From 9659e3209a0bde4d905e730c9930706772d667f5 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Thu, 14 Nov 2019 12:13:54 +0100
Subject: Issue mcp-graveyard/UXP#1289 - Part 1: Add a pref to disable HPKP
 header processing.

---
 security/manager/ssl/nsSiteSecurityService.cpp | 40 +++++++++++++++++++++++---
 security/manager/ssl/nsSiteSecurityService.h   |  1 +
 2 files changed, 37 insertions(+), 4 deletions(-)

(limited to 'security/manager')

diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
index 44ee7dcc07..1b7f06a470 100644
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -212,6 +212,7 @@ nsSiteSecurityService::nsSiteSecurityService()
   , mUsePreloadList(true)
   , mUseStsService(true)
   , mPreloadListTimeOffset(0)
+  , mHPKPEnabled(false)
 {
 }
 
@@ -240,6 +241,10 @@ nsSiteSecurityService::Init()
     "network.stricttransportsecurity.preloadlist", true);
   mozilla::Preferences::AddStrongObserver(this,
     "network.stricttransportsecurity.preloadlist");
+  mHPKPEnabled = mozilla::Preferences::GetBool(
+     "security.cert_pinning.hpkp.enabled", false);
+  mozilla::Preferences::AddStrongObserver(this,
+     "security.cert_pinning.hpkp.enabled");
   mUseStsService = mozilla::Preferences::GetBool(
     "network.stricttransportsecurity.enabled", true);
   mozilla::Preferences::AddStrongObserver(this,
@@ -687,6 +692,17 @@ nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
   if (aFailureResult) {
     *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
   }
+  if (!mHPKPEnabled) {
+    SSSLOG(("SSS: HPKP disabled: not processing header '%s'", aHeader));
+    if (aMaxAge) {
+      *aMaxAge = 0;
+    }
+    if (aIncludeSubdomains) {
+      *aIncludeSubdomains = false;
+    }
+    return NS_OK;
+  }
+
   SSSLOG(("SSS: processing HPKP header '%s'", aHeader));
   NS_ENSURE_ARG(aSSLStatus);
 
@@ -1185,17 +1201,24 @@ nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname,
                                              mozilla::pkix::Time& aEvalTime,
                                              /*out*/ nsTArray<nsCString>& pinArray,
                                              /*out*/ bool* aIncludeSubdomains,
-                                             /*out*/ bool* afound) {
+                                             /*out*/ bool* aFound) {
    // Child processes are not allowed direct access to this.
    if (!XRE_IsParentProcess()) {
      MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::GetKeyPinsForHostname");
    }
 
-  NS_ENSURE_ARG(afound);
+  NS_ENSURE_ARG(aFound);
   NS_ENSURE_ARG(aHostname);
 
+  if (!mHPKPEnabled) {
+    SSSLOG(("HPKP disabled - returning 'pins not found' for %s",
+            aHostname));
+    *aFound = false;
+    return NS_OK;
+  }
+
   SSSLOG(("Top of GetKeyPinsForHostname for %s", aHostname));
-  *afound = false;
+  *aFound = false;
   *aIncludeSubdomains = false;
   pinArray.Clear();
 
@@ -1228,7 +1251,7 @@ nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname,
   }
   pinArray = foundEntry.mSHA256keys;
   *aIncludeSubdomains = foundEntry.mIncludeSubdomains;
-  *afound = true;
+  *aFound = true;
   return NS_OK;
 }
 
@@ -1248,6 +1271,13 @@ nsSiteSecurityService::SetKeyPins(const char* aHost, bool aIncludeSubdomains,
   NS_ENSURE_ARG_POINTER(aResult);
   NS_ENSURE_ARG_POINTER(aSha256Pins);
 
+
+  if (!mHPKPEnabled) {
+    SSSLOG(("SSS: HPKP disabled: not setting pins"));
+    *aResult = false;
+    return NS_OK;
+  }
+
   SSSLOG(("Top of SetPins"));
 
   nsTArray<nsCString> sha256keys;
@@ -1313,6 +1343,8 @@ nsSiteSecurityService::Observe(nsISupports *subject,
       "network.stricttransportsecurity.enabled", true);
     mPreloadListTimeOffset =
       mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
+    mHPKPEnabled = mozilla::Preferences::GetBool(
+      "security.cert_pinning.hpkp.enabled", false);
     mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
       "security.cert_pinning.process_headers_from_non_builtin_roots", false);
     mMaxMaxAge = mozilla::Preferences::GetInt(
diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h
index 63afee3771..c14543684f 100644
--- a/security/manager/ssl/nsSiteSecurityService.h
+++ b/security/manager/ssl/nsSiteSecurityService.h
@@ -152,6 +152,7 @@ private:
   bool mUsePreloadList;
   bool mUseStsService;
   int64_t mPreloadListTimeOffset;
+  bool mHPKPEnabled;
   bool mProcessPKPHeadersFromNonBuiltInRoots;
   RefPtr<mozilla::DataStorage> mSiteStateStorage;
   RefPtr<mozilla::DataStorage> mPreloadStateStorage;
-- 
cgit v1.2.3