security.js
Go to the documentation of this file.
1 # -*- Mode: Java; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 # ***** BEGIN LICENSE BLOCK *****
3 # Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 #
5 # The contents of this file are subject to the Mozilla Public License Version
6 # 1.1 (the "License"); you may not use this file except in compliance with
7 # the License. You may obtain a copy of the License at
8 # http://www.mozilla.org/MPL/
9 #
10 # Software distributed under the License is distributed on an "AS IS" basis,
11 # WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 # for the specific language governing rights and limitations under the
13 # License.
14 #
15 # The Original Code is mozilla.org code.
16 #
17 # The Initial Developer of the Original Code is
18 # Netscape Communications Corp.
19 # Portions created by the Initial Developer are Copyright (C) 2001
20 # the Initial Developer. All Rights Reserved.
21 #
22 # Contributor(s):
23 # Terry Hayes <thayes@netscape.com>
24 # Florian QUEZE <f.qu@queze.net>
25 # Ehsan Akhgari <ehsan.akhgari@gmail.com>
26 #
27 # Alternatively, the contents of this file may be used under the terms of
28 # either the GNU General Public License Version 2 or later (the "GPL"), or
29 # the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
30 # in which case the provisions of the GPL or the LGPL are applicable instead
31 # of those above. If you wish to allow use of your version of this file only
32 # under the terms of either the GPL or the LGPL, and not to allow others to
33 # use your version of this file under the terms of the MPL, indicate your
34 # decision by deleting the provisions above and replace them with the notice
35 # and other provisions required by the GPL or the LGPL. If you do not delete
36 # the provisions above, a recipient may use your version of this file under
37 # the terms of any one of the MPL, the GPL or the LGPL.
38 #
39 # ***** END LICENSE BLOCK ***** */
40 
41 var security = {
42  // Display the server certificate (static)
43  viewCert : function () {
44  var cert = security._cert;
45  viewCertHelper(window, cert);
46  },
47 
48  _getSecurityInfo : function() {
49  const nsIX509Cert = Components.interfaces.nsIX509Cert;
50  const nsIX509CertDB = Components.interfaces.nsIX509CertDB;
51  const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
52  const nsISSLStatusProvider = Components.interfaces.nsISSLStatusProvider;
53  const nsISSLStatus = Components.interfaces.nsISSLStatus;
54 
55  // We don't have separate info for a frame, return null until further notice
56  // (see bug 138479)
57  if (gWindow != gWindow.top)
58  return null;
59 
60  var hName = null;
61  try {
62  hName = gWindow.location.host;
63  }
64  catch (exception) { }
65 
66  var ui = security._getSecurityUI();
67  if (!ui)
68  return null;
69 
70  var isBroken =
71  (ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_BROKEN);
72  var isInsecure =
73  (ui.state & Components.interfaces.nsIWebProgressListener.STATE_IS_INSECURE);
74  var isEV =
75  (ui.state & Components.interfaces.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
76  ui.QueryInterface(nsISSLStatusProvider);
77  var status = ui.SSLStatus;
78 
79  if (!isInsecure && status) {
80  status.QueryInterface(nsISSLStatus);
81  var cert = status.serverCert;
82  var issuerName =
83  this.mapIssuerOrganization(cert.issuerOrganization) || cert.issuerName;
84 
85  var retval = {
86  hostName : hName,
87  cAName : issuerName,
88  encryptionAlgorithm : undefined,
89  encryptionStrength : undefined,
90  isBroken : isBroken,
91  isEV : isEV,
92  cert : cert,
93  fullLocation : gWindow.location
94  };
95 
96  try {
97  retval.encryptionAlgorithm = status.cipherName;
98  retval.encryptionStrength = status.secretKeyLength;
99  }
100  catch (e) {
101  }
102 
103  return retval;
104  } else {
105  return {
106  hostName : hName,
107  cAName : "",
108  encryptionAlgorithm : "",
109  encryptionStrength : 0,
110  isBroken : isBroken,
111  isEV : isEV,
112  cert : null,
113  fullLocation : gWindow.location
114  };
115  }
116  },
117 
118  // Find the secureBrowserUI object (if present)
119  _getSecurityUI : function() {
120  if (window.opener.gBrowser)
121  return window.opener.gBrowser.securityUI;
122  return null;
123  },
124 
125  // Interface for mapping a certificate issuer organization to
126  // the value to be displayed.
127  // Bug 82017 - this implementation should be moved to pipnss C++ code
128  mapIssuerOrganization: function(name) {
129  if (!name) return null;
130 
131  if (name == "RSA Data Security, Inc.") return "Verisign, Inc.";
132 
133  // No mapping required
134  return name;
135  },
136 
140  viewCookies : function()
141  {
142  var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
143  .getService(Components.interfaces.nsIWindowMediator);
144  var win = wm.getMostRecentWindow("Browser:Cookies");
145  var eTLDService = Components.classes["@mozilla.org/network/effective-tld-service;1"].
146  getService(Components.interfaces.nsIEffectiveTLDService);
147 
148  var eTLD;
149  var uri = gDocument.documentURIObject;
150  try {
151  eTLD = eTLDService.getBaseDomain(uri);
152  }
153  catch (e) {
154  // getBaseDomain will fail if the host is an IP address or is empty
155  eTLD = uri.asciiHost;
156  }
157 
158  if (win) {
159  win.gCookiesWindow.setFilter(eTLD);
160  win.focus();
161  }
162  else
163  window.openDialog("chrome://browser/content/preferences/cookies.xul",
164  "Browser:Cookies", "", {filterString : eTLD});
165  },
166 
170  viewPasswords : function()
171  {
172  var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
173  .getService(Components.interfaces.nsIWindowMediator);
174  var win = wm.getMostRecentWindow("Toolkit:PasswordManager");
175  if (win) {
176  win.setFilter(this._getSecurityInfo().hostName);
177  win.focus();
178  }
179  else
180  window.openDialog("chrome://passwordmgr/content/passwordManager.xul",
181  "Toolkit:PasswordManager", "",
182  {filterString : this._getSecurityInfo().hostName});
183  },
184 
185  _cert : null
186 };
187 
188 function securityOnLoad() {
189  var info = security._getSecurityInfo();
190  if (!info) {
191  document.getElementById("securityTab").hidden = true;
192  document.getElementById("securityBox").collapsed = true;
193  return;
194  }
195  else {
196  document.getElementById("securityTab").hidden = false;
197  document.getElementById("securityBox").collapsed = false;
198  }
199 
200  const pageInfoBundle = document.getElementById("pageinfobundle");
201 
202  /* Set Identity section text */
203  setText("security-identity-domain-value", info.hostName);
204 
205  var owner, verifier, generalPageIdentityString;
206  if (info.cert && !info.isBroken) {
207  // Try to pull out meaningful values. Technically these fields are optional
208  // so we'll employ fallbacks where appropriate. The EV spec states that Org
209  // fields must be specified for subject and issuer so that case is simpler.
210  if (info.isEV) {
211  owner = info.cert.organization;
212  verifier = security.mapIssuerOrganization(info.cAName);
213  generalPageIdentityString = pageInfoBundle.getFormattedString("generalSiteIdentity",
214  [owner, verifier]);
215  }
216  else {
217  // Technically, a non-EV cert might specify an owner in the O field or not,
218  // depending on the CA's issuing policies. However we don't have any programmatic
219  // way to tell those apart, and no policy way to establish which organization
220  // vetting standards are good enough (that's what EV is for) so we default to
221  // treating these certs as domain-validated only.
222  owner = pageInfoBundle.getString("securityNoOwner");
223  verifier = security.mapIssuerOrganization(info.cAName ||
224  info.cert.issuerCommonName ||
225  info.cert.issuerName);
226  generalPageIdentityString = owner;
227  }
228  }
229  else {
230  // We don't have valid identity credentials.
231  owner = pageInfoBundle.getString("securityNoOwner");
232  verifier = pageInfoBundle.getString("notset");
233  generalPageIdentityString = owner;
234  }
235 
236  setText("security-identity-owner-value", owner);
237  setText("security-identity-verifier-value", verifier);
238  setText("general-security-identity", generalPageIdentityString);
239 
240  /* Manage the View Cert button*/
241  var viewCert = document.getElementById("security-view-cert");
242  if (info.cert) {
243  security._cert = info.cert;
244  viewCert.collapsed = false;
245  }
246  else
247  viewCert.collapsed = true;
248 
249  /* Set Privacy & History section text */
250  var yesStr = pageInfoBundle.getString("yes");
251  var noStr = pageInfoBundle.getString("no");
252 
253  var uri = gDocument.documentURIObject;
254  setText("security-privacy-cookies-value",
255  hostHasCookies(uri) ? yesStr : noStr);
256  setText("security-privacy-passwords-value",
257  realmHasPasswords(uri) ? yesStr : noStr);
258 
259  var visitCount = previousVisitCount(info.hostName);
260  if(visitCount > 1) {
261  setText("security-privacy-history-value",
262  pageInfoBundle.getFormattedString("securityNVisits", [visitCount.toLocaleString()]));
263  }
264  else if (visitCount == 1) {
265  setText("security-privacy-history-value",
266  pageInfoBundle.getString("securityOneVisit"));
267  }
268  else {
269  setText("security-privacy-history-value", noStr);
270  }
271 
272  /* Set the Technical Detail section messages */
273  const pkiBundle = document.getElementById("pkiBundle");
274  var hdr;
275  var msg1;
276  var msg2;
277 
278  if (info.isBroken) {
279  hdr = pkiBundle.getString("pageInfo_MixedContent");
280  msg1 = pkiBundle.getString("pageInfo_Privacy_Mixed1");
281  msg2 = pkiBundle.getString("pageInfo_Privacy_None2");
282  }
283  else if (info.encryptionStrength >= 90) {
284  hdr = pkiBundle.getFormattedString("pageInfo_StrongEncryption",
285  [info.encryptionAlgorithm, info.encryptionStrength + ""]);
286  msg1 = pkiBundle.getString("pageInfo_Privacy_Strong1");
287  msg2 = pkiBundle.getString("pageInfo_Privacy_Strong2");
288  security._cert = info.cert;
289  }
290  else if (info.encryptionStrength > 0) {
291  hdr = pkiBundle.getFormattedString("pageInfo_WeakEncryption",
292  [info.encryptionAlgorithm, info.encryptionStrength + ""]);
293  msg1 = pkiBundle.getFormattedString("pageInfo_Privacy_Weak1", [info.hostName]);
294  msg2 = pkiBundle.getString("pageInfo_Privacy_Weak2");
295  }
296  else {
297  hdr = pkiBundle.getString("pageInfo_NoEncryption");
298  if (info.hostName != null)
299  msg1 = pkiBundle.getFormattedString("pageInfo_Privacy_None1", [info.hostName]);
300  else
301  msg1 = pkiBundle.getString("pageInfo_Privacy_None3");
302  msg2 = pkiBundle.getString("pageInfo_Privacy_None2");
303  }
304  setText("security-technical-shortform", hdr);
305  setText("security-technical-longform1", msg1);
306  setText("security-technical-longform2", msg2);
307  setText("general-security-privacy", hdr);
308 }
309 
310 function setText(id, value)
311 {
312  var element = document.getElementById(id);
313  if (!element)
314  return;
315  if (element.localName == "textbox" || element.localName == "label")
316  element.value = value;
317  else {
318  if (element.hasChildNodes())
319  element.removeChild(element.firstChild);
320  var textNode = document.createTextNode(value);
321  element.appendChild(textNode);
322  }
323 }
324 
325 function viewCertHelper(parent, cert)
326 {
327  if (!cert)
328  return;
329 
330  var cd = Components.classes[CERTIFICATEDIALOGS_CONTRACTID].getService(nsICertificateDialogs);
331  cd.viewCert(parent, cert);
332 }
333 
337 function hostHasCookies(uri) {
338  var cookieManager = Components.classes["@mozilla.org/cookiemanager;1"]
339  .getService(Components.interfaces.nsICookieManager2);
340 
341  return cookieManager.countCookiesFromHost(uri.asciiHost) > 0;
342 }
343 
348 function realmHasPasswords(uri) {
349  var passwordManager = Components.classes["@mozilla.org/login-manager;1"]
350  .getService(Components.interfaces.nsILoginManager);
351  return passwordManager.countLogins(uri.prePath, "", "") > 0;
352 }
353 
359 function previousVisitCount(host, endTimeReference) {
360  if (!host)
361  return false;
362 
363  var historyService = Components.classes["@mozilla.org/browser/nav-history-service;1"]
364  .getService(Components.interfaces.nsINavHistoryService);
365 
366  var options = historyService.getNewQueryOptions();
367  options.resultType = options.RESULTS_AS_VISIT;
368 
369  // Search for visits to this host before today
370  var query = historyService.getNewQuery();
371  query.endTimeReference = query.TIME_RELATIVE_TODAY;
372  query.endTime = 0;
373  query.domain = host;
374 
375  var result = historyService.executeQuery(query, options);
376  result.root.containerOpen = true;
377  return result.root.childCount;
378 }
previousVisitCount
function previousVisitCount(host, endTimeReference)
Definition: security.js:359
securityOnLoad
function securityOnLoad()
Definition: security.js:188
setText
function setText(id, value)
Definition: security.js:310
wm
var wm
Definition: browser_bookmarksProperties.js:73
realmHasPasswords
function realmHasPasswords(uri)
Definition: security.js:348
gDocument
var gDocument
Definition: pageInfo.js:150
CERTIFICATEDIALOGS_CONTRACTID
const CERTIFICATEDIALOGS_CONTRACTID
Definition: pageInfo.js:205
getService
getService(Ci.sbIFaceplateManager)
Definition: browser_sanitize-passwordDisabledHosts.js:4
nsICertificateDialogs
const nsICertificateDialogs
Definition: pageInfo.js:204
window
let window
Definition: nsSessionStore.js:2340
hostHasCookies
function hostHasCookies(uri)
Definition: security.js:337
viewCertHelper
function viewCertHelper(parent, cert)
Definition: security.js:325
cookieManager
let cookieManager
Definition: browser_privatebrowsing_transition.js:41
null
return null
Definition: FeedWriter.js:1143
owner
BogusChannel prototype owner
Definition: sbSongbirdProtocol.js:161
uri
var uri
Definition: FeedWriter.js:1135
gWindow
var gWindow
Definition: pageInfo.js:149
value
countRef value
Definition: FeedWriter.js:1423
options
foldersync options
Definition: options.js:13
security
var security
Definition: security.js:41
win
var win
Definition: browser_bookmarksProperties.js:75