diff options
Diffstat (limited to 'toolkit/components/corroborator/Corroborate.sys.mjs')
-rw-r--r-- | toolkit/components/corroborator/Corroborate.sys.mjs | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/toolkit/components/corroborator/Corroborate.sys.mjs b/toolkit/components/corroborator/Corroborate.sys.mjs index 1f06ce8412..51b447726c 100644 --- a/toolkit/components/corroborator/Corroborate.sys.mjs +++ b/toolkit/components/corroborator/Corroborate.sys.mjs @@ -33,10 +33,18 @@ export const Corroborate = { lazy.gCertDB.openSignedAppFileAsync( root, file, - (rv, _zipReader, cert) => { + (rv, _zipReader, signatureInfos) => { + // aSignatureInfos is an array of nsIAppSignatureInfo. + // This implementation could be modified to iterate through the array to + // determine if one or all of the verified signatures used a satisfactory + // algorithm and signing certificate. + // For now, though, it maintains existing behavior by inspecting the + // first signing certificate encountered. resolve( Components.isSuccessCode(rv) && - cert.organizationalUnit === expectedOrganizationalUnit + signatureInfos.length && + signatureInfos[0].signerCert.organizationalUnit == + expectedOrganizationalUnit ); } ); |