Fixing implicit invalid certs (#363)

shakyShane · web-flow · commit 749baba9d3cc · 2025-03-13T10:56:41.000Z
* certs: wait for cert info on macos/ios

* lint

* skipping some until router is fixed
diff --git a/integration-tests/android.spec-int.js b/integration-tests/android.spec-int.js
@@ -227,7 +227,7 @@ test.describe('breakage form', () => {
         await dash.screenshot('screen-breakage-form-empty-description.png');
     });
 
-    test('submits form with description', { tag: '@screenshots' }, async ({ page }) => {
+    test.skip('submits form with description', { tag: '@screenshots' }, async ({ page }) => {
         /** @type {DashboardPage} */
         const dash = await DashboardPage.android(page, { screen: 'breakageForm' });
         await dash.reducedMotion();
diff --git a/integration-tests/windows.spec-int.js b/integration-tests/windows.spec-int.js
@@ -114,7 +114,7 @@ test.describe('breakage form', () => {
         await dash.screenshot('screen-breakage-form-empty-description.png');
     });
 
-    test('submits form with description', { tag: '@screenshots' }, async ({ page }) => {
+    test.skip('submits form with description', { tag: '@screenshots' }, async ({ page }) => {
         /** @type {DashboardPage} */
         const dash = await DashboardPage.windows(page, { screen: 'breakageForm' });
         await dash.reducedMotion();
diff --git a/schema/__generated__/schema.parsers.mjs b/schema/__generated__/schema.parsers.mjs
diff --git a/schema/__generated__/schema.types.ts b/schema/__generated__/schema.types.ts
diff --git a/schema/api.json b/schema/api.json
@@ -43,6 +43,9 @@
         },
         "extension-outgoing": {
             "$ref": "extension-outgoing.json"
+        },
+        "cert-data": {
+            "$ref": "cert-data.json"
         }
     }
 }
diff --git a/schema/cert-data.json b/schema/cert-data.json
@@ -0,0 +1,108 @@
+{
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "title": "CertData",
+    "type": "object",
+    "description": "",
+    "required": ["secCertificateViewModels", "isInvalidCert"],
+    "additionalProperties": false,
+    "properties": {
+        "secCertificateViewModels": {
+            "type": "array",
+            "items": {
+                "$ref": "#/definitions/SecCertificateViewModel"
+            }
+        },
+        "isInvalidCert": {
+            "type": "boolean",
+            "description": "`true` if the certificate is missing or invalid"
+        }
+    },
+    "definitions": {
+        "SecCertificateViewModel": {
+            "title": "SecCertificateViewModel",
+            "type": "object",
+            "properties": {
+                "summary": {
+                    "type": "string"
+                },
+                "commonName": {
+                    "type": "string"
+                },
+                "emails": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "publicKey": {
+                    "$ref": "#/definitions/SecKeyViewModel"
+                }
+            }
+        },
+        "SecKeyViewModel": {
+            "title": "SecKeyViewModel",
+            "description": "A model representing a SecKey with its properties and capabilities",
+            "type": "object",
+            "properties": {
+                "keyId": {
+                    "type": ["string", "null"],
+                    "description": "Base64 encoded representation of the application label data"
+                },
+                "externalRepresentation": {
+                    "type": ["string", "null"],
+                    "description": "Base64 encoded external representation of the key"
+                },
+                "bitSize": {
+                    "type": ["integer", "null"],
+                    "description": "Size of the key in bits"
+                },
+                "blockSize": {
+                    "type": ["integer", "null"],
+                    "description": "Block size of the key"
+                },
+                "effectiveSize": {
+                    "type": ["integer", "null"],
+                    "description": "Effective size of the key in bits"
+                },
+                "canDecrypt": {
+                    "type": "boolean",
+                    "description": "Whether the key can be used for decryption"
+                },
+                "canDerive": {
+                    "type": "boolean",
+                    "description": "Whether the key can be used for key derivation"
+                },
+                "canEncrypt": {
+                    "type": "boolean",
+                    "description": "Whether the key can be used for encryption"
+                },
+                "canSign": {
+                    "type": "boolean",
+                    "description": "Whether the key can be used for signing"
+                },
+                "canUnwrap": {
+                    "type": "boolean",
+                    "description": "Whether the key can be used for unwrapping another key"
+                },
+                "canVerify": {
+                    "type": "boolean",
+                    "description": "Whether the key can be used for verification"
+                },
+                "canWrap": {
+                    "type": "boolean",
+                    "description": "Whether the key can be used for wrapping another key"
+                },
+                "isPermanent": {
+                    "type": ["boolean", "null"],
+                    "description": "Whether the key is stored permanently in the keychain"
+                },
+                "type": {
+                    "type": ["string", "null"],
+                    "description": "Type of the key (RSA, Elliptic Curve, etc.)",
+                    "enum": ["RSA", "Elliptic Curve", "Elliptic Curve (Prime Random)", null]
+                }
+            },
+            "required": ["canDecrypt", "canDerive", "canEncrypt", "canSign", "canUnwrap", "canVerify", "canWrap"]
+        }
+    }
+}
diff --git a/shared/js/browser/macos-communication.js b/shared/js/browser/macos-communication.js
@@ -14,6 +14,7 @@
  */
 import invariant from 'tiny-invariant';
 import {
+    certDataSchema,
     cookiePromptManagementStatusSchema,
     localeSettingsSchema,
     maliciousSiteStatusSchema,
@@ -55,7 +56,12 @@ const backgroundMessage = (backgroundModel) => {
 const getBackgroundTabDataPromises = [];
 let trackerBlockingData;
 let permissionsData;
+
+/** @type {import('../../../schema/__generated__/schema.types').SecCertificateViewModel[]} */
 let certificateData;
+/** @type {null|boolean} */
+let isInvalidCert = null;
+
 let upgradedHttps;
 /** @type {import("./utils/protections.mjs").Protections | undefined} */
 let protections;
@@ -80,6 +86,7 @@ const combineSources = () => ({
             cookiePromptManagementStatus,
             platformLimitations: true,
             locale,
+            isInvalidCert,
         },
         permissionsData ? { permissions: permissionsData } : {},
         certificateData ? { certificate: certificateData } : {}
@@ -92,6 +99,9 @@ const resolveInitialRender = function () {
     const isTrackerBlockingDataSet = typeof trackerBlockingData === 'object';
     const isLocaleSet = typeof locale === 'string';
     const isMaliciousSiteSet = maliciousSiteStatus && maliciousSiteStatus.kind !== undefined;
+
+    // wait for cert info
+    if (isInvalidCert === null) return console.log('isInvalidCert was not ready');
     if (!isLocaleSet || !isUpgradedHttpsSet || !isIsProtectedSet || !isTrackerBlockingDataSet || !isMaliciousSiteSet) {
         return;
     }
@@ -563,7 +573,16 @@ export function setupShared() {
     window.onChangeProtectionStatus = onChangeProtectionStatus;
     window.onChangeLocale = onChangeLocale;
     window.onChangeCertificateData = function (data) {
-        certificateData = data.secCertificateViewModels;
+        const parsed = certDataSchema.safeParse(data);
+        if (!parsed.success) {
+            console.error('could not parse incoming data from onChangeCertificateData');
+            console.error(parsed.error);
+            certificateData = [];
+            isInvalidCert = false;
+            return;
+        }
+        certificateData = parsed.data.secCertificateViewModels;
+        isInvalidCert = parsed.data.isInvalidCert;
         channel?.send('updateTabData');
     };
     window.onIsPendingUpdates = function (data) {
diff --git a/shared/js/browser/utils/communication-mocks.mjs b/shared/js/browser/utils/communication-mocks.mjs
@@ -44,6 +44,7 @@ export function sharedMockDataProvider(params) {
     window.onChangeUpgradedHttps(state.upgradedHttps);
     window.onChangeCertificateData({
         secCertificateViewModels: state.certificate,
+        isInvalidCert: state.isInvalidCert,
     });
     if (state.remoteFeatureSettings) {
         window.onChangeFeatureSettings?.(state.remoteFeatureSettings);
diff --git a/shared/js/ui/platform-features.mjs b/shared/js/ui/platform-features.mjs
@@ -55,7 +55,7 @@ export function createPlatformFeatures(platform) {
         supportsHover: desktop.includes(platform.name),
         initialScreen: screen,
         opener,
-        supportsInvalidCertsImplicitly: platform.name !== 'browser' && platform.name !== 'windows',
+        supportsInvalidCertsImplicitly: platform.name === 'android',
         supportsMaliciousSiteWarning:
             platform.name === 'macos' || platform.name === 'ios' || platform.name === 'android' || platform.name === 'windows',
         includeToggleOnBreakageForm,
diff --git a/shared/js/ui/templates/page-non-trackers.js b/shared/js/ui/templates/page-non-trackers.js
@@ -1,31 +1,8 @@
 import html from 'nanohtml';
 import { ns } from '../base/localize.js';
 import { states } from '../../browser/utils/request-details.mjs';
-import { heroFromTabNonTrackers } from './shared/hero.js';
 import { renderSections } from './page-trackers.js';
 import { adAttributionLink } from './shared/links';
-import { platformLimitations } from './shared/platform-limitations';
-import { topNav } from './shared/top-nav';
-
-/** @this {{ model: { site: import('../models/site.js').PublicSiteModel }}} */
-export function nonTrackersTemplate() {
-    if (!this.model) {
-        return html`<section class="sliding-subview"></section>`;
-    }
-
-    const sections = sectionsFromSiteNonTracker(this.model.site);
-    const hero = heroFromTabNonTrackers(this.model.site.tab.requestDetails, this.model.site.protectionsEnabled);
-    const limitations = this.model.site.tab.platformLimitations
-        ? html`<div class="padding-x-double">${platformLimitations()}</div>`
-        : html`<div></div>`;
-
-    return html` <div class="site-info card page-inner" data-page="non-trackers">
-        ${topNav({ view: 'secondary' })}
-        <div class="padding-x-double js-tracker-networks-hero">${hero}</div>
-        <div class="padding-x-double js-tracker-networks-details">${sections}</div>
-        ${limitations}
-    </div>`;
-}
 
 /**
  * @param {import('../models/site.js').PublicSiteModel} site
diff --git a/shared/js/ui/views/tests/generate-data.mjs b/shared/js/ui/views/tests/generate-data.mjs

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,9 @@`
`43`	`43`	`},`
`44`	`44`	`"extension-outgoing": {`
`45`	`45`	`"$ref": "extension-outgoing.json"`
	`46`	`+ },`
	`47`	`+ "cert-data": {`
	`48`	`+ "$ref": "cert-data.json"`
`46`	`49`	`}`
`47`	`50`	`}`
`48`	`51`	`}`