blob: f619df273319e657d5b1f292816432a67e4fe145 (
plain) (
tree)
|
|
// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js
// On header receive, inspect cert and update app icon as required
async function onHeaderReceive(details) {
try {
await certInspectUpdate(details.requestId);
} catch(error) {
console.error(error);
}
}
async function certInspectUpdate(requestId) {
let securityInfo = await browser.webRequest.getSecurityInfo(
requestId,
{
"certificateChain": true
}
);
if (securityInfo.state !== "secure" || securityInfo.isUntrusted) {
setIcon("nope");
return;
}
// Flagged as "secure" - check if CA is against any of our flagged CAs
// root is last in the array cert chain
let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1];
if (rootCA.subject.includes("CN=GlobalSign Root CA")) {
setIcon("nope");
return;
}
setIcon("ok");
}
function setIcon(icon) {
browser.browserAction.setIcon({ path: "icons/" + icon + ".png" });
}
// Listen for all header receive events, which contain the cert details we want
browser.webRequest.onHeadersReceived.addListener(
onHeaderReceive,
{
urls: ["<all_urls>"]
},
[
"blocking"
]
);
|