mobile/android/modules/SSLExceptions.jsm@fc2d59ddac77 (annotated)
mobile/android/modules/SSLExceptions.jsm
Wed, 31 Dec 2014 07:22:50 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 31 Dec 2014 07:22:50 +0100
- branch
- TOR_BUG_3246
- changeset 4
- fc2d59ddac77
- permissions
- -rw-r--r--
Correct previous dual key logic pending first delivery installment.
| michael@0 | 1 | /* This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 2 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 3 | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| michael@0 | 4 | "use strict" |
| michael@0 | 5 | |
| michael@0 | 6 | let Cc = Components.classes; |
| michael@0 | 7 | let Ci = Components.interfaces; |
| michael@0 | 8 | let Cu = Components.utils; |
| michael@0 | 9 | |
| michael@0 | 10 | Cu.import("resource://gre/modules/PrivateBrowsingUtils.jsm"); |
| michael@0 | 11 | |
| michael@0 | 12 | this.EXPORTED_SYMBOLS = ["SSLExceptions"]; |
| michael@0 | 13 | |
| michael@0 | 14 | /** |
| michael@0 | 15 | A class to add exceptions to override SSL certificate problems. The functionality |
| michael@0 | 16 | itself is borrowed from exceptionDialog.js. |
| michael@0 | 17 | */ |
| michael@0 | 18 | function SSLExceptions() { |
| michael@0 | 19 | this._overrideService = Cc["@mozilla.org/security/certoverride;1"] |
| michael@0 | 20 | .getService(Ci.nsICertOverrideService); |
| michael@0 | 21 | } |
| michael@0 | 22 | |
| michael@0 | 23 | |
| michael@0 | 24 | SSLExceptions.prototype = { |
| michael@0 | 25 | _overrideService: null, |
| michael@0 | 26 | _sslStatus: null, |
| michael@0 | 27 | |
| michael@0 | 28 | getInterface: function SSLE_getInterface(aIID) { |
| michael@0 | 29 | return this.QueryInterface(aIID); |
| michael@0 | 30 | }, |
| michael@0 | 31 | QueryInterface: function SSLE_QueryInterface(aIID) { |
| michael@0 | 32 | if (aIID.equals(Ci.nsIBadCertListener2) || |
| michael@0 | 33 | aIID.equals(Ci.nsISupports)) |
| michael@0 | 34 | return this; |
| michael@0 | 35 | |
| michael@0 | 36 | throw Components.results.NS_ERROR_NO_INTERFACE; |
| michael@0 | 37 | }, |
| michael@0 | 38 | |
| michael@0 | 39 | /** |
| michael@0 | 40 | To collect the SSL status we intercept the certificate error here |
| michael@0 | 41 | and store the status for later use. |
| michael@0 | 42 | */ |
| michael@0 | 43 | notifyCertProblem: function SSLE_notifyCertProblem(socketInfo, sslStatus, targetHost) { |
| michael@0 | 44 | this._sslStatus = sslStatus.QueryInterface(Ci.nsISSLStatus); |
| michael@0 | 45 | return true; // suppress error UI |
| michael@0 | 46 | }, |
| michael@0 | 47 | |
| michael@0 | 48 | /** |
| michael@0 | 49 | Attempt to download the certificate for the location specified to get the SSLState |
| michael@0 | 50 | for the certificate and the errors. |
| michael@0 | 51 | */ |
| michael@0 | 52 | _checkCert: function SSLE_checkCert(aURI) { |
| michael@0 | 53 | this._sslStatus = null; |
| michael@0 | 54 | |
| michael@0 | 55 | let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Ci.nsIXMLHttpRequest); |
| michael@0 | 56 | try { |
| michael@0 | 57 | if (aURI) { |
| michael@0 | 58 | req.open("GET", aURI.prePath, false); |
| michael@0 | 59 | req.channel.notificationCallbacks = this; |
| michael@0 | 60 | req.send(null); |
| michael@0 | 61 | } |
| michael@0 | 62 | } catch (e) { |
| michael@0 | 63 | // We *expect* exceptions if there are problems with the certificate |
| michael@0 | 64 | // presented by the site. Log it, just in case, but we can proceed here, |
| michael@0 | 65 | // with appropriate sanity checks |
| michael@0 | 66 | Components.utils.reportError("Attempted to connect to a site with a bad certificate in the add exception dialog. " + |
| michael@0 | 67 | "This results in a (mostly harmless) exception being thrown. " + |
| michael@0 | 68 | "Logged for information purposes only: " + e); |
| michael@0 | 69 | } |
| michael@0 | 70 | |
| michael@0 | 71 | return this._sslStatus; |
| michael@0 | 72 | }, |
| michael@0 | 73 | |
| michael@0 | 74 | /** |
| michael@0 | 75 | Internal method to create an override. |
| michael@0 | 76 | */ |
| michael@0 | 77 | _addOverride: function SSLE_addOverride(aURI, aWindow, aTemporary) { |
| michael@0 | 78 | let SSLStatus = this._checkCert(aURI); |
| michael@0 | 79 | let certificate = SSLStatus.serverCert; |
| michael@0 | 80 | |
| michael@0 | 81 | let flags = 0; |
| michael@0 | 82 | |
| michael@0 | 83 | // in private browsing do not store exceptions permanently ever |
| michael@0 | 84 | if (PrivateBrowsingUtils.isWindowPrivate(aWindow)) { |
| michael@0 | 85 | aTemporary = true; |
| michael@0 | 86 | } |
| michael@0 | 87 | |
| michael@0 | 88 | if (SSLStatus.isUntrusted) |
| michael@0 | 89 | flags |= this._overrideService.ERROR_UNTRUSTED; |
| michael@0 | 90 | if (SSLStatus.isDomainMismatch) |
| michael@0 | 91 | flags |= this._overrideService.ERROR_MISMATCH; |
| michael@0 | 92 | if (SSLStatus.isNotValidAtThisTime) |
| michael@0 | 93 | flags |= this._overrideService.ERROR_TIME; |
| michael@0 | 94 | |
| michael@0 | 95 | this._overrideService.rememberValidityOverride( |
| michael@0 | 96 | aURI.asciiHost, |
| michael@0 | 97 | aURI.port, |
| michael@0 | 98 | certificate, |
| michael@0 | 99 | flags, |
| michael@0 | 100 | aTemporary); |
| michael@0 | 101 | }, |
| michael@0 | 102 | |
| michael@0 | 103 | /** |
| michael@0 | 104 | Creates a permanent exception to override all overridable errors for |
| michael@0 | 105 | the given URL. |
| michael@0 | 106 | */ |
| michael@0 | 107 | addPermanentException: function SSLE_addPermanentException(aURI, aWindow) { |
| michael@0 | 108 | this._addOverride(aURI, aWindow, false); |
| michael@0 | 109 | }, |
| michael@0 | 110 | |
| michael@0 | 111 | /** |
| michael@0 | 112 | Creates a temporary exception to override all overridable errors for |
| michael@0 | 113 | the given URL. |
| michael@0 | 114 | */ |
| michael@0 | 115 | addTemporaryException: function SSLE_addTemporaryException(aURI, aWindow) { |
| michael@0 | 116 | this._addOverride(aURI, aWindow, true); |
| michael@0 | 117 | } |
| michael@0 | 118 | }; |
