diff options
Diffstat (limited to '')
-rw-r--r-- | background.js | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/background.js b/background.js new file mode 100644 index 0000000..f619df2 --- /dev/null +++ b/background.js @@ -0,0 +1,50 @@ +// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js + +// On header receive, inspect cert and update app icon as required +async function onHeaderReceive(details) { + try { + await certInspectUpdate(details.requestId); + } catch(error) { + console.error(error); + } +} + +async function certInspectUpdate(requestId) { + let securityInfo = await browser.webRequest.getSecurityInfo( + requestId, + { + "certificateChain": true + } + ); + + if (securityInfo.state !== "secure" || securityInfo.isUntrusted) { + setIcon("nope"); + return; + } + + // Flagged as "secure" - check if CA is against any of our flagged CAs + + // root is last in the array cert chain + let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1]; + if (rootCA.subject.includes("CN=GlobalSign Root CA")) { + setIcon("nope"); + return; + } + + setIcon("ok"); +} + +function setIcon(icon) { + browser.browserAction.setIcon({ path: "icons/" + icon + ".png" }); +} + +// Listen for all header receive events, which contain the cert details we want +browser.webRequest.onHeadersReceived.addListener( + onHeaderReceive, + { + urls: ["<all_urls>"] + }, + [ + "blocking" + ] +);
\ No newline at end of file |