Bug 1541450 - Add a Certs cleaner and defines that object in FLAGS_MAP. r=johannh
☠☠ backed out by 72d674a9bac7 ☠ ☠
authorCarolina Jimenez Gomez <carolina.jimenez.g@gmail.com>
Thu, 25 Apr 2019 17:03:50 +0000
changeset 471414 c5d2d999a8abf0f920a2d9166e6ab5a325c29876
parent 471413 eff327669852117cf3596cb7e86115bae863640b
child 471415 72d674a9bac7739024cbff7e4e2be4aaf4c635a5
push id35916
push userrmaries@mozilla.com
push dateFri, 26 Apr 2019 09:46:15 +0000
treeherdermozilla-central@094b212a3cbf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjohannh
bugs1541450
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1541450 - Add a Certs cleaner and defines that object in FLAGS_MAP. r=johannh Differential Revision: https://phabricator.services.mozilla.com/D27193
toolkit/components/cleardata/ClearDataService.jsm
toolkit/components/cleardata/nsIClearDataService.idl
toolkit/components/cleardata/tests/unit/test_certs.js
toolkit/components/cleardata/tests/unit/xpcshell.ini
--- a/toolkit/components/cleardata/ClearDataService.jsm
+++ b/toolkit/components/cleardata/ClearDataService.jsm
@@ -76,16 +76,34 @@ const CookieCleaner = {
       }
 
       aResolve();
     });
   },
 
 };
 
+const CertCleaner = {
+  deleteByHost(aHost, aOriginAttributes) {
+    let overrideService = Cc["@mozilla.org/security/certoverride;1"]
+                            .getService(Ci.nsICertOverrideService);
+    return new Promise(aResolve => {
+      overrideService.clearValidityOverride(aHost, -1);
+      aResolve();
+    });
+  },
+
+  deleteAll() {
+    return new Promise(aResolve => {
+      Cu.reportError("CertCleaner.deleteAll is not implemented");
+      aResolve();
+    });
+  },
+};
+
 const NetworkCacheCleaner = {
   deleteByHost(aHost, aOriginAttributes) {
     return new Promise(aResolve => {
       // Delete data from both HTTP and HTTPS sites.
       let httpURI = Services.io.newURI("http://" + aHost);
       let httpsURI = Services.io.newURI("https://" + aHost);
       let httpPrincipal = Services.scriptSecurityManager
                                    .createCodebasePrincipal(httpURI, aOriginAttributes);
@@ -807,16 +825,19 @@ const ReportsCleaner = {
       Services.obs.notifyObservers(null, "reporting:purge-all");
       aResolve();
     });
   },
 };
 
 // Here the map of Flags-Cleaner.
 const FLAGS_MAP = [
+  { flag: Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS,
+    cleaner: CertCleaner },
+
  { flag: Ci.nsIClearDataService.CLEAR_COOKIES,
    cleaner: CookieCleaner },
 
  { flag: Ci.nsIClearDataService.CLEAR_NETWORK_CACHE,
    cleaner: NetworkCacheCleaner },
 
  { flag: Ci.nsIClearDataService.CLEAR_IMAGE_CACHE,
    cleaner: ImageCacheCleaner },
--- a/toolkit/components/cleardata/nsIClearDataService.idl
+++ b/toolkit/components/cleardata/nsIClearDataService.idl
@@ -190,16 +190,21 @@ interface nsIClearDataService : nsISuppo
   const uint32_t CLEAR_REPORTS = 1 << 19;
 
   /**
    * StorageAccessAPI flag, which indicates user interaction.
    */
   const uint32_t CLEAR_STORAGE_ACCESS = 1 << 20;
 
   /**
+   * Clear Cert Exceptions.
+   */
+  const uint32_t CLEAR_CERT_EXCEPTIONS = 1 << 20;
+
+  /**
    * Use this value to delete all the data.
    */
   const uint32_t CLEAR_ALL = 0xFFFFFF;
 
   /**************************************************************************
    * The following flags are helpers: they combine some of the previous flags
    * in a more convenient way.
    */
@@ -218,17 +223,17 @@ interface nsIClearDataService : nsISuppo
   /**
    * Helper flag for forget about site
    */
   const uint32_t CLEAR_FORGET_ABOUT_SITE =
     CLEAR_HISTORY | CLEAR_SESSION_HISTORY | CLEAR_NETWORK_CACHE | CLEAR_IMAGE_CACHE |
     CLEAR_COOKIES | CLEAR_EME | CLEAR_PLUGIN_DATA | CLEAR_DOWNLOADS | CLEAR_PASSWORDS |
     CLEAR_PERMISSIONS | CLEAR_DOM_STORAGES | CLEAR_CONTENT_PREFERENCES |
     CLEAR_PREDICTOR_NETWORK_DATA | CLEAR_DOM_PUSH_NOTIFICATIONS |
-    CLEAR_SECURITY_SETTINGS | CLEAR_REPORTS;
+    CLEAR_SECURITY_SETTINGS | CLEAR_REPORTS | CLEAR_CERT_EXCEPTIONS;
 };
 
 /**
  * This is a companion interface for
  * nsIClearDataService::deleteDataFromPrincipal().
  */
 [function, scriptable, uuid(e225517b-24c5-498a-b9fb-9993e341a398)]
 interface nsIClearDataCallback : nsISupports
new file mode 100644
--- /dev/null
+++ b/toolkit/components/cleardata/tests/unit/test_certs.js
@@ -0,0 +1,50 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
+const certService = Cc["@mozilla.org/security/local-cert-service;1"]
+                      .getService(Ci.nsILocalCertService);
+const overrideService = Cc["@mozilla.org/security/certoverride;1"]
+                          .getService(Ci.nsICertOverrideService);
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const CERT_TEST = "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t";
+
+add_task(async function() {
+  Assert.ok(Services.clearData);
+
+  const TEST_URI = Services.io.newURI("http://test.com/");
+  let cert = certDB.constructX509FromBase64(CERT_TEST);
+  let flags = Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS;
+
+  ok(cert, "Cert was created");
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 0,
+               "Cert should not be used for override yet");
+
+  overrideService.rememberValidityOverride(
+    TEST_URI.asciiHost, TEST_URI.port,
+    cert,
+    flags,
+    false
+  );
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 1,
+               "Cert should be used for override now");
+
+  await new Promise(aResolve => {
+    Services.clearData
+            .deleteDataFromHost(TEST_URI.asciiHostPort, true /* user request */,
+                                flags,
+                                value => {
+      Assert.equal(value, 0);
+      aResolve();
+    });
+  });
+
+  Assert.equal(overrideService.isCertUsedForOverrides(cert, true, true), 0,
+               "Cert should not be used for override now");
+});
--- a/toolkit/components/cleardata/tests/unit/xpcshell.ini
+++ b/toolkit/components/cleardata/tests/unit/xpcshell.ini
@@ -1,13 +1,14 @@
 [DEFAULT]
 firefox-appdir = browser
 head = head.js
 skip-if = toolkit == 'android'
 support-files =
 
 [test_basic.js]
+[test_certs.js]
 [test_cookies.js]
 [test_downloads.js]
 [test_network_cache.js]
 [test_passwords.js]
 [test_permissions.js]
 [test_storage_permission.js]