Get SSL Certificate from addon

Add-ons Development
#1

Hi,
I’m trying to develop an addon (using jpm) to show certain information about the ssl/tls certificate of the current web page.

Unfortunately I didn’t found anyway to retrieve the ssl certificate of the current tab. I found this blockpost: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/How_to_check_the_secruity_state_of_an_XMLHTTPRequest_over_SSL but in this solution there would be a new xmlhttprequest request for every check and i don’t think that that can be a good solution. Furthermore i would get problems when i would try to check websites with self signed certificates.

Are there any ways (i didn’t found) to ask the tab or window to return the current certificate? I noticed that a tab has the property url so i can get the current url but I didn’t found anyway to access the security information…

Do you have any ideas? Thanks in advance…
Best regards,
Chris

#2

I don’t think there is an SDK API for this. You will have to resort to require('chrome') and dig in deeper.

This is the script that is responsible for the security tab of the little page info popup:
chrome://browser/content/pageinfo/security.js

You should find everything you need in there.

#3

Hi,
using the link you provided i was able to figure out how to get the information about security details.
Thanks a lot for your answer.

I used a similar approach as the security panel and query the securityUI to get the information i want to get. Unfortunately the nsISecureBrowserUI, which includes the information i want to obtain, seems not to be documentated (or i’m not able to find the correct document). The link provided in the documentation leads to this page (https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsISecureBrowserUI) which is a 404 error page…

Anyway you helped me a lot. Thanks a lot for that. If you’re interessted in my solution you can see the code below:

solution 
let { Cc, Ci } = require('chrome');
let tabs = require("sdk/tabs");
let tab_utils = require("sdk/tabs/utils");
let { modelFor } = require("sdk/model/core");
let { viewFor } = require("sdk/view/core");



function mapHighLevelToLowLevel(tab) {
  var lowLevelTab = viewFor(tab);
  var browser = tab_utils.getBrowserForTab(lowLevelTab);
  getSecInfo(browser.securityUI);
}

function getSecInfo(ui){
    if (!ui)
      return null;

    var status = ui.SSLStatus;
    if(status != null && status != undefined){
        console.log(status.serverCert.sha256Fingerprint);
        // see chrome://browser/content/pageinfo/security.js for more possible security informations
    } else {
        console.log('status was null; no information available');
    }
}

tabs.open("https://www.test.de");
tabs.on("ready", mapHighLevelToLowLevel);
1 Like