From a90a5cba08fdf6c0ceb95101c275108a152a3aed Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 12 Jun 2024 07:35:37 +0200
Subject: Merging upstream version 127.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../tests/xpcshell/test_extensionsettings.js       | 44 +++++++++++++++++++
 .../tests/xpcshell/test_permissions.js             | 21 ++++++++-
 .../tests/xpcshell/test_simple_pref_policies.js    | 51 +++++++++++++++++++++-
 3 files changed, 112 insertions(+), 4 deletions(-)

(limited to 'browser/components/enterprisepolicies/tests/xpcshell')

diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
index 22a6269cce..76157c7e97 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
@@ -8,10 +8,14 @@ const { AddonTestUtils } = ChromeUtils.importESModule(
 const { AddonManager } = ChromeUtils.importESModule(
   "resource://gre/modules/AddonManager.sys.mjs"
 );
+const { ExtensionTestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/ExtensionXPCShellUtils.sys.mjs"
+);
 
 AddonTestUtils.init(this);
 AddonTestUtils.overrideCertDB();
 AddonTestUtils.appInfo = getAppInfo();
+ExtensionTestUtils.init(this);
 
 const server = AddonTestUtils.createHttpServer({ hosts: ["example.com"] });
 const BASE_URL = `http://example.com/data`;
@@ -21,6 +25,34 @@ let themeID = "policytheme@mozilla.com";
 
 let fileURL;
 
+async function assertManagementAPIInstallType(addonId, expectedInstallType) {
+  const addon = await AddonManager.getAddonByID(addonId);
+  const expectInstalledByPolicy = expectedInstallType === "admin";
+  equal(
+    addon.isInstalledByEnterprisePolicy,
+    expectInstalledByPolicy,
+    `Addon should ${
+      expectInstalledByPolicy ? "be" : "NOT be"
+    } marked as installed by enterprise policy`
+  );
+  const policy = WebExtensionPolicy.getByID(addonId);
+  const pageURL = policy.extension.baseURI.resolve(
+    "_generated_background_page.html"
+  );
+  const page = await ExtensionTestUtils.loadContentPage(pageURL);
+  const { id, installType } = await page.spawn([], async () => {
+    const res = await this.content.wrappedJSObject.browser.management.getSelf();
+    return { id: res.id, installType: res.installType };
+  });
+  await page.close();
+  Assert.equal(id, addonId, "Got results for the expected addon id");
+  Assert.equal(
+    installType,
+    expectedInstallType,
+    "Got the expected installType on policy installed extension"
+  );
+}
+
 add_setup(async function setup() {
   await AddonTestUtils.promiseStartupManager();
 
@@ -115,7 +147,14 @@ add_task(async function test_addon_allowed() {
   );
   await install.install();
   notEqual(install.addon, null, "Addon should not be null");
+  await assertManagementAPIInstallType(install.addon.id, "normal");
   equal(install.addon.appDisabled, false, "Addon should not be disabled");
+  equal(
+    install.addon.isInstalledByEnterprisePolicy,
+    false,
+    "Addon should NOT be marked as installed by enterprise policy"
+  );
+
   await install.addon.uninstall();
 });
 
@@ -169,6 +208,8 @@ add_task(async function test_addon_forceinstalled() {
     0,
     "Addon should not be able to be disabled."
   );
+  await assertManagementAPIInstallType(addon.id, "admin");
+
   await addon.uninstall();
 });
 
@@ -199,6 +240,8 @@ add_task(async function test_addon_normalinstalled() {
     0,
     "Addon should be able to be disabled."
   );
+  await assertManagementAPIInstallType(addon.id, "admin");
+
   await addon.uninstall();
 });
 
@@ -290,6 +333,7 @@ add_task(async function test_addon_normalinstalled_file() {
     0,
     "Addon should be able to be disabled."
   );
+  await assertManagementAPIInstallType(addon.id, "admin");
 
   await addon.uninstall();
 });
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
index f4440e53f5..c9231132c8 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
@@ -315,7 +315,7 @@ add_task(async function test_cookie_allow_session() {
   );
 });
 
-// This again seems out of places, but AutoLaunchProtocolsFromOrigins
+// This again seems out of place, but AutoLaunchProtocolsFromOrigins
 // is all permissions.
 add_task(async function test_autolaunchprotocolsfromorigins() {
   await setupPolicyEngineWithJson({
@@ -337,7 +337,7 @@ add_task(async function test_autolaunchprotocolsfromorigins() {
   );
 });
 
-// This again seems out of places, but PasswordManagerExceptions
+// This again seems out of place, but PasswordManagerExceptions
 // is all permissions.
 add_task(async function test_passwordmanagerexceptions() {
   await setupPolicyEngineWithJson({
@@ -353,3 +353,20 @@ add_task(async function test_passwordmanagerexceptions() {
     Ci.nsIPermissionManager.DENY_ACTION
   );
 });
+
+// This again seems out of place, but HttpAllowlist
+// is all permissions.
+add_task(async function test_httpsonly_exceptions() {
+  await setupPolicyEngineWithJson({
+    policies: {
+      HttpAllowlist: ["https://http.example.com"],
+    },
+  });
+  equal(
+    PermissionTestUtils.testPermission(
+      URI("https://http.example.com"),
+      "https-only-load-insecure"
+    ),
+    Ci.nsIPermissionManager.ALLOW_ACTION
+  );
+});
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
index c0952d0627..cfcb655777 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
@@ -657,13 +657,11 @@ const POLICIES_TESTS = [
   {
     policies: {
       UserMessaging: {
-        WhatsNew: false,
         SkipOnboarding: true,
         Locked: true,
       },
     },
     lockedPrefs: {
-      "browser.messaging-system.whatsNewPanel.enabled": false,
       "browser.aboutwelcome.enabled": false,
     },
   },
@@ -1099,6 +1097,55 @@ const POLICIES_TESTS = [
       "network.proxy.type": 5,
     },
   },
+
+  // POLICY: DisableEncryptedClientHello
+  {
+    policies: {
+      DisableEncryptedClientHello: true,
+    },
+    lockedPrefs: {
+      "network.dns.echconfig.enabled": false,
+      "network.dns.http3_echconfig.enabled": false,
+    },
+  },
+
+  // POLICY: PostQuantumKeyAgreementEnabled
+  {
+    policies: {
+      PostQuantumKeyAgreementEnabled: false,
+    },
+    lockedPrefs: {
+      "security.tls.enable_kyber": false,
+    },
+  },
+
+  // POLICY: HttpsOnlyMode
+  {
+    policies: {
+      HttpsOnlyMode: "enabled",
+    },
+    unlockedPrefs: {
+      "dom.security.https_only_mode": true,
+    },
+  },
+
+  {
+    policies: {
+      HttpsOnlyMode: "disallowed",
+    },
+    lockedPrefs: {
+      "dom.security.https_only_mode": false,
+    },
+  },
+
+  {
+    policies: {
+      HttpsOnlyMode: "force_enabled",
+    },
+    lockedPrefs: {
+      "dom.security.https_only_mode": true,
+    },
+  },
 ];
 
 add_task(async function test_policy_simple_prefs() {
-- 
cgit v1.2.3