Bug 1541450 - Add a Certs cleaner and defines that object in FLAGS_MAP. r=johannh
☠☠ backed out by f0566d1a9ab1 ☠ ☠
authorCarolina Jimenez Gomez <carolina.jimenez.g@gmail.com>
Sun, 05 May 2019 20:12:24 +0000
changeset 472629 6abefa3e063b1ac132fa2e912055d0f184621eef
parent 472628 99ad8ab7c1fd93938f5d94f65a1c8e227d80e5b5
child 472630 eda05cfa7212428b8dbd1c09f592bcea5e84f7ac
push id35969
push userccoroiu@mozilla.com
push dateMon, 06 May 2019 04:24:23 +0000
treeherdermozilla-central@f0566d1a9ab1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjohannh
bugs1541450
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1541450 - Add a Certs cleaner and defines that object in FLAGS_MAP. r=johannh Differential Revision: https://phabricator.services.mozilla.com/D27193
toolkit/components/cleardata/ClearDataService.jsm
toolkit/components/cleardata/nsIClearDataService.idl
toolkit/components/cleardata/tests/unit/test_certs.js
toolkit/components/cleardata/tests/unit/xpcshell.ini
--- a/toolkit/components/cleardata/ClearDataService.jsm
+++ b/toolkit/components/cleardata/ClearDataService.jsm
@@ -76,16 +76,34 @@ const CookieCleaner = {
       }
 
       aResolve();
     });
   },
 
 };
 
+const CertCleaner = {
+  deleteByHost(aHost, aOriginAttributes) {
+    let overrideService = Cc["@mozilla.org/security/certoverride;1"]
+                            .getService(Ci.nsICertOverrideService);
+    return new Promise(aResolve => {
+      overrideService.clearValidityOverride(aHost, -1);
+      aResolve();
+    });
+  },
+
+  deleteAll() {
+    return new Promise(aResolve => {
+      Cu.reportError("CertCleaner.deleteAll is not implemented");
+      aResolve();
+    });
+  },
+};
+
 const NetworkCacheCleaner = {
   deleteByHost(aHost, aOriginAttributes) {
     return new Promise(aResolve => {
       // Delete data from both HTTP and HTTPS sites.
       let httpURI = Services.io.newURI("http://" + aHost);
       let httpsURI = Services.io.newURI("https://" + aHost);
       let httpPrincipal = Services.scriptSecurityManager
                                    .createCodebasePrincipal(httpURI, aOriginAttributes);
@@ -807,16 +825,19 @@ const ReportsCleaner = {
       Services.obs.notifyObservers(null, "reporting:purge-all");
       aResolve();
     });
   },
 };
 
 // Here the map of Flags-Cleaner.
 const FLAGS_MAP = [
+  { flag: Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS,
+    cleaner: CertCleaner },
+
  { flag: Ci.nsIClearDataService.CLEAR_COOKIES,
    cleaner: CookieCleaner },
 
  { flag: Ci.nsIClearDataService.CLEAR_NETWORK_CACHE,
    cleaner: NetworkCacheCleaner },
 
  { flag: Ci.nsIClearDataService.CLEAR_IMAGE_CACHE,
    cleaner: ImageCacheCleaner },
--- a/toolkit/components/cleardata/nsIClearDataService.idl
+++ b/toolkit/components/cleardata/nsIClearDataService.idl
@@ -190,16 +190,21 @@ interface nsIClearDataService : nsISuppo
   const uint32_t CLEAR_REPORTS = 1 << 19;
 
   /**
    * StorageAccessAPI flag, which indicates user interaction.
    */
   const uint32_t CLEAR_STORAGE_ACCESS = 1 << 20;
 
   /**
+   * Clear Cert Exceptions.
+   */
+  const uint32_t CLEAR_CERT_EXCEPTIONS = 1 << 21;
+
+  /**
    * Use this value to delete all the data.
    */
   const uint32_t CLEAR_ALL = 0xFFFFFF;
 
   /**************************************************************************
    * The following flags are helpers: they combine some of the previous flags
    * in a more convenient way.
    */
@@ -218,17 +223,17 @@ interface nsIClearDataService : nsISuppo
   /**
    * Helper flag for forget about site
    */
   const uint32_t CLEAR_FORGET_ABOUT_SITE =
     CLEAR_HISTORY | CLEAR_SESSION_HISTORY | CLEAR_NETWORK_CACHE | CLEAR_IMAGE_CACHE |
     CLEAR_COOKIES | CLEAR_EME | CLEAR_PLUGIN_DATA | CLEAR_DOWNLOADS | CLEAR_PASSWORDS |
     CLEAR_PERMISSIONS | CLEAR_DOM_STORAGES | CLEAR_CONTENT_PREFERENCES |
     CLEAR_PREDICTOR_NETWORK_DATA | CLEAR_DOM_PUSH_NOTIFICATIONS |
-    CLEAR_SECURITY_SETTINGS | CLEAR_REPORTS;
+    CLEAR_SECURITY_SETTINGS | CLEAR_REPORTS | CLEAR_CERT_EXCEPTIONS;
 };
 
 /**
  * This is a companion interface for
  * nsIClearDataService::deleteDataFromPrincipal().
  */
 [function, scriptable, uuid(e225517b-24c5-498a-b9fb-9993e341a398)]
 interface nsIClearDataCallback : nsISupports
new file mode 100644
--- /dev/null
+++ b/toolkit/components/cleardata/tests/unit/test_certs.js
@@ -0,0 +1,50 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const certService = Cc["@mozilla.org/security/local-cert-service;1"]
+                      .getService(Ci.nsILocalCertService);
+const overrideService = Cc["@mozilla.org/security/certoverride;1"]
+                          .getService(Ci.nsICertOverrideService);
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const CERT_TEST = "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t";
+
+add_task(async function() {
+  Assert.ok(Services.clearData);
+
+  const TEST_URI = Services.io.newURI("http://test.com/");
+  let cert = certDB.constructX509FromBase64(CERT_TEST);
+  let flags = Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS;
+
+  ok(cert, "Cert was created");
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 0,
+               "Cert should not be used for override yet");
+
+  overrideService.rememberValidityOverride(
+    TEST_URI.asciiHost, TEST_URI.port,
+    cert,
+    flags,
+    false
+  );
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 1,
+               "Cert should be used for override now");
+
+  await new Promise(aResolve => {
+    Services.clearData
+            .deleteDataFromHost(TEST_URI.asciiHostPort, true /* user request */,
+                                flags,
+                                value => {
+      Assert.equal(value, 0);
+      aResolve();
+    });
+  });
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 0,
+               "Cert should not be used for override now");
+});
--- a/toolkit/components/cleardata/tests/unit/xpcshell.ini
+++ b/toolkit/components/cleardata/tests/unit/xpcshell.ini
@@ -1,13 +1,14 @@
 [DEFAULT]
 firefox-appdir = browser
 head = head.js
 skip-if = toolkit == 'android'
 support-files =
 
 [test_basic.js]
+[test_certs.js]
 [test_cookies.js]
 [test_downloads.js]
 [test_network_cache.js]
 [test_passwords.js]
 [test_permissions.js]
 [test_storage_permission.js]