Larry UI for Owner shows "No Information Provided," but Page Info says differently. b=415282, r=gavin, ui-r=beltzner, a=schrep
authorjohnath@mozilla.com
Tue, 19 Feb 2008 07:21:36 -0800
changeset 11866 2d84d1cf7137373247a4253ea37d9dae6290c846
parent 11865 6074bc256e69dbbd8aeb18b424985a19bc0b300c
child 11867 77a6d664041bb95a7520c457e6ac8ff48a6db2d7
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersgavin, beltzner, schrep
bugs415282
milestone1.9b4pre
Larry UI for Owner shows "No Information Provided," but Page Info says differently. b=415282, r=gavin, ui-r=beltzner, a=schrep
browser/base/content/pageinfo/security.js
--- a/browser/base/content/pageinfo/security.js
+++ b/browser/base/content/pageinfo/security.js
@@ -64,31 +64,34 @@ var security = {
     catch (exception) { }
 
     var ui = security._getSecurityUI();
     if (!ui)
       return null;
 
     var isBroken =
       (ui.state == Components.interfaces.nsIWebProgressListener.STATE_IS_BROKEN);
+    var isEV =
+      (ui.state & Components.interfaces.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
     ui.QueryInterface(nsISSLStatusProvider);
     var status = ui.SSLStatus;
 
     if (status) {
       status.QueryInterface(nsISSLStatus);
       var cert = status.serverCert;
       var issuerName =
         this.mapIssuerOrganization(cert.issuerOrganization) || cert.issuerName;
 
       var retval = {
         hostName : hName,
         cAName : issuerName,
         encryptionAlgorithm : undefined,
         encryptionStrength : undefined,
         isBroken : isBroken,
+        isEV : isEV,
         cert : cert,
         fullLocation : gWindow.location
       };
 
       try {
         retval.encryptionAlgorithm = status.cipherName;
         retval.encryptionStrength = status.secretKeyLength;
       }
@@ -98,16 +101,17 @@ var security = {
       return retval;
     } else {
       return {
         hostName : hName,
         cAName : "",
         encryptionAlgorithm : "",
         encryptionStrength : 0,
         isBroken : isBroken,
+        isEV : isEV,
         cert : null,
         fullLocation : gWindow.location        
       };
     }
   },
 
   // Find the secureBrowserUI object (if present)
   _getSecurityUI : function() {
@@ -192,31 +196,39 @@ function securityOnLoad() {
   else {
     document.getElementById("securityTab").hidden = false;
     document.getElementById("securityBox").collapsed = false;
   }
 
   /* Set Identity section text */
   setText("security-identity-domain-value", info.hostName);
   
-  // FIXME - Should only be showing the next two if the cert is EV.  Waiting on
-  // bug 374336
   var owner, verifier, generalPageIdentityString;
   if (info.cert && !info.isBroken) {
     // Try to pull out meaningful values.  Technically these fields are optional
     // so we'll employ fallbacks where appropriate.  The EV spec states that Org
-    // fields must be specified for subject and issuer so when 374336 lands, this
-    // code can be simplified.
-    owner = info.cert.organization || info.cert.commonName ||
-            info.cert.subjectName;
-    verifier = security.mapIssuerOrganization(info.cAName ||
-                                              info.cert.issuerCommonName ||
-                                              info.cert.issuerName);
-    generalPageIdentityString = pageInfoBundle.getFormattedString("generalSiteIdentity",
-                                                                  [owner, verifier]);
+    // fields must be specified for subject and issuer so that case is simpler.
+    if (info.isEV) {
+      owner = info.cert.organization;
+      verifier = security.mapIssuerOrganization(info.cAName);
+      generalPageIdentityString = pageInfoBundle.getFormattedString("generalSiteIdentity",
+                                                                    [owner, verifier]);
+    }
+    else {
+      // Technically, a non-EV cert might specify an owner in the O field or not,
+      // depending on the CA's issuing policies.  However we don't have any programmatic
+      // way to tell those apart, and no policy way to establish which organization
+      // vetting standards are good enough (that's what EV is for) so we default to
+      // treating these certs as domain-validated only.
+      owner = pageInfoBundle.getString("securityNoIdentity");
+      verifier = security.mapIssuerOrganization(info.cAName ||
+                                                info.cert.issuerCommonName ||
+                                                info.cert.issuerName);
+      generalPageIdentityString = owner;
+    }
   }
   else {
     // We don't have valid identity credentials.
     owner = pageInfoBundle.getString("securityNoIdentity");
     verifier = pageInfoBundle.getString("notset");
     generalPageIdentityString = owner;
   }