Backed out changeset 121e4d470c11 (bug 1391703) for breaking periodic…

… HSTS/HPKP updates.
mozilla · Aug 25, 2017 · 89e125b · 89e125b
1 parent 31302b9
commit 89e125b
Show file tree

Hide file tree

Showing 11 changed files with 117 additions and 227 deletions.
diff --git a/security/manager/moz.build b/security/manager/moz.build
@@ -7,11 +7,7 @@
 with Files("**"):
     BUG_COMPONENT = ("Core", "Security: PSM")
 
-DIRS += [
-    'locales',
-    'ssl',
-    'tools',
-]
+DIRS += ['ssl', 'locales']
 
 if CONFIG['MOZ_XUL'] and CONFIG['MOZ_BUILD_APP'] != 'mobile/android':
     DIRS += ['pki']
diff --git a/security/manager/tools/.eslintrc.js b/security/manager/tools/.eslintrc.js
@@ -3,8 +3,7 @@
 module.exports = {
   "globals": {
     // JS files in this folder are commonly xpcshell scripts where |arguments|
-    // and |__LOCATION__| are defined in the global scope.
-    "__LOCATION__": false,
+    // is defined in the global scope.
     "arguments": false
   }
 };
diff --git a/security/manager/tools/PSMToolUtils.jsm b/security/manager/tools/PSMToolUtils.jsm
diff --git a/security/manager/tools/dumpGoogleRoots.js b/security/manager/tools/dumpGoogleRoots.js
@@ -13,13 +13,25 @@
 // 4. [paste the output into the appropriate section in
 //     security/manager/tools/PreloadedHPKPins.json]
 
-const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
-
-const { PSMToolUtils } =
-  Cu.import(`file:///${__LOCATION__.parent.path}/PSMToolUtils.jsm`, {});
+var Cc = Components.classes;
+var Ci = Components.interfaces;
 
 function downloadRoots() {
-  let pem = PSMToolUtils.downloadFile("https://pki.google.com/roots.pem", false);
+  let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
+              .createInstance(Ci.nsIXMLHttpRequest);
+  req.open("GET", "https://pki.google.com/roots.pem", false);
+  try {
+    req.send();
+  } catch (e) {
+    throw new Error("ERROR: problem downloading Google Root PEMs: " + e);
+  }
+
+  if (req.status != 200) {
+    throw new Error("ERROR: problem downloading Google Root PEMs. Status: " +
+                    req.status);
+  }
+
+  let pem = req.responseText;
   let roots = [];
   let currentPEM = "";
   let readingRoot = false;

diff --git a/security/manager/tools/genHPKPStaticPins.js b/security/manager/tools/genHPKPStaticPins.js
@@ -21,11 +21,9 @@ if (arguments.length != 3) {
 
 const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
 
-const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
-const { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
-const { PSMToolUtils } =
-  Cu.import(`file:///${__LOCATION__.parent.path}/PSMToolUtils.jsm`, {});
-const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+var { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
+var { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
+var { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
 
 var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
                 .getService(Ci.nsIX509CertDB);
@@ -89,9 +87,47 @@ function readFileToString(filename) {
   return buf;
 }
 
+function stripComments(buf) {
+  let lines = buf.split("\n");
+  let entryRegex = /^\s*\/\//;
+  let data = "";
+  for (let i = 0; i < lines.length; ++i) {
+    let match = entryRegex.exec(lines[i]);
+    if (!match) {
+      data = data + lines[i];
+    }
+  }
+  return data;
+}
+
+function download(filename) {
+  let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
+              .createInstance(Ci.nsIXMLHttpRequest);
+  req.open("GET", filename, false); // doing the request synchronously
+  try {
+    req.send();
+  } catch (e) {
+    throw new Error(`ERROR: problem downloading '${filename}': ${e}`);
+  }
+
+  if (req.status != 200) {
+    throw new Error("ERROR: problem downloading '" + filename + "': status " +
+                    req.status);
+  }
+
+  let resultDecoded;
+  try {
+    resultDecoded = atob(req.responseText);
+  } catch (e) {
+    throw new Error("ERROR: could not decode data as base64 from '" + filename +
+                    "': " + e);
+  }
+  return resultDecoded;
+}
+
 function downloadAsJson(filename) {
-  let jsonWithComments = PSMToolUtils.downloadFile(filename, true);
-  let result = PSMToolUtils.stripComments(jsonWithComments);
+  // we have to filter out '//' comments, while not mangling the json
+  let result = download(filename).replace(/^(\s*)?\/\/[^\n]*\n/mg, "");
   let data = null;
   try {
     data = JSON.parse(result);
@@ -173,7 +209,7 @@ function downloadAndParseChromeCerts(filename, certNameToSKD, certSKDToName) {
   const IN_PUB_KEY = 3;
   let state = PRE_NAME;
 
-  let lines = PSMToolUtils.downloadFile(filename, true).split("\n");
+  let lines = download(filename).split("\n");
   let pemCert = "";
   let pemPubKey = "";
   let hash = "";
@@ -372,7 +408,7 @@ function loadNSSCertinfo(extraCertificates) {
 }
 
 function parseJson(filename) {
-  let json = PSMToolUtils.stripComments(readFileToString(filename));
+  let json = stripComments(readFileToString(filename));
   return JSON.parse(json);
 }
 

diff --git a/security/manager/tools/genRootCAHashes.js b/security/manager/tools/genRootCAHashes.js
@@ -9,17 +9,18 @@
 // 3. run `[path to]/run-mozilla.sh [path to]/xpcshell genRootCAHashes.js \
 //                                  [absolute path to]/RootHashes.inc'
 
-const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+var Cc = Components.classes;
+var Ci = Components.interfaces;
+var Cu = Components.utils;
+var Cr = Components.results;
 
 const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
 const CertDb = Components.classes[nsX509CertDB].getService(Ci.nsIX509CertDB);
 
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/FileUtils.jsm");
+Cu.import("resource://gre/modules/NetUtil.jsm");
 const { CommonUtils } = Cu.import("resource://services-common/utils.js", {});
-const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
-const { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
-const { PSMToolUtils } =
-  Cu.import(`file:///${__LOCATION__.parent.path}/PSMToolUtils.jsm`, {});
-const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
 
 const FILENAME_OUTPUT = "RootHashes.inc";
 const FILENAME_TRUST_ANCHORS = "KnownRootHashes.json";
@@ -78,14 +79,28 @@ function hexSlice(bytes, start, end) {
   return ret;
 }
 
+function stripComments(buf) {
+  let lines = buf.split("\n");
+  let entryRegex = /^\s*\/\//;
+  let data = "";
+  for (let i = 0; i < lines.length; i++) {
+    let match = entryRegex.exec(lines[i]);
+    if (!match) {
+      data = data + lines[i];
+    }
+  }
+  return data;
+}
+
+
 // Load the trust anchors JSON object from disk
 function loadTrustAnchors(file) {
   if (file.exists()) {
     let stream = Cc["@mozilla.org/network/file-input-stream;1"]
                    .createInstance(Ci.nsIFileInputStream);
     stream.init(file, -1, 0, 0);
     let buf = NetUtil.readInputStreamToString(stream, stream.available());
-    return JSON.parse(PSMToolUtils.stripComments(buf));
+    return JSON.parse(stripComments(buf));
   }
   // If there's no input file, bootstrap.
   return { roots: [], maxBin: 0 };

diff --git a/security/manager/tools/getHSTSPreloadList.js b/security/manager/tools/getHSTSPreloadList.js
@@ -12,13 +12,14 @@
 // Note: Running this file outputs a new nsSTSPreloadlist.inc in the current
 //       working directory.
 
-const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+var Cc = Components.classes;
+var Ci = Components.interfaces;
+var Cu = Components.utils;
+var Cr = Components.results;
 
-const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
-const { PSMToolUtils } =
-  Cu.import(`file:///${__LOCATION__.parent.path}/PSMToolUtils.jsm`, {});
-const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
-const { XPCOMUtils } = Cu.import("resource://gre/modules/XPCOMUtils.jsm", {});
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/FileUtils.jsm");
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 
 const SOURCE = "https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json?format=TEXT";
 const OUTPUT = "nsSTSPreloadList.inc";
@@ -44,8 +45,30 @@ const HEADER = "/* This Source Code Form is subject to the terms of the Mozilla
 const GPERF_DELIM = "%%\n";
 
 function download() {
-  let resultDecoded = PSMToolUtils.downloadFile(SOURCE, true);
-  let result = PSMToolUtils.stripComments(resultDecoded);
+  var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
+            .createInstance(Ci.nsIXMLHttpRequest);
+  req.open("GET", SOURCE, false); // doing the request synchronously
+  try {
+    req.send();
+  } catch (e) {
+    throw new Error(`ERROR: problem downloading '${SOURCE}': ${e}`);
+  }
+
+  if (req.status != 200) {
+    throw new Error("ERROR: problem downloading '" + SOURCE + "': status " +
+                    req.status);
+  }
+
+  var resultDecoded;
+  try {
+    resultDecoded = atob(req.responseText);
+  } catch (e) {
+    throw new Error("ERROR: could not decode data as base64 from '" + SOURCE +
+                    "': " + e);
+  }
+
+  // we have to filter out '//' comments, while not mangling the json
+  var result = resultDecoded.replace(/^(\s*)?\/\/[^\n]*\n/mg, "");
   var data = null;
   try {
     data = JSON.parse(result);

diff --git a/security/manager/tools/moz.build b/security/manager/tools/moz.build
diff --git a/security/manager/tools/tests/.eslintrc.js b/security/manager/tools/tests/.eslintrc.js