summaryrefslogtreecommitdiffstats
path: root/docshell/test/browser/browser_badCertDomainFixup.js
blob: 783360d7b7bf580c7381907fda71d6d432ab564f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

// This test checks if we are correctly fixing https URLs by prefixing
// with www. when we encounter a SSL_ERROR_BAD_CERT_DOMAIN error.
// For example, https://example.com -> https://www.example.com.

const PREF_BAD_CERT_DOMAIN_FIX_ENABLED =
  "security.bad_cert_domain_error.url_fix_enabled";
const PREF_ALLOW_HIJACKING_LOCALHOST =
  "network.proxy.allow_hijacking_localhost";

const BAD_CERT_DOMAIN_ERROR_URL = "https://badcertdomain.example.com:443";
const FIXED_URL = "https://www.badcertdomain.example.com/";

const BAD_CERT_DOMAIN_ERROR_URL2 =
  "https://mismatch.badcertdomain.example.com:443";
const IPV4_ADDRESS = "https://127.0.0.3:433";
const BAD_CERT_DOMAIN_ERROR_PORT = "https://badcertdomain.example.com:82";

async function verifyErrorPage(errorPageURL) {
  let certErrorLoaded = BrowserTestUtils.waitForErrorPage(
    gBrowser.selectedBrowser
  );
  BrowserTestUtils.loadURI(gBrowser, errorPageURL);
  await certErrorLoaded;

  await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function() {
    let ec;
    await ContentTaskUtils.waitForCondition(() => {
      ec = content.document.getElementById("errorCode");
      return ec.textContent;
    }, "Error code has been set inside the advanced button panel");
    is(
      ec.textContent,
      "SSL_ERROR_BAD_CERT_DOMAIN",
      "Correct error code is shown"
    );
  });
}

// Test that "www." is prefixed to a https url when we encounter a bad cert domain
// error if the "www." form is included in the certificate's subjectAltNames.
add_task(async function prefixBadCertDomain() {
  // Turn off the pref and ensure that we show the error page as expected.
  Services.prefs.setBoolPref(PREF_BAD_CERT_DOMAIN_FIX_ENABLED, false);

  gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
  await verifyErrorPage(BAD_CERT_DOMAIN_ERROR_URL);
  info("Cert error is shown as expected when the fixup pref is disabled");

  // Turn on the pref and test that we fix the HTTPS URL.
  Services.prefs.setBoolPref(PREF_BAD_CERT_DOMAIN_FIX_ENABLED, true);
  gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
  let loadSuccessful = BrowserTestUtils.browserLoaded(
    gBrowser.selectedBrowser,
    false,
    FIXED_URL
  );
  BrowserTestUtils.loadURI(gBrowser, BAD_CERT_DOMAIN_ERROR_URL);
  await loadSuccessful;

  info("The URL was fixed as expected");

  BrowserTestUtils.removeTab(gBrowser.selectedTab);
  BrowserTestUtils.removeTab(gBrowser.selectedTab);
});

// Test that we don't prefix "www." to a https url when we encounter a bad cert domain
// error under certain conditions.
add_task(async function ignoreBadCertDomain() {
  Services.prefs.setBoolPref(PREF_BAD_CERT_DOMAIN_FIX_ENABLED, true);
  gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);

  // Test for when "www." form is not present in the certificate.
  await verifyErrorPage(BAD_CERT_DOMAIN_ERROR_URL2);
  info("Certificate error was shown as expected");

  // Test that urls with IP addresses are not fixed.
  Services.prefs.setBoolPref(PREF_ALLOW_HIJACKING_LOCALHOST, true);
  await verifyErrorPage(IPV4_ADDRESS);
  Services.prefs.clearUserPref(PREF_ALLOW_HIJACKING_LOCALHOST);
  info("Certificate error was shown as expected for an IP address");

  // Test that urls with ports are not fixed.
  await verifyErrorPage(BAD_CERT_DOMAIN_ERROR_PORT);
  info("Certificate error was shown as expected for a host with port");

  BrowserTestUtils.removeTab(gBrowser.selectedTab);
});