summaryrefslogtreecommitdiffstats
path: root/browser/base/content/pageinfo/security.js
diff options
context:
space:
mode:
Diffstat (limited to 'browser/base/content/pageinfo/security.js')
-rw-r--r--browser/base/content/pageinfo/security.js388
1 files changed, 0 insertions, 388 deletions
diff --git a/browser/base/content/pageinfo/security.js b/browser/base/content/pageinfo/security.js
deleted file mode 100644
index 5295a8fe6..000000000
--- a/browser/base/content/pageinfo/security.js
+++ /dev/null
@@ -1,388 +0,0 @@
-/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-Components.utils.import("resource://gre/modules/BrowserUtils.jsm");
-
-XPCOMUtils.defineLazyModuleGetter(this, "LoginHelper",
- "resource://gre/modules/LoginHelper.jsm");
-
-var security = {
- init: function(uri, windowInfo) {
- this.uri = uri;
- this.windowInfo = windowInfo;
- },
-
- // Display the server certificate (static)
- viewCert : function () {
- var cert = security._cert;
- viewCertHelper(window, cert);
- },
-
- _getSecurityInfo : function() {
- const nsISSLStatusProvider = Components.interfaces.nsISSLStatusProvider;
- const nsISSLStatus = Components.interfaces.nsISSLStatus;
-
- // We don't have separate info for a frame, return null until further notice
- // (see bug 138479)
- if (!this.windowInfo.isTopWindow)
- return null;
-
- var hostName = this.windowInfo.hostName;
-
- var ui = security._getSecurityUI();
- if (!ui)
- return null;
-
- var isBroken =
- (ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_BROKEN);
- var isMixed =
- (ui.state & (Components.interfaces.nsIWebProgressListener.STATE_LOADED_MIXED_ACTIVE_CONTENT |
- Components.interfaces.nsIWebProgressListener.STATE_LOADED_MIXED_DISPLAY_CONTENT));
- var isInsecure =
- (ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_INSECURE);
- var isEV =
- (ui.state & Components.interfaces.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
- ui.QueryInterface(nsISSLStatusProvider);
- var status = ui.SSLStatus;
-
- if (!isInsecure && status) {
- status.QueryInterface(nsISSLStatus);
- var cert = status.serverCert;
- var issuerName =
- this.mapIssuerOrganization(cert.issuerOrganization) || cert.issuerName;
-
- var retval = {
- hostName : hostName,
- cAName : issuerName,
- encryptionAlgorithm : undefined,
- encryptionStrength : undefined,
- version: undefined,
- isBroken : isBroken,
- isMixed : isMixed,
- isEV : isEV,
- cert : cert,
- certificateTransparency : undefined
- };
-
- var version;
- try {
- retval.encryptionAlgorithm = status.cipherName;
- retval.encryptionStrength = status.secretKeyLength;
- version = status.protocolVersion;
- }
- catch (e) {
- }
-
- switch (version) {
- case nsISSLStatus.SSL_VERSION_3:
- retval.version = "SSL 3";
- break;
- case nsISSLStatus.TLS_VERSION_1:
- retval.version = "TLS 1.0";
- break;
- case nsISSLStatus.TLS_VERSION_1_1:
- retval.version = "TLS 1.1";
- break;
- case nsISSLStatus.TLS_VERSION_1_2:
- retval.version = "TLS 1.2"
- break;
- case nsISSLStatus.TLS_VERSION_1_3:
- retval.version = "TLS 1.3"
- break;
- }
-
- // Select status text to display for Certificate Transparency.
- switch (status.certificateTransparencyStatus) {
- case nsISSLStatus.CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE:
- // CT compliance checks were not performed,
- // do not display any status text.
- retval.certificateTransparency = null;
- break;
- case nsISSLStatus.CERTIFICATE_TRANSPARENCY_NONE:
- retval.certificateTransparency = "None";
- break;
- case nsISSLStatus.CERTIFICATE_TRANSPARENCY_OK:
- retval.certificateTransparency = "OK";
- break;
- case nsISSLStatus.CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG:
- retval.certificateTransparency = "UnknownLog";
- break;
- case nsISSLStatus.CERTIFICATE_TRANSPARENCY_INVALID:
- retval.certificateTransparency = "Invalid";
- break;
- }
-
- return retval;
- }
- return {
- hostName : hostName,
- cAName : "",
- encryptionAlgorithm : "",
- encryptionStrength : 0,
- version: "",
- isBroken : isBroken,
- isMixed : isMixed,
- isEV : isEV,
- cert : null,
- certificateTransparency : null
- };
- },
-
- // Find the secureBrowserUI object (if present)
- _getSecurityUI : function() {
- if (window.opener.gBrowser)
- return window.opener.gBrowser.securityUI;
- return null;
- },
-
- // Interface for mapping a certificate issuer organization to
- // the value to be displayed.
- // Bug 82017 - this implementation should be moved to pipnss C++ code
- mapIssuerOrganization: function(name) {
- if (!name) return null;
-
- if (name == "RSA Data Security, Inc.") return "Verisign, Inc.";
-
- // No mapping required
- return name;
- },
-
- /**
- * Open the cookie manager window
- */
- viewCookies : function()
- {
- var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
- .getService(Components.interfaces.nsIWindowMediator);
- var win = wm.getMostRecentWindow("Browser:Cookies");
- var eTLDService = Components.classes["@mozilla.org/network/effective-tld-service;1"].
- getService(Components.interfaces.nsIEffectiveTLDService);
-
- var eTLD;
- try {
- eTLD = eTLDService.getBaseDomain(this.uri);
- }
- catch (e) {
- // getBaseDomain will fail if the host is an IP address or is empty
- eTLD = this.uri.asciiHost;
- }
-
- if (win) {
- win.gCookiesWindow.setFilter(eTLD);
- win.focus();
- }
- else
- window.openDialog("chrome://browser/content/preferences/cookies.xul",
- "Browser:Cookies", "", {filterString : eTLD});
- },
-
- /**
- * Open the login manager window
- */
- viewPasswords : function() {
- LoginHelper.openPasswordManager(window, this._getSecurityInfo().hostName);
- },
-
- _cert : null
-};
-
-function securityOnLoad(uri, windowInfo) {
- security.init(uri, windowInfo);
-
- var info = security._getSecurityInfo();
- if (!info) {
- document.getElementById("securityTab").hidden = true;
- return;
- }
- document.getElementById("securityTab").hidden = false;
-
- const pageInfoBundle = document.getElementById("pageinfobundle");
-
- /* Set Identity section text */
- setText("security-identity-domain-value", info.hostName);
-
- var owner, verifier;
- if (info.cert && !info.isBroken) {
- // Try to pull out meaningful values. Technically these fields are optional
- // so we'll employ fallbacks where appropriate. The EV spec states that Org
- // fields must be specified for subject and issuer so that case is simpler.
- if (info.isEV) {
- owner = info.cert.organization;
- verifier = security.mapIssuerOrganization(info.cAName);
- }
- else {
- // Technically, a non-EV cert might specify an owner in the O field or not,
- // depending on the CA's issuing policies. However we don't have any programmatic
- // way to tell those apart, and no policy way to establish which organization
- // vetting standards are good enough (that's what EV is for) so we default to
- // treating these certs as domain-validated only.
- owner = pageInfoBundle.getString("securityNoOwner");
- verifier = security.mapIssuerOrganization(info.cAName ||
- info.cert.issuerCommonName ||
- info.cert.issuerName);
- }
- }
- else {
- // We don't have valid identity credentials.
- owner = pageInfoBundle.getString("securityNoOwner");
- verifier = pageInfoBundle.getString("notset");
- }
-
- setText("security-identity-owner-value", owner);
- setText("security-identity-verifier-value", verifier);
-
- /* Manage the View Cert button*/
- var viewCert = document.getElementById("security-view-cert");
- if (info.cert) {
- security._cert = info.cert;
- viewCert.collapsed = false;
- }
- else
- viewCert.collapsed = true;
-
- /* Set Privacy & History section text */
- var yesStr = pageInfoBundle.getString("yes");
- var noStr = pageInfoBundle.getString("no");
-
- setText("security-privacy-cookies-value",
- hostHasCookies(uri) ? yesStr : noStr);
- setText("security-privacy-passwords-value",
- realmHasPasswords(uri) ? yesStr : noStr);
-
- var visitCount = previousVisitCount(info.hostName);
- if (visitCount > 1) {
- setText("security-privacy-history-value",
- pageInfoBundle.getFormattedString("securityNVisits", [visitCount.toLocaleString()]));
- }
- else if (visitCount == 1) {
- setText("security-privacy-history-value",
- pageInfoBundle.getString("securityOneVisit"));
- }
- else {
- setText("security-privacy-history-value", noStr);
- }
-
- /* Set the Technical Detail section messages */
- const pkiBundle = document.getElementById("pkiBundle");
- var hdr;
- var msg1;
- var msg2;
-
- if (info.isBroken) {
- if (info.isMixed) {
- hdr = pkiBundle.getString("pageInfo_MixedContent");
- msg1 = pkiBundle.getString("pageInfo_MixedContent2");
- } else {
- hdr = pkiBundle.getFormattedString("pageInfo_BrokenEncryption",
- [info.encryptionAlgorithm,
- info.encryptionStrength + "",
- info.version]);
- msg1 = pkiBundle.getString("pageInfo_WeakCipher");
- }
- msg2 = pkiBundle.getString("pageInfo_Privacy_None2");
- }
- else if (info.encryptionStrength > 0) {
- hdr = pkiBundle.getFormattedString("pageInfo_EncryptionWithBitsAndProtocol",
- [info.encryptionAlgorithm,
- info.encryptionStrength + "",
- info.version]);
- msg1 = pkiBundle.getString("pageInfo_Privacy_Encrypted1");
- msg2 = pkiBundle.getString("pageInfo_Privacy_Encrypted2");
- security._cert = info.cert;
- }
- else {
- hdr = pkiBundle.getString("pageInfo_NoEncryption");
- if (info.hostName != null)
- msg1 = pkiBundle.getFormattedString("pageInfo_Privacy_None1", [info.hostName]);
- else
- msg1 = pkiBundle.getString("pageInfo_Privacy_None4");
- msg2 = pkiBundle.getString("pageInfo_Privacy_None2");
- }
- setText("security-technical-shortform", hdr);
- setText("security-technical-longform1", msg1);
- setText("security-technical-longform2", msg2);
-
- const ctStatus =
- document.getElementById("security-technical-certificate-transparency");
- if (info.certificateTransparency) {
- ctStatus.hidden = false;
- ctStatus.value = pkiBundle.getString(
- "pageInfo_CertificateTransparency_" + info.certificateTransparency);
- } else {
- ctStatus.hidden = true;
- }
-}
-
-function setText(id, value)
-{
- var element = document.getElementById(id);
- if (!element)
- return;
- if (element.localName == "textbox" || element.localName == "label")
- element.value = value;
- else {
- if (element.hasChildNodes())
- element.removeChild(element.firstChild);
- var textNode = document.createTextNode(value);
- element.appendChild(textNode);
- }
-}
-
-function viewCertHelper(parent, cert)
-{
- if (!cert)
- return;
-
- var cd = Components.classes[CERTIFICATEDIALOGS_CONTRACTID].getService(nsICertificateDialogs);
- cd.viewCert(parent, cert);
-}
-
-/**
- * Return true iff we have cookies for uri
- */
-function hostHasCookies(uri) {
- var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]
- .getService(Components.interfaces.nsICookieManager2);
-
- return cookieManager.countCookiesFromHost(uri.asciiHost) > 0;
-}
-
-/**
- * Return true iff realm (proto://host:port) (extracted from uri) has
- * saved passwords
- */
-function realmHasPasswords(uri) {
- var passwordManager = Components.classes["@mozilla.org/login-manager;1"]
- .getService(Components.interfaces.nsILoginManager);
- return passwordManager.countLogins(uri.prePath, "", "") > 0;
-}
-
-/**
- * Return the number of previous visits recorded for host before today.
- *
- * @param host - the domain name to look for in history
- */
-function previousVisitCount(host, endTimeReference) {
- if (!host)
- return false;
-
- var historyService = Components.classes["@mozilla.org/browser/nav-history-service;1"]
- .getService(Components.interfaces.nsINavHistoryService);
-
- var options = historyService.getNewQueryOptions();
- options.resultType = options.RESULTS_AS_VISIT;
-
- // Search for visits to this host before today
- var query = historyService.getNewQuery();
- query.endTimeReference = query.TIME_RELATIVE_TODAY;
- query.endTime = 0;
- query.domain = host;
-
- var result = historyService.executeQuery(query, options);
- result.root.containerOpen = true;
- var cc = result.root.childCount;
- result.root.containerOpen = false;
- return cc;
-}