaway4.js]
[browser_offline.js]
[browser_relative.js]
-[browser_signed_no_o.js]
-skip-if = require_signing
-[browser_signed_no_cn.js]
-skip-if = require_signing
[browser_signed_tampered.js]
skip-if = require_signing
[browser_signed_trigger.js]
skip-if = require_signing
[browser_signed_untrusted.js]
skip-if = require_signing
[browser_signed_url.js]
skip-if = require_signing
--- a/toolkit/mozapps/extensions/test/xpinstall/browser_amosigned_trigger.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_amosigned_trigger.js
@@ -23,17 +23,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name");
is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
const finish_test = async function(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_amosigned_trigger_iframe.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_amosigned_trigger_iframe.js
@@ -24,17 +24,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name");
is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
const finish_test = async function(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_amosigned_url.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_amosigned_url.js
@@ -13,17 +13,16 @@ function test() {
}
function confirm_install(window) {
let items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have had the filename for the item name");
is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, "", "Should have listed no icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
function finish_test(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_relative.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_relative.js
@@ -22,17 +22,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name");
is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
const finish_test = async function(count) {deleted file mode 100644
--- a/toolkit/mozapps/extensions/test/xpinstall/browser_signed_no_cn.js
+++ /dev/null
@@ -1,42 +0,0 @@
-// ----------------------------------------------------------------------------
-// Tests that the correct signer is presented for combinations of O and CN present.
-// The signed files have (when present) O=Mozilla Testing, CN=Object Signer
-// This verifies bug 372980
-function test() {
- Harness.installConfirmCallback = confirm_install;
- Harness.installEndedCallback = install_ended;
- Harness.installsCompletedCallback = finish_test;
- Harness.setup();
-
- var pm = Services.perms;
- pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
-
- const trigger = encodeURIComponent(JSON.stringify({
- "Signed XPI (O)": TESTROOT + "signed-no-cn.xpi",
- }));
- gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
- gBrowser.loadURI(TESTROOT + "installtrigger.html?" + trigger);
-}
-
-function confirm_install(window) {
- let items = window.document.getElementById("itemList").childNodes;
- is(items.length, 1, "Should be 1 item listed in the confirmation dialog");
- let item = items[0];
- is(item.name, "Signed XPI Test (No Common Name)", "Should have seen the name from the trigger list");
- is(item.cert, "(Mozilla Testing)", "Should have seen the signer");
- is(item.signed, "true", "Should have listed the item as signed");
- return true;
-}
-
-function install_ended(install, addon) {
- install.cancel();
-}
-
-function finish_test(count) {
- is(count, 1, "1 add-on should have been successfully installed");
-
- Services.perms.remove(makeURI("http://example.com"), "install");
-
- gBrowser.removeCurrentTab();
- Harness.finish();
-}deleted file mode 100644
--- a/toolkit/mozapps/extensions/test/xpinstall/browser_signed_no_o.js
+++ /dev/null
@@ -1,42 +0,0 @@
-// ----------------------------------------------------------------------------
-// Tests that the correct signer is presented for combinations of O and CN present.
-// The signed files have (when present) O=Mozilla Testing, CN=Object Signer
-// This verifies bug 372980
-function test() {
- Harness.installConfirmCallback = confirm_install;
- Harness.installEndedCallback = install_ended;
- Harness.installsCompletedCallback = finish_test;
- Harness.setup();
-
- var pm = Services.perms;
- pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
-
- const trigger = encodeURIComponent(JSON.stringify({
- "Signed XPI (CN)": TESTROOT + "signed-no-o.xpi",
- }));
- gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
- gBrowser.loadURI(TESTROOT + "installtrigger.html?" + trigger);
-}
-
-function confirm_install(window) {
- let items = window.document.getElementById("itemList").childNodes;
- is(items.length, 1, "Should be 1 item listed in the confirmation dialog");
- let item = items[0];
- is(item.name, "Signed XPI Test (No Org)", "Should have seen the name from the trigger list");
- is(item.cert, "(Object Signer)", "Should have seen the signer");
- is(item.signed, "true", "Should have listed the item as signed");
- return true;
-}
-
-function install_ended(install, addon) {
- install.cancel();
-}
-
-function finish_test(count) {
- is(count, 1, "1 add-on should have been successfully installed");
-
- Services.perms.remove(makeURI("http://example.com"), "install");
-
- gBrowser.removeCurrentTab();
- Harness.finish();
-}--- a/toolkit/mozapps/extensions/test/xpinstall/browser_signed_tampered.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_signed_tampered.js
@@ -1,33 +1,49 @@
// ----------------------------------------------------------------------------
// Tests installing a signed add-on that has been tampered with after signing.
+// In "no signature required" mode, a tampered add-on is equivalent to an
+// unsigned add-on.
function test() {
Harness.installConfirmCallback = confirm_install;
- Harness.downloadFailedCallback = download_failed;
+ Harness.installEndedCallback = install_ended;
Harness.installsCompletedCallback = finish_test;
+ Harness.finalContentEvent = "InstallComplete";
Harness.setup();
var pm = Services.perms;
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
var triggers = encodeURIComponent(JSON.stringify({
"Tampered Signed XPI": TESTROOT + "signed-tampered.xpi"
}));
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
}
function confirm_install(window) {
- ok(false, "Should not offer to install");
+ var items = window.document.getElementById("itemList").childNodes;
+ is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+ is(items[0].name, "Signed XPI Test - Tampered", "Should have seen the name");
+ is(items[0].url, TESTROOT + "signed-tampered.xpi", "Should have listed the correct url for the item");
+ return true;
}
-function download_failed(install) {
- is(install.error, AddonManager.ERROR_CORRUPT_FILE, "Install should fail");
+function install_ended(install, addon) {
+ install.cancel();
}
-function finish_test(count) {
- is(count, 0, "No add-ons should have been installed");
+const finish_test = async function(count) {
+ is(count, 1, "1 Add-on should have been successfully installed");
Services.perms.remove(makeURI("http://example.com"), "install");
+ const results = await ContentTask.spawn(gBrowser.selectedBrowser, null, () => {
+ return {
+ return: content.document.getElementById("return").textContent,
+ status: content.document.getElementById("status").textContent,
+ }
+ })
+
+ is(results.return, "true", "installTrigger should have claimed success");
+ is(results.status, "0", "Callback should have seen a success");
gBrowser.removeCurrentTab();
Harness.finish();
-}
+};--- a/toolkit/mozapps/extensions/test/xpinstall/browser_signed_trigger.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_signed_trigger.js
@@ -6,29 +6,27 @@ function test() {
Harness.installEndedCallback = install_ended;
Harness.installsCompletedCallback = finish_test;
Harness.setup();
var pm = Services.perms;
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
var triggers = encodeURIComponent(JSON.stringify({
- "Signed XPI": TESTROOT + "signed.xpi"
+ "Signed XPI": TESTROOT + "amosigned.xpi"
}));
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
- is(items[0].name, "Signed XPI Test", "Should have seen the name from the trigger list");
- is(items[0].url, TESTROOT + "signed.xpi", "Should have listed the correct url for the item");
- is(items[0].cert, "(Object Signer)", "Should have seen the signer");
- is(items[0].signed, "true", "Should have listed the item as signed");
+ is(items[0].name, "XPI Test", "Should have seen the name from the trigger list");
+ is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
function finish_test(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_signed_untrusted.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_signed_untrusted.js
@@ -18,17 +18,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "Signed XPI Test", "Should have had the filename for the item name");
is(items[0].url, TESTROOT + "signed-untrusted.xpi", "Should have listed the correct url for the item");
is(items[0].icon, "", "Should have listed no icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
function finish_test(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_signed_url.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_signed_url.js
@@ -3,27 +3,25 @@
function test() {
Harness.installConfirmCallback = confirm_install;
Harness.installEndedCallback = install_ended;
Harness.installsCompletedCallback = finish_test;
Harness.setup();
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, "about:blank");
BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser).then(() => {
- gBrowser.loadURI(TESTROOT + "signed.xpi");
+ gBrowser.loadURI(TESTROOT + "amosigned.xpi");
});
}
function confirm_install(window) {
let items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
- is(items[0].name, "Signed XPI Test", "Should have had the name");
- is(items[0].url, TESTROOT + "signed.xpi", "Should have listed the correct url for the item");
- is(items[0].cert, "(Object Signer)", "Should have seen the signer");
- is(items[0].signed, "true", "Should have listed the item as signed");
+ is(items[0].name, "XPI Test", "Should have had the name");
+ is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
function finish_test(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_switchtab.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_switchtab.js
@@ -24,17 +24,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name");
is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
is(gBrowser.selectedTab, expectedTab, "Should have switched to the installing tab.");
return true;
}
function install_ended(install, addon) {
install.cancel();
}--- a/toolkit/mozapps/extensions/test/xpinstall/browser_trigger_redirect.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_trigger_redirect.js
@@ -15,17 +15,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name");
is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
function finish_test(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger.js
@@ -23,17 +23,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name");
is(items[0].url, TESTROOT + "unsigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
const finish_test = async function(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_iframe.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_trigger_iframe.js
@@ -24,17 +24,16 @@ function test() {
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name");
is(items[0].url, TESTROOT + "unsigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
const finish_test = async function(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_url.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_unsigned_url.js
@@ -13,17 +13,16 @@ function test() {
}
function confirm_install(window) {
let items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have had the filename for the item name");
is(items[0].url, TESTROOT + "unsigned.xpi", "Should have listed the correct url for the item");
is(items[0].icon, "", "Should have listed no icon for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
function finish_test(count) {--- a/toolkit/mozapps/extensions/test/xpinstall/browser_whitelist.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_whitelist.js
@@ -22,17 +22,16 @@ function allow_blocked(installInfo) {
return true;
}
function confirm_install(window) {
var items = window.document.getElementById("itemList").childNodes;
is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
is(items[0].name, "XPI Test", "Should have seen the name from the trigger list");
is(items[0].url, TESTROOT + "amosigned.xpi", "Should have listed the correct url for the item");
- is(items[0].signed, "false", "Should have listed the item as unsigned");
return true;
}
function install_ended(install, addon) {
install.cancel();
}
const finish_test = async function(count) {--- a/toolkit/themes/osx/mozapps/extensions/xpinstallConfirm.css
+++ b/toolkit/themes/osx/mozapps/extensions/xpinstallConfirm.css
@@ -47,21 +47,16 @@ installitem {
height: 32px;
margin-inline-end: 5px;
}
.xpinstallItemName {
font-weight: bold;
}
-.xpinstallItemSigned {
- font-style: italic;
- font-size: 0.9em;
-}
-
.xpinstallItemURL {
-moz-appearance: none;
border: none;
background-color: Window;
margin-top: 2px;
margin-bottom: 1px;
margin-inline-start: 6px;
margin-inline-end: 5px;--- a/toolkit/themes/windows/mozapps/extensions/xpinstallConfirm.css
+++ b/toolkit/themes/windows/mozapps/extensions/xpinstallConfirm.css
@@ -56,21 +56,16 @@ installitem {
height: 32px;
margin-inline-end: 5px;
}
.xpinstallItemName {
font-weight: bold;
}
-.xpinstallItemSigned {
- font-style: italic;
- font-size: 0.9em;
-}
-
.xpinstallItemURL {
-moz-appearance: none;
border: none;
padding: 0;
background-color: -moz-Field;
color: -moz-FieldText;
margin-top: 1px;
margin-bottom: 1px;