summaryrefslogtreecommitdiffstats
path: root/application/basilisk/base
diff options
context:
space:
mode:
authorMoonchild <mcwerewolf@gmail.com>2018-07-23 17:18:33 +0200
committerGitHub <noreply@github.com>2018-07-23 17:18:33 +0200
commit6ff51b3dff6b9e22b4c0ac02b8b2c4372c24c002 (patch)
tree379069772d6306b9085883e48c87d14ff52986d0 /application/basilisk/base
parent72e628874a7b96d33fa550626be56e334dda50c8 (diff)
parente313e5e2ec19355988c3d59745c202f4604670d3 (diff)
downloadUXP-6ff51b3dff6b9e22b4c0ac02b8b2c4372c24c002.tar
UXP-6ff51b3dff6b9e22b4c0ac02b8b2c4372c24c002.tar.gz
UXP-6ff51b3dff6b9e22b4c0ac02b8b2c4372c24c002.tar.lz
UXP-6ff51b3dff6b9e22b4c0ac02b8b2c4372c24c002.tar.xz
UXP-6ff51b3dff6b9e22b4c0ac02b8b2c4372c24c002.zip
Merge pull request #666 from kn-yami/issue605
replace "certErrorCodePrefix2" with "certErrorCodePrefix"
Diffstat (limited to 'application/basilisk/base')
-rw-r--r--application/basilisk/base/content/aboutNetError.xhtml98
-rw-r--r--application/basilisk/base/content/browser.js92
2 files changed, 20 insertions, 170 deletions
diff --git a/application/basilisk/base/content/aboutNetError.xhtml b/application/basilisk/base/content/aboutNetError.xhtml
index 609725c9e..f28e2365f 100644
--- a/application/basilisk/base/content/aboutNetError.xhtml
+++ b/application/basilisk/base/content/aboutNetError.xhtml
@@ -123,13 +123,6 @@
document.getElementById("advancedButton")
.addEventListener("click", function togglePanelVisibility() {
toggleDisplay(panel);
- if (gIsCertError) {
- // Toggling the advanced panel must ensure that the debugging
- // information panel is hidden as well, since it's opened by the
- // error code link in the advanced panel.
- var div = document.getElementById("certificateErrorDebugInformation");
- div.style.display = "none";
- }
if (panel.style.display == "block") {
// send event to trigger telemetry ping
@@ -149,11 +142,6 @@
if (getCSSClass() == "expertBadCert") {
toggleDisplay(document.getElementById("badCertAdvancedPanel"));
- // Toggling the advanced panel must ensure that the debugging
- // information panel is hidden as well, since it's opened by the
- // error code link in the advanced panel.
- var div = document.getElementById("certificateErrorDebugInformation");
- div.style.display = "none";
}
disallowCertOverridesIfNeeded();
@@ -312,7 +300,7 @@
}
}
- addDomainErrorLinks();
+ addDomainErrorLink();
}
function initPageCaptivePortal()
@@ -329,7 +317,7 @@
addAutofocus("openPortalLoginPageButton");
setupAdvancedButton(true);
- addDomainErrorLinks();
+ addDomainErrorLink();
// When the portal is freed, an event is generated by the frame script
// that we can pick up and attempt to reload the original page.
@@ -353,7 +341,7 @@
let event = new CustomEvent("AboutNetErrorLoad", {bubbles:true});
document.getElementById("advancedButton").dispatchEvent(event);
- addDomainErrorLinks();
+ addDomainErrorLink();
}
/* Only do autofocus if we're the toplevel frame; otherwise we
@@ -372,16 +360,13 @@
}
}
- /* Try to preserve the links contained in the error description, like
- the error code.
-
- Also, in the case of SSL error pages about domain mismatch, see if
+ /* In the case of SSL error pages about domain mismatch, see if
we can hyperlink the user to the correct site. We don't want
to do this generically since it allows MitM attacks to redirect
users to a site under attacker control, but in certain cases
it is safe (and helpful!) to do so. Bug 402210
*/
- function addDomainErrorLinks() {
+ function addDomainErrorLink() {
// Rather than textContent, we need to treat description as HTML
var sdid = gIsCertError ? "badCertTechnicalInfo" : "errorShortDescText";
var sd = document.getElementById(sdid);
@@ -390,50 +375,28 @@
// sanitize description text - see bug 441169
- // First, find the index of the <a> tags we care about, being
+ // First, find the index of the <a> tag we care about, being
// careful not to use an over-greedy regex.
- var codeRe = /<a id="errorCode" title="([^"]+)">/;
- var codeResult = codeRe.exec(desc);
- var domainRe = /<a id="cert_domain_link" title="([^"]+)">/;
- var domainResult = domainRe.exec(desc);
-
- // The order of these links in the description is fixed in
- // TransportSecurityInfo.cpp:formatOverridableCertErrorMessage.
- var firstResult = domainResult;
- if (!domainResult)
- firstResult = codeResult;
- if (!firstResult)
+ var re = /<a id="cert_domain_link" title="([^"]+)">/;
+ var result = domainRe.exec(desc);
+
+ if (!result)
return;
// Remove sd's existing children
sd.textContent = "";
- // Everything up to the first link should be text content.
- sd.appendChild(document.createTextNode(desc.slice(0, firstResult.index)));
+ // Everything up to the link should be text content.
+ sd.appendChild(document.createTextNode(desc.slice(0, result.index)));
- // Now create the actual links.
- if (domainResult) {
- createLink(sd, "cert_domain_link", domainResult[1])
- // Append text for anything between the two links.
- sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length, codeResult.index)));
- }
- createLink(sd, "errorCode", codeResult[1])
+ // Now create the link itself.
+ var anchorEl = document.createElement("a");
+ anchorEl.setAttribute("id", "cert_domain_link");
+ anchorEl.setAttribute("title", result[1]);
+ anchorEl.appendChild(document.createTextNode(result[1]));
+ sd.appendChild(anchorEl);
- // Finally, append text for anything after the last closing </a>.
- sd.appendChild(document.createTextNode(desc.slice(desc.lastIndexOf("</a>") + "</a>".length)));
- }
-
- if (gIsCertError) {
- // Initialize the error code link embedded in the error message to
- // display debug information about the cert error.
- var errorCode = document.getElementById("errorCode");
- if (errorCode) {
- errorCode.href = "javascript:void(0)";
- errorCode.addEventListener("click", () => {
- let debugInfo = document.getElementById("certificateErrorDebugInformation");
- debugInfo.style.display = "block";
- debugInfo.scrollIntoView({block: "start", behavior: "smooth"});
- }, false);
- }
+ // Finally, append text for anything after the closing </a>.
+ sd.appendChild(document.createTextNode(desc.slice(desc.indexOf("</a>") + "</a>".length)));
}
// Initialize the cert domain link.
@@ -479,23 +442,8 @@
if (link.href && getCSSClass() != "expertBadCert") {
var panelId = gIsCertError ? "badCertAdvancedPanel" : "weakCryptoAdvancedPanel"
toggleDisplay(document.getElementById(panelId));
- if (gIsCertError) {
- // Toggling the advanced panel must ensure that the debugging
- // information panel is hidden as well, since it's opened by the
- // error code link in the advanced panel.
- var div = document.getElementById("certificateErrorDebugInformation");
- div.style.display = "none";
- }
}
}
-
- function createLink(el, id, text) {
- var anchorEl = document.createElement("a");
- anchorEl.setAttribute("id", id);
- anchorEl.setAttribute("title", text);
- anchorEl.appendChild(document.createTextNode(text));
- el.appendChild(anchorEl);
- }
]]></script>
</head>
@@ -628,12 +576,6 @@
</div>
- <div id="certificateErrorDebugInformation">
- <button id="copyToClipboard">&certerror.copyToClipboard.label;</button>
- <div id="certificateErrorText"/>
- <button id="copyToClipboard">&certerror.copyToClipboard.label;</button>
- </div>
-
<!--
- Note: It is important to run the script this way, instead of using
- an onload handler. This is because error pages are loaded as
diff --git a/application/basilisk/base/content/browser.js b/application/basilisk/base/content/browser.js
index 9ec7715fa..031144dfd 100644
--- a/application/basilisk/base/content/browser.js
+++ b/application/basilisk/base/content/browser.js
@@ -2888,24 +2888,7 @@ var BrowserOnClick = {
secHistogram.add(Ci.nsISecurityUITelemetry.WARNING_BAD_CERT_TOP_UNDERSTAND_RISKS);
}
- securityInfo = getSecurityInfo(securityInfoAsString);
- let errorInfo = getDetailedCertErrorInfo(location,
- securityInfo);
- browser.messageManager.sendAsyncMessage( "CertErrorDetails", {
- code: securityInfo.errorCode,
- info: errorInfo
- });
- break;
-
- case "copyToClipboard":
- const gClipboardHelper = Cc["@mozilla.org/widget/clipboardhelper;1"]
- .getService(Ci.nsIClipboardHelper);
- securityInfo = getSecurityInfo(securityInfoAsString);
- let detailedInfo = getDetailedCertErrorInfo(location,
- securityInfo);
- gClipboardHelper.copyString(detailedInfo);
break;
-
}
},
@@ -3145,81 +3128,6 @@ function getSecurityInfo(securityInfoAsString) {
return securityInfo;
}
-/**
- * Returns a string with detailed information about the certificate validation
- * failure from the specified URI that can be used to send a report.
- */
-function getDetailedCertErrorInfo(location, securityInfo) {
- if (!securityInfo)
- return "";
-
- let certErrorDetails = location;
- let code = securityInfo.errorCode;
- let errors = Cc["@mozilla.org/nss_errors_service;1"]
- .getService(Ci.nsINSSErrorsService);
-
- certErrorDetails += "\r\n\r\n" + errors.getErrorMessage(errors.getXPCOMFromNSSError(code));
-
- const sss = Cc["@mozilla.org/ssservice;1"]
- .getService(Ci.nsISiteSecurityService);
- // SiteSecurityService uses different storage if the channel is
- // private. Thus we must give isSecureHost correct flags or we
- // might get incorrect results.
- let flags = PrivateBrowsingUtils.isWindowPrivate(window) ?
- Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
-
- let uri = Services.io.newURI(location, null, null);
-
- let hasHSTS = sss.isSecureHost(sss.HEADER_HSTS, uri.host, flags);
- let hasHPKP = sss.isSecureHost(sss.HEADER_HPKP, uri.host, flags);
- certErrorDetails += "\r\n\r\n" +
- gNavigatorBundle.getFormattedString("certErrorDetailsHSTS.label",
- [hasHSTS]);
- certErrorDetails += "\r\n" +
- gNavigatorBundle.getFormattedString("certErrorDetailsKeyPinning.label",
- [hasHPKP]);
-
- let certChain = "";
- if (securityInfo.failedCertChain) {
- let certs = securityInfo.failedCertChain.getEnumerator();
- while (certs.hasMoreElements()) {
- let cert = certs.getNext();
- cert.QueryInterface(Ci.nsIX509Cert);
- certChain += getPEMString(cert);
- }
- }
-
- certErrorDetails += "\r\n\r\n" +
- gNavigatorBundle.getString("certErrorDetailsCertChain.label") +
- "\r\n\r\n" + certChain;
-
- return certErrorDetails;
-}
-
-// TODO: can we pull getDERString and getPEMString in from pippki.js instead of
-// duplicating them here?
-function getDERString(cert)
-{
- var length = {};
- var derArray = cert.getRawDER(length);
- var derString = '';
- for (var i = 0; i < derArray.length; i++) {
- derString += String.fromCharCode(derArray[i]);
- }
- return derString;
-}
-
-function getPEMString(cert)
-{
- var derb64 = btoa(getDERString(cert));
- // Wrap the Base64 string into lines of 64 characters,
- // with CRLF line breaks (as specified in RFC 1421).
- var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
- return "-----BEGIN CERTIFICATE-----\r\n"
- + wrapped
- + "\r\n-----END CERTIFICATE-----\r\n";
-}
-
var PrintPreviewListener = {
_printPreviewTab: null,
_tabBeforePrintPreview: null,