Use preferences for governing control of submission.

Mike Perry · pde · commit 264af769682a · 2011-07-06T16:23:25.000-07:00
diff --git a/src/components/ssl-observatory.js b/src/components/ssl-observatory.js
@@ -1,7 +1,23 @@
+// XXX: This service uses prefs we have not set defaults for yet.
+// We should begin including a defaults/preferences/preferences.js
 const Ci = Components.interfaces;
 const Cc = Components.classes;
 const Cr = Components.results;
 
+const CI = Components.interfaces;
+const CC = Components.classes;
+const CR = Components.results;
+
+// Log levels
+VERB=1;
+DBUG=2;
+INFO=3;
+NOTE=4;
+WARN=5;
+
+// XXX: We should make the _observatory_prefs tree relative.
+LLVAR="extensions.https_everywhere.LogLevel";
+
 Components.utils.import("resource://gre/modules/XPCOMUtils.jsm");
 const OS = Cc['@mozilla.org/observer-service;1'].getService(CI.nsIObserverService);
 
@@ -10,24 +26,43 @@ const SERVICE_ID=Components.ID("{0f9ab521-986d-4ad8-9c1f-6934e195c15c}");
 const SERVICE_NAME = "Anonymously Submits strange SSL certificates to EFF.";
 
 function SSLObservatory() {
-  // XXX: Check prefs and save to boolean values
-  //      1. use_tor
-  //      2. use_nontor
-  //      3. submit_private_certs
+  this.prefs = Components.classes["@mozilla.org/preferences-service;1"]
+        .getService(Components.interfaces.nsIPrefBranch);
+
+  dump("Dump: Loaded observatory component\n");
+  this.log(DBUG, "Loaded observatory component!");
 
   try {
     // Check for torbutton
-    this.logger = Components.classes["@torproject.org/torbutton-logger;1"]
+    this.tor_logger = Components.classes["@torproject.org/torbutton-logger;1"]
           .getService(Components.interfaces.nsISupports).wrappedJSObject;
+
     this.torbutton_installed = true;
-    // XXX: We probably want to run the full test of tor functionality here
-    // but that involves a https request to check.torproject.org, so we shouldn't
-    // do it every time... Or maybe we should?
+
+    // If the user wants to use their Tor proxy, grab it automatically
+    if (this.prefs.getBoolPref("extensions.https_everywhere._prefs.use_tor_proxy")) {
+      // extract torbutton proxy settings
+      this.proxy_port = this.prefs.getIntPref("extensions.torbutton.https_port");
+      this.proxy_host = this.prefs.getCharPref("extensions.torbutton.https_proxy");
+      this.proxy_type = "http";
+
+      if (!this.proxy_port) {
+        this.proxy_host = this.prefs.getCharPref("extensions.torbutton.socks_host");
+        this.proxy_port = this.prefs.getIntPref("extensions.torbutton.socks_port");
+        this.proxy_type = "socks";
+      }
+    }
   } catch(e) {
     dump("Torbutton not found\n");
     this.torbutton_installed = false;
   }
 
+  if (this.prefs.getBoolPref("extensions.https_everywhere._observatory_prefs.use_custom_proxy")) {
+    this.proxy_host = this.prefs.getCharPref("extensions.https_everywhere._observatory_prefs.proxy_host");
+    this.proxy_port = this.prefs.getIntPref("extensions.https_everywhere._observatory_prefs.proxy_port");
+    this.proxy_type = this.prefs.getCharPref("extensions.https_everywhere._observatory_prefs.proxy_type");
+  }
+
   // Generate nonce for request
   this.csrf_nonce = "#"+Math.random().toString()+Math.random().toString();
 
@@ -59,7 +94,7 @@ SSLObservatory.prototype = {
   getSSLCert: function(channel) {
     try {
         // Do we have a valid channel argument?
-        if (!channel instanceof  Ci.nsIChannel) {
+        if (!channel instanceof Ci.nsIChannel) {
             return null;
         }
         var secInfo = channel.securityInfo;
@@ -82,26 +117,75 @@ SSLObservatory.prototype = {
   },
 
   observe: function(subject, topic, data) {
+   if (this.torbutton_installed) {
+     // Allow Tor users to choose if they want to submit
+     // during tor and/or non-tor
+     if (!this.prefs.getBoolPref("extensions.https_everywhere._observatory_prefs.submit_during_tor")
+         && this.prefs.getBoolPref("extensions.torbutton.tor_enabled")) {
+       return;
+     }
+     if (!this.prefs.getBoolPref("extensions.https_everywhere._observatory_prefs.submit_during_nontor")
+         && !this.prefs.getBoolPref("extensions.torbutton.tor_enabled")) {
+       return;
+     }
+   }
+
    if ("http-on-examine-response" == topic) {
      aSubject.QueryInterface(Ci.nsIHttpChannel);
-     cert = this.getSSLCert(aSubject);
+     var certchain = this.getSSLCert(aSubject);
+     if(certchain) {
+       for(cert in certchain.getChain()) {
+         var fp = cert.md5Fingerprint +":"+cert.sha1Fingerprint;
+         var der = cert.getRawDER();
+
+         dump(der);
+
+         // XXX: Use an async XMLHTTPRequest:
+         // XXX: Ask to submit cert
+         // XXX: AS number??
+       }
+     }
    }
   },
 
-  applyFilter(aProxyService, aURI, aProxy) {
+  applyFilter: function(aProxyService, aURI, aProxy) {
     // XXX: This check may be wrong. Have not tested it
     if (aURI.spec.search("^https://observatory.eff.org/submit.py") != -1 &&
-        aURI.path.search(this.nonce+"$") != -1) {
-      // This is for us!
-      // XXX: Send it through tor by creating an nsIProxy instance
+        aURI.path.search(this.csrf_nonce+"$") != -1) {
+
+      // Send it through tor by creating an nsIProxy instance
       // for the torbutton proxy settings.
+      var proxy = this.pps.newProxyInfo(this.proxy_type, this.proxy_host,
+                  this.proxy_port,
+                  Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST,
+                  0xFFFFFFFF, null);
+
+      // TODO: Use new identity or socks u/p to ensure we get a unique
+      // tor circuit for this request
+      return proxy;
     }
+    return aProxy;
   },
 
   // [optional] an array of categories to register this component in.
   // Hack to cause us to get instantiate early
   _xpcom_categories: [ { category: "profile-after-change" }, ],
 
+
+  log: function(level, str) {
+    var econsole = Components.classes["@mozilla.org/consoleservice;1"]
+      .getService(Components.interfaces.nsIConsoleService);
+    try {
+      var threshold = this.prefs.getIntPref(LLVAR);
+    } catch (e) {
+      econsole.logStringMessage( "SSL Observatory: Failed to read about:config LogLevel");
+      threshold = WARN;
+    }
+    if (level >= threshold) {
+      dump(str+"\n");
+      econsole.logStringMessage("SSL Observatory: " +str);
+    }
+  }
 };
 
 /**
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
@@ -0,0 +1,11 @@
+// SSl Observatory preferences
+pref("extensions.https_everywhere._observatory_prefs.enabled",true);
+
+pref("extensions.https_everywhere._observatory_prefs.submit_during_tor",false);
+pref("extensions.https_everywhere._observatory_prefs.submit_during_nontor",true);
+
+pref("extensions.https_everywhere._observatory_prefs.use_custom_proxy",false);
+pref("extensions.https_everywhere._observatory_prefs.proxy_host","");
+pref("extensions.https_everywhere._observatory_prefs.proxy_port",0);
+pref("extensions.https_everywhere._observatory_prefs.proxy_type","direct");
+
