commit 028e311e8bfc367487896ae2215f612e78c94403
parent 33a9da90d282e6a2341acbd645dae9c81b734ce6
Author: Benjamin VanderSloot <bvandersloot@mozilla.com>
Date: Tue, 7 Oct 2025 05:53:38 +0000
Bug 1971433 - Convert Certificates section to config-based prefs - r=emz,fluent-reviewers,hjones,bolsson
Differential Revision: https://phabricator.services.mozilla.com/D266714
Diffstat:
7 files changed, 133 insertions(+), 93 deletions(-)
diff --git a/browser/components/preferences/main.js b/browser/components/preferences/main.js
@@ -1366,6 +1366,43 @@ let SETTINGS_CONFIG = {
},
],
},
+ certificates: {
+ l10nId: "certs-description2",
+ supportPage: "secure-website-certificate",
+ headingLevel: 2,
+ items: [
+ {
+ id: "certificateButtonGroup",
+ control: "moz-box-group",
+ items: [
+ {
+ id: "viewCertificatesButton",
+ l10nId: "certs-view",
+ control: "moz-box-button",
+ controlAttrs: {
+ "search-l10n-ids":
+ "certmgr-tab-mine.label,certmgr-tab-people.label,certmgr-tab-servers.label,certmgr-tab-ca.label,certmgr-mine,certmgr-people,certmgr-server,certmgr-ca,certmgr-cert-name.label,certmgr-token-name.label,certmgr-view.label,certmgr-export.label,certmgr-delete.label",
+ },
+ },
+ {
+ id: "viewSecurityDevicesButton",
+ l10nId: "certs-devices",
+ control: "moz-box-button",
+ controlAttrs: {
+ "search-l10n-ids":
+ "devmgr-window.title,devmgr-devlist.label,devmgr-header-details.label,devmgr-header-value.label,devmgr-button-login.label,devmgr-button-logout.label,devmgr-button-changepw.label,devmgr-button-load.label,devmgr-button-unload.label,certs-devices-enable-fips",
+ },
+ },
+ ],
+ },
+
+ {
+ id: "certEnableThirdPartyToggle",
+ l10nId: "certs-thirdparty-toggle",
+ supportPage: "automatically-trust-third-party-certificates",
+ },
+ ],
+ },
browsingProtection: {
items: [
{
diff --git a/browser/components/preferences/privacy.inc.xhtml b/browser/components/preferences/privacy.inc.xhtml
@@ -1050,66 +1050,7 @@
<!-- Certificates -->
<groupbox id="certSelection" data-category="panePrivacy" hidden="true">
- <label><html:h2 data-l10n-id="certs-header"/></label>
- <hbox align="start">
- <vbox data-subcategory="certs" flex="1">
- <description id="certsDescription" class="description-deemphasized" data-l10n-id="certs-description"/>
- <html:a is="moz-support-link"
- class="learnMore"
- support-page="secure-website-certificate"
- />
- </vbox>
- <vbox align="end">
- <button id="viewCertificatesButton"
- is="highlightable-button"
- class="accessory-button"
- data-l10n-id="certs-view"
- preference="security.disable_button.openCertManager"
- search-l10n-ids="
- certmgr-tab-mine.label,
- certmgr-tab-people.label,
- certmgr-tab-servers.label,
- certmgr-tab-ca.label,
- certmgr-mine,
- certmgr-people,
- certmgr-server,
- certmgr-ca,
- certmgr-cert-name.label,
- certmgr-token-name.label,
- certmgr-view.label,
- certmgr-export.label,
- certmgr-delete.label
- "/>
- <button id="viewSecurityDevicesButton"
- is="highlightable-button"
- class="accessory-button"
- data-l10n-id="certs-devices"
- preference="security.disable_button.openDeviceManager"
- search-l10n-ids="
- devmgr-window.title,
- devmgr-devlist.label,
- devmgr-header-details.label,
- devmgr-header-value.label,
- devmgr-button-login.label,
- devmgr-button-logout.label,
- devmgr-button-changepw.label,
- devmgr-button-load.label,
- devmgr-button-unload.label
- "/>
- </vbox>
- </hbox>
-
- <hbox id="certEnableThirdPartyToggleBox" align="center">
- <checkbox id="certEnableThirdPartyToggle"
- data-l10n-id="certs-thirdparty-toggle"
- preference="security.enterprise_roots.enabled"
- class="tail-with-learn-more"
- />
- <html:a is="moz-support-link"
- class="learnMore"
- support-page="automatically-trust-third-party-certificates"
- />
- </hbox>
+ <html:setting-group groupid="certificates"></html:setting-group>
</groupbox>
<!-- HTTPS-ONLY Mode -->
diff --git a/browser/components/preferences/privacy.js b/browser/components/preferences/privacy.js
@@ -1765,6 +1765,52 @@ Preferences.addSetting({
},
});
+Preferences.addSetting({
+ id: "certificateButtonGroup",
+});
+Preferences.addSetting({
+ id: "disableOpenCertManager",
+ pref: "security.disable_button.openCertManager",
+});
+Preferences.addSetting({
+ id: "disableOpenDeviceManager",
+ pref: "security.disable_button.openDeviceManager",
+});
+Preferences.addSetting({
+ id: "viewCertificatesButton",
+ deps: ["disableOpenCertManager"],
+ disabled: deps => {
+ return deps.disableOpenCertManager.value;
+ },
+ onUserClick: () => {
+ gPrivacyPane.showCertificates();
+ },
+});
+Preferences.addSetting({
+ id: "viewSecurityDevicesButton",
+ deps: ["disableOpenDeviceManager"],
+ disabled: deps => {
+ return deps.disableOpenDeviceManager.value;
+ },
+ onUserClick: () => {
+ gPrivacyPane.showSecurityDevices();
+ },
+});
+Preferences.addSetting({
+ id: "certEnableThirdPartyToggle",
+ pref: "security.enterprise_roots.enabled",
+ visible: () => {
+ // Third-party certificate import is only implemented for Windows and Mac,
+ // and we should not expose this as a user-configurable setting if there's
+ // an enterprise policy controlling it (either to enable _or_ disable it).
+ return (
+ (AppConstants.platform == "win" || AppConstants.platform == "macosx") &&
+ typeof Services.policies.getActivePolicies()?.Certificates
+ ?.ImportEnterpriseRoots == "undefined"
+ );
+ },
+});
+
function setEventListener(aId, aEventType, aCallback) {
document
.getElementById(aId)
@@ -1958,19 +2004,6 @@ var gPrivacyPane = {
exceptionListService.maybeMigrateCategoryPrefs();
},
- _initThirdPartyCertsToggle() {
- // Third-party certificate import is only implemented for Windows and Mac,
- // and we should not expose this as a user-configurable setting if there's
- // an enterprise policy controlling it (either to enable _or_ disable it).
- let canConfigureThirdPartyCerts =
- (AppConstants.platform == "win" || AppConstants.platform == "macosx") &&
- typeof Services.policies.getActivePolicies()?.Certificates
- ?.ImportEnterpriseRoots == "undefined";
-
- document.getElementById("certEnableThirdPartyToggleBox").hidden =
- !canConfigureThirdPartyCerts;
- },
-
get dnsOverHttpsResolvers() {
let providers = DoHConfigController.currentConfig.providerList;
// if there's no default, we'll hold its position with an empty string
@@ -2368,6 +2401,7 @@ var gPrivacyPane = {
initSettingGroup("httpsOnly");
initSettingGroup("browsingProtection");
initSettingGroup("cookiesAndSiteData");
+ initSettingGroup("certificates");
this.initNonTechnicalPrivacySection();
@@ -2385,7 +2419,6 @@ var gPrivacyPane = {
this.networkCookieBehaviorReadPrefs();
this._initTrackingProtectionExtensionControl();
this._ensureTrackingProtectionExceptionListMigration();
- this._initThirdPartyCertsToggle();
this._initProfilesInfo();
Preferences.get("privacy.trackingprotection.enabled").on(
@@ -2482,16 +2515,6 @@ var gPrivacyPane = {
"command",
gPrivacyPane.showAddonExceptions
);
- setEventListener(
- "viewCertificatesButton",
- "command",
- gPrivacyPane.showCertificates
- );
- setEventListener(
- "viewSecurityDevicesButton",
- "command",
- gPrivacyPane.showSecurityDevices
- );
this._pane = document.getElementById("panePrivacy");
@@ -2634,14 +2657,9 @@ var gPrivacyPane = {
}
let signonBundle = document.getElementById("signonBundle");
- let pkiBundle = document.getElementById("pkiBundle");
appendSearchKeywords("showPasswords", [
signonBundle.getString("loginsDescriptionAll2"),
]);
- appendSearchKeywords("viewSecurityDevicesButton", [
- pkiBundle.getString("enable_fips"),
- ]);
-
if (!PrivateBrowsingUtils.enabled) {
document.getElementById("privateBrowsingAutoStart").hidden = true;
document.querySelector("menuitem[value='dontremember']").hidden = true;
diff --git a/browser/components/preferences/widgets/setting-group/setting-group.mjs b/browser/components/preferences/widgets/setting-group/setting-group.mjs
@@ -14,6 +14,7 @@ const CLICK_HANDLERS = new Set([
"moz-box-item",
"moz-box-link",
"moz-button",
+ "moz-box-group",
]);
export class SettingGroup extends MozLitElement {
@@ -90,6 +91,7 @@ export class SettingGroup extends MozLitElement {
return html`<moz-fieldset
data-l10n-id=${ifDefined(this.config.l10nId)}
.headingLevel=${this.config.headingLevel}
+ .supportPage=${ifDefined(this.config.supportPage)}
@change=${this.onChange}
@click=${this.onClick}
>${this.config.items.map(item => this.itemTemplate(item))}</moz-fieldset
diff --git a/browser/locales/en-US/browser/preferences/preferences.ftl b/browser/locales/en-US/browser/preferences/preferences.ftl
@@ -1581,9 +1581,9 @@ security-block-uncommon-software =
## Privacy Section - Certificates
-certs-header = Certificates
-
-certs-description = Configure the certificates that { -brand-short-name } uses for authentication.
+certs-description2 =
+ .label = Certificates
+ .description = Configure the certificates that { -brand-short-name } uses for authentication.
certs-view =
.label = View Certificates…
@@ -1597,6 +1597,8 @@ certs-thirdparty-toggle =
.label = Allow { -brand-short-name } to automatically trust third-party root certificates you install
.accesskey = t
+certs-devices-enable-fips = Enable FIPS
+
space-alert-over-5gb-settings-button =
.label = Open Settings
.accesskey = O
diff --git a/python/l10n/fluent_migrations/bug_1971433_preferences.py b/python/l10n/fluent_migrations/bug_1971433_preferences.py
@@ -0,0 +1,39 @@
+# Any copyright is dedicated to the Public Domain.
+# http://creativecommons.org/publicdomain/zero/1.0/
+
+import fluent.syntax.ast as FTL
+from fluent.migrate import COPY_PATTERN
+from fluent.migrate.transforms import COPY
+from fluent.migrate.helpers import transforms_from
+
+
+def migrate(ctx):
+ """Bug 1971433 - Convert Certificates section to config-based prefs - part {index}"""
+
+ # part 1, migrate a legacy string
+ source = "security/manager/chrome/pippki/pippki.properties"
+ target = "browser/browser/preferences/preferences.ftl"
+ ctx.add_transforms(
+ target,
+ target,
+ [
+ FTL.Message(
+ id=FTL.Identifier("certs-devices-enable-fips"),
+ value=COPY(source, "enable_fips"),
+ )
+ ],
+ )
+
+ # part 2, restructure existing strings
+ ctx.add_transforms(
+ target,
+ target,
+ transforms_from(
+ """
+certs-description2 =
+ .label = {COPY_PATTERN(from_path, "certs-header")}
+ .description = {COPY_PATTERN(from_path, "certs-description")}
+""",
+ from_path=target,
+ ),
+ )
diff --git a/security/manager/locales/en-US/chrome/pippki/pippki.properties b/security/manager/locales/en-US/chrome/pippki/pippki.properties
@@ -2,6 +2,8 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+# FTL path: browser/locales/en-US/browser/preferences/preferences.ftl
+
# Download Cert dialog
# LOCALIZATION NOTE(newCAMessage1):
# %S is a string representative of the certificate being downloaded/imported.
@@ -31,4 +33,3 @@ pageInfo_CertificateTransparency_Compliant=This website complies with the Certif
# Token Manager
password_not_set=(not set)
-enable_fips=Enable FIPS
