[Mypal] Rewrite the padlock code.
parent
26374cae84
commit
8e5f2ebb63
|
@ -16,58 +16,80 @@ var padlock_PadLock =
|
|||
onLocationChange: function() {},
|
||||
onStatusChange: function() {},
|
||||
onSecurityChange: function(aCallerWebProgress, aRequestWithState, aState) {
|
||||
// aState is defined as a bitmask that may be extended in the future.
|
||||
// We filter out any unknown bits before testing for known values.
|
||||
const wpl = Ci.nsIWebProgressListener;
|
||||
const wpl_security_bits = wpl.STATE_IS_SECURE |
|
||||
wpl.STATE_IS_BROKEN |
|
||||
wpl.STATE_IS_INSECURE |
|
||||
wpl.STATE_IDENTITY_EV_TOPLEVEL |
|
||||
wpl.STATE_SECURE_HIGH |
|
||||
wpl.STATE_SECURE_MED |
|
||||
wpl.STATE_SECURE_LOW;
|
||||
var level;
|
||||
var is_insecure;
|
||||
var highlight_urlbar = false;
|
||||
|
||||
switch (aState & wpl_security_bits) {
|
||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_HIGH | wpl.STATE_IDENTITY_EV_TOPLEVEL:
|
||||
level = "ev";
|
||||
is_insecure = "";
|
||||
highlight_urlbar = true;
|
||||
break;
|
||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_HIGH:
|
||||
level = "high";
|
||||
is_insecure = "";
|
||||
highlight_urlbar = true;
|
||||
break;
|
||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_MED:
|
||||
case wpl.STATE_IS_SECURE | wpl.STATE_SECURE_LOW:
|
||||
level = "low";
|
||||
is_insecure = "insecure";
|
||||
break;
|
||||
case wpl.STATE_IS_BROKEN | wpl.STATE_SECURE_LOW:
|
||||
level = "mixed";
|
||||
is_insecure = "insecure";
|
||||
highlight_urlbar = true;
|
||||
break;
|
||||
case wpl.STATE_IS_BROKEN:
|
||||
level = "broken";
|
||||
is_insecure = "insecure";
|
||||
highlight_urlbar = true;
|
||||
break;
|
||||
default: // should not be reached
|
||||
var secUI = gBrowser.securityUI;
|
||||
var secState = secUI.QueryInterface(Ci.nsISSLStatusProvider).SSLStatus;
|
||||
if (secState == null) {
|
||||
level = null;
|
||||
is_insecure = "insecure";
|
||||
} else {
|
||||
highlight_urlbar = true;
|
||||
secState.QueryInterface(Ci.nsISSLStatus);
|
||||
// Step 1: Check EV
|
||||
if (secState.isExtendedValidation) {
|
||||
// Step 1 TRUE: Extended Validation
|
||||
// Normal "ev"
|
||||
// Mixed Content "broken"
|
||||
if ((aState & wpl.STATE_LOADED_MIXED_ACTIVE_CONTENT) ||
|
||||
(aState & wpl.STATE_LOADED_MIXED_DISPLAY_CONTENT))
|
||||
level = "broken";
|
||||
else
|
||||
level = "ev";
|
||||
} else {
|
||||
// Step 1 FALSE: Domain Validation
|
||||
// Normal "high"
|
||||
// Mixed Active Content "low"
|
||||
if (aState & wpl.STATE_LOADED_MIXED_ACTIVE_CONTENT)
|
||||
level = "low";
|
||||
else
|
||||
level = "high";
|
||||
}
|
||||
// Step 2: Check Protocol
|
||||
if (level != "broken") {
|
||||
// SSL 3 "broken"
|
||||
// TLS 1.0 "low"
|
||||
// TLS 1.1 "low"
|
||||
var proto = secState.protocolVersion;
|
||||
if (proto == Ci.nsISSLStatus.SSL_VERSION_3)
|
||||
level = "broken";
|
||||
else if (proto == Ci.nsISSLStatus.TLS_VERSION_1 ||
|
||||
proto == Ci.nsISSLStatus.TLS_VERSION_1_1) {
|
||||
level = "low";
|
||||
}
|
||||
}
|
||||
// Step 3: Check Bad Ciphers
|
||||
if (level != "broken") {
|
||||
// EXPORT "broken"
|
||||
// RC2 "broken"
|
||||
// RC4 + MD5 "broken"
|
||||
// RC4 + SHA1 "low"
|
||||
// 3DES "low"
|
||||
var aCipher = secState.cipherSuite;
|
||||
if (aCipher.indexOf("_EXPORT") > -1) {
|
||||
level = "broken";
|
||||
} else if (aCipher.indexOf("_RC2_") > -1) {
|
||||
level = "broken";
|
||||
} else if (aCipher.indexOf("_RC4_") > -1) {
|
||||
if (aCipher.indexOf("_MD5") > -1) {
|
||||
level = "broken";
|
||||
} else if (aCipher.indexOf("_SHA") > -1) {
|
||||
level = "low";
|
||||
}
|
||||
} else if (aCipher.indexOf("_3DES_") > -1) {
|
||||
level = "low";
|
||||
}
|
||||
}
|
||||
// Step 4: Check Boolean Problems
|
||||
if (level != "broken") {
|
||||
// Untrusted "broken"
|
||||
// Domain Mismatch "broken"
|
||||
// Expired (or too new) "broken"
|
||||
if (secState.isUntrusted || secState.isDomainMismatch ||
|
||||
secState.isNotValidAtThisTime)
|
||||
level = "broken";
|
||||
}
|
||||
|
||||
try {
|
||||
var proto = gBrowser.contentWindow.location.protocol;
|
||||
if (proto == "about:" || proto == "chrome:" || proto == "file:" ) {
|
||||
// do not warn when using local protocols
|
||||
is_insecure = false;
|
||||
}
|
||||
} catch(ex) {}
|
||||
|
||||
let ub = document.getElementById("urlbar");
|
||||
if (ub) {
|
||||
|
@ -101,21 +123,37 @@ var padlock_PadLock =
|
|||
secbut.removeAttribute("level");
|
||||
}
|
||||
|
||||
let s_ev = "Extended Validated";
|
||||
let s_hi = "Secure";
|
||||
let s_lo = "Weak security";
|
||||
let s_no = "Not secure";
|
||||
let gLocale = document.getElementById("bundle_browser");
|
||||
if(!!gLocale) {
|
||||
let n_ev = gLocale.getString("identity.padlock.ev");
|
||||
if(n_ev != null)
|
||||
s_ev = n_ev;
|
||||
let n_hi = gLocale.getString("identity.padlock.high");
|
||||
if(n_hi != null)
|
||||
s_hi = n_hi;
|
||||
let n_lo = gLocale.getString("identity.padlock.low");
|
||||
if(n_lo != null)
|
||||
s_lo = n_lo;
|
||||
let n_no = gLocale.getString("identity.padlock.broken");
|
||||
if(n_no != null)
|
||||
s_no = n_no;
|
||||
}
|
||||
switch (level) {
|
||||
case "ev":
|
||||
sectooltip = "Extended Validated";
|
||||
sectooltip = s_ev;
|
||||
break;
|
||||
case "high":
|
||||
sectooltip = "Secure";
|
||||
sectooltip = s_hi;
|
||||
break;
|
||||
case "low":
|
||||
sectooltip = "Weak security";
|
||||
break;
|
||||
case "mixed":
|
||||
sectooltip = "Mixed mode (partially encrypted)";
|
||||
sectooltip = s_lo;
|
||||
break;
|
||||
case "broken":
|
||||
sectooltip = "Not secure";
|
||||
sectooltip = s_no;
|
||||
break;
|
||||
default:
|
||||
sectooltip = "";
|
||||
|
|
|
@ -280,6 +280,11 @@ identity.mixed_content=Your connection to this site is only partially encrypted,
|
|||
|
||||
identity.unknown.tooltip=This website does not supply identity information.
|
||||
|
||||
identity.padlock.ev=Extended Validated
|
||||
identity.padlock.high=Secure
|
||||
identity.padlock.low=Weak security
|
||||
identity.padlock.broken=Not secure
|
||||
|
||||
identity.ownerUnknown2=(unknown)
|
||||
|
||||
# Edit Bookmark UI
|
||||
|
|
Loading…
Reference in New Issue