2007-04-12 18:26:39 -07:00
|
|
|
# -*- Mode: Java; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
|
|
# ***** BEGIN LICENSE BLOCK *****
|
|
|
|
# Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
|
|
#
|
|
|
|
# The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
# 1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
# the License. You may obtain a copy of the License at
|
|
|
|
# http://www.mozilla.org/MPL/
|
|
|
|
#
|
|
|
|
# Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
# for the specific language governing rights and limitations under the
|
|
|
|
# License.
|
|
|
|
#
|
|
|
|
# The Original Code is mozilla.org code.
|
|
|
|
#
|
|
|
|
# The Initial Developer of the Original Code is
|
|
|
|
# Netscape Communications Corp.
|
|
|
|
# Portions created by the Initial Developer are Copyright (C) 2001
|
|
|
|
# the Initial Developer. All Rights Reserved.
|
|
|
|
#
|
|
|
|
# Contributor(s):
|
|
|
|
# Terry Hayes <thayes@netscape.com>
|
|
|
|
# Florian QUEZE <f.qu@queze.net>
|
2008-01-04 22:06:30 -08:00
|
|
|
# Ehsan Akhgari <ehsan.akhgari@gmail.com>
|
2007-04-12 18:26:39 -07:00
|
|
|
#
|
|
|
|
# Alternatively, the contents of this file may be used under the terms of
|
|
|
|
# either the GNU General Public License Version 2 or later (the "GPL"), or
|
|
|
|
# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
|
|
# in which case the provisions of the GPL or the LGPL are applicable instead
|
|
|
|
# of those above. If you wish to allow use of your version of this file only
|
|
|
|
# under the terms of either the GPL or the LGPL, and not to allow others to
|
|
|
|
# use your version of this file under the terms of the MPL, indicate your
|
|
|
|
# decision by deleting the provisions above and replace them with the notice
|
|
|
|
# and other provisions required by the GPL or the LGPL. If you do not delete
|
|
|
|
# the provisions above, a recipient may use your version of this file under
|
|
|
|
# the terms of any one of the MPL, the GPL or the LGPL.
|
|
|
|
#
|
|
|
|
# ***** END LICENSE BLOCK ***** */
|
|
|
|
|
|
|
|
var security = {
|
|
|
|
// Display the server certificate (static)
|
|
|
|
viewCert : function () {
|
|
|
|
var cert = security._cert;
|
|
|
|
viewCertHelper(window, cert);
|
|
|
|
},
|
|
|
|
|
|
|
|
_getSecurityInfo : function() {
|
|
|
|
const nsIX509Cert = Components.interfaces.nsIX509Cert;
|
|
|
|
const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
|
|
|
|
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
|
|
|
|
const nsISSLStatusProvider = Components.interfaces.nsISSLStatusProvider;
|
|
|
|
const nsISSLStatus = Components.interfaces.nsISSLStatus;
|
|
|
|
|
|
|
|
// We don't have separate info for a frame, return null until further notice
|
|
|
|
// (see bug 138479)
|
|
|
|
if (gWindow != gWindow.top)
|
|
|
|
return null;
|
|
|
|
|
|
|
|
var hName = null;
|
|
|
|
try {
|
|
|
|
hName = gWindow.location.host;
|
|
|
|
}
|
|
|
|
catch (exception) { }
|
|
|
|
|
|
|
|
var ui = security._getSecurityUI();
|
2007-11-13 00:46:16 -08:00
|
|
|
if (!ui)
|
|
|
|
return null;
|
|
|
|
|
|
|
|
var isBroken =
|
2008-04-01 23:36:16 -07:00
|
|
|
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_BROKEN);
|
|
|
|
var isInsecure =
|
|
|
|
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_INSECURE);
|
2008-02-19 07:21:36 -08:00
|
|
|
var isEV =
|
|
|
|
(ui.state & Components.interfaces.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
|
2007-11-13 00:46:16 -08:00
|
|
|
ui.QueryInterface(nsISSLStatusProvider);
|
|
|
|
var status = ui.SSLStatus;
|
|
|
|
|
2008-04-01 23:36:16 -07:00
|
|
|
if (!isInsecure && status) {
|
2007-11-13 00:46:16 -08:00
|
|
|
status.QueryInterface(nsISSLStatus);
|
2007-04-12 18:26:39 -07:00
|
|
|
var cert = status.serverCert;
|
2007-11-13 00:46:16 -08:00
|
|
|
var issuerName =
|
|
|
|
this.mapIssuerOrganization(cert.issuerOrganization) || cert.issuerName;
|
2007-04-12 18:26:39 -07:00
|
|
|
|
2007-11-20 09:59:33 -08:00
|
|
|
var retval = {
|
2007-04-12 18:26:39 -07:00
|
|
|
hostName : hName,
|
|
|
|
cAName : issuerName,
|
2007-11-20 09:59:33 -08:00
|
|
|
encryptionAlgorithm : undefined,
|
|
|
|
encryptionStrength : undefined,
|
2007-04-12 18:26:39 -07:00
|
|
|
isBroken : isBroken,
|
2008-02-19 07:21:36 -08:00
|
|
|
isEV : isEV,
|
2007-04-24 14:13:57 -07:00
|
|
|
cert : cert,
|
|
|
|
fullLocation : gWindow.location
|
2007-04-12 18:26:39 -07:00
|
|
|
};
|
2007-11-20 09:59:33 -08:00
|
|
|
|
|
|
|
try {
|
|
|
|
retval.encryptionAlgorithm = status.cipherName;
|
|
|
|
retval.encryptionStrength = status.secretKeyLength;
|
|
|
|
}
|
|
|
|
catch (e) {
|
|
|
|
}
|
|
|
|
|
|
|
|
return retval;
|
2007-04-12 18:26:39 -07:00
|
|
|
} else {
|
|
|
|
return {
|
|
|
|
hostName : hName,
|
|
|
|
cAName : "",
|
|
|
|
encryptionAlgorithm : "",
|
|
|
|
encryptionStrength : 0,
|
|
|
|
isBroken : isBroken,
|
2008-02-19 07:21:36 -08:00
|
|
|
isEV : isEV,
|
2007-04-24 14:13:57 -07:00
|
|
|
cert : null,
|
|
|
|
fullLocation : gWindow.location
|
2007-04-12 18:26:39 -07:00
|
|
|
};
|
|
|
|
}
|
|
|
|
},
|
|
|
|
|
|
|
|
// Find the secureBrowserUI object (if present)
|
|
|
|
_getSecurityUI : function() {
|
2007-11-13 00:46:16 -08:00
|
|
|
if (window.opener.gBrowser)
|
2007-04-12 18:26:39 -07:00
|
|
|
return window.opener.gBrowser.securityUI;
|
|
|
|
return null;
|
|
|
|
},
|
|
|
|
|
|
|
|
// Interface for mapping a certificate issuer organization to
|
|
|
|
// the value to be displayed.
|
|
|
|
// Bug 82017 - this implementation should be moved to pipnss C++ code
|
|
|
|
mapIssuerOrganization: function(name) {
|
|
|
|
if (!name) return null;
|
|
|
|
|
|
|
|
if (name == "RSA Data Security, Inc.") return "Verisign, Inc.";
|
|
|
|
|
|
|
|
// No mapping required
|
|
|
|
return name;
|
|
|
|
},
|
2007-04-24 14:13:57 -07:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Open the cookie manager window
|
|
|
|
*/
|
|
|
|
viewCookies : function()
|
|
|
|
{
|
|
|
|
var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
|
|
|
|
.getService(Components.interfaces.nsIWindowMediator);
|
|
|
|
var win = wm.getMostRecentWindow("Browser:Cookies");
|
2007-12-13 12:09:57 -08:00
|
|
|
var eTLDService = Components.classes["@mozilla.org/network/effective-tld-service;1"].
|
|
|
|
getService(Components.interfaces.nsIEffectiveTLDService);
|
2007-12-17 21:46:52 -08:00
|
|
|
|
2008-01-08 17:41:17 -08:00
|
|
|
var eTLD;
|
|
|
|
var uri = gDocument.documentURIObject;
|
|
|
|
try {
|
|
|
|
eTLD = eTLDService.getBaseDomain(uri);
|
|
|
|
}
|
|
|
|
catch (e) {
|
|
|
|
// getBaseDomain will fail if the host is an IP address or is empty
|
|
|
|
eTLD = uri.asciiHost;
|
|
|
|
}
|
2007-12-17 21:46:52 -08:00
|
|
|
|
2007-12-13 07:12:23 -08:00
|
|
|
if (win) {
|
|
|
|
win.gCookiesWindow.setFilter(eTLD);
|
2007-04-24 14:13:57 -07:00
|
|
|
win.focus();
|
2007-12-13 07:12:23 -08:00
|
|
|
}
|
2007-04-24 14:13:57 -07:00
|
|
|
else
|
|
|
|
window.openDialog("chrome://browser/content/preferences/cookies.xul",
|
2007-12-13 07:12:23 -08:00
|
|
|
"Browser:Cookies", "", {filterString : eTLD});
|
2007-04-24 14:13:57 -07:00
|
|
|
},
|
|
|
|
|
|
|
|
/**
|
2007-05-16 03:02:45 -07:00
|
|
|
* Open the login manager window
|
2007-04-24 14:13:57 -07:00
|
|
|
*/
|
|
|
|
viewPasswords : function()
|
|
|
|
{
|
|
|
|
var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
|
|
|
|
.getService(Components.interfaces.nsIWindowMediator);
|
|
|
|
var win = wm.getMostRecentWindow("Toolkit:PasswordManager");
|
2008-01-04 22:06:30 -08:00
|
|
|
if (win) {
|
|
|
|
win.setFilter(this._getSecurityInfo().hostName);
|
2007-04-24 14:13:57 -07:00
|
|
|
win.focus();
|
2008-01-04 22:06:30 -08:00
|
|
|
}
|
2007-04-24 14:13:57 -07:00
|
|
|
else
|
|
|
|
window.openDialog("chrome://passwordmgr/content/passwordManager.xul",
|
2008-01-04 22:06:30 -08:00
|
|
|
"Toolkit:PasswordManager", "",
|
|
|
|
{filterString : this._getSecurityInfo().hostName});
|
2007-04-24 14:13:57 -07:00
|
|
|
},
|
2007-04-12 18:26:39 -07:00
|
|
|
|
|
|
|
_cert : null
|
|
|
|
};
|
|
|
|
|
|
|
|
function securityOnLoad() {
|
|
|
|
var bundle = srGetStrBundle("chrome://pippki/locale/pippki.properties");
|
2007-04-24 14:13:57 -07:00
|
|
|
var pageInfoBundle = document.getElementById("pageinfobundle");
|
2007-04-12 18:26:39 -07:00
|
|
|
|
|
|
|
var info = security._getSecurityInfo();
|
|
|
|
if (!info) {
|
2007-08-06 09:13:05 -07:00
|
|
|
document.getElementById("securityTab").hidden = true;
|
2007-04-12 18:26:39 -07:00
|
|
|
document.getElementById("securityBox").collapsed = true;
|
|
|
|
return;
|
|
|
|
}
|
2007-08-06 09:13:05 -07:00
|
|
|
else {
|
|
|
|
document.getElementById("securityTab").hidden = false;
|
|
|
|
document.getElementById("securityBox").collapsed = false;
|
|
|
|
}
|
2007-04-12 18:26:39 -07:00
|
|
|
|
2007-04-24 14:13:57 -07:00
|
|
|
/* Set Identity section text */
|
|
|
|
setText("security-identity-domain-value", info.hostName);
|
|
|
|
|
|
|
|
var owner, verifier, generalPageIdentityString;
|
|
|
|
if (info.cert && !info.isBroken) {
|
|
|
|
// Try to pull out meaningful values. Technically these fields are optional
|
|
|
|
// so we'll employ fallbacks where appropriate. The EV spec states that Org
|
2008-02-19 07:21:36 -08:00
|
|
|
// fields must be specified for subject and issuer so that case is simpler.
|
|
|
|
if (info.isEV) {
|
|
|
|
owner = info.cert.organization;
|
|
|
|
verifier = security.mapIssuerOrganization(info.cAName);
|
|
|
|
generalPageIdentityString = pageInfoBundle.getFormattedString("generalSiteIdentity",
|
|
|
|
[owner, verifier]);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
// Technically, a non-EV cert might specify an owner in the O field or not,
|
|
|
|
// depending on the CA's issuing policies. However we don't have any programmatic
|
|
|
|
// way to tell those apart, and no policy way to establish which organization
|
|
|
|
// vetting standards are good enough (that's what EV is for) so we default to
|
|
|
|
// treating these certs as domain-validated only.
|
|
|
|
owner = pageInfoBundle.getString("securityNoIdentity");
|
|
|
|
verifier = security.mapIssuerOrganization(info.cAName ||
|
|
|
|
info.cert.issuerCommonName ||
|
|
|
|
info.cert.issuerName);
|
|
|
|
generalPageIdentityString = owner;
|
|
|
|
}
|
2007-04-24 14:13:57 -07:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
// We don't have valid identity credentials.
|
|
|
|
owner = pageInfoBundle.getString("securityNoIdentity");
|
|
|
|
verifier = pageInfoBundle.getString("notset");
|
|
|
|
generalPageIdentityString = owner;
|
|
|
|
}
|
2007-04-12 18:26:39 -07:00
|
|
|
|
2007-04-24 14:13:57 -07:00
|
|
|
setText("security-identity-owner-value", owner);
|
|
|
|
setText("security-identity-verifier-value", verifier);
|
|
|
|
setText("general-security-identity", generalPageIdentityString);
|
2007-04-12 18:26:39 -07:00
|
|
|
|
2007-04-24 14:13:57 -07:00
|
|
|
/* Manage the View Cert button*/
|
2007-08-06 09:13:05 -07:00
|
|
|
var viewCert = document.getElementById("security-view-cert");
|
2007-04-24 14:13:57 -07:00
|
|
|
if (info.cert) {
|
2007-05-13 05:34:09 -07:00
|
|
|
var viewText = pageInfoBundle.getString("securityCertText");
|
2007-04-12 18:26:39 -07:00
|
|
|
setText("security-view-text", viewText);
|
|
|
|
security._cert = info.cert;
|
2007-08-06 09:13:05 -07:00
|
|
|
viewCert.collapsed = false;
|
2007-04-12 18:26:39 -07:00
|
|
|
}
|
2007-08-06 09:13:05 -07:00
|
|
|
else
|
2007-04-12 18:26:39 -07:00
|
|
|
viewCert.collapsed = true;
|
|
|
|
|
2007-04-24 14:13:57 -07:00
|
|
|
/* Set Privacy & History section text */
|
|
|
|
var yesStr = pageInfoBundle.getString("yes");
|
|
|
|
var noStr = pageInfoBundle.getString("no");
|
|
|
|
|
2008-01-08 17:41:17 -08:00
|
|
|
var uri = gDocument.documentURIObject;
|
2007-04-24 14:13:57 -07:00
|
|
|
setText("security-privacy-cookies-value",
|
2008-01-08 17:41:17 -08:00
|
|
|
hostHasCookies(uri) ? yesStr : noStr);
|
2007-04-24 14:13:57 -07:00
|
|
|
setText("security-privacy-passwords-value",
|
2008-01-08 17:41:17 -08:00
|
|
|
realmHasPasswords(uri) ? yesStr : noStr);
|
2007-04-24 14:13:57 -07:00
|
|
|
|
|
|
|
var visitCount = previousVisitCount(info.hostName);
|
|
|
|
if(visitCount > 1) {
|
|
|
|
setText("security-privacy-history-value",
|
2007-05-13 05:34:09 -07:00
|
|
|
pageInfoBundle.getFormattedString("securityNVisits", [visitCount.toLocaleString()]));
|
2007-04-24 14:13:57 -07:00
|
|
|
}
|
|
|
|
else if (visitCount == 1) {
|
|
|
|
setText("security-privacy-history-value",
|
|
|
|
pageInfoBundle.getString("securityOneVisit"));
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
setText("security-privacy-history-value", noStr);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set the Technical Detail section messages */
|
2007-04-12 18:26:39 -07:00
|
|
|
var hdr;
|
|
|
|
var msg1;
|
|
|
|
var msg2;
|
|
|
|
|
|
|
|
if (info.isBroken) {
|
|
|
|
hdr = bundle.GetStringFromName("pageInfo_MixedContent");
|
|
|
|
msg1 = bundle.GetStringFromName("pageInfo_Privacy_Mixed1");
|
|
|
|
msg2 = bundle.GetStringFromName("pageInfo_Privacy_None2");
|
|
|
|
}
|
|
|
|
else if (info.encryptionStrength >= 90) {
|
|
|
|
hdr = bundle.formatStringFromName("pageInfo_StrongEncryption",
|
|
|
|
[ info.encryptionAlgorithm, info.encryptionStrength + "" ], 2);
|
|
|
|
msg1 = bundle.GetStringFromName("pageInfo_Privacy_Strong1");
|
|
|
|
msg2 = bundle.GetStringFromName("pageInfo_Privacy_Strong2");
|
|
|
|
security._cert = info.cert;
|
|
|
|
}
|
|
|
|
else if (info.encryptionStrength > 0) {
|
|
|
|
hdr = bundle.formatStringFromName("pageInfo_WeakEncryption",
|
|
|
|
[ info.encryptionAlgorithm, info.encryptionStrength + "" ], 2);
|
|
|
|
msg1 = bundle.formatStringFromName("pageInfo_Privacy_Weak1", [ info.hostName ], 1);
|
|
|
|
msg2 = bundle.GetStringFromName("pageInfo_Privacy_Weak2");
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
hdr = bundle.GetStringFromName("pageInfo_NoEncryption");
|
|
|
|
if (info.hostName != null)
|
|
|
|
msg1 = bundle.formatStringFromName("pageInfo_Privacy_None1", [ info.hostName ], 1);
|
|
|
|
else
|
|
|
|
msg1 = bundle.GetStringFromName("pageInfo_Privacy_None3");
|
|
|
|
msg2 = bundle.GetStringFromName("pageInfo_Privacy_None2");
|
|
|
|
}
|
2007-04-24 14:13:57 -07:00
|
|
|
setText("security-technical-shortform", hdr);
|
|
|
|
setText("security-technical-longform1", msg1);
|
|
|
|
setText("security-technical-longform2", msg2);
|
2007-04-12 18:26:39 -07:00
|
|
|
setText("general-security-privacy", hdr);
|
|
|
|
}
|
|
|
|
|
|
|
|
function setText(id, value)
|
|
|
|
{
|
|
|
|
var element = document.getElementById(id);
|
|
|
|
if (!element)
|
|
|
|
return;
|
2007-04-24 14:13:57 -07:00
|
|
|
if (element.localName == "textbox" || element.localName == "label")
|
2007-04-12 18:26:39 -07:00
|
|
|
element.value = value;
|
|
|
|
else {
|
|
|
|
if (element.hasChildNodes())
|
|
|
|
element.removeChild(element.firstChild);
|
|
|
|
var textNode = document.createTextNode(value);
|
|
|
|
element.appendChild(textNode);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function viewCertHelper(parent, cert)
|
|
|
|
{
|
|
|
|
if (!cert)
|
|
|
|
return;
|
|
|
|
|
|
|
|
var cd = Components.classes[CERTIFICATEDIALOGS_CONTRACTID].getService(nsICertificateDialogs);
|
|
|
|
cd.viewCert(parent, cert);
|
|
|
|
}
|
2007-04-24 14:13:57 -07:00
|
|
|
|
|
|
|
/**
|
2008-01-08 17:41:17 -08:00
|
|
|
* Return true iff we have cookies for uri
|
2007-04-24 14:13:57 -07:00
|
|
|
*/
|
2008-01-08 17:41:17 -08:00
|
|
|
function hostHasCookies(uri) {
|
2007-04-24 14:13:57 -07:00
|
|
|
var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]
|
2007-05-05 14:09:54 -07:00
|
|
|
.getService(Components.interfaces.nsICookieManager2);
|
2007-04-24 14:13:57 -07:00
|
|
|
|
2008-01-08 17:41:17 -08:00
|
|
|
return cookieManager.countCookiesFromHost(uri.asciiHost) > 0;
|
2007-04-24 14:13:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2008-01-08 17:41:17 -08:00
|
|
|
* Return true iff realm (proto://host:port) (extracted from uri) has
|
2007-04-24 14:13:57 -07:00
|
|
|
* saved passwords
|
|
|
|
*/
|
2008-01-08 17:41:17 -08:00
|
|
|
function realmHasPasswords(uri) {
|
2007-05-16 03:02:45 -07:00
|
|
|
var passwordManager = Components.classes["@mozilla.org/login-manager;1"]
|
|
|
|
.getService(Components.interfaces.nsILoginManager);
|
2008-01-08 17:41:17 -08:00
|
|
|
return passwordManager.countLogins(uri.prePath, "", "") > 0;
|
2007-04-24 14:13:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the number of previous visits recorded for host before today.
|
|
|
|
*
|
|
|
|
* @param host - the domain name to look for in history
|
|
|
|
*/
|
|
|
|
function previousVisitCount(host, endTimeReference) {
|
|
|
|
if (!host)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
var historyService = Components.classes["@mozilla.org/browser/nav-history-service;1"]
|
|
|
|
.getService(Components.interfaces.nsINavHistoryService);
|
|
|
|
|
|
|
|
var options = historyService.getNewQueryOptions();
|
|
|
|
options.resultType = options.RESULTS_AS_VISIT;
|
|
|
|
|
|
|
|
// Search for visits to this host before today
|
|
|
|
var query = historyService.getNewQuery();
|
|
|
|
query.endTimeReference = query.TIME_RELATIVE_TODAY;
|
|
|
|
query.endTime = 0;
|
|
|
|
query.domain = host;
|
|
|
|
|
|
|
|
var result = historyService.executeQuery(query, options);
|
|
|
|
result.root.containerOpen = true;
|
|
|
|
return result.root.childCount;
|
|
|
|
}
|