有没有办法从 Chrome 扩展访问证书信息

2022-01-25 00:00:00 google-chrome chromium ssl-certificate google-chrome-extension javascript

我想从 Google Chrome 扩展程序访问 SSL 证书信息.

I'd like to access SSL certificate information from a Google Chrome extension.

我在这里查看了 API:http://code.google.com/chrome/extensions/api_index.html,但没有看到任何可以完成工作的内容.

I took a look at the APIs here: http://code.google.com/chrome/extensions/api_index.html, but didn't see anything that would get the job done.

理想情况下,我想访问发行者、有效期、主题、序列号等...

Ideally I'd like to get access to Issuer, Validity Period, Subject, Serial Number, etc...

这在 Mozilla/Firefox 中似乎是可能的:

This seems to be possible in Mozilla/Firefox:

https://developer.mozilla.org/En/How_to_check_the_security_state_of_an_XMLHTTPRequest_over_SSL

http://www.sslshopper.com/article-perspectives-extension-to-change-how-firefox-handles-ssl-certificates.html

推荐答案

2018 回答:webextensions(使用 Chrome 扩展 API)可以在 Firefox 62 中做到这一点

您需要制作一个 WebExtension,也称为浏览器扩展.

2018 answer: webextensions (which use the Chrome extension API) can do this in Firefox 62

You'll need to make a WebExtension, which is also called a browser extension.

请参阅访问 MDN 上的安全信息

您还可以查看以下文档:

You can also check out the docs for:

  • getSecurityInfo
  • SecurityInfo
  • CertificateInfo.

您需要 Firefox 62.

You'll need Firefox 62.

这是一个有效的 background.js

var log = console.log.bind(console)

log(`

TLS browser extension loaded`)

// https://developer.chrome.com/extensions/match_patterns
var ALL_SITES = { urls: ['<all_urls>'] }

// Mozilla doesn't use tlsInfo in extraInfoSpec 
var extraInfoSpec = ['blocking']; 

// https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/webRequest/onHeadersReceived
browser.webRequest.onHeadersReceived.addListener(async function(details){
    log(`

Got a request for ${details.url} with ID ${details.requestId}`)

    // Yeah this is a String, even though the content is a Number
    var requestId = details.requestId

    var securityInfo = await browser.webRequest.getSecurityInfo(requestId, {
        certificateChain: true,
        rawDER: false
    });

    log(`securityInfo: ${JSON.stringify(securityInfo, null, 2)}`)

}, ALL_SITES, extraInfoSpec) 

log('Added listener')

manifest.json:

{
    "manifest_version": 2,
    "name": "Test extension",
    "version": "1.0",
    "description": "Test extension.",
    "icons": {
        "48": "icons/border-48.png"
    },
    "background": {
        "scripts": ["background.js"]
    },
    "permissions": [
        "webRequest",
        "webRequestBlocking",
        "<all_urls>"
    ]
}

它也可以在 Chromium 中实现一次合并此代码.

It also may be implemented in Chromium once this code is merged.

相关文章