[tor-commits] [tor-browser/tor-browser-60.3.0esr-8.5-1] Bug 26690: Port padlock states for .onion services to mobile
gk at torproject.org
gk at torproject.org
Thu Nov 29 12:39:43 UTC 2018
commit e5659b39d8bc51faecac5daa7f2cb9b63d4dccf8
Author: Igor Oliveira <igt0 at torproject.org>
Date: Mon Oct 29 12:30:14 2018 -0200
Bug 26690: Port padlock states for .onion services to mobile
Prior to this patch, TBA was showing onion services as insecure
connection and SSL/TLS ones as encrypted connections(lock icon).
This patch fixes the issue adding several new onion icons to indicate
all the various permutations of onions services hosted HTTP or HTTPS
pages.
---
.../src/main/res/drawable/site_security_icon.xml | 10 +++++++++-
.../app/src/photon/res/drawable-hdpi/ic_onion.png | Bin 0 -> 807 bytes
.../photon/res/drawable-hdpi/ic_onion_disabled.png | Bin 0 -> 975 bytes
.../src/photon/res/drawable-hdpi/ic_onion_lock.png | Bin 0 -> 932 bytes
.../app/src/photon/res/drawable-xhdpi/ic_onion.png | Bin 0 -> 1015 bytes
.../res/drawable-xhdpi/ic_onion_disabled.png | Bin 0 -> 1260 bytes
.../photon/res/drawable-xhdpi/ic_onion_lock.png | Bin 0 -> 1275 bytes
.../src/photon/res/drawable-xxhdpi/ic_onion.png | Bin 0 -> 1592 bytes
.../res/drawable-xxhdpi/ic_onion_disabled.png | Bin 0 -> 1892 bytes
.../photon/res/drawable-xxhdpi/ic_onion_lock.png | Bin 0 -> 1899 bytes
.../src/photon/res/drawable-xxxhdpi/ic_onion.png | Bin 0 -> 2099 bytes
.../res/drawable-xxxhdpi/ic_onion_disabled.png | Bin 0 -> 2526 bytes
.../photon/res/drawable-xxxhdpi/ic_onion_lock.png | Bin 0 -> 2568 bytes
.../photon/res/drawable/security_mode_icon_nm.xml | 9 +++++++++
.../photon/res/drawable/security_mode_icon_pm.xml | 9 +++++++++
.../base/java/org/mozilla/gecko/SiteIdentity.java | 14 ++++++++++++++
.../mozilla/gecko/toolbar/SecurityModeUtil.java | 21 ++++++++++++++++-----
.../mozilla/gecko/toolbar/SiteIdentityPopup.java | 17 +++++++++++------
mobile/android/chrome/content/browser.js | 14 +++++++++++++-
19 files changed, 81 insertions(+), 13 deletions(-)
diff --git a/mobile/android/app/src/main/res/drawable/site_security_icon.xml b/mobile/android/app/src/main/res/drawable/site_security_icon.xml
index ac8624f861ad..f5f4c7775110 100644
--- a/mobile/android/app/src/main/res/drawable/site_security_icon.xml
+++ b/mobile/android/app/src/main/res/drawable/site_security_icon.xml
@@ -28,5 +28,13 @@
<item
android:drawable="@drawable/ic_search_icon"
android:maxLevel="6" />
-
+ <item
+ android:drawable="@drawable/ic_onion"
+ android:maxLevel="7"/>
+ <item
+ android:drawable="@drawable/ic_onion_lock"
+ android:maxLevel="8"/>
+ <item
+ android:drawable="@drawable/ic_onion_disabled"
+ android:maxLevel="9"/>
</level-list>
diff --git a/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion.png b/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion.png
new file mode 100644
index 000000000000..1a61d982752b
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion_disabled.png b/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion_disabled.png
new file mode 100644
index 000000000000..9669d12101fb
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion_disabled.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion_lock.png b/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion_lock.png
new file mode 100644
index 000000000000..b0f60fea5b28
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-hdpi/ic_onion_lock.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion.png b/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion.png
new file mode 100755
index 000000000000..074330c3a25a
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion_disabled.png b/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion_disabled.png
new file mode 100755
index 000000000000..09db37998d33
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion_disabled.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion_lock.png b/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion_lock.png
new file mode 100755
index 000000000000..13799b7fa8f7
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xhdpi/ic_onion_lock.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion.png b/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion.png
new file mode 100755
index 000000000000..711bb3c8d8fa
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion_disabled.png b/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion_disabled.png
new file mode 100755
index 000000000000..0d931669abf3
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion_disabled.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion_lock.png b/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion_lock.png
new file mode 100755
index 000000000000..f7a5c29b4c17
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xxhdpi/ic_onion_lock.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion.png b/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion.png
new file mode 100755
index 000000000000..97a0beabbe0c
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion_disabled.png b/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion_disabled.png
new file mode 100755
index 000000000000..aec29bf6238b
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion_disabled.png differ
diff --git a/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion_lock.png b/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion_lock.png
new file mode 100755
index 000000000000..71df527b2a6a
Binary files /dev/null and b/mobile/android/app/src/photon/res/drawable-xxxhdpi/ic_onion_lock.png differ
diff --git a/mobile/android/app/src/photon/res/drawable/security_mode_icon_nm.xml b/mobile/android/app/src/photon/res/drawable/security_mode_icon_nm.xml
index 0b6b496b0b34..bb0da0b843d2 100644
--- a/mobile/android/app/src/photon/res/drawable/security_mode_icon_nm.xml
+++ b/mobile/android/app/src/photon/res/drawable/security_mode_icon_nm.xml
@@ -28,5 +28,14 @@
<item
android:drawable="@drawable/ic_search_icon"
android:maxLevel="6" />
+ <item
+ android:drawable="@drawable/ic_onion"
+ android:maxLevel="7"/>
+ <item
+ android:drawable="@drawable/ic_onion_lock"
+ android:maxLevel="8"/>
+ <item
+ android:drawable="@drawable/ic_onion_disabled"
+ android:maxLevel="9"/>
</level-list>
diff --git a/mobile/android/app/src/photon/res/drawable/security_mode_icon_pm.xml b/mobile/android/app/src/photon/res/drawable/security_mode_icon_pm.xml
index edbd269040d1..be47d7fe081f 100644
--- a/mobile/android/app/src/photon/res/drawable/security_mode_icon_pm.xml
+++ b/mobile/android/app/src/photon/res/drawable/security_mode_icon_pm.xml
@@ -28,5 +28,14 @@
<item
android:drawable="@drawable/ic_search_icon"
android:maxLevel="6" />
+ <item
+ android:drawable="@drawable/ic_onion"
+ android:maxLevel="7"/>
+ <item
+ android:drawable="@drawable/ic_onion_lock"
+ android:maxLevel="8"/>
+ <item
+ android:drawable="@drawable/ic_onion_disabled"
+ android:maxLevel="9"/>
</level-list>
diff --git a/mobile/android/base/java/org/mozilla/gecko/SiteIdentity.java b/mobile/android/base/java/org/mozilla/gecko/SiteIdentity.java
index 1a046657329d..f5dcb5747386 100644
--- a/mobile/android/base/java/org/mozilla/gecko/SiteIdentity.java
+++ b/mobile/android/base/java/org/mozilla/gecko/SiteIdentity.java
@@ -25,6 +25,8 @@ public class SiteIdentity {
private String mCountry;
private String mVerifier;
private String mOrigin;
+ private boolean mIsOnionHost;
+ private boolean mHasCert;
public enum SecurityMode {
UNKNOWN,
@@ -59,6 +61,8 @@ public class SiteIdentity {
mCountry = null;
mVerifier = null;
mSecure = false;
+ mIsOnionHost = false;
+ mHasCert = false;
}
public void reset() {
@@ -110,6 +114,8 @@ public class SiteIdentity {
mVerifier = identityData.getString("verifier");
mSecure = identityData.getBoolean("secure");
mSecurityException = identityData.getBoolean("securityException");
+ mIsOnionHost = identityData.getBoolean("isOnionHost");
+ mHasCert = identityData.getBoolean("hasCert");
}
public SecurityMode getSecurityMode() {
@@ -152,6 +158,14 @@ public class SiteIdentity {
return mSecure;
}
+ public boolean isOnionHost() {
+ return mIsOnionHost;
+ }
+
+ public boolean hasCert() {
+ return mHasCert;
+ }
+
public MixedMode getMixedModeActive() {
return mMixedModeActive;
}
diff --git a/mobile/android/base/java/org/mozilla/gecko/toolbar/SecurityModeUtil.java b/mobile/android/base/java/org/mozilla/gecko/toolbar/SecurityModeUtil.java
index ceb33b8e3acb..10bc83c279a1 100644
--- a/mobile/android/base/java/org/mozilla/gecko/toolbar/SecurityModeUtil.java
+++ b/mobile/android/base/java/org/mozilla/gecko/toolbar/SecurityModeUtil.java
@@ -35,6 +35,9 @@ public class SecurityModeUtil {
LOCK_SECURE(1),
LOCK_WARNING(-1), // not used for now. reserve for MixedDisplayContent icon, if any.
LOCK_INSECURE(3),
+ ONION(7),
+ ONION_ACTIVATE(8),
+ ONION_DISABLED(9),
WARNING(2),
TRACKING_CONTENT_BLOCKED(4),
TRACKING_CONTENT_LOADED(5);
@@ -100,6 +103,8 @@ public class SecurityModeUtil {
final MixedMode displayMixedMode = identity.getMixedModeDisplay();
final TrackingMode trackingMode = identity.getTrackingMode();
final boolean securityException = identity.isSecurityException();
+ final boolean isOnionHost = identity.isOnionHost();
+ final boolean hasCert = identity.hasCert();
if (securityException) {
return IconType.WARNING;
@@ -108,9 +113,9 @@ public class SecurityModeUtil {
} else if (trackingMode == TrackingMode.TRACKING_CONTENT_BLOCKED) {
return IconType.TRACKING_CONTENT_BLOCKED;
} else if (activeMixedMode == MixedMode.LOADED) {
- return IconType.LOCK_INSECURE;
+ return isOnionHost ? IconType.ONION_DISABLED : IconType.LOCK_INSECURE;
} else if (displayMixedMode == MixedMode.LOADED) {
- return IconType.WARNING;
+ return isOnionHost ? IconType.ONION_DISABLED : IconType.WARNING;
}
// Chrome-UI checking is after tracking/mixed-content, even for about: pages, as they
@@ -119,9 +124,15 @@ public class SecurityModeUtil {
return IconType.DEFAULT;
}
- return securityModeMap.containsKey(securityMode)
- ? securityModeMap.get(securityMode)
- : IconType.UNKNOWN;
+ if (securityMode == SecurityMode.UNKNOWN) {
+ return isOnionHost ? IconType.ONION : IconType.UNKNOWN;
+ } else if (securityMode == SecurityMode.IDENTIFIED) {
+ return isOnionHost ? (hasCert ? IconType.ONION_ACTIVATE : IconType.ONION) : IconType.LOCK_SECURE;
+ } else if (securityMode == SecurityMode.VERIFIED) {
+ return isOnionHost ? IconType.ONION_ACTIVATE : IconType.LOCK_SECURE;
+ } else {
+ return IconType.UNKNOWN;
+ }
}
/**
diff --git a/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java b/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java
index 831f69f2bf09..df67f0a9b9ed 100644
--- a/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java
+++ b/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java
@@ -144,8 +144,9 @@ public class SiteIdentityPopup extends AnchoredPopup implements BundleEventListe
init();
}
- final boolean isIdentityKnown = (siteIdentity.getSecurityMode() == SecurityMode.IDENTIFIED ||
- siteIdentity.getSecurityMode() == SecurityMode.VERIFIED);
+ final boolean isIdentityKnown = ((siteIdentity.getSecurityMode() == SecurityMode.IDENTIFIED ||
+ siteIdentity.getSecurityMode() == SecurityMode.VERIFIED) &&
+ siteIdentity.hasCert());
updateConnectionState(siteIdentity);
toggleIdentityKnownContainerVisibility(isIdentityKnown);
@@ -322,7 +323,8 @@ public class SiteIdentityPopup extends AnchoredPopup implements BundleEventListe
} else if (!siteIdentity.isSecure()) {
if (siteIdentity.getMixedModeActive() == MixedMode.LOADED) {
// Active Mixed Content loaded because user has disabled blocking.
- mIcon.setImageResource(R.drawable.ic_lock_disabled);
+ int resId = siteIdentity.isOnionHost() ? R.drawable.ic_onion_disabled : R.drawable.ic_lock_disabled;
+ mIcon.setImageResource(resId);
clearSecurityStateIcon();
mMixedContentActivity.setVisibility(View.VISIBLE);
mMixedContentActivity.setText(R.string.mixed_content_protection_disabled);
@@ -330,7 +332,8 @@ public class SiteIdentityPopup extends AnchoredPopup implements BundleEventListe
mLink.setVisibility(View.VISIBLE);
} else if (siteIdentity.getMixedModeDisplay() == MixedMode.LOADED) {
// Passive Mixed Content loaded.
- mIcon.setImageResource(R.drawable.ic_lock_inactive);
+ int resId = siteIdentity.isOnionHost() ? R.drawable.ic_onion_disabled : R.drawable.ic_lock_inactive;
+ mIcon.setImageResource(resId);
setSecurityStateIcon(R.drawable.ic_warning_major, 1);
mMixedContentActivity.setVisibility(View.VISIBLE);
if (siteIdentity.getMixedModeActive() == MixedMode.BLOCKED) {
@@ -342,7 +345,8 @@ public class SiteIdentityPopup extends AnchoredPopup implements BundleEventListe
} else {
// Unencrypted connection with no mixed content.
- mIcon.setImageResource(R.drawable.globe_light);
+ int resId = siteIdentity.isOnionHost() ? R.drawable.ic_onion : R.drawable.globe_light;
+ mIcon.setImageResource(resId);
clearSecurityStateIcon();
mMixedContentActivity.setVisibility(View.GONE);
@@ -361,7 +365,8 @@ public class SiteIdentityPopup extends AnchoredPopup implements BundleEventListe
} else {
// Connection is secure.
- mIcon.setImageResource(R.drawable.ic_lock);
+ int resId = siteIdentity.isOnionHost() ? (siteIdentity.hasCert() ? R.drawable.ic_onion_lock : R.drawable.ic_onion) : R.drawable.ic_lock;
+ mIcon.setImageResource(resId);
setSecurityStateIcon(R.drawable.img_check, 2);
mSecurityState.setTextColor(ContextCompat.getColor(mContext, R.color.affirmative_green));
diff --git a/mobile/android/chrome/content/browser.js b/mobile/android/chrome/content/browser.js
index 51fe1422acc5..3e074009fad9 100644
--- a/mobile/android/chrome/content/browser.js
+++ b/mobile/android/chrome/content/browser.js
@@ -5558,6 +5558,12 @@ var IdentityHandler = {
*/
getIdentityData : function() {
let result = {};
+
+ // Even if the connection is secure, it may not have a certificate
+ if (!this._lastStatus) {
+ return result;
+ }
+
let status = this._lastStatus.QueryInterface(Ci.nsISSLStatus);
let cert = status.serverCert;
@@ -5585,6 +5591,10 @@ var IdentityHandler = {
return result;
},
+ isOnionHost: function isOnionHost() {
+ return this._uri.host.toLowerCase().endsWith(".onion");
+ },
+
/**
* Determines the identity mode corresponding to the icon we show in the urlbar.
*/
@@ -5704,6 +5714,8 @@ var IdentityHandler = {
};
result.host = this.getEffectiveHost();
+ result.isOnionHost = this.isOnionHost();
+ result.hasCert = !!this._lastStatus;
// Don't show identity data for pages with an unknown identity or if any
// mixed content is loaded (mixed display content is loaded by default).
@@ -5757,7 +5769,7 @@ var IdentityHandler = {
// hasMatchingOverride does not handle that, so avoid calling it.
// Updating the tooltip value in those cases isn't critical.
// FIXME: Fixing bug 646690 would probably makes this check unnecessary
- if (this._lastLocation.hostname &&
+ if (this._lastLocation.hostname && iData.cert &&
this._overrideService.hasMatchingOverride(this._lastLocation.hostname,
(this._lastLocation.port || 443),
iData.cert, {}, {})) {
More information about the tor-commits
mailing list