Restore clearly-delimited format for the HSTS preload list

3 files changed, 23 insertions, 65 deletions

diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
index d461f6b61..1d79844ff 100644
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -935,7 +935,7 @@ int STSPreloadCompare(const void *key, const void *entry)
 {
   const char *keyStr = (const char *)key;
   const nsSTSPreload *preloadEntry = (const nsSTSPreload *)entry;
-  return strcmp(keyStr, &kSTSHostTable[preloadEntry->mHostIndex]);
+  return strcmp(keyStr, preloadEntry->mHost);
 }
 
 // Returns the preload list entry for the given host, if it exists.
diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h
index f100a8f40..c40180550 100644
--- a/security/manager/ssl/nsSiteSecurityService.h
+++ b/security/manager/ssl/nsSiteSecurityService.h
@@ -110,7 +110,7 @@ public:
   void ToString(nsCString &aString);
 };
 
-struct nsSTSPreload;
+class nsSTSPreload;
 
 class nsSiteSecurityService : public nsISiteSecurityService
                             , public nsIObserver
diff --git a/security/manager/tools/getHSTSPreloadList.js b/security/manager/tools/getHSTSPreloadList.js
index 29f4ba420..518a9246b 100644
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -42,6 +42,16 @@ const HEADER = "/* This Source Code Form is subject to the terms of the Mozilla
 "/*****************************************************************************/\n" +
 "\n" +
 "#include <stdint.h>\n";
+const PREFIX = "\n" +
+"class nsSTSPreload\n" +
+"{\n" +
+"  public:\n" +
+"    const char *mHost;\n" +
+"    const bool mIncludeSubdomains;\n" +
+"};\n" +
+"\n" +
+"static const nsSTSPreload kSTSPreloadList[] = {\n";
+const POSTFIX =  "};\n";
 
 function download() {
   var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
@@ -244,9 +254,12 @@ function errorToString(status) {
           : status.error);
 }
 
-function writeEntry(status, indices, outputStream) {
-  let includeSubdomains = (status.finalIncludeSubdomains ? "true" : "false");
-  writeTo("  { " + indices[status.name] + ", " + includeSubdomains + " },\n",
+function writeEntry(status, outputStream) {
+  let incSubdomainsBool = (status.forceInclude && status.error != ERROR_NONE
+                           ? status.originalIncludeSubdomains
+                           : status.includeSubdomains);
+  let includeSubdomains = (incSubdomainsBool ? "true" : "false");
+  writeTo("  { \"" + status.name + "\", " + includeSubdomains + " },\n",
           outputStream);
 }
 
@@ -258,6 +271,7 @@ function output(sortedStatuses, currentList) {
     var eos = FileUtils.openSafeFileOutputStream(errorFile);
     writeTo(HEADER, fos);
     writeTo(getExpirationTimeString(), fos);
+    writeTo(PREFIX, fos);
 
     for (let status in sortedStatuses) {
       // If we've encountered an error for this entry (other than the site not
@@ -289,56 +303,8 @@ function output(sortedStatuses, currentList) {
       return true;
     });
 
-    // Resolve whether we should include subdomains for each entry.  We could
-    // do this while writing out entries, but separating out that decision is
-    // clearer.  Making that decision here also means we can write the choices
-    // in the comments in the static string table, which makes parsing the
-    // current list significantly easier when we go to update the list.
-    for (let status of includedStatuses) {
-      let incSubdomainsBool = (status.forceInclude && status.error != ERROR_NONE
-                               ? status.originalIncludeSubdomains
-                               : status.includeSubdomains);
-      status.finalIncludeSubdomains = incSubdomainsBool;
-    }
-
-    writeTo("\nstatic const char kSTSHostTable[] = {\n", fos);
-    var indices = {};
-    var currentIndex = 0;
-    for (let status of includedStatuses) {
-      indices[status.name] = currentIndex;
-      // Add 1 for the null terminator in C.
-      currentIndex += status.name.length + 1;
-      // Rebuilding the preload list requires reading the previous preload
-      // list.  Write out a comment describing each host prior to writing out
-      // the string for the host.
-      writeTo("  /* \"" + status.name + "\", " +
-              (status.finalIncludeSubdomains ? "true" : "false") + " */ ",
-              fos);
-      // Write out the string itself as individual characters, including the
-      // null terminator.  We do it this way rather than using C's string
-      // concatentation because some compilers have hardcoded limits on the
-      // lengths of string literals, and the preload list is large enough
-      // that it runs into said limits.
-      for (let c of status.name) {
-	writeTo("'" + c + "', ", fos);
-      }
-      writeTo("'\\0',\n", fos);
-    }
-    writeTo("};\n", fos);
-
-    const PREFIX = "\n" +
-      "struct nsSTSPreload\n" +
-      "{\n" +
-      "  const uint32_t mHostIndex : 31;\n" +
-      "  const uint32_t mIncludeSubdomains : 1;\n" +
-      "};\n" +
-      "\n" +
-      "static const nsSTSPreload kSTSPreloadList[] = {\n";
-    const POSTFIX = "};\n";
-
-    writeTo(PREFIX, fos);
-    for (let status of includedStatuses) {
-      writeEntry(status, indices, fos);
+    for (var status of includedStatuses) {
+      writeEntry(status, fos);
     }
     writeTo(POSTFIX, fos);
     FileUtils.closeSafeFileOutputStream(fos);
@@ -404,17 +370,9 @@ function readCurrentList(filename) {
               .createInstance(Ci.nsILineInputStream);
   fis.init(file, -1, -1, Ci.nsIFileInputStream.CLOSE_ON_EOF);
   var line = {};
-  // While we generate entries matching the version 2 format (see bug 1255425
-  // for details), we still need to be able to read entries in the version 1
-  // format for bootstrapping a version 2 preload list from a version 1
-  // preload list.  Hence these two regexes.
-  var v1EntryRegex = /  { "([^"]*)", (true|false) },/;
-  var v2EntryRegex = /  \/\* "([^"]*)", (true|false) \*\//;
+  var entryRegex = /  { "([^"]*)", (true|false) },/;
   while (fis.readLine(line)) {
-    var match = v1EntryRegex.exec(line.value);
-    if (!match) {
-      match = v2EntryRegex.exec(line.value);
-    }
+    var match = entryRegex.exec(line.value);
     if (match) {
       currentHosts[match[1]] = (match[2] == "true");
     }