summaryrefslogtreecommitdiffstats
path: root/docshell/test/browser/browser_badCertDomainFixup.js
diff options
context:
space:
mode:
Diffstat (limited to 'docshell/test/browser/browser_badCertDomainFixup.js')
-rw-r--r--docshell/test/browser/browser_badCertDomainFixup.js92
1 files changed, 92 insertions, 0 deletions
diff --git a/docshell/test/browser/browser_badCertDomainFixup.js b/docshell/test/browser/browser_badCertDomainFixup.js
new file mode 100644
index 0000000000..4bf6ddcef3
--- /dev/null
+++ b/docshell/test/browser/browser_badCertDomainFixup.js
@@ -0,0 +1,92 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// This test checks if we are correctly fixing https URLs by prefixing
+// with www. when we encounter a SSL_ERROR_BAD_CERT_DOMAIN error.
+// For example, https://example.com -> https://www.example.com.
+
+const PREF_BAD_CERT_DOMAIN_FIX_ENABLED =
+ "security.bad_cert_domain_error.url_fix_enabled";
+const PREF_ALLOW_HIJACKING_LOCALHOST =
+ "network.proxy.allow_hijacking_localhost";
+
+const BAD_CERT_DOMAIN_ERROR_URL = "https://badcertdomain.example.com:443";
+const FIXED_URL = "https://www.badcertdomain.example.com/";
+
+const BAD_CERT_DOMAIN_ERROR_URL2 =
+ "https://mismatch.badcertdomain.example.com:443";
+const IPV4_ADDRESS = "https://127.0.0.3:433";
+const BAD_CERT_DOMAIN_ERROR_PORT = "https://badcertdomain.example.com:82";
+
+async function verifyErrorPage(errorPageURL) {
+ let certErrorLoaded = BrowserTestUtils.waitForErrorPage(
+ gBrowser.selectedBrowser
+ );
+ BrowserTestUtils.startLoadingURIString(gBrowser, errorPageURL);
+ await certErrorLoaded;
+
+ await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async function () {
+ let ec;
+ await ContentTaskUtils.waitForCondition(() => {
+ ec = content.document.getElementById("errorCode");
+ return ec.textContent;
+ }, "Error code has been set inside the advanced button panel");
+ is(
+ ec.textContent,
+ "SSL_ERROR_BAD_CERT_DOMAIN",
+ "Correct error code is shown"
+ );
+ });
+}
+
+// Test that "www." is prefixed to a https url when we encounter a bad cert domain
+// error if the "www." form is included in the certificate's subjectAltNames.
+add_task(async function prefixBadCertDomain() {
+ // Turn off the pref and ensure that we show the error page as expected.
+ Services.prefs.setBoolPref(PREF_BAD_CERT_DOMAIN_FIX_ENABLED, false);
+
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
+ await verifyErrorPage(BAD_CERT_DOMAIN_ERROR_URL);
+ info("Cert error is shown as expected when the fixup pref is disabled");
+
+ // Turn on the pref and test that we fix the HTTPS URL.
+ Services.prefs.setBoolPref(PREF_BAD_CERT_DOMAIN_FIX_ENABLED, true);
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
+ let loadSuccessful = BrowserTestUtils.browserLoaded(
+ gBrowser.selectedBrowser,
+ false,
+ FIXED_URL
+ );
+ BrowserTestUtils.startLoadingURIString(gBrowser, BAD_CERT_DOMAIN_ERROR_URL);
+ await loadSuccessful;
+
+ info("The URL was fixed as expected");
+
+ BrowserTestUtils.removeTab(gBrowser.selectedTab);
+ BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+// Test that we don't prefix "www." to a https url when we encounter a bad cert domain
+// error under certain conditions.
+add_task(async function ignoreBadCertDomain() {
+ Services.prefs.setBoolPref(PREF_BAD_CERT_DOMAIN_FIX_ENABLED, true);
+ gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
+
+ // Test for when "www." form is not present in the certificate.
+ await verifyErrorPage(BAD_CERT_DOMAIN_ERROR_URL2);
+ info("Certificate error was shown as expected");
+
+ // Test that urls with IP addresses are not fixed.
+ Services.prefs.setBoolPref(PREF_ALLOW_HIJACKING_LOCALHOST, true);
+ await verifyErrorPage(IPV4_ADDRESS);
+ Services.prefs.clearUserPref(PREF_ALLOW_HIJACKING_LOCALHOST);
+ info("Certificate error was shown as expected for an IP address");
+
+ // Test that urls with ports are not fixed.
+ await verifyErrorPage(BAD_CERT_DOMAIN_ERROR_PORT);
+ info("Certificate error was shown as expected for a host with port");
+
+ BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});