summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicholas Tay <nick@windblume.net>2023-02-22 20:11:20 +0100
committerNicholas Tay <nick@windblume.net>2023-02-22 20:11:34 +0100
commit79d89b63e0a75f94d88d55e41fc123c5bf46e38c (patch)
tree6a7891a275cd0e697011a8170b3b77323a608c7d
downloadcertain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.tar.gz
certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.tar.bz2
certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.zip
Initial working with root CA detection
-rw-r--r--.gitignore2
-rw-r--r--background.js50
-rw-r--r--icons/def.pngbin0 -> 159 bytes
-rw-r--r--icons/nope.pngbin0 -> 235 bytes
-rw-r--r--icons/ok.pngbin0 -> 211 bytes
-rw-r--r--manifest.json24
6 files changed, 76 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..f31b3e2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.DS_Store
+*.swp
diff --git a/background.js b/background.js
new file mode 100644
index 0000000..f619df2
--- /dev/null
+++ b/background.js
@@ -0,0 +1,50 @@
+// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js
+
+// On header receive, inspect cert and update app icon as required
+async function onHeaderReceive(details) {
+ try {
+ await certInspectUpdate(details.requestId);
+ } catch(error) {
+ console.error(error);
+ }
+}
+
+async function certInspectUpdate(requestId) {
+ let securityInfo = await browser.webRequest.getSecurityInfo(
+ requestId,
+ {
+ "certificateChain": true
+ }
+ );
+
+ if (securityInfo.state !== "secure" || securityInfo.isUntrusted) {
+ setIcon("nope");
+ return;
+ }
+
+ // Flagged as "secure" - check if CA is against any of our flagged CAs
+
+ // root is last in the array cert chain
+ let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1];
+ if (rootCA.subject.includes("CN=GlobalSign Root CA")) {
+ setIcon("nope");
+ return;
+ }
+
+ setIcon("ok");
+}
+
+function setIcon(icon) {
+ browser.browserAction.setIcon({ path: "icons/" + icon + ".png" });
+}
+
+// Listen for all header receive events, which contain the cert details we want
+browser.webRequest.onHeadersReceived.addListener(
+ onHeaderReceive,
+ {
+ urls: ["<all_urls>"]
+ },
+ [
+ "blocking"
+ ]
+); \ No newline at end of file
diff --git a/icons/def.png b/icons/def.png
new file mode 100644
index 0000000..3b1ccaf
--- /dev/null
+++ b/icons/def.png
Binary files differ
diff --git a/icons/nope.png b/icons/nope.png
new file mode 100644
index 0000000..eea8351
--- /dev/null
+++ b/icons/nope.png
Binary files differ
diff --git a/icons/ok.png b/icons/ok.png
new file mode 100644
index 0000000..42f9915
--- /dev/null
+++ b/icons/ok.png
Binary files differ
diff --git a/manifest.json b/manifest.json
new file mode 100644
index 0000000..acfa2fd
--- /dev/null
+++ b/manifest.json
@@ -0,0 +1,24 @@
+{
+ "manifest_version": 2,
+ "name": "cert/ain",
+ "description": "Keep an eye on your certs, because who can be certain what they are.",
+ "author": "Nicholas Tay <nick@windblume.net>",
+ "version": "0.1.0",
+ "permissions": ["webRequest", "webRequestBlocking", "<all_urls>"],
+ "background": {
+ "scripts": [ "background.js" ]
+ },
+ "icons": {
+ "32": "icons/def.png"
+ },
+ "browser_action": {
+ "default_icon": {
+ "32": "icons/def.png"
+ }
+ },
+ "browser_specific_settings": {
+ "gecko": {
+ "strict_min_version": "62.0b5"
+ }
+ }
+}