1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/mobile/android/modules/SSLExceptions.jsm Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,118 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +"use strict"
1.8 +
1.9 +let Cc = Components.classes;
1.10 +let Ci = Components.interfaces;
1.11 +let Cu = Components.utils;
1.12 +
1.13 +Cu.import("resource://gre/modules/PrivateBrowsingUtils.jsm");
1.14 +
1.15 +this.EXPORTED_SYMBOLS = ["SSLExceptions"];
1.16 +
1.17 +/**
1.18 + A class to add exceptions to override SSL certificate problems. The functionality
1.19 + itself is borrowed from exceptionDialog.js.
1.20 +*/
1.21 +function SSLExceptions() {
1.22 + this._overrideService = Cc["@mozilla.org/security/certoverride;1"]
1.23 + .getService(Ci.nsICertOverrideService);
1.24 +}
1.25 +
1.26 +
1.27 +SSLExceptions.prototype = {
1.28 + _overrideService: null,
1.29 + _sslStatus: null,
1.30 +
1.31 + getInterface: function SSLE_getInterface(aIID) {
1.32 + return this.QueryInterface(aIID);
1.33 + },
1.34 + QueryInterface: function SSLE_QueryInterface(aIID) {
1.35 + if (aIID.equals(Ci.nsIBadCertListener2) ||
1.36 + aIID.equals(Ci.nsISupports))
1.37 + return this;
1.38 +
1.39 + throw Components.results.NS_ERROR_NO_INTERFACE;
1.40 + },
1.41 +
1.42 + /**
1.43 + To collect the SSL status we intercept the certificate error here
1.44 + and store the status for later use.
1.45 + */
1.46 + notifyCertProblem: function SSLE_notifyCertProblem(socketInfo, sslStatus, targetHost) {
1.47 + this._sslStatus = sslStatus.QueryInterface(Ci.nsISSLStatus);
1.48 + return true; // suppress error UI
1.49 + },
1.50 +
1.51 + /**
1.52 + Attempt to download the certificate for the location specified to get the SSLState
1.53 + for the certificate and the errors.
1.54 + */
1.55 + _checkCert: function SSLE_checkCert(aURI) {
1.56 + this._sslStatus = null;
1.57 +
1.58 + let req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Ci.nsIXMLHttpRequest);
1.59 + try {
1.60 + if (aURI) {
1.61 + req.open("GET", aURI.prePath, false);
1.62 + req.channel.notificationCallbacks = this;
1.63 + req.send(null);
1.64 + }
1.65 + } catch (e) {
1.66 + // We *expect* exceptions if there are problems with the certificate
1.67 + // presented by the site. Log it, just in case, but we can proceed here,
1.68 + // with appropriate sanity checks
1.69 + Components.utils.reportError("Attempted to connect to a site with a bad certificate in the add exception dialog. " +
1.70 + "This results in a (mostly harmless) exception being thrown. " +
1.71 + "Logged for information purposes only: " + e);
1.72 + }
1.73 +
1.74 + return this._sslStatus;
1.75 + },
1.76 +
1.77 + /**
1.78 + Internal method to create an override.
1.79 + */
1.80 + _addOverride: function SSLE_addOverride(aURI, aWindow, aTemporary) {
1.81 + let SSLStatus = this._checkCert(aURI);
1.82 + let certificate = SSLStatus.serverCert;
1.83 +
1.84 + let flags = 0;
1.85 +
1.86 + // in private browsing do not store exceptions permanently ever
1.87 + if (PrivateBrowsingUtils.isWindowPrivate(aWindow)) {
1.88 + aTemporary = true;
1.89 + }
1.90 +
1.91 + if (SSLStatus.isUntrusted)
1.92 + flags |= this._overrideService.ERROR_UNTRUSTED;
1.93 + if (SSLStatus.isDomainMismatch)
1.94 + flags |= this._overrideService.ERROR_MISMATCH;
1.95 + if (SSLStatus.isNotValidAtThisTime)
1.96 + flags |= this._overrideService.ERROR_TIME;
1.97 +
1.98 + this._overrideService.rememberValidityOverride(
1.99 + aURI.asciiHost,
1.100 + aURI.port,
1.101 + certificate,
1.102 + flags,
1.103 + aTemporary);
1.104 + },
1.105 +
1.106 + /**
1.107 + Creates a permanent exception to override all overridable errors for
1.108 + the given URL.
1.109 + */
1.110 + addPermanentException: function SSLE_addPermanentException(aURI, aWindow) {
1.111 + this._addOverride(aURI, aWindow, false);
1.112 + },
1.113 +
1.114 + /**
1.115 + Creates a temporary exception to override all overridable errors for
1.116 + the given URL.
1.117 + */
1.118 + addTemporaryException: function SSLE_addTemporaryException(aURI, aWindow) {
1.119 + this._addOverride(aURI, aWindow, true);
1.120 + }
1.121 +};
