No bug, Automated HPKP preload list update from host bld-linux64-spot-083 - a=hpkp-update
authorffxbld
Sat, 13 Sep 2014 03:16:51 -0700
changeset 224777 13c72f4fa219e208f0967f9fdb9d43c6290b2f48
parent 224776 a94bdcd4fbc7ee40629124a451a679d96c2ac26f
child 224778 39400494ea16134ef5e432abab1634f8b54896bd
push id3979
push userraliiev@mozilla.com
push dateMon, 13 Oct 2014 16:35:44 +0000
treeherdermozilla-beta@30f2cc610691 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershpkp-update
milestone34.0a2
No bug, Automated HPKP preload list update from host bld-linux64-spot-083 - a=hpkp-update
security/manager/boot/src/StaticHPKPins.h
--- a/security/manager/boot/src/StaticHPKPins.h
+++ b/security/manager/boot/src/StaticHPKPins.h
@@ -74,16 +74,20 @@ static const char kComodo_Trusted_Servic
 /* Cybertrust Global Root */
 static const char kCybertrust_Global_RootFingerprint[] =
   "foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU=";
 
 /* DigiCert Assured ID Root CA */
 static const char kDigiCert_Assured_ID_Root_CAFingerprint[] =
   "I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o=";
 
+/* DigiCert ECC Secure Server CA */
+static const char kDigiCert_ECC_Secure_Server_CAFingerprint[] =
+  "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=";
+
 /* DigiCert Global Root CA */
 static const char kDigiCert_Global_Root_CAFingerprint[] =
   "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
 
 /* DigiCert High Assurance EV Root CA */
 static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] =
   "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=";
 
@@ -359,16 +363,17 @@ struct StaticFingerprints {
 
 struct StaticPinset {
   const StaticFingerprints* sha1;
   const StaticFingerprints* sha256;
 };
 
 /* PreloadedHPKPins.json pinsets */
 static const char* kPinset_facebook_sha256_Data[] = {
+  kDigiCert_ECC_Secure_Server_CAFingerprint,
   kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
   kDigiCert_High_Assurance_EV_Root_CAFingerprint,
 };
 static const StaticFingerprints kPinset_facebook_sha256 = {
   sizeof(kPinset_facebook_sha256_Data) / sizeof(const char*),
   kPinset_facebook_sha256_Data
 };
 
@@ -481,27 +486,27 @@ static const StaticFingerprints kPinset_
   kPinset_mozilla_sha256_Data
 };
 
 static const StaticPinset kPinset_mozilla = {
   nullptr,
   &kPinset_mozilla_sha256
 };
 
-static const char* kPinset_mozilla_fxa_sha256_Data[] = {
+static const char* kPinset_mozilla_services_sha256_Data[] = {
   kDigiCert_Global_Root_CAFingerprint,
 };
-static const StaticFingerprints kPinset_mozilla_fxa_sha256 = {
-  sizeof(kPinset_mozilla_fxa_sha256_Data) / sizeof(const char*),
-  kPinset_mozilla_fxa_sha256_Data
+static const StaticFingerprints kPinset_mozilla_services_sha256 = {
+  sizeof(kPinset_mozilla_services_sha256_Data) / sizeof(const char*),
+  kPinset_mozilla_services_sha256_Data
 };
 
-static const StaticPinset kPinset_mozilla_fxa = {
+static const StaticPinset kPinset_mozilla_services = {
   nullptr,
-  &kPinset_mozilla_fxa_sha256
+  &kPinset_mozilla_services_sha256
 };
 
 static const char* kPinset_mozilla_test_sha256_Data[] = {
   kEnd_Entity_Test_CertFingerprint,
 };
 static const StaticFingerprints kPinset_mozilla_test_sha256 = {
   sizeof(kPinset_mozilla_test_sha256_Data) / sizeof(const char*),
   kPinset_mozilla_test_sha256_Data
@@ -746,23 +751,23 @@ struct TransportSecurityPreload {
   const bool mIsMoz;
   const int32_t mId;
   const StaticPinset *pinset;
 };
 
 /* Sort hostnames for binary search. */
 static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
   { "2mdn.net", true, false, false, -1, &kPinset_google_root_pems },
-  { "accounts.firefox.com", true, false, false, 4, &kPinset_mozilla_fxa },
+  { "accounts.firefox.com", true, false, false, 4, &kPinset_mozilla_services },
   { "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
   { "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla },
   { "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "android.com", true, false, false, -1, &kPinset_google_root_pems },
-  { "api.accounts.firefox.com", true, false, false, 5, &kPinset_mozilla_fxa },
+  { "api.accounts.firefox.com", true, false, false, 5, &kPinset_mozilla_services },
   { "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
   { "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla },
   { "blog.torproject.org", true, false, false, -1, &kPinset_tor },
   { "business.twitter.com", true, false, false, -1, &kPinset_twitterCom },
   { "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla },
@@ -1038,16 +1043,17 @@ static const TransportSecurityPreload kP
   { "pinningtest.appspot.com", true, false, false, -1, &kPinset_test },
   { "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
   { "play.google.com", false, false, false, -1, &kPinset_google_root_pems },
   { "plus.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "script.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "security.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "services.mozilla.com", true, true, false, -1, &kPinset_mozilla_services },
   { "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "ssl.google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
   { "talk.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
   { "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test },
   { "tor2web.org", true, true, false, -1, &kPinset_tor2web },
   { "torproject.org", false, false, false, -1, &kPinset_tor },
@@ -1077,13 +1083,13 @@ static const TransportSecurityPreload kP
   { "www.twitter.com", true, false, false, -1, &kPinset_twitterCom },
   { "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "youtu.be", true, false, false, -1, &kPinset_google_root_pems },
   { "youtube-nocookie.com", true, false, false, -1, &kPinset_google_root_pems },
   { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
   { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
 };
 
-// Pinning Preload List Length = 330;
+// Pinning Preload List Length = 331;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1418465227216000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1419070122119000);