Commit 3de25e7e authored by Kathleen Brade's avatar Kathleen Brade Committed by Matthew Finkel
Browse files

Bug 30237: Add v3 onion services client authentication prompt 

When Tor informs the browser that client authentication is needed,
temporarily load about:blank instead of about:neterror and prompt
for the user's key.

If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
control port command to add the key (via Torbutton's control port
module) and reload the page.

If the user cancels the prompt, display the standard about:neterror
"Unable to connect" page. This requires a small change to
browser/actors/NetErrorChild.jsm to account for the fact that the
docShell no longer has the failedChannel information. The failedChannel
is used to extract TLS-related error info, which is not applicable
in the case of a canceled .onion authentication prompt.

Add a leaveOpen option to PopupNotifications.show so we can display
error messages within the popup notification doorhanger without
closing the prompt.

Add support for onion services strings to the TorStrings module.

Add support for Tor extended SOCKS errors (Tor proposal 304) to the
socket transport and SOCKS layers. Improved display of all of these
errors will be implemented as part of bug 30025.

Also fixes bug 19757:
 Add a "Remember this key" checkbox to the client auth prompt.

 Add an "Onion Services Authentication" section within the
 about:preferences "Privacy & Security section" to allow
 viewing and removal of v3 onion client auth keys that have
 been stored on disk.

Also fixes bug 19251: use enhanced error pages for onion service errors.
parent db8e6533

browser/actors/NetErrorChild.jsm

+7 −0
Original line number Diff line number Diff line
@@ -13,6 +13,8 @@ const { RemotePageChild } = ChromeUtils.import( 
  "resource://gre/actors/RemotePageChild.jsm"

);



const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm");



XPCOMUtils.defineLazyServiceGetter(

  this,

  "gSerializationHelper",
@@ -29,6 +31,7 @@ class NetErrorChild extends RemotePageChild { 
      "RPMPrefIsLocked",

      "RPMAddToHistogram",

      "RPMRecordTelemetryEvent",

      "RPMGetTorStrings",

    ];

    this.exportFunctions(exportableFunctions);

  }
@@ -82,4 +85,8 @@ class NetErrorChild extends RemotePageChild { 
  RPMRecordTelemetryEvent(category, event, object, value, extra) {

    Services.telemetry.recordEvent(category, event, object, value, extra);

  }



  RPMGetTorStrings() {

    return Cu.cloneInto(TorStrings.onionServices, this.contentWindow);

  }

}

browser/base/content/aboutNetError.js

+9 −1
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
 * You can obtain one at http://mozilla.org/MPL/2.0/. */



/* eslint-env mozilla/frame-script */

/* import-globals-from ../../components/onionservices/content/netError/onionNetError.js */



const formatter = new Intl.DateTimeFormat("default");
@@ -241,7 +242,10 @@ function initPage() { 
    errDesc = document.getElementById("ed_generic");

  }



  const isOnionError = err.startsWith("onionServices.");

  if (!isOnionError) {

    setErrorPageStrings(err);

  }



  var sd = document.getElementById("errorShortDescText");

  if (sd) {
@@ -387,6 +391,10 @@ function initPage() { 
      span.textContent = document.location.hostname;

    }

  }



  if (isOnionError) {

    OnionServicesAboutNetError.initPage(document);

  }

}



function setupErrorUI() {

browser/base/content/aboutNetError.xhtml

+1 −0
Original line number Diff line number Diff line
@@ -208,5 +208,6 @@ 
      </div>

    </div>

  </body>

  <script src="chrome://browser/content/onionservices/netError/onionNetError.js"/>

  <script src="chrome://browser/content/aboutNetError.js"/>

</html>

browser/base/content/browser.js

+10 −0
Original line number Diff line number Diff line
@@ -221,6 +221,11 @@ XPCOMUtils.defineLazyScriptGetter( 
  ["SecurityLevelButton"],

  "chrome://browser/content/securitylevel/securityLevel.js"

);

XPCOMUtils.defineLazyScriptGetter(

  this,

  ["OnionAuthPrompt"],

  "chrome://browser/content/onionservices/authPrompt.js"

);

XPCOMUtils.defineLazyScriptGetter(

  this,

  "gEditItemOverlay",
@@ -1884,6 +1889,9 @@ var gBrowserInit = { 
    // Init the SecuritySettingsButton

    SecurityLevelButton.init();



    // Init the OnionAuthPrompt

    OnionAuthPrompt.init();



    // Certain kinds of automigration rely on this notification to complete

    // their tasks BEFORE the browser window is shown. SessionStore uses it to

    // restore tabs into windows AFTER important parts like gMultiProcessBrowser
@@ -2568,6 +2576,8 @@ var gBrowserInit = { 


    SecurityLevelButton.uninit();



    OnionAuthPrompt.uninit();



    gAccessibilityServiceIndicator.uninit();



    AccessibilityRefreshBlocker.uninit();

browser/base/content/browser.xhtml

+3 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ 
<?xml-stylesheet href="chrome://browser/skin/places/editBookmark.css" type="text/css"?>

<?xml-stylesheet href="chrome://torbutton/skin/tor-circuit-display.css" type="text/css"?>

<?xml-stylesheet href="chrome://torbutton/skin/torbutton.css" type="text/css"?>

<?xml-stylesheet href="chrome://browser/content/onionservices/onionservices.css" type="text/css"?>



# All DTD information is stored in a separate file so that it can be shared by

# hiddenWindowMac.xhtml.
@@ -626,6 +627,7 @@ 
#include ../../components/downloads/content/downloadsPanel.inc.xhtml

#include ../../../devtools/startup/enableDevToolsPopup.inc.xhtml

#include ../../components/securitylevel/content/securityLevelPanel.inc.xhtml

#include ../../components/onionservices/content/authPopup.inc.xhtml

#include browser-allTabsMenu.inc.xhtml



    <hbox id="downloads-animation-container">
@@ -994,6 +996,7 @@ 
                         data-l10n-id="urlbar-indexed-db-notification-anchor"/>

                  <image id="password-notification-icon" class="notification-anchor-icon login-icon" role="button"

                         data-l10n-id="urlbar-password-notification-anchor"/>

#include ../../components/onionservices/content/authNotificationIcon.inc.xhtml

                  <stack id="plugins-notification-icon" class="notification-anchor-icon" role="button" align="center" data-l10n-id="urlbar-plugins-notification-anchor">

                    <image class="plugin-icon" />

                    <image id="plugin-icon-badge" />