Bug 1207137 - Implement weak crypto override UI. r=ttaubert

iaxat · Oct 17, 2015 · 1258c44 · 1258c44
1 parent fefc0bc
commit 1258c44
Show file tree

Hide file tree

Showing 10 changed files with 115 additions and 8 deletions.
diff --git a/b2g/locales/en-US/chrome/overrides/appstrings.properties b/b2g/locales/en-US/chrome/overrides/appstrings.properties
@@ -36,3 +36,4 @@ cspBlocked=This page has a content security policy that prevents it from being l
 corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.
 remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.
 sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
+weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
diff --git a/browser/base/content/aboutNetError.xhtml b/browser/base/content/aboutNetError.xhtml
@@ -91,6 +91,12 @@
         buttonEl.disabled = true;
       }
 
+      function doOverride(buttonEl) {
+        var event = new CustomEvent("AboutNetErrorOverride", {bubbles:true});
+        document.dispatchEvent(event);
+        retryThis(buttonEl);
+      }
+
       function toggleDisplay(node) {
         toggle = {
           '': 'block',
@@ -121,6 +127,23 @@
         });
       }
 
+      function showWeakCryptoAdvanced() {
+        // Display weak crypto advanced UI
+        document.getElementById("weakCryptoAdvanced").style.display = "block";
+
+        // Get the hostname and add it to the panel
+        var panel = document.getElementById("weakCryptoAdvancedPanel");
+        for (var span of panel.querySelectorAll("span.hostname")) {
+          span.textContent = document.location.hostname;
+        }
+
+        // Register click handler for the weakCryptoAdvancedPanel
+        document.getElementById("showWeakCryptoAdvancedPanel")
+                .addEventListener("click", () => toggleDisplay(panel));
+
+        var overrideLink = document.getElementById("overrideWeakCrypto");
+        overrideLink.addEventListener("click", () => doOverride(overrideLink), false);
+      }
 
       function sendErrorReport() {
         var event = new CustomEvent("AboutNetErrorSendReport", {bubbles:true});
@@ -172,6 +195,16 @@
           retryBtn.setAttribute("onclick", "learnMoreSSLV3()");
         }
 
+        if (err == "weakCryptoUsed") {
+          var learnMoreText = document.getElementById("learn_more_weak_crypto");
+
+          document.getElementById("errorTitle").setAttribute("weakCrypto", "true");
+
+          var retryBtn = document.getElementById("errorTryAgain");
+          retryBtn.textContent = learnMoreText.textContent;
+          retryBtn.setAttribute("onclick", "learnMoreWeakCrypto()");
+        }
+
         // remove undisplayed errors to avoid bug 39098
         var errContainer = document.getElementById("errorContainer");
         errContainer.parentNode.removeChild(errContainer);
@@ -240,6 +273,9 @@
               retryBtn.addEventListener('click', sendErrorReport, false);
             }
           }
+          if (getErrorCode() == "weakCryptoUsed") {
+            showWeakCryptoAdvanced();
+          }
         }.bind(this), true, true);
 
         var event = new CustomEvent("AboutNetErrorLoad", {bubbles:true});
@@ -351,6 +387,12 @@
         // Ensure users don't re-click the button:
         e.target.disabled = true;
       }
+
+      function learnMoreWeakCrypto() {
+        location.href = "https://support.mozilla.org/kb/how-resolve-weak-crypto-error-messages-firefox";
+        // Ensure users don't re-click the button:
+        e.target.disabled = true;
+      }
     ]]></script>
   </head>
 
@@ -385,6 +427,7 @@
         <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
         <h1 id="et_corruptedContentError">&corruptedContentError.title;</h1>
         <h1 id="et_sslv3Used">&sslv3Used.title;</h1>
+        <h1 id="et_weakCryptoUsed">&weakCryptoUsed.title;</h1>
       </div>
       <div id="errorDescriptionsContainer">
         <div id="ed_generic">&generic.longDesc;</div>
@@ -414,6 +457,8 @@
         <div id="ed_corruptedContentError">&corruptedContentError.longDesc;</div>
         <div id="ed_sslv3Used">&sslv3Used.longDesc;</div>
         <div id="learn_more_ssl3">&sslv3Used.learnMore;</div>
+        <div id="ed_weakCryptoUsed">&weakCryptoUsed.longDesc;</div>
+        <div id="learn_more_weak_crypto">&weakCryptoUsed.learnMore;</div>
       </div>
     </div>
 
@@ -488,6 +533,21 @@
         </div>
       </div>
 
+      <!-- UI for option to override weak crypto errors. Removed on
+           init for other error types .-->
+      <div id="weakCryptoAdvanced">
+        <a id="showWeakCryptoAdvancedPanel" href="#">&weakCryptoAdvanced.title;<span class="downArrow"> &#x25bc;</span></a>
+      </div>
+
+      <div id="weakCryptoAdvancedPanel">
+        <div id="weakCryptoAdvancedDescription">
+          <p>&weakCryptoAdvanced.longDesc;</p>
+        </div>
+        <div id="overrideWeakCryptoPanel">
+          <a id="overrideWeakCrypto" href="#">&weakCryptoAdvanced.override;</a>
+        </div>
+      </div>
+
     </div>
 
     <!--

diff --git a/browser/base/content/browser.js b/browser/base/content/browser.js
@@ -2748,6 +2748,7 @@ var BrowserOnClick = {
     mm.addMessageListener("Browser:SendSSLErrorReport", this);
     mm.addMessageListener("Browser:SetSSLErrorReportAuto", this);
     mm.addMessageListener("Browser:SSLErrorReportTelemetry", this);
+    mm.addMessageListener("Browser:OverrideWeakCrypto", this);
   },
 
   uninit: function () {
@@ -2758,6 +2759,7 @@ var BrowserOnClick = {
     mm.removeMessageListener("Browser:SendSSLErrorReport", this);
     mm.removeMessageListener("Browser:SetSSLErrorReportAuto", this);
     mm.removeMessageListener("Browser:SSLErrorReportTelemetry", this);
+    mm.removeMessageListener("Browser:OverrideWeakCrypto", this);
   },
 
   handleEvent: function (event) {
@@ -2815,6 +2817,14 @@ var BrowserOnClick = {
         Services.telemetry.getHistogramById("TLS_ERROR_REPORT_UI")
           .add(reportStatus);
       break;
+      case "Browser:OverrideWeakCrypto":
+        let weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"]
+                                   .getService(Ci.nsIWeakCryptoOverride);
+        weakCryptoOverride.addWeakCryptoOverride(
+          msg.data.location.hostname,
+          PrivateBrowsingUtils.isBrowserPrivate(gBrowser.selectedBrowser),
+          true /* temporary */);
+      break;
     }
   },
 

diff --git a/browser/base/content/content.js b/browser/base/content/content.js
@@ -213,6 +213,7 @@ var AboutNetErrorListener = {
     chromeGlobal.addEventListener('AboutNetErrorSetAutomatic', this, false, true);
     chromeGlobal.addEventListener('AboutNetErrorSendReport', this, false, true);
     chromeGlobal.addEventListener('AboutNetErrorUIExpanded', this, false, true);
+    chromeGlobal.addEventListener('AboutNetErrorOverride', this, false, true);
   },
 
   get isAboutNetError() {
@@ -238,6 +239,9 @@ var AboutNetErrorListener = {
       sendAsyncMessage("Browser:SSLErrorReportTelemetry",
                        {reportStatus: TLS_ERROR_REPORT_TELEMETRY_EXPANDED});
       break;
+    case "AboutNetErrorOverride":
+      this.onOverride(aEvent);
+      break;
     }
   },
 
@@ -330,6 +334,16 @@ var AboutNetErrorListener = {
         location: {hostname: contentDoc.location.hostname, port: contentDoc.location.port},
         securityInfo: serializedSecurityInfo
       });
+  },
+
+  onOverride: function(evt) {
+    let contentDoc = content.document;
+    let location = contentDoc.location;
+
+    sendAsyncMessage("Browser:OverrideWeakCrypto", {
+      documentURI: contentDoc.documentURI,
+      location: {hostname: location.hostname, port: location.port}
+    });
   }
 }
 

diff --git a/browser/locales/en-US/chrome/overrides/appstrings.properties b/browser/locales/en-US/chrome/overrides/appstrings.properties
@@ -37,3 +37,5 @@ corruptedContentError=The page you are trying to view cannot be shown because an
 remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.
 ## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S".
 sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
+## LOCALIZATION NOTE (weakCryptoUsed) - Do not translate "%S".
+weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
diff --git a/browser/locales/en-US/chrome/overrides/netError.dtd b/browser/locales/en-US/chrome/overrides/netError.dtd
@@ -215,3 +215,12 @@ functionality specific to firefox. -->
      "ssl_error_unsupported_version". -->
 <!ENTITY sslv3Used.longDesc "Advanced info: ssl_error_unsupported_version">
 <!ENTITY sslv3Used.learnMore "Learn More…">
+
+<!ENTITY weakCryptoUsed.title "Your connection is not secure">
+<!-- LOCALIZATION NOTE (weakCryptoUsed.longDesc) - Do not translate
+     "ssl_error_no_cypher_overlap". -->
+<!ENTITY weakCryptoUsed.longDesc "Advanced info: ssl_error_no_cypher_overlap">
+<!ENTITY weakCryptoUsed.learnMore "Learn More…">
+<!ENTITY weakCryptoAdvanced.title "Advanced">
+<!ENTITY weakCryptoAdvanced.longDesc "<span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe.">
+<!ENTITY weakCryptoAdvanced.override "(Not secure) Try loading <span class='hostname'></span> using outdated security">
diff --git a/browser/themes/shared/aboutNetError.css b/browser/themes/shared/aboutNetError.css
@@ -49,7 +49,8 @@ ul {
   background-position: right 0;
 }
 
-#errorTitle[sslv3=true] {
+#errorTitle[sslv3=true],
+#errorTitle[weakCrypto=true] {
   background-image: url("aboutNetError_alert.svg");
 }
 
@@ -78,19 +79,22 @@ button:disabled {
   cursor: pointer;
 }
 
-div#certificateErrorReporting {
+div#certificateErrorReporting,
+div#weakCryptoAdvanced {
   display: none;
   float: right;
   /* Align with the "Try Again" button */
   margin-top: 24px;
   -moz-margin-end: 24px;
 }
 
-div#certificateErrorReporting a {
+div#certificateErrorReporting a,
+div#weakCryptoAdvanced a {
   text-decoration: none;
 }
 
-div#certificateErrorReporting a:hover {
+div#certificateErrorReporting a:hover,
+div#weakCryptoAdvanced a:hover {
   text-decoration: underline;
 }
 
@@ -102,7 +106,8 @@ span.downArrow {
   transform: scaleY(0.7);
 }
 
-div#certificateErrorReportingPanel {
+div#certificateErrorReportingPanel,
+div#weakCryptoAdvancedPanel {
   /* Hidden until the link is clicked */
   display: none;
   background-color: white;
@@ -117,15 +122,18 @@ div#certificateErrorReportingPanel {
   margin-top: 10px;
 }
 
-div#certificateErrorReportingPanel:-moz-dir(ltr) {
+div#certificateErrorReportingPanel:-moz-dir(ltr),
+div#weakCryptoAdvancedPanel:-moz-dir(ltr) {
   left: 34%;
 }
 
-div#certificateErrorReportingPanel:-moz-dir(rtl) {
+div#certificateErrorReportingPanel:-moz-dir(rtl),
+div#weakCryptoAdvancedPanel:-moz-dir(rtl) {
   right: 0;
 }
 
-#errorStatePanel {
+#errorStatePanel,
+#overrideWeakCryptoPanel {
   display: flex;
   flex-direction: row;
   flex-wrap: wrap;

diff --git a/dom/locales/en-US/chrome/appstrings.properties b/dom/locales/en-US/chrome/appstrings.properties
@@ -35,3 +35,4 @@ cspBlocked=This page has a content security policy that prevents it from being l
 corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.
 remoteXUL=This page uses an unsupported technology that is no longer available by default.
 sslv3Used=The safety of your data on %S could not be guaranteed because it uses SSLv3, a broken security protocol.
+weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, the connection to this website has not been established.
diff --git a/mobile/locales/en-US/overrides/appstrings.properties b/mobile/locales/en-US/overrides/appstrings.properties
@@ -36,3 +36,4 @@ cspBlocked=This page has a content security policy that prevents it from being l
 corruptedContentError=The page you are trying to view cannot be shown because an error in the data transmission was detected.
 remoteXUL=This page uses an unsupported technology that is no longer available by default in Firefox.
 sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
+weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
diff --git a/webapprt/locales/en-US/webapprt/overrides/appstrings.properties b/webapprt/locales/en-US/webapprt/overrides/appstrings.properties
@@ -35,3 +35,4 @@ cspBlocked=This application tried to access a resource that has a content securi
 corruptedContentError=The application cannot continue loading because an error in the data transmission was detected.
 remoteXUL=This application tried to use an unsupported technology that is no longer available.
 sslv3Used=This application cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
+weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, this application has not connected to this website.