summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/PublicKeyPinningService.cpp
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@wolfbeast.com>2019-01-14 20:21:16 +0100
committerGitHub <noreply@github.com>2019-01-14 20:21:16 +0100
commitfb1d4c9712eb1898d89f90edfc6120ff169e6357 (patch)
tree677d602abee695200146c4d51ba8db10146bc38c /security/manager/ssl/PublicKeyPinningService.cpp
parentf38edc94a31de3bae839cf63ed57c3851908ac46 (diff)
parent6335404642a019df481275f4f290ea76b4d8f597 (diff)
downloadUXP-fb1d4c9712eb1898d89f90edfc6120ff169e6357.tar
UXP-fb1d4c9712eb1898d89f90edfc6120ff169e6357.tar.gz
UXP-fb1d4c9712eb1898d89f90edfc6120ff169e6357.tar.lz
UXP-fb1d4c9712eb1898d89f90edfc6120ff169e6357.tar.xz
UXP-fb1d4c9712eb1898d89f90edfc6120ff169e6357.zip
Merge pull request #929 from adeshkp/remove-telemetry-stubs
Telemetry: Remove stubs and related code
Diffstat (limited to 'security/manager/ssl/PublicKeyPinningService.cpp')
-rw-r--r--security/manager/ssl/PublicKeyPinningService.cpp47
1 files changed, 3 insertions, 44 deletions
diff --git a/security/manager/ssl/PublicKeyPinningService.cpp b/security/manager/ssl/PublicKeyPinningService.cpp
index 1f34c880b..ffee8ba48 100644
--- a/security/manager/ssl/PublicKeyPinningService.cpp
+++ b/security/manager/ssl/PublicKeyPinningService.cpp
@@ -4,11 +4,9 @@
#include "PublicKeyPinningService.h"
-#include "RootCertificateTelemetryUtils.h"
#include "mozilla/Base64.h"
#include "mozilla/Casting.h"
#include "mozilla/Logging.h"
-#include "mozilla/Telemetry.h"
#include "nsISiteSecurityService.h"
#include "nsServiceManagerUtils.h"
#include "nsSiteSecurityService.h"
@@ -233,8 +231,7 @@ FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
static nsresult
CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
bool enforceTestMode, mozilla::pkix::Time time,
- /*out*/ bool& chainHasValidPins,
- /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
+ /*out*/ bool& chainHasValidPins)
{
chainHasValidPins = false;
if (!certList) {
@@ -265,47 +262,11 @@ CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
return rv;
}
chainHasValidPins = enforceTestModeResult;
- Telemetry::ID histogram = staticFingerprints->mIsMoz
- ? Telemetry::CERT_PINNING_MOZ_RESULTS
- : Telemetry::CERT_PINNING_RESULTS;
if (staticFingerprints->mTestMode) {
- histogram = staticFingerprints->mIsMoz
- ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS
- : Telemetry::CERT_PINNING_TEST_RESULTS;
if (!enforceTestMode) {
chainHasValidPins = true;
}
}
- // We can collect per-host pinning violations for this host because it is
- // operationally critical to Firefox.
- if (pinningTelemetryInfo) {
- if (staticFingerprints->mId != kUnknownId) {
- int32_t bucket = staticFingerprints->mId * 2
- + (enforceTestModeResult ? 1 : 0);
- histogram = staticFingerprints->mTestMode
- ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
- : Telemetry::CERT_PINNING_MOZ_RESULTS_BY_HOST;
- pinningTelemetryInfo->certPinningResultBucket = bucket;
- } else {
- pinningTelemetryInfo->certPinningResultBucket =
- enforceTestModeResult ? 1 : 0;
- }
- pinningTelemetryInfo->accumulateResult = true;
- pinningTelemetryInfo->certPinningResultHistogram = histogram;
- }
-
- // We only collect per-CA pinning statistics upon failures.
- CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
- // Only log telemetry if the certificate list is non-empty.
- if (!CERT_LIST_END(rootNode, certList)) {
- if (!enforceTestModeResult && pinningTelemetryInfo) {
- int32_t binNumber = RootCABinNumber(&rootNode->cert->derCert);
- if (binNumber != ROOT_CERTIFICATE_UNKNOWN ) {
- pinningTelemetryInfo->accumulateForRoot = true;
- pinningTelemetryInfo->rootBucket = binNumber;
- }
- }
- }
MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
("pkpin: Pin check %s for %s host '%s' (mode=%s)\n",
@@ -322,8 +283,7 @@ PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList,
const char* hostname,
mozilla::pkix::Time time,
bool enforceTestMode,
- /*out*/ bool& chainHasValidPins,
- /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
+ /*out*/ bool& chainHasValidPins)
{
chainHasValidPins = false;
if (!certList) {
@@ -334,8 +294,7 @@ PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList,
}
nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
return CheckPinsForHostname(certList, canonicalizedHostname.get(),
- enforceTestMode, time, chainHasValidPins,
- pinningTelemetryInfo);
+ enforceTestMode, time, chainHasValidPins);
}
nsresult