diff options
Diffstat (limited to 'data/extensions/https-everywhere@eff.org/components/ssl-observatory.js')
| -rw-r--r-- | data/extensions/https-everywhere@eff.org/components/ssl-observatory.js | 101 |
1 files changed, 61 insertions, 40 deletions
diff --git a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js index a783a72..abcb175 100644 --- a/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js +++ b/data/extensions/https-everywhere@eff.org/components/ssl-observatory.js @@ -7,23 +7,23 @@ const CC = Components.classes; const CR = Components.results; // Log levels -VERB=1; -DBUG=2; -INFO=3; -NOTE=4; -WARN=5; +let VERB=1; +let DBUG=2; +let INFO=3; +let NOTE=4; +let WARN=5; -BASE_REQ_SIZE=4096; -TIMEOUT = 60000; -MAX_OUTSTANDING = 20; // Max # submission XHRs in progress -MAX_DELAYED = 32; // Max # XHRs are waiting around to be sent or retried +let BASE_REQ_SIZE=4096; +let TIMEOUT = 60000; +let MAX_OUTSTANDING = 20; // Max # submission XHRs in progress +let MAX_DELAYED = 32; // Max # XHRs are waiting around to be sent or retried -ASN_PRIVATE = -1; // Do not record the ASN this cert was seen on -ASN_IMPLICIT = -2 // ASN can be learned from connecting IP -ASN_UNKNOWABLE = -3; // Cert was seen in the absence of [trustworthy] Internet access +let ASN_PRIVATE = -1; // Do not record the ASN this cert was seen on +let ASN_IMPLICIT = -2; // ASN can be learned from connecting IP +let ASN_UNKNOWABLE = -3; // Cert was seen in the absence of [trustworthy] Internet access // XXX: We should make the _observatory tree relative. -LLVAR="extensions.https_everywhere.LogLevel"; +let LLVAR="extensions.https_everywhere.LogLevel"; Components.utils.import("resource://gre/modules/XPCOMUtils.jsm"); Components.utils.import("resource://gre/modules/ctypes.jsm"); @@ -64,13 +64,20 @@ function SSLObservatory() { try { // Check for torbutton - this.tor_logger = CC["@torproject.org/torbutton-logger;1"] - .getService(CI.nsISupports).wrappedJSObject; - this.torbutton_installed = true; + var tor_logger_component = CC["@torproject.org/torbutton-logger;1"]; + if (tor_logger_component) { + this.tor_logger = + tor_logger_component.getService(CI.nsISupports).wrappedJSObject; + this.torbutton_installed = true; + } } catch(e) { this.torbutton_installed = false; } + this.HTTPSEverywhere = CC["@eff.org/https-everywhere;1"] + .getService(Components.interfaces.nsISupports) + .wrappedJSObject; + /* The proxy test result starts out null until the test is attempted. * This is for UI notification purposes */ this.proxy_test_successful = null; @@ -344,10 +351,10 @@ SSLObservatory.prototype = { var host_ip = "-1"; var httpchannelinternal = subject.QueryInterface(Ci.nsIHttpChannelInternal); - try { + try { host_ip = httpchannelinternal.remoteAddress; } catch(e) { - this.log(INFO, "Could not get server IP address."); + this.log(INFO, "Could not get server IP address."); } subject.QueryInterface(Ci.nsIHttpChannel); var certchain = this.getSSLCert(subject); @@ -378,16 +385,16 @@ SSLObservatory.prototype = { } if (subject.URI.port == -1) { - this.submitChain(chainArray, fps, new String(subject.URI.host), subject, host_ip, false); + this.submitChain(chainArray, fps, new String(subject.URI.host), subject, host_ip, false); } else { - this.submitChain(chainArray, fps, subject.URI.host+":"+subject.URI.port, subject, host_ip, false); + this.submitChain(chainArray, fps, subject.URI.host+":"+subject.URI.port, subject, host_ip, false); } } } }, observatoryActive: function() { - + if (!this.myGetBoolPref("enabled")) return false; @@ -416,7 +423,7 @@ SSLObservatory.prototype = { var pbs = CC["@mozilla.org/privatebrowsing;1"].getService(CI.nsIPrivateBrowsingService); if (pbs.privateBrowsingEnabled) return false; } catch (e) { /* seamonkey or old firefox */ } - + return true; } @@ -475,7 +482,7 @@ SSLObservatory.prototype = { if (!convergence || !convergence.enabled) return null; this.log(INFO, "Convergence uses its own internal root certs; not submitting those"); - + //this.log(WARN, convergence.certificateStatus.getVerificiationStatus(chain.certArray[0])); try { var certInfo = this.extractRealLeafFromConveregenceLeaf(chain.certArray[0]); @@ -633,7 +640,13 @@ SSLObservatory.prototype = { var HTTPSEverywhere = CC["@eff.org/https-everywhere;1"] .getService(Components.interfaces.nsISupports) .wrappedJSObject; - var win = channel ? HTTPSEverywhere.getWindowForChannel(channel) : null; + var win = null; + if (channel) { + var browser = this.HTTPSEverywhere.getBrowserForChannel(channel); + if (browser) { + var win = browser.contentWindow; + } + } var req = this.buildRequest(params); req.timeout = TIMEOUT; @@ -645,10 +658,11 @@ SSLObservatory.prototype = { if (req.status == 200) { that.log(INFO, "Successful cert submission"); - if (!that.prefs.getBoolPref("extensions.https_everywhere._observatory.cache_submitted")) - if (c.fps[0] in that.already_submitted) - delete that.already_submitted[c.fps[0]]; - + if (!that.prefs.getBoolPref("extensions.https_everywhere._observatory.cache_submitted") && + c.fps[0] in that.already_submitted) { + delete that.already_submitted[c.fps[0]]; + } + // Retry up to two previously failed submissions let n = 0; for (let fp in that.delayed_submissions) { @@ -668,8 +682,9 @@ SSLObservatory.prototype = { } } else { // Submission failed - if (c.fps[0] in that.already_submitted) + if (c.fps[0] in that.already_submitted) { delete that.already_submitted[c.fps[0]]; + } try { that.log(WARN, "Cert submission failure "+req.status+": "+req.responseText); } catch(e) { @@ -677,13 +692,12 @@ SSLObservatory.prototype = { } // If we don't have too many delayed submissions, and this isn't // (somehow?) one of them, then plan to retry this submission later - if (Object.keys(that.delayed_submissions).length < MAX_DELAYED) - if (!(c.fps[0] in that.delayed_submissions)) { - that.log(WARN, "Planning to retry submission..."); - let retry = function() { that.submitChain(certArray, fps, domain, channel, host_ip, true); }; - that.delayed_submissions[c.fps[0]] = retry; - } - + if (Object.keys(that.delayed_submissions).length < MAX_DELAYED && + c.fps[0] in that.delayed_submissions) { + that.log(WARN, "Planning to retry submission..."); + let retry = function() { that.submitChain(certArray, fps, domain, channel, host_ip, true); }; + that.delayed_submissions[c.fps[0]] = retry; + } } } }; @@ -707,7 +721,7 @@ SSLObservatory.prototype = { // Send the proper header information along with the request // Do not set gzip header.. It will ruin the padding - req.setRequestHeader("X-Privacy-Info", "EFF SSL Observatory: https://eff.org/r.22c"); + req.setRequestHeader("X-Privacy-Info", "EFF SSL Observatory: https://www.eff.org/r.22c"); req.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); req.setRequestHeader("Content-length", params.length); req.setRequestHeader("Connection", "close"); @@ -895,7 +909,7 @@ SSLObservatory.prototype = { encString: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/', encStringS: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_', - + log: function(level, str) { var econsole = CC["@mozilla.org/consoleservice;1"] .getService(CI.nsIConsoleService); @@ -906,8 +920,15 @@ SSLObservatory.prototype = { threshold = WARN; } if (level >= threshold) { - dump("SSL Observatory: "+str+"\n"); - econsole.logStringMessage("SSL Observatory: " +str); + var levelName = ["", "VERB", "DBUG", "INFO", "NOTE", "WARN"][level]; + var prefix = "SSL Observatory " + levelName + ": "; + // dump() prints to browser stdout. That's sometimes undesireable, + // so only do it when a pref is set (running from test.sh enables + // this pref). + if (this.prefs.getBoolPref("extensions.https_everywhere.log_to_stdout")) { + dump(prefix + str + "\n"); + } + econsole.logStringMessage(prefix + str); } } }; |