summaryrefslogtreecommitdiffstats
path: root/remote/test/browser/security/browser_setIgnoreCertificateErrors.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:29:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:29:10 +0000
commit2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
treeb80bf8bf13c3766139fbacc530efd0dd9d54394c /remote/test/browser/security/browser_setIgnoreCertificateErrors.js
parentInitial commit. (diff)
downloadfirefox-upstream.tar.xz
firefox-upstream.zip
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'remote/test/browser/security/browser_setIgnoreCertificateErrors.js')
-rw-r--r--remote/test/browser/security/browser_setIgnoreCertificateErrors.js162
1 files changed, 162 insertions, 0 deletions
diff --git a/remote/test/browser/security/browser_setIgnoreCertificateErrors.js b/remote/test/browser/security/browser_setIgnoreCertificateErrors.js
new file mode 100644
index 0000000000..36056ad528
--- /dev/null
+++ b/remote/test/browser/security/browser_setIgnoreCertificateErrors.js
@@ -0,0 +1,162 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const {
+ STATE_IS_SECURE,
+ STATE_IS_BROKEN,
+ STATE_IS_INSECURE,
+} = Ci.nsIWebProgressListener;
+
+// from ../../../build/pgo/server-locations.txt
+const NO_CERT = "https://nocert.example.com:443";
+const SELF_SIGNED = "https://self-signed.example.com:443";
+const UNTRUSTED = "https://untrusted.example.com:443";
+const EXPIRED = "https://expired.example.com:443";
+const MISMATCH_EXPIRED = "https://mismatch.expired.example.com:443";
+const MISMATCH_UNTRUSTED = "https://mismatch.untrusted.example.com:443";
+const UNTRUSTED_EXPIRED = "https://untrusted-expired.example.com:443";
+const MISMATCH_UNTRUSTED_EXPIRED =
+ "https://mismatch.untrusted-expired.example.com:443";
+
+const BAD_CERTS = [
+ NO_CERT,
+ SELF_SIGNED,
+ UNTRUSTED,
+ EXPIRED,
+ MISMATCH_EXPIRED,
+ MISMATCH_UNTRUSTED,
+ UNTRUSTED_EXPIRED,
+ MISMATCH_UNTRUSTED_EXPIRED,
+];
+
+function getConnectionState() {
+ // prevents items that are being lazy loaded causing issues
+ document.getElementById("identity-box").click();
+ gIdentityHandler.refreshIdentityPopup();
+ return document.getElementById("identity-popup").getAttribute("connection");
+}
+
+/**
+ * Compares the security state of the page with what is expected.
+ * Returns one of "secure", "broken", "insecure", or "unknown".
+ */
+function isSecurityState(browser, expectedState) {
+ const ui = browser.securityUI;
+ if (!ui) {
+ ok(false, "No security UI to get the security state");
+ return;
+ }
+
+ const isSecure = ui.state & STATE_IS_SECURE;
+ const isBroken = ui.state & STATE_IS_BROKEN;
+ const isInsecure = ui.state & STATE_IS_INSECURE;
+
+ let actualState;
+ if (isSecure && !(isBroken || isInsecure)) {
+ actualState = "secure";
+ } else if (isBroken && !(isSecure || isInsecure)) {
+ actualState = "broken";
+ } else if (isInsecure && !(isSecure || isBroken)) {
+ actualState = "insecure";
+ } else {
+ actualState = "unknown";
+ }
+
+ is(
+ expectedState,
+ actualState,
+ `Expected state is ${expectedState} and actual state is ${actualState}`
+ );
+}
+
+add_task(async function testDefault({ Security }) {
+ for (const url of BAD_CERTS) {
+ info(`Navigating to ${url}`);
+ const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
+ BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url);
+ await loaded;
+
+ is(
+ getConnectionState(),
+ "cert-error-page",
+ "Security error page is present"
+ );
+ isSecurityState(gBrowser, "insecure");
+ }
+});
+
+add_task(async function testIgnore({ client }) {
+ const { Security } = client;
+ info("Enable security certificate override");
+ await Security.setIgnoreCertificateErrors({ ignore: true });
+
+ for (const url of BAD_CERTS) {
+ info(`Navigating to ${url}`);
+ BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url);
+ await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
+
+ is(
+ getConnectionState(),
+ "secure-cert-user-overridden",
+ "Security certificate was overridden by user"
+ );
+ isSecurityState(gBrowser, "secure");
+ }
+});
+
+add_task(async function testUnignore({ client }) {
+ const { Security } = client;
+ info("Disable security certificate override");
+ await Security.setIgnoreCertificateErrors({ ignore: false });
+
+ for (const url of BAD_CERTS) {
+ info(`Navigating to ${url}`);
+ const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
+ BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url);
+ await loaded;
+
+ is(
+ getConnectionState(),
+ "cert-error-page",
+ "Security error page is present"
+ );
+ isSecurityState(gBrowser, "insecure");
+ }
+});
+
+// smoke test for unignored -> ignored -> unignored
+add_task(async function testToggle({ client }) {
+ const { Security } = client;
+ let loaded;
+
+ info("Enable security certificate override");
+ await Security.setIgnoreCertificateErrors({ ignore: true });
+
+ info(`Navigating to ${UNTRUSTED} having set the override`);
+ BrowserTestUtils.loadURI(gBrowser.selectedBrowser, UNTRUSTED);
+ await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
+
+ is(
+ getConnectionState(),
+ "secure-cert-user-overridden",
+ "Security certificate was overridden by user"
+ );
+ isSecurityState(gBrowser, "secure");
+
+ info("Disable security certificate override");
+ await Security.setIgnoreCertificateErrors({ ignore: false });
+
+ info(`Navigating to ${UNTRUSTED} having unset the override`);
+ loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
+ BrowserTestUtils.loadURI(gBrowser.selectedBrowser, UNTRUSTED);
+ await loaded;
+
+ is(
+ getConnectionState(),
+ "cert-error-page",
+ "Security error page is present by default"
+ );
+ isSecurityState(gBrowser, "insecure");
+});