Backed out changeset c80456e5e3dd (bug 1119778) for causing s4 failures in test_forget_about_site_security_headers.js
authorCarsten "Tomcat" Book <cbook@mozilla.com>
Sat, 30 Jul 2016 16:09:40 +0200
changeset 349555 a4d524f408817b7fe58258084902f41691548852
parent 349554 ba01eb85da0a2b60d2061ef3ca06ac6f435d434f
child 349556 2ba03ba34ece7fdcd007056de6ee58b758333e54
push id1230
push userjlund@mozilla.com
push dateMon, 31 Oct 2016 18:13:35 +0000
treeherdermozilla-release@5e06e3766db2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1119778
milestone50.0a1
backs outc80456e5e3dd72a65de2f7acaf5be73f3df80144
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset c80456e5e3dd (bug 1119778) for causing s4 failures in test_forget_about_site_security_headers.js
security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
security/manager/ssl/tests/unit/xpcshell.ini
toolkit/forgetaboutsite/ForgetAboutSite.jsm
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
+++ /dev/null
@@ -1,100 +0,0 @@
-/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
- * vim: sw=2 ts=2 sts=2
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-"use strict";
-
-// Ensures that HSTS (HTTP Strict Transport Security) and HPKP (HTTP Public key
-// pinning) are cleared when using "Forget About This Site".
-
-var { ForgetAboutSite } = Cu.import("resource://gre/modules/ForgetAboutSite.jsm", {});
-
-do_register_cleanup(() => {
-  Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
-  Services.prefs.clearUserPref(
-    "security.cert_pinning.process_headers_from_non_builtin_roots");
-});
-
-const GOOD_MAX_AGE_SECONDS = 69403;
-const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
-const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
-const VALID_PIN = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`;
-const BACKUP_PIN = `pin-sha256="${NON_ISSUED_KEY_HASH}";`;
-const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
-
-do_get_profile(); // must be done before instantiating nsIX509CertDB
-
-Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
-Services.prefs.setBoolPref(
-  "security.cert_pinning.process_headers_from_non_builtin_roots", true);
-
-var certdb = Cc["@mozilla.org/security/x509certdb;1"]
-               .getService(Ci.nsIX509CertDB);
-addCertFromFile(certdb, "test_pinning_dynamic/pinningroot.pem", "CTu,CTu,CTu");
-
-var sss = Cc["@mozilla.org/ssservice;1"]
-            .getService(Ci.nsISiteSecurityService);
-var uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
-
-// This test re-uses certificates from pinning tests because that's easier and
-// simpler than recreating new certificates, hence the slightly longer than
-// necessary domain name.
-var sslStatus = new FakeSSLStatus(constructCertFromFile(
-  "test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem"));
-
-// Test the normal case of processing HSTS and HPKP headers for
-// a.pinning2.example.com, using "Forget About Site" on a.pinning2.example.com,
-// and then checking that the platform doesn't consider a.pinning2.example.com
-// to be HSTS or HPKP any longer.
-add_task(function* () {
-  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE,
-                    sslStatus, 0);
-  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
-                    GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
-
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "a.pinning2.example.com", 0),
-            "a.pinning2.example.com should be HSTS");
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
-                             "a.pinning2.example.com", 0),
-            "a.pinning2.example.com should be HPKP");
-
-  yield ForgetAboutSite.removeDataFromDomain("a.pinning2.example.com");
-
-  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "a.pinning2.example.com", 0),
-            "a.pinning2.example.com should not be HSTS now");
-  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
-                              "a.pinning2.example.com", 0),
-            "a.pinning2.example.com should not be HPKP now");
-});
-
-// TODO (bug 1290529): the platform does not support this yet.
-// Test the case of processing HSTS and HPKP headers for a.pinning2.example.com,
-// using "Forget About Site" on example.com, and then checking that the platform
-// doesn't consider the subdomain to be HSTS or HPKP any longer.
-add_task(function* () {
-  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE,
-                    sslStatus, 0);
-  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
-                    GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
-
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "a.pinning2.example.com", 0),
-            "a.pinning2.example.com should be HSTS (subdomain case)");
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
-                             "a.pinning2.example.com", 0),
-            "a.pinning2.example.com should be HPKP (subdomain case)");
-
-  yield ForgetAboutSite.removeDataFromDomain("example.com");
-
-  // TODO (bug 1290529):
-  // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-  //                             "a.pinning2.example.com", 0),
-  //           "a.pinning2.example.com should not be HSTS now (subdomain case)");
-  // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
-  //                             "a.pinning2.example.com", 0),
-  //           "a.pinning2.example.com should not be HPKP now (subdomain case)");
-});
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -56,17 +56,16 @@ run-sequentially = hardcoded ports
 skip-if = toolkit == 'android' || buildapp == 'b2g'
 [test_constructX509FromBase64.js]
 [test_content_signing.js]
 [test_datasignatureverifier.js]
 [test_enterprise_roots.js]
 skip-if = os != 'win' # tests a Windows-specific feature
 [test_ev_certs.js]
 run-sequentially = hardcoded ports
-[test_forget_about_site_security_headers.js]
 [test_getchain.js]
 [test_hash_algorithms.js]
 [test_hash_algorithms_wrap.js]
 # bug 1124289 - run_test_in_child violates the sandbox on b2g and android
 skip-if = toolkit == 'android' || toolkit == 'gonk'
 [test_hmac.js]
 [test_intermediate_basic_usage_constraints.js]
 [test_js_cert_override_service.js]
--- a/toolkit/forgetaboutsite/ForgetAboutSite.jsm
+++ b/toolkit/forgetaboutsite/ForgetAboutSite.jsm
@@ -208,29 +208,14 @@ this.ForgetAboutSite = {
     // Push notifications.
     promises.push(new Promise(resolve => {
       var push = Cc["@mozilla.org/push/Service;1"]
                   .getService(Ci.nsIPushService);
       push.clearForDomain(aDomain, status => {
         (Components.isSuccessCode(status) ? resolve : reject)(status);
       });
     }).catch(e => {
-      Cu.reportError("Exception thrown while clearing Push notifications: " +
-                     e.toString());
+      dump("Web Push may not be available.\n");
     }));
 
-    // HSTS and HPKP
-    // TODO (bug 1290529): also remove HSTS/HPKP information for subdomains.
-    // Since we can't enumerate the information in the site security service
-    // (bug 1115712), we can't implement this right now.
-    try {
-      let sss = Cc["@mozilla.org/ssservice;1"].
-                getService(Ci.nsISiteSecurityService);
-      sss.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, httpsURI, 0);
-      sss.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, httpsURI, 0);
-    } catch (e) {
-      Cu.reportError("Exception thrown while clearing HSTS/HPKP: " +
-                     e.toString());
-    }
-
     return Promise.all(promises);
   }
 };