// Based on https://github.com/mdn/webextensions-examples/blob/main/root-cert-stats/background.js let certs = []; // On header receive, inspect cert and update app icon as required async function onHeaderReceive(details) { try { await certInspectUpdate(details.requestId); } catch(error) { console.error(error); } } async function certInspectUpdate(requestId) { let securityInfo = await browser.webRequest.getSecurityInfo( requestId, { "certificateChain": true } ); if (securityInfo.state !== "secure" || securityInfo.isUntrusted) { setIcon("nope"); return; } // Flagged as "secure" - check if CA is against any of our flagged CAs // root is last in the array cert chain let rootCA = securityInfo.certificates[securityInfo.certificates.length - 1]; for (let cert of certs) { if (rootCA.subject.includes(cert)) { setIcon("nope"); return; } } setIcon("ok"); } function setIcon(icon) { browser.browserAction.setIcon({ path: "icons/" + icon + ".png" }); } // Listen for all header receive events, which contain the cert details we want browser.webRequest.onHeadersReceived.addListener( onHeaderReceive, { urls: [""] }, [ "blocking" ] ); function updateCerts() { const getting = browser.storage.sync.get("certs"); getting.then(saved => { certs = saved.certs; console.log("certs=" + certs) }, console.error) } // Listen to config change for certs list browser.storage.local.onChanged.addListener(() => updateCerts()); // Initial config fetch updateCerts();