commit 9cb771f3026c5303e2700e392826a9e028e9b2d5 Author: Matthew Finkel sysrqb@torproject.org Date: Mon Jun 21 20:17:21 2021 +0000
squash! Bug 28005: Implement .onion alias urlbar rewrites
Bug 40456: Update the SecureDrop HTTPS-Everywhere update channel Bug 40478: Onion alias url rewrite is broken --- .../onionservices/HttpsEverywhereControl.jsm | 32 ++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/browser/components/onionservices/HttpsEverywhereControl.jsm b/browser/components/onionservices/HttpsEverywhereControl.jsm index c91db3e8de87..d673de4cd6e5 100644 --- a/browser/components/onionservices/HttpsEverywhereControl.jsm +++ b/browser/components/onionservices/HttpsEverywhereControl.jsm @@ -10,7 +10,7 @@ const { ExtensionMessaging } = ChromeUtils.import( const { setTimeout } = ChromeUtils.import("resource://gre/modules/Timer.jsm");
const EXTENSION_ID = "https-everywhere-eff@eff.org"; -const SECUREDROP_TOR_ONION_CHANNEL = { +const SECUREDROP_TOR_ONION_CHANNEL_2020 = { name: "SecureDropTorOnion", jwk: { kty: "RSA", @@ -24,6 +24,20 @@ const SECUREDROP_TOR_ONION_CHANNEL = { replaces_default_rulesets: false, };
+const SECUREDROP_TOR_ONION_CHANNEL = { + name: "SecureDropTorOnion2021", + jwk: { + kty: "RSA", + e: "AQAB", + n: + "vsC7BNafkRe8Uh1DUgCkv6RbPQMdJgAKKnWdSqQd7tQzU1mXfmo_k1Py_2MYMZXOWmqSZ9iwIYkykZYywJ2VyMGve4byj1sLn6YQoOkG8g5Z3V4y0S2RpEfmYumNjTzfq8nxtLnwjaYd4sCUd5wa0SzeLrpRQuXo2bF3QuUF2xcbLJloxX1MmlsMMCdBc-qGNonLJ7bpn_JuyXlDWy1Fkeyw1qgjiOdiRIbMC1x302zgzX6dSrBrNB8Cpsh-vCE0ZjUo8M9caEv06F6QbYmdGJHM0ZZY34OHMSNdf-_qUKIV_SuxuSuFE99tkAeWnbWpyI1V-xhVo1sc7NzChP8ci2TdPvI3_0JyAuCvL6zIFqJUJkZibEUghhg6F09-oNJKpy7rhUJq7zZyLXJsvuXnn0gnIxfjRvMcDfZAKUVMZKRdw7fwWzwQril4Ib0MQOVda9vb_4JMk7Gup-TUI4sfuS4NKwsnKoODIO-2U5QpJWdtp1F4AQ1pBv8ajFl1WTrVGvkRGK0woPWaO6pWyJ4kRnhnxrV2FyNNt3JSR-0JEjhFWws47kjBvpr0VRiVRFppKA-plKs4LPlaaCff39TleYmY3mETe3w1GIGc2Lliad32Jpbx496IgDe1K3FMBEoKFZfhmtlRSXft8NKgSzPt2zkatM9bFKfaCYRaSy7akbk", + }, + update_path_prefix: "https://securedrop.org/https-everywhere-2021/", + scope: + "^https?:\/\/[a-z0-9-]+(?:\.[a-z0-9-]+)*\.securedrop\.tor\.onion\/", + replaces_default_rulesets: false, +}; + class HttpsEverywhereControl { constructor() { this._extensionMessaging = null; @@ -56,6 +70,20 @@ class HttpsEverywhereControl { // for that here. await HttpsEverywhereControl.wait();
+ try { + // Delete the previous channel signing key, and add the new one below. + await this._sendMessage( + "delete_update_channel", + SECUREDROP_TOR_ONION_CHANNEL_2020.name + ); + } catch (e) { + if (retries <= 0) { + throw new Error("Could not uninstall SecureDropTorOnion update channel"); + } + await this.installTorOnionUpdateChannel(retries - 1); + return; + } + try { // TODO: we may want a way to "lock" this update channel, so that it cannot be modified // by the user via UI, but I think this is not possible at the time of writing via @@ -89,7 +117,7 @@ class HttpsEverywhereControl { * Returns the timestamp of the last .tor.onion update channel update. */ async getRulesetTimestamp() { - const rulesets = await this._sendMessage("get_ruleset_timestamps"); + const rulesets = await this._sendMessage("get_update_channel_timestamps"); const securedrop = rulesets && rulesets.find(([{ name }]) => name === SECUREDROP_TOR_ONION_CHANNEL.name);
tbb-commits@lists.torproject.org