Bug 1313511 - Add certificate transparency status in the netmonitor security tab; r=Honza
MozReview-Commit-ID: C1gyiOEzpno
--- a/devtools/client/locales/en-US/netmonitor.properties
+++ b/devtools/client/locales/en-US/netmonitor.properties
@@ -461,16 +461,44 @@ certmgr.fingerprints.label=Fingerprints
# LOCALIZATION NOTE (certmgr.certdetail.sha256fingerprint):
# A label used for Fingerprints sub-section in security tab
certmgr.certdetail.sha256fingerprint=SHA-256 Fingerprint:
# LOCALIZATION NOTE (certmgr.certdetail.sha1fingerprint):
# A label used for Fingerprints sub-section in security tab
certmgr.certdetail.sha1fingerprint=SHA1 Fingerprint:
+# LOCALIZATION NOTE (certmgr.certificateTransparency.label):
+# This string is used as a label in the security tab.
+certmgr.certificateTransparency.label=Transparency:
+
+# LOCALIZATION NOTE (certmgr.certificateTransparency.status.none):
+# This string is used to indicate that there are no signed certificate
+# timestamps available. This is a property for the 'Transparency'
+# field in the security tab.
+certmgr.certificateTransparency.status.none=No SCTs records
+
+# LOCALIZATION NOTE (netmonitor.security.certificateTransparency.status.ok):
+# This string is used to indicate that there are valid signed certificate
+# timestamps. This is a property for the 'Transparency'
+# field in the security tab.
+certmgr.certificateTransparency.status.ok=Valid SCTs records
+
+# LOCALIZATION NOTE (certmgr.certificateTransparency.status.notEnoughSCTS):
+# This string is used to indicate that there are not enough valid signed
+# certificate timestamps. This is a property for the 'Transparency'
+# field in the security tab.
+certmgr.certificateTransparency.status.notEnoughSCTS=Not enough SCTs
+
+# LOCALIZATION NOTE (certmgr.certificateTransparency.status.notDiverseSCTS):
+# This string is used to indicate that there ar not enough diverse signed
+# certificate timestamps. This is a property for the 'Transparency'
+# field in the security tab.
+certmgr.certificateTransparency.status.notDiverseSCTS=Not diverse SCTs
+
# LOCALIZATION NOTE (netmonitor.perfNotice1/2/3): These are the labels displayed
# in the network table when empty to start performance analysis.
netmonitor.perfNotice1=• Click on the
netmonitor.perfNotice2=button to start performance analysis.
netmonitor.perfNotice3=Analyze
# LOCALIZATION NOTE (netmonitor.reload1/2/3): These are the labels displayed
# in the network table when empty to start logging network requests.
--- a/devtools/client/netmonitor/src/components/SecurityPanel.js
+++ b/devtools/client/netmonitor/src/components/SecurityPanel.js
@@ -29,16 +29,18 @@ const ENABLED_LABEL = L10N.getStr("netmo
const DISABLED_LABEL = L10N.getStr("netmonitor.security.disabled");
const CONNECTION_LABEL = L10N.getStr("netmonitor.security.connection");
const PROTOCOL_VERSION_LABEL = L10N.getStr("netmonitor.security.protocolVersion");
const KEA_GROUP_LABEL = L10N.getStr("netmonitor.security.keaGroup");
const SIGNATURE_SCHEME_LABEL = L10N.getStr("netmonitor.security.signatureScheme");
const HSTS_LABEL = L10N.getStr("netmonitor.security.hsts");
const HPKP_LABEL = L10N.getStr("netmonitor.security.hpkp");
const CERTIFICATE_LABEL = L10N.getStr("netmonitor.security.certificate");
+const CERTIFICATE_TRANSPARENCY_LABEL =
+ L10N.getStr("certmgr.certificateTransparency.label");
const SUBJECT_INFO_LABEL = L10N.getStr("certmgr.subjectinfo.label");
const CERT_DETAIL_COMMON_NAME_LABEL = L10N.getStr("certmgr.certdetail.cn");
const CERT_DETAIL_ORG_LABEL = L10N.getStr("certmgr.certdetail.o");
const CERT_DETAIL_ORG_UNIT_LABEL = L10N.getStr("certmgr.certdetail.ou");
const ISSUER_INFO_LABEL = L10N.getStr("certmgr.issuerinfo.label");
const PERIOD_OF_VALIDITY_LABEL = L10N.getStr("certmgr.periodofvalidity.label");
const BEGINS_LABEL = L10N.getStr("certmgr.begins");
const EXPIRES_LABEL = L10N.getStr("certmgr.expires");
@@ -161,16 +163,18 @@ class SecurityPanel extends Component {
validity.end || NOT_AVAILABLE,
},
[FINGERPRINTS_LABEL]: {
[SHA256_FINGERPRINT_LABEL]:
fingerprint.sha256 || NOT_AVAILABLE,
[SHA1_FINGERPRINT_LABEL]:
fingerprint.sha1 || NOT_AVAILABLE,
},
+ [CERTIFICATE_TRANSPARENCY_LABEL]:
+ securityInfo.certificateTransparency || NOT_AVAILABLE,
},
};
} else {
object = {
[ERROR_LABEL]:
new DOMParser().parseFromString(securityInfo.errorMessage, "text/html")
.body.textContent || NOT_AVAILABLE
};
--- a/devtools/client/netmonitor/test/browser_net_security-details.js
+++ b/devtools/client/netmonitor/test/browser_net_security-details.js
@@ -3,16 +3,18 @@
"use strict";
/**
* Test that Security details tab contains the expected data.
*/
add_task(async function() {
+ await pushPref("security.pki.certificate_transparency.mode", 1);
+
let { tab, monitor } = await initNetMonitor(CUSTOM_GET_URL);
let { document, store, windowRequire } = monitor.panelWin;
let Actions = windowRequire("devtools/client/netmonitor/src/actions/index");
store.dispatch(Actions.batchEnable(false));
info("Performing a secure request.");
const REQUESTS_URL = "https://example.com" + CORS_SJS_PATH;
@@ -72,10 +74,13 @@ add_task(async function() {
// cert validity expires
isnot(textboxes[13].value, "", "Label was not empty.");
// cert sha1 fingerprint
isnot(textboxes[14].value, "", "Label was not empty.");
// cert sha256 fingerprint
isnot(textboxes[15].value, "", "Label was not empty.");
+ // Certificate transparency
+ isnot(textboxes[16].value, "", "Label was not empty.");
+
await teardown(monitor);
});
--- a/devtools/shared/webconsole/network-helper.js
+++ b/devtools/shared/webconsole/network-helper.js
@@ -649,16 +649,44 @@ var NetworkHelper = {
// Protocol version.
info.protocolVersion =
this.formatSecurityProtocol(SSLStatus.protocolVersion);
// Certificate.
info.cert = this.parseCertificateInfo(SSLStatus.serverCert);
+ info.certificateTransparency = null;
+
+ switch (SSLStatus.certificateTransparencyStatus) {
+ case SSLStatus.CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE:
+ default:
+ break;
+ case SSLStatus.CERTIFICATE_TRANSPARENCY_NONE:
+ info.certificateTransparency =
+ L10N.getStr("certmgr.certificateTransparency.status.none");
+ break;
+ case SSLStatus.CERTIFICATE_TRANSPARENCY_POLICY_COMPLIANT:
+ info.certificateTransparency =
+ L10N.getStr("certmgr.certificateTransparency.status.ok");
+ break;
+ case SSLStatus.CERTIFICATE_TRANSPARENCY_POLICY_NOT_ENOUGH_SCTS:
+ info.certificateTransparency =
+ L10N.getStr(
+ "certmgr.certificateTransparency.status.notEnoughSCTS"
+ );
+ break;
+ case SSLStatus.CERTIFICATE_TRANSPARENCY_POLICY_NOT_DIVERSE_SCTS:
+ info.certificateTransparency =
+ L10N.getStr(
+ "certmgr.certificateTransparency.status.notDiverseSCTS"
+ );
+ break;
+ }
+
// HSTS and HPKP if available.
if (httpActivity.hostname) {
const sss = Cc["@mozilla.org/ssservice;1"]
.getService(Ci.nsISiteSecurityService);
// SiteSecurityService uses different storage if the channel is
// private. Thus we must give isSecureURI correct flags or we
// might get incorrect results.