Closed Bug 1021345 Opened 10 years ago Closed 10 years ago

Allow apps to be installed from the Marketplace staging server

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla34

People

(Reporter: keeler, Assigned: marco, NeedInfo)

References

Details

Attachments

(1 file)

Patch
673.13 KB, patch
fabrice
: review+
Details | Diff | Splinter Review 
The certificates in question are marketplace-dev-public.crt, marketplace-dev-reviewers.crt, marketplace-prod-public.crt, and marketplace-prod-reviewers.crt in https://mxr.mozilla.org/mozilla-central/source/security/apps/
Is it possible to include certs for stage as well? Certs should be at https://www.dropbox.com/s/agkljpkh8fia2em/marketplace-stage.cert.tar.gz
Flags: needinfo?(dkeeler)
Sure it is possible, but esides the cert we also need an origin for these services in order to change:
https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm#3192.

Also, do you know how are the private keys for these certs being managed?
Flags: needinfo?(dkeeler) → needinfo?(krupa.mozbugs)
(In reply to Camilo Viecco (:cviecco) from comment #2)
> Sure it is possible, but esides the cert we also need an origin for these
> services in order to change:
> https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm#3192.
> 
> Also, do you know how are the private keys for these certs being managed?

cc'ing jason since he generated most of the certs for marketplace.
Flags: needinfo?(krupa.mozbugs) → needinfo?(jthomas)
Could you also provide the marketplace dev certs? I think the certs we have in the tree are just placeholders.
To summarize, we need the certs for dev (both public and reviewers) and for stage (both public and reviewers). We also need an origin for stage (is it "marketplace.allizom.org"?).
(In reply to Marco Castelluccio [:marco] from comment #4)
> Could you also provide the marketplace dev certs? I think the certs we have
> in the tree are just placeholders.

are we sure that's the reason?

The marketplace-dev reviewer cert that we have to use on pre-2.0 versions of FxOS is:
https://github.com/mozilla/marketplace-certs/blob/master/marketplace-dev-reviewers-root.der
and the mxr file is identical:
https://mxr.mozilla.org/mozilla-central/source/security/apps/marketplace-dev-reviewers.crt
You're right, the reviewers certificate is correct.
Is that certificate used on marketplace.allizom.org or on marketplace-dev.allizom.org?
Right now we're trusting the certificate only if the origin is "https://marketplace-dev.allizom.org".
Flags: needinfo?(awilliamson)
(In reply to Marco Castelluccio [:marco] from comment #8)
> You're right, the reviewers certificate is correct.
> Is that certificate used on marketplace.allizom.org or on
> marketplace-dev.allizom.org?
> Right now we're trusting the certificate only if the origin is
> "https://marketplace-dev.allizom.org".

the certificate is for marketplace-dev - I'm not sure about reviewers on marketplace stage, or if one even exists.

But I can't make the marketplace-dev one work either in Nightly or Aurora desktop.
Flags: needinfo?(awilliamson)
I've just built a test to verify the installation of apps from marketplace-dev (see bug 1040179). It doesn't test reviewer certificates, but it does test the public ones.

To enable installing from https://marketplace-dev.allizom.org you need to:
1) Set dom.mozApps.use_reviewer_certs to true
2) Add the domain to dom.mozApps.signed_apps_installable_from

In production, you don't need step 2.
(In reply to Marco Castelluccio [:marco] from comment #10)
> I've just built a test to verify the installation of apps from
> marketplace-dev (see bug 1040179). It doesn't test reviewer certificates,
> but it does test the public ones.
> 
> To enable installing from https://marketplace-dev.allizom.org you need to:
> 1) Set dom.mozApps.use_reviewer_certs to true
> 2) Add the domain to dom.mozApps.signed_apps_installable_from
> 
> In production, you don't need step 2.

just to be clear: I can install from public pages on -dev; I can install from public and reviewer pages on production; I can't install from reviewer pages on -dev.  (I've not tested stage)
OK, so the certificate in our tree and the certificate you pointed to on GitHub are the same, but they're both wrong.
Their issuer is "MarketplaceTest2 Corporation", the issuer of the certificate used to sign unreviewed apps on marketplace-dev is "ExampllaReviewer Corporation".
hmm.  I wonder who is using the 'correct' certificates.  Jason might know.
All environment public root certificates for app signing should be on github https://github.com/mozilla/marketplace-certs/. I believe we used 'Examplla*' CommonName and 'MarketplaceTest* Issuer to differentiate the dev certs from prod. Bug 793876 for the script we used for creation of -dev certs.

If we are having issues with -dev reviewer app signing certs due to the Issuer and CommonName I believe we can just recreate the certs with the correct Issuer and CommonName (please provide) and resign devs apps as needed.
Flags: needinfo?(jthomas)
I think there's no need to resign all the apps, we just need the cert you're actually using (it isn't the cert on github).
So, once you've decided what you want to use, just attach the public certificate here and I'll test it and land it in mozilla-central.
I don't know the technical background around what certs were used an why, but wouldn't it be easier to swap out the certificate used on Marketplace-dev (and resign all the apps) than replace the one bundled in gecko?
(In reply to Andrew Williamson [:eviljeff] from comment #16)
> I don't know the technical background around what certs were used an why,
> but wouldn't it be easier to swap out the certificate used on
> Marketplace-dev (and resign all the apps) than replace the one bundled in
> gecko?

Replacing is pretty easy (we just need to overwrite the old file), but it will only work for versions >= Nightly. Resigning all the apps means supporting all Firefox versions.
(In reply to Marco Castelluccio [:marco] from comment #17)
> (In reply to Andrew Williamson [:eviljeff] from comment #16)
> > I don't know the technical background around what certs were used an why,
> > but wouldn't it be easier to swap out the certificate used on
> > Marketplace-dev (and resign all the apps) than replace the one bundled in
> > gecko?
> 
> Replacing is pretty easy (we just need to overwrite the old file), but it
> will only work for versions >= Nightly. Resigning all the apps means
> supporting all Firefox versions.

I'd go for replacing and resigning on Marketplace then.
See Also: → 1042006
(In reply to Andrew Williamson [:eviljeff] from comment #18)
> (In reply to Marco Castelluccio [:marco] from comment #17)
> > (In reply to Andrew Williamson [:eviljeff] from comment #16)
> > > I don't know the technical background around what certs were used an why,
> > > but wouldn't it be easier to swap out the certificate used on
> > > Marketplace-dev (and resign all the apps) than replace the one bundled in
> > > gecko?
> > 
> > Replacing is pretty easy (we just need to overwrite the old file), but it
> > will only work for versions >= Nightly. Resigning all the apps means
> > supporting all Firefox versions.
> 
> I'd go for replacing and resigning on Marketplace then.

OK, I filed bug 1042006 to do so.

So this bug is just about adding the certificates for the staging server and adding the staging server domain to the admitted origins.
On GitHub there's only https://github.com/mozilla/marketplace-certs/blob/master/marketplace-stage-public-root.der and not the reviewer one. Who could provide it?
What is the domain of the staging server?
Summary: ensure that we have the right dev, staging, and production certs for marketplace checked in to the tree → Allow apps to be installed from the Marketplace staging server
(In reply to Marco Castelluccio [:marco] from comment #19)
> (In reply to Andrew Williamson [:eviljeff] from comment #18)
> > (In reply to Marco Castelluccio [:marco] from comment #17)
> > > (In reply to Andrew Williamson [:eviljeff] from comment #16)
> > > > I don't know the technical background around what certs were used an why,
> > > > but wouldn't it be easier to swap out the certificate used on
> > > > Marketplace-dev (and resign all the apps) than replace the one bundled in
> > > > gecko?
> > > 
> > > Replacing is pretty easy (we just need to overwrite the old file), but it
> > > will only work for versions >= Nightly. Resigning all the apps means
> > > supporting all Firefox versions.
> > 
> > I'd go for replacing and resigning on Marketplace then.
> 
> OK, I filed bug 1042006 to do so.
> 
> So this bug is just about adding the certificates for the staging server and
> adding the staging server domain to the admitted origins.
> On GitHub there's only
> https://github.com/mozilla/marketplace-certs/blob/master/marketplace-stage-
> public-root.der and not the reviewer one. Who could provide it?

Jason?

> What is the domain of the staging server?

stage: marketplace.allizom.org
Flags: needinfo?(jthomas)
https://github.com/mozilla/marketplace-certs/blob/master/marketplace-stage-public-root.der is for both app and reviewer signing.
Flags: needinfo?(jthomas)
Attached patch PatchSplinter Review 

        Attachment #8460353 -
        Flags: review?(fabrice)

    
    

    
  
Comment on attachment 8460353 [details] [diff] [review]
Patch

Review of attachment 8460353 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with nit fixed.

::: security/manager/ssl/public/nsIX509CertDB.idl
@@ +299,5 @@
>    const AppTrustedRoot AppMarketplaceProdReviewersRoot = 2;
>    const AppTrustedRoot AppMarketplaceDevPublicRoot = 3;
>    const AppTrustedRoot AppMarketplaceDevReviewersRoot = 4;
> +  const AppTrustedRoot AppMarketplaceStageRoot = 5;
> +  const AppTrustedRoot AppXPCShellRoot = 6;

please change the UUID of the interface.

        Attachment #8460353 -
        Flags: review?(fabrice) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/8439b6d7bd2a
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla34

    
    

    
  
Krupa, is this something you might want to (and be set up to) test? Thanks!
QA Whiteboard: [qa+]
Flags: needinfo?(krupa.mozbugs)

    
    

    
  
On 34.0a1, packaged app installs still fail on stage.

build identifier: 20140804040204
git commit info: 2014-08-01 5fd14b8b

8-04 19:46:55.852 E/GeckoConsole( 1108): Content JS LOG at https://marketplace.allizom.org/iframe-install.html/:129 in installPackage/installRequest.onsuccess: [iframe-install] App install request for Stage
08-04 19:46:55.862 E/GeckoConsole(  305): Content JS LOG at app://system.gaiamobile.org/js/app_usage_metrics.js:92 in debug: [AppUsage] https://marketplace.allizom.org/app/e6a59937-29e4-456a-b636-b69afa8693b4/manifest.webapp installed
08-04 19:46:56.012 I/Gecko   (  305): RemoteOpenFileParent: file '/data/local/webapps/{b9b415b9-3bd2-4f7f-a213-6696374117e4}/application.zip' was not found!
08-04 19:46:56.012 I/Gecko   ( 1070): IPDL protocol error: [PRemoteOpenFileChild] Received an invalid file descriptor!
08-04 19:46:56.062 E/GeckoConsole( 1070): Content JS ERROR at app://verticalhome.gaiamobile.org/gaia_build_defer_index.js:397 in GridItem.prototype.doRenderIcon/<: Error fetching icon Error: Error while HTTP GET: 
08-04 19:46:56.312 I/GeckoDump(  305): XXX FIXME : Got a mozContentEvent: inputmethod-update-layouts
08-04 19:46:57.182 E/GeckoConsole(  305): Content JS INFO at app://system.gaiamobile.org/js/app_install_manager.js:356 in ai_handleDownloadError: downloadError event, error code is INVALID_SIGNATURE
08-04 19:46:57.272 E/GeckoConsole( 1108): Content JS LOG at https://marketplace.allizom.org/iframe-install.html/:145 in installPackage/installRequest.onsuccess/installRequest.result.ondownloaderror: [iframe-install] App download error: INVALID_SIGNATURE
08-04 19:46:57.272 E/GeckoConsole( 1108): Content JS LOG at https://marketplace-stage.cdn.mozilla.net/media/fireplace/js/include.js?b=1406925514345:6 in s/<: [installer] Received message from iframe installer (install-package)
08-04 19:46:57.272 E/GeckoConsole( 1108): Content JS LOG at https://marketplace-stage.cdn.mozilla.net/media/fireplace/js/include.js?b=1406925514345:6 in s/<: [installer] iframe install failed: INVALID_SIGNATURE
Status: RESOLVED → REOPENED
Flags: needinfo?(krupa.mozbugs)
Resolution: FIXED → ---

    
    

    
  
Mmmh, we have a test using three apps downloaded from marketplace.allizom.org: http://mxr.mozilla.org/mozilla-central/source/dom/apps/tests/test_marketplace_pkg_install.html?force=1

    
    

    
  
(In reply to Marco Castelluccio [:marco] from comment #28)
> Mmmh, we have a test using three apps downloaded from
> marketplace.allizom.org:
> http://mxr.mozilla.org/mozilla-central/source/dom/apps/tests/
> test_marketplace_pkg_install.html?force=1

hrm, that's odd. I tried installing the same packaged apps after manually installing certs and the installs worked. I can try again tomorrow  with a fresh build.

    
    

    
  
I tried to install a hosted and a packaged app on my Android phone, and got the following error "App install error: 0-" http://screencast.com/t/sakLbNJDK and the apps were not installed, and tried on Android tablet, the apps were installed, but I got the following error "INVALID_SIGNATURE". Both devices have Android 4.2.1. 

I have also modified the browser.webapps.apkFactoryUrl to https://apk-controller.stage.mozaws.net/application.apk in about:config, and I have installed the latest Nightly. 

Is this the same issue or should I file a new bug?

    
    

    
  
I investigated same scenario as in comment from above on my Android device (Galaxy S3, Android 4.3) and I was able to install both hosted and packaged apps, but I received same error as Iulian(INVALID_SIGNATURE) only for packaged apps.

    
    

    
  
(In reply to Iulian Timis from comment #30)
> I tried to install a hosted and a packaged app on my Android phone, and got
> the following error "App install error: 0-"
> http://screencast.com/t/sakLbNJDK and the apps were not installed, and tried
> on Android tablet, the apps were installed, but I got the following error
> "INVALID_SIGNATURE". Both devices have Android 4.2.1. 
> 
> I have also modified the browser.webapps.apkFactoryUrl to
> https://apk-controller.stage.mozaws.net/application.apk in about:config, and
> I have installed the latest Nightly. 
> 
> Is this the same issue or should I file a new bug?

Austin, do you think this is the same issue or not?
Flags: needinfo?(ozten.bugs)

    
    

    
  
I am receiving the INVALID_SIGNATURE error on Flame (FFOS 2.1) for packaged apps and the apps are NOT installed.

    
    

    
  
Are you sure you're both setting "dom.mozApps.use_reviewers_certs" to true and adding https://marketplace.allizom.org/ to the list in the "dom.mozApps.signed_apps_installable_from" pref?

    
    

    
  
(In reply to Marco Castelluccio [:marco] from comment #34)
> Are you sure you're both setting "dom.mozApps.use_reviewers_certs" to true
> and adding https://marketplace.allizom.org/ to the list in the
> "dom.mozApps.signed_apps_installable_from" pref?

Yes, I have done the above settings but I'm still getting the same behavior described in comment 30

    
    

    
  
Krupa, can you test again?
Flags: needinfo?(krupa.mozbugs)

    
    

    
  
platform version:30.0 (20140820000202) 4f92950e

08-20 12:51:45.269 E/GeckoConsole(  135): Content JS INFO at app://system.gaiamobile.org/js/app_install_manager.js:355 in ai_handleDownloadError: downloadError event, error code is INVALID_SIGNATURE
08-20 12:51:45.389 E/GeckoConsole(  533): Content JS LOG at https://marketplace.allizom.org/iframe-install.html/:153 in installPackage/installRequest.onsuccess/installRequest.result.ondownloaderror: [iframe-install] App download error: INVALID_SIGNATURE
08-20 12:51:45.389 E/GeckoConsole(  533): Content JS LOG at app://packaged.marketplace.allizom.org/media/js/include.js:6 in s/<: [installer] Received message from iframe installer (install-package)
08-20 12:51:45.399 E/GeckoConsole(  533): Content JS LOG at app://packaged.marketplace.allizom.org/media/js/include.js:6 in s/<: [installer] Received message from iframe installer (install-package)
08-20 12:51:45.399 E/GeckoConsole(  533): Content JS LOG at app://packaged.marketplace.allizom.org/media/js/include.js:6 in s/<: [installer] iframe install failed: INVALID_SIGNATURE
08-20 12:51:45.399 E/GeckoConsole(  533): Content JS LOG at app://packaged.marketplace.allizom.org/media/js/include.js:6 in s/<: [buttons] App install deferred was rejected for  Whatsap Firefox OS Info
08-20 12:51:45.399 E/GeckoConsole(  533): Content JS LOG at app://packaged.marketplace.allizom.org/media/js/include.js:6 in s/<: [buttons] Unsuccessful install for Whatsap Firefox OS Info

iulian, can you try as well?
Flags: needinfo?(krupa.mozbugs) → needinfo?(iulian.timis)

    
    

    
  
I was able to install and launch a packaged app with no issues on my Android 4.2.1 device on FF34.
Flags: needinfo?(iulian.timis)

    
    

    
  
(In reply to Iulian Timis from comment #38)
> I was able to install and launch a packaged app with no issues on my Android
> 4.2.1 device on FF34.

Iulian, can you try the same on firefoxOS, please?
Flags: needinfo?(iulian.timis)

    
    

    
  
I was also able to install a packaged app on FF OS 1.3 (Inari) with no issues.
Flags: needinfo?(iulian.timis)

    
    

    
  
I think it's worth opening a new bug for the issue krupa is seeing.
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED

    
    

    
  
Krupa, I can no longer reproduce this issue, could you please test again in your enviroment? Thank you!
Flags: needinfo?(krupa.mozbugs)

    
  
Flags: needinfo?(krupa.mozbugs)

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: