Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

thorny issue with certificate checking

2 views

Skip to first unread message

Carl Shimer

unread,

Dec 29, 2009, 12:33:35 PM12/29/09

Background: I am trying to automate the extension Manager using our
own version of firefox / mozilla. What I want to accomplish is
calling the extension manager, asking it to find extensions, and then
install them. How does this involve security? read on:

I have noticed that attempting to use the nsExtensionManager service
from my chrome pages doesn't work due to an obscure certificate
checking error. In nsExtensionManager.js checkcert() there are a
couple of lines:

issuer = issuer.QueryInterface(Ci.nsIX509Cert3);
var tokenNames = issuer.getAllTokenNames({});

When the extension manager is invoked from chrome://mozapps/content/extensions/extensions.xul
that is launched by clicking on the Tools ->Add ons dialog,
getAllTokenNames() returns a list of valid tokens. However, if the
extension manager is invoked from another context it dies because the
cerificate it is trying to check returns NULL for getAllTokenNames
().

THings I have tried:
1) Invoking the extension manager from a privileged chrome page
20 Invoking the extension manager from a privileged XPCOM component

None of these seem to work. The only way that works is when the
extension UI is invoked directly from firefox (as in Tools -> Addons).

This lead me to thinking that there must be an issue with the security
context. The cerificate checking code uses the securityInfo property
from the channel. I noticed that when the extension manager works
properly the channel.__parent__ property is set to a chrome window.
When the certificate check does not work, I noticed that the
channel.__parent__ property was set to null.

Does the mozilla security architecture rely on the __parent__
property? Any idea how to ensure that the __parent__ property is set
to a valid window (it appears to be read only)? Any other ideas?

Thanks,
Carl

Boris Zbarsky

unread,

Dec 29, 2009, 12:46:19 PM12/29/09

On 12/29/09 12:33 PM, Carl Shimer wrote:
> Does the mozilla security architecture rely on the __parent__
> property?

Not in terms of setting the right security info on the channel.

However it's possible that PSM relies on the channel being part of a
window's loadgroup or something... I'd be a little surprised if that's
so, but it's possible.

-Boris

0 new messages