1 files changed, 55 insertions, 0 deletions

diff --git a/remote/domains/parent/Security.jsm b/remote/domains/parent/Security.jsm
new file mode 100644
index 0000000000..5114dd1069
--- /dev/null
+++ b/remote/domains/parent/Security.jsm
@@ -0,0 +1,55 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var EXPORTED_SYMBOLS = ["Security"];
+
+const { Domain } = ChromeUtils.import(
+  "chrome://remote/content/domains/Domain.jsm"
+);
+
+const { Preferences } = ChromeUtils.import(
+  "resource://gre/modules/Preferences.jsm"
+);
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+XPCOMUtils.defineLazyServiceGetters(this, {
+  sss: ["@mozilla.org/ssservice;1", "nsISiteSecurityService"],
+  certOverrideService: [
+    "@mozilla.org/security/certoverride;1",
+    "nsICertOverrideService",
+  ],
+});
+
+const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
+const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";
+
+class Security extends Domain {
+  destructor() {
+    this.setIgnoreCertificateErrors({ ignore: false });
+  }
+
+  setIgnoreCertificateErrors({ ignore }) {
+    if (ignore) {
+      // make it possible to register certificate overrides for domains
+      // that use HSTS or HPKP
+      Preferences.set(HSTS_PRELOAD_LIST_PREF, false);
+      Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0);
+    } else {
+      Preferences.reset(HSTS_PRELOAD_LIST_PREF);
+      Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF);
+
+      // clear collected HSTS and HPKP state
+      sss.clearAll();
+      sss.clearPreloads();
+    }
+
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      ignore
+    );
+  }
+}