• file
• revisions
• annotate
• diff
• comparison
• raw

mobile/android/modules/SSLExceptions.jsm@6474c204b198 (annotated)

mobile/android/modules/SSLExceptions.jsm

Wed, 31 Dec 2014 06:09:35 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Wed, 31 Dec 2014 06:09:35 +0100

changeset 0

6474c204b198

permissions

-rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

michael@0	1	/* This Source Code Form is subject to the terms of the Mozilla Public
michael@0	2	* License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0	3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0	4	"use strict"
michael@0	5
michael@0	6	let Cc = Components.classes;
michael@0	7	let Ci = Components.interfaces;
michael@0	8	let Cu = Components.utils;
michael@0	9
michael@0	10	Cu.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
michael@0	11
michael@0	12	this.EXPORTED_SYMBOLS = ["SSLExceptions"];
michael@0	13
michael@0	14	/**
michael@0	15	A class to add exceptions to override SSL certificate problems. The functionality
michael@0	16	itself is borrowed from exceptionDialog.js.
michael@0	17	*/
michael@0	18	function SSLExceptions() {
michael@0	19	this._overrideService = Cc["@mozilla.org/security/certoverride;1"]
michael@0	20	.getService(Ci.nsICertOverrideService);
michael@0	21	}
michael@0	22
michael@0	23
michael@0	24	SSLExceptions.prototype = {
michael@0	25	_overrideService: null,
michael@0	26	_sslStatus: null,
michael@0	27
michael@0	28	getInterface: function SSLE_getInterface(aIID) {
michael@0	29	return this.QueryInterface(aIID);
michael@0	30	},
michael@0	31	QueryInterface: function SSLE_QueryInterface(aIID) {
michael@0	32	if (aIID.equals(Ci.nsIBadCertListener2) ||
michael@0	33	aIID.equals(Ci.nsISupports))
michael@0	34	return this;
michael@0	35
michael@0	36	throw Components.results.NS_ERROR_NO_INTERFACE;
michael@0	37	},
michael@0	38
michael@0	39	/**
michael@0	40	To collect the SSL status we intercept the certificate error here
michael@0	41	and store the status for later use.
michael@0	42	*/
michael@0	43	notifyCertProblem: function SSLE_notifyCertProblem(socketInfo, sslStatus, targetHost) {
michael@0	44	this._sslStatus = sslStatus.QueryInterface(Ci.nsISSLStatus);
michael@0	45	return true; // suppress error UI
michael@0	46	},
michael@0	47
michael@0	48	/**
michael@0	49	Attempt to download the certificate for the location specified to get the SSLState
michael@0	50	for the certificate and the errors.
michael@0	51	*/
michael@0	52	_checkCert: function SSLE_checkCert(aURI) {
michael@0	53	this._sslStatus = null;
michael@0	54
michael@0	55	let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Ci.nsIXMLHttpRequest);
michael@0	56	try {
michael@0	57	if (aURI) {
michael@0	58	req.open("GET", aURI.prePath, false);
michael@0	59	req.channel.notificationCallbacks = this;
michael@0	60	req.send(null);
michael@0	61	}
michael@0	62	} catch (e) {
michael@0	63	// We *expect* exceptions if there are problems with the certificate
michael@0	64	// presented by the site. Log it, just in case, but we can proceed here,
michael@0	65	// with appropriate sanity checks
michael@0	66	Components.utils.reportError("Attempted to connect to a site with a bad certificate in the add exception dialog. " +
michael@0	67	"This results in a (mostly harmless) exception being thrown. " +
michael@0	68	"Logged for information purposes only: " + e);
michael@0	69	}
michael@0	70
michael@0	71	return this._sslStatus;
michael@0	72	},
michael@0	73
michael@0	74	/**
michael@0	75	Internal method to create an override.
michael@0	76	*/
michael@0	77	_addOverride: function SSLE_addOverride(aURI, aWindow, aTemporary) {
michael@0	78	let SSLStatus = this._checkCert(aURI);
michael@0	79	let certificate = SSLStatus.serverCert;
michael@0	80
michael@0	81	let flags = 0;
michael@0	82
michael@0	83	// in private browsing do not store exceptions permanently ever
michael@0	84	if (PrivateBrowsingUtils.isWindowPrivate(aWindow)) {
michael@0	85	aTemporary = true;
michael@0	86	}
michael@0	87
michael@0	88	if (SSLStatus.isUntrusted)
michael@0	89	flags |= this._overrideService.ERROR_UNTRUSTED;
michael@0	90	if (SSLStatus.isDomainMismatch)
michael@0	91	flags |= this._overrideService.ERROR_MISMATCH;
michael@0	92	if (SSLStatus.isNotValidAtThisTime)
michael@0	93	flags |= this._overrideService.ERROR_TIME;
michael@0	94
michael@0	95	this._overrideService.rememberValidityOverride(
michael@0	96	aURI.asciiHost,
michael@0	97	aURI.port,
michael@0	98	certificate,
michael@0	99	flags,
michael@0	100	aTemporary);
michael@0	101	},
michael@0	102
michael@0	103	/**
michael@0	104	Creates a permanent exception to override all overridable errors for
michael@0	105	the given URL.
michael@0	106	*/
michael@0	107	addPermanentException: function SSLE_addPermanentException(aURI, aWindow) {
michael@0	108	this._addOverride(aURI, aWindow, false);
michael@0	109	},
michael@0	110
michael@0	111	/**
michael@0	112	Creates a temporary exception to override all overridable errors for
michael@0	113	the given URL.
michael@0	114	*/
michael@0	115	addTemporaryException: function SSLE_addTemporaryException(aURI, aWindow) {
michael@0	116	this._addOverride(aURI, aWindow, true);
michael@0	117	}
michael@0	118	};