1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
|
const Ci = Components.interfaces;
const Cc = Components.classes;
const Cr = Components.results;
const CI = Components.interfaces;
const CC = Components.classes;
const CR = Components.results;
// Log levels
let VERB=1;
let DBUG=2;
let INFO=3;
let NOTE=4;
let WARN=5;
let BASE_REQ_SIZE=4096;
let TIMEOUT = 60000;
let MAX_OUTSTANDING = 20; // Max # submission XHRs in progress
let MAX_DELAYED = 32; // Max # XHRs are waiting around to be sent or retried
let ASN_PRIVATE = -1; // Do not record the ASN this cert was seen on
let ASN_IMPLICIT = -2; // ASN can be learned from connecting IP
let ASN_UNKNOWABLE = -3; // Cert was seen in the absence of [trustworthy] Internet access
// XXX: We should make the _observatory tree relative.
let LLVAR="extensions.https_everywhere.LogLevel";
Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
Components.utils.import("resource://gre/modules/ctypes.jsm");
// Alias to reduce the number of spurious warnings from amo-validator.
let tcypes = ctypes;
const OS = Cc['@mozilla.org/observer-service;1'].getService(CI.nsIObserverService);
const SERVICE_CTRID = "@eff.org/ssl-observatory;1";
const SERVICE_ID=Components.ID("{0f9ab521-986d-4ad8-9c1f-6934e195c15c}");
const SERVICE_NAME = "Anonymously Submits SSL certificates to EFF for security auditing.";
const LOADER = CC["@mozilla.org/moz/jssubscript-loader;1"].getService(CI.mozIJSSubScriptLoader);
const _INCLUDED = {};
const INCLUDE = function(name) {
if (arguments.length > 1)
for (var j = 0, len = arguments.length; j < len; j++)
INCLUDE(arguments[j]);
else if (!_INCLUDED[name]) {
try {
LOADER.loadSubScript("chrome://https-everywhere/content/code/"
+ name + ".js");
_INCLUDED[name] = true;
} catch(e) {
dump("INCLUDE " + name + ": " + e + "\n");
}
}
}
INCLUDE('Root-CAs');
INCLUDE('sha256');
INCLUDE('X509ChainWhitelist');
INCLUDE('NSS');
function SSLObservatory() {
this.prefs = CC["@mozilla.org/preferences-service;1"]
.getService(CI.nsIPrefBranch);
try {
// Check for torbutton
var tor_logger_component = CC["@torproject.org/torbutton-logger;1"];
if (tor_logger_component) {
this.tor_logger =
tor_logger_component.getService(CI.nsISupports).wrappedJSObject;
this.torbutton_installed = true;
}
} catch(e) {
this.torbutton_installed = false;
}
this.HTTPSEverywhere = CC["@eff.org/https-everywhere;1"]
.getService(Components.interfaces.nsISupports)
.wrappedJSObject;
/* The proxy test result starts out null until the test is attempted.
* This is for UI notification purposes */
this.proxy_test_successful = null;
this.proxy_test_callback = null;
this.cto_url = "https://check.torproject.org/?TorButton=true";
// a regexp to match the above URL
this.cto_regexp = RegExp("^https://check\\.torproject\\.org/");
this.public_roots = root_ca_hashes;
// Clear these on cookies-cleared observer event
this.already_submitted = {};
this.delayed_submissions = {};
OS.addObserver(this, "cookie-changed", false);
// Figure out the url to submit to
this.submit_host = null;
this.findSubmissionTarget();
// Used to track current number of pending requests to the server
this.current_outstanding_requests = 0;
// Generate nonce to append to url, to catch in nsIProtocolProxyFilter
// and to protect against CSRF
this.csrf_nonce = "#"+Math.random().toString()+Math.random().toString();
this.compatJSON = Cc["@mozilla.org/dom/json;1"].createInstance(Ci.nsIJSON);
// Register observer
OS.addObserver(this, "http-on-examine-response", false);
// Register protocolproxyfilter
this.pps = CC["@mozilla.org/network/protocol-proxy-service;1"]
.getService(CI.nsIProtocolProxyService);
this.pps.registerFilter(this, 0);
this.wrappedJSObject = this;
this.client_asn = ASN_PRIVATE;
if (this.myGetBoolPref("send_asn"))
this.setupASNWatcher();
try {
NSS.initialize();
} catch(e) {
this.log(WARN, "Failed to initialize NSS component:" + e);
}
// It is necessary to testProxySettings after the window is loaded, since the
// Tor Browser will not be finished establishing a circuit otherwise
OS.addObserver(this, "browser-delayed-startup-finished", false);
this.log(DBUG, "Loaded observatory component!");
}
SSLObservatory.prototype = {
// QueryInterface implementation, e.g. using the generateQI helper
QueryInterface: XPCOMUtils.generateQI(
[ CI.nsIObserver,
CI.nsIProtocolProxyFilter,
//CI.nsIWifiListener,
CI.nsIBadCertListener2]),
wrappedJSObject: null, // Initialized by constructor
// properties required for XPCOM registration:
classDescription: SERVICE_NAME,
classID: SERVICE_ID,
contractID: SERVICE_CTRID,
// https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL
getSSLCert: function(channel) {
try {
// Do we have a valid channel argument?
if (!channel instanceof Ci.nsIChannel) {
return null;
}
var secInfo = channel.securityInfo;
// Print general connection security state
if (secInfo instanceof Ci.nsITransportSecurityInfo) {
secInfo.QueryInterface(Ci.nsITransportSecurityInfo);
} else {
return null;
}
if (secInfo instanceof Ci.nsISSLStatusProvider) {
return secInfo.QueryInterface(Ci.nsISSLStatusProvider).
SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
}
return null;
} catch(err) {
return null;
}
},
findSubmissionTarget: function() {
// Compute the URL that the Observatory will currently submit to
var host = this.myGetCharPref("server_host");
// Rebuild the regexp iff the host has changed
if (host != this.submit_host) {
this.submit_host = host;
this.submit_url = "https://" + host + "/submit_cert";
this.submission_regexp = RegExp("^" + this.regExpEscape(this.submit_url));
}
},
regExpEscape: function(s) {
// Borrowed from the Closure Library,
// https://closure-library.googlecode.com/svn/docs/closure_goog_string_string.js.source.html
return String(s).replace(/([-()\[\]{}+?*.$\^|,:#<!\\])/g, '\\$1').replace(/\x08/g, '\\x08');
},
notifyCertProblem: function(socketInfo, status, targetSite) {
this.log(NOTE, "cert warning for " + targetSite);
if (targetSite == "observatory.eff.org") {
this.log(WARN, "Suppressing observatory warning");
return true;
}
return false;
},
setupASNWatcher: function() {
this.getClientASN();
this.max_ap = null;
// we currently do not actually do *any* ASN watching from the client
// (in other words, the db will not have ASNs for certs submitted
// through Tor, even if the user checks the "send ASN" option)
// all of this code for guessing at changes in our public IP via WiFi hints
// is therefore disabled
/*
// Observe network changes to get new ASNs
OS.addObserver(this, "network:offline-status-changed", false);
var pref_service = Cc["@mozilla.org/preferences-service;1"]
.getService(Ci.nsIPrefBranchInternal);
var proxy_branch = pref_service.QueryInterface(Ci.nsIPrefBranchInternal);
proxy_branch.addObserver("network.proxy", this, false);
try {
var wifi_service = Cc["@mozilla.org/wifi/monitor;1"].getService(Ci.nsIWifiMonitor);
wifi_service.startWatching(this);
} catch(e) {
this.log(INFO, "Failed to register ASN change monitor: "+e);
}*/
},
stopASNWatcher: function() {
this.client_asn = ASN_PRIVATE;
/*
// unhook the observers we registered above
OS.removeObserver(this, "network:offline-status-changed");
var pref_service = Cc["@mozilla.org/preferences-service;1"]
.getService(Ci.nsIPrefBranchInternal);
var proxy_branch = pref_service.QueryInterface(Ci.nsIPrefBranchInternal);
proxy_branch.removeObserver(this, "network.proxy");
try {
var wifi_service = Cc["@mozilla.org/wifi/monitor;1"].getService(Ci.nsIWifiMonitor);
wifi_service.stopWatching(this);
} catch(e) {
this.log(WARN, "Failed to stop wifi state monitor: "+e);
}*/
},
getClientASN: function() {
// Fetch a new client ASN..
if (!this.myGetBoolPref("send_asn")) {
this.client_asn = ASN_PRIVATE;
return;
}
else if (!this.torbutton_installed) {
this.client_asn = ASN_IMPLICIT;
return;
}
// XXX As a possible base case: the user is running Tor, is not using
// bridges, and has send_asn enabled: should we ping an eff.org URL to
// learn our ASN?
return;
},
/*
// Wifi status listener
onChange: function(accessPoints) {
try {
var max_ap = accessPoints[0].mac;
} catch(e) {
return null; // accessPoints[0] is undefined
}
var max_signal = accessPoints[0].signal;
var old_max_present = false;
for (var i=0; i<accessPoints.length; i++) {
if (accessPoints[i].mac == this.max_ap) {
old_max_present = true;
}
if (accessPoints[i].signal > max_signal) {
max_ap = accessPoints[i].mac;
max_signal = accessPoints[i].signal;
}
}
this.max_ap = max_ap;
if (!old_max_present) {
this.log(INFO, "Old access point is out of range. Getting new ASN");
this.getClientASN();
} else {
this.log(DBUG, "Old access point is still in range.");
}
},
// Wifi status listener
onError: function(value) {
// XXX: Do we care?
this.log(NOTE, "ASN change observer got an error: "+value);
this.getClientASN();
},
*/
// Calculate the MD5 fingerprint for a cert. This is the fingerprint of the
// DER-encoded form, same as the result of
// openssl x509 -md5 -fingerprint -noout
// We use this because the SSL Observatory depends in many places on a special
// fingerprint which is the concatenation of MD5+SHA1, and the MD5 fingerprint
// is no longer available on the cert object.
// Implementation cribbed from
// https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsICryptoHash
md5Fingerprint: function(cert) {
var len = new Object();
var derData = cert.getRawDER(len);
var ch = CC["@mozilla.org/security/hash;1"].createInstance(CI.nsICryptoHash);
ch.init(ch.MD5);
ch.update(derData,derData.length);
var h = ch.finish(false);
function toHexString(charCode) {
return ("0" + charCode.toString(16)).slice(-2);
}
var hexArr = [];
for (var i in h){
hexArr.push(toHexString(h.charCodeAt(i)));
}
return hexArr.join("").toUpperCase();
},
ourFingerprint: function(cert) {
// Calculate our custom fingerprint from an nsIX509Cert
return (this.md5Fingerprint(cert)+cert.sha1Fingerprint).replace(":", "", "g");
},
observe: function(subject, topic, data) {
if (topic == "cookie-changed" && data == "cleared") {
this.already_submitted = {};
this.delayed_submissions = {};
this.log(INFO, "Cookies were cleared. Purging list of pending and already submitted certs");
return;
}
if (topic == "nsPref:changed") {
// XXX: We somehow need to only call this once. Right now, we'll make
// like 3 calls to getClientASN().. The only thing I can think
// of is a timer...
if (data == "network.proxy.ssl" || data == "network.proxy.ssl_port" ||
data == "network.proxy.socks" || data == "network.proxy.socks_port") {
this.log(INFO, "Proxy settings have changed. Getting new ASN");
this.getClientASN();
}
return;
}
if (topic == "network:offline-status-changed" && data == "online") {
this.log(INFO, "Browser back online. Getting new ASN.");
this.getClientASN();
return;
}
if ("http-on-examine-response" == topic) {
if (!this.observatoryActive()) return;
var host_ip = "-1";
var httpchannelinternal = subject.QueryInterface(Ci.nsIHttpChannelInternal);
try {
host_ip = httpchannelinternal.remoteAddress;
} catch(e) {
this.log(INFO, "Could not get server IP address.");
}
subject.QueryInterface(Ci.nsIHttpChannel);
var certchain = this.getSSLCert(subject);
if (certchain) {
var chainEnum = certchain.getChain();
var chainArray = [];
var chainArrayFpStr = '';
var fps = [];
for(var i = 0; i < chainEnum.length; i++) {
var cert = chainEnum.queryElementAt(i, Ci.nsIX509Cert);
chainArray.push(cert);
var fp = this.ourFingerprint(cert);
fps.push(fp);
chainArrayFpStr = chainArrayFpStr + fp;
}
var chain_hash = sha256_digest(chainArrayFpStr).toUpperCase();
this.log(INFO, "SHA-256 hash of cert chain for "+new String(subject.URI.host)+" is "+ chain_hash);
if(!this.myGetBoolPref("use_whitelist")) {
this.log(WARN, "Not using whitelist to filter cert chains.");
}
else if (this.isChainWhitelisted(chain_hash)) {
this.log(INFO, "This cert chain is whitelisted. Not submitting.");
return;
}
else {
this.log(INFO, "Cert chain is NOT whitelisted. Proceeding with submission.");
}
if (subject.URI.port == -1) {
this.submitChain(chainArray, fps, new String(subject.URI.host), subject, host_ip, false);
} else {
this.submitChain(chainArray, fps, subject.URI.host+":"+subject.URI.port, subject, host_ip, false);
}
}
}
if (topic == "browser-delayed-startup-finished") {
this.testProxySettings();
}
},
observatoryActive: function() {
if (!this.myGetBoolPref("enabled"))
return false;
if (this.torbutton_installed && this.proxy_test_successful) {
// Allow Tor users to choose if they want to submit
// during tor and/or non-tor
if (this.myGetBoolPref("submit_during_tor") &&
this.prefs.getBoolPref("extensions.torbutton.tor_enabled"))
return true;
if (this.myGetBoolPref("submit_during_nontor") &&
!this.prefs.getBoolPref("extensions.torbutton.tor_enabled"))
return true;
return false;
}
if (this.proxy_test_successful) {
return true;
} else if (this.myGetBoolPref("use_custom_proxy")) {
// no torbutton; the custom proxy is probably the user opting to
// submit certs without strong anonymisation. Because the
// anonymisation is weak, we avoid submitting during private browsing
// mode.
try {
var pbs = CC["@mozilla.org/privatebrowsing;1"].getService(CI.nsIPrivateBrowsingService);
if (pbs.privateBrowsingEnabled) return false;
} catch (e) { /* seamonkey or old firefox */ }
return true;
}
return false;
},
// following two methods are syntactic sugar
myGetBoolPref: function(prefstring) {
return this.prefs.getBoolPref ("extensions.https_everywhere._observatory." + prefstring);
},
myGetCharPref: function(prefstring) {
return this.prefs.getCharPref ("extensions.https_everywhere._observatory." + prefstring);
},
isChainWhitelisted: function(chainhash) {
if (X509ChainWhitelist == null) {
this.log(WARN, "Could not find whitelist of popular certificate chains, so ignoring whitelist");
return false;
}
if (X509ChainWhitelist[chainhash] != null) {
return true;
}
return false;
},
findRootInChain: function(certArray) {
// Return the position in the chain Array of the/a root CA
var rootidx = -1;
var nextInChain = certArray[0].issuer;
for (var i = 0; i < certArray.length; i++) {
// Find the next cert in the valid chain
if (certArray[i].equals(nextInChain)) {
if (certArray[i].issuerName == certArray[i].subjectName) {
// All X509 root certs are self-signed
this.log(INFO, "Got root cert at position: "+i);
rootidx = i;
break;
} else {
// This is an intermediate CA cert; keep looking for the root
nextInChain = certArray[i].issuer;
}
}
}
return rootidx;
},
processConvergenceChain: function(chain) {
// Make sure the chain we're working with is sane, even if Convergence is
// present.
// Convergence currently performs MITMs against the Firefox in order to
// get around https://bugzilla.mozilla.org/show_bug.cgi?id=644640. The
// end-entity cert produced by Convergence contains a copy of the real
// end-entity cert inside an X509v3 extension. We extract this and send
// it rather than the Convergence certs.
var convergence = Components.classes['@thoughtcrime.org/convergence;1'];
if (!convergence) return null;
convergence = convergence.getService().wrappedJSObject;
if (!convergence || !convergence.enabled) return null;
this.log(INFO, "Convergence uses its own internal root certs; not submitting those");
//this.log(WARN, convergence.certificateStatus.getVerificiationStatus(chain.certArray[0]));
try {
var certInfo = this.extractRealLeafFromConveregenceLeaf(chain.certArray[0]);
var b64Cert = certInfo["certificate"];
var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
chain.leaf = certDB.constructX509FromBase64(b64Cert);
chain.certArray = [chain.leaf];
chain.fps = [this.ourFingerprint(chain.leaf)];
} catch (e) {
this.log(WARN, "Failed to extract leaf cert from Convergence cert " + e);
chain.certArray = chain.certArray.slice(0,1);
chain.fps = chain.fps.slice(0,1);
}
},
extractRealLeafFromConveregenceLeaf: function(certificate) {
// Copied from Convergence's CertificateStatus.getVerificiationStatus
var len = {};
var derEncoding = certificate.getRawDER(len);
var derItem = NSS.types.SECItem();
derItem.data = NSS.lib.ubuffer(derEncoding);
derItem.len = len.value;
var completeCertificate = NSS.lib.CERT_DecodeDERCertificate(derItem.address(), 1, null);
var extItem = NSS.types.SECItem();
var status = NSS.lib.CERT_FindCertExtension(completeCertificate,
NSS.lib.SEC_OID_NS_CERT_EXT_COMMENT,
extItem.address());
if (status != -1) {
var encoded = '';
var asArray = tcypes.cast(extItem.data, tcypes.ArrayType(tcypes.unsigned_char, extItem.len).ptr).contents;
var marker = false;
for (var i=0;i<asArray.length;i++) {
if (marker) {
encoded += String.fromCharCode(asArray[i]);
} else if (asArray[i] == 0x00) {
marker = true;
}
}
return JSON.parse(encoded);
}
},
shouldSubmit: function(chain, domain) {
// Return true if we should submit this chain to the SSL Observatory
var rootidx = this.findRootInChain(chain.certArray);
var ss= false;
if (chain.leaf.issuerName == chain.leaf.subjectName)
ss = true;
if (!this.myGetBoolPref("self_signed") && ss) {
this.log(INFO, "Not submitting self-signed cert for " + domain);
return false;
}
if (!ss && !this.myGetBoolPref("alt_roots")) {
if (rootidx == -1) {
// A cert with an unknown/absent Issuer. Out of caution, don't submit these
this.log(INFO, "Cert for " + domain + " issued by unknown CA " +
chain.leaf.issuerName + " (not submitting due to settings)");
return false;
} else if (!(chain.fps[rootidx] in this.public_roots)) {
// A cert with a known but non-public Issuer
this.log(INFO, "Got a private root cert. Ignoring domain "
+domain+" with root "+chain.fps[rootidx]);
return false;
}
}
if (chain.fps[0] in this.already_submitted) {
this.log(INFO, "Already submitted cert for "+domain+". Ignoring");
return false;
}
return true;
},
submitChain: function(certArray, fps, domain, channel, host_ip, resubmitting) {
var base64Certs = [];
// Put all this chain data in one object so that it can be modified by
// subroutines if required
var c = {}; c.certArray = certArray; c.fps = fps; c.leaf = certArray[0];
this.processConvergenceChain(c);
if (!this.shouldSubmit(c,domain)) return;
// only try to submit now if there aren't too many outstanding requests
if (this.current_outstanding_requests > MAX_OUTSTANDING) {
this.log(WARN, "Too many outstanding requests ("+this.current_outstanding_requests+"), not submitting");
// if there are too many current requests but not too many
// delayed/pending ones, then delay this one
if (Object.keys(this.delayed_submissions).length < MAX_DELAYED)
if (!(c.fps[0] in this.delayed_submissions)) {
this.log(WARN, "Planning to retry submission...");
let retry = function() { this.submitChain(certArray, fps, domain, channel, host_ip, true); };
this.delayed_submissions[c.fps[0]] = retry;
}
return;
}
for (var i = 0; i < c.certArray.length; i++) {
var len = new Object();
var derData = c.certArray[i].getRawDER(len);
let result = "";
for (let j = 0, dataLength = derData.length; j < dataLength; ++j)
result += String.fromCharCode(derData[j]);
base64Certs.push(btoa(result));
}
var reqParams = [];
reqParams.push("domain="+domain);
reqParams.push("server_ip="+host_ip);
if (this.myGetBoolPref("testing")) {
reqParams.push("testing=1");
// The server can compute these, but they're a nice test suite item!
reqParams.push("fplist="+this.compatJSON.encode(c.fps));
}
reqParams.push("certlist="+this.compatJSON.encode(base64Certs));
if (resubmitting) {
reqParams.push("client_asn="+ASN_UNKNOWABLE);
}
else {
reqParams.push("client_asn="+this.client_asn);
}
if (this.myGetBoolPref("priv_dns")) {
reqParams.push("private_opt_in=1");
}
else {
reqParams.push("private_opt_in=0");
}
var params = reqParams.join("&") + "&padding=0";
var tot_len = BASE_REQ_SIZE;
this.log(INFO, "Submitting cert for "+domain);
this.log(DBUG, "submit_cert params: "+params);
// Pad to exp scale. This is done because the distribution of cert sizes
// is almost certainly pareto, and definitely not uniform.
for (tot_len = BASE_REQ_SIZE; tot_len < params.length; tot_len*=2);
while (params.length != tot_len) {
params += "0";
}
var that = this; // We have neither SSLObservatory nor this in scope in the lambda
var HTTPSEverywhere = CC["@eff.org/https-everywhere;1"]
.getService(Components.interfaces.nsISupports)
.wrappedJSObject;
var win = null;
if (channel) {
var browser = this.HTTPSEverywhere.getBrowserForChannel(channel);
if (browser) {
var win = browser.contentWindow;
}
}
var req = this.buildRequest(params);
req.timeout = TIMEOUT;
req.onreadystatechange = function(evt) {
if (req.readyState == 4) {
// pop off one outstanding request
that.current_outstanding_requests -= 1;
that.log(DBUG, "Popping one off of outstanding requests, current num is: "+that.current_outstanding_requests);
if (req.status == 200) {
that.log(INFO, "Successful cert submission");
if (!that.prefs.getBoolPref("extensions.https_everywhere._observatory.cache_submitted") &&
c.fps[0] in that.already_submitted) {
delete that.already_submitted[c.fps[0]];
}
// Retry up to two previously failed submissions
let n = 0;
for (let fp in that.delayed_submissions) {
that.log(WARN, "Retrying a submission...");
that.delayed_submissions[fp]();
delete that.delayed_submissions[fp];
if (++n >= 2) break;
}
} else if (req.status == 403) {
that.log(WARN, "The SSL Observatory has issued a warning about this certificate for " + domain);
try {
var warningObj = JSON.parse(req.responseText);
if (win) that.warnUser(warningObj, win, c.certArray[0]);
} catch(e) {
that.log(WARN, "Failed to process SSL Observatory cert warnings :( " + e);
that.log(WARN, req.responseText);
}
} else {
// Submission failed
if (c.fps[0] in that.already_submitted) {
delete that.already_submitted[c.fps[0]];
}
try {
that.log(WARN, "Cert submission failure "+req.status+": "+req.responseText);
} catch(e) {
that.log(WARN, "Cert submission failure and exception: "+e);
}
// If we don't have too many delayed submissions, and this isn't
// (somehow?) one of them, then plan to retry this submission later
if (Object.keys(that.delayed_submissions).length < MAX_DELAYED &&
c.fps[0] in that.delayed_submissions) {
that.log(WARN, "Planning to retry submission...");
let retry = function() { that.submitChain(certArray, fps, domain, channel, host_ip, true); };
that.delayed_submissions[c.fps[0]] = retry;
}
}
}
};
// Cache this here to prevent multiple submissions for all the content elements.
that.already_submitted[c.fps[0]] = true;
// add one to current outstanding request number
that.current_outstanding_requests += 1;
that.log(DBUG, "Adding outstanding request, current num is: "+that.current_outstanding_requests);
req.send(params);
},
buildRequest: function(params) {
var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
.createInstance(Ci.nsIXMLHttpRequest);
// We do this again in case the user altered about:config
this.findSubmissionTarget();
req.open("POST", this.submit_url+this.csrf_nonce, true);
// Send the proper header information along with the request
// Do not set gzip header.. It will ruin the padding
req.setRequestHeader("X-Privacy-Info", "EFF SSL Observatory: https://www.eff.org/r.22c");
req.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
req.setRequestHeader("Content-length", params.length);
req.setRequestHeader("Connection", "close");
// Need to clear useragent and other headers..
req.setRequestHeader("User-Agent", "");
req.setRequestHeader("Accept", "");
req.setRequestHeader("Accept-Language", "");
req.setRequestHeader("Accept-Encoding", "");
req.setRequestHeader("Accept-Charset", "");
return req;
},
warnUser: function(warningObj, win, cert) {
var aWin = CC['@mozilla.org/appshell/window-mediator;1']
.getService(CI.nsIWindowMediator)
.getMostRecentWindow('navigator:browser');
aWin.openDialog("chrome://https-everywhere/content/observatory-warning.xul",
"","chrome,centerscreen", warningObj, win, cert);
},
registerProxyTestNotification: function(callback_fcn) {
if (this.proxy_test_successful != null) {
/* Proxy test already ran. Callback immediately. */
callback_fcn(this.proxy_test_successful);
this.proxy_test_callback = null;
return;
} else {
this.proxy_test_callback = callback_fcn;
}
},
testProxySettings: function() {
/* Plan:
* 1. Launch an async XMLHttpRequest to check.tp.o with magic nonce
* 3. Filter the nonce in protocolProxyFilter to use proxy settings
* 4. Async result function sets test result status based on check.tp.o
*/
this.proxy_test_successful = null;
var proxy_settings = this.getProxySettings();
// if proxy_settings is false, we're using tor browser for sure
// if tor_safe is false, the user has specified use_custom_proxy
// in either case, don't issue request to tor check url
if (!proxy_settings) {
this.proxy_test_successful = true;
this.log(INFO, "Tor check assumed succeeded.");
return;
}
if (proxy_settings.tor_safe == false) {
this.proxy_test_successful = false;
this.log(INFO, "Tor check failed: Not safe to check.");
return;
}
try {
var req = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
.createInstance(Components.interfaces.nsIXMLHttpRequest);
var url = this.cto_url + this.csrf_nonce;
req.open('GET', url, true);
req.channel.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
req.overrideMimeType("text/xml");
var that = this; // Scope gymnastics for async callback
req.onreadystatechange = function (oEvent) {
if (req.readyState === 4) {
that.proxy_test_successful = false;
if(req.status == 200) {
if(!req.responseXML) {
that.log(INFO, "Tor check failed: No XML returned by check service.");
return;
}
var result = req.responseXML.getElementById('TorCheckResult');
if(result===null) {
that.log(INFO, "Tor check failed: Non-XML returned by check service.");
} else if(typeof(result.target) == 'undefined'
|| result.target === null) {
that.log(INFO, "Tor check failed: Busted XML returned by check service.");
} else if(result.target === "success") {
that.log(INFO, "Tor check succeeded.");
that.proxy_test_successful = true;
} else {
that.log(INFO, "Tor check failed: "+result.target);
}
} else {
that.log(INFO, "Tor check failed: HTTP Error "+req.status);
}
/* Notify the UI of the test result */
if (that.proxy_test_callback) {
that.proxy_test_callback(that.proxy_test_successful);
that.proxy_test_callback = null;
}
}
};
req.send(null);
} catch(e) {
this.proxy_test_successful = false;
if(e.result == 0x80004005) { // NS_ERROR_FAILURE
this.log(INFO, "Tor check failed: Proxy not running.");
}
this.log(INFO, "Tor check failed: Internal error: "+e);
if (this.proxy_test_callback) {
this.proxy_test_callback(this.proxy_test_successful);
this.proxy_test_callback = null;
}
}
},
getProxySettings: function(testingForTor) {
// This may be called either for an Observatory submission, or during a test to see if Tor is
// present. The testingForTor argument is true in the latter case.
var proxy_settings = {
type: "direct",
host: "",
port: 0,
tor_safe: false
};
this.log(INFO,"in getProxySettings()");
var custom_proxy_type = this.myGetCharPref("proxy_type");
if (this.torbutton_installed && this.myGetBoolPref("use_tor_proxy")) {
return false;
/* Regarding the test below:
*
* custom_proxy_type == "direct" is indicative of the user having selected "submit certs even if
* Tor is not available", rather than true custom Tor proxy settings. So in that case, there's
* not much point probing to see if the direct proxy is actually a Tor connection, and
* localhost:9050 is a better bet. People whose networks send all traffic through Tor can just
* tell the Observatory to submit certs without Tor.
*/
} else if (this.myGetBoolPref("use_custom_proxy") && !(testingForTor && custom_proxy_type == "direct")) {
this.log(INFO,"CASE: use_custom_proxy");
proxy_settings.type = custom_proxy_type;
proxy_settings.host = this.myGetCharPref("proxy_host");
proxy_settings.port = this.prefs.getIntPref("extensions.https_everywhere._observatory.proxy_port");
proxy_settings.tor_safe = false;
} else {
/* Take a guess at default tor proxy settings */
this.log(INFO,"CASE: try localhost:9050");
proxy_settings.type = "socks";
proxy_settings.host = "localhost";
proxy_settings.port = 9050;
proxy_settings.tor_safe = true;
}
this.log(INFO, "Using proxy: " + JSON.stringify(proxy_settings));
return proxy_settings;
},
applyFilter: function(aProxyService, inURI, aProxy) {
try {
if (inURI instanceof Ci.nsIURI) {
var aURI = inURI.QueryInterface(Ci.nsIURI);
if (!aURI) this.log(WARN, "Failed to QI to nsIURI!");
} else {
this.log(WARN, "applyFilter called without URI");
}
} catch (e) {
this.log(WARN, "EXPLOSION: " + e);
}
var isSubmission = this.submission_regexp.test(aURI.spec);
var testingForTor = this.cto_regexp.test(aURI.spec);
if (isSubmission || testingForTor) {
if (aURI.path.search(this.csrf_nonce+"$") != -1) {
this.log(INFO, "Got observatory url + nonce: "+aURI.spec);
var proxy_settings = null;
var proxy = null;
// Send it through tor by creating an nsIProxy instance
// for the torbutton proxy settings.
try {
proxy_settings = this.getProxySettings(testingForTor);
if(proxy_settings){
proxy = this.pps.newProxyInfo(
proxy_settings.type,
proxy_settings.host,
proxy_settings.port,
Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST,
0xFFFFFFFF, null);
} else {
proxy = aProxy;
}
} catch(e) {
this.log(WARN, "Error specifying proxy for observatory: "+e);
}
this.log(INFO, "Specifying proxy: "+proxy);
// TODO: Use new identity or socks u/p to ensure we get a unique
// tor circuit for this request
return proxy;
}
}
return aProxy;
},
// [optional] an array of categories to register this component in.
// Hack to cause us to get instantiate early
_xpcom_categories: [ { category: "profile-after-change" }, ],
encString: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
encStringS: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',
log: function(level, str) {
var econsole = CC["@mozilla.org/consoleservice;1"]
.getService(CI.nsIConsoleService);
try {
var threshold = this.prefs.getIntPref(LLVAR);
} catch (e) {
econsole.logStringMessage( "SSL Observatory: Failed to read about:config LogLevel");
threshold = WARN;
}
if (level >= threshold) {
var levelName = ["", "VERB", "DBUG", "INFO", "NOTE", "WARN"][level];
var prefix = "SSL Observatory " + levelName + ": ";
// dump() prints to browser stdout. That's sometimes undesirable,
// so only do it when a pref is set (running from test.sh enables
// this pref).
if (this.prefs.getBoolPref("extensions.https_everywhere.log_to_stdout")) {
dump(prefix + str + "\n");
}
econsole.logStringMessage(prefix + str);
}
}
};
/**
* XPCOMUtils.generateNSGetFactory was introduced in Mozilla 2 (Firefox 4).
* XPCOMUtils.generateNSGetModule is for Mozilla 1.9.2 (Firefox 3.6).
*/
if (XPCOMUtils.generateNSGetFactory)
var NSGetFactory = XPCOMUtils.generateNSGetFactory([SSLObservatory]);
else
var NSGetModule = XPCOMUtils.generateNSGetModule([SSLObservatory]);
|