Adding upstream version 86.0.1.upstream/86.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
commit: 2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree: b80bf8bf13c3766139fbacc530efd0dd9d54394c /remote/test/browser/security
parent: Initial commit. (diff)
download: firefox-upstream.tar.xz
firefox-upstream.zip
3 files changed, 184 insertions, 0 deletions
diff --git a/remote/test/browser/security/browser.ini b/remote/test/browser/security/browser.ini
new file mode 100644
index 0000000000..5a8065e015
--- /dev/null
+++ b/remote/test/browser/security/browser.ini
@@ -0,0 +1,11 @@
+[DEFAULT]
+tags = remote
+subsuite = remote
+prefs =
+  remote.enabled=true
+support-files =
+  !/remote/test/browser/chrome-remote-interface.js
+  !/remote/test/browser/head.js
+  head.js
+
+[browser_setIgnoreCertificateErrors.js]
diff --git a/remote/test/browser/security/browser_setIgnoreCertificateErrors.js b/remote/test/browser/security/browser_setIgnoreCertificateErrors.js
new file mode 100644
index 0000000000..36056ad528
--- /dev/null
+++ b/remote/test/browser/security/browser_setIgnoreCertificateErrors.js
@@ -0,0 +1,162 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const {
+  STATE_IS_SECURE,
+  STATE_IS_BROKEN,
+  STATE_IS_INSECURE,
+} = Ci.nsIWebProgressListener;
+
+// from ../../../build/pgo/server-locations.txt
+const NO_CERT = "https://nocert.example.com:443";
+const SELF_SIGNED = "https://self-signed.example.com:443";
+const UNTRUSTED = "https://untrusted.example.com:443";
+const EXPIRED = "https://expired.example.com:443";
+const MISMATCH_EXPIRED = "https://mismatch.expired.example.com:443";
+const MISMATCH_UNTRUSTED = "https://mismatch.untrusted.example.com:443";
+const UNTRUSTED_EXPIRED = "https://untrusted-expired.example.com:443";
+const MISMATCH_UNTRUSTED_EXPIRED =
+  "https://mismatch.untrusted-expired.example.com:443";
+
+const BAD_CERTS = [
+  NO_CERT,
+  SELF_SIGNED,
+  UNTRUSTED,
+  EXPIRED,
+  MISMATCH_EXPIRED,
+  MISMATCH_UNTRUSTED,
+  UNTRUSTED_EXPIRED,
+  MISMATCH_UNTRUSTED_EXPIRED,
+];
+
+function getConnectionState() {
+  // prevents items that are being lazy loaded causing issues
+  document.getElementById("identity-box").click();
+  gIdentityHandler.refreshIdentityPopup();
+  return document.getElementById("identity-popup").getAttribute("connection");
+}
+
+/**
+ * Compares the security state of the page with what is expected.
+ * Returns one of "secure", "broken", "insecure", or "unknown".
+ */
+function isSecurityState(browser, expectedState) {
+  const ui = browser.securityUI;
+  if (!ui) {
+    ok(false, "No security UI to get the security state");
+    return;
+  }
+
+  const isSecure = ui.state & STATE_IS_SECURE;
+  const isBroken = ui.state & STATE_IS_BROKEN;
+  const isInsecure = ui.state & STATE_IS_INSECURE;
+
+  let actualState;
+  if (isSecure && !(isBroken || isInsecure)) {
+    actualState = "secure";
+  } else if (isBroken && !(isSecure || isInsecure)) {
+    actualState = "broken";
+  } else if (isInsecure && !(isSecure || isBroken)) {
+    actualState = "insecure";
+  } else {
+    actualState = "unknown";
+  }
+
+  is(
+    expectedState,
+    actualState,
+    `Expected state is ${expectedState} and actual state is ${actualState}`
+  );
+}
+
+add_task(async function testDefault({ Security }) {
+  for (const url of BAD_CERTS) {
+    info(`Navigating to ${url}`);
+    const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
+    BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url);
+    await loaded;
+
+    is(
+      getConnectionState(),
+      "cert-error-page",
+      "Security error page is present"
+    );
+    isSecurityState(gBrowser, "insecure");
+  }
+});
+
+add_task(async function testIgnore({ client }) {
+  const { Security } = client;
+  info("Enable security certificate override");
+  await Security.setIgnoreCertificateErrors({ ignore: true });
+
+  for (const url of BAD_CERTS) {
+    info(`Navigating to ${url}`);
+    BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url);
+    await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
+
+    is(
+      getConnectionState(),
+      "secure-cert-user-overridden",
+      "Security certificate was overridden by user"
+    );
+    isSecurityState(gBrowser, "secure");
+  }
+});
+
+add_task(async function testUnignore({ client }) {
+  const { Security } = client;
+  info("Disable security certificate override");
+  await Security.setIgnoreCertificateErrors({ ignore: false });
+
+  for (const url of BAD_CERTS) {
+    info(`Navigating to ${url}`);
+    const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
+    BrowserTestUtils.loadURI(gBrowser.selectedBrowser, url);
+    await loaded;
+
+    is(
+      getConnectionState(),
+      "cert-error-page",
+      "Security error page is present"
+    );
+    isSecurityState(gBrowser, "insecure");
+  }
+});
+
+// smoke test for unignored -> ignored -> unignored
+add_task(async function testToggle({ client }) {
+  const { Security } = client;
+  let loaded;
+
+  info("Enable security certificate override");
+  await Security.setIgnoreCertificateErrors({ ignore: true });
+
+  info(`Navigating to ${UNTRUSTED} having set the override`);
+  BrowserTestUtils.loadURI(gBrowser.selectedBrowser, UNTRUSTED);
+  await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
+
+  is(
+    getConnectionState(),
+    "secure-cert-user-overridden",
+    "Security certificate was overridden by user"
+  );
+  isSecurityState(gBrowser, "secure");
+
+  info("Disable security certificate override");
+  await Security.setIgnoreCertificateErrors({ ignore: false });
+
+  info(`Navigating to ${UNTRUSTED} having unset the override`);
+  loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
+  BrowserTestUtils.loadURI(gBrowser.selectedBrowser, UNTRUSTED);
+  await loaded;
+
+  is(
+    getConnectionState(),
+    "cert-error-page",
+    "Security error page is present by default"
+  );
+  isSecurityState(gBrowser, "insecure");
+});
diff --git a/remote/test/browser/security/head.js b/remote/test/browser/security/head.js
new file mode 100644
index 0000000000..7131e98b6f
--- /dev/null
+++ b/remote/test/browser/security/head.js
@@ -0,0 +1,11 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+/* import-globals-from ../head.js */
+
+Services.scriptloader.loadSubScript(
+  "chrome://mochitests/content/browser/remote/test/browser/head.js",
+  this
+);
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
commit	2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree	b80bf8bf13c3766139fbacc530efd0dd9d54394c /remote/test/browser/security
parent	Initial commit. (diff)
download	firefox-upstream.tar.xz firefox-upstream.zip