89 lines
2.8 KiB
JavaScript
89 lines
2.8 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
"use strict";
|
|
|
|
add_virtual_authenticator();
|
|
|
|
let expectSecurityError = expectError("Security");
|
|
|
|
async function test_webauthn_with_cert_override(
|
|
aTestDomain,
|
|
aExpectSecurityError
|
|
) {
|
|
let certOverrideService = Cc[
|
|
"@mozilla.org/security/certoverride;1"
|
|
].getService(Ci.nsICertOverrideService);
|
|
|
|
let testURL = "https://" + aTestDomain;
|
|
let certErrorLoaded;
|
|
let tab = await BrowserTestUtils.openNewForegroundTab(
|
|
gBrowser,
|
|
() => {
|
|
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, testURL);
|
|
let browser = gBrowser.selectedBrowser;
|
|
certErrorLoaded = BrowserTestUtils.waitForErrorPage(browser);
|
|
},
|
|
false
|
|
);
|
|
info("Waiting for cert error page.");
|
|
await certErrorLoaded;
|
|
|
|
let loaded = BrowserTestUtils.browserLoaded(tab.linkedBrowser);
|
|
|
|
info("Adding certificate error override.");
|
|
await SpecialPowers.spawn(tab.linkedBrowser, [], async function () {
|
|
let doc = content.document;
|
|
let exceptionButton = doc.getElementById("exceptionDialogButton");
|
|
exceptionButton.click();
|
|
});
|
|
|
|
info("Waiting for page load.");
|
|
await loaded;
|
|
|
|
await SpecialPowers.spawn(tab.linkedBrowser, [], async function () {
|
|
let doc = content.document;
|
|
ok(
|
|
!doc.documentURI.startsWith("about:certerror"),
|
|
"Exception has been added."
|
|
);
|
|
});
|
|
|
|
let makeCredPromise = promiseWebAuthnMakeCredential(tab, "none", "preferred");
|
|
if (aExpectSecurityError) {
|
|
await makeCredPromise.then(arrivingHereIsBad).catch(expectSecurityError);
|
|
ok(
|
|
true,
|
|
"Calling navigator.credentials.create() results in a security error"
|
|
);
|
|
} else {
|
|
await makeCredPromise.catch(arrivingHereIsBad);
|
|
ok(true, "Calling navigator.credentials.create() is allowed");
|
|
}
|
|
|
|
let getAssertionPromise = promiseWebAuthnGetAssertionDiscoverable(tab);
|
|
if (aExpectSecurityError) {
|
|
await getAssertionPromise
|
|
.then(arrivingHereIsBad)
|
|
.catch(expectSecurityError);
|
|
ok(true, "Calling navigator.credentials.get() results in a security error");
|
|
} else {
|
|
await getAssertionPromise.catch(arrivingHereIsBad);
|
|
ok(true, "Calling navigator.credentials.get() results in a security error");
|
|
}
|
|
|
|
certOverrideService.clearValidityOverride(aTestDomain, -1, {});
|
|
|
|
loaded = BrowserTestUtils.waitForErrorPage(tab.linkedBrowser);
|
|
BrowserCommands.reloadSkipCache();
|
|
await loaded;
|
|
|
|
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
|
}
|
|
|
|
add_task(() => test_webauthn_with_cert_override("expired.example.com", false));
|
|
add_task(() => test_webauthn_with_cert_override("untrusted.example.com", true));
|
|
add_task(() =>
|
|
test_webauthn_with_cert_override("no-subject-alt-name.example.com", true)
|
|
);
|