fixup! Bug 10760: Integrate TorButton to TorBrowser core

Bug 41600 - Add API to domain-isolator to get the stored SOCKS username and password for a given domain and user context ID. Also get rid of unused newCircuitForUserContextId. Also remove the return statement from tor-control-port's watchEvent since addNotificationCallback does not return a value.

fixup! Bug 10760: Integrate TorButton to TorBrowser core
f335b937 · henry · Pier Angelo Vendrame · f142bbf3 · f335b937 · f335b937
Verified Commit f335b937 authored Mar 10, 2023 by henry Committed by Pier Angelo Vendrame Apr 4, 2023
--- a/toolkit/torbutton/components/domain-isolator.js
+++ b/toolkit/torbutton/components/domain-isolator.js
@@ -72,13 +72,23 @@ tor.isolationEnabled = true;
 // Specifies when the current catch-all circuit was first used
 tor.unknownDirtySince = Date.now();

-tor.passwordForDomainAndUserContextId = function(domain, userContextId) {
-  // Check if we already have a nonce. If not, create
-  // one for this domain and userContextId.
+tor.passwordForDomainAndUserContextId = function(
+  domain,
+  userContextId,
+  create
+) {
+  // Check if we already have a nonce. If not, possibly create one for this
+  // domain and userContextId.
  if (!tor.noncesForDomains.has(domain)) {
+    if (!create) {
+      return null;
+    }
    tor.noncesForDomains.set(domain, tor.nonce());
  }
  if (!tor.noncesForUserContextId.has(userContextId)) {
+    if (!create) {
+      return null;
+    }
    tor.noncesForUserContextId.set(userContextId, tor.nonce());
  }
  return (
@@ -87,21 +97,30 @@ tor.passwordForDomainAndUserContextId = function(domain, userContextId) {
  );
 };

+tor.usernameForDomainAndUserContextId = function(domain, userContextId) {
+  return `${domain}:${userContextId}`;
+};
+
 // __tor.socksProxyCredentials(originalProxy, domain, userContextId)__.
 // Takes a proxyInfo object (originalProxy) and returns a new proxyInfo
 // object with the same properties, except the username is set to the
 // the domain and userContextId, and the password is a nonce.
 tor.socksProxyCredentials = function(originalProxy, domain, userContextId) {
  let proxy = originalProxy.QueryInterface(Ci.nsIProxyInfo);
-  let proxyPassword = tor.passwordForDomainAndUserContextId(
+  let proxyUsername = tor.usernameForDomainAndUserContextId(
    domain,
    userContextId
  );
+  let proxyPassword = tor.passwordForDomainAndUserContextId(
+    domain,
+    userContextId,
+    true
+  );
  return mozilla.protocolProxyService.newProxyInfoWithAuth(
    "socks",
    proxy.host,
    proxy.port,
-    `${domain}:${userContextId}`, // username
+    proxyUsername,
    proxyPassword,
    "", // aProxyAuthorizationHeader
    "", // aConnectionIsolationKey
@@ -235,11 +254,41 @@ DomainIsolator.prototype = {
      tor.isolateCircuitsByDomain();
    }
  },
+
  newCircuitForDomain(domain) {
    tor.newCircuitForDomain(domain);
  },
-  newCircuitForUserContextId(userContextId) {
-    tor.newCircuitForUserContextId(userContextId);
+
+  /**
+   * Return the stored SOCKS proxy username and password for the given domain
+   * and user context ID.
+   *
+   * @param {string} firstPartyDomain - The domain to lookup credentials for.
+   * @param {integer} userContextId - The ID for the user context.
+   *
+   * @return {{ username: string, password: string }?} - The SOCKS credentials,
+   *   or null if none are found.
+   */
+  getSocksProxyCredentials(firstPartyDomain, userContextId) {
+    if (firstPartyDomain == "") {
+      firstPartyDomain = "--unknown--";
+    }
+    let proxyPassword = tor.passwordForDomainAndUserContextId(
+      firstPartyDomain,
+      userContextId,
+      // Do not create a new entry if it does not exist.
+      false
+    );
+    if (!proxyPassword) {
+      return null;
+    }
+    return {
+      username: tor.usernameForDomainAndUserContextId(
+        firstPartyDomain,
+        userContextId
+      ),
+      password: proxyPassword,
+    };
  },

  enableIsolation() {


--- a/toolkit/torbutton/modules/tor-control-port.js
+++ b/toolkit/torbutton/modules/tor-control-port.js
@@ -840,7 +840,7 @@ event.messageToData = function(type, message) {
 // stops watching the event. Note: we only observe `"650" SP...` events
 // currently (no `650+...` or `650-...` events).
 event.watchEvent = function(controlSocket, type, filter, onData, raw = false) {
-  return controlSocket.addNotificationCallback(
+  controlSocket.addNotificationCallback(
    new RegExp("^650 " + type),
    function(message) {
      let data = event.messageToData(type, message);
@@ -876,8 +876,9 @@ tor.controller = async function(ipcFile, host, port, password) {
    onionAuthAdd: (hsAddress, b64PrivateKey, isPermanent) =>
      onionAuth.add(socket, hsAddress, b64PrivateKey, isPermanent),
    onionAuthRemove: hsAddress => onionAuth.remove(socket, hsAddress),
-    watchEvent: (type, filter, onData, raw = false) =>
-      event.watchEvent(socket, type, filter, onData, raw),
+    watchEvent: (type, filter, onData, raw = false) => {
+      event.watchEvent(socket, type, filter, onData, raw);
+    },
    isOpen: () => socket.isOpen(),
    close: () => {
      socket.close();


--- a/toolkit/torbutton/modules/utils.js
+++ b/toolkit/torbutton/modules/utils.js
@@ -232,7 +232,11 @@ var getDomainForBrowser = browser => {
  let fpd = browser.contentPrincipal.originAttributes.firstPartyDomain;
  // Bug 31562: For neterror or certerror, get the original URL from
  // browser.currentURI and use it to calculate the firstPartyDomain.
-  let knownErrors = ["about:neterror", "about:certerror"];
+  let knownErrors = [
+    "about:neterror",
+    "about:certerror",
+    "about:httpsonlyerror",
+  ];
  let documentURI = browser.documentURI;
  if (
    documentURI &&