Bug 1950780 - convert HSTS preload list prefs to static prefs r=nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D240368
This commit is contained in:
Dana Keeler
@@ -14062,6 +14062,12 @@
|
|||||||
value: 1048576
|
value: 1048576
|
||||||
mirror: always
|
mirror: always
|
||||||
|
|
||||||
|
# If true, use the HSTS preload list.
|
||||||
|
- name: network.stricttransportsecurity.preloadlist
|
||||||
|
type: RelaxedAtomicBool
|
||||||
|
value: true
|
||||||
|
mirror: always
|
||||||
|
|
||||||
# DNS Trusted Recursive Resolver
|
# DNS Trusted Recursive Resolver
|
||||||
# 0 - default off, 1 - reserved/off, 2 - TRR first, 3 - TRR only,
|
# 0 - default off, 1 - reserved/off, 2 - TRR first, 3 - TRR only,
|
||||||
# 4 - reserved/off, 5 off by choice
|
# 4 - reserved/off, 5 off by choice
|
||||||
@@ -17018,6 +17024,13 @@
|
|||||||
# Prefs starting with "test."
|
# Prefs starting with "test."
|
||||||
#---------------------------------------------------------------------------
|
#---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# A mechanism to make the current time seem later than it is for specific
|
||||||
|
# operations. Currently used to test expiration of the HSTS preload list.
|
||||||
|
- name: test.currentTimeOffsetSeconds
|
||||||
|
type: RelaxedAtomicUint32
|
||||||
|
value: 0
|
||||||
|
mirror: always
|
||||||
|
|
||||||
- name: test.events.async.enabled
|
- name: test.events.async.enabled
|
||||||
type: RelaxedAtomicBool
|
type: RelaxedAtomicBool
|
||||||
value: false
|
value: false
|
||||||
|
|||||||
@@ -1474,9 +1474,6 @@ pref("network.proxy.autoconfig_retry_interval_min", 5); // 5 seconds
|
|||||||
pref("network.proxy.autoconfig_retry_interval_max", 300); // 5 minutes
|
pref("network.proxy.autoconfig_retry_interval_max", 300); // 5 minutes
|
||||||
pref("network.proxy.enable_wpad_over_dhcp", true);
|
pref("network.proxy.enable_wpad_over_dhcp", true);
|
||||||
|
|
||||||
// Use the HSTS preload list by default
|
|
||||||
pref("network.stricttransportsecurity.preloadlist", true);
|
|
||||||
|
|
||||||
pref("converter.html2txt.structs", true); // Output structured phrases (strong, em, code, sub, sup, b, i, u)
|
pref("converter.html2txt.structs", true); // Output structured phrases (strong, em, code, sub, sup, b, i, u)
|
||||||
pref("converter.html2txt.header_strategy", 1); // 0 = no indention; 1 = indention, increased with header level; 2 = numbering and slight indention
|
pref("converter.html2txt.header_strategy", 1); // 0 = no indention; 1 = indention, increased with header level; 2 = numbering and slight indention
|
||||||
|
|
||||||
|
|||||||
@@ -9,7 +9,8 @@
|
|||||||
#include "mozilla/Base64.h"
|
#include "mozilla/Base64.h"
|
||||||
#include "mozilla/LinkedList.h"
|
#include "mozilla/LinkedList.h"
|
||||||
#include "mozilla/Logging.h"
|
#include "mozilla/Logging.h"
|
||||||
#include "mozilla/Preferences.h"
|
#include "mozilla/StaticPrefs_network.h"
|
||||||
|
#include "mozilla/StaticPrefs_test.h"
|
||||||
#include "mozilla/Tokenizer.h"
|
#include "mozilla/Tokenizer.h"
|
||||||
#include "mozilla/dom/PContent.h"
|
#include "mozilla/dom/PContent.h"
|
||||||
#include "mozilla/dom/ToJSValue.h"
|
#include "mozilla/dom/ToJSValue.h"
|
||||||
@@ -22,7 +23,6 @@
|
|||||||
#include "nsPromiseFlatString.h"
|
#include "nsPromiseFlatString.h"
|
||||||
#include "nsReadableUtils.h"
|
#include "nsReadableUtils.h"
|
||||||
#include "nsSecurityHeaderParser.h"
|
#include "nsSecurityHeaderParser.h"
|
||||||
#include "nsThreadUtils.h"
|
|
||||||
#include "nsVariant.h"
|
#include "nsVariant.h"
|
||||||
#include "nsXULAppAPI.h"
|
#include "nsXULAppAPI.h"
|
||||||
#include "prnetdb.h"
|
#include "prnetdb.h"
|
||||||
@@ -167,28 +167,13 @@ void SiteHSTSState::ToString(nsCString& aString) {
|
|||||||
aString.AppendInt(static_cast<uint32_t>(mHSTSIncludeSubdomains));
|
aString.AppendInt(static_cast<uint32_t>(mHSTSIncludeSubdomains));
|
||||||
}
|
}
|
||||||
|
|
||||||
nsSiteSecurityService::nsSiteSecurityService()
|
nsSiteSecurityService::nsSiteSecurityService() : mDafsa(kDafsa) {}
|
||||||
: mUsePreloadList(true), mPreloadListTimeOffset(0), mDafsa(kDafsa) {}
|
|
||||||
|
|
||||||
nsSiteSecurityService::~nsSiteSecurityService() = default;
|
nsSiteSecurityService::~nsSiteSecurityService() = default;
|
||||||
|
|
||||||
NS_IMPL_ISUPPORTS(nsSiteSecurityService, nsIObserver, nsISiteSecurityService)
|
NS_IMPL_ISUPPORTS(nsSiteSecurityService, nsISiteSecurityService)
|
||||||
|
|
||||||
nsresult nsSiteSecurityService::Init() {
|
nsresult nsSiteSecurityService::Init() {
|
||||||
// Don't access Preferences off the main thread.
|
|
||||||
if (!NS_IsMainThread()) {
|
|
||||||
MOZ_ASSERT_UNREACHABLE("nsSiteSecurityService initialized off main thread");
|
|
||||||
return NS_ERROR_NOT_SAME_THREAD;
|
|
||||||
}
|
|
||||||
|
|
||||||
mUsePreloadList = mozilla::Preferences::GetBool(
|
|
||||||
"network.stricttransportsecurity.preloadlist", true);
|
|
||||||
mozilla::Preferences::AddStrongObserver(
|
|
||||||
this, "network.stricttransportsecurity.preloadlist");
|
|
||||||
mPreloadListTimeOffset =
|
|
||||||
mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
|
|
||||||
mozilla::Preferences::AddStrongObserver(this,
|
|
||||||
"test.currentTimeOffsetSeconds");
|
|
||||||
nsCOMPtr<nsIDataStorageManager> dataStorageManager(
|
nsCOMPtr<nsIDataStorageManager> dataStorageManager(
|
||||||
do_GetService("@mozilla.org/security/datastoragemanager;1"));
|
do_GetService("@mozilla.org/security/datastoragemanager;1"));
|
||||||
if (!dataStorageManager) {
|
if (!dataStorageManager) {
|
||||||
@@ -764,8 +749,11 @@ bool nsSiteSecurityService::GetPreloadStatus(const nsACString& aHost,
|
|||||||
const int kIncludeSubdomains = 1;
|
const int kIncludeSubdomains = 1;
|
||||||
bool found = false;
|
bool found = false;
|
||||||
|
|
||||||
PRTime currentTime = PR_Now() + (mPreloadListTimeOffset * PR_USEC_PER_SEC);
|
PRTime currentTime =
|
||||||
if (mUsePreloadList && currentTime < gPreloadListExpirationTime) {
|
PR_Now() +
|
||||||
|
(StaticPrefs::test_currentTimeOffsetSeconds() * (PRTime)PR_USEC_PER_SEC);
|
||||||
|
if (StaticPrefs::network_stricttransportsecurity_preloadlist() &&
|
||||||
|
currentTime < gPreloadListExpirationTime) {
|
||||||
int result = mDafsa.Lookup(aHost);
|
int result = mDafsa.Lookup(aHost);
|
||||||
found = (result != mozilla::Dafsa::kKeyNotFound);
|
found = (result != mozilla::Dafsa::kKeyNotFound);
|
||||||
if (found && aIncludeSubdomains) {
|
if (found && aIncludeSubdomains) {
|
||||||
@@ -991,26 +979,3 @@ nsresult nsSiteSecurityService::IsSecureHost(
|
|||||||
|
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
nsSiteSecurityService::ClearAll() { return mSiteStateStorage->Clear(); }
|
nsSiteSecurityService::ClearAll() { return mSiteStateStorage->Clear(); }
|
||||||
|
|
||||||
//------------------------------------------------------------
|
|
||||||
// nsSiteSecurityService::nsIObserver
|
|
||||||
//------------------------------------------------------------
|
|
||||||
|
|
||||||
NS_IMETHODIMP
|
|
||||||
nsSiteSecurityService::Observe(nsISupports* /*subject*/, const char* topic,
|
|
||||||
const char16_t* /*data*/) {
|
|
||||||
// Don't access Preferences off the main thread.
|
|
||||||
if (!NS_IsMainThread()) {
|
|
||||||
MOZ_ASSERT_UNREACHABLE("Preferences accessed off main thread");
|
|
||||||
return NS_ERROR_NOT_SAME_THREAD;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (strcmp(topic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
|
|
||||||
mUsePreloadList = mozilla::Preferences::GetBool(
|
|
||||||
"network.stricttransportsecurity.preloadlist", true);
|
|
||||||
mPreloadListTimeOffset =
|
|
||||||
mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
return NS_OK;
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -10,7 +10,6 @@
|
|||||||
#include "mozilla/RefPtr.h"
|
#include "mozilla/RefPtr.h"
|
||||||
#include "nsCOMPtr.h"
|
#include "nsCOMPtr.h"
|
||||||
#include "nsIDataStorage.h"
|
#include "nsIDataStorage.h"
|
||||||
#include "nsIObserver.h"
|
|
||||||
#include "nsISiteSecurityService.h"
|
#include "nsISiteSecurityService.h"
|
||||||
#include "nsString.h"
|
#include "nsString.h"
|
||||||
#include "nsTArray.h"
|
#include "nsTArray.h"
|
||||||
@@ -22,12 +21,8 @@ class nsIURI;
|
|||||||
using mozilla::OriginAttributes;
|
using mozilla::OriginAttributes;
|
||||||
|
|
||||||
// {16955eee-6c48-4152-9309-c42a465138a1}
|
// {16955eee-6c48-4152-9309-c42a465138a1}
|
||||||
#define NS_SITE_SECURITY_SERVICE_CID \
|
#define NS_SITE_SECURITY_SERVICE_CID \
|
||||||
{ \
|
{0x16955eee, 0x6c48, 0x4152, {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1}}
|
||||||
0x16955eee, 0x6c48, 0x4152, { \
|
|
||||||
0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1 \
|
|
||||||
} \
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* SecurityPropertyState: A utility enum for representing the different states
|
* SecurityPropertyState: A utility enum for representing the different states
|
||||||
@@ -90,11 +85,9 @@ class SiteHSTSState {
|
|||||||
|
|
||||||
struct nsSTSPreload;
|
struct nsSTSPreload;
|
||||||
|
|
||||||
class nsSiteSecurityService : public nsISiteSecurityService,
|
class nsSiteSecurityService : public nsISiteSecurityService {
|
||||||
public nsIObserver {
|
|
||||||
public:
|
public:
|
||||||
NS_DECL_THREADSAFE_ISUPPORTS
|
NS_DECL_THREADSAFE_ISUPPORTS
|
||||||
NS_DECL_NSIOBSERVER
|
|
||||||
NS_DECL_NSISITESECURITYSERVICE
|
NS_DECL_NSISITESECURITYSERVICE
|
||||||
|
|
||||||
nsSiteSecurityService();
|
nsSiteSecurityService();
|
||||||
@@ -149,8 +142,6 @@ class nsSiteSecurityService : public nsISiteSecurityService,
|
|||||||
const OriginAttributes& aOriginAttributes,
|
const OriginAttributes& aOriginAttributes,
|
||||||
nsIDataStorage::DataType aDataStorageType);
|
nsIDataStorage::DataType aDataStorageType);
|
||||||
|
|
||||||
bool mUsePreloadList;
|
|
||||||
int64_t mPreloadListTimeOffset;
|
|
||||||
nsCOMPtr<nsIDataStorage> mSiteStateStorage;
|
nsCOMPtr<nsIDataStorage> mSiteStateStorage;
|
||||||
const mozilla::Dafsa mDafsa;
|
const mozilla::Dafsa mDafsa;
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user