[Pkg-privacy-commits] [xul-ext-monkeysphere] 196/296: attempt to make monkeysphere module, separating out log, cert, and cache objects
Ximin Luo
infinity0 at moszumanska.debian.org
Mon Aug 24 07:39:39 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch debian
in repository xul-ext-monkeysphere.
commit 19577258347f4f551a60f00aef927bfbce8a4426
Author: Jameson Rollins <jrollins at finestructure.net>
Date: Sun Apr 25 12:43:02 2010 -0400
attempt to make monkeysphere module, separating out log, cert, and cache objects
---
chrome.manifest | 3 +-
chrome/content/monkeysphere.js | 210 +------------------------------------
modules/monkeysphere.jsm | 230 +++++++++++++++++++++++++++++++++++++++++
3 files changed, 234 insertions(+), 209 deletions(-)
diff --git a/chrome.manifest b/chrome.manifest
index 4c8bee5..35d921d 100644
--- a/chrome.manifest
+++ b/chrome.manifest
@@ -1,5 +1,4 @@
content monkeysphere chrome/content/
locale monkeysphere en-US chrome/locale/en-US/
-
+resource monkeysphere modules/
overlay chrome://browser/content/browser.xul chrome://monkeysphere/content/monkeysphere.xul
-
diff --git a/chrome/content/monkeysphere.js b/chrome/content/monkeysphere.js
index cc70ce8..8474d7d 100644
--- a/chrome/content/monkeysphere.js
+++ b/chrome/content/monkeysphere.js
@@ -58,130 +58,10 @@ var monkeysphere = (function() {
return ret;
};
- // certificate override service class
- // http://www.oxymoronical.com/experiments/xpcomref/applications/Firefox/3.5/interfaces/nsICertOverrideService
- var certOverrideService = Components.classes["@mozilla.org/security/certoverride;1"].getService(Components.interfaces.nsICertOverrideService);
-
// preferences in about:config
var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefService).getBranch("extensions.monkeysphere.");
////////////////////////////////////////////////////////////
-// LOG FUNCTIONS
-////////////////////////////////////////////////////////////
-
- //////////////////////////////////////////////////////////
- var log = function(line) {
- var message = "monkeysphere: " + line;
-
- try {
- dump(message + "\n");
- try {
- // this line works in extensions
- Firebug.Console.log(message);
- } catch(e) {
- // ignore, this will blow up if Firebug is not installed
- }
- try {
- console.log(message); // this line works in HTML files
- } catch(e) {
- // ignore, this will blow up if Firebug is not installed
- }
- } catch(e) {
- alert(e);
- }
- };
-
- var objdump = function(obj) {
- for (var key in obj) {
- log("dump: " + key + " = " + obj[key]);
- }
- };
-
-////////////////////////////////////////////////////////////
-// OVERRIDE CACHE OBJECT
-////////////////////////////////////////////////////////////
-
- //////////////////////////////////////////////////////////
- // object to store and retrieve data about monkeysphere status for sites
- // uses string of apd as key, and agent response as data
- var overrides = (function() {
-
- // response cache object
- var responses = {};
-
- return {
-
- // set override
- set: function(apd, agentResponse) {
- log("**** SET OVERRIDE ****");
-
- var uri = apd.uri;
- var cert = apd.cert;
-
- var SSLStatus = getInvalidCertSSLStatus(uri);
- var overrideBits = 0;
-
- // set override bits
- // FIXME: should this just be for all flags by default?
- if(SSLStatus.isUntrusted) {
- log("flag: ERROR_UNTRUSTED");
- overrideBits |= certOverrideService.ERROR_UNTRUSTED;
- }
- if(SSLStatus.isDomainMismatch) {
- log("flag: ERROR_MISMATCH");
- overrideBits |= certOverrideService.ERROR_MISMATCH;
- }
- if(SSLStatus.isNotValidAtThisTime) {
- log("flag: ERROR_TIME");
- overrideBits |= certOverrideService.ERROR_TIME;
- }
-
- log("overrideBits: " + overrideBits);
-
- log("set cert override: " + uri.asciiHost + ":" + uri.port);
- certOverrideService.rememberValidityOverride(uri.asciiHost, uri.port,
- cert,
- overrideBits,
- true);
-
- log("setting cache");
- apd.log();
- responses[apd.toOverrideLabel()] = agentResponse;
- },
-
- // return response object
- response: function(apd) {
- return responses[apd.toOverrideLabel()];
- },
-
- // return override status as bool, true for override set
- certStatus: function(apd) {
- var uri = apd.uri;
- var aHashAlg = {};
- var aFingerprint = {};
- var aOverrideBits = {};
- var aIsTemporary = {};
- return certOverrideService.getValidityOverride(uri.asciiHost, uri.port,
- aHashAlg,
- aFingerprint,
- aOverrideBits,
- aIsTemporary);
- },
-
- // clear override
- clear: function(apd) {
- log("**** CLEAR OVERRIDE ****");
- var uri = apd.uri;
- log("clearing cert override");
- certOverrideService.clearValidityOverride(uri.asciiHost, uri.port);
- log("clearing cache");
- apd.log();
- delete responses[apd.toOverrideLabel()];
- }
- };
- })();
-
-////////////////////////////////////////////////////////////
// SITE URI CHECK FUNCTION
////////////////////////////////////////////////////////////
@@ -247,6 +127,7 @@ var monkeysphere = (function() {
var cert = browser.securityUI.SSLStatus.serverCert;
var apd = createAgentPostData(uri, cert);
var response = overrides.response(apd);
+
if ( typeof response === 'undefined' ) {
setStatus(browser, 'NEUTRAL');
} else {
@@ -372,93 +253,6 @@ var monkeysphere = (function() {
};
////////////////////////////////////////////////////////////
-// CERT FUNCTIONS
-////////////////////////////////////////////////////////////
-
- //////////////////////////////////////////////////////////
- // FWIW, aWebProgress listener has:
- // securityUI = [xpconnect wrapped (nsISupports, nsISecureBrowserUI, nsISSLStatusProvider)]
- // but i don't think it can be used because it doesn't hold invalid cert info
- // FIXME: is there a better way to get the cert for the actual current connection?
- var getInvalidCert = function(uri) {
- try {
- var cert = getInvalidCertSSLStatus(uri).QueryInterface(Components.interfaces.nsISSLStatus).serverCert;
- printCertInfo(cert);
- return cert;
- } catch(e) {
- return null;
- }
- };
-
- //////////////////////////////////////////////////////////
- // gets current ssl status info
- // http://www.oxymoronical.com/experiments/apidocs/interface/nsIRecentBadCertsService
- var getInvalidCertSSLStatus = function(uri) {
- var recentCertsService =
- Components.classes["@mozilla.org/security/recentbadcerts;1"].getService(Components.interfaces.nsIRecentBadCertsService);
- if (!recentCertsService)
- return null;
-
- var port = uri.port;
- if(port == -1)
- port = 443;
- var hostWithPort = uri.host + ":" + port;
-
- var SSLStatus = recentCertsService.getRecentBadCert(hostWithPort);
- if (!SSLStatus)
- return null;
-
- return SSLStatus;
- };
-
- //////////////////////////////////////////////////////////
- // Print SSL certificate details
- // https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
- var printCertInfo = function(cert) {
- const Ci = Components.interfaces;
-
- log("certificate:");
- switch (cert.verifyForUsage(Ci.nsIX509Cert.CERT_USAGE_SSLServer)) {
- case Ci.nsIX509Cert.VERIFIED_OK:
- log("\tSSL status: OK");
- break;
- case Ci.nsIX509Cert.NOT_VERIFIED_UNKNOWN:
- log("\tSSL status: not verfied/unknown");
- break;
- case Ci.nsIX509Cert.CERT_REVOKED:
- log("\tSSL status: revoked");
- break;
- case Ci.nsIX509Cert.CERT_EXPIRED:
- log("\tSSL status: expired");
- break;
- case Ci.nsIX509Cert.CERT_NOT_TRUSTED:
- log("\tSSL status: not trusted");
- break;
- case Ci.nsIX509Cert.ISSUER_NOT_TRUSTED:
- log("\tSSL status: issuer not trusted");
- break;
- case Ci.nsIX509Cert.ISSUER_UNKNOWN:
- log("\tSSL status: issuer unknown");
- break;
- case Ci.nsIX509Cert.INVALID_CA:
- log("\tSSL status: invalid CA");
- break;
- default:
- log("\tSSL status: unexpected failure");
- break;
- }
- log("\tCommon Name: " + cert.commonName);
- log("\tOrganisation: " + cert.organization);
- log("\tIssuer: " + cert.issuerOrganization);
- log("\tSHA1 fingerprint: " + cert.sha1Fingerprint);
-
- var validity = cert.validity.QueryInterface(Ci.nsIX509CertValidity);
- log("\tValid from: " + validity.notBeforeGMT);
- log("\tValid until: " + validity.notAfterGMT);
- };
-
-
-////////////////////////////////////////////////////////////
// UPDATE DISPLAY
////////////////////////////////////////////////////////////
@@ -663,3 +457,5 @@ var monkeysphere = (function() {
}
};
})();
+
+//Components.utils.import("resource://monkeysphere/monkeysphere.jsm");
diff --git a/modules/monkeysphere.jsm b/modules/monkeysphere.jsm
new file mode 100644
index 0000000..24ec64c
--- /dev/null
+++ b/modules/monkeysphere.jsm
@@ -0,0 +1,230 @@
+// Monkeysphere XUL extension
+// Copyright © 2010 Jameson Rollins <jrollins at finestructure.net>,
+// Daniel Kahn Gillmor <dkg at fifthhorseman.net>,
+// mike castleman <m at mlcastle.net>,
+// Matthew James Goins <mjgoins at openflows.com>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+var EXPORTED_SYMBOLS = ["monkeysphere"];
+
+// Monkeysphere global namespace
+var monkeysphere = (function() {
+
+ ////////////////////////////////////////////////////////////
+ // LOG FUNCTIONS
+ ////////////////////////////////////////////////////////////
+
+ //////////////////////////////////////////////////////////
+ var log = function(line) {
+ var message = "monkeysphere: " + line;
+
+ try {
+ dump(message + "\n");
+ try {
+ // this line works in extensions
+ Firebug.Console.log(message);
+ } catch(e) {
+ // ignore, this will blow up if Firebug is not installed
+ }
+ try {
+ console.log(message); // this line works in HTML files
+ } catch(e) {
+ // ignore, this will blow up if Firebug is not installed
+ }
+ } catch(e) {
+ alert(e);
+ }
+ };
+
+ var objdump = function(obj) {
+ for (var key in obj) {
+ log("dump: " + key + " = " + obj[key]);
+ }
+ };
+
+ ////////////////////////////////////////////////////////////
+ // CERT FUNCTIONS
+ ////////////////////////////////////////////////////////////
+
+ // certificate override service class
+ // http://www.oxymoronical.com/experiments/xpcomref/applications/Firefox/3.5/interfaces/nsICertOverrideService
+ var certOverrideService = Components.classes["@mozilla.org/security/certoverride;1"].getService(Components.interfaces.nsICertOverrideService);
+
+ //////////////////////////////////////////////////////////
+ // FWIW, aWebProgress listener has:
+ // securityUI = [xpconnect wrapped (nsISupports, nsISecureBrowserUI, nsISSLStatusProvider)]
+ // but i don't think it can be used because it doesn't hold invalid cert info
+ // FIXME: is there a better way to get the cert for the actual current connection?
+ var getInvalidCert = function(uri) {
+ try {
+ var cert = getInvalidCertSSLStatus(uri).QueryInterface(Components.interfaces.nsISSLStatus).serverCert;
+ printCertInfo(cert);
+ return cert;
+ } catch(e) {
+ return null;
+ }
+ };
+
+ //////////////////////////////////////////////////////////
+ // gets current ssl status info
+ // http://www.oxymoronical.com/experiments/apidocs/interface/nsIRecentBadCertsService
+ var getInvalidCertSSLStatus = function(uri) {
+ var recentCertsService =
+ Components.classes["@mozilla.org/security/recentbadcerts;1"].getService(Components.interfaces.nsIRecentBadCertsService);
+ if (!recentCertsService)
+ return null;
+
+ var port = uri.port;
+ if(port == -1)
+ port = 443;
+ var hostWithPort = uri.host + ":" + port;
+
+ var SSLStatus = recentCertsService.getRecentBadCert(hostWithPort);
+ if (!SSLStatus)
+ return null;
+
+ return SSLStatus;
+ };
+
+ //////////////////////////////////////////////////////////
+ // Print SSL certificate details
+ // https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
+ var printCertInfo = function(cert) {
+ const Ci = Components.interfaces;
+
+ log("certificate:");
+ switch (cert.verifyForUsage(Ci.nsIX509Cert.CERT_USAGE_SSLServer)) {
+ case Ci.nsIX509Cert.VERIFIED_OK:
+ log("\tSSL status: OK");
+ break;
+ case Ci.nsIX509Cert.NOT_VERIFIED_UNKNOWN:
+ log("\tSSL status: not verfied/unknown");
+ break;
+ case Ci.nsIX509Cert.CERT_REVOKED:
+ log("\tSSL status: revoked");
+ break;
+ case Ci.nsIX509Cert.CERT_EXPIRED:
+ log("\tSSL status: expired");
+ break;
+ case Ci.nsIX509Cert.CERT_NOT_TRUSTED:
+ log("\tSSL status: not trusted");
+ break;
+ case Ci.nsIX509Cert.ISSUER_NOT_TRUSTED:
+ log("\tSSL status: issuer not trusted");
+ break;
+ case Ci.nsIX509Cert.ISSUER_UNKNOWN:
+ log("\tSSL status: issuer unknown");
+ break;
+ case Ci.nsIX509Cert.INVALID_CA:
+ log("\tSSL status: invalid CA");
+ break;
+ default:
+ log("\tSSL status: unexpected failure");
+ break;
+ }
+ log("\tCommon Name: " + cert.commonName);
+ log("\tOrganisation: " + cert.organization);
+ log("\tIssuer: " + cert.issuerOrganization);
+ log("\tSHA1 fingerprint: " + cert.sha1Fingerprint);
+
+ var validity = cert.validity.QueryInterface(Ci.nsIX509CertValidity);
+ log("\tValid from: " + validity.notBeforeGMT);
+ log("\tValid until: " + validity.notAfterGMT);
+ };
+
+ ////////////////////////////////////////////////////////////
+ // OVERRIDE CACHE OBJECT
+ ////////////////////////////////////////////////////////////
+
+ //////////////////////////////////////////////////////////
+ // object to store and retrieve data about monkeysphere status for sites
+ // uses string of apd as key, and agent response as data
+ var overrides = (function() {
+
+ // response cache object
+ var responses = {};
+
+ return {
+
+ // set override
+ set: function(apd, agentResponse) {
+ log("**** SET OVERRIDE ****");
+
+ var uri = apd.uri;
+ var cert = apd.cert;
+
+ var SSLStatus = getInvalidCertSSLStatus(uri);
+ var overrideBits = 0;
+
+ // set override bits
+ // FIXME: should this just be for all flags by default?
+ if(SSLStatus.isUntrusted) {
+ log("flag: ERROR_UNTRUSTED");
+ overrideBits |= certOverrideService.ERROR_UNTRUSTED;
+ }
+ if(SSLStatus.isDomainMismatch) {
+ log("flag: ERROR_MISMATCH");
+ overrideBits |= certOverrideService.ERROR_MISMATCH;
+ }
+ if(SSLStatus.isNotValidAtThisTime) {
+ log("flag: ERROR_TIME");
+ overrideBits |= certOverrideService.ERROR_TIME;
+ }
+
+ log("overrideBits: " + overrideBits);
+
+ log("set cert override: " + uri.asciiHost + ":" + uri.port);
+ certOverrideService.rememberValidityOverride(uri.asciiHost, uri.port,
+ cert,
+ overrideBits,
+ true);
+
+ log("setting cache");
+ apd.log();
+ responses[apd.toOverrideLabel()] = agentResponse;
+ },
+
+ // return response object
+ response: function(apd) {
+ return responses[apd.toOverrideLabel()];
+ },
+
+ // return override status as bool, true for override set
+ certStatus: function(apd) {
+ var uri = apd.uri;
+ var aHashAlg = {};
+ var aFingerprint = {};
+ var aOverrideBits = {};
+ var aIsTemporary = {};
+ return certOverrideService.getValidityOverride(uri.asciiHost, uri.port,
+ aHashAlg,
+ aFingerprint,
+ aOverrideBits,
+ aIsTemporary);
+ },
+
+ // clear override
+ clear: function(apd) {
+ log("**** CLEAR OVERRIDE ****");
+ var uri = apd.uri;
+ log("clearing cert override");
+ certOverrideService.clearValidityOverride(uri.asciiHost, uri.port);
+ log("clearing cache");
+ apd.log();
+ delete responses[apd.toOverrideLabel()];
+ }
+ };
+ });
+})();
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/xul-ext-monkeysphere.git
More information about the Pkg-privacy-commits
mailing list