Bug 726125: Certificates of signed extensions were getting validated on each startup. r=taras, sr=bzbarsky
authorNicolas Chaim Echeverria <necheverria@mozilla.com>
Thu, 30 Aug 2012 16:58:55 -0400
changeset 110237 d14ceaf50295c55851edd6da34336ddc32f21d08
parent 110236 6d818adcd747dbfdf38ea0b560a5f182ec668599
child 110238 1a9c7ecef7bdc57926ee1a5f1e4cb0ba463cd0df
push idunknown
push userunknown
push dateunknown
reviewerstaras, bzbarsky
bugs726125
milestone18.0a1
Bug 726125: Certificates of signed extensions were getting validated on each startup. r=taras, sr=bzbarsky
js/xpconnect/tests/mochitest/Makefile.in
js/xpconnect/tests/mochitest/bug657267.jar
js/xpconnect/tests/mochitest/test_bug657267.html
modules/libjar/nsJARChannel.cpp
--- a/js/xpconnect/tests/mochitest/Makefile.in
+++ b/js/xpconnect/tests/mochitest/Makefile.in
@@ -78,17 +78,15 @@ MOCHITEST_FILES =	bug500931_helper.html 
 
 MOCHITEST_CHROME_FILES	= \
 		test_bug361111.xul \
 		test_bug760131.html \
 		$(NULL)
 
 ifneq ($(OS_TARGET),Android)
 ifndef MOZ_PLATFORM_MAEMO
-MOCHITEST_FILES +=	test_bug657267.html \
-		bug657267.jar \
-		test_bug564330.html \
+MOCHITEST_FILES +=	test_bug564330.html \
 		test_bug618017.html
 endif
 endif
 
 include $(topsrcdir)/config/rules.mk
 
deleted file mode 100644
index 161acfa72d787ad12a8adeca04f9257f15bc0a63..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
--- a/js/xpconnect/tests/mochitest/test_bug657267.html
+++ /dev/null
@@ -1,44 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=657267
--->
-<head>
-  <title>Test for Bug 657267</title>
-  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
-</head>
-<body>
-<a target="_blank"
-href="https://bugzilla.mozilla.org/show_bug.cgi?id=657267">Mozilla Bug 657267</a>
-<p id="display"></p>
-<div id="content" style="display: none">
-  
-</div>
-<pre id="test">
-<script type="application/javascript">
-
-SimpleTest.waitForExplicitFinish();
-
-/** Test for Bug 657267 **/
-function go() {
-    var win = $('ifr').contentWindow;
-    try {
-        is(win.a(), undefined, "Shouldn't be seeing this");
-        var thrown = false;
-    } catch (e) {
-        thrown = /Permission denied/i.test(e);
-    }
-    ok(thrown, "Should have thrown");
-    SimpleTest.finish();
-}
-
-</script>
-</pre>
-
-<iframe src="jar:http://mochi.test:8888/tests/js/xpconnect/tests/mochitest/bug657267.jar!/file_bug657267.html"
-        id="ifr"
-        onload="go()">
-</iframe>
-</body>
-</html>
--- a/modules/libjar/nsJARChannel.cpp
+++ b/modules/libjar/nsJARChannel.cpp
@@ -486,72 +486,21 @@ nsJARChannel::GetURI(nsIURI **aURI)
     } else {
         NS_IF_ADDREF(*aURI = mJarURI);
     }
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
-nsJARChannel::GetOwner(nsISupports **result)
+nsJARChannel::GetOwner(nsISupports **aOwner)
 {
-    nsresult rv;
-
-    if (mOwner) {
-        NS_ADDREF(*result = mOwner);
-        return NS_OK;
-    }
-
-    if (!mJarInput) {
-        *result = nullptr;
-        return NS_OK;
-    }
-
-    //-- Verify signature, if one is present, and set owner accordingly
-    nsCOMPtr<nsIZipReader> jarReader;
-    mJarInput->GetJarReader(getter_AddRefs(jarReader));
-    if (!jarReader)
-        return NS_ERROR_NOT_INITIALIZED;
-
-    nsCOMPtr<nsIPrincipal> cert;
-    rv = jarReader->GetCertificatePrincipal(mJarEntry, getter_AddRefs(cert));
-    if (NS_FAILED(rv)) return rv;
-
-    if (cert) {
-        nsCAutoString certFingerprint;
-        rv = cert->GetFingerprint(certFingerprint);
-        if (NS_FAILED(rv)) return rv;
-
-        nsCAutoString subjectName;
-        rv = cert->GetSubjectName(subjectName);
-        if (NS_FAILED(rv)) return rv;
-
-        nsCAutoString prettyName;
-        rv = cert->GetPrettyName(prettyName);
-        if (NS_FAILED(rv)) return rv;
-
-        nsCOMPtr<nsISupports> certificate;
-        rv = cert->GetCertificate(getter_AddRefs(certificate));
-        if (NS_FAILED(rv)) return rv;
-        
-        nsCOMPtr<nsIScriptSecurityManager> secMan = 
-                 do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-        if (NS_FAILED(rv)) return rv;
-
-        rv = secMan->GetCertificatePrincipal(certFingerprint, subjectName,
-                                             prettyName, certificate,
-                                             mJarBaseURI,
-                                             getter_AddRefs(cert));
-        if (NS_FAILED(rv)) return rv;
-
-        mOwner = do_QueryInterface(cert, &rv);
-        if (NS_FAILED(rv)) return rv;
-
-        NS_ADDREF(*result = mOwner);
-    }
+    // JAR signatures are not processed to avoid main-thread network I/O (bug 726125)
+    *aOwner = mOwner;
+    NS_IF_ADDREF(*aOwner);
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsJARChannel::SetOwner(nsISupports *aOwner)
 {
     mOwner = aOwner;
     return NS_OK;