Bug 1950780 - convert HSTS preload list prefs to static prefs r=nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D240368
This commit is contained in:
Dana Keeler
@@ -14062,6 +14062,12 @@
|
||||
value: 1048576
|
||||
mirror: always
|
||||
|
||||
# If true, use the HSTS preload list.
|
||||
- name: network.stricttransportsecurity.preloadlist
|
||||
type: RelaxedAtomicBool
|
||||
value: true
|
||||
mirror: always
|
||||
|
||||
# DNS Trusted Recursive Resolver
|
||||
# 0 - default off, 1 - reserved/off, 2 - TRR first, 3 - TRR only,
|
||||
# 4 - reserved/off, 5 off by choice
|
||||
@@ -17018,6 +17024,13 @@
|
||||
# Prefs starting with "test."
|
||||
#---------------------------------------------------------------------------
|
||||
|
||||
# A mechanism to make the current time seem later than it is for specific
|
||||
# operations. Currently used to test expiration of the HSTS preload list.
|
||||
- name: test.currentTimeOffsetSeconds
|
||||
type: RelaxedAtomicUint32
|
||||
value: 0
|
||||
mirror: always
|
||||
|
||||
- name: test.events.async.enabled
|
||||
type: RelaxedAtomicBool
|
||||
value: false
|
||||
|
||||
@@ -1474,9 +1474,6 @@ pref("network.proxy.autoconfig_retry_interval_min", 5); // 5 seconds
|
||||
pref("network.proxy.autoconfig_retry_interval_max", 300); // 5 minutes
|
||||
pref("network.proxy.enable_wpad_over_dhcp", true);
|
||||
|
||||
// Use the HSTS preload list by default
|
||||
pref("network.stricttransportsecurity.preloadlist", true);
|
||||
|
||||
pref("converter.html2txt.structs", true); // Output structured phrases (strong, em, code, sub, sup, b, i, u)
|
||||
pref("converter.html2txt.header_strategy", 1); // 0 = no indention; 1 = indention, increased with header level; 2 = numbering and slight indention
|
||||
|
||||
|
||||
@@ -9,7 +9,8 @@
|
||||
#include "mozilla/Base64.h"
|
||||
#include "mozilla/LinkedList.h"
|
||||
#include "mozilla/Logging.h"
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "mozilla/StaticPrefs_network.h"
|
||||
#include "mozilla/StaticPrefs_test.h"
|
||||
#include "mozilla/Tokenizer.h"
|
||||
#include "mozilla/dom/PContent.h"
|
||||
#include "mozilla/dom/ToJSValue.h"
|
||||
@@ -22,7 +23,6 @@
|
||||
#include "nsPromiseFlatString.h"
|
||||
#include "nsReadableUtils.h"
|
||||
#include "nsSecurityHeaderParser.h"
|
||||
#include "nsThreadUtils.h"
|
||||
#include "nsVariant.h"
|
||||
#include "nsXULAppAPI.h"
|
||||
#include "prnetdb.h"
|
||||
@@ -167,28 +167,13 @@ void SiteHSTSState::ToString(nsCString& aString) {
|
||||
aString.AppendInt(static_cast<uint32_t>(mHSTSIncludeSubdomains));
|
||||
}
|
||||
|
||||
nsSiteSecurityService::nsSiteSecurityService()
|
||||
: mUsePreloadList(true), mPreloadListTimeOffset(0), mDafsa(kDafsa) {}
|
||||
nsSiteSecurityService::nsSiteSecurityService() : mDafsa(kDafsa) {}
|
||||
|
||||
nsSiteSecurityService::~nsSiteSecurityService() = default;
|
||||
|
||||
NS_IMPL_ISUPPORTS(nsSiteSecurityService, nsIObserver, nsISiteSecurityService)
|
||||
NS_IMPL_ISUPPORTS(nsSiteSecurityService, nsISiteSecurityService)
|
||||
|
||||
nsresult nsSiteSecurityService::Init() {
|
||||
// Don't access Preferences off the main thread.
|
||||
if (!NS_IsMainThread()) {
|
||||
MOZ_ASSERT_UNREACHABLE("nsSiteSecurityService initialized off main thread");
|
||||
return NS_ERROR_NOT_SAME_THREAD;
|
||||
}
|
||||
|
||||
mUsePreloadList = mozilla::Preferences::GetBool(
|
||||
"network.stricttransportsecurity.preloadlist", true);
|
||||
mozilla::Preferences::AddStrongObserver(
|
||||
this, "network.stricttransportsecurity.preloadlist");
|
||||
mPreloadListTimeOffset =
|
||||
mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
|
||||
mozilla::Preferences::AddStrongObserver(this,
|
||||
"test.currentTimeOffsetSeconds");
|
||||
nsCOMPtr<nsIDataStorageManager> dataStorageManager(
|
||||
do_GetService("@mozilla.org/security/datastoragemanager;1"));
|
||||
if (!dataStorageManager) {
|
||||
@@ -764,8 +749,11 @@ bool nsSiteSecurityService::GetPreloadStatus(const nsACString& aHost,
|
||||
const int kIncludeSubdomains = 1;
|
||||
bool found = false;
|
||||
|
||||
PRTime currentTime = PR_Now() + (mPreloadListTimeOffset * PR_USEC_PER_SEC);
|
||||
if (mUsePreloadList && currentTime < gPreloadListExpirationTime) {
|
||||
PRTime currentTime =
|
||||
PR_Now() +
|
||||
(StaticPrefs::test_currentTimeOffsetSeconds() * (PRTime)PR_USEC_PER_SEC);
|
||||
if (StaticPrefs::network_stricttransportsecurity_preloadlist() &&
|
||||
currentTime < gPreloadListExpirationTime) {
|
||||
int result = mDafsa.Lookup(aHost);
|
||||
found = (result != mozilla::Dafsa::kKeyNotFound);
|
||||
if (found && aIncludeSubdomains) {
|
||||
@@ -991,26 +979,3 @@ nsresult nsSiteSecurityService::IsSecureHost(
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSiteSecurityService::ClearAll() { return mSiteStateStorage->Clear(); }
|
||||
|
||||
//------------------------------------------------------------
|
||||
// nsSiteSecurityService::nsIObserver
|
||||
//------------------------------------------------------------
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsSiteSecurityService::Observe(nsISupports* /*subject*/, const char* topic,
|
||||
const char16_t* /*data*/) {
|
||||
// Don't access Preferences off the main thread.
|
||||
if (!NS_IsMainThread()) {
|
||||
MOZ_ASSERT_UNREACHABLE("Preferences accessed off main thread");
|
||||
return NS_ERROR_NOT_SAME_THREAD;
|
||||
}
|
||||
|
||||
if (strcmp(topic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
|
||||
mUsePreloadList = mozilla::Preferences::GetBool(
|
||||
"network.stricttransportsecurity.preloadlist", true);
|
||||
mPreloadListTimeOffset =
|
||||
mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
@@ -10,7 +10,6 @@
|
||||
#include "mozilla/RefPtr.h"
|
||||
#include "nsCOMPtr.h"
|
||||
#include "nsIDataStorage.h"
|
||||
#include "nsIObserver.h"
|
||||
#include "nsISiteSecurityService.h"
|
||||
#include "nsString.h"
|
||||
#include "nsTArray.h"
|
||||
@@ -23,11 +22,7 @@ using mozilla::OriginAttributes;
|
||||
|
||||
// {16955eee-6c48-4152-9309-c42a465138a1}
|
||||
#define NS_SITE_SECURITY_SERVICE_CID \
|
||||
{ \
|
||||
0x16955eee, 0x6c48, 0x4152, { \
|
||||
0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1 \
|
||||
} \
|
||||
}
|
||||
{0x16955eee, 0x6c48, 0x4152, {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1}}
|
||||
|
||||
/**
|
||||
* SecurityPropertyState: A utility enum for representing the different states
|
||||
@@ -90,11 +85,9 @@ class SiteHSTSState {
|
||||
|
||||
struct nsSTSPreload;
|
||||
|
||||
class nsSiteSecurityService : public nsISiteSecurityService,
|
||||
public nsIObserver {
|
||||
class nsSiteSecurityService : public nsISiteSecurityService {
|
||||
public:
|
||||
NS_DECL_THREADSAFE_ISUPPORTS
|
||||
NS_DECL_NSIOBSERVER
|
||||
NS_DECL_NSISITESECURITYSERVICE
|
||||
|
||||
nsSiteSecurityService();
|
||||
@@ -149,8 +142,6 @@ class nsSiteSecurityService : public nsISiteSecurityService,
|
||||
const OriginAttributes& aOriginAttributes,
|
||||
nsIDataStorage::DataType aDataStorageType);
|
||||
|
||||
bool mUsePreloadList;
|
||||
int64_t mPreloadListTimeOffset;
|
||||
nsCOMPtr<nsIDataStorage> mSiteStateStorage;
|
||||
const mozilla::Dafsa mDafsa;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user