diff options
author | Nicholas Tay <nick@windblume.net> | 2023-02-22 20:11:20 +0100 |
---|---|---|
committer | Nicholas Tay <nick@windblume.net> | 2023-02-22 20:11:34 +0100 |
commit | 79d89b63e0a75f94d88d55e41fc123c5bf46e38c (patch) | |
tree | 6a7891a275cd0e697011a8170b3b77323a608c7d /background.js | |
download | certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.tar.gz certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.tar.bz2 certain-79d89b63e0a75f94d88d55e41fc123c5bf46e38c.zip |
Initial working with root CA detection
Diffstat (limited to 'background.js')
-rw-r--r-- | background.js | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/background.js b/background.js new file mode 100644 index 0000000..f619df2 --- /dev/null +++ b/background.js @@ -0,0 +1,50 @@ +// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js + +// On header receive, inspect cert and update app icon as required +async function onHeaderReceive(details) { + try { + await certInspectUpdate(details.requestId); + } catch(error) { + console.error(error); + } +} + +async function certInspectUpdate(requestId) { + let securityInfo = await browser.webRequest.getSecurityInfo( + requestId, + { + "certificateChain": true + } + ); + + if (securityInfo.state !== "secure" || securityInfo.isUntrusted) { + setIcon("nope"); + return; + } + + // Flagged as "secure" - check if CA is against any of our flagged CAs + + // root is last in the array cert chain + let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1]; + if (rootCA.subject.includes("CN=GlobalSign Root CA")) { + setIcon("nope"); + return; + } + + setIcon("ok"); +} + +function setIcon(icon) { + browser.browserAction.setIcon({ path: "icons/" + icon + ".png" }); +} + +// Listen for all header receive events, which contain the cert details we want +browser.webRequest.onHeadersReceived.addListener( + onHeaderReceive, + { + urls: ["<all_urls>"] + }, + [ + "blocking" + ] +);
\ No newline at end of file |