summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first/test_bad_cert.html
blob: d7e9296d97366efb991a6a06110de0064cba9705 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=1719309
Test that bad cert sites won't get upgraded by https-first
-->

<head>
  <title>HTTPS-FirstMode - Bad Certificates</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>

<body>
  <h1>HTTPS-First Mode</h1>
  <p>Test: Downgrade bad certificates without warning page </p>
  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1706351">Bug 1719309</a>

  <script class="testbody" type="text/javascript">
  "use strict";
  /*
   * We perform the following tests:
   * 1. Request nocert.example.com which is a site without a certificate
   * 2. Request a site with self-signed cert (self-signed.example.com)
   * 3. Request a site with an untrusted cert (untrusted.example.com)
   * 4. Request a site with an expired cert
   * 5. Request a site with an untrusted and expired cert
   * 6. Request a site with no subject alternative dns name matching
   *
   * Expected result: Https-first tries to upgrade each request. Receives for each one an SSL_ERROR_*
   * and downgrades back to http.
   */
  const badCertificates = ["nocert","self-signed", "untrusted","expired","untrusted-expired", "no-subject-alt-name"];
  let currentTest = 0;
  let testWin;
  window.addEventListener("message", receiveMessage);

  // Receive message and verify that it is from an http site.
  // Verify that we got the correct message and an http scheme
  async function receiveMessage(event) {
    let data = event.data;
    let currentBadCert = badCertificates[currentTest];
    ok(data.result === "downgraded", "Downgraded request " + currentBadCert);
    ok(data.scheme === "http:", "Received 'http' for " + currentBadCert);
    testWin.close();
    if (++currentTest < badCertificates.length) {
      startTest();
      return;
    }
    window.removeEventListener("message", receiveMessage);
    SimpleTest.finish();
  }

  async function startTest() {
    const currentCode = badCertificates[currentTest];
    // make a request to a subdomain of example.com with a bad certificate
    testWin = window.open(`http://${currentCode}.example.com/tests/dom/security/test/https-first/file_bad_cert.sjs`);
  }

  // Set preference and start test
  SpecialPowers.pushPrefEnv({ set: [
    ["dom.security.https_first", true],
  ]}, startTest);
  SimpleTest.waitForExplicitFinish();
  </script>
</body>
</html>