blob: 5295d9fad299aa443250c683bbd9ed23d3a50222 (
plain) (
tree)
|
|
// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js
let certs = [];
// On header receive, inspect cert and update app icon as required
async function onHeaderReceive(details) {
if (details.tabId < 0) // tabId < 0 means non-user tab
return;
try {
await certInspectUpdate(details.requestId, details.tabId);
} catch(error) {
console.error(error);
}
}
async function certInspectUpdate(requestId, tabId) {
let securityInfo = await browser.webRequest.getSecurityInfo(
requestId,
{
"certificateChain": true
}
);
if (securityInfo.state !== "secure" || securityInfo.isUntrusted) {
setIcon("nope", tabId);
return;
}
// Flagged as "secure" - check if CA is against any of our flagged CAs
// root is last in the array cert chain
let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1];
for (let cert of certs) {
if (rootCA.subject.includes(cert)) {
setIcon("nope", tabId);
return;
}
}
setIcon("ok", tabId);
}
function setIcon(icon, tabId) {
browser.browserAction.setIcon({
path: "icons/" + icon + ".png",
tabId: tabId
});
}
// Listen for all header receive events, which contain the cert details we want
browser.webRequest.onHeadersReceived.addListener(
onHeaderReceive,
{
urls: ["<all_urls>"]
},
[
"blocking"
]
);
function updateCerts() {
const getting = browser.storage.sync.get("certs");
getting.then(saved => {
certs = saved.certs;
console.log("certs=" + certs)
}, console.error)
}
// Listen to config change for certs list
browser.storage.local.onChanged.addListener(() => updateCerts());
// Initial config fetch
updateCerts();
|