Bug 1030135: Enable pinning on services.mozilla.com in test mode (r=keeler,a=kwierso)

This commit is contained in:
Monica Chew 2014-09-05 12:04:26 -07:00
parent a0465b001a
commit 5c0326bb2b
2 changed files with 16 additions and 13 deletions

View File

@ -486,17 +486,17 @@ static const StaticPinset kPinset_mozilla = {
&kPinset_mozilla_sha256
};
static const char* kPinset_mozilla_fxa_sha256_Data[] = {
static const char* kPinset_mozilla_services_sha256_Data[] = {
kDigiCert_Global_Root_CAFingerprint,
};
static const StaticFingerprints kPinset_mozilla_fxa_sha256 = {
sizeof(kPinset_mozilla_fxa_sha256_Data) / sizeof(const char*),
kPinset_mozilla_fxa_sha256_Data
static const StaticFingerprints kPinset_mozilla_services_sha256 = {
sizeof(kPinset_mozilla_services_sha256_Data) / sizeof(const char*),
kPinset_mozilla_services_sha256_Data
};
static const StaticPinset kPinset_mozilla_fxa = {
static const StaticPinset kPinset_mozilla_services = {
nullptr,
&kPinset_mozilla_fxa_sha256
&kPinset_mozilla_services_sha256
};
static const char* kPinset_mozilla_test_sha256_Data[] = {
@ -751,13 +751,13 @@ struct TransportSecurityPreload {
/* Sort hostnames for binary search. */
static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "2mdn.net", true, false, false, -1, &kPinset_google_root_pems },
{ "accounts.firefox.com", true, false, false, 4, &kPinset_mozilla_fxa },
{ "accounts.firefox.com", true, false, false, 4, &kPinset_mozilla_services },
{ "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
{ "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla },
{ "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "android.com", true, false, false, -1, &kPinset_google_root_pems },
{ "api.accounts.firefox.com", true, false, false, 5, &kPinset_mozilla_fxa },
{ "api.accounts.firefox.com", true, false, false, 5, &kPinset_mozilla_services },
{ "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
{ "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
@ -1043,6 +1043,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "script.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "security.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "services.mozilla.com", true, true, false, -1, &kPinset_mozilla_services },
{ "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
{ "ssl.google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
@ -1082,8 +1083,8 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
{ "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
};
// Pinning Preload List Length = 330;
// Pinning Preload List Length = 331;
static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1417860919825000);
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1418406258075000);

View File

@ -94,7 +94,7 @@
]
},
{
"name": "mozilla_fxa",
"name": "mozilla_services",
"sha256_hashes": [
"DigiCert Global Root CA"
]
@ -207,15 +207,17 @@
{ "name": "aus4.mozilla.org", "include_subdomains": true,
"pins": "mozilla", "test_mode": true, "id": 3 },
{ "name": "accounts.firefox.com", "include_subdomains": true,
"pins": "mozilla_fxa", "test_mode": false, "id": 4 },
"pins": "mozilla_services", "test_mode": false, "id": 4 },
{ "name": "api.accounts.firefox.com", "include_subdomains": true,
"pins": "mozilla_fxa", "test_mode": false, "id": 5 },
"pins": "mozilla_services", "test_mode": false, "id": 5 },
{ "name": "cdn.mozilla.net", "include_subdomains": true,
"pins": "mozilla", "test_mode": false },
{ "name": "cdn.mozilla.org", "include_subdomains": true,
"pins": "mozilla", "test_mode": false },
{ "name": "media.mozilla.com", "include_subdomains": true,
"pins": "mozilla", "test_mode": false },
{ "name": "services.mozilla.com", "include_subdomains": true,
"pins": "mozilla_services", "test_mode": true },
{ "name": "include-subdomains.pinning.example.com",
"include_subdomains": true, "pins": "mozilla_test",
"test_mode": false },