1 files changed, 66 insertions, 0 deletions

diff --git a/testing/marionette/cert.js b/testing/marionette/cert.js
new file mode 100644
index 0000000000..2c0ca554a7
--- /dev/null
+++ b/testing/marionette/cert.js
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const EXPORTED_SYMBOLS = ["allowAllCerts"];
+
+const { XPCOMUtils } = ChromeUtils.import(
+  "resource://gre/modules/XPCOMUtils.jsm"
+);
+
+XPCOMUtils.defineLazyModuleGetters(this, {
+  Preferences: "resource://gre/modules/Preferences.jsm",
+});
+
+XPCOMUtils.defineLazyServiceGetter(
+  this,
+  "sss",
+  "@mozilla.org/ssservice;1",
+  "nsISiteSecurityService"
+);
+
+XPCOMUtils.defineLazyServiceGetter(
+  this,
+  "certOverrideService",
+  "@mozilla.org/security/certoverride;1",
+  "nsICertOverrideService"
+);
+
+const CERT_PINNING_ENFORCEMENT_PREF = "security.cert_pinning.enforcement_level";
+const HSTS_PRELOAD_LIST_PREF = "network.stricttransportsecurity.preloadlist";
+
+/** @namespace */
+this.allowAllCerts = {};
+
+/**
+ * Disable all security check and allow all certs.
+ */
+allowAllCerts.enable = function() {
+  // make it possible to register certificate overrides for domains
+  // that use HSTS or HPKP
+  Preferences.set(HSTS_PRELOAD_LIST_PREF, false);
+  Preferences.set(CERT_PINNING_ENFORCEMENT_PREF, 0);
+
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    true
+  );
+};
+
+/**
+ * Enable all security check.
+ */
+allowAllCerts.disable = function() {
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    false
+  );
+
+  Preferences.reset(HSTS_PRELOAD_LIST_PREF);
+  Preferences.reset(CERT_PINNING_ENFORCEMENT_PREF);
+
+  // clear collected HSTS and HPKP state
+  // through the site security service
+  sss.clearAll();
+  sss.clearPreloads();
+};