1046320 - Add idl to set up public key pins to PublicKeyPinningService

Status: RESOLVED DUPLICATE of bug 787133

(Core :: Security: PSM, defect)

Description

[Camilo Viecco (:cviecco)]

This bug is to add an idl to and a memory only store PublicKeyPinningService so that public key pins can be added via xpcom calls. The store must be thread safe.

Comment 1

[Camilo Viecco (:cviecco)]

Attachment: add-pkservice-idl

Comment 2

[Camilo Viecco (:cviecco)]

Comment on attachment 8466465 [details] [diff] [review]
add-pkservice-idl

Review of attachment 8466465 [details] [diff] [review]:
-----------------------------------------------------------------

So I was thinking about this interface. What do you think (maybe the insert is redundant?)

Comment 3

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Comment on attachment 8466465 [details] [diff] [review]
add-pkservice-idl

Review of attachment 8466465 [details] [diff] [review]:
-----------------------------------------------------------------

Why not just use nsISiteSecurityService? It already can parse headers similar to HPKP.

Comment 4

[Camilo Viecco (:cviecco)]

(In reply to David Keeler (:keeler) [use needinfo?] from comment #3)
> Comment on attachment 8466465 [details] [diff] [review]
> add-pkservice-idl
> 
> Review of attachment 8466465 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> Why not just use nsISiteSecurityService? It already can parse headers
> similar to HPKP.

Because this inferface is specific to public pins and I am no interested in parsing at this
moment. Also, nsISiteSecurityService is not thread safe (to my understanding) for accesing its
information as it currently uses the site preferences.