Attempt to warn the user when the Observatory reports questionable certificates

pde · pde · commit d6700d73becd · 2011-09-13T22:39:51.000-07:00
diff --git a/src/chrome/content/observatory-warning.xul b/src/chrome/content/observatory-warning.xul
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="utf-8"?>
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+<!DOCTYPE window SYSTEM "chrome://https-everywhere/locale/ssl-observatory.dtd">
+<window id="ssl-observatory-dialog" 
+  xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" 
+  xmlns:html="http://www.w3.org/1999/xhtml" 
+  title="&ssl-observatory.warning.title;" 
+  align="center"
+  onload="document.getElementById('ask-me-later').focus()"
+  >
+    <script type="application/x-javascript" src="observatory-preferences.js" />
+    <image src="chrome://https-everywhere/skin/ssl-observatory-messy.jpg" />
+    <label style="padding:25px;">EFF's SSL Observatory has issued a warning about the HTTPS certificiate(s) for this site</label>
+    <separator class="thin"/>
+    <label style="padding:25px;" id="warning-text"></label>
+
+    <commandgroup>
+      <command id="showcert" oncommand="window.close()" />
+      <command id="okay" oncommand='window.close()'
+      />
+    </commandgroup>
+
+    <separator class="thin"/>
+      <hbox>
+        <spacer flex="2" />
+        <button label="&ssl-observatory.warning.showcert;" accesskey="s" 
+                command='showcert'/>
+        <spacer flex="1" />
+        <button label="&ssl-observatory.warning.okay;" accesskey="o"
+                command='okay'/>
+        <spacer flex="2" />
+      </hbox>
+
+    <!--
+    <hbox style="padding-top:10px;">
+      <label class="text-link" href="https://www.eff.org/" tabindex="3" value="&ssl-observatory.popup.details;" />
+      <spacer flex="1" />
+      <button label="&ssl-observatory.popup.later;" id="ask-me-later" tabindex="0" style="font-size:0.8em;" accesskey="l"
+              oncommand="doCancel()"/>-
+    </hbox>-->
+</window>
diff --git a/src/chrome/locale/en/ssl-observatory.dtd b/src/chrome/locale/en/ssl-observatory.dtd
@@ -91,4 +91,8 @@ for names that it cannot resolve through the DNS system.">
 <!ENTITY ssl-observatory.prefs.title "SSL Observatory Preferences">
 
 <!ENTITY ssl-observatory.prefs.use "Use the Observatory?">
+<!ENTITY ssl-observatory.warning.title "WARNING from EFF's SSL Observatory">
+<!ENTITY ssl-observatory.warning.showcert "Show the certificates">
+<!ENTITY ssl-observatory.warning.okay "I understand">
+
 
diff --git a/src/components/https-everywhere.js b/src/components/https-everywhere.js
@@ -568,7 +568,7 @@ HTTPSEverywhere.prototype = {
 function chrome_opener(uri) {
   // we don't use window.open, because we need to work around TorButton's 
   // state control
-  CC['@mozilla.org/appshell/window-mediator;1']
+  return CC['@mozilla.org/appshell/window-mediator;1']
     .getService(CI.nsIWindowMediator) 
     .getMostRecentWindow('navigator:browser')
     .open(uri,'', 'chrome,centerscreen' );
diff --git a/src/components/ssl-observatory.js b/src/components/ssl-observatory.js
@@ -384,13 +384,21 @@ SSLObservatory.prototype = {
     var that = this; // We have neither SSLObservatory nor this in scope in the lambda
     req.onreadystatechange = function(evt) {
       if (req.readyState == 4) {
-        // XXX: Handle errors properly?
         if (req.status == 200) {
           that.log(INFO, "Successful cert submission");
           if (!that.prefs.getBoolPref("extensions.https_everywhere._observatory.cache_submitted")) {
             if (fps[0] in that.already_submitted)
               delete that.already_submitted[fps[0]];
           }
+        } else if (req.status == 403) {
+          that.log(WARN, "The SSL Observatory has issued a warning about this certificate for " + domain);
+          try {
+            var warningObj = JSON.parse(req.responseText);
+            this.warnUser(warningObj);
+          } catch(e) {
+            that.log(WARN, "Failed to process SSL Observatory cert warnings :( " + e);
+            that.log(WARN, req.responseText);
+          }
         } else {
           if (fps[0] in that.already_submitted)
             delete that.already_submitted[fps[0]];
@@ -408,6 +416,15 @@ SSLObservatory.prototype = {
     req.send(params);
   },
 
+  warnUser: function(warningObj) {
+    var label = "";
+    for (var hash in warningObj) 
+      label += warningObj[hash].long_desc;
+    var wtext = chrome_opener("chrome://https-everywhere/content/observatory-warning.xul")
+                             .document.getElementById("warning-text");
+    wtext.setAttribute("value", label);
+  },
+
   getProxySettings: function() {
     var proxy_settings = ["direct", "", 0];
     if (this.torbutton_installed && this.myGetBoolPref("use_tor_proxy")) {
