Background: I am trying to automate the extension Manager using our
own version of firefox / mozilla. What I want to accomplish is
calling the extension manager, asking it to find extensions, and then
install them. How does this involve security? read on:
I have noticed that attempting to use the nsExtensionManager service
from my chrome pages doesn't work due to an obscure certificate
checking error. In nsExtensionManager.js checkcert() there are a
couple of lines:
issuer = issuer.QueryInterface(Ci.nsIX509Cert3);
var tokenNames = issuer.getAllTokenNames({});
When the extension manager is invoked from
chrome://mozapps/content/extensions/extensions.xul
that is launched by clicking on the Tools ->Add ons dialog,
getAllTokenNames() returns a list of valid tokens. However, if the
extension manager is invoked from another context it dies because the
cerificate it is trying to check returns NULL for getAllTokenNames
().
THings I have tried:
1) Invoking the extension manager from a privileged chrome page
20 Invoking the extension manager from a privileged XPCOM component
None of these seem to work. The only way that works is when the
extension UI is invoked directly from firefox (as in Tools -> Addons).
This lead me to thinking that there must be an issue with the security
context. The cerificate checking code uses the securityInfo property
from the channel. I noticed that when the extension manager works
properly the channel.__parent__ property is set to a chrome window.
When the certificate check does not work, I noticed that the
channel.__parent__ property was set to null.
Does the mozilla security architecture rely on the __parent__
property? Any idea how to ensure that the __parent__ property is set
to a valid window (it appears to be read only)? Any other ideas?
Thanks,
Carl
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
