[Mypal] Rewrite the padlock code.
parent
26374cae84
commit
8e5f2ebb63
|
@ -16,58 +16,80 @@ var padlock_PadLock =
|
||||||
onLocationChange: function() {},
|
onLocationChange: function() {},
|
||||||
onStatusChange: function() {},
|
onStatusChange: function() {},
|
||||||
onSecurityChange: function(aCallerWebProgress, aRequestWithState, aState) {
|
onSecurityChange: function(aCallerWebProgress, aRequestWithState, aState) {
|
||||||
// aState is defined as a bitmask that may be extended in the future.
|
|
||||||
// We filter out any unknown bits before testing for known values.
|
|
||||||
const wpl = Ci.nsIWebProgressListener;
|
const wpl = Ci.nsIWebProgressListener;
|
||||||
const wpl_security_bits = wpl.STATE_IS_SECURE |
|
|
||||||
wpl.STATE_IS_BROKEN |
|
|
||||||
wpl.STATE_IS_INSECURE |
|
|
||||||
wpl.STATE_IDENTITY_EV_TOPLEVEL |
|
|
||||||
wpl.STATE_SECURE_HIGH |
|
|
||||||
wpl.STATE_SECURE_MED |
|
|
||||||
wpl.STATE_SECURE_LOW;
|
|
||||||
var level;
|
var level;
|
||||||
var is_insecure;
|
|
||||||
var highlight_urlbar = false;
|
var highlight_urlbar = false;
|
||||||
|
var secUI = gBrowser.securityUI;
|
||||||
switch (aState & wpl_security_bits) {
|
var secState = secUI.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_HIGH | wpl.STATE_IDENTITY_EV_TOPLEVEL:
|
if (secState == null) {
|
||||||
level = "ev";
|
level = null;
|
||||||
is_insecure = "";
|
} else {
|
||||||
highlight_urlbar = true;
|
highlight_urlbar = true;
|
||||||
break;
|
secState.QueryInterface(Ci.nsISSLStatus);
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_HIGH:
|
// Step 1: Check EV
|
||||||
level = "high";
|
if (secState.isExtendedValidation) {
|
||||||
is_insecure = "";
|
// Step 1 TRUE: Extended Validation
|
||||||
highlight_urlbar = true;
|
// Normal "ev"
|
||||||
break;
|
// Mixed Content "broken"
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_MED:
|
if ((aState & wpl.STATE_LOADED_MIXED_ACTIVE_CONTENT) ||
|
||||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_LOW:
|
(aState & wpl.STATE_LOADED_MIXED_DISPLAY_CONTENT))
|
||||||
level = "low";
|
level = "broken";
|
||||||
is_insecure = "insecure";
|
else
|
||||||
break;
|
level = "ev";
|
||||||
case wpl.STATE_IS_BROKEN | wpl.STATE_SECURE_LOW:
|
} else {
|
||||||
level = "mixed";
|
// Step 1 FALSE: Domain Validation
|
||||||
is_insecure = "insecure";
|
// Normal "high"
|
||||||
highlight_urlbar = true;
|
// Mixed Active Content "low"
|
||||||
break;
|
if (aState & wpl.STATE_LOADED_MIXED_ACTIVE_CONTENT)
|
||||||
case wpl.STATE_IS_BROKEN:
|
level = "low";
|
||||||
level = "broken";
|
else
|
||||||
is_insecure = "insecure";
|
level = "high";
|
||||||
highlight_urlbar = true;
|
|
||||||
break;
|
|
||||||
default: // should not be reached
|
|
||||||
level = null;
|
|
||||||
is_insecure = "insecure";
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
var proto = gBrowser.contentWindow.location.protocol;
|
|
||||||
if (proto == "about:" || proto == "chrome:" || proto == "file:" ) {
|
|
||||||
// do not warn when using local protocols
|
|
||||||
is_insecure = false;
|
|
||||||
}
|
}
|
||||||
} catch(ex) {}
|
// Step 2: Check Protocol
|
||||||
|
if (level != "broken") {
|
||||||
|
// SSL 3 "broken"
|
||||||
|
// TLS 1.0 "low"
|
||||||
|
// TLS 1.1 "low"
|
||||||
|
var proto = secState.protocolVersion;
|
||||||
|
if (proto == Ci.nsISSLStatus.SSL_VERSION_3)
|
||||||
|
level = "broken";
|
||||||
|
else if (proto == Ci.nsISSLStatus.TLS_VERSION_1 ||
|
||||||
|
proto == Ci.nsISSLStatus.TLS_VERSION_1_1) {
|
||||||
|
level = "low";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Step 3: Check Bad Ciphers
|
||||||
|
if (level != "broken") {
|
||||||
|
// EXPORT "broken"
|
||||||
|
// RC2 "broken"
|
||||||
|
// RC4 + MD5 "broken"
|
||||||
|
// RC4 + SHA1 "low"
|
||||||
|
// 3DES "low"
|
||||||
|
var aCipher = secState.cipherSuite;
|
||||||
|
if (aCipher.indexOf("_EXPORT") > -1) {
|
||||||
|
level = "broken";
|
||||||
|
} else if (aCipher.indexOf("_RC2_") > -1) {
|
||||||
|
level = "broken";
|
||||||
|
} else if (aCipher.indexOf("_RC4_") > -1) {
|
||||||
|
if (aCipher.indexOf("_MD5") > -1) {
|
||||||
|
level = "broken";
|
||||||
|
} else if (aCipher.indexOf("_SHA") > -1) {
|
||||||
|
level = "low";
|
||||||
|
}
|
||||||
|
} else if (aCipher.indexOf("_3DES_") > -1) {
|
||||||
|
level = "low";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Step 4: Check Boolean Problems
|
||||||
|
if (level != "broken") {
|
||||||
|
// Untrusted "broken"
|
||||||
|
// Domain Mismatch "broken"
|
||||||
|
// Expired (or too new) "broken"
|
||||||
|
if (secState.isUntrusted || secState.isDomainMismatch ||
|
||||||
|
secState.isNotValidAtThisTime)
|
||||||
|
level = "broken";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let ub = document.getElementById("urlbar");
|
let ub = document.getElementById("urlbar");
|
||||||
if (ub) {
|
if (ub) {
|
||||||
|
@ -101,21 +123,37 @@ var padlock_PadLock =
|
||||||
secbut.removeAttribute("level");
|
secbut.removeAttribute("level");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
let s_ev = "Extended Validated";
|
||||||
|
let s_hi = "Secure";
|
||||||
|
let s_lo = "Weak security";
|
||||||
|
let s_no = "Not secure";
|
||||||
|
let gLocale = document.getElementById("bundle_browser");
|
||||||
|
if(!!gLocale) {
|
||||||
|
let n_ev = gLocale.getString("identity.padlock.ev");
|
||||||
|
if(n_ev != null)
|
||||||
|
s_ev = n_ev;
|
||||||
|
let n_hi = gLocale.getString("identity.padlock.high");
|
||||||
|
if(n_hi != null)
|
||||||
|
s_hi = n_hi;
|
||||||
|
let n_lo = gLocale.getString("identity.padlock.low");
|
||||||
|
if(n_lo != null)
|
||||||
|
s_lo = n_lo;
|
||||||
|
let n_no = gLocale.getString("identity.padlock.broken");
|
||||||
|
if(n_no != null)
|
||||||
|
s_no = n_no;
|
||||||
|
}
|
||||||
switch (level) {
|
switch (level) {
|
||||||
case "ev":
|
case "ev":
|
||||||
sectooltip = "Extended Validated";
|
sectooltip = s_ev;
|
||||||
break;
|
break;
|
||||||
case "high":
|
case "high":
|
||||||
sectooltip = "Secure";
|
sectooltip = s_hi;
|
||||||
break;
|
break;
|
||||||
case "low":
|
case "low":
|
||||||
sectooltip = "Weak security";
|
sectooltip = s_lo;
|
||||||
break;
|
|
||||||
case "mixed":
|
|
||||||
sectooltip = "Mixed mode (partially encrypted)";
|
|
||||||
break;
|
break;
|
||||||
case "broken":
|
case "broken":
|
||||||
sectooltip = "Not secure";
|
sectooltip = s_no;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
sectooltip = "";
|
sectooltip = "";
|
||||||
|
|
|
@ -280,6 +280,11 @@ identity.mixed_content=Your connection to this site is only partially encrypted,
|
||||||
|
|
||||||
identity.unknown.tooltip=This website does not supply identity information.
|
identity.unknown.tooltip=This website does not supply identity information.
|
||||||
|
|
||||||
|
identity.padlock.ev=Extended Validated
|
||||||
|
identity.padlock.high=Secure
|
||||||
|
identity.padlock.low=Weak security
|
||||||
|
identity.padlock.broken=Not secure
|
||||||
|
|
||||||
identity.ownerUnknown2=(unknown)
|
identity.ownerUnknown2=(unknown)
|
||||||
|
|
||||||
# Edit Bookmark UI
|
# Edit Bookmark UI
|
||||||
|
|
Loading…
Reference in New Issue