[Mypal] Rewrite the padlock code.
This commit is contained in:
parent
26374cae84
commit
8e5f2ebb63
|
@ -16,59 +16,81 @@ var padlock_PadLock =
|
||||||
onLocationChange: function() {},
|
onLocationChange: function() {},
|
||||||
onStatusChange: function() {},
|
onStatusChange: function() {},
|
||||||
onSecurityChange: function(aCallerWebProgress, aRequestWithState, aState) {
|
onSecurityChange: function(aCallerWebProgress, aRequestWithState, aState) {
|
||||||
// aState is defined as a bitmask that may be extended in the future.
|
|
||||||
// We filter out any unknown bits before testing for known values.
|
|
||||||
const wpl = Ci.nsIWebProgressListener;
|
const wpl = Ci.nsIWebProgressListener;
|
||||||
const wpl_security_bits = wpl.STATE_IS_SECURE |
|
|
||||||
wpl.STATE_IS_BROKEN |
|
|
||||||
wpl.STATE_IS_INSECURE |
|
|
||||||
wpl.STATE_IDENTITY_EV_TOPLEVEL |
|
|
||||||
wpl.STATE_SECURE_HIGH |
|
|
||||||
wpl.STATE_SECURE_MED |
|
|
||||||
wpl.STATE_SECURE_LOW;
|
|
||||||
var level;
|
var level;
|
||||||
var is_insecure;
|
|
||||||
var highlight_urlbar = false;
|
var highlight_urlbar = false;
|
||||||
|
var secUI = gBrowser.securityUI;
|
||||||
switch (aState & wpl_security_bits) {
|
var secState = secUI.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_HIGH | wpl.STATE_IDENTITY_EV_TOPLEVEL:
|
if (secState == null) {
|
||||||
level = "ev";
|
level = null;
|
||||||
is_insecure = "";
|
} else {
|
||||||
highlight_urlbar = true;
|
highlight_urlbar = true;
|
||||||
break;
|
secState.QueryInterface(Ci.nsISSLStatus);
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_HIGH:
|
// Step 1: Check EV
|
||||||
level = "high";
|
if (secState.isExtendedValidation) {
|
||||||
is_insecure = "";
|
// Step 1 TRUE: Extended Validation
|
||||||
highlight_urlbar = true;
|
// Normal "ev"
|
||||||
break;
|
// Mixed Content "broken"
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_MED:
|
if ((aState & wpl.STATE_LOADED_MIXED_ACTIVE_CONTENT) ||
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_LOW:
|
(aState & wpl.STATE_LOADED_MIXED_DISPLAY_CONTENT))
|
||||||
level = "low";
|
level = "broken";
|
||||||
is_insecure = "insecure";
|
else
|
||||||
break;
|
level = "ev";
|
||||||
case wpl.STATE_IS_BROKEN | wpl.STATE_SECURE_LOW:
|
} else {
|
||||||
level = "mixed";
|
// Step 1 FALSE: Domain Validation
|
||||||
is_insecure = "insecure";
|
// Normal "high"
|
||||||
highlight_urlbar = true;
|
// Mixed Active Content "low"
|
||||||
break;
|
if (aState & wpl.STATE_LOADED_MIXED_ACTIVE_CONTENT)
|
||||||
case wpl.STATE_IS_BROKEN:
|
level = "low";
|
||||||
level = "broken";
|
else
|
||||||
is_insecure = "insecure";
|
level = "high";
|
||||||
highlight_urlbar = true;
|
}
|
||||||
break;
|
// Step 2: Check Protocol
|
||||||
default: // should not be reached
|
if (level != "broken") {
|
||||||
level = null;
|
// SSL 3 "broken"
|
||||||
is_insecure = "insecure";
|
// TLS 1.0 "low"
|
||||||
|
// TLS 1.1 "low"
|
||||||
|
var proto = secState.protocolVersion;
|
||||||
|
if (proto == Ci.nsISSLStatus.SSL_VERSION_3)
|
||||||
|
level = "broken";
|
||||||
|
else if (proto == Ci.nsISSLStatus.TLS_VERSION_1 ||
|
||||||
|
proto == Ci.nsISSLStatus.TLS_VERSION_1_1) {
|
||||||
|
level = "low";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Step 3: Check Bad Ciphers
|
||||||
|
if (level != "broken") {
|
||||||
|
// EXPORT "broken"
|
||||||
|
// RC2 "broken"
|
||||||
|
// RC4 + MD5 "broken"
|
||||||
|
// RC4 + SHA1 "low"
|
||||||
|
// 3DES "low"
|
||||||
|
var aCipher = secState.cipherSuite;
|
||||||
|
if (aCipher.indexOf("_EXPORT") > -1) {
|
||||||
|
level = "broken";
|
||||||
|
} else if (aCipher.indexOf("_RC2_") > -1) {
|
||||||
|
level = "broken";
|
||||||
|
} else if (aCipher.indexOf("_RC4_") > -1) {
|
||||||
|
if (aCipher.indexOf("_MD5") > -1) {
|
||||||
|
level = "broken";
|
||||||
|
} else if (aCipher.indexOf("_SHA") > -1) {
|
||||||
|
level = "low";
|
||||||
|
}
|
||||||
|
} else if (aCipher.indexOf("_3DES_") > -1) {
|
||||||
|
level = "low";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Step 4: Check Boolean Problems
|
||||||
|
if (level != "broken") {
|
||||||
|
// Untrusted "broken"
|
||||||
|
// Domain Mismatch "broken"
|
||||||
|
// Expired (or too new) "broken"
|
||||||
|
if (secState.isUntrusted || secState.isDomainMismatch ||
|
||||||
|
secState.isNotValidAtThisTime)
|
||||||
|
level = "broken";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
var proto = gBrowser.contentWindow.location.protocol;
|
|
||||||
if (proto == "about:" || proto == "chrome:" || proto == "file:" ) {
|
|
||||||
// do not warn when using local protocols
|
|
||||||
is_insecure = false;
|
|
||||||
}
|
|
||||||
} catch(ex) {}
|
|
||||||
|
|
||||||
let ub = document.getElementById("urlbar");
|
let ub = document.getElementById("urlbar");
|
||||||
if (ub) {
|
if (ub) {
|
||||||
// Only call if URL bar is present.
|
// Only call if URL bar is present.
|
||||||
|
@ -84,15 +106,15 @@ var padlock_PadLock =
|
||||||
padlock_PadLock.setPadlockLevel("padlock-ib-left", level);
|
padlock_PadLock.setPadlockLevel("padlock-ib-left", level);
|
||||||
padlock_PadLock.setPadlockLevel("padlock-ub-right", level);
|
padlock_PadLock.setPadlockLevel("padlock-ub-right", level);
|
||||||
} catch(e) {}
|
} catch(e) {}
|
||||||
|
|
||||||
padlock_PadLock.setPadlockLevel("padlock-sb", level);
|
padlock_PadLock.setPadlockLevel("padlock-sb", level);
|
||||||
padlock_PadLock.setPadlockLevel("padlock-tab", level);
|
padlock_PadLock.setPadlockLevel("padlock-tab", level);
|
||||||
},
|
},
|
||||||
|
|
||||||
setPadlockLevel: function(item, level) {
|
setPadlockLevel: function(item, level) {
|
||||||
let secbut = document.getElementById(item);
|
let secbut = document.getElementById(item);
|
||||||
var sectooltip = "";
|
var sectooltip = "";
|
||||||
|
|
||||||
if (level) {
|
if (level) {
|
||||||
secbut.setAttribute("level", level);
|
secbut.setAttribute("level", level);
|
||||||
secbut.hidden = false;
|
secbut.hidden = false;
|
||||||
|
@ -100,34 +122,50 @@ var padlock_PadLock =
|
||||||
secbut.hidden = true;
|
secbut.hidden = true;
|
||||||
secbut.removeAttribute("level");
|
secbut.removeAttribute("level");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let s_ev = "Extended Validated";
|
||||||
|
let s_hi = "Secure";
|
||||||
|
let s_lo = "Weak security";
|
||||||
|
let s_no = "Not secure";
|
||||||
|
let gLocale = document.getElementById("bundle_browser");
|
||||||
|
if(!!gLocale) {
|
||||||
|
let n_ev = gLocale.getString("identity.padlock.ev");
|
||||||
|
if(n_ev != null)
|
||||||
|
s_ev = n_ev;
|
||||||
|
let n_hi = gLocale.getString("identity.padlock.high");
|
||||||
|
if(n_hi != null)
|
||||||
|
s_hi = n_hi;
|
||||||
|
let n_lo = gLocale.getString("identity.padlock.low");
|
||||||
|
if(n_lo != null)
|
||||||
|
s_lo = n_lo;
|
||||||
|
let n_no = gLocale.getString("identity.padlock.broken");
|
||||||
|
if(n_no != null)
|
||||||
|
s_no = n_no;
|
||||||
|
}
|
||||||
switch (level) {
|
switch (level) {
|
||||||
case "ev":
|
case "ev":
|
||||||
sectooltip = "Extended Validated";
|
sectooltip = s_ev;
|
||||||
break;
|
break;
|
||||||
case "high":
|
case "high":
|
||||||
sectooltip = "Secure";
|
sectooltip = s_hi;
|
||||||
break;
|
break;
|
||||||
case "low":
|
case "low":
|
||||||
sectooltip = "Weak security";
|
sectooltip = s_lo;
|
||||||
break;
|
|
||||||
case "mixed":
|
|
||||||
sectooltip = "Mixed mode (partially encrypted)";
|
|
||||||
break;
|
break;
|
||||||
case "broken":
|
case "broken":
|
||||||
sectooltip = "Not secure";
|
sectooltip = s_no;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
sectooltip = "";
|
sectooltip = "";
|
||||||
}
|
}
|
||||||
secbut.setAttribute("tooltiptext", sectooltip);
|
secbut.setAttribute("tooltiptext", sectooltip);
|
||||||
},
|
},
|
||||||
|
|
||||||
prefbranch : null,
|
prefbranch : null,
|
||||||
|
|
||||||
onLoad: function() {
|
onLoad: function() {
|
||||||
gBrowser.addProgressListener(padlock_PadLock);
|
gBrowser.addProgressListener(padlock_PadLock);
|
||||||
|
|
||||||
var prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefService);
|
var prefService = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefService);
|
||||||
padlock_PadLock.prefbranch = prefService.getBranch("browser.padlock.");
|
padlock_PadLock.prefbranch = prefService.getBranch("browser.padlock.");
|
||||||
padlock_PadLock.prefbranch.QueryInterface(Components.interfaces.nsIPrefBranch2);
|
padlock_PadLock.prefbranch.QueryInterface(Components.interfaces.nsIPrefBranch2);
|
||||||
|
@ -214,7 +252,7 @@ var padlock_PadLock =
|
||||||
document.getElementById("padlock-ib-left").setAttribute("padshow", padshow);
|
document.getElementById("padlock-ib-left").setAttribute("padshow", padshow);
|
||||||
document.getElementById("padlock-ub-right").setAttribute("padshow", padshow);
|
document.getElementById("padlock-ub-right").setAttribute("padshow", padshow);
|
||||||
} catch(e) {}
|
} catch(e) {}
|
||||||
|
|
||||||
document.getElementById("padlock-sb").setAttribute("padshow", padshow);
|
document.getElementById("padlock-sb").setAttribute("padshow", padshow);
|
||||||
document.getElementById("padlock-tab").setAttribute("padshow", padshow);
|
document.getElementById("padlock-tab").setAttribute("padshow", padshow);
|
||||||
|
|
||||||
|
@ -223,7 +261,7 @@ var padlock_PadLock =
|
||||||
document.getElementById("padlock-ib-left").setAttribute("padstyle", padstyle);
|
document.getElementById("padlock-ib-left").setAttribute("padstyle", padstyle);
|
||||||
document.getElementById("padlock-ub-right").setAttribute("padstyle", padstyle);
|
document.getElementById("padlock-ub-right").setAttribute("padstyle", padstyle);
|
||||||
} catch(e) {}
|
} catch(e) {}
|
||||||
|
|
||||||
document.getElementById("padlock-sb").setAttribute("padstyle", padstyle);
|
document.getElementById("padlock-sb").setAttribute("padstyle", padstyle);
|
||||||
document.getElementById("padlock-tab").setAttribute("padstyle", padstyle);
|
document.getElementById("padlock-tab").setAttribute("padstyle", padstyle);
|
||||||
|
|
||||||
|
|
|
@ -280,6 +280,11 @@ identity.mixed_content=Your connection to this site is only partially encrypted,
|
||||||
|
|
||||||
identity.unknown.tooltip=This website does not supply identity information.
|
identity.unknown.tooltip=This website does not supply identity information.
|
||||||
|
|
||||||
|
identity.padlock.ev=Extended Validated
|
||||||
|
identity.padlock.high=Secure
|
||||||
|
identity.padlock.low=Weak security
|
||||||
|
identity.padlock.broken=Not secure
|
||||||
|
|
||||||
identity.ownerUnknown2=(unknown)
|
identity.ownerUnknown2=(unknown)
|
||||||
|
|
||||||
# Edit Bookmark UI
|
# Edit Bookmark UI
|
||||||
|
|
Loading…
Reference in New Issue
Block a user