chrome/browser/resources/net_internals/hsts_view.js

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 /**
   6  * HSTS is HTTPS Strict Transport Security: a way for sites to elect to always
   7  * use HTTPS. See http://dev.chromium.org/sts
   8  *
   9  * This UI allows a user to query and update the browser's list of HSTS domains.
  10  * It also allows users to query and update the browser's list of public key
  11  * pins.
  12  */
  13
  14 var HSTSView = (function() {
  15   'use strict';
  16
  17   // We inherit from DivView.
  18   var superClass = DivView;
  19
  20   /**
  21    * @constructor
  22    */
  23   function HSTSView() {
  24     assertFirstConstructorCall(HSTSView);
  25
  26     // Call superclass's constructor.
  27     superClass.call(this, HSTSView.MAIN_BOX_ID);
  28
  29     this.addInput_ = $(HSTSView.ADD_INPUT_ID);
  30     this.addStsCheck_ = $(HSTSView.ADD_STS_CHECK_ID);
  31     this.addPkpCheck_ = $(HSTSView.ADD_PKP_CHECK_ID);
  32     this.addPins_ = $(HSTSView.ADD_PINS_ID);
  33     this.deleteInput_ = $(HSTSView.DELETE_INPUT_ID);
  34     this.queryInput_ = $(HSTSView.QUERY_INPUT_ID);
  35     this.queryOutputDiv_ = $(HSTSView.QUERY_OUTPUT_DIV_ID);
  36
  37     var form = $(HSTSView.ADD_FORM_ID);
  38     form.addEventListener('submit', this.onSubmitAdd_.bind(this), false);
  39
  40     form = $(HSTSView.DELETE_FORM_ID);
  41     form.addEventListener('submit', this.onSubmitDelete_.bind(this), false);
  42
  43     form = $(HSTSView.QUERY_FORM_ID);
  44     form.addEventListener('submit', this.onSubmitQuery_.bind(this), false);
  45
  46     g_browser.addHSTSObserver(this);
  47   }
  48
  49   HSTSView.TAB_ID = 'tab-handle-hsts';
  50   HSTSView.TAB_NAME = 'HSTS';
  51   HSTSView.TAB_HASH = '#hsts';
  52
  53   // IDs for special HTML elements in hsts_view.html
  54   HSTSView.MAIN_BOX_ID = 'hsts-view-tab-content';
  55   HSTSView.ADD_INPUT_ID = 'hsts-view-add-input';
  56   HSTSView.ADD_STS_CHECK_ID = 'hsts-view-check-sts-input';
  57   HSTSView.ADD_PKP_CHECK_ID = 'hsts-view-check-pkp-input';
  58   HSTSView.ADD_PINS_ID = 'hsts-view-add-pins';
  59   HSTSView.ADD_FORM_ID = 'hsts-view-add-form';
  60   HSTSView.ADD_SUBMIT_ID = 'hsts-view-add-submit';
  61   HSTSView.DELETE_INPUT_ID = 'hsts-view-delete-input';
  62   HSTSView.DELETE_FORM_ID = 'hsts-view-delete-form';
  63   HSTSView.DELETE_SUBMIT_ID = 'hsts-view-delete-submit';
  64   HSTSView.QUERY_INPUT_ID = 'hsts-view-query-input';
  65   HSTSView.QUERY_OUTPUT_DIV_ID = 'hsts-view-query-output';
  66   HSTSView.QUERY_FORM_ID = 'hsts-view-query-form';
  67   HSTSView.QUERY_SUBMIT_ID = 'hsts-view-query-submit';
  68
  69   cr.addSingletonGetter(HSTSView);
  70
  71   HSTSView.prototype = {
  72     // Inherit the superclass's methods.
  73     __proto__: superClass.prototype,
  74
  75     onSubmitAdd_: function(event) {
  76       g_browser.sendHSTSAdd(this.addInput_.value,
  77                             this.addStsCheck_.checked,
  78                             this.addPkpCheck_.checked,
  79                             this.addPins_.value);
  80       g_browser.sendHSTSQuery(this.addInput_.value);
  81       this.queryInput_.value = this.addInput_.value;
  82       this.addStsCheck_.checked = false;
  83       this.addPkpCheck_.checked = false;
  84       this.addInput_.value = '';
  85       this.addPins_.value = '';
  86       event.preventDefault();
  87     },
  88
  89     onSubmitDelete_: function(event) {
  90       g_browser.sendHSTSDelete(this.deleteInput_.value);
  91       this.deleteInput_.value = '';
  92       event.preventDefault();
  93     },
  94
  95     onSubmitQuery_: function(event) {
  96       g_browser.sendHSTSQuery(this.queryInput_.value);
  97       event.preventDefault();
  98     },
  99
 100     onHSTSQueryResult: function(result) {
 101       if (result.error != undefined) {
 102         this.queryOutputDiv_.innerHTML = '';
 103         var s = addNode(this.queryOutputDiv_, 'span');
 104         s.textContent = result.error;
 105         s.style.color = '#e00';
 106         yellowFade(this.queryOutputDiv_);
 107         return;
 108       }
 109
 110       if (result.result == false) {
 111         this.queryOutputDiv_.innerHTML = '<b>Not found</b>';
 112         yellowFade(this.queryOutputDiv_);
 113         return;
 114       }
 115
 116       this.queryOutputDiv_.innerHTML = '';
 117
 118       var s = addNode(this.queryOutputDiv_, 'span');
 119       s.innerHTML = '<b>Found:</b><br/>';
 120
 121       var keys = [
 122         'domain', 'static_upgrade_mode', 'static_sts_include_subdomains',
 123         'static_pkp_include_subdomains', 'static_sts_observed',
 124         'static_pkp_observed', 'static_spki_hashes', 'dynamic_upgrade_mode',
 125         'dynamic_sts_include_subdomains', 'dynamic_pkp_include_subdomains',
 126         'dynamic_sts_observed', 'dynamic_pkp_observed', 'dynamic_spki_hashes'
 127       ];
 128
 129       var kStaticHashKeys = [
 130         'public_key_hashes', 'preloaded_spki_hashes', 'static_spki_hashes'
 131       ];
 132
 133       var staticHashes = [];
 134       for (var i = 0; i < kStaticHashKeys.length; ++i) {
 135         var staticHashValue = result[kStaticHashKeys[i]];
 136         if (staticHashValue != undefined && staticHashValue != '')
 137           staticHashes.push(staticHashValue);
 138       }
 139
 140       for (var i = 0; i < keys.length; ++i) {
 141         var key = keys[i];
 142         var value = result[key];
 143         addTextNode(this.queryOutputDiv_, ' ' + key + ': ');
 144
 145         // If there are no static_hashes, do not make it seem like there is a
 146         // static PKP policy in place.
 147         if (staticHashes.length == 0 && key.indexOf('static_pkp_') == 0) {
 148           addNode(this.queryOutputDiv_, 'br');
 149           continue;
 150         }
 151
 152         if (key === 'static_spki_hashes') {
 153           addNodeWithText(this.queryOutputDiv_, 'tt', staticHashes.join(','));
 154         } else if (key.indexOf('_upgrade_mode') >= 0) {
 155           addNodeWithText(this.queryOutputDiv_, 'tt', modeToString(value));
 156         } else {
 157           addNodeWithText(this.queryOutputDiv_, 'tt',
 158                           value == undefined ? '' : value);
 159         }
 160         addNode(this.queryOutputDiv_, 'br');
 161       }
 162
 163       yellowFade(this.queryOutputDiv_);
 164     }
 165   };
 166
 167   function modeToString(m) {
 168     // These numbers must match those in
 169     // TransportSecurityState::DomainState::UpgradeMode.
 170     if (m == 0) {
 171       return 'STRICT';
 172     } else if (m == 1) {
 173       return 'OPPORTUNISTIC';
 174     } else {
 175       return 'UNKNOWN';
 176     }
 177   }
 178
 179   function yellowFade(element) {
 180     element.style.webkitTransitionProperty = 'background-color';
 181     element.style.webkitTransitionDuration = '0';
 182     element.style.backgroundColor = '#fffccf';
 183     setTimeout(function() {
 184       element.style.webkitTransitionDuration = '1000ms';
 185       element.style.backgroundColor = '#fff';
 186     }, 0);
 187   }
 188
 189   return HSTSView;
 190 })();