summaryrefslogtreecommitdiff
path: root/data/extensions/https-everywhere-eff@eff.org/components
diff options
context:
space:
mode:
Diffstat (limited to 'data/extensions/https-everywhere-eff@eff.org/components')
-rw-r--r--data/extensions/https-everywhere-eff@eff.org/components/https-everywhere.js46
-rw-r--r--data/extensions/https-everywhere-eff@eff.org/components/ssl-observatory.js86
2 files changed, 59 insertions, 73 deletions
diff --git a/data/extensions/https-everywhere-eff@eff.org/components/https-everywhere.js b/data/extensions/https-everywhere-eff@eff.org/components/https-everywhere.js
index c360dad..fa12c10 100644
--- a/data/extensions/https-everywhere-eff@eff.org/components/https-everywhere.js
+++ b/data/extensions/https-everywhere-eff@eff.org/components/https-everywhere.js
@@ -246,8 +246,7 @@ HTTPSEverywhere.prototype = {
QueryInterface: XPCOMUtils.generateQI(
[ Components.interfaces.nsIObserver,
Components.interfaces.nsISupports,
- Components.interfaces.nsISupportsWeakReference,
- Components.interfaces.nsIChannelEventSink ]),
+ Components.interfaces.nsISupportsWeakReference ]),
wrappedJSObject: null, // Initialized by constructor
@@ -469,9 +468,7 @@ HTTPSEverywhere.prototype = {
loadOCSPList: function() {
try {
var loc = "chrome://https-everywhere/content/code/commonOCSP.json";
- var file = CC["@mozilla.org/file/local;1"].createInstance(CI.nsILocalFile);
- file.initWithPath(this.rw.chromeToPath(loc));
- var data = this.rw.read(file);
+ var data = this.rw.readFromUrl(loc);
this.ocspList = JSON.parse(data);
} catch(e) {
this.log(WARN, "Failed to load OCSP list: " + e);
@@ -642,45 +639,6 @@ HTTPSEverywhere.prototype = {
return cohort;
},
- // nsIChannelEventSink implementation
- // XXX This was here for rewrites in the past. Do we still need it?
- onChannelRedirect: function(oldChannel, newChannel, flags) {
- const uri = newChannel.URI;
- this.log(DBUG,"Got onChannelRedirect to "+uri.spec);
- if (!(newChannel instanceof CI.nsIHttpChannel)) {
- this.log(DBUG, newChannel + " is not an instance of nsIHttpChannel");
- return;
- }
- var alist = this.juggleApplicableListsDuringRedirection(oldChannel, newChannel);
- HTTPS.replaceChannel(alist, newChannel, this.httpNowhereEnabled);
- },
-
- juggleApplicableListsDuringRedirection: function(oldChannel, newChannel) {
- // If the new channel doesn't yet have a list of applicable rulesets, start
- // with the old one because that's probably a better representation of how
- // secure the load process was for this page
- var browser = this.getBrowserForChannel(oldChannel);
- var old_alist = null;
- if (browser)
- old_alist = this.getExpando(browser,"applicable_rules");
- browser = this.getBrowserForChannel(newChannel);
- if (!browser) return null;
- var new_alist = this.getExpando(browser,"applicable_rules");
- if (old_alist && !new_alist) {
- new_alist = old_alist;
- this.setExpando(browser,"applicable_rules",new_alist);
- } else if (!new_alist) {
- new_alist = new ApplicableList(this.log, browser.currentURI);
- this.setExpando(browser,"applicable_rules",new_alist);
- }
- return new_alist;
- },
-
- asyncOnChannelRedirect: function(oldChannel, newChannel, flags, callback) {
- this.onChannelRedirect(oldChannel, newChannel, flags);
- callback.onRedirectVerifyCallback(0);
- },
-
get_prefs: function(prefBranch) {
if(!prefBranch) prefBranch = PREFBRANCH_ROOT;
diff --git a/data/extensions/https-everywhere-eff@eff.org/components/ssl-observatory.js b/data/extensions/https-everywhere-eff@eff.org/components/ssl-observatory.js
index 6037119..b2629fe 100644
--- a/data/extensions/https-everywhere-eff@eff.org/components/ssl-observatory.js
+++ b/data/extensions/https-everywhere-eff@eff.org/components/ssl-observatory.js
@@ -123,12 +123,14 @@ function SSLObservatory() {
this.setupASNWatcher();
try {
- NSS.initialize("");
+ NSS.initialize();
} catch(e) {
this.log(WARN, "Failed to initialize NSS component:" + e);
}
- this.testProxySettings();
+ // It is necessary to testProxySettings after the window is loaded, since the
+ // Tor Browser will not be finished establishing a circuit otherwise
+ OS.addObserver(this, "browser-delayed-startup-finished", false);
this.log(DBUG, "Loaded observatory component!");
}
@@ -176,7 +178,7 @@ SSLObservatory.prototype = {
findSubmissionTarget: function() {
// Compute the URL that the Observatory will currently submit to
- var host = this.prefs.getCharPref("extensions.https_everywhere._observatory.server_host");
+ var host = this.myGetCharPref("server_host");
// Rebuild the regexp iff the host has changed
if (host != this.submit_host) {
this.submit_host = host;
@@ -315,7 +317,7 @@ SSLObservatory.prototype = {
}
var hexArr = [];
- for (i in h){
+ for (var i in h){
hexArr.push(toHexString(h.charCodeAt(i)));
}
return hexArr.join("").toUpperCase();
@@ -398,6 +400,10 @@ SSLObservatory.prototype = {
}
}
}
+
+ if (topic == "browser-delayed-startup-finished") {
+ this.testProxySettings();
+ }
},
observatoryActive: function() {
@@ -437,11 +443,15 @@ SSLObservatory.prototype = {
return false;
},
+ // following two methods are syntactic sugar
myGetBoolPref: function(prefstring) {
- // syntactic sugar
return this.prefs.getBoolPref ("extensions.https_everywhere._observatory." + prefstring);
},
+ myGetCharPref: function(prefstring) {
+ return this.prefs.getCharPref ("extensions.https_everywhere._observatory." + prefstring);
+ },
+
isChainWhitelisted: function(chainhash) {
if (X509ChainWhitelist == null) {
this.log(WARN, "Could not find whitelist of popular certificate chains, so ignoring whitelist");
@@ -768,6 +778,21 @@ SSLObservatory.prototype = {
*/
this.proxy_test_successful = null;
+ var proxy_settings = this.getProxySettings();
+ // if proxy_settings is false, we're using tor browser for sure
+ // if tor_safe is false, the user has specified use_custom_proxy
+ // in either case, don't issue request to tor check url
+ if (!proxy_settings) {
+ this.proxy_test_successful = true;
+ this.log(INFO, "Tor check assumed succeeded.");
+ return;
+ }
+ if (proxy_settings.tor_safe == false) {
+ this.proxy_test_successful = false;
+ this.log(INFO, "Tor check failed: Not safe to check.");
+ return;
+ }
+
try {
var req = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
.createInstance(Components.interfaces.nsIXMLHttpRequest);
@@ -826,21 +851,16 @@ SSLObservatory.prototype = {
getProxySettings: function(testingForTor) {
// This may be called either for an Observatory submission, or during a test to see if Tor is
// present. The testingForTor argument is true in the latter case.
- var proxy_settings = ["direct", "", 0];
+ var proxy_settings = {
+ type: "direct",
+ host: "",
+ port: 0,
+ tor_safe: false
+ };
this.log(INFO,"in getProxySettings()");
- var custom_proxy_type = this.prefs.getCharPref("extensions.https_everywhere._observatory.proxy_type");
+ var custom_proxy_type = this.myGetCharPref("proxy_type");
if (this.torbutton_installed && this.myGetBoolPref("use_tor_proxy")) {
- this.log(INFO,"CASE: use_tor_proxy");
- // extract torbutton proxy settings
- proxy_settings[0] = "http";
- proxy_settings[1] = this.prefs.getCharPref("extensions.torbutton.https_proxy");
- proxy_settings[2] = this.prefs.getIntPref("extensions.torbutton.https_port");
-
- if (proxy_settings[2] == 0) {
- proxy_settings[0] = "socks";
- proxy_settings[1] = this.prefs.getCharPref("extensions.torbutton.socks_host");
- proxy_settings[2] = this.prefs.getIntPref("extensions.torbutton.socks_port");
- }
+ return false;
/* Regarding the test below:
*
* custom_proxy_type == "direct" is indicative of the user having selected "submit certs even if
@@ -851,17 +871,19 @@ SSLObservatory.prototype = {
*/
} else if (this.myGetBoolPref("use_custom_proxy") && !(testingForTor && custom_proxy_type == "direct")) {
this.log(INFO,"CASE: use_custom_proxy");
- proxy_settings[0] = custom_proxy_type;
- proxy_settings[1] = this.prefs.getCharPref("extensions.https_everywhere._observatory.proxy_host");
- proxy_settings[2] = this.prefs.getIntPref("extensions.https_everywhere._observatory.proxy_port");
+ proxy_settings.type = custom_proxy_type;
+ proxy_settings.host = this.myGetCharPref("proxy_host");
+ proxy_settings.port = this.prefs.getIntPref("extensions.https_everywhere._observatory.proxy_port");
+ proxy_settings.tor_safe = false;
} else {
/* Take a guess at default tor proxy settings */
this.log(INFO,"CASE: try localhost:9050");
- proxy_settings[0] = "socks";
- proxy_settings[1] = "localhost";
- proxy_settings[2] = 9050;
+ proxy_settings.type = "socks";
+ proxy_settings.host = "localhost";
+ proxy_settings.port = 9050;
+ proxy_settings.tor_safe = true;
}
- this.log(INFO, "Using proxy: " + proxy_settings);
+ this.log(INFO, "Using proxy: " + JSON.stringify(proxy_settings));
return proxy_settings;
},
@@ -892,10 +914,16 @@ SSLObservatory.prototype = {
// for the torbutton proxy settings.
try {
proxy_settings = this.getProxySettings(testingForTor);
- proxy = this.pps.newProxyInfo(proxy_settings[0], proxy_settings[1],
- proxy_settings[2],
- Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST,
- 0xFFFFFFFF, null);
+ if(proxy_settings){
+ proxy = this.pps.newProxyInfo(
+ proxy_settings.type,
+ proxy_settings.host,
+ proxy_settings.port,
+ Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST,
+ 0xFFFFFFFF, null);
+ } else {
+ proxy = aProxy;
+ }
} catch(e) {
this.log(WARN, "Error specifying proxy for observatory: "+e);
}
home website