Cope with hashed Add-on IDs in the CN field

RESOLVED FIXED in Firefox 43

Status

()

defect
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: andy+bugzilla, Assigned: mossop)

Tracking

unspecified
mozilla44
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox43+ fixed, firefox44+ fixed)

Details

Attachments

(1 attachment)

Reporter

Description

4 years ago
As per bug 1201176, when the addon ID is longer than 64 chars it will be hashed in the CN field. Which means the signature will be invalid. When installing the addon and performing this check on the CN field Firefox will need to hash the ID and then compare the value.

The hash is being done on AMO side in bug 1203365.
No longer blocks: 1203915
See Also: → 1203915
Reporter

Comment 1

4 years ago
We don't have anyone yet to work on this, would you be able to work on this for 43?
Flags: needinfo?(dtownsend)
(In reply to Andy McKay [:andym] from comment #1)
> We don't have anyone yet to work on this, would you be able to work on this
> for 43?

Yes this is pretty straightforward, I just need to figure out how to get a testcase
Assignee: nobody → dtownsend
Flags: needinfo?(dtownsend)
Assignee

Updated

4 years ago
Depends on: 1206148
Posted patch patchSplinter Review
This hashes the add-on ID before comparing to the common name if the ID is longer than 64 characters. The test includes 5 add-ons:

long_63_plain.xpi: ID is 63 characters long, the common name is the plain ID
long_63_hash.xpi: ID is 63 characters long, the common name is the hashed ID
long_64_plain.xpi: ID is 64 characters long, the common name is the plain ID
long_64_hash.xpi: ID is 64 characters long, the common name is the hashed ID
long_65_hash.xpi: ID is 65 characters long, the common name is the hashed ID
Attachment #8663080 - Flags: review?(dveditz)
Comment on attachment 8663080 [details] [diff] [review]
patch

Review of attachment 8663080 [details] [diff] [review]:
-----------------------------------------------------------------

r=dveditz
Attachment #8663080 - Flags: review?(dveditz) → review+
https://hg.mozilla.org/mozilla-central/rev/201ca50802b2
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
Reporter

Comment 7

4 years ago
Comment on attachment 8663080 [details] [diff] [review]
patch

Approval Request Comment
[Feature/regressing bug #]: 1201176
[User impact if declined]: Multiple add-ons will fail on Firefox 43 when signing is turned on.
[Describe test coverage new/current, TreeHerder]:
[Risks and why]: Seems low risk.
[String/UUID change made/needed]: none (I believe)
Attachment #8663080 - Flags: approval-mozilla-aurora?
Comment on attachment 8663080 [details] [diff] [review]
patch

Approved for uplift to aurora. Good to do since we accept long GUIDs again.
Attachment #8663080 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.