Bug 1502555 - Match oppsec .wk format to rfc. r=dragana
authorNicholas Hurley <nwgh@nwgh.org>
Wed, 26 Jun 2019 11:44:36 +0000
changeset 480185 b059958f18ed6127b819aef02bd76e2732c72a5d
parent 480178 2431a678921d17233327fd02a9015439eb933dfa
child 480186 44932f2396663a7e44434a9c562c1089ebd4422b
push id36208
push userccoroiu@mozilla.com
push dateThu, 27 Jun 2019 09:34:48 +0000
treeherdermozilla-central@70e7c3ef6cae [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdragana
bugs1502555
milestone69.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1502555 - Match oppsec .wk format to rfc. r=dragana Differential Revision: https://phabricator.services.mozilla.com/D35136
netwerk/protocol/http/AlternateServices.cpp
netwerk/protocol/http/WellKnownOpportunisticUtils.jsm
netwerk/protocol/http/nsIWellKnownOpportunisticUtils.idl
netwerk/test/unit/test_altsvc.js
netwerk/test/unit/test_http2.js
testing/xpcshell/moz-http2/moz-http2.js
--- a/netwerk/protocol/http/AlternateServices.cpp
+++ b/netwerk/protocol/http/AlternateServices.cpp
@@ -635,48 +635,25 @@ class WellKnownChecker {
              this));
       } else {
         accepted = true;
       }
 
       if (accepted) {
         MOZ_ASSERT(!mMapping->HTTPS());  // https:// does not use .wk
 
-        nsresult rv = uu->Verify(mTransactionAlternate->mWKResponse, mOrigin,
-                                 mAlternatePort);
+        nsresult rv = uu->Verify(mTransactionAlternate->mWKResponse, mOrigin);
         if (NS_SUCCEEDED(rv)) {
           bool validWK = false;
-          bool mixedScheme = false;
-          int32_t lifetime = 0;
           Unused << uu->GetValid(&validWK);
-          Unused << uu->GetLifetime(&lifetime);
-          Unused << uu->GetMixed(&mixedScheme);
           if (!validWK) {
             LOG(("WellKnownChecker::Done %p json parser declares invalid\n%s\n",
                  this, mTransactionAlternate->mWKResponse.get()));
             accepted = false;
           }
-          if (accepted && (lifetime > 0)) {
-            if (mMapping->TTL() > lifetime) {
-              LOG((
-                  "WellKnownChecker::Done %p atl-svc lifetime reduced by .wk\n",
-                  this));
-              mMapping->SetExpiresAt(NowInSeconds() + lifetime);
-            } else {
-              LOG(
-                  ("WellKnownChecker::Done %p .wk lifetime exceeded alt-svc ma "
-                   "so ignored\n",
-                   this));
-            }
-          }
-          if (accepted && mixedScheme) {
-            mMapping->SetMixedScheme(true);
-            LOG(("WellKnownChecker::Done %p atl-svc .wk allows mixed scheme\n",
-                 this));
-          }
         } else {
           LOG(("WellKnownChecker::Done %p .wk jason eval failed to run\n",
                this));
           accepted = false;
         }
       }
 
       MOZ_ASSERT(!mMapping->Validated());
--- a/netwerk/protocol/http/WellKnownOpportunisticUtils.jsm
+++ b/netwerk/protocol/http/WellKnownOpportunisticUtils.jsm
@@ -9,25 +9,22 @@ function WellKnownOpportunisticUtils() {
   this.valid = false;
   this.mixed = false;
   this.lifetime = 0;
 }
 
 WellKnownOpportunisticUtils.prototype = {
   QueryInterface: ChromeUtils.generateQI([Ci.nsIWellKnownOpportunisticUtils]),
 
-  verify(aJSON, aOrigin, aAlternatePort) {
+  verify(aJSON, aOrigin) {
     try {
-      let obj = JSON.parse(aJSON.toLowerCase());
-      let ports = obj[aOrigin.toLowerCase()]["tls-ports"];
-      if (!ports.includes(aAlternatePort)) {
-        throw new Error("invalid port");
+      let arr = JSON.parse(aJSON.toLowerCase());
+      if (!arr.includes(aOrigin.toLowerCase())) {
+        throw new Error("invalid origin");
       }
-      this.lifetime = obj[aOrigin.toLowerCase()].lifetime;
-      this.mixed = obj[aOrigin.toLowerCase()]["mixed-scheme"];
     } catch (e) {
       return;
     }
     this.valid = true;
   },
 };
 
 var EXPORTED_SYMBOLS = ["WellKnownOpportunisticUtils"];
--- a/netwerk/protocol/http/nsIWellKnownOpportunisticUtils.idl
+++ b/netwerk/protocol/http/nsIWellKnownOpportunisticUtils.idl
@@ -12,15 +12,12 @@
 %{C++
 #define NS_WELLKNOWNOPPORTUNISTICUTILS_CONTRACTID "@mozilla.org/network/well-known-opportunistic-utils;1"
 %}
 
 [scriptable, uuid(b4f96c89-5238-450c-8bda-e12c26f1d150)]
 interface nsIWellKnownOpportunisticUtils : nsISupports
 {
     [must_use] void verify(in ACString aJSON,
-               in ACString  aOrigin,
-               in long      aAlternatePort);
+               in ACString  aOrigin);
 
     [must_use] readonly attribute bool valid;
-    [must_use] readonly attribute bool mixed; /* mixed-scheme */
-    [must_use] readonly attribute long lifetime;
 };
--- a/netwerk/test/unit/test_altsvc.js
+++ b/netwerk/test/unit/test_altsvc.js
@@ -100,17 +100,17 @@ function h1ServerWK(metadata, response) 
   response.setStatusLine(metadata.httpVersion, 200, "OK");
   response.setHeader("Content-Type", "application/json", false);
   response.setHeader("Connection", "close", false);
   response.setHeader("Cache-Control", "no-cache", false);
   response.setHeader("Access-Control-Allow-Origin", "*", false);
   response.setHeader("Access-Control-Allow-Method", "GET", false);
   response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
 
-  var body = '{"http://foo.example.com:' + h1Foo.identity.primaryPort + '": { "tls-ports": [' + h2Port + '] }}';
+  var body = '["http://foo.example.com:' + h1Foo.identity.primaryPort + '"]';
   response.bodyOutputStream.write(body, body.length);
 }
 
 function resetPrefs() {
   prefs.setBoolPref("network.http.spdy.enabled", spdypref);
   prefs.setBoolPref("network.http.spdy.enabled.http2", http2pref);
   prefs.setBoolPref("network.http.altsvc.enabled", altsvcpref1);
   prefs.setBoolPref("network.http.altsvc.oe", altsvcpref2);
--- a/netwerk/test/unit/test_http2.js
+++ b/netwerk/test/unit/test_http2.js
@@ -659,17 +659,17 @@ function altsvcHttp1Server(metadata, res
 function h1ServerWK(metadata, response) {
   response.setStatusLine(metadata.httpVersion, 200, "OK");
   response.setHeader("Content-Type", "application/json", false);
   response.setHeader("Connection", "close", false);
   response.setHeader("Cache-Control", "no-cache", false);
   response.setHeader("Access-Control-Allow-Origin", "*", false);
   response.setHeader("Access-Control-Allow-Method", "GET", false);
 
-  var body = '{"http://foo.example.com:' + httpserv.identity.primaryPort + '": { "tls-ports": [' + serverPort + '] }}';
+  var body = '["http://foo.example.com:' + httpserv.identity.primaryPort + '"]';
   response.bodyOutputStream.write(body, body.length);
 }
 
 function altsvcHttp1Server2(metadata, response) {
 // this server should never be used thanks to an alt svc frame from the
 // h2 server.. but in case of some async lag in setting the alt svc route
 // up we have it.
   response.setStatusLine(metadata.httpVersion, 200, "OK");
@@ -682,17 +682,17 @@ function altsvcHttp1Server2(metadata, re
 function h1ServerWK2(metadata, response) {
   response.setStatusLine(metadata.httpVersion, 200, "OK");
   response.setHeader("Content-Type", "application/json", false);
   response.setHeader("Connection", "close", false);
   response.setHeader("Cache-Control", "no-cache", false);
   response.setHeader("Access-Control-Allow-Origin", "*", false);
   response.setHeader("Access-Control-Allow-Method", "GET", false);
 
-  var body = '{"http://foo.example.com:' + httpserv2.identity.primaryPort + '": { "tls-ports": [' + serverPort + '] }}';
+  var body = '["http://foo.example.com:' + httpserv2.identity.primaryPort + '"]';
   response.bodyOutputStream.write(body, body.length);
 }
 function test_http2_altsvc() {
   var chan = makeChan("http://foo.example.com:" + httpserv.identity.primaryPort + "/altsvc1")
            .QueryInterface(Ci.nsIHttpChannel);
   chan.asyncOpen(altsvcClientListener);
 }
 
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -812,17 +812,17 @@ function handleRequest(req, res) {
     res.end("");
     return;
   }
 
   else if (u.pathname === "/.well-known/http-opportunistic") {
     res.setHeader('Cache-Control', 'no-cache');
     res.setHeader('Content-Type', 'application/json');
     res.writeHead(200, "OK");
-    res.end('{"http://' + req.headers['host'] + '": { "tls-ports": [' + serverPort + '] }}');
+    res.end('["http://' + req.headers['host'] + '"]');
     return;
   }
 
   // for PushService tests.
   else if (u.pathname === "/pushSubscriptionSuccess/subscribe") {
     res.setHeader("Location",
                   'https://localhost:' + serverPort + '/pushSubscriptionSuccesss');
     res.setHeader("Link",