Commit 785e828e authored by Michael Kaply's avatar Michael Kaply
Browse files

Bug 1474683 - Add support for importing certificates. r=flod,Felipe

Differential Revision: https://phabricator.services.mozilla.com/D8286

--HG--
extra : moz-landing-system : lando
parent a4f396d9
......@@ -7,9 +7,11 @@
ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
ChromeUtils.import("resource://gre/modules/Services.jsm");
ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
XPCOMUtils.defineLazyServiceGetter(this, "gXulStore",
"@mozilla.org/xul/xulstore;1",
"nsIXULStore");
XPCOMUtils.defineLazyServiceGetters(this, {
gCertDB: ["@mozilla.org/security/x509certdb;1", "nsIX509CertDB"],
gXulStore: ["@mozilla.org/xul/xulstore;1", "nsIXULStore"],
});
XPCOMUtils.defineLazyModuleGetters(this, {
AddonManager: "resource://gre/modules/AddonManager.jsm",
......@@ -19,6 +21,8 @@ XPCOMUtils.defineLazyModuleGetters(this, {
WebsiteFilter: "resource:///modules/policies/WebsiteFilter.jsm",
});
XPCOMUtils.defineLazyGlobalGetters(this, ["File", "FileReader"]);
const PREF_LOGLEVEL = "browser.policies.loglevel";
const BROWSER_DOCUMENT_URL = AppConstants.BROWSER_CHROME_URL;
......@@ -134,6 +138,56 @@ var Policies = {
if ("ImportEnterpriseRoots" in param) {
setAndLockPref("security.enterprise_roots.enabled", param.ImportEnterpriseRoots);
}
if ("Install" in param) {
(async () => {
let dirs = [];
let platform = AppConstants.platform;
if (platform == "win") {
dirs = [
// Ugly, but there is no official way to get %USERNAME\AppData\Local\Mozilla.
Services.dirsvc.get("XREUSysExt", Ci.nsIFile).parent,
];
} else if (platform == "macosx" || platform == "linux") {
dirs = [
// These two keys are named wrong. They return the Mozilla directory.
Services.dirsvc.get("XREUserNativeManifests", Ci.nsIFile),
Services.dirsvc.get("XRESysNativeManifests", Ci.nsIFile),
];
}
for (let dir of dirs) {
dir.append(platform == "linux" ? "certificates" : "Certificates");
for (let certfilename of param.Install) {
let certfile = dir.clone();
certfile.append(certfilename);
let file;
try {
file = await File.createFromNsIFile(certfile);
} catch (e) {
log.info(`Unable to open certificate - ${certfile.path}`);
continue;
}
let reader = new FileReader();
reader.onloadend = function() {
if (reader.readyState != reader.DONE) {
log.error(`Unable to read certificate - ${certfile.path}`);
return;
}
let cert = reader.result;
try {
if (/-----BEGIN CERTIFICATE-----/.test(cert)) {
gCertDB.addCertFromBase64(pemToBase64(cert), "CTu,CTu,");
} else {
gCertDB.addCert(cert, "CTu,CTu,");
}
} catch (e) {
log.error(`Unable to add certificate - ${certfile.path}`);
}
};
reader.readAsBinaryString(file);
}
}
})();
}
},
},
......@@ -1062,3 +1116,9 @@ function blockAllChromeURLs() {
ChromeURLBlockPolicy.contractID,
ChromeURLBlockPolicy.contractID, false, true);
}
function pemToBase64(pem) {
return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
.replace(/-----END CERTIFICATE-----/, "")
.replace(/[\r\n]/g, "");
}
......@@ -235,6 +235,7 @@ function generateDocumentation() {
// existing descriptions
let string_mapping = {
"DisableSetDesktopBackground": "DisableSetAsDesktopBackground",
"Certificates": "CertificatesDescription",
};
for (let policyName in schema.properties) {
......
......@@ -95,6 +95,12 @@
"properties": {
"ImportEnterpriseRoots": {
"type": "boolean"
},
"Install": {
"type": "array",
"items": {
"type": "string"
}
}
}
},
......
......@@ -23,7 +23,7 @@ policy-BlockAboutSupport = Block access to the about:support page.
policy-Bookmarks = Create bookmarks in the Bookmarks toolbar, Bookmarks menu, or a specified folder inside them.
policy-Certificates = Whether or not to use built-in certificates. This policy is Windows only at this time.
policy-CertificatesDescription = Add certificates or use built-in certificates.
policy-Cookies = Allow or deny websites to set cookies.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment