[tor-commits] [tor-browser] 17/21: Bug 30237: Add v3 onion services client authentication prompt

gitolite role git at cupani.torproject.org
Tue Dec 6 08:32:13 UTC 2022


This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-102.5.0esr-12.5-1
in repository tor-browser.

commit 9c21c3ddd9d2c04f5f3b2c884e5986d9b249b186
Author: Kathy Brade <brade at pearlcrescent.com>
AuthorDate: Tue Nov 12 16:11:05 2019 -0500

    Bug 30237: Add v3 onion services client authentication prompt
    
    When Tor informs the browser that client authentication is needed,
    temporarily load about:blank instead of about:neterror and prompt
    for the user's key.
    
    If a correctly formatted key is entered, use Tor's ONION_CLIENT_AUTH_ADD
    control port command to add the key (via Torbutton's control port
    module) and reload the page.
    
    If the user cancels the prompt, display the standard about:neterror
    "Unable to connect" page. This requires a small change to
    browser/actors/NetErrorChild.jsm to account for the fact that the
    docShell no longer has the failedChannel information. The failedChannel
    is used to extract TLS-related error info, which is not applicable
    in the case of a canceled .onion authentication prompt.
    
    Add a leaveOpen option to PopupNotifications.show so we can display
    error messages within the popup notification doorhanger without
    closing the prompt.
    
    Add support for onion services strings to the TorStrings module.
    
    Add support for Tor extended SOCKS errors (Tor proposal 304) to the
    socket transport and SOCKS layers. Improved display of all of these
    errors will be implemented as part of bug 30025.
    
    Also fixes bug 19757:
     Add a "Remember this key" checkbox to the client auth prompt.
    
     Add an "Onion Services Authentication" section within the
     about:preferences "Privacy & Security section" to allow
     viewing and removal of v3 onion client auth keys that have
     been stored on disk.
    
    Also fixes bug 19251: use enhanced error pages for onion service errors.
---
 browser/actors/NetErrorChild.jsm                   |   7 +
 browser/base/content/browser.js                    |  10 +
 browser/base/content/browser.xhtml                 |   1 +
 browser/base/content/certerror/aboutNetError.js    |  10 +-
 browser/base/content/certerror/aboutNetError.xhtml |   1 +
 browser/base/content/main-popupset.inc.xhtml       |   1 +
 browser/base/content/navigator-toolbox.inc.xhtml   |   1 +
 browser/components/moz.build                       |   1 +
 .../content/authNotificationIcon.inc.xhtml         |   6 +
 .../onionservices/content/authPopup.inc.xhtml      |  16 +
 .../onionservices/content/authPreferences.css      |  24 ++
 .../content/authPreferences.inc.xhtml              |  19 ++
 .../onionservices/content/authPreferences.js       |  71 ++++
 .../components/onionservices/content/authPrompt.js | 378 +++++++++++++++++++++
 .../components/onionservices/content/authUtil.jsm  |  27 ++
 .../onionservices/content/netError/browser.svg     |   3 +
 .../onionservices/content/netError/network.svg     |   3 +
 .../content/netError/onionNetError.css             |  70 ++++
 .../content/netError/onionNetError.js              | 241 +++++++++++++
 .../onionservices/content/netError/onionsite.svg   |   8 +
 .../onionservices/content/onionservices.css        |  69 ++++
 .../onionservices/content/savedKeysDialog.js       | 254 ++++++++++++++
 .../onionservices/content/savedKeysDialog.xhtml    |  42 +++
 browser/components/onionservices/jar.mn            |   9 +
 browser/components/onionservices/moz.build         |   1 +
 browser/components/preferences/preferences.xhtml   |   1 +
 browser/components/preferences/privacy.inc.xhtml   |   2 +
 browser/components/preferences/privacy.js          |   7 +
 browser/themes/shared/aboutNetError.css            |   7 +
 browser/themes/shared/notification-icons.css       |   2 +
 docshell/base/nsDocShell.cpp                       |  83 ++++-
 dom/ipc/BrowserParent.cpp                          |  21 ++
 dom/ipc/BrowserParent.h                            |   3 +
 dom/ipc/PBrowser.ipdl                              |   9 +
 js/xpconnect/src/xpc.msg                           |  10 +
 netwerk/base/nsSocketTransport2.cpp                |   6 +
 netwerk/socket/nsSOCKSIOLayer.cpp                  |  49 +++
 toolkit/modules/PopupNotifications.jsm             |   6 +
 toolkit/modules/RemotePageAccessManager.jsm        |   1 +
 .../lib/environments/frame-script.js               |   1 +
 xpcom/base/ErrorList.py                            |  22 ++
 41 files changed, 1501 insertions(+), 2 deletions(-)

diff --git a/browser/actors/NetErrorChild.jsm b/browser/actors/NetErrorChild.jsm
index cea0372ce41d..705884878456 100644
--- a/browser/actors/NetErrorChild.jsm
+++ b/browser/actors/NetErrorChild.jsm
@@ -13,6 +13,8 @@ const { RemotePageChild } = ChromeUtils.import(
   "resource://gre/actors/RemotePageChild.jsm"
 );
 
+const { TorStrings } = ChromeUtils.import("resource:///modules/TorStrings.jsm");
+
 XPCOMUtils.defineLazyServiceGetter(
   this,
   "gSerializationHelper",
@@ -32,6 +34,7 @@ class NetErrorChild extends RemotePageChild {
       "RPMAddToHistogram",
       "RPMRecordTelemetryEvent",
       "RPMGetHttpResponseHeader",
+      "RPMGetTorStrings",
     ];
     this.exportFunctions(exportableFunctions);
   }
@@ -110,4 +113,8 @@ class NetErrorChild extends RemotePageChild {
 
     return "";
   }
+
+  RPMGetTorStrings() {
+    return Cu.cloneInto(TorStrings.onionServices, this.contentWindow);
+  }
 }
diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
index 1bdf9a2f35cc..66ac2d0f1d7c 100644
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -234,6 +234,11 @@ XPCOMUtils.defineLazyScriptGetter(
   ["NewIdentityButton"],
   "chrome://browser/content/newidentity.js"
 );
+XPCOMUtils.defineLazyScriptGetter(
+  this,
+  ["OnionAuthPrompt"],
+  "chrome://browser/content/onionservices/authPrompt.js"
+);
 XPCOMUtils.defineLazyScriptGetter(
   this,
   "gEditItemOverlay",
@@ -1795,6 +1800,9 @@ var gBrowserInit = {
     // Init the NewIdentityButton
     NewIdentityButton.init();
 
+    // Init the OnionAuthPrompt
+    OnionAuthPrompt.init();
+
     // Certain kinds of automigration rely on this notification to complete
     // their tasks BEFORE the browser window is shown. SessionStore uses it to
     // restore tabs into windows AFTER important parts like gMultiProcessBrowser
@@ -2537,6 +2545,8 @@ var gBrowserInit = {
 
     NewIdentityButton.uninit();
 
+    OnionAuthPrompt.uninit();
+
     TorBootstrapUrlbar.uninit();
 
     gAccessibilityServiceIndicator.uninit();
diff --git a/browser/base/content/browser.xhtml b/browser/base/content/browser.xhtml
index 2a906252306d..ac4ddb8c3979 100644
--- a/browser/base/content/browser.xhtml
+++ b/browser/base/content/browser.xhtml
@@ -38,6 +38,7 @@
 <?xml-stylesheet href="chrome://browser/skin/places/editBookmark.css" type="text/css"?>
 <?xml-stylesheet href="chrome://torbutton/skin/tor-circuit-display.css" type="text/css"?>
 <?xml-stylesheet href="chrome://torbutton/skin/torbutton.css" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/content/onionservices/onionservices.css" type="text/css"?>
 
 <!DOCTYPE window [
 #include browser-doctype.inc
diff --git a/browser/base/content/certerror/aboutNetError.js b/browser/base/content/certerror/aboutNetError.js
index 1714b1b8a4be..1f63d5aa7012 100644
--- a/browser/base/content/certerror/aboutNetError.js
+++ b/browser/base/content/certerror/aboutNetError.js
@@ -3,6 +3,7 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* eslint-env mozilla/frame-script */
+/* import-globals-from ../../components/onionservices/content/netError/onionNetError.js */
 
 import "chrome://global/content/certviewer/pvutils_bundle.js";
 import "chrome://global/content/certviewer/asn1js_bundle.js";
@@ -291,7 +292,10 @@ async function initPage() {
     errDesc = document.getElementById("ed_generic");
   }
 
-  setErrorPageStrings(err);
+  const isOnionError = err.startsWith("onionServices.");
+  if (!isOnionError) {
+    setErrorPageStrings(err);
+  }
 
   var sd = document.getElementById("errorShortDescText");
   if (sd) {
@@ -418,6 +422,10 @@ async function initPage() {
       span.textContent = HOST_NAME;
     }
   }
+
+  if (isOnionError) {
+    OnionServicesAboutNetError.initPage(document);
+  }
 }
 
 function setupBlockingReportingUI() {
diff --git a/browser/base/content/certerror/aboutNetError.xhtml b/browser/base/content/certerror/aboutNetError.xhtml
index 0f7deb473df2..ea9b21a8f23e 100644
--- a/browser/base/content/certerror/aboutNetError.xhtml
+++ b/browser/base/content/certerror/aboutNetError.xhtml
@@ -203,5 +203,6 @@
     </div>
   </body>
   <script src="chrome://browser/content/certerror/aboutNetErrorCodes.js"/>
+  <script src="chrome://browser/content/onionservices/netError/onionNetError.js"/>
   <script type="module" src="chrome://browser/content/certerror/aboutNetError.js"/>
 </html>
diff --git a/browser/base/content/main-popupset.inc.xhtml b/browser/base/content/main-popupset.inc.xhtml
index 029a63bea57c..79a2750d96ce 100644
--- a/browser/base/content/main-popupset.inc.xhtml
+++ b/browser/base/content/main-popupset.inc.xhtml
@@ -536,6 +536,7 @@
 #include ../../components/downloads/content/downloadsPanel.inc.xhtml
 #include ../../../devtools/startup/enableDevToolsPopup.inc.xhtml
 #include ../../components/securitylevel/content/securityLevelPanel.inc.xhtml
+#include ../../components/onionservices/content/authPopup.inc.xhtml
 #include browser-allTabsMenu.inc.xhtml
 
   <tooltip id="dynamic-shortcut-tooltip"
diff --git a/browser/base/content/navigator-toolbox.inc.xhtml b/browser/base/content/navigator-toolbox.inc.xhtml
index 81479615dc72..1cd54285c9a9 100644
--- a/browser/base/content/navigator-toolbox.inc.xhtml
+++ b/browser/base/content/navigator-toolbox.inc.xhtml
@@ -259,6 +259,7 @@
                        data-l10n-id="urlbar-indexed-db-notification-anchor"/>
                 <image id="password-notification-icon" class="notification-anchor-icon" role="button"
                        data-l10n-id="urlbar-password-notification-anchor"/>
+#include ../../components/onionservices/content/authNotificationIcon.inc.xhtml
                 <stack id="plugins-notification-icon" class="notification-anchor-icon" role="button" align="center" data-l10n-id="urlbar-plugins-notification-anchor">
                   <image class="plugin-icon" />
                   <image id="plugin-icon-badge" />
diff --git a/browser/components/moz.build b/browser/components/moz.build
index 8033a5985ed0..1adecb68bc8f 100644
--- a/browser/components/moz.build
+++ b/browser/components/moz.build
@@ -40,6 +40,7 @@ DIRS += [
     "migration",
     "newidentity",
     "newtab",
+    "onionservices",
     "originattributes",
     "places",
     "pocket",
diff --git a/browser/components/onionservices/content/authNotificationIcon.inc.xhtml b/browser/components/onionservices/content/authNotificationIcon.inc.xhtml
new file mode 100644
index 000000000000..91274d612739
--- /dev/null
+++ b/browser/components/onionservices/content/authNotificationIcon.inc.xhtml
@@ -0,0 +1,6 @@
+# Copyright (c) 2020, The Tor Project, Inc.
+
+<image id="tor-clientauth-notification-icon"
+       class="notification-anchor-icon tor-clientauth-icon"
+       role="button"
+       tooltiptext="&torbutton.onionServices.authPrompt.tooltip;"/>
diff --git a/browser/components/onionservices/content/authPopup.inc.xhtml b/browser/components/onionservices/content/authPopup.inc.xhtml
new file mode 100644
index 000000000000..bd0ec3aa0b00
--- /dev/null
+++ b/browser/components/onionservices/content/authPopup.inc.xhtml
@@ -0,0 +1,16 @@
+# Copyright (c) 2020, The Tor Project, Inc.
+
+<popupnotification id="tor-clientauth-notification" hidden="true">
+  <popupnotificationcontent orient="vertical">
+    <description id="tor-clientauth-notification-desc"/>
+    <label id="tor-clientauth-notification-learnmore"
+           class="text-link popup-notification-learnmore-link"
+           is="text-link"/>
+    <html:div>
+      <html:input id="tor-clientauth-notification-key" type="password"/>
+      <html:div id="tor-clientauth-warning"/>
+      <checkbox id="tor-clientauth-persistkey-checkbox"
+                label="&torbutton.onionServices.authPrompt.persistCheckboxLabel;"/>
+    </html:div>
+  </popupnotificationcontent>
+</popupnotification>
diff --git a/browser/components/onionservices/content/authPreferences.css b/browser/components/onionservices/content/authPreferences.css
new file mode 100644
index 000000000000..d33151737841
--- /dev/null
+++ b/browser/components/onionservices/content/authPreferences.css
@@ -0,0 +1,24 @@
+/* Copyright (c) 2020, The Tor Project, Inc. */
+
+ at import url("chrome://branding/content/tor-styles.css");
+
+#torOnionServiceKeys-overview-container {
+  margin-right: 30px;
+}
+
+#onionservices-savedkeys-tree treechildren::-moz-tree-cell-text {
+  font-size: 80%;
+}
+
+#onionservices-savedkeys-errorContainer {
+  margin-top: 4px;
+  min-height: 3em;
+}
+
+#onionservices-savedkeys-errorIcon {
+  margin-right: 4px;
+  list-style-image: url("chrome://global/skin/icons/warning.svg");
+  -moz-context-properties: fill;
+  fill: var(--torbrowser-warning);
+  visibility: hidden;
+}
diff --git a/browser/components/onionservices/content/authPreferences.inc.xhtml b/browser/components/onionservices/content/authPreferences.inc.xhtml
new file mode 100644
index 000000000000..f69c9dde66a2
--- /dev/null
+++ b/browser/components/onionservices/content/authPreferences.inc.xhtml
@@ -0,0 +1,19 @@
+# Copyright (c) 2020, The Tor Project, Inc.
+
+<groupbox id="torOnionServiceKeys" orient="vertical"
+          data-category="panePrivacy" hidden="true">
+  <label><html:h2 id="torOnionServiceKeys-header"/></label>
+  <hbox>
+    <description id="torOnionServiceKeys-overview-container" flex="1">
+      <html:span id="torOnionServiceKeys-overview"
+                 class="tail-with-learn-more"/>
+      <label id="torOnionServiceKeys-learnMore" class="learnMore text-link"
+             is="text-link"/>
+    </description>
+    <vbox align="end">
+      <button id="torOnionServiceKeys-savedKeys"
+              is="highlightable-button"
+              class="accessory-button"/>
+    </vbox>
+  </hbox>
+</groupbox>
diff --git a/browser/components/onionservices/content/authPreferences.js b/browser/components/onionservices/content/authPreferences.js
new file mode 100644
index 000000000000..e84938285e65
--- /dev/null
+++ b/browser/components/onionservices/content/authPreferences.js
@@ -0,0 +1,71 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+
+"use strict";
+
+ChromeUtils.defineModuleGetter(
+  this,
+  "TorStrings",
+  "resource:///modules/TorStrings.jsm"
+);
+
+/* globals gSubDialog */
+
+/*
+  Onion Services Client Authentication Preferences Code
+
+  Code to handle init and update of onion services authentication section
+  in about:preferences#privacy
+*/
+
+const OnionServicesAuthPreferences = {
+  selector: {
+    groupBox: "#torOnionServiceKeys",
+    header: "#torOnionServiceKeys-header",
+    overview: "#torOnionServiceKeys-overview",
+    learnMore: "#torOnionServiceKeys-learnMore",
+    savedKeysButton: "#torOnionServiceKeys-savedKeys",
+  },
+
+  init() {
+    // populate XUL with localized strings
+    this._populateXUL();
+  },
+
+  _populateXUL() {
+    const groupbox = document.querySelector(this.selector.groupBox);
+
+    let elem = groupbox.querySelector(this.selector.header);
+    elem.textContent = TorStrings.onionServices.authPreferences.header;
+
+    elem = groupbox.querySelector(this.selector.overview);
+    elem.textContent = TorStrings.onionServices.authPreferences.overview;
+
+    elem = groupbox.querySelector(this.selector.learnMore);
+    elem.setAttribute("value", TorStrings.onionServices.learnMore);
+    elem.setAttribute("href", TorStrings.onionServices.learnMoreURL);
+    if (TorStrings.onionServices.learnMoreURL.startsWith("about:")) {
+      elem.setAttribute("useoriginprincipal", "true");
+    }
+
+    elem = groupbox.querySelector(this.selector.savedKeysButton);
+    elem.setAttribute(
+      "label",
+      TorStrings.onionServices.authPreferences.savedKeys
+    );
+    elem.addEventListener("command", () =>
+      OnionServicesAuthPreferences.onViewSavedKeys()
+    );
+  },
+
+  onViewSavedKeys() {
+    gSubDialog.open(
+      "chrome://browser/content/onionservices/savedKeysDialog.xhtml"
+    );
+  },
+}; // OnionServicesAuthPreferences
+
+Object.defineProperty(this, "OnionServicesAuthPreferences", {
+  value: OnionServicesAuthPreferences,
+  enumerable: true,
+  writable: false,
+});
diff --git a/browser/components/onionservices/content/authPrompt.js b/browser/components/onionservices/content/authPrompt.js
new file mode 100644
index 000000000000..83831ef732c2
--- /dev/null
+++ b/browser/components/onionservices/content/authPrompt.js
@@ -0,0 +1,378 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+
+"use strict";
+
+/* globals gBrowser, PopupNotifications, Services, XPCOMUtils */
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+  OnionAuthUtil: "chrome://browser/content/onionservices/authUtil.jsm",
+  CommonUtils: "resource://services-common/utils.js",
+  TorStrings: "resource:///modules/TorStrings.jsm",
+});
+
+const OnionAuthPrompt = (function() {
+  // OnionServicesAuthPrompt objects run within the main/chrome process.
+  // aReason is the topic passed within the observer notification that is
+  // causing this auth prompt to be displayed.
+  function OnionServicesAuthPrompt(aBrowser, aFailedURI, aReason, aOnionName) {
+    this._browser = aBrowser;
+    this._failedURI = aFailedURI;
+    this._reasonForPrompt = aReason;
+    this._onionHostname = aOnionName;
+  }
+
+  OnionServicesAuthPrompt.prototype = {
+    show(aWarningMessage) {
+      let mainAction = {
+        label: TorStrings.onionServices.authPrompt.done,
+        accessKey: TorStrings.onionServices.authPrompt.doneAccessKey,
+        leaveOpen: true, // Callback is responsible for closing the notification.
+        callback: this._onDone.bind(this),
+      };
+
+      let dialogBundle = Services.strings.createBundle(
+        "chrome://global/locale/dialog.properties"
+      );
+
+      let cancelAccessKey = dialogBundle.GetStringFromName("accesskey-cancel");
+      if (!cancelAccessKey) {
+        cancelAccessKey = "c";
+      } // required by PopupNotifications.show()
+
+      let cancelAction = {
+        label: dialogBundle.GetStringFromName("button-cancel"),
+        accessKey: cancelAccessKey,
+        callback: this._onCancel.bind(this),
+      };
+
+      let _this = this;
+      let options = {
+        autofocus: true,
+        hideClose: true,
+        persistent: true,
+        removeOnDismissal: false,
+        eventCallback(aTopic) {
+          if (aTopic === "showing") {
+            _this._onPromptShowing(aWarningMessage);
+          } else if (aTopic === "shown") {
+            _this._onPromptShown();
+          } else if (aTopic === "removed") {
+            _this._onPromptRemoved();
+          }
+        },
+      };
+
+      this._prompt = PopupNotifications.show(
+        this._browser,
+        OnionAuthUtil.domid.notification,
+        "",
+        OnionAuthUtil.domid.anchor,
+        mainAction,
+        [cancelAction],
+        options
+      );
+    },
+
+    _onPromptShowing(aWarningMessage) {
+      let xulDoc = this._browser.ownerDocument;
+      let descElem = xulDoc.getElementById(OnionAuthUtil.domid.description);
+      if (descElem) {
+        // Handle replacement of the onion name within the localized
+        // string ourselves so we can show the onion name as bold text.
+        // We do this by splitting the localized string and creating
+        // several HTML <span> elements.
+        while (descElem.firstChild) {
+          descElem.firstChild.remove();
+        }
+
+        let fmtString = TorStrings.onionServices.authPrompt.description;
+        let prefix = "";
+        let suffix = "";
+        const kToReplace = "%S";
+        let idx = fmtString.indexOf(kToReplace);
+        if (idx < 0) {
+          prefix = fmtString;
+        } else {
+          prefix = fmtString.substring(0, idx);
+          suffix = fmtString.substring(idx + kToReplace.length);
+        }
+
+        const kHTMLNS = "http://www.w3.org/1999/xhtml";
+        let span = xulDoc.createElementNS(kHTMLNS, "span");
+        span.textContent = prefix;
+        descElem.appendChild(span);
+        span = xulDoc.createElementNS(kHTMLNS, "span");
+        span.id = OnionAuthUtil.domid.onionNameSpan;
+        span.textContent = this._onionHostname;
+        descElem.appendChild(span);
+        span = xulDoc.createElementNS(kHTMLNS, "span");
+        span.textContent = suffix;
+        descElem.appendChild(span);
+      }
+
+      // Set "Learn More" label and href.
+      let learnMoreElem = xulDoc.getElementById(OnionAuthUtil.domid.learnMore);
+      if (learnMoreElem) {
+        learnMoreElem.setAttribute("value", TorStrings.onionServices.learnMore);
+        learnMoreElem.setAttribute(
+          "href",
+          TorStrings.onionServices.learnMoreURL
+        );
+        if (TorStrings.onionServices.learnMoreURL.startsWith("about:")) {
+          learnMoreElem.setAttribute("useoriginprincipal", "true");
+        }
+      }
+
+      this._showWarning(aWarningMessage);
+      let checkboxElem = this._getCheckboxElement();
+      if (checkboxElem) {
+        checkboxElem.checked = false;
+      }
+    },
+
+    _onPromptShown() {
+      let keyElem = this._getKeyElement();
+      if (keyElem) {
+        keyElem.setAttribute(
+          "placeholder",
+          TorStrings.onionServices.authPrompt.keyPlaceholder
+        );
+        this._boundOnKeyFieldKeyPress = this._onKeyFieldKeyPress.bind(this);
+        this._boundOnKeyFieldInput = this._onKeyFieldInput.bind(this);
+        keyElem.addEventListener("keypress", this._boundOnKeyFieldKeyPress);
+        keyElem.addEventListener("input", this._boundOnKeyFieldInput);
+        keyElem.focus();
+      }
+    },
+
+    _onPromptRemoved() {
+      if (this._boundOnKeyFieldKeyPress) {
+        let keyElem = this._getKeyElement();
+        if (keyElem) {
+          keyElem.value = "";
+          keyElem.removeEventListener(
+            "keypress",
+            this._boundOnKeyFieldKeyPress
+          );
+          this._boundOnKeyFieldKeyPress = undefined;
+          keyElem.removeEventListener("input", this._boundOnKeyFieldInput);
+          this._boundOnKeyFieldInput = undefined;
+        }
+      }
+    },
+
+    _onKeyFieldKeyPress(aEvent) {
+      if (aEvent.keyCode == aEvent.DOM_VK_RETURN) {
+        this._onDone();
+      } else if (aEvent.keyCode == aEvent.DOM_VK_ESCAPE) {
+        this._prompt.remove();
+        this._onCancel();
+      }
+    },
+
+    _onKeyFieldInput(aEvent) {
+      this._showWarning(undefined); // Remove the warning.
+    },
+
+    async _onDone() {
+      let keyElem = this._getKeyElement();
+      if (!keyElem) {
+        return;
+      }
+
+      let base64key = this._keyToBase64(keyElem.value);
+      if (!base64key) {
+        this._showWarning(TorStrings.onionServices.authPrompt.invalidKey);
+        return;
+      }
+
+      this._prompt.remove();
+
+      // Use Torbutton's controller module to add the private key to Tor.
+      let controllerFailureMsg =
+        TorStrings.onionServices.authPrompt.failedToSetKey;
+      try {
+        let { controller } = ChromeUtils.import(
+          "resource://torbutton/modules/tor-control-port.js"
+        );
+        let torController = await controller();
+        // ^(subdomain.)*onionserviceid.onion$ (case-insensitive)
+        const onionServiceIdRegExp = /^(.*\.)*(?<onionServiceId>[a-z2-7]{56})\.onion$/i;
+        // match() will return null on bad match, causing throw
+        const onionServiceId = this._onionHostname
+          .match(onionServiceIdRegExp)
+          .groups.onionServiceId.toLowerCase();
+
+        let checkboxElem = this._getCheckboxElement();
+        let isPermanent = checkboxElem && checkboxElem.checked;
+        torController
+          .onionAuthAdd(onionServiceId, base64key, isPermanent)
+          .then(aResponse => {
+            // Success! Reload the page.
+            this._browser.sendMessageToActor(
+              "Browser:Reload",
+              {},
+              "BrowserTab"
+            );
+          })
+          .catch(aError => {
+            if (aError.torMessage) {
+              this.show(aError.torMessage);
+            } else {
+              console.error(controllerFailureMsg, aError);
+              this.show(controllerFailureMsg);
+            }
+          });
+      } catch (e) {
+        console.error(controllerFailureMsg, e);
+        this.show(controllerFailureMsg);
+      }
+    },
+
+    _onCancel() {
+      // Arrange for an error page to be displayed:
+      // we build a short script calling docShell.displayError()
+      // and we pass it as a data: URI to loadFrameScript(),
+      // which runs it in the content frame which triggered
+      // this authentication prompt.
+      const failedURI = this._failedURI.spec;
+      const errorCode =
+        this._reasonForPrompt === OnionAuthUtil.topic.clientAuthMissing
+          ? Cr.NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH
+          : Cr.NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH;
+      const io =
+        'ChromeUtils.import("resource://gre/modules/Services.jsm").Services.io';
+
+      this._browser.messageManager.loadFrameScript(
+        `data:application/javascript,${encodeURIComponent(
+          `docShell.displayLoadError(${errorCode}, ${io}.newURI(${JSON.stringify(
+            failedURI
+          )}), undefined, undefined);`
+        )}`,
+        false
+      );
+    },
+
+    _getKeyElement() {
+      let xulDoc = this._browser.ownerDocument;
+      return xulDoc.getElementById(OnionAuthUtil.domid.keyElement);
+    },
+
+    _getCheckboxElement() {
+      let xulDoc = this._browser.ownerDocument;
+      return xulDoc.getElementById(OnionAuthUtil.domid.checkboxElement);
+    },
+
+    _showWarning(aWarningMessage) {
+      let xulDoc = this._browser.ownerDocument;
+      let warningElem = xulDoc.getElementById(
+        OnionAuthUtil.domid.warningElement
+      );
+      let keyElem = this._getKeyElement();
+      if (warningElem) {
+        if (aWarningMessage) {
+          warningElem.textContent = aWarningMessage;
+          warningElem.removeAttribute("hidden");
+          if (keyElem) {
+            keyElem.className = "invalid";
+          }
+        } else {
+          warningElem.setAttribute("hidden", "true");
+          if (keyElem) {
+            keyElem.className = "";
+          }
+        }
+      }
+    },
+
+    // Returns undefined if the key is the wrong length or format.
+    _keyToBase64(aKeyString) {
+      if (!aKeyString) {
+        return undefined;
+      }
+
+      let base64key;
+      if (aKeyString.length == 52) {
+        // The key is probably base32-encoded. Attempt to decode.
+        // Although base32 specifies uppercase letters, we accept lowercase
+        // as well because users may type in lowercase or copy a key out of
+        // a tor onion-auth file (which uses lowercase).
+        let rawKey;
+        try {
+          rawKey = CommonUtils.decodeBase32(aKeyString.toUpperCase());
+        } catch (e) {}
+
+        if (rawKey) {
+          try {
+            base64key = btoa(rawKey);
+          } catch (e) {}
+        }
+      } else if (
+        aKeyString.length == 44 &&
+        /^[a-zA-Z0-9+/]*=*$/.test(aKeyString)
+      ) {
+        // The key appears to be a correctly formatted base64 value. If not,
+        // tor will return an error when we try to add the key via the
+        // control port.
+        base64key = aKeyString;
+      }
+
+      return base64key;
+    },
+  };
+
+  let retval = {
+    init() {
+      Services.obs.addObserver(this, OnionAuthUtil.topic.clientAuthMissing);
+      Services.obs.addObserver(this, OnionAuthUtil.topic.clientAuthIncorrect);
+    },
+
+    uninit() {
+      Services.obs.removeObserver(this, OnionAuthUtil.topic.clientAuthMissing);
+      Services.obs.removeObserver(
+        this,
+        OnionAuthUtil.topic.clientAuthIncorrect
+      );
+    },
+
+    // aSubject is the DOM Window or browser where the prompt should be shown.
+    // aData contains the .onion name.
+    observe(aSubject, aTopic, aData) {
+      if (
+        aTopic != OnionAuthUtil.topic.clientAuthMissing &&
+        aTopic != OnionAuthUtil.topic.clientAuthIncorrect
+      ) {
+        return;
+      }
+
+      let browser;
+      if (aSubject instanceof Ci.nsIDOMWindow) {
+        let contentWindow = aSubject.QueryInterface(Ci.nsIDOMWindow);
+        browser = contentWindow.docShell.chromeEventHandler;
+      } else {
+        browser = aSubject.QueryInterface(Ci.nsIBrowser);
+      }
+
+      if (!gBrowser.browsers.some(aBrowser => aBrowser == browser)) {
+        return; // This window does not contain the subject browser; ignore.
+      }
+
+      let failedURI = browser.currentURI;
+      let authPrompt = new OnionServicesAuthPrompt(
+        browser,
+        failedURI,
+        aTopic,
+        aData
+      );
+      authPrompt.show(undefined);
+    },
+  };
+
+  return retval;
+})(); /* OnionAuthPrompt */
+
+Object.defineProperty(this, "OnionAuthPrompt", {
+  value: OnionAuthPrompt,
+  enumerable: true,
+  writable: false,
+});
diff --git a/browser/components/onionservices/content/authUtil.jsm b/browser/components/onionservices/content/authUtil.jsm
new file mode 100644
index 000000000000..7157acf2e11d
--- /dev/null
+++ b/browser/components/onionservices/content/authUtil.jsm
@@ -0,0 +1,27 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+
+"use strict";
+
+var EXPORTED_SYMBOLS = ["OnionAuthUtil"];
+
+var { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
+
+const OnionAuthUtil = {
+  topic: {
+    clientAuthMissing: "tor-onion-services-clientauth-missing",
+    clientAuthIncorrect: "tor-onion-services-clientauth-incorrect",
+  },
+  message: {
+    authPromptCanceled: "Tor:OnionServicesAuthPromptCanceled",
+  },
+  domid: {
+    anchor: "tor-clientauth-notification-icon",
+    notification: "tor-clientauth",
+    description: "tor-clientauth-notification-desc",
+    learnMore: "tor-clientauth-notification-learnmore",
+    onionNameSpan: "tor-clientauth-notification-onionname",
+    keyElement: "tor-clientauth-notification-key",
+    warningElement: "tor-clientauth-warning",
+    checkboxElement: "tor-clientauth-persistkey-checkbox",
+  },
+};
diff --git a/browser/components/onionservices/content/netError/browser.svg b/browser/components/onionservices/content/netError/browser.svg
new file mode 100644
index 000000000000..1359679f7171
--- /dev/null
+++ b/browser/components/onionservices/content/netError/browser.svg
@@ -0,0 +1,3 @@
+<svg fill="none" height="60" viewBox="0 0 60 60" width="60" xmlns="http://www.w3.org/2000/svg">
+  <path fill="context-fill" fill-opacity="context-fill-opacity" d="m49 6h-37.5c-1.98912 0-3.89678.79018-5.3033 2.1967s-2.1967 3.3142-2.1967 5.3033v33.75c0 1.9891.79018 3.8968 2.1967 5.3033s3.31418 2.1967 5.3033 2.1967h37.5c1.9891 0 3.8968-.7902 5.3033-2.1967s2.1967-3.3142 2.1967-5.3033v-33.75c0-1.9891-.7902-3.89678-2.1967-5.3033s-3.3142-2.1967-5.3033-2.1967zm-38.0625 4.6875h38.625l2.25 2.25v8.0625h-43.125v-8.0625zm38.625 39.375h-38.625l-2.25-2.25v-22.125h43.125v22.125z"/>
+</svg>
diff --git a/browser/components/onionservices/content/netError/network.svg b/browser/components/onionservices/content/netError/network.svg
new file mode 100644
index 000000000000..68610e30bfca
--- /dev/null
+++ b/browser/components/onionservices/content/netError/network.svg
@@ -0,0 +1,3 @@
+<svg fill="none" height="60" viewBox="0 0 60 60" width="60" xmlns="http://www.w3.org/2000/svg">
+  <path fill="context-fill" fill-opacity="context-fill-opacity" d="m30 1.875c-7.4592 0-14.6129 2.96316-19.8874 8.2376-5.27444 5.2745-8.2376 12.4282-8.2376 19.8874s2.96316 14.6129 8.2376 19.8874c5.2745 5.2744 12.4282 8.2376 19.8874 8.2376s14.6129-2.9632 19.8874-8.2376c5.2744-5.2745 8.2376-12.4282 8.2376-19.8874s-2.9632-14.6129-8.2376-19.8874c-5.2745-5.27444-12.4282-8.2376-19.8874-8.2376zm9.1762 6.5625c3.8504 1.6533 7.1876 4.3079 9.6646 7.6877 2.477 3.3799 4.0034 7.3615 4.4205 11.531h-8.35 [...]
+</svg>
diff --git a/browser/components/onionservices/content/netError/onionNetError.css b/browser/components/onionservices/content/netError/onionNetError.css
new file mode 100644
index 000000000000..f43817e9a569
--- /dev/null
+++ b/browser/components/onionservices/content/netError/onionNetError.css
@@ -0,0 +1,70 @@
+/* Copyright (c) 2020, The Tor Project, Inc. */
+
+#onionErrorDiagramContainer {
+  margin: 0px auto 40px 0px;
+  /* 3 icons 64px wide each seperated by a 64px gap */
+  width: 384px;
+  display: grid;
+  grid-row-gap: 15px;
+  grid-column-gap: 64px;
+  grid-template-columns: 1fr 1fr 1fr;
+}
+
+#onionErrorDiagramContainer > div {
+  margin: auto;
+  position: relative; /* needed to allow overlay of the ok or error icon */
+}
+
+.onionErrorImage {
+  width: 64px;
+  height: 64px;
+  background-size: 64px 64px;
+  background-position: center;
+  background-repeat: no-repeat;
+  -moz-context-properties: fill;
+  fill: var(--in-content-icon-color);
+  opacity: 50%;
+}
+
+.onionErrorImage[status] {
+  opacity: 100%;
+}
+
+#onionErrorBrowserImage {
+  background-image: url("browser.svg");
+}
+
+#onionErrorNetworkImage {
+  background-image: url("network.svg");
+}
+
+#onionErrorOnionSiteImage {
+  background-image: url("onionsite.svg");
+}
+
+/* rules to support overlay of the ok or error icon */
+.onionErrorImage[status]::after {
+  content: " ";
+  position: absolute;
+  left: -8px;
+  top: calc((64px - 24px) / 2);
+  width: 24px;
+  height: 24px;
+  -moz-context-properties: fill;
+  fill: var(--in-content-page-background);
+
+  background-repeat: no-repeat;
+  background-position: center;
+  border: 3px solid var(--in-content-page-background);
+  border-radius: 50%;
+}
+
+.onionErrorImage[status="ok"]::after {
+  background-color: var(--in-content-icon-color);
+  background-image: url("chrome://global/skin/icons/check.svg");
+}
+
+.onionErrorImage[status="error"]::after {
+  background-color: var(--warning-color);
+  background-image: url("chrome://global/skin/icons/close.svg");
+}
diff --git a/browser/components/onionservices/content/netError/onionNetError.js b/browser/components/onionservices/content/netError/onionNetError.js
new file mode 100644
index 000000000000..aee0ba776619
--- /dev/null
+++ b/browser/components/onionservices/content/netError/onionNetError.js
@@ -0,0 +1,241 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+
+"use strict";
+
+/* eslint-env mozilla/frame-script */
+
+var OnionServicesAboutNetError = {
+  _selector: {
+    textContainer: "div#text-container",
+    header: ".title-text",
+    longDesc: "#errorLongDesc",
+    learnMoreContainer: "#learnMoreContainer",
+    learnMoreLink: "#learnMoreLink",
+    contentContainer: "#errorLongContent",
+    tryAgainButtonContainer: "#netErrorButtonContainer",
+  },
+  _status: {
+    ok: "ok",
+    error: "error",
+  },
+
+  _diagramInfoMap: undefined,
+
+  // Public functions (called from outside this file).
+  //
+  // This initPage() function may need to be updated if the structure of
+  // browser/base/content/aboutNetError.xhtml changes. Specifically, it
+  // references the following elements:
+  //   query string parameter e
+  //   class title-text
+  //   id errorLongDesc
+  //   id learnMoreContainer
+  //   id learnMoreLink
+  //   id errorLongContent
+  initPage(aDoc) {
+    const searchParams = new URLSearchParams(aDoc.documentURI.split("?")[1]);
+    const err = searchParams.get("e");
+
+    const errPrefix = "onionServices.";
+    const errName = err.substring(errPrefix.length);
+
+    this._strings = RPMGetTorStrings();
+
+    const stringsObj = this._strings[errName];
+    if (!stringsObj) {
+      return;
+    }
+
+    this._insertStylesheet(aDoc);
+
+    const pageTitle = stringsObj.pageTitle;
+    const header = stringsObj.header;
+    const longDescription = stringsObj.longDescription; // optional
+    const learnMoreURL = stringsObj.learnMoreURL;
+
+    if (pageTitle) {
+      aDoc.title = pageTitle;
+    }
+
+    if (header) {
+      const headerElem = aDoc.querySelector(this._selector.header);
+      if (headerElem) {
+        headerElem.textContent = header;
+      }
+    }
+
+    const ld = aDoc.querySelector(this._selector.longDesc);
+    if (ld) {
+      if (longDescription) {
+        const hexErr = this._hexErrorFromName(errName);
+        ld.textContent = longDescription.replace("%S", hexErr);
+      } else {
+        // This onion service error does not have a long description. Since
+        // it is set to a generic error string by the code in
+        // browser/base/content/aboutNetError.js, hide it here.
+        ld.style.display = "none";
+      }
+    }
+
+    if (learnMoreURL) {
+      const lmContainer = aDoc.querySelector(this._selector.learnMoreContainer);
+      if (lmContainer) {
+        lmContainer.style.display = "block";
+      }
+      const lmLink = lmContainer.querySelector(this._selector.learnMoreLink);
+      if (lmLink) {
+        lmLink.setAttribute("href", learnMoreURL);
+      }
+    }
+
+    // Remove the "Try Again" button if the user made a typo in the .onion
+    // address since it is not useful in that case.
+    if (errName === "badAddress") {
+      const tryAgainButton = aDoc.querySelector(
+        this._selector.tryAgainButtonContainer
+      );
+      if (tryAgainButton) {
+        tryAgainButton.style.display = "none";
+      }
+    }
+
+    this._insertDiagram(aDoc, errName);
+  }, // initPage()
+
+  _insertStylesheet(aDoc) {
+    const url =
+      "chrome://browser/content/onionservices/netError/onionNetError.css";
+    let linkElem = aDoc.createElement("link");
+    linkElem.rel = "stylesheet";
+    linkElem.href = url;
+    linkElem.type = "text/css";
+    aDoc.head.appendChild(linkElem);
+  },
+
+  _insertDiagram(aDoc, aErrorName) {
+    // The onion error diagram consists of a grid of div elements.
+    // The first row contains three images (Browser, Network, Onionsite) and
+    // the second row contains labels for the images that are in the first row.
+    // The _diagramInfoMap describes for each type of onion service error
+    // whether a small ok or error status icon is overlaid on top of the main
+    // Browser/Network/Onionsite images.
+    if (!this._diagramInfoMap) {
+      this._diagramInfoMap = new Map();
+      this._diagramInfoMap.set("descNotFound", {
+        browser: this._status.ok,
+        network: this._status.ok,
+        onionSite: this._status.error,
+      });
+      this._diagramInfoMap.set("descInvalid", {
+        browser: this._status.ok,
+        network: this._status.error,
+      });
+      this._diagramInfoMap.set("introFailed", {
+        browser: this._status.ok,
+        network: this._status.error,
+      });
+      this._diagramInfoMap.set("rendezvousFailed", {
+        browser: this._status.ok,
+        network: this._status.error,
+      });
+      this._diagramInfoMap.set("clientAuthMissing", {
+        browser: this._status.error,
+      });
+      this._diagramInfoMap.set("clientAuthIncorrect", {
+        browser: this._status.error,
+      });
+      this._diagramInfoMap.set("badAddress", {
+        browser: this._status.error,
+      });
+      this._diagramInfoMap.set("introTimedOut", {
+        browser: this._status.ok,
+        network: this._status.error,
+      });
+    }
+
+    const diagramInfo = this._diagramInfoMap.get(aErrorName);
+
+    const container = this._createDiv(aDoc, "onionErrorDiagramContainer");
+    const imageClass = "onionErrorImage";
+
+    const browserImage = this._createDiv(
+      aDoc,
+      "onionErrorBrowserImage",
+      imageClass,
+      container
+    );
+    if (diagramInfo && diagramInfo.browser) {
+      browserImage.setAttribute("status", diagramInfo.browser);
+    }
+
+    const networkImage = this._createDiv(
+      aDoc,
+      "onionErrorNetworkImage",
+      imageClass,
+      container
+    );
+    if (diagramInfo && diagramInfo.network) {
+      networkImage.setAttribute("status", diagramInfo.network);
+    }
+
+    const onionSiteImage = this._createDiv(
+      aDoc,
+      "onionErrorOnionSiteImage",
+      imageClass,
+      container
+    );
+    if (diagramInfo && diagramInfo.onionSite) {
+      onionSiteImage.setAttribute("status", diagramInfo.onionSite);
+    }
+
+    let labelDiv = this._createDiv(aDoc, undefined, undefined, container);
+    labelDiv.textContent = this._strings.errorPage.browser;
+    labelDiv = this._createDiv(aDoc, undefined, undefined, container);
+    labelDiv.textContent = this._strings.errorPage.network;
+    labelDiv = this._createDiv(aDoc, undefined, undefined, container);
+    labelDiv.textContent = this._strings.errorPage.onionSite;
+
+    const textContainer = aDoc.querySelector(this._selector.textContainer);
+    textContainer?.insertBefore(container, textContainer.firstChild);
+  }, // _insertDiagram()
+
+  _createDiv(aDoc, aID, aClass, aParentElem) {
+    const div = aDoc.createElement("div");
+    if (aID) {
+      div.id = aID;
+    }
+    if (aClass) {
+      div.setAttribute("class", aClass);
+    }
+    if (aParentElem) {
+      aParentElem.appendChild(div);
+    }
+
+    return div;
+  },
+
+  _hexErrorFromName(aErrorName) {
+    // We do not have access to the original Tor SOCKS error code here, so
+    // perform a reverse mapping from the error name.
+    switch (aErrorName) {
+      case "descNotFound":
+        return "0xF0";
+      case "descInvalid":
+        return "0xF1";
+      case "introFailed":
+        return "0xF2";
+      case "rendezvousFailed":
+        return "0xF3";
+      case "clientAuthMissing":
+        return "0xF4";
+      case "clientAuthIncorrect":
+        return "0xF5";
+      case "badAddress":
+        return "0xF6";
+      case "introTimedOut":
+        return "0xF7";
+    }
+
+    return "";
+  },
+};
diff --git a/browser/components/onionservices/content/netError/onionsite.svg b/browser/components/onionservices/content/netError/onionsite.svg
new file mode 100644
index 000000000000..c1b2d7382dc9
--- /dev/null
+++ b/browser/components/onionservices/content/netError/onionsite.svg
@@ -0,0 +1,8 @@
+<svg fill="none" height="60" viewBox="0 0 60 60" width="60" xmlns="http://www.w3.org/2000/svg">
+  <g fill="context-fill" fill-opacity="context-fill-opacity">
+    <path clip-rule="evenodd" d="m11.25 6h37.5c1.9891 0 3.8968.79018 5.3033 2.1967s2.1967 3.3142 2.1967 5.3033v33.75c0 1.9891-.7902 3.8968-2.1967 5.3033s-3.3142 2.1967-5.3033 2.1967h-37.5c-1.98912 0-3.89678-.7902-5.3033-2.1967s-2.1967-3.3142-2.1967-5.3033v-33.75c0-1.9891.79018-3.89678 2.1967-5.3033s3.31418-2.1967 5.3033-2.1967zm-.5625 4.6875h38.625l2.25 2.25v34.875l-2.25 2.25h-38.625l-2.25-2.25v-34.875z" fill-rule="evenodd"/>
+    <path d="m15.9606 22c-.52 0-1.0187-.2107-1.3863-.5858-.3677-.3751-.5743-.8838-.5743-1.4142s.2066-1.0391.5743-1.4142c.3676-.3751.8663-.5858 1.3863-.5858h14.0788c.52 0 1.0187.2107 1.3863.5858.3677.3751.5743.8838.5743 1.4142s-.2066 1.0391-.5743 1.4142c-.3676.3751-.8663.5858-1.3863.5858z"/>
+    <path d="m44.0709 32h-28.1418c-.5116 0-1.0023-.2107-1.3641-.5858s-.565-.8838-.565-1.4142.2032-1.0391.565-1.4142.8525-.5858 1.3641-.5858h28.1418c.5116 0 1.0023.2107 1.3641.5858s.565.8838.565 1.4142-.2032 1.0391-.565 1.4142-.8525.5858-1.3641.5858z"/>
+    <path d="m44.0709 42h-28.1418c-.5116 0-1.0023-.2107-1.3641-.5858s-.565-.8838-.565-1.4142.2032-1.0391.565-1.4142.8525-.5858 1.3641-.5858h28.1418c.5116 0 1.0023.2107 1.3641.5858s.565.8838.565 1.4142-.2032 1.0391-.565 1.4142-.8525.5858-1.3641.5858z"/>
+  </g>
+</svg>
diff --git a/browser/components/onionservices/content/onionservices.css b/browser/components/onionservices/content/onionservices.css
new file mode 100644
index 000000000000..e2621ec8266d
--- /dev/null
+++ b/browser/components/onionservices/content/onionservices.css
@@ -0,0 +1,69 @@
+/* Copyright (c) 2020, The Tor Project, Inc. */
+
+ at namespace html url("http://www.w3.org/1999/xhtml");
+
+html|*#tor-clientauth-notification-onionname {
+  font-weight: bold;
+}
+
+html|*#tor-clientauth-notification-key {
+  box-sizing: border-box;
+  width: 100%;
+  margin-top: 15px;
+  padding: 6px;
+}
+
+/* Start of rules adapted from
+ * browser/components/newtab/css/activity-stream-mac.css (linux and windows
+ * use the same rules).
+ */
+html|*#tor-clientauth-notification-key.invalid {
+  border: 1px solid #D70022;
+  box-shadow: 0 0 0 1px #D70022, 0 0 0 4px rgba(215, 0, 34, 0.3);
+}
+
+html|*#tor-clientauth-warning {
+  display: inline-block;
+  animation: fade-up-tt 450ms;
+  background: #D70022;
+  border-radius: 2px;
+  color: #FFF;
+  inset-inline-start: 3px;
+  padding: 5px 12px;
+  position: relative;
+  top: 6px;
+  z-index: 1;
+}
+
+html|*#tor-clientauth-warning[hidden] {
+  display: none;
+}
+
+html|*#tor-clientauth-warning::before {
+  background: #D70022;
+  bottom: -8px;
+  content: '.';
+  height: 16px;
+  inset-inline-start: 12px;
+  position: absolute;
+  text-indent: -999px;
+  top: -7px;
+  transform: rotate(45deg);
+  white-space: nowrap;
+  width: 16px;
+  z-index: -1;
+}
+
+ at keyframes fade-up-tt {
+  0% {
+    opacity: 0;
+    transform: translateY(15px);
+  }
+  100% {
+    opacity: 1;
+    transform: translateY(0);
+  }
+}
+/* End of rules adapted from
+ * browser/components/newtab/css/activity-stream-mac.css
+ */
diff --git a/browser/components/onionservices/content/savedKeysDialog.js b/browser/components/onionservices/content/savedKeysDialog.js
new file mode 100644
index 000000000000..fd8b477a395d
--- /dev/null
+++ b/browser/components/onionservices/content/savedKeysDialog.js
@@ -0,0 +1,254 @@
+// Copyright (c) 2020, The Tor Project, Inc.
+
+"use strict";
+
+ChromeUtils.defineModuleGetter(
+  this,
+  "TorStrings",
+  "resource:///modules/TorStrings.jsm"
+);
+
+ChromeUtils.defineModuleGetter(
+  this,
+  "controller",
+  "resource://torbutton/modules/tor-control-port.js"
+);
+
+var gOnionServicesSavedKeysDialog = {
+  selector: {
+    dialog: "#onionservices-savedkeys-dialog",
+    intro: "#onionservices-savedkeys-intro",
+    tree: "#onionservices-savedkeys-tree",
+    onionSiteCol: "#onionservices-savedkeys-siteCol",
+    onionKeyCol: "#onionservices-savedkeys-keyCol",
+    errorIcon: "#onionservices-savedkeys-errorIcon",
+    errorMessage: "#onionservices-savedkeys-errorMessage",
+    removeButton: "#onionservices-savedkeys-remove",
+    removeAllButton: "#onionservices-savedkeys-removeall",
+  },
+
+  _tree: undefined,
+  _isBusy: false, // true when loading data, deleting a key, etc.
+
+  // Public functions (called from outside this file).
+  async deleteSelectedKeys() {
+    this._setBusyState(true);
+
+    const indexesToDelete = [];
+    const count = this._tree.view.selection.getRangeCount();
+    for (let i = 0; i < count; ++i) {
+      const minObj = {};
+      const maxObj = {};
+      this._tree.view.selection.getRangeAt(i, minObj, maxObj);
+      for (let idx = minObj.value; idx <= maxObj.value; ++idx) {
+        indexesToDelete.push(idx);
+      }
+    }
+
+    if (indexesToDelete.length) {
+      const controllerFailureMsg =
+        TorStrings.onionServices.authPreferences.failedToRemoveKey;
+      try {
+        const torController = await controller();
+
+        // Remove in reverse index order to avoid issues caused by index changes.
+        for (let i = indexesToDelete.length - 1; i >= 0; --i) {
+          await this._deleteOneKey(torController, indexesToDelete[i]);
+        }
+      } catch (e) {
+        if (e.torMessage) {
+          this._showError(e.torMessage);
+        } else {
+          this._showError(controllerFailureMsg);
+        }
+      }
+    }
+
+    this._setBusyState(false);
+  },
+
+  async deleteAllKeys() {
+    this._tree.view.selection.selectAll();
+    await this.deleteSelectedKeys();
+  },
+
+  updateButtonsState() {
+    const haveSelection = this._tree.view.selection.getRangeCount() > 0;
+    const dialog = document.querySelector(this.selector.dialog);
+    const removeSelectedBtn = dialog.querySelector(this.selector.removeButton);
+    removeSelectedBtn.disabled = this._isBusy || !haveSelection;
+    const removeAllBtn = dialog.querySelector(this.selector.removeAllButton);
+    removeAllBtn.disabled = this._isBusy || this.rowCount === 0;
+  },
+
+  // Private functions.
+  _onLoad() {
+    document.mozSubdialogReady = this._init();
+  },
+
+  async _init() {
+    await this._populateXUL();
+
+    window.addEventListener("keypress", this._onWindowKeyPress.bind(this));
+
+    // We don't use await here because we want _loadSavedKeys() to run
+    // in the background and not block loading of this dialog.
+    this._loadSavedKeys();
+  },
+
+  async _populateXUL() {
+    const dialog = document.querySelector(this.selector.dialog);
+    const authPrefStrings = TorStrings.onionServices.authPreferences;
+    dialog.setAttribute("title", authPrefStrings.dialogTitle);
+
+    let elem = dialog.querySelector(this.selector.intro);
+    elem.textContent = authPrefStrings.dialogIntro;
+
+    elem = dialog.querySelector(this.selector.onionSiteCol);
+    elem.setAttribute("label", authPrefStrings.onionSite);
+
+    elem = dialog.querySelector(this.selector.onionKeyCol);
+    elem.setAttribute("label", authPrefStrings.onionKey);
+
+    elem = dialog.querySelector(this.selector.removeButton);
+    elem.setAttribute("label", authPrefStrings.remove);
+
+    elem = dialog.querySelector(this.selector.removeAllButton);
+    elem.setAttribute("label", authPrefStrings.removeAll);
+
+    this._tree = dialog.querySelector(this.selector.tree);
+  },
+
+  async _loadSavedKeys() {
+    const controllerFailureMsg =
+      TorStrings.onionServices.authPreferences.failedToGetKeys;
+    this._setBusyState(true);
+
+    try {
+      this._tree.view = this;
+
+      const torController = await controller();
+      const keyInfoList = await torController.onionAuthViewKeys();
+      if (keyInfoList) {
+        // Filter out temporary keys.
+        this._keyInfoList = keyInfoList.filter(aKeyInfo => {
+          if (!aKeyInfo.Flags) {
+            return false;
+          }
+
+          const flags = aKeyInfo.Flags.split(",");
+          return flags.includes("Permanent");
+        });
+
+        // Sort by the .onion address.
+        this._keyInfoList.sort((aObj1, aObj2) => {
+          const hsAddr1 = aObj1.hsAddress.toLowerCase();
+          const hsAddr2 = aObj2.hsAddress.toLowerCase();
+          if (hsAddr1 < hsAddr2) {
+            return -1;
+          }
+          return hsAddr1 > hsAddr2 ? 1 : 0;
+        });
+      }
+
+      // Render the tree content.
+      this._tree.rowCountChanged(0, this.rowCount);
+    } catch (e) {
+      if (e.torMessage) {
+        this._showError(e.torMessage);
+      } else {
+        this._showError(controllerFailureMsg);
+      }
+    }
+
+    this._setBusyState(false);
+  },
+
+  // This method may throw; callers should catch errors.
+  async _deleteOneKey(aTorController, aIndex) {
+    const keyInfoObj = this._keyInfoList[aIndex];
+    await aTorController.onionAuthRemove(keyInfoObj.hsAddress);
+    this._tree.view.selection.clearRange(aIndex, aIndex);
+    this._keyInfoList.splice(aIndex, 1);
+    this._tree.rowCountChanged(aIndex + 1, -1);
+  },
+
+  _setBusyState(aIsBusy) {
+    this._isBusy = aIsBusy;
+    this.updateButtonsState();
+  },
+
+  _onWindowKeyPress(event) {
+    if (event.keyCode === KeyEvent.DOM_VK_ESCAPE) {
+      window.close();
+    } else if (event.keyCode === KeyEvent.DOM_VK_DELETE) {
+      this.deleteSelectedKeys();
+    }
+  },
+
+  _showError(aMessage) {
+    const dialog = document.querySelector(this.selector.dialog);
+    const errorIcon = dialog.querySelector(this.selector.errorIcon);
+    errorIcon.style.visibility = aMessage ? "visible" : "hidden";
+    const errorDesc = dialog.querySelector(this.selector.errorMessage);
+    errorDesc.textContent = aMessage ? aMessage : "";
+  },
+
+  // XUL tree widget view implementation.
+  get rowCount() {
+    return this._keyInfoList ? this._keyInfoList.length : 0;
+  },
+
+  getCellText(aRow, aCol) {
+    let val = "";
+    if (this._keyInfoList && aRow < this._keyInfoList.length) {
+      const keyInfo = this._keyInfoList[aRow];
+      if (aCol.id.endsWith("-siteCol")) {
+        val = keyInfo.hsAddress;
+      } else if (aCol.id.endsWith("-keyCol")) {
+        val = keyInfo.typeAndKey;
+        // Omit keyType because it is always "x25519".
+        const idx = val.indexOf(":");
+        if (idx > 0) {
+          val = val.substring(idx + 1);
+        }
+      }
+    }
+
+    return val;
+  },
+
+  isSeparator(index) {
+    return false;
+  },
+
+  isSorted() {
+    return false;
+  },
+
+  isContainer(index) {
+    return false;
+  },
+
+  setTree(tree) {},
+
+  getImageSrc(row, column) {},
+
+  getCellValue(row, column) {},
+
+  cycleHeader(column) {},
+
+  getRowProperties(row) {
+    return "";
+  },
+
+  getColumnProperties(column) {
+    return "";
+  },
+
+  getCellProperties(row, column) {
+    return "";
+  },
+};
+
+window.addEventListener("load", () => gOnionServicesSavedKeysDialog._onLoad());
diff --git a/browser/components/onionservices/content/savedKeysDialog.xhtml b/browser/components/onionservices/content/savedKeysDialog.xhtml
new file mode 100644
index 000000000000..3db9bb05ea82
--- /dev/null
+++ b/browser/components/onionservices/content/savedKeysDialog.xhtml
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<!-- Copyright (c) 2020, The Tor Project, Inc. -->
+
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/skin/preferences/preferences.css" type="text/css"?>
+<?xml-stylesheet href="chrome://browser/content/onionservices/authPreferences.css" type="text/css"?>
+
+<window id="onionservices-savedkeys-dialog"
+    windowtype="OnionServices:SavedKeys"
+    xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+    style="width: 45em;">
+
+  <script src="chrome://browser/content/onionservices/savedKeysDialog.js"/>
+
+  <vbox id="onionservices-savedkeys" class="contentPane" flex="1">
+    <label id="onionservices-savedkeys-intro"
+           control="onionservices-savedkeys-tree"/>
+    <separator class="thin"/>
+    <tree id="onionservices-savedkeys-tree" flex="1" hidecolumnpicker="true"
+          width="750"
+          style="height: 20em;"
+          onselect="gOnionServicesSavedKeysDialog.updateButtonsState();">
+      <treecols>
+        <treecol id="onionservices-savedkeys-siteCol" flex="1" persist="width"/>
+        <splitter class="tree-splitter"/>
+        <treecol id="onionservices-savedkeys-keyCol" flex="1" persist="width"/>
+      </treecols>
+      <treechildren/>
+    </tree>
+    <hbox id="onionservices-savedkeys-errorContainer" align="baseline" flex="1">
+      <image id="onionservices-savedkeys-errorIcon"/>
+      <description id="onionservices-savedkeys-errorMessage" flex="1"/>
+    </hbox>
+    <separator class="thin"/>
+    <hbox id="onionservices-savedkeys-buttons">
+      <button id="onionservices-savedkeys-remove" disabled="true"
+              oncommand="gOnionServicesSavedKeysDialog.deleteSelectedKeys();"/>
+      <button id="onionservices-savedkeys-removeall"
+              oncommand="gOnionServicesSavedKeysDialog.deleteAllKeys();"/>
+    </hbox>
+  </vbox>
+</window>
diff --git a/browser/components/onionservices/jar.mn b/browser/components/onionservices/jar.mn
new file mode 100644
index 000000000000..9d6ce88d1841
--- /dev/null
+++ b/browser/components/onionservices/jar.mn
@@ -0,0 +1,9 @@
+browser.jar:
+    content/browser/onionservices/authPreferences.css              (content/authPreferences.css)
+    content/browser/onionservices/authPreferences.js               (content/authPreferences.js)
+    content/browser/onionservices/authPrompt.js                    (content/authPrompt.js)
+    content/browser/onionservices/authUtil.jsm                     (content/authUtil.jsm)
+    content/browser/onionservices/netError/                        (content/netError/*)
+    content/browser/onionservices/onionservices.css                (content/onionservices.css)
+    content/browser/onionservices/savedKeysDialog.js               (content/savedKeysDialog.js)
+    content/browser/onionservices/savedKeysDialog.xhtml            (content/savedKeysDialog.xhtml)
diff --git a/browser/components/onionservices/moz.build b/browser/components/onionservices/moz.build
new file mode 100644
index 000000000000..2661ad7cb9f3
--- /dev/null
+++ b/browser/components/onionservices/moz.build
@@ -0,0 +1 @@
+JAR_MANIFESTS += ["jar.mn"]
diff --git a/browser/components/preferences/preferences.xhtml b/browser/components/preferences/preferences.xhtml
index cb8716f48a50..729470b683af 100644
--- a/browser/components/preferences/preferences.xhtml
+++ b/browser/components/preferences/preferences.xhtml
@@ -15,6 +15,7 @@
 <?xml-stylesheet href="chrome://browser/skin/preferences/privacy.css"?>
 <?xml-stylesheet href="chrome://browser/content/securitylevel/securityLevelPreferences.css"?>
 <?xml-stylesheet href="chrome://browser/content/torpreferences/torPreferences.css"?>
+<?xml-stylesheet href="chrome://browser/content/onionservices/authPreferences.css"?>
 
 <!DOCTYPE html [
 <!ENTITY % aboutTorDTD SYSTEM "chrome://torbutton/locale/aboutTor.dtd">
diff --git a/browser/components/preferences/privacy.inc.xhtml b/browser/components/preferences/privacy.inc.xhtml
index 8b2a1c99390d..37f77e3b70da 100644
--- a/browser/components/preferences/privacy.inc.xhtml
+++ b/browser/components/preferences/privacy.inc.xhtml
@@ -526,6 +526,8 @@
   <label id="fips-desc" hidden="true" data-l10n-id="forms-master-pw-fips-desc"></label>
 </groupbox>
 
+#include ../onionservices/content/authPreferences.inc.xhtml
+
 <!-- The form autofill section is inserted in to this box
      after the form autofill extension has initialized. -->
 <groupbox id="formAutofillGroupBox"
diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js
index b1413b208521..d584fb5e4624 100644
--- a/browser/components/preferences/privacy.js
+++ b/browser/components/preferences/privacy.js
@@ -48,6 +48,12 @@ XPCOMUtils.defineLazyGetter(this, "AlertsServiceDND", function() {
   }
 });
 
+XPCOMUtils.defineLazyScriptGetter(
+  this,
+  ["OnionServicesAuthPreferences"],
+  "chrome://browser/content/onionservices/authPreferences.js"
+);
+
 // TODO: module import via ChromeUtils.defineModuleGetter
 XPCOMUtils.defineLazyScriptGetter(
   this,
@@ -528,6 +534,7 @@ var gPrivacyPane = {
     this.trackingProtectionReadPrefs();
     this.networkCookieBehaviorReadPrefs();
     this._initTrackingProtectionExtensionControl();
+    OnionServicesAuthPreferences.init();
     this._initSecurityLevel();
 
     Services.telemetry.setEventRecordingEnabled("pwmgr", true);
diff --git a/browser/themes/shared/aboutNetError.css b/browser/themes/shared/aboutNetError.css
index 73f9d2760a15..438cc5782291 100644
--- a/browser/themes/shared/aboutNetError.css
+++ b/browser/themes/shared/aboutNetError.css
@@ -8,6 +8,13 @@ body {
   --warning-color: #ffa436;
 }
 
+body.onionAuthPrompt {
+  background: white;
+}
+.onionAuthPrompt > * {
+  display: none;
+}
+
 @media (prefers-color-scheme: dark)  {
   body {
     --warning-color: #ffbd4f;
diff --git a/browser/themes/shared/notification-icons.css b/browser/themes/shared/notification-icons.css
index a24538ebd5dd..3422aa2f6dff 100644
--- a/browser/themes/shared/notification-icons.css
+++ b/browser/themes/shared/notification-icons.css
@@ -126,6 +126,8 @@
   list-style-image: url(chrome://browser/skin/notification-icons/persistent-storage.svg);
 }
 
+.popup-notification-icon[popupid="tor-clientauth"],
+.tor-clientauth-icon,
 #password-notification-icon {
   list-style-image: url(chrome://browser/skin/login.svg);
 }
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 1c38a851c5ec..8c1c3970ca84 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -3785,6 +3785,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
     }
   } else {
     // Errors requiring simple formatting
+    bool isOnionAuthError = false;
     switch (aError) {
       case NS_ERROR_MALFORMED_URI:
         // URI is malformed
@@ -3866,10 +3867,46 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
         // HTTP/2 or HTTP/3 stack detected a protocol error
         error = "networkProtocolError";
         break;
-
+      case NS_ERROR_TOR_ONION_SVC_NOT_FOUND:
+        error = "onionServices.descNotFound";
+        break;
+      case NS_ERROR_TOR_ONION_SVC_IS_INVALID:
+        error = "onionServices.descInvalid";
+        break;
+      case NS_ERROR_TOR_ONION_SVC_INTRO_FAILED:
+        error = "onionServices.introFailed";
+        break;
+      case NS_ERROR_TOR_ONION_SVC_REND_FAILED:
+        error = "onionServices.rendezvousFailed";
+        break;
+      case NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH:
+        error = "onionServices.clientAuthMissing";
+        isOnionAuthError = true;
+        break;
+      case NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH:
+        error = "onionServices.clientAuthIncorrect";
+        isOnionAuthError = true;
+        break;
+      case NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS:
+        error = "onionServices.badAddress";
+        break;
+      case NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT:
+        error = "onionServices.introTimedOut";
+        break;
       default:
         break;
     }
+
+    // The presence of aFailedChannel indicates that we arrived here due to a
+    // failed connection attempt. Note that we will arrive here a second time
+    // if the user cancels the Tor client auth prompt, but in that case we
+    // will not have a failed channel and therefore we will not prompt again.
+    if (isOnionAuthError && aFailedChannel) {
+      // Display about:neterror with a style emulating about:blank while the
+      // Tor client auth prompt is open. Do not use about:blank directly: it
+      // will mess with the failed channel information persistence!
+      cssClass.AssignLiteral("onionAuthPrompt");
+    }
   }
 
   nsresult delegateErrorCode = aError;
@@ -3956,6 +3993,20 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
     nsAutoString str;
     rv =
         stringBundle->FormatStringFromName(errorDescriptionID, formatStrs, str);
+    if (NS_FAILED(rv)) {
+      // As a fallback, check torbutton.properties for the error string.
+      const char bundleURL[] = "chrome://torbutton/locale/torbutton.properties";
+      nsCOMPtr<nsIStringBundleService> stringBundleService =
+          mozilla::services::GetStringBundleService();
+      if (stringBundleService) {
+        nsCOMPtr<nsIStringBundle> tbStringBundle;
+        if (NS_SUCCEEDED(stringBundleService->CreateBundle(
+                bundleURL, getter_AddRefs(tbStringBundle)))) {
+          rv = tbStringBundle->FormatStringFromName(errorDescriptionID,
+                                                    formatStrs, str);
+        }
+      }
+    }
     NS_ENSURE_SUCCESS(rv, rv);
     messageStr.Assign(str);
   }
@@ -6351,6 +6402,7 @@ nsresult nsDocShell::FilterStatusForErrorPage(
       aStatus == NS_ERROR_FILE_ACCESS_DENIED ||
       aStatus == NS_ERROR_CORRUPTED_CONTENT ||
       aStatus == NS_ERROR_INVALID_CONTENT_ENCODING ||
+      NS_ERROR_GET_MODULE(aStatus) == NS_ERROR_MODULE_TOR ||
       NS_ERROR_GET_MODULE(aStatus) == NS_ERROR_MODULE_SECURITY) {
     // Errors to be shown for any frame
     return aStatus;
@@ -8122,6 +8174,35 @@ nsresult nsDocShell::CreateContentViewer(const nsACString& aContentType,
     FireOnLocationChange(this, aRequest, mCurrentURI, locationFlags);
   }
 
+  // Arrange to show a Tor onion service client authentication prompt if
+  // appropriate.
+  if ((mLoadType == LOAD_ERROR_PAGE) && failedChannel) {
+    nsresult status = NS_OK;
+    if (NS_SUCCEEDED(failedChannel->GetStatus(&status)) &&
+        ((status == NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH) ||
+         (status == NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH))) {
+      nsAutoCString onionHost;
+      failedURI->GetHost(onionHost);
+      const char* topic = (status == NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH)
+                              ? "tor-onion-services-clientauth-missing"
+                              : "tor-onion-services-clientauth-incorrect";
+      if (XRE_IsContentProcess()) {
+        nsCOMPtr<nsIBrowserChild> browserChild = GetBrowserChild();
+        if (browserChild) {
+          static_cast<BrowserChild*>(browserChild.get())
+              ->SendShowOnionServicesAuthPrompt(onionHost, nsCString(topic));
+        }
+      } else {
+        nsCOMPtr<nsPIDOMWindowOuter> browserWin = GetWindow();
+        nsCOMPtr<nsIObserverService> obsSvc = services::GetObserverService();
+        if (browserWin && obsSvc) {
+          obsSvc->NotifyObservers(browserWin, topic,
+                                  NS_ConvertUTF8toUTF16(onionHost).get());
+        }
+      }
+    }
+  }
+
   return NS_OK;
 }
 
diff --git a/dom/ipc/BrowserParent.cpp b/dom/ipc/BrowserParent.cpp
index 498f5e3ff98d..1293ecfd054f 100644
--- a/dom/ipc/BrowserParent.cpp
+++ b/dom/ipc/BrowserParent.cpp
@@ -3920,6 +3920,27 @@ mozilla::ipc::IPCResult BrowserParent::RecvShowCanvasPermissionPrompt(
   return IPC_OK();
 }
 
+mozilla::ipc::IPCResult BrowserParent::RecvShowOnionServicesAuthPrompt(
+    const nsCString& aOnionName, const nsCString& aTopic) {
+  nsCOMPtr<nsIBrowser> browser =
+      mFrameElement ? mFrameElement->AsBrowser() : nullptr;
+  if (!browser) {
+    // If the tab is being closed, the browser may not be available.
+    // In this case we can ignore the request.
+    return IPC_OK();
+  }
+  nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+  if (!os) {
+    return IPC_FAIL_NO_REASON(this);
+  }
+  nsresult rv = os->NotifyObservers(browser, aTopic.get(),
+                                    NS_ConvertUTF8toUTF16(aOnionName).get());
+  if (NS_FAILED(rv)) {
+    return IPC_FAIL_NO_REASON(this);
+  }
+  return IPC_OK();
+}
+
 mozilla::ipc::IPCResult BrowserParent::RecvVisitURI(nsIURI* aURI,
                                                     nsIURI* aLastVisitedURI,
                                                     const uint32_t& aFlags) {
diff --git a/dom/ipc/BrowserParent.h b/dom/ipc/BrowserParent.h
index 755168b6dbd0..264ac1948e70 100644
--- a/dom/ipc/BrowserParent.h
+++ b/dom/ipc/BrowserParent.h
@@ -745,6 +745,9 @@ class BrowserParent final : public PBrowserParent,
   mozilla::ipc::IPCResult RecvShowCanvasPermissionPrompt(
       const nsCString& aOrigin, const bool& aHideDoorHanger);
 
+  mozilla::ipc::IPCResult RecvShowOnionServicesAuthPrompt(
+      const nsCString& aOnionName, const nsCString& aTopic);
+
   mozilla::ipc::IPCResult RecvSetSystemFont(const nsCString& aFontName);
   mozilla::ipc::IPCResult RecvGetSystemFont(nsCString* aFontName);
 
diff --git a/dom/ipc/PBrowser.ipdl b/dom/ipc/PBrowser.ipdl
index 9447427f3980..5fa2f666756a 100644
--- a/dom/ipc/PBrowser.ipdl
+++ b/dom/ipc/PBrowser.ipdl
@@ -598,6 +598,15 @@ parent:
     async RequestPointerCapture(uint32_t aPointerId) returns (bool aSuccess);
     async ReleasePointerCapture(uint32_t aPointerId);
 
+    /**
+     * This function is used to notify the parent that it should display a
+     * onion services client authentication prompt.
+     *
+     * @param aOnionHost The hostname of the .onion that needs authentication.
+     * @param aTopic The reason for the prompt.
+     */
+    async ShowOnionServicesAuthPrompt(nsCString aOnionHost, nsCString aTopic);
+
 child:
     async NativeSynthesisResponse(uint64_t aObserverId, nsCString aResponse);
     async UpdateSHistory();
diff --git a/js/xpconnect/src/xpc.msg b/js/xpconnect/src/xpc.msg
index 1995b1445da1..27202b657805 100644
--- a/js/xpconnect/src/xpc.msg
+++ b/js/xpconnect/src/xpc.msg
@@ -246,6 +246,16 @@ XPC_MSG_DEF(NS_ERROR_FINGERPRINTING_URI               , "The URI is fingerprinti
 XPC_MSG_DEF(NS_ERROR_CRYPTOMINING_URI                 , "The URI is cryptomining")
 XPC_MSG_DEF(NS_ERROR_SOCIALTRACKING_URI               , "The URI is social tracking")
 
+/* Codes related to Tor */
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_NOT_FOUND          , "Tor onion service descriptor cannot be found")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_IS_INVALID         , "Tor onion service descriptor is invalid")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_INTRO_FAILED       , "Tor onion service introduction failed")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_REND_FAILED        , "Tor onion service rendezvous failed")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH, "Tor onion service missing client authorization")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH    , "Tor onion service wrong client authorization")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS        , "Tor onion service bad address")
+XPC_MSG_DEF(NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT     , "Tor onion service introduction timed out")
+
 /* Profile manager error codes */
 XPC_MSG_DEF(NS_ERROR_DATABASE_CHANGED                 , "Flushing the profiles to disk would have overwritten changes made elsewhere.")
 
diff --git a/netwerk/base/nsSocketTransport2.cpp b/netwerk/base/nsSocketTransport2.cpp
index 2e3241a50a91..4371def2a08c 100644
--- a/netwerk/base/nsSocketTransport2.cpp
+++ b/netwerk/base/nsSocketTransport2.cpp
@@ -216,6 +216,12 @@ nsresult ErrorAccordingToNSPR(PRErrorCode errorCode) {
     default:
       if (psm::IsNSSErrorCode(errorCode)) {
         rv = psm::GetXPCOMFromNSSError(errorCode);
+      } else {
+        // If we received a Tor extended error code via SOCKS, pass it through.
+        nsresult res = nsresult(errorCode);
+        if (NS_ERROR_GET_MODULE(res) == NS_ERROR_MODULE_TOR) {
+          rv = res;
+        }
       }
       break;
 
diff --git a/netwerk/socket/nsSOCKSIOLayer.cpp b/netwerk/socket/nsSOCKSIOLayer.cpp
index 119a3cbf4c51..f9fc29552ace 100644
--- a/netwerk/socket/nsSOCKSIOLayer.cpp
+++ b/netwerk/socket/nsSOCKSIOLayer.cpp
@@ -979,6 +979,55 @@ PRStatus nsSOCKSSocketInfo::ReadV5ConnectResponseTop() {
              "08, Address type not supported."));
         c = PR_BAD_ADDRESS_ERROR;
         break;
+      case 0xF0:  // Tor SOCKS5_HS_NOT_FOUND
+        LOGERROR(
+            ("socks5: connect failed: F0,"
+             " Tor onion service descriptor can not be found."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_NOT_FOUND);
+        break;
+      case 0xF1:  // Tor SOCKS5_HS_IS_INVALID
+        LOGERROR(
+            ("socks5: connect failed: F1,"
+             " Tor onion service descriptor is invalid."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_IS_INVALID);
+        break;
+      case 0xF2:  // Tor SOCKS5_HS_INTRO_FAILED
+        LOGERROR(
+            ("socks5: connect failed: F2,"
+             " Tor onion service introduction failed."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_INTRO_FAILED);
+        break;
+      case 0xF3:  // Tor SOCKS5_HS_REND_FAILED
+        LOGERROR(
+            ("socks5: connect failed: F3,"
+             " Tor onion service rendezvous failed."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_REND_FAILED);
+        break;
+      case 0xF4:  // Tor SOCKS5_HS_MISSING_CLIENT_AUTH
+        LOGERROR(
+            ("socks5: connect failed: F4,"
+             " Tor onion service missing client authorization."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH);
+        break;
+      case 0xF5:  // Tor SOCKS5_HS_BAD_CLIENT_AUTH
+        LOGERROR(
+            ("socks5: connect failed: F5,"
+             " Tor onion service wrong client authorization."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH);
+        break;
+      case 0xF6:  // Tor SOCKS5_HS_BAD_ADDRESS
+        LOGERROR(
+            ("socks5: connect failed: F6,"
+             " Tor onion service bad address."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS);
+        break;
+      case 0xF7:  // Tor SOCKS5_HS_INTRO_TIMEDOUT
+        LOGERROR(
+            ("socks5: connect failed: F7,"
+             " Tor onion service introduction timed out."));
+        c = static_cast<uint32_t>(NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT);
+        break;
+
       default:
         LOGERROR(("socks5: connect failed."));
         break;
diff --git a/toolkit/modules/PopupNotifications.jsm b/toolkit/modules/PopupNotifications.jsm
index de7fc8537c55..9242a2975681 100644
--- a/toolkit/modules/PopupNotifications.jsm
+++ b/toolkit/modules/PopupNotifications.jsm
@@ -410,6 +410,8 @@ PopupNotifications.prototype = {
    *            will be dismissed instead of removed after running the callback.
    *          - [optional] disabled (boolean): If this is true, the button
    *            will be disabled.
+   *          - [optional] leaveOpen (boolean): If this is true, the notification
+   *            will not be removed after running the callback.
    *        If null, the notification will have a default "OK" action button
    *        that can be used to dismiss the popup and secondaryActions will be ignored.
    * @param secondaryActions
@@ -1908,6 +1910,10 @@ PopupNotifications.prototype = {
         this._dismiss();
         return;
       }
+
+      if (action.leaveOpen) {
+        return;
+      }
     }
 
     this._remove(notification);
diff --git a/toolkit/modules/RemotePageAccessManager.jsm b/toolkit/modules/RemotePageAccessManager.jsm
index 6b1da814765f..ec48d9276bde 100644
--- a/toolkit/modules/RemotePageAccessManager.jsm
+++ b/toolkit/modules/RemotePageAccessManager.jsm
@@ -95,6 +95,7 @@ let RemotePageAccessManager = {
       RPMAddToHistogram: ["*"],
       RPMGetInnerMostURI: ["*"],
       RPMGetHttpResponseHeader: ["*"],
+      RPMGetTorStrings: ["*"],
       RPMSendQuery: ["ShouldShowTorConnect"],
     },
     "about:plugins": {
diff --git a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/frame-script.js b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/frame-script.js
index 881f8386b3a1..fd86b1ea487c 100644
--- a/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/frame-script.js
+++ b/tools/lint/eslint/eslint-plugin-mozilla/lib/environments/frame-script.js
@@ -40,5 +40,6 @@ module.exports = {
     RPMGetHttpResponseHeader: false,
     RPMTryPingSecureWWWLink: false,
     RPMOpenSecureWWWLink: false,
+    RPMGetTorStrings: false,
   },
 };
diff --git a/xpcom/base/ErrorList.py b/xpcom/base/ErrorList.py
index b1f9384c3e23..5ebf1a8f678a 100755
--- a/xpcom/base/ErrorList.py
+++ b/xpcom/base/ErrorList.py
@@ -89,6 +89,7 @@ modules["ERRORRESULT"] = Mod(43)
 # Win32 system error codes, which are not mapped to a specific other value,
 # see Bug 1686041.
 modules["WIN32"] = Mod(44)
+modules["TOR"] = Mod(45)
 
 # NS_ERROR_MODULE_GENERAL should be used by modules that do not
 # care if return code values overlap. Callers of methods that
@@ -1212,6 +1213,27 @@ with modules["ERRORRESULT"]:
     errors["NS_ERROR_INTERNAL_ERRORRESULT_RANGEERROR"] = FAILURE(5)
 
 
+# =======================================================================
+# 45: Tor-specific error codes.
+# =======================================================================
+with modules["TOR"]:
+    # Tor onion service descriptor can not be found.
+    errors["NS_ERROR_TOR_ONION_SVC_NOT_FOUND"] = FAILURE(1)
+    # Tor onion service descriptor is invalid.
+    errors["NS_ERROR_TOR_ONION_SVC_IS_INVALID"] = FAILURE(2)
+    # Tor onion service introduction failed.
+    errors["NS_ERROR_TOR_ONION_SVC_INTRO_FAILED"] = FAILURE(3)
+    # Tor onion service rendezvous failed.
+    errors["NS_ERROR_TOR_ONION_SVC_REND_FAILED"] = FAILURE(4)
+    # Tor onion service missing client authorization.
+    errors["NS_ERROR_TOR_ONION_SVC_MISSING_CLIENT_AUTH"] = FAILURE(5)
+    # Tor onion service wrong client authorization.
+    errors["NS_ERROR_TOR_ONION_SVC_BAD_CLIENT_AUTH"] = FAILURE(6)
+    # Tor onion service bad address.
+    errors["NS_ERROR_TOR_ONION_SVC_BAD_ADDRESS"] = FAILURE(7)
+    # Tor onion service introduction timed out.
+    errors["NS_ERROR_TOR_ONION_SVC_INTRO_TIMEDOUT"] = FAILURE(8)
+
 # =======================================================================
 # 51: NS_ERROR_MODULE_GENERAL
 # =======================================================================

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tor-commits mailing list