ELECTRON-453: add functionality to ignore cert transparency checks (#373)

- add functionality to ignore cert transparency checks for specific urls - fix reading config file as per PR comments
2024-11-21 16:38:41 -06:00 · 2018-05-21 17:04:24 +05:30 · 2018-05-21 17:04:24 +05:30 · 4ba0db73f5
commit 4ba0db73f5
parent 2362febc58
3 changed files with 33 additions and 3 deletions
--- a/config/Symphony.config
+++ b/config/Symphony.config
@ -7,6 +7,7 @@
    "whitelistUrl": "*",
    "isCustomTitleBar": true,
    "memoryRefresh": true,
+    "ctWhitelist": [],
    "notificationSettings": {
        "position": "upper-right",
        "display": ""
--- a/js/utils/whitelistHandler.js
+++ b/js/utils/whitelistHandler.js
@ -158,6 +158,7 @@ function parseDomain(url) {

 module.exports = {
    isWhitelisted,
+    parseDomain,

    // items below here are only exported for testing, do NOT use!
    checkWhitelist
--- a/js/windowMgr.js
+++ b/js/windowMgr.js
@ -23,7 +23,7 @@ const throttle = require('./utils/throttle.js');
 const { getConfigField, updateConfigField, readConfigFileSync } = require('./config.js');
 const { isMac, isNodeEnv, isWindows10, isWindowsOS } = require('./utils/misc');
 const { deleteIndexFolder } = require('./search/search.js');
-const { isWhitelisted } = require('./utils/whitelistHandler');
+const { isWhitelisted, parseDomain } = require('./utils/whitelistHandler');
 const { initCrashReporterMain, initCrashReporterRenderer } = require('./crashReporter.js');

 // show dialog when certificate errors occur
@ -56,6 +56,9 @@ const MIN_HEIGHT = 300;
 const DEFAULT_WIDTH = 300;
 const DEFAULT_HEIGHT = 600;

+// Certificate transparency whitelist
+let ctWhitelist = [];
+
 /**
 * Adds a window key
 * @param key
@ -119,8 +122,12 @@ function doCreateMainWindow(initialUrl, initialBounds) {
        && typeof config.isCustomTitleBar === 'boolean'
        && config.isCustomTitleBar
        && isWindows10();
-
-    log.send(logLevels.INFO, 'creating main window url: ' + url);
+    log.send(logLevels.INFO, `we are configuring a custom title bar for windows -> ${isCustomTitleBarEnabled}`);
+    
+    ctWhitelist = config && config.ctWhitelist;
+    log.send(logLevels.INFO, `we are configuring certificate transparency whitelist for the domains -> ${ctWhitelist}`);
+    
+    log.send(logLevels.INFO, `creating main window for ${url}`);
    
    if (config && config !== null && config.customFlags) {
        
@ -308,6 +315,7 @@ function doCreateMainWindow(initialUrl, initialBounds) {

    // open external links in default browser - a tag with href='_blank' or window.open
    mainWindow.webContents.on('new-window', handleNewWindow);
+    mainWindow.webContents.session.setCertificateVerifyProc(handleCertificateTransparencyChecks);

    function handleNewWindow(event, newWinUrl, frameName, disposition, newWinOptions) {
        
@ -453,6 +461,8 @@ function doCreateMainWindow(initialUrl, initialBounds) {
                    });
                    
                    handlePermissionRequests(browserWin.webContents);
+    
+                    browserWin.webContents.session.setCertificateVerifyProc(handleCertificateTransparencyChecks);
                }
            });
        } else {
@ -567,6 +577,24 @@ function doCreateMainWindow(initialUrl, initialBounds) {
            })

    }
+    
+    function handleCertificateTransparencyChecks(request, callback) {
+        
+        const { hostname: hostUrl, errorCode } = request;
+        
+        if (errorCode === 0) {
+            return callback(0);
+        }
+        
+        let { tld, domain } = parseDomain(hostUrl);
+        let host = domain + tld;
+        
+        if (ctWhitelist && Array.isArray(ctWhitelist) && ctWhitelist.length > 0 && ctWhitelist.indexOf(host) > -1) {
+            return callback(0);
+        }
+        
+        return callback(-2);
+    }

 }