wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge m-c to fx-team

Browse Source 
Hg: changed configure.in
This commit is contained in:
Joe Walker 2012-12-14 09:50:00 +00:00
commit f2a0cc032a
11 changed files with 324 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
b2g/config/unagi/releng-unagi.tt
View File

@ -6,8 +6,8 @@
"filename": "gonk.tar.xz"
},
{
"size": 8859648,
"digest": "05d4a99e0f36cd91d1b10a2b558979ea776e9a7e03b8a921af3b0bfc62e2d96cf4faa20586c39885b6f8b25089fe07726794620a3b18c4826a2f71e29d90a8ef",
"size": 8622080,
"digest": "7a2bbf0c76f7b7d5e4b89f758f69b5d8bcf08ec579374877de8939ad69883ab8cd842f04fdaa03a4ef9cdf8170f242e0381dd437e969d5212ead6cdd6f79ab50",
"algorithm": "sha512",
"filename": "boot.img"
}

1
b2g/confvars.sh
View File

@ -47,6 +47,7 @@ MOZ_EXTENSION_MANAGER=1
MOZ_SYS_MSG=1
MOZ_TIME_MANAGER=1
MOZ_B2G_CERTDATA=1
MOZ_PAY=1
MOZ_TOOLKIT_SEARCH=
MOZ_PLACES=

9
configure.in
View File

@ -7601,6 +7601,15 @@ if test -n "$MOZ_B2G_CAMERA"; then
fi
AC_SUBST(MOZ_B2G_CAMERA)
dnl ========================================================
dnl = Enable Support B2G-specific changes to the NSS
dnl = certificate trust database.
dnl ========================================================
if test -n "$MOZ_B2G_CERTDATA"; then
AC_DEFINE(MOZ_B2G_CERTDATA)
fi
AC_SUBST(MOZ_B2G_CERTDATA)
dnl ========================================================
dnl = Enable Support for Payment API
dnl ========================================================

137
dom/apps/src/Webapps.jsm
View File

@ -1622,6 +1622,7 @@ this.DOMApplicationRegistry = {
// Here are the steps when installing a package:
// - create a temp directory where to store the app.
// - download the zip in this directory.
// - check the signature on the zip.
// - extract the manifest from the zip and check it.
// - ask confirmation to the user.
// - add the new app to the registry.
@ -1661,28 +1662,6 @@ this.DOMApplicationRegistry = {
app: app });
}
function getInferedStatus() {
// XXX Update once we have digital signatures (bug 772365)
return Ci.nsIPrincipal.APP_STATUS_INSTALLED;
}
function getAppStatus(aManifest) {
let manifestStatus = AppsUtils.getAppManifestStatus(aManifest);
let inferedStatus = getInferedStatus();
return (Services.prefs.getBoolPref("dom.mozApps.dev_mode") ? manifestStatus
: inferedStatus);
}
// Returns true if the privilege level from the manifest
// is lower or equal to the one we infered for the app.
function checkAppStatus(aManifest) {
if (Services.prefs.getBoolPref("dom.mozApps.dev_mode")) {
return true;
}
return (AppsUtils.getAppManifestStatus(aManifest) <= getInferedStatus());
}
function download() {
debug("About to download " + aManifest.fullPackagePath());
@ -1742,7 +1721,7 @@ this.DOMApplicationRegistry = {
cleanup("NETWORK_ERROR");
return;
}
// Copy the zip on disk.
// Copy the zip on disk. XXX: this can consume all disk space.
let zipFile = FileUtils.getFile("TmpD",
["webapps", id, "application.zip"], true);
let ostream = FileUtils.openSafeFileOutputStream(zipFile);
@ -1753,50 +1732,76 @@ this.DOMApplicationRegistry = {
return;
}
let zipReader = Cc["@mozilla.org/libjar/zip-reader;1"]
.createInstance(Ci.nsIZipReader);
try {
zipReader.open(zipFile);
if (!zipReader.hasEntry("manifest.webapp")) {
throw "MISSING_MANIFEST";
let certdb;
try {
certdb = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
} catch (e) {
cleanup("CERTDB_ERROR");
return;
}
certdb.openSignedJARFileAsync(zipFile, function(aRv, aZipReader) {
try {
let zipReader;
let isSigned;
if (Components.isSuccessCode(aRv)) {
isSigned = true;
zipReader = aZipReader;
} else if (aRv != Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED) {
throw "INVALID_SIGNATURE";
} else {
isSigned = false;
zipReader = Cc["@mozilla.org/libjar/zip-reader;1"]
.createInstance(Ci.nsIZipReader);
zipReader.open(zipFile);
}
if (!zipReader.hasEntry("manifest.webapp")) {
throw "MISSING_MANIFEST";
}
let istream = zipReader.getInputStream("manifest.webapp");
// Obtain a converter to read from a UTF-8 encoded input stream.
let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
.createInstance(Ci.nsIScriptableUnicodeConverter);
converter.charset = "UTF-8";
let manifest = JSON.parse(converter.ConvertToUnicode(NetUtil.readInputStreamToString(istream,
istream.available()) || ""));
if (!AppsUtils.checkManifest(manifest)) {
throw "INVALID_MANIFEST";
}
if (!AppsUtils.checkInstallAllowed(manifest, aApp.installOrigin)) {
throw "INSTALL_FROM_DENIED";
}
let isDevMode = Services.prefs.getBoolPref("dom.mozApps.dev_mode");
let maxStatus = isDevMode ? Ci.nsIPrincipal.APP_STATUS_CERTIFIED
: isSigned ? Ci.nsIPrincipal.APP_STATUS_PRIVILEGED
: Ci.nsIPrincipal.APP_STATUS_INSTALLED;
if (AppsUtils.getAppManifestStatus(aManifest) > maxStatus) {
throw "INVALID_SECURITY_LEVEL";
}
if (aOnSuccess) {
aOnSuccess(id, manifest);
}
delete self.downloads[aApp.manifestURL];
} catch (e) {
// Something bad happened when reading the package.
if (typeof e == 'object') {
cleanup("INVALID_PACKAGE");
} else {
cleanup(e);
}
} finally {
zipReader.close();
}
let istream = zipReader.getInputStream("manifest.webapp");
// Obtain a converter to read from a UTF-8 encoded input stream.
let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
.createInstance(Ci.nsIScriptableUnicodeConverter);
converter.charset = "UTF-8";
let manifest = JSON.parse(converter.ConvertToUnicode(NetUtil.readInputStreamToString(istream,
istream.available()) || ""));
if (!AppsUtils.checkManifest(manifest)) {
throw "INVALID_MANIFEST";
}
if (!AppsUtils.checkInstallAllowed(manifest, aApp.installOrigin)) {
throw "INSTALL_FROM_DENIED";
}
if (!checkAppStatus(manifest)) {
throw "INVALID_SECURITY_LEVEL";
}
if (aOnSuccess) {
aOnSuccess(id, manifest);
}
delete self.downloads[aApp.manifestURL];
} catch (e) {
// Something bad happened when reading the package.
if (typeof e == 'object') {
cleanup("INVALID_PACKAGE");
} else {
cleanup(e);
}
} finally {
zipReader.close();
}
});
});
});
};

4
security/build/Makefile.in
View File

@ -251,6 +251,10 @@ DEFAULT_GMAKE_FLAGS += XCFLAGS="$(CFLAGS)"
DEFAULT_GMAKE_FLAGS += DARWIN_DYLIB_VERSIONS="-compatibility_version 1 -current_version 1 $(LDFLAGS)"
endif
ifdef MOZ_B2G_CERTDATA
include $(srcdir)/b2g-certdata.mk
endif
ifdef MOZ_NSS_PATCH
# If we're applying a patch, we'll copy the NSS source to the objdir
# and build it from there.

BIN
security/build/b2g-app-root-cert.der Normal file
View File

Binary file not shown.

35
security/build/b2g-certdata.mk Normal file
View File

@ -0,0 +1,35 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# On B2G, we need to remove the trust bits for code signing from all the
# built-in CAs, because we are redefining the code signing bit to mean
# "is trusted to issue certs that are trusted for signing apps," which none
# of the normal built-in CAs are. This is a temporary hack until we can use
# libpkix to verify the certificates. (libpkix gives the flexibility we need
# to verify certificates using different sets of trust anchors per validation.)
#
# Whenever we change the B2G app signing trust anchor, we need to manually
# update certdata-b2g.txt. To do so:
#
# 1. replace ./b2g-app-root-cert.der with the new DER-encoded root cert
#
# 2. In this directory run:
#
# PATH=$NSS/bin:$NSS/lib addbuiltin -n "b2g-app-root-cert" -t ",,Cu" \
# < b2g-app-root-cert.der > b2g-certdata.txt
#
# Then, commit the changes. We don't do this step as part of the build because
# we do not build addbuiltin as part of a Gecko build.
# Distrust all existing builtin CAs for code-signing
hacked-certdata.txt : $(srcdir)/../nss/lib/ckfw/builtins/certdata.txt
sed -e "s/^CKA_TRUST_CODE_SIGNING.*CKT_NSS_TRUSTED_DELEGATOR.*/CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST/" \
$< > $@
combined-certdata.txt : hacked-certdata.txt $(srcdir)/b2g-certdata.txt
cat $^ > $@
libs:: combined-certdata.txt
DEFAULT_GMAKE_FLAGS += NSS_CERTDATA_TXT='$(CURDIR)/combined-certdata.txt'

145
security/build/b2g-certdata.txt Normal file
View File

@ -0,0 +1,145 @@
#
# Certificate "b2g-app-root-cert"
#
# Issuer: C=US,ST=CA,L=Mountain View,O=Examplla Corporation,OU=Examplla CA,CN=Examplla Root CA 1
# Serial Number: 1 (0x1)
# Subject: C=US,ST=CA,L=Mountain View,O=Examplla Corporation,OU=Examplla CA,CN=Examplla Root CA 1
# Not Valid Before: Wed Nov 21 23:00:03 2012
# Not Valid After : Sat Nov 19 23:00:03 2022
# Fingerprint (MD5): 05:14:37:02:CC:6B:3B:0F:EB:40:2D:FA:C7:CF:D3:B6
# Fingerprint (SHA1): 33:F8:4F:CB:0C:1F:CE:35:32:6A:8C:A1:C3:CB:C9:BE:1F:B8:ED:9E
CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "b2g-app-root-cert"
CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT MULTILINE_OCTAL
\060\201\204\061\033\060\031\006\003\125\004\003\023\022\105\170
\141\155\160\154\154\141\040\122\157\157\164\040\103\101\040\061
\061\024\060\022\006\003\125\004\013\023\013\105\170\141\155\160
\154\154\141\040\103\101\061\035\060\033\006\003\125\004\012\023
\024\105\170\141\155\160\154\154\141\040\103\157\162\160\157\162
\141\164\151\157\156\061\026\060\024\006\003\125\004\007\023\015
\115\157\165\156\164\141\151\156\040\126\151\145\167\061\013\060
\011\006\003\125\004\010\023\002\103\101\061\013\060\011\006\003
\125\004\006\023\002\125\123
END
CKA_ID UTF8 "0"
CKA_ISSUER MULTILINE_OCTAL
\060\201\204\061\033\060\031\006\003\125\004\003\023\022\105\170
\141\155\160\154\154\141\040\122\157\157\164\040\103\101\040\061
\061\024\060\022\006\003\125\004\013\023\013\105\170\141\155\160
\154\154\141\040\103\101\061\035\060\033\006\003\125\004\012\023
\024\105\170\141\155\160\154\154\141\040\103\157\162\160\157\162
\141\164\151\157\156\061\026\060\024\006\003\125\004\007\023\015
\115\157\165\156\164\141\151\156\040\126\151\145\167\061\013\060
\011\006\003\125\004\010\023\002\103\101\061\013\060\011\006\003
\125\004\006\023\002\125\123
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001
END
CKA_VALUE MULTILINE_OCTAL
\060\202\003\300\060\202\002\250\240\003\002\001\002\002\001\001
\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
\201\204\061\033\060\031\006\003\125\004\003\023\022\105\170\141
\155\160\154\154\141\040\122\157\157\164\040\103\101\040\061\061
\024\060\022\006\003\125\004\013\023\013\105\170\141\155\160\154
\154\141\040\103\101\061\035\060\033\006\003\125\004\012\023\024
\105\170\141\155\160\154\154\141\040\103\157\162\160\157\162\141
\164\151\157\156\061\026\060\024\006\003\125\004\007\023\015\115
\157\165\156\164\141\151\156\040\126\151\145\167\061\013\060\011
\006\003\125\004\010\023\002\103\101\061\013\060\011\006\003\125
\004\006\023\002\125\123\060\036\027\015\061\062\061\061\062\061
\062\063\060\060\060\063\132\027\015\062\062\061\061\061\071\062
\063\060\060\060\063\132\060\201\204\061\033\060\031\006\003\125
\004\003\023\022\105\170\141\155\160\154\154\141\040\122\157\157
\164\040\103\101\040\061\061\024\060\022\006\003\125\004\013\023
\013\105\170\141\155\160\154\154\141\040\103\101\061\035\060\033
\006\003\125\004\012\023\024\105\170\141\155\160\154\154\141\040
\103\157\162\160\157\162\141\164\151\157\156\061\026\060\024\006
\003\125\004\007\023\015\115\157\165\156\164\141\151\156\040\126
\151\145\167\061\013\060\011\006\003\125\004\010\023\002\103\101
\061\013\060\011\006\003\125\004\006\023\002\125\123\060\202\001
\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000
\003\202\001\017\000\060\202\001\012\002\202\001\001\000\332\255
\200\271\353\277\343\215\020\027\261\053\357\061\075\375\164\371
\224\036\227\017\253\373\233\061\207\106\273\172\037\376\227\235
\110\121\303\065\154\340\335\037\375\010\321\256\073\267\176\335
\322\363\251\051\077\315\135\143\321\335\266\250\120\322\302\327
\361\033\256\304\267\126\325\330\245\267\125\020\314\366\244\360
\331\032\174\242\105\075\220\177\133\317\332\353\274\257\322\123
\341\122\031\065\242\175\070\042\123\073\205\351\057\330\305\174
\004\073\324\153\123\021\255\111\012\114\310\374\357\375\001\007
\034\374\235\111\112\161\036\323\223\224\262\336\340\237\035\111
\202\307\122\255\053\257\065\037\370\235\014\073\207\317\110\376
\205\112\335\337\126\343\234\003\225\033\356\072\371\261\175\343
\153\262\257\031\230\116\271\120\201\273\025\374\105\346\127\326
\314\334\335\106\336\114\154\066\360\072\312\245\003\237\377\302
\153\271\337\167\277\057\103\145\325\205\235\374\016\120\277\171
\031\373\362\103\001\175\115\141\017\310\122\343\127\131\232\244
\077\056\263\351\044\273\075\104\226\224\247\321\266\317\002\003
\001\000\001\243\073\060\071\060\017\006\003\125\035\023\001\001
\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017\001
\001\377\004\004\003\002\002\004\060\026\006\003\125\035\045\001
\001\377\004\014\060\012\006\010\053\006\001\005\005\007\003\003
\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
\202\001\001\000\227\120\113\310\374\002\002\163\167\074\162\233
\024\157\215\261\001\075\201\165\056\113\103\327\222\142\076\145
\222\041\227\066\023\175\323\144\016\372\277\163\362\102\176\256
\003\107\075\330\255\306\304\223\266\271\146\152\140\017\166\056
\034\021\052\133\010\117\117\131\214\134\365\032\155\335\074\120
\036\002\361\020\235\366\203\145\262\353\267\277\063\377\210\355
\361\172\077\220\252\003\375\172\260\105\311\317\023\337\231\053
\327\212\052\073\241\371\145\114\255\052\302\031\150\001\164\260
\173\124\206\234\355\225\056\224\156\200\066\000\143\325\111\341
\157\175\324\305\126\071\053\325\163\372\057\335\207\140\041\306
\030\360\233\211\373\331\252\360\067\306\274\047\357\164\316\244
\157\122\247\030\326\300\352\031\037\261\176\333\342\336\221\207
\014\214\142\016\072\305\370\046\140\133\074\137\210\120\126\301
\202\350\333\347\342\253\325\330\276\160\074\066\266\261\021\056
\064\152\370\352\226\311\100\376\303\225\273\146\307\275\066\310
\211\226\344\146\126\041\237\037\213\001\325\112\113\054\250\110
\042\057\035\220
END
# Trust for "b2g-app-root-cert"
# Issuer: C=US,ST=CA,L=Mountain View,O=Examplla Corporation,OU=Examplla CA,CN=Examplla Root CA 1
# Serial Number: 1 (0x1)
# Subject: C=US,ST=CA,L=Mountain View,O=Examplla Corporation,OU=Examplla CA,CN=Examplla Root CA 1
# Not Valid Before: Wed Nov 21 23:00:03 2012
# Not Valid After : Sat Nov 19 23:00:03 2022
# Fingerprint (MD5): 05:14:37:02:CC:6B:3B:0F:EB:40:2D:FA:C7:CF:D3:B6
# Fingerprint (SHA1): 33:F8:4F:CB:0C:1F:CE:35:32:6A:8C:A1:C3:CB:C9:BE:1F:B8:ED:9E
CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
CKA_TOKEN CK_BBOOL CK_TRUE
CKA_PRIVATE CK_BBOOL CK_FALSE
CKA_MODIFIABLE CK_BBOOL CK_FALSE
CKA_LABEL UTF8 "b2g-app-root-cert"
CKA_CERT_SHA1_HASH MULTILINE_OCTAL
\063\370\117\313\014\037\316\065\062\152\214\241\303\313\311\276
\037\270\355\236
END
CKA_CERT_MD5_HASH MULTILINE_OCTAL
\005\024\067\002\314\153\073\017\353\100\055\372\307\317\323\266
END
CKA_ISSUER MULTILINE_OCTAL
\060\201\204\061\033\060\031\006\003\125\004\003\023\022\105\170
\141\155\160\154\154\141\040\122\157\157\164\040\103\101\040\061
\061\024\060\022\006\003\125\004\013\023\013\105\170\141\155\160
\154\154\141\040\103\101\061\035\060\033\006\003\125\004\012\023
\024\105\170\141\155\160\154\154\141\040\103\157\162\160\157\162
\141\164\151\157\156\061\026\060\024\006\003\125\004\007\023\015
\115\157\165\156\164\141\151\156\040\126\151\145\167\061\013\060
\011\006\003\125\004\010\023\002\103\101\061\013\060\011\006\003
\125\004\006\023\002\125\123
END
CKA_SERIAL_NUMBER MULTILINE_OCTAL
\002\001\001
END
CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE

56
security/manager/ssl/tests/unit/test_signed_apps-marketplace.js Normal file
View File

@ -0,0 +1,56 @@
"use strict";
const Cc = Components.classes;
const Ci = Components.interfaces;
const Cu = Components.utils;
const Cr = Components.results;
const isB2G = ("@mozilla.org/b2g-keyboard;1" in Components.classes);
Cu.import("resource://gre/modules/FileUtils.jsm");
Cu.import("resource://gre/modules/Services.jsm");
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
function run_test() {
run_next_test();
}
function check_open_result(name, expectedRv) {
if (expectedRv == Cr.NS_OK && !isB2G) {
// We do not trust the marketplace trust anchor on non-B2G builds
// XXX: NSS has many possible error codes for this, e.g.
// SEC_ERROR_UNTRUSTED_ISSUER and others are also reasonable. Future
// versions of NSS may return one of these alternate errors; in that case
// we need to update this test.
//
// XXX (bug 812089): Cr.NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER is undefined.
//
// XXX: Cannot use operator| instead of operator+ to combine bits because
// bit 31 trigger's JavaScript's crazy interpretation of the numbers as
// two's complement negative integers.
const NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER = 0x80000000 /*unsigned (1 << 31)*/
+ ( (0x45 + 21) << 16)
+ (-(-0x2000 + 13) );
expectedRv = NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER;
}
return function openSignedJARFileCallback(rv, aZipReader, aSignerCert) {
do_print("openSignedJARFileCallback called for " + name);
do_check_eq(rv, expectedRv);
do_check_eq(aZipReader != null, Components.isSuccessCode(expectedRv));
do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
run_next_test();
};
}
function original_app_path(test_name) {
return do_get_file("test_signed_apps/" + test_name + ".zip", false);
}
add_test(function () {
certdb.openSignedJARFileAsync(
original_app_path("privileged-app-test-1.0"),
check_open_result("privileged-app-test-1.0", Cr.NS_OK));
});

BIN
security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip Normal file
View File

Binary file not shown.

1
security/manager/ssl/tests/unit/xpcshell.ini
View File

@ -3,6 +3,7 @@ head =
tail =
[test_signed_apps.js]
[test_signed_apps-marketplace.js]
[test_datasignatureverifier.js]
# Bug 676972: test hangs consistently on Android
skip-if = os == "android"