Merging upstream version 115.10.0esr.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-21 18:34:59 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-21 18:34:59 +0000
commit: b0410fc20c45227756a7bbdcff65e29eb0bc4d91 (patch)
tree: 36bdaeed45bddfc236ac77adf672339174b3c9b3 /toolkit/mozapps
parent: Adding debian version 115.9.1esr-1~deb12u1. (diff)
download: firefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.tar.xz
firefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.zip
2 files changed, 32 insertions, 18 deletions
diff --git a/toolkit/mozapps/extensions/internal/ProductAddonChecker.sys.mjs b/toolkit/mozapps/extensions/internal/ProductAddonChecker.sys.mjs
index 1615a551c8..f76ebf0d30 100644
--- a/toolkit/mozapps/extensions/internal/ProductAddonChecker.sys.mjs
+++ b/toolkit/mozapps/extensions/internal/ProductAddonChecker.sys.mjs
@@ -118,12 +118,18 @@ async function conservativeFetch(input) {
  * @param  contentSignatureHeader
  *         The contents of the 'content-signature' header received along with
  *         `data`.
+ * @param  trustedRoot
+ *         The identifier of the trusted root to use for certificate validation.
  * @return A promise that will resolve to nothing if the signature verification
  *         succeeds, or rejects on failure, with an Error that sets its
  *         addonCheckerErr property disambiguate failure cases and a message
  *         explaining the error.
  */
-async function verifyGmpContentSignature(data, contentSignatureHeader) {
+async function verifyGmpContentSignature(
+  data,
+  contentSignatureHeader,
+  trustedRoot
+) {
   if (!contentSignatureHeader) {
     logger.warn(
       "Unexpected missing content signature header during content signature validation"
@@ -186,13 +192,6 @@ async function verifyGmpContentSignature(data, contentSignatureHeader) {
     "@mozilla.org/security/contentsignatureverifier;1"
   ].createInstance(Ci.nsIContentSignatureVerifier);
 
-  // See bug 1771992. In the future, this may need to handle staging and dev
-  // environments in addition to just production and testing.
-  let root = Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot;
-  if (Services.env.exists("XPCSHELL_TEST_PROFILE_DIR")) {
-    root = Ci.nsIX509CertDB.AppXPCShellRoot;
-  }
-
   let valid;
   try {
     valid = await verifier.asyncVerifyContentSignature(
@@ -200,7 +199,7 @@ async function verifyGmpContentSignature(data, contentSignatureHeader) {
       signature,
       certChain,
       "aus.content-signature.mozilla.org",
-      root
+      trustedRoot
     );
   } catch (err) {
     logger.warn(`Unexpected error while validating content signature: ${err}`);
@@ -329,6 +328,9 @@ function downloadXMLWithRequest(
  * @param  verifyContentSignature
  *         When true, will verify the content signature information from the
  *         response header. Failure to verify will result in an error.
+ * @param  trustedContentSignatureRoot
+ *         The trusted root to use for certificate validation.
+ *         Must be set if verifyContentSignature is true.
  * @return a promise that resolves to the DOM document downloaded or rejects
  *         with a JS exception in case of error.
  */
@@ -336,7 +338,8 @@ async function downloadXML(
   url,
   allowNonBuiltIn = false,
   allowedCerts = null,
-  verifyContentSignature = false
+  verifyContentSignature = false,
+  trustedContentSignatureRoot = null
 ) {
   let request = await downloadXMLWithRequest(
     url,
@@ -346,7 +349,8 @@ async function downloadXML(
   if (verifyContentSignature) {
     await verifyGmpContentSignature(
       request.response,
-      request.getResponseHeader("content-signature")
+      request.getResponseHeader("content-signature"),
+      trustedContentSignatureRoot
     );
   }
   return request.responseXML;
@@ -535,6 +539,9 @@ export const ProductAddonChecker = {
    * @param  verifyContentSignature
    *         When true, will verify the content signature information from the
    *         response header. Failure to verify will result in an error.
+   * @param  trustedContentSignatureRoot
+   *         The trusted root to use for certificate validation.
+   *         Must be set if verifyContentSignature is true.
    * @return a promise that resolves to an object containing the list of add-ons
    *         and whether the local fallback was used, or rejects with a JS
    *         exception in case of error. In the case of an error, a best effort
@@ -545,13 +552,15 @@ export const ProductAddonChecker = {
     url,
     allowNonBuiltIn = false,
     allowedCerts = null,
-    verifyContentSignature = false
+    verifyContentSignature = false,
+    trustedContentSignatureRoot = null
   ) {
     return downloadXML(
       url,
       allowNonBuiltIn,
       allowedCerts,
-      verifyContentSignature
+      verifyContentSignature,
+      trustedContentSignatureRoot
     ).then(parseXML);
   },
 
diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_ProductAddonChecker_signatures.js b/toolkit/mozapps/extensions/test/xpcshell/test_ProductAddonChecker_signatures.js
index 5ae61568ef..93602ffac9 100644
--- a/toolkit/mozapps/extensions/test/xpcshell/test_ProductAddonChecker_signatures.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/test_ProductAddonChecker_signatures.js
@@ -98,7 +98,8 @@ add_task(async function test_valid_content_signature() {
       signedBaseUri + goodXmlPath + "?" + validSignatureQuery,
       /*allowNonBuiltIn*/ false,
       /*allowedCerts*/ false,
-      /*verifyContentSignature*/ true
+      /*verifyContentSignature*/ true,
+      /*trustedContentSignatureRoot*/ Ci.nsIX509CertDB.AppXPCShellRoot
     );
     Assert.ok(true, "Should successfully get addon list");
 
@@ -122,7 +123,8 @@ add_task(async function test_invalid_content_signature() {
       signedBaseUri + goodXmlPath + "?" + invalidSignatureQuery,
       /*allowNonBuiltIn*/ false,
       /*allowedCerts*/ false,
-      /*verifyContentSignature*/ true
+      /*verifyContentSignature*/ true,
+      /*trustedContentSignatureRoot*/ Ci.nsIX509CertDB.AppXPCShellRoot
     );
     Assert.ok(false, "Should fail to get addon list");
   } catch (e) {
@@ -143,7 +145,8 @@ add_task(async function test_missing_content_signature_header() {
       signedBaseUri + goodXmlPath + "?" + missingSignatureQuery,
       /*allowNonBuiltIn*/ false,
       /*allowedCerts*/ false,
-      /*verifyContentSignature*/ true
+      /*verifyContentSignature*/ true,
+      /*trustedContentSignatureRoot*/ Ci.nsIX509CertDB.AppXPCShellRoot
     );
     Assert.ok(false, "Should fail to get addon list");
   } catch (e) {
@@ -165,7 +168,8 @@ add_task(async function test_incomplete_content_signature_header() {
       signedBaseUri + goodXmlPath + "?" + incompleteSignatureQuery,
       /*allowNonBuiltIn*/ false,
       /*allowedCerts*/ false,
-      /*verifyContentSignature*/ true
+      /*verifyContentSignature*/ true,
+      /*trustedContentSignatureRoot*/ Ci.nsIX509CertDB.AppXPCShellRoot
     );
     Assert.ok(false, "Should fail to get addon list");
   } catch (e) {
@@ -187,7 +191,8 @@ add_task(async function test_bad_x5u_content_signature_header() {
       signedBaseUri + goodXmlPath + "?" + badX5uSignatureQuery,
       /*allowNonBuiltIn*/ false,
       /*allowedCerts*/ false,
-      /*verifyContentSignature*/ true
+      /*verifyContentSignature*/ true,
+      /*trustedContentSignatureRoot*/ Ci.nsIX509CertDB.AppXPCShellRoot
     );
     Assert.ok(false, "Should fail to get addon list");
   } catch (e) {
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-21 18:34:59 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-21 18:34:59 +0000
commit	b0410fc20c45227756a7bbdcff65e29eb0bc4d91 (patch)
tree	36bdaeed45bddfc236ac77adf672339174b3c9b3 /toolkit/mozapps
parent	Adding debian version 115.9.1esr-1~deb12u1. (diff)
download	firefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.tar.xz firefox-esr-b0410fc20c45227756a7bbdcff65e29eb0bc4d91.zip