Skip to content

Commit

Permalink
Proof-of-concept "Alt Root" code
Browse files Browse the repository at this point in the history
  • Loading branch information
James-E-A committed Sep 6, 2020
1 parent c68b3a7 commit 7baf4b1
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 17 deletions.
Binary file added src/images/alt_root_icons/cacert.org.ico
Binary file not shown.
49 changes: 36 additions & 13 deletions src/js/main.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@ function identifySecType(securityInfo){
// even deprived so much as *access to* their
// cert chain, so we cannot evaluate them!!
let certChain=securityInfo.certificates;
if(!certChain.length) throw {status:'emptyCertChainButItsSecure',securityInfo:securityInfo};
let rootCert=certChain[certChain.length-1];
//Now, this connection is...
if(rootCert.isBuiltInRoot){
//...Mozilla-supported
return secTypes.Mozilla;
} else if(!rootCert.isUntrusted) {
//...supported by a Non-Mozilla cert...
if(true){ //TODO
if(isItMITM(rootCert)){ //TODO
//...TLS MITM proxy
return secTypes.MITM;
} else {
Expand All @@ -24,49 +25,64 @@ function identifySecType(securityInfo){
}
} else {
//???
console.warn("THIS SHOULD NEVER HAPPEN...?");
throw {status:'WTF',securityInfo:securityInfo};
throw {status:'thisShouldNeverHappen',securityInfo:securityInfo};
}
} catch(e) {
switch(e.status){
case 'insecure':
return secTypes.insecure;
break;
case 'emptyCertChainButItsSecure':
//TODO: find out whytf this happens sometimes
console.warn(e.status||e,securityInfo);
return secTypes.indeterminate;
break;
default:
console.error(e.status||e,securityInfo);
return -1;
}
}
}

function genBrowserActionSpec(secType,certChain){
let rootHost,iconPath;
switch(secType){
case secTypes.Mozilla:
let rootHost=sha256fp_host[certChain[certChain.length-1].fingerprint.sha256];
rootHost=sha256fp_host[certChain[certChain.length-1].fingerprint.sha256];
return {
Icon: {path:`images/root_icons/${rootHost}.ico`},
// BadgeText: {Text: '\u2026'}; //TODO?
// BackgroundColor: {color: 'LimeGreen'};
// BadgeText: {text: '\u2026'}; //TODO?
// BadgeBackgroundColor: {color: 'LimeGreen'};
};
break;
case secTypes.MITM:
return {
Icon: {path:`images/Twemoji_2716.svg`},
BadgeText: {Text: '\u2026'}, //TODO: ...something?
BackgroundColor: {color: 'Fuchsia'}
Icon: {path:`images/Twemoji_1f441.svg`},
BadgeText: {text: '\u2026'}, //TODO: ...something?
BadgeBackgroundColor: {color: 'Fuchsia'}
};
break;
case secTypes.aRoot:
rootHost=sha256fp_host_alt[certChain[certChain.length-1].fingerprint.sha256];
if(rootHost){
iconPath=`images/alt_root_icons/${rootHost}.ico`;
} else {
iconPath='images/Twemoji_1f50f.svg';
}
return {
Icon: {path:`images/Twemoji_1f50f.svg`},
Icon: {path:iconPath},
BadgeText: {text: '\u2026'}, //TODO: which aRoot?
BackgroundColor: {color: 'Cyan'}
BadgeBackgroundColor: {color: 'Cyan'}
};
break;
case secTypes.indeterminate:
return {} //TODO???
break;
default:
return {
Icon: {path:`images/Twemoji_2716.svg`},
// BadgeText: {text: '\u2026'};
// BackgroundColor: {color: 'Grey'};
// BadgeBackgroundColor: {color: 'Grey'};
};
}
}
Expand All @@ -77,7 +93,14 @@ function updateTabBrowserAction(tabId,browserActionSpec){
Object.assign(cmd,browserActionSpec[prop]);
Object.assign(cmd,{tabId:tabId});
browser.browserAction['set'+prop](cmd);
console.log(`browser.browserAction['${'set'+prop}'](${JSON.stringify(cmd)});`);
}
}

function isItMITM(cert){
if(cert.fingerprint.sha256 in sha256fp_host || cert.fingerprint.sha256 in sha256fp_host_alt){
return false;
} else {
return true;
}
}

Expand Down
12 changes: 8 additions & 4 deletions src/js/util.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,20 @@ function getAsset(path){
}

const secTypes={
Mozilla: 0,
MITM: 1,
aRoot: 2,
insecure:255
Mozilla: 0,
MITM: 1,
aRoot: 2,
indeterminate: 254,
insecure: 255
}
Object.freeze(secTypes);

const sha256fp_host = new Object();
const host_country = new Object();

const sha256fp_host_alt = {'07:ED:BD:82:4A:49:88:CF:EF:42:15:DA:20:D4:8C:2B:41:D7:15:29:D7:C9:00:F5:70:92:6F:27:7C:C2:30:C5':'cacert.org'};Object.freeze(sha256fp_host_alt);
//TODO TODO TODO TODO TODO TODO TODO

{
let data=getAsset("db/IncludedCACertificateReportJSONFormat");
JSON.parse(data).forEach(ca=>{
Expand Down

0 comments on commit 7baf4b1

Please sign in to comment.