The Tor Browser: comparison toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm

--1:000000000000
+:258c64593b3a
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/**
+* The AddonUpdateChecker is responsible for retrieving the update information
+* from an add-on's remote update manifest.
+*/
+"use strict";
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+const Cu = Components.utils;
+this.EXPORTED_SYMBOLS = [ "AddonUpdateChecker" ];
+const TIMEOUT               = 60 * 1000;
+const PREFIX_NS_RDF         = "http://www.w3.org/1999/02/22-rdf-syntax-ns#";
+const PREFIX_NS_EM          = "http://www.mozilla.org/2004/em-rdf#";
+const PREFIX_ITEM           = "urn:mozilla:item:";
+const PREFIX_EXTENSION      = "urn:mozilla:extension:";
+const PREFIX_THEME          = "urn:mozilla:theme:";
+const TOOLKIT_ID            = "toolkit@mozilla.org"
+const XMLURI_PARSE_ERROR    = "http://www.mozilla.org/newlayout/xml/parsererror.xml"
+const PREF_UPDATE_REQUIREBUILTINCERTS = "extensions.update.requireBuiltInCerts";
+Components.utils.import("resource://gre/modules/Services.jsm");
+Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "AddonManager",
+"resource://gre/modules/AddonManager.jsm");
+XPCOMUtils.defineLazyModuleGetter(this, "AddonRepository",
+"resource://gre/modules/addons/AddonRepository.jsm");
+// Shared code for suppressing bad cert dialogs.
+XPCOMUtils.defineLazyGetter(this, "CertUtils", function certUtilsLazyGetter() {
+let certUtils = {};
+Components.utils.import("resource://gre/modules/CertUtils.jsm", certUtils);
+return certUtils;
+});
+var gRDF = Cc["@mozilla.org/rdf/rdf-service;1"].
+getService(Ci.nsIRDFService);
+Cu.import("resource://gre/modules/Log.jsm");
+const LOGGER_ID = "addons.update-checker";
+// Create a new logger for use by the Addons Update Checker
+// (Requires AddonManager.jsm)
+let logger = Log.repository.getLogger(LOGGER_ID);
+/**
+* A serialisation method for RDF data that produces an identical string
+* for matching RDF graphs.
+* The serialisation is not complete, only assertions stemming from a given
+* resource are included, multiple references to the same resource are not
+* permitted, and the RDF prolog and epilog are not included.
+* RDF Blob and Date literals are not supported.
+*/
+function RDFSerializer() {
+this.cUtils = Cc["@mozilla.org/rdf/container-utils;1"].
+getService(Ci.nsIRDFContainerUtils);
+this.resources = [];
+}
+RDFSerializer.prototype = {
+INDENT: "  ",      // The indent used for pretty-printing
+resources: null,   // Array of the resources that have been found
+/**
+* Escapes characters from a string that should not appear in XML.
+*
+* @param  aString
+*         The string to be escaped
+* @return a string with all characters invalid in XML character data
+*         converted to entity references.
+*/
+escapeEntities: function RDFS_escapeEntities(aString) {
+aString = aString.replace(/&/g, "&amp;");
+aString = aString.replace(/</g, "&lt;");
+aString = aString.replace(/>/g, "&gt;");
+return aString.replace(/"/g, "&quot;");
+},
+/**
+* Serializes all the elements of an RDF container.
+*
+* @param  aDs
+*         The RDF datasource
+* @param  aContainer
+*         The RDF container to output the child elements of
+* @param  aIndent
+*         The current level of indent for pretty-printing
+* @return a string containing the serialized elements.
+*/
+serializeContainerItems: function RDFS_serializeContainerItems(aDs, aContainer,
+aIndent) {
+var result = "";
+var items = aContainer.GetElements();
+while (items.hasMoreElements()) {
+var item = items.getNext().QueryInterface(Ci.nsIRDFResource);
+result += aIndent + "<RDF:li>\n"
+result += this.serializeResource(aDs, item, aIndent + this.INDENT);
+result += aIndent + "</RDF:li>\n"
+}
+return result;
+},
+/**
+* Serializes all em:* (see EM_NS) properties of an RDF resource except for
+* the em:signature property. As this serialization is to be compared against
+* the manifest signature it cannot contain the em:signature property itself.
+*
+* @param  aDs
+*         The RDF datasource
+* @param  aResource
+*         The RDF resource that contains the properties to serialize
+* @param  aIndent
+*         The current level of indent for pretty-printing
+* @return a string containing the serialized properties.
+* @throws if the resource contains a property that cannot be serialized
+*/
+serializeResourceProperties: function RDFS_serializeResourceProperties(aDs,
+aResource,
+aIndent) {
+var result = "";
+var items = [];
+var arcs = aDs.ArcLabelsOut(aResource);
+while (arcs.hasMoreElements()) {
+var arc = arcs.getNext().QueryInterface(Ci.nsIRDFResource);
+if (arc.ValueUTF8.substring(0, PREFIX_NS_EM.length) != PREFIX_NS_EM)
+continue;
+var prop = arc.ValueUTF8.substring(PREFIX_NS_EM.length);
+if (prop == "signature")
+continue;
+var targets = aDs.GetTargets(aResource, arc, true);
+while (targets.hasMoreElements()) {
+var target = targets.getNext();
+if (target instanceof Ci.nsIRDFResource) {
+var item = aIndent + "<em:" + prop + ">\n";
+item += this.serializeResource(aDs, target, aIndent + this.INDENT);
+item += aIndent + "</em:" + prop + ">\n";
+items.push(item);
+}
+else if (target instanceof Ci.nsIRDFLiteral) {
+items.push(aIndent + "<em:" + prop + ">" +
+this.escapeEntities(target.Value) + "</em:" + prop + ">\n");
+}
+else if (target instanceof Ci.nsIRDFInt) {
+items.push(aIndent + "<em:" + prop + " NC:parseType=\"Integer\">" +
+target.Value + "</em:" + prop + ">\n");
+}
+else {
+throw Components.Exception("Cannot serialize unknown literal type");
+}
+}
+}
+items.sort();
+result += items.join("");
+return result;
+},
+/**
+* Recursively serializes an RDF resource and all resources it links to.
+* This will only output EM_NS properties and will ignore any em:signature
+* property.
+*
+* @param  aDs
+*         The RDF datasource
+* @param  aResource
+*         The RDF resource to serialize
+* @param  aIndent
+*         The current level of indent for pretty-printing. If undefined no
+*         indent will be added
+* @return a string containing the serialized resource.
+* @throws if the RDF data contains multiple references to the same resource.
+*/
+serializeResource: function RDFS_serializeResource(aDs, aResource, aIndent) {
+if (this.resources.indexOf(aResource) != -1 ) {
+// We cannot output multiple references to the same resource.
+throw Components.Exception("Cannot serialize multiple references to " + aResource.Value);
+}
+if (aIndent === undefined)
+aIndent = "";
+this.resources.push(aResource);
+var container = null;
+var type = "Description";
+if (this.cUtils.IsSeq(aDs, aResource)) {
+type = "Seq";
+container = this.cUtils.MakeSeq(aDs, aResource);
+}
+else if (this.cUtils.IsAlt(aDs, aResource)) {
+type = "Alt";
+container = this.cUtils.MakeAlt(aDs, aResource);
+}
+else if (this.cUtils.IsBag(aDs, aResource)) {
+type = "Bag";
+container = this.cUtils.MakeBag(aDs, aResource);
+}
+var result = aIndent + "<RDF:" + type;
+if (!gRDF.IsAnonymousResource(aResource))
+result += " about=\"" + this.escapeEntities(aResource.ValueUTF8) + "\"";
+result += ">\n";
+if (container)
+result += this.serializeContainerItems(aDs, container, aIndent + this.INDENT);
+result += this.serializeResourceProperties(aDs, aResource, aIndent + this.INDENT);
+result += aIndent + "</RDF:" + type + ">\n";
+return result;
+}
+}
+/**
+* Parses an RDF style update manifest into an array of update objects.
+*
+* @param  aId
+*         The ID of the add-on being checked for updates
+* @param  aUpdateKey
+*         An optional update key for the add-on
+* @param  aRequest
+*         The XMLHttpRequest that has retrieved the update manifest
+* @return an array of update objects
+* @throws if the update manifest is invalid in any way
+*/
+function parseRDFManifest(aId, aUpdateKey, aRequest) {
+function EM_R(aProp) {
+return gRDF.GetResource(PREFIX_NS_EM + aProp);
+}
+function getValue(aLiteral) {
+if (aLiteral instanceof Ci.nsIRDFLiteral)
+return aLiteral.Value;
+if (aLiteral instanceof Ci.nsIRDFResource)
+return aLiteral.Value;
+if (aLiteral instanceof Ci.nsIRDFInt)
+return aLiteral.Value;
+return null;
+}
+function getProperty(aDs, aSource, aProperty) {
+return getValue(aDs.GetTarget(aSource, EM_R(aProperty), true));
+}
+function getRequiredProperty(aDs, aSource, aProperty) {
+let value = getProperty(aDs, aSource, aProperty);
+if (!value)
+throw Components.Exception("Update manifest is missing a required " + aProperty + " property.");
+return value;
+}
+let rdfParser = Cc["@mozilla.org/rdf/xml-parser;1"].
+createInstance(Ci.nsIRDFXMLParser);
+let ds = Cc["@mozilla.org/rdf/datasource;1?name=in-memory-datasource"].
+createInstance(Ci.nsIRDFDataSource);
+rdfParser.parseString(ds, aRequest.channel.URI, aRequest.responseText);
+// Differentiating between add-on types is deprecated
+let extensionRes = gRDF.GetResource(PREFIX_EXTENSION + aId);
+let themeRes = gRDF.GetResource(PREFIX_THEME + aId);
+let itemRes = gRDF.GetResource(PREFIX_ITEM + aId);
+let addonRes = ds.ArcLabelsOut(extensionRes).hasMoreElements() ? extensionRes
+: ds.ArcLabelsOut(themeRes).hasMoreElements() ? themeRes
+: itemRes;
+// If we have an update key then the update manifest must be signed
+if (aUpdateKey) {
+let signature = getProperty(ds, addonRes, "signature");
+if (!signature)
+throw Components.Exception("Update manifest for " + aId + " does not contain a required signature");
+let serializer = new RDFSerializer();
+let updateString = null;
+try {
+updateString = serializer.serializeResource(ds, addonRes);
+}
+catch (e) {
+throw Components.Exception("Failed to generate signed string for " + aId + ". Serializer threw " + e,
+e.result);
+}
+let result = false;
+try {
+let verifier = Cc["@mozilla.org/security/datasignatureverifier;1"].
+getService(Ci.nsIDataSignatureVerifier);
+result = verifier.verifyData(updateString, signature, aUpdateKey);
+}
+catch (e) {
+throw Components.Exception("The signature or updateKey for " + aId + " is malformed." +
+"Verifier threw " + e, e.result);
+}
+if (!result)
+throw Components.Exception("The signature for " + aId + " was not created by the add-on's updateKey");
+}
+let updates = ds.GetTarget(addonRes, EM_R("updates"), true);
+// A missing updates property doesn't count as a failure, just as no avialable
+// update information
+if (!updates) {
+logger.warn("Update manifest for " + aId + " did not contain an updates property");
+return [];
+}
+if (!(updates instanceof Ci.nsIRDFResource))
+throw Components.Exception("Missing updates property for " + addonRes.Value);
+let cu = Cc["@mozilla.org/rdf/container-utils;1"].
+getService(Ci.nsIRDFContainerUtils);
+if (!cu.IsContainer(ds, updates))
+throw Components.Exception("Updates property was not an RDF container");
+let results = [];
+let ctr = Cc["@mozilla.org/rdf/container;1"].
+createInstance(Ci.nsIRDFContainer);
+ctr.Init(ds, updates);
+let items = ctr.GetElements();
+while (items.hasMoreElements()) {
+let item = items.getNext().QueryInterface(Ci.nsIRDFResource);
+let version = getProperty(ds, item, "version");
+if (!version) {
+logger.warn("Update manifest is missing a required version property.");
+continue;
+}
+logger.debug("Found an update entry for " + aId + " version " + version);
+let targetApps = ds.GetTargets(item, EM_R("targetApplication"), true);
+while (targetApps.hasMoreElements()) {
+let targetApp = targetApps.getNext().QueryInterface(Ci.nsIRDFResource);
+let appEntry = {};
+try {
+appEntry.id = getRequiredProperty(ds, targetApp, "id");
+appEntry.minVersion = getRequiredProperty(ds, targetApp, "minVersion");
+appEntry.maxVersion = getRequiredProperty(ds, targetApp, "maxVersion");
+}
+catch (e) {
+logger.warn(e);
+continue;
+}
+let result = {
+id: aId,
+version: version,
+updateURL: getProperty(ds, targetApp, "updateLink"),
+updateHash: getProperty(ds, targetApp, "updateHash"),
+updateInfoURL: getProperty(ds, targetApp, "updateInfoURL"),
+strictCompatibility: getProperty(ds, targetApp, "strictCompatibility") == "true",
+targetApplications: [appEntry]
+};
+if (result.updateURL && AddonManager.checkUpdateSecurity &&
+result.updateURL.substring(0, 6) != "https:" &&
+(!result.updateHash || result.updateHash.substring(0, 3) != "sha")) {
+logger.warn("updateLink " + result.updateURL + " is not secure and is not verified" +
+" by a strong enough hash (needs to be sha1 or stronger).");
+delete result.updateURL;
+delete result.updateHash;
+}
+results.push(result);
+}
+}
+return results;
+}
+/**
+* Starts downloading an update manifest and then passes it to an appropriate
+* parser to convert to an array of update objects
+*
+* @param  aId
+*         The ID of the add-on being checked for updates
+* @param  aUpdateKey
+*         An optional update key for the add-on
+* @param  aUrl
+*         The URL of the update manifest
+* @param  aObserver
+*         An observer to pass results to
+*/
+function UpdateParser(aId, aUpdateKey, aUrl, aObserver) {
+this.id = aId;
+this.updateKey = aUpdateKey;
+this.observer = aObserver;
+this.url = aUrl;
+let requireBuiltIn = true;
+try {
+requireBuiltIn = Services.prefs.getBoolPref(PREF_UPDATE_REQUIREBUILTINCERTS);
+}
+catch (e) {
+}
+logger.debug("Requesting " + aUrl);
+try {
+this.request = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].
+createInstance(Ci.nsIXMLHttpRequest);
+this.request.open("GET", this.url, true);
+this.request.channel.notificationCallbacks = new CertUtils.BadCertHandler(!requireBuiltIn);
+this.request.channel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
+// Prevent the request from writing to cache.
+this.request.channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+this.request.overrideMimeType("text/xml");
+this.request.timeout = TIMEOUT;
+var self = this;
+this.request.addEventListener("load", function loadEventListener(event) { self.onLoad() }, false);
+this.request.addEventListener("error", function errorEventListener(event) { self.onError() }, false);
+this.request.addEventListener("timeout", function timeoutEventListener(event) { self.onTimeout() }, false);
+this.request.send(null);
+}
+catch (e) {
+logger.error("Failed to request update manifest", e);
+}
+}
+UpdateParser.prototype = {
+id: null,
+updateKey: null,
+observer: null,
+request: null,
+url: null,
+/**
+* Called when the manifest has been successfully loaded.
+*/
+onLoad: function UP_onLoad() {
+let request = this.request;
+this.request = null;
+let requireBuiltIn = true;
+try {
+requireBuiltIn = Services.prefs.getBoolPref(PREF_UPDATE_REQUIREBUILTINCERTS);
+}
+catch (e) {
+}
+try {
+CertUtils.checkCert(request.channel, !requireBuiltIn);
+}
+catch (e) {
+this.notifyError(AddonUpdateChecker.ERROR_DOWNLOAD_ERROR);
+return;
+}
+if (!Components.isSuccessCode(request.status)) {
+logger.warn("Request failed: " + this.url + " - " + request.status);
+this.notifyError(AddonUpdateChecker.ERROR_DOWNLOAD_ERROR);
+return;
+}
+let channel = request.channel;
+if (channel instanceof Ci.nsIHttpChannel && !channel.requestSucceeded) {
+logger.warn("Request failed: " + this.url + " - " + channel.responseStatus +
+": " + channel.responseStatusText);
+this.notifyError(AddonUpdateChecker.ERROR_DOWNLOAD_ERROR);
+return;
+}
+let xml = request.responseXML;
+if (!xml || xml.documentElement.namespaceURI == XMLURI_PARSE_ERROR) {
+logger.warn("Update manifest was not valid XML");
+this.notifyError(AddonUpdateChecker.ERROR_PARSE_ERROR);
+return;
+}
+// We currently only know about RDF update manifests
+if (xml.documentElement.namespaceURI == PREFIX_NS_RDF) {
+let results = null;
+try {
+results = parseRDFManifest(this.id, this.updateKey, request);
+}
+catch (e) {
+logger.warn(e);
+this.notifyError(AddonUpdateChecker.ERROR_PARSE_ERROR);
+return;
+}
+if ("onUpdateCheckComplete" in this.observer) {
+try {
+this.observer.onUpdateCheckComplete(results);
+}
+catch (e) {
+logger.warn("onUpdateCheckComplete notification failed", e);
+}
+}
+return;
+}
+logger.warn("Update manifest had an unrecognised namespace: " + xml.documentElement.namespaceURI);
+this.notifyError(AddonUpdateChecker.ERROR_UNKNOWN_FORMAT);
+},
+/**
+* Called when the request times out
+*/
+onTimeout: function() {
+this.request = null;
+logger.warn("Request for " + this.url + " timed out");
+this.notifyError(AddonUpdateChecker.ERROR_TIMEOUT);
+},
+/**
+* Called when the manifest failed to load.
+*/
+onError: function UP_onError() {
+if (!Components.isSuccessCode(this.request.status)) {
+logger.warn("Request failed: " + this.url + " - " + this.request.status);
+}
+else if (this.request.channel instanceof Ci.nsIHttpChannel) {
+try {
+if (this.request.channel.requestSucceeded) {
+logger.warn("Request failed: " + this.url + " - " +
+this.request.channel.responseStatus + ": " +
+this.request.channel.responseStatusText);
+}
+}
+catch (e) {
+logger.warn("HTTP Request failed for an unknown reason");
+}
+}
+else {
+logger.warn("Request failed for an unknown reason");
+}
+this.request = null;
+this.notifyError(AddonUpdateChecker.ERROR_DOWNLOAD_ERROR);
+},
+/**
+* Helper method to notify the observer that an error occured.
+*/
+notifyError: function UP_notifyError(aStatus) {
+if ("onUpdateCheckError" in this.observer) {
+try {
+this.observer.onUpdateCheckError(aStatus);
+}
+catch (e) {
+logger.warn("onUpdateCheckError notification failed", e);
+}
+}
+},
+/**
+* Called to cancel an in-progress update check.
+*/
+cancel: function UP_cancel() {
+this.request.abort();
+this.request = null;
+this.notifyError(AddonUpdateChecker.ERROR_CANCELLED);
+}
+};
+/**
+* Tests if an update matches a version of the application or platform
+*
+* @param  aUpdate
+*         The available update
+* @param  aAppVersion
+*         The application version to use
+* @param  aPlatformVersion
+*         The platform version to use
+* @param  aIgnoreMaxVersion
+*         Ignore maxVersion when testing if an update matches. Optional.
+* @param  aIgnoreStrictCompat
+*         Ignore strictCompatibility when testing if an update matches. Optional.
+* @param  aCompatOverrides
+*         AddonCompatibilityOverride objects to match against. Optional.
+* @return true if the update is compatible with the application/platform
+*/
+function matchesVersions(aUpdate, aAppVersion, aPlatformVersion,
+aIgnoreMaxVersion, aIgnoreStrictCompat,
+aCompatOverrides) {
+if (aCompatOverrides) {
+let override = AddonRepository.findMatchingCompatOverride(aUpdate.version,
+aCompatOverrides,
+aAppVersion,
+aPlatformVersion);
+if (override && override.type == "incompatible")
+return false;
+}
+if (aUpdate.strictCompatibility && !aIgnoreStrictCompat)
+aIgnoreMaxVersion = false;
+let result = false;
+for (let app of aUpdate.targetApplications) {
+if (app.id == Services.appinfo.ID) {
+return (Services.vc.compare(aAppVersion, app.minVersion) >= 0) &&
+(aIgnoreMaxVersion || (Services.vc.compare(aAppVersion, app.maxVersion) <= 0));
+}
+if (app.id == TOOLKIT_ID) {
+result = (Services.vc.compare(aPlatformVersion, app.minVersion) >= 0) &&
+(aIgnoreMaxVersion || (Services.vc.compare(aPlatformVersion, app.maxVersion) <= 0));
+}
+}
+return result;
+}
+this.AddonUpdateChecker = {
+// These must be kept in sync with AddonManager
+// The update check timed out
+ERROR_TIMEOUT: -1,
+// There was an error while downloading the update information.
+ERROR_DOWNLOAD_ERROR: -2,
+// The update information was malformed in some way.
+ERROR_PARSE_ERROR: -3,
+// The update information was not in any known format.
+ERROR_UNKNOWN_FORMAT: -4,
+// The update information was not correctly signed or there was an SSL error.
+ERROR_SECURITY_ERROR: -5,
+// The update was cancelled
+ERROR_CANCELLED: -6,
+/**
+* Retrieves the best matching compatibility update for the application from
+* a list of available update objects.
+*
+* @param  aUpdates
+*         An array of update objects
+* @param  aVersion
+*         The version of the add-on to get new compatibility information for
+* @param  aIgnoreCompatibility
+*         An optional parameter to get the first compatibility update that
+*         is compatible with any version of the application or toolkit
+* @param  aAppVersion
+*         The version of the application or null to use the current version
+* @param  aPlatformVersion
+*         The version of the platform or null to use the current version
+* @param  aIgnoreMaxVersion
+*         Ignore maxVersion when testing if an update matches. Optional.
+* @param  aIgnoreStrictCompat
+*         Ignore strictCompatibility when testing if an update matches. Optional.
+* @return an update object if one matches or null if not
+*/
+getCompatibilityUpdate: function AUC_getCompatibilityUpdate(aUpdates, aVersion,
+aIgnoreCompatibility,
+aAppVersion,
+aPlatformVersion,
+aIgnoreMaxVersion,
+aIgnoreStrictCompat) {
+if (!aAppVersion)
+aAppVersion = Services.appinfo.version;
+if (!aPlatformVersion)
+aPlatformVersion = Services.appinfo.platformVersion;
+for (let update of aUpdates) {
+if (Services.vc.compare(update.version, aVersion) == 0) {
+if (aIgnoreCompatibility) {
+for (let targetApp of update.targetApplications) {
+let id = targetApp.id;
+if (id == Services.appinfo.ID || id == TOOLKIT_ID)
+return update;
+}
+}
+else if (matchesVersions(update, aAppVersion, aPlatformVersion,
+aIgnoreMaxVersion, aIgnoreStrictCompat)) {
+return update;
+}
+}
+}
+return null;
+},
+/**
+* Returns the newest available update from a list of update objects.
+*
+* @param  aUpdates
+*         An array of update objects
+* @param  aAppVersion
+*         The version of the application or null to use the current version
+* @param  aPlatformVersion
+*         The version of the platform or null to use the current version
+* @param  aIgnoreMaxVersion
+*         When determining compatible updates, ignore maxVersion. Optional.
+* @param  aIgnoreStrictCompat
+*         When determining compatible updates, ignore strictCompatibility. Optional.
+* @param  aCompatOverrides
+*         Array of AddonCompatibilityOverride to take into account. Optional.
+* @return an update object if one matches or null if not
+*/
+getNewestCompatibleUpdate: function AUC_getNewestCompatibleUpdate(aUpdates,
+aAppVersion,
+aPlatformVersion,
+aIgnoreMaxVersion,
+aIgnoreStrictCompat,
+aCompatOverrides) {
+if (!aAppVersion)
+aAppVersion = Services.appinfo.version;
+if (!aPlatformVersion)
+aPlatformVersion = Services.appinfo.platformVersion;
+let blocklist = Cc["@mozilla.org/extensions/blocklist;1"].
+getService(Ci.nsIBlocklistService);
+let newest = null;
+for (let update of aUpdates) {
+if (!update.updateURL)
+continue;
+let state = blocklist.getAddonBlocklistState(update, aAppVersion, aPlatformVersion);
+if (state != Ci.nsIBlocklistService.STATE_NOT_BLOCKED)
+continue;
+if ((newest == null || (Services.vc.compare(newest.version, update.version) < 0)) &&
+matchesVersions(update, aAppVersion, aPlatformVersion,
+aIgnoreMaxVersion, aIgnoreStrictCompat,
+aCompatOverrides)) {
+newest = update;
+}
+}
+return newest;
+},
+/**
+* Starts an update check.
+*
+* @param  aId
+*         The ID of the add-on being checked for updates
+* @param  aUpdateKey
+*         An optional update key for the add-on
+* @param  aUrl
+*         The URL of the add-on's update manifest
+* @param  aObserver
+*         An observer to notify of results
+* @return UpdateParser so that the caller can use UpdateParser.cancel() to shut
+*         down in-progress update requests
+*/
+checkForUpdates: function AUC_checkForUpdates(aId, aUpdateKey, aUrl,
+aObserver) {
+return new UpdateParser(aId, aUpdateKey, aUrl, aObserver);
+}
+};

The Tor Browser / file comparison

comparison: toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm

toolkit/mozapps/extensions/internal/AddonUpdateChecker.jsm