Bug 903126 - Don't use an xpcshell cert for verification. r=rstrong
authorBrian R. Bondy <netzen@gmail.com>
Wed, 22 Oct 2014 21:02:00 -0400
changeset 491339 c0eb0b629dc0aae5c4f7c83df8d9d2dca952d542
parent 491338 e6a3d69990a4c20e552f2447104b4d349628a485
child 491340 32a4fd148d037ce070efad240a6f1f82808ebccd
push id47343
push userbmo:dothayer@mozilla.com
push dateWed, 01 Mar 2017 22:58:58 +0000
reviewersrstrong
bugs903126
milestone36.0a1
Bug 903126 - Don't use an xpcshell cert for verification. r=rstrong
toolkit/mozapps/update/updater/Makefile.in
toolkit/mozapps/update/updater/archivereader.cpp
--- a/toolkit/mozapps/update/updater/Makefile.in
+++ b/toolkit/mozapps/update/updater/Makefile.in
@@ -31,17 +31,16 @@ else ifneq (,$(filter nightly aurora nig
 else
 	PRIMARY_CERT = dep1.der
 	SECONDARY_CERT = dep2.der
 endif
 
 export::
 	$(PYTHON) $(srcdir)/gen_cert_header.py primaryCertData $(srcdir)/$(PRIMARY_CERT) > primaryCert.h
 	$(PYTHON) $(srcdir)/gen_cert_header.py secondaryCertData $(srcdir)/$(SECONDARY_CERT) > secondaryCert.h
-	$(PYTHON) $(srcdir)/gen_cert_header.py xpcshellCertData $(srcdir)/xpcshellCertificate.der > xpcshellCert.h
 
 ifdef MOZ_WIDGET_GTK
 libs:: updater.png
 	$(NSINSTALL) -D $(DIST)/bin/icons
 	$(INSTALL) $(IFLAGS1) $^ $(DIST)/bin/icons
 endif
 
 ifeq (cocoa,$(MOZ_WIDGET_TOOLKIT))
--- a/toolkit/mozapps/update/updater/archivereader.cpp
+++ b/toolkit/mozapps/update/updater/archivereader.cpp
@@ -14,17 +14,16 @@
 #include "nsAlgorithm.h" // Needed by nsVersionComparator.cpp
 #include "updatehelper.h"
 #endif
 
 // These are generated at compile time based on the DER file for the channel
 // being used
 #include "primaryCert.h"
 #include "secondaryCert.h"
-#include "xpcshellCert.h"
 
 #define UPDATER_NO_STRING_GLUE_STL
 #include "nsVersionComparator.cpp"
 #undef UPDATER_NO_STRING_GLUE_STL
 
 #if defined(XP_UNIX)
 # include <sys/types.h>
 #elif defined(XP_WIN)
@@ -67,29 +66,19 @@ VerifyLoadedCert(MarFile *archive, const
 */
 int
 ArchiveReader::VerifySignature()
 {
   if (!mArchive) {
     return ARCHIVE_NOT_OPEN;
   }
 
-  // If the fallback key exists we're running an XPCShell test and we should
-  // use the XPCShell specific cert for the signed MAR.
-  int rv = OK;
-#ifdef XP_WIN
-  if (DoesFallbackKeyExist()) {
-    rv = VerifyLoadedCert(mArchive, xpcshellCertData);
-  } else
-#endif
-  {
-    rv = VerifyLoadedCert(mArchive, primaryCertData);
-    if (rv != OK) {
-      rv = VerifyLoadedCert(mArchive, secondaryCertData);
-    }
+  int rv = VerifyLoadedCert(mArchive, primaryCertData);
+  if (rv != OK) {
+    rv = VerifyLoadedCert(mArchive, secondaryCertData);
   }
   return rv;
 }
 
 /**
  * Verifies that the MAR file matches the current product, channel, and version
  * 
  * @param MARChannelID   The MAR channel name to use, only updates from MARs