221 lines
7.2 KiB
JavaScript
221 lines
7.2 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
"use strict";
|
|
|
|
const { ContextualIdentityListener } = ChromeUtils.importESModule(
|
|
"chrome://remote/content/shared/listeners/ContextualIdentityListener.sys.mjs"
|
|
);
|
|
|
|
const PAGE_URL = "https://example.com/";
|
|
const PAGE_WITH_EXPIRED_CERT = "https://expired.example.com/";
|
|
|
|
add_task(async function test_disable_all_security_checks_globally() {
|
|
const certOverrideService = Cc[
|
|
"@mozilla.org/security/certoverride;1"
|
|
].getService(Ci.nsICertOverrideService);
|
|
|
|
const tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, PAGE_URL);
|
|
const browser = gBrowser.selectedBrowser;
|
|
|
|
info("Loading and waiting for the cert error");
|
|
let errorPageLoaded = BrowserTestUtils.waitForErrorPage(browser);
|
|
BrowserTestUtils.startLoadingURIString(browser, PAGE_WITH_EXPIRED_CERT);
|
|
await errorPageLoaded;
|
|
|
|
Assert.ok(true, "Error page is loaded");
|
|
|
|
info("Disable security checks");
|
|
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
|
|
true
|
|
);
|
|
|
|
const loadedPromise = BrowserTestUtils.browserLoaded(browser);
|
|
BrowserTestUtils.startLoadingURIString(browser, PAGE_WITH_EXPIRED_CERT);
|
|
await loadedPromise;
|
|
Assert.ok(true, "Normal page is loaded");
|
|
|
|
info("Enable security checks");
|
|
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
|
|
false
|
|
);
|
|
|
|
errorPageLoaded = BrowserTestUtils.waitForErrorPage(browser);
|
|
BrowserTestUtils.startLoadingURIString(browser, PAGE_WITH_EXPIRED_CERT);
|
|
await errorPageLoaded;
|
|
Assert.ok(true, "Error page is loaded");
|
|
|
|
BrowserTestUtils.removeTab(tab);
|
|
});
|
|
|
|
add_task(async function test_disable_all_security_checks_for_user_context() {
|
|
const certOverrideService = Cc[
|
|
"@mozilla.org/security/certoverride;1"
|
|
].getService(Ci.nsICertOverrideService);
|
|
|
|
const userContext = ContextualIdentityService.create("test_name");
|
|
const { userContextId } = userContext;
|
|
|
|
const tabInUserContext = BrowserTestUtils.addTab(gBrowser, PAGE_URL, {
|
|
userContextId,
|
|
});
|
|
const browserInUserContext = tabInUserContext.linkedBrowser;
|
|
|
|
info("Loading and waiting for the cert error in user context");
|
|
let errorPageLoaded = BrowserTestUtils.waitForErrorPage(browserInUserContext);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
browserInUserContext,
|
|
PAGE_WITH_EXPIRED_CERT
|
|
);
|
|
await errorPageLoaded;
|
|
|
|
Assert.ok(true, "Error page is loaded");
|
|
|
|
info("Disable security checks for user context");
|
|
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyDataForUserContext(
|
|
userContextId,
|
|
true
|
|
);
|
|
|
|
let loadedPromise = BrowserTestUtils.browserLoaded(browserInUserContext);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
browserInUserContext,
|
|
PAGE_WITH_EXPIRED_CERT
|
|
);
|
|
await loadedPromise;
|
|
Assert.ok(true, "Normal page is loaded in user context");
|
|
|
|
const tabInDefaultUserContext = BrowserTestUtils.addTab(gBrowser, PAGE_URL);
|
|
const browserInDefaultUserContext = tabInDefaultUserContext.linkedBrowser;
|
|
|
|
info("Loading and waiting for the cert error in default user context");
|
|
errorPageLoaded = BrowserTestUtils.waitForErrorPage(
|
|
browserInDefaultUserContext
|
|
);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
browserInDefaultUserContext,
|
|
PAGE_WITH_EXPIRED_CERT
|
|
);
|
|
await errorPageLoaded;
|
|
Assert.ok(true, "Error page is loaded");
|
|
|
|
BrowserTestUtils.removeTab(tabInUserContext);
|
|
BrowserTestUtils.removeTab(tabInDefaultUserContext);
|
|
ContextualIdentityService.remove(userContextId);
|
|
});
|
|
|
|
add_task(
|
|
async function test_disable_all_security_checks_globally_enable_for_user_context() {
|
|
const certOverrideService = Cc[
|
|
"@mozilla.org/security/certoverride;1"
|
|
].getService(Ci.nsICertOverrideService);
|
|
|
|
const tabInDefaultUserContext = await BrowserTestUtils.openNewForegroundTab(
|
|
gBrowser,
|
|
PAGE_URL
|
|
);
|
|
const browser = gBrowser.selectedBrowser;
|
|
|
|
info("Disable security checks");
|
|
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
|
|
true
|
|
);
|
|
|
|
let loadedPromise = BrowserTestUtils.browserLoaded(browser);
|
|
BrowserTestUtils.startLoadingURIString(browser, PAGE_WITH_EXPIRED_CERT);
|
|
await loadedPromise;
|
|
Assert.ok(true, "Normal page is loaded");
|
|
|
|
const userContext = ContextualIdentityService.create("test_name");
|
|
const { userContextId } = userContext;
|
|
|
|
const tabInUserContext = BrowserTestUtils.addTab(gBrowser, PAGE_URL, {
|
|
userContextId,
|
|
});
|
|
const browserInUserContext = tabInUserContext.linkedBrowser;
|
|
|
|
info("Enable security checks for user context");
|
|
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyDataForUserContext(
|
|
userContextId,
|
|
false
|
|
);
|
|
|
|
info("Loading and waiting for the cert error in user context");
|
|
const errorPageLoaded =
|
|
BrowserTestUtils.waitForErrorPage(browserInUserContext);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
browserInUserContext,
|
|
PAGE_WITH_EXPIRED_CERT
|
|
);
|
|
await errorPageLoaded;
|
|
|
|
Assert.ok(true, "Error page is loaded");
|
|
|
|
BrowserTestUtils.removeTab(tabInDefaultUserContext);
|
|
BrowserTestUtils.removeTab(tabInUserContext);
|
|
ContextualIdentityService.remove(userContextId);
|
|
|
|
info("Reenable security checks");
|
|
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
|
|
false
|
|
);
|
|
}
|
|
);
|
|
|
|
add_task(
|
|
async function test_reset_disable_all_security_checks_for_user_context() {
|
|
const certOverrideService = Cc[
|
|
"@mozilla.org/security/certoverride;1"
|
|
].getService(Ci.nsICertOverrideService);
|
|
|
|
const userContext = ContextualIdentityService.create("test_name");
|
|
const { userContextId } = userContext;
|
|
|
|
const tabInUserContext = BrowserTestUtils.addTab(gBrowser, PAGE_URL, {
|
|
userContextId,
|
|
});
|
|
const browserInUserContext = tabInUserContext.linkedBrowser;
|
|
|
|
info("Loading and waiting for the cert error in user context");
|
|
let errorPageLoaded =
|
|
BrowserTestUtils.waitForErrorPage(browserInUserContext);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
browserInUserContext,
|
|
PAGE_WITH_EXPIRED_CERT
|
|
);
|
|
await errorPageLoaded;
|
|
|
|
Assert.ok(true, "Error page is loaded");
|
|
|
|
info("Disable security checks for user context");
|
|
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyDataForUserContext(
|
|
userContextId,
|
|
true
|
|
);
|
|
|
|
let loadedPromise = BrowserTestUtils.browserLoaded(browserInUserContext);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
browserInUserContext,
|
|
PAGE_WITH_EXPIRED_CERT
|
|
);
|
|
await loadedPromise;
|
|
Assert.ok(true, "Normal page is loaded in user context");
|
|
|
|
info("Reset disable security checks for user context");
|
|
certOverrideService.resetDisableAllSecurityChecksAndLetAttackersInterceptMyDataForUserContext(
|
|
userContextId
|
|
);
|
|
|
|
errorPageLoaded = BrowserTestUtils.waitForErrorPage(browserInUserContext);
|
|
BrowserTestUtils.startLoadingURIString(
|
|
browserInUserContext,
|
|
PAGE_WITH_EXPIRED_CERT
|
|
);
|
|
await errorPageLoaded;
|
|
|
|
Assert.ok(true, "Error page is loaded");
|
|
|
|
BrowserTestUtils.removeTab(tabInUserContext);
|
|
ContextualIdentityService.remove(userContextId);
|
|
}
|
|
);
|