Asynchronous Experiment/WebExtension communication incompatible with XPCOM overrides?

Jeremy Rand jeremyrand at airmail.cc
Fri Aug 4 02:46:59 UTC 2017


Shane Caraveo:
> On 8/3/17 12:28 PM, Jeremy Rand wrote:
>> Andrew Swan:
>>> On Mon, Jul 31, 2017 at 2:30 AM, Jeremy Rand <jeremyrand at airmail.cc>
>>> wrote:
>>>
>>>> I'm trying to build a WebExtensions Experiment that overrides an XPCOM
>>>> contract with a custom implementation.  The custom implementation of
>>>> the
>>>> XPCOM contract is intended to call a function in a WebExtension, and
>>>> use
>>>> the return value to decide what the XPCOM contract function
>>>> implementation should return.
>>>>
>>>> Unfortunately, based on my testing, it looks like whenever an
>>>> Experiment
>>>> calls a function in a WebExtension, the thing that gets returned is
>>>> actually a Promise rather than the raw value.  Furthermore, it looks
>>>> like the XPCOM contract that I'm overriding isn't designed to process a
>>>> Promise properly as a return value, so the WebExtension can't actually
>>>> influence what the XPCOM contract function returns.
> 
> What is the xpcom interface you're using?  What exactly are you attempting?

Hi Shane,

I want to expose an API to WebExtensions that hooks certificate
validation, sends encountered certs that are untrusted to the
WebExtensions that consume this API, and allows those WebExtensions to
override the "untrusted cert" error.  The high-level intention here is
to facilitate experimenting with alternative cert validation methods
that operate on self-signed certificates, such as perspective
validation, DNSSEC/DANE, and Namecoin.

The approach I'm taking is to replace the implementation of the
"@mozilla.org/security/certoverride;1" contract with a Javascript
implementation.  My implementation proxies all of the contract's methods
to the standard Mozilla implementation of that contract, but adds some
extra code to the "hasMatchingOverride" method, which passes any
untrusted cert to a WebExtension for evaluation, and if the WebExtension
considers the cert to be trustworthy, my "hasMatchingOverride"
implementation returns an override.

Unfortunately, this approach seems to be unworkable since the contract
method that I'm messing with is synchronous-only, and the communication
between the API WebExtensions Experiment and the WebExtensions that do
the cert validation is asynchronous-only.

Are you aware of any alternative approach for this use case that
wouldn't require C++ work?

Cheers,
-- 
-Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://mail.mozilla.org/pipermail/dev-addons/attachments/20170804/94ce3b58/attachment.sig>


More information about the Dev-addons mailing list