// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js

// On header receive, inspect cert and update app icon as required
async function onHeaderReceive(details) {
    try {
        await certInspectUpdate(details.requestId);
    } catch(error) {
        console.error(error);
    }
}

async function certInspectUpdate(requestId) {
    let securityInfo = await browser.webRequest.getSecurityInfo(
        requestId,
        {
            "certificateChain": true
        }
    );
    
    if (securityInfo.state !== "secure" || securityInfo.isUntrusted) {
        setIcon("nope");
        return;
    }

    // Flagged as "secure" - check if CA is against any of our flagged CAs

    // root is last in the array cert chain
    let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1];
    if (rootCA.subject.includes("CN=GlobalSign Root CA")) {
        setIcon("nope");
        return;
    }

    setIcon("ok");
}

function setIcon(icon) {
    browser.browserAction.setIcon({ path: "icons/" + icon + ".png" });
}

// Listen for all header receive events, which contain the cert details we want
browser.webRequest.onHeadersReceived.addListener(
    onHeaderReceive,
    {
        urls: ["<all_urls>"]
    },
    [
        "blocking"
    ]
);