diff options
author | Nicholas Tay <nick@windblume.net> | 2023-02-22 20:11:20 +0100 |
---|---|---|
committer | Nicholas Tay <nick@windblume.net> | 2023-02-22 20:11:34 +0100 |
commit | 79d89b63e0a75f94d88d55e41fc123c5bf46e38c (patch) | |
tree | 6a7891a275cd0e697011a8170b3b77323a608c7d | |
download | certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.tar.gz certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.tar.bz2 certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.zip |
Initial working with root CA detection
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | background.js | 50 | ||||
-rw-r--r-- | icons/def.png | bin | 0 -> 159 bytes | |||
-rw-r--r-- | icons/nope.png | bin | 0 -> 235 bytes | |||
-rw-r--r-- | icons/ok.png | bin | 0 -> 211 bytes | |||
-rw-r--r-- | manifest.json | 24 |
6 files changed, 76 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f31b3e2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.DS_Store +*.swp diff --git a/background.js b/background.js new file mode 100644 index 0000000..f619df2 --- /dev/null +++ b/background.js @@ -0,0 +1,50 @@ +// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js + +// On header receive, inspect cert and update app icon as required +async function onHeaderReceive(details) { + try { + await certInspectUpdate(details.requestId); + } catch(error) { + console.error(error); + } +} + +async function certInspectUpdate(requestId) { + let securityInfo = await browser.webRequest.getSecurityInfo( + requestId, + { + "certificateChain": true + } + ); + + if (securityInfo.state !== "secure" || securityInfo.isUntrusted) { + setIcon("nope"); + return; + } + + // Flagged as "secure" - check if CA is against any of our flagged CAs + + // root is last in the array cert chain + let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1]; + if (rootCA.subject.includes("CN=GlobalSign Root CA")) { + setIcon("nope"); + return; + } + + setIcon("ok"); +} + +function setIcon(icon) { + browser.browserAction.setIcon({ path: "icons/" + icon + ".png" }); +} + +// Listen for all header receive events, which contain the cert details we want +browser.webRequest.onHeadersReceived.addListener( + onHeaderReceive, + { + urls: ["<all_urls>"] + }, + [ + "blocking" + ] +);
\ No newline at end of file diff --git a/icons/def.png b/icons/def.png Binary files differnew file mode 100644 index 0000000..3b1ccaf --- /dev/null +++ b/icons/def.png diff --git a/icons/nope.png b/icons/nope.png Binary files differnew file mode 100644 index 0000000..eea8351 --- /dev/null +++ b/icons/nope.png diff --git a/icons/ok.png b/icons/ok.png Binary files differnew file mode 100644 index 0000000..42f9915 --- /dev/null +++ b/icons/ok.png diff --git a/manifest.json b/manifest.json new file mode 100644 index 0000000..acfa2fd --- /dev/null +++ b/manifest.json @@ -0,0 +1,24 @@ +{ + "manifest_version": 2, + "name": "cert/ain", + "description": "Keep an eye on your certs, because who can be certain what they are.", + "author": "Nicholas Tay <nick@windblume.net>", + "version": "0.1.0", + "permissions": ["webRequest", "webRequestBlocking", "<all_urls>"], + "background": { + "scripts": [ "background.js" ] + }, + "icons": { + "32": "icons/def.png" + }, + "browser_action": { + "default_icon": { + "32": "icons/def.png" + } + }, + "browser_specific_settings": { + "gecko": { + "strict_min_version": "62.0b5" + } + } +} |