diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
commit | 2aa4a82499d4becd2284cdb482213d541b8804dd (patch) | |
tree | b80bf8bf13c3766139fbacc530efd0dd9d54394c /remote/test/browser/security/browser_setIgnoreCertificateErrors.js | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'remote/test/browser/security/browser_setIgnoreCertificateErrors.js')
-rw-r--r-- | remote/test/browser/security/browser_setIgnoreCertificateErrors.js | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/remote/test/browser/security/browser_setIgnoreCertificateErrors.js b/remote/test/browser/security/browser_setIgnoreCertificateErrors.js new file mode 100644 index 0000000000..36056ad528 --- /dev/null +++ b/remote/test/browser/security/browser_setIgnoreCertificateErrors.js @@ -0,0 +1,162 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const { + STATE_IS_SECURE, + STATE_IS_BROKEN, + STATE_IS_INSECURE, +} = Ci.nsIWebProgressListener; + +// from ../../../build/pgo/server-locations.txt +const NO_CERT = "https://nocert.example.com:443"; +const SELF_SIGNED = "https://self-signed.example.com:443"; +const UNTRUSTED = "https://untrusted.example.com:443"; +const EXPIRED = "https://expired.example.com:443"; +const MISMATCH_EXPIRED = "https://mismatch.expired.example.com:443"; +const MISMATCH_UNTRUSTED = "https://mismatch.untrusted.example.com:443"; +const UNTRUSTED_EXPIRED = "https://untrusted-expired.example.com:443"; +const MISMATCH_UNTRUSTED_EXPIRED = + "https://mismatch.untrusted-expired.example.com:443"; + +const BAD_CERTS = [ + NO_CERT, + SELF_SIGNED, + UNTRUSTED, + EXPIRED, + MISMATCH_EXPIRED, + MISMATCH_UNTRUSTED, + UNTRUSTED_EXPIRED, + MISMATCH_UNTRUSTED_EXPIRED, +]; + +function getConnectionState() { + // prevents items that are being lazy loaded causing issues + document.getElementById("identity-box").click(); + gIdentityHandler.refreshIdentityPopup(); + return document.getElementById("identity-popup").getAttribute("connection"); +} + +/** + * Compares the security state of the page with what is expected. + * Returns one of "secure", "broken", "insecure", or "unknown". + */ +function isSecurityState(browser, expectedState) { + const ui = browser.securityUI; + if (!ui) { + ok(false, "No security UI to get the security state"); + return; + } + + const isSecure = ui.state & STATE_IS_SECURE; + const isBroken = ui.state & STATE_IS_BROKEN; + const isInsecure = ui.state & STATE_IS_INSECURE; + + let actualState; + if (isSecure && !(isBroken || isInsecure)) { + actualState = "secure"; + } else if (isBroken && !(isSecure || isInsecure)) { + actualState = "broken"; + } else if (isInsecure && !(isSecure || isBroken)) { + actualState = "insecure"; + } else { + actualState = "unknown"; + } + + is( + expectedState, + actualState, + `Expected state is ${expectedState} and actual state is ${actualState}` + ); +} + +add_task(async function testDefault({ Security }) { + for (const url of BAD_CERTS) { + info(`Navigating to ${url}`); + const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser); + BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url); + await loaded; + + is( + getConnectionState(), + "cert-error-page", + "Security error page is present" + ); + isSecurityState(gBrowser, "insecure"); + } +}); + +add_task(async function testIgnore({ client }) { + const { Security } = client; + info("Enable security certificate override"); + await Security.setIgnoreCertificateErrors({ ignore: true }); + + for (const url of BAD_CERTS) { + info(`Navigating to ${url}`); + BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url); + await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); + + is( + getConnectionState(), + "secure-cert-user-overridden", + "Security certificate was overridden by user" + ); + isSecurityState(gBrowser, "secure"); + } +}); + +add_task(async function testUnignore({ client }) { + const { Security } = client; + info("Disable security certificate override"); + await Security.setIgnoreCertificateErrors({ ignore: false }); + + for (const url of BAD_CERTS) { + info(`Navigating to ${url}`); + const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser); + BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url); + await loaded; + + is( + getConnectionState(), + "cert-error-page", + "Security error page is present" + ); + isSecurityState(gBrowser, "insecure"); + } +}); + +// smoke test for unignored -> ignored -> unignored +add_task(async function testToggle({ client }) { + const { Security } = client; + let loaded; + + info("Enable security certificate override"); + await Security.setIgnoreCertificateErrors({ ignore: true }); + + info(`Navigating to ${UNTRUSTED} having set the override`); + BrowserTestUtils.loadURI(gBrowser.selectedBrowser, UNTRUSTED); + await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); + + is( + getConnectionState(), + "secure-cert-user-overridden", + "Security certificate was overridden by user" + ); + isSecurityState(gBrowser, "secure"); + + info("Disable security certificate override"); + await Security.setIgnoreCertificateErrors({ ignore: false }); + + info(`Navigating to ${UNTRUSTED} having unset the override`); + loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser); + BrowserTestUtils.loadURI(gBrowser.selectedBrowser, UNTRUSTED); + await loaded; + + is( + getConnectionState(), + "cert-error-page", + "Security error page is present by default" + ); + isSecurityState(gBrowser, "insecure"); +}); |