1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const { STATE_IS_SECURE, STATE_IS_BROKEN, STATE_IS_INSECURE } =
Ci.nsIWebProgressListener;
// from ../../../build/pgo/server-locations.txt
const NO_CERT = "https://nocert.example.com:443";
const SELF_SIGNED = "https://self-signed.example.com:443";
const UNTRUSTED = "https://untrusted.example.com:443";
const EXPIRED = "https://expired.example.com:443";
const MISMATCH_EXPIRED = "https://mismatch.expired.example.com:443";
const MISMATCH_UNTRUSTED = "https://mismatch.untrusted.example.com:443";
const UNTRUSTED_EXPIRED = "https://untrusted-expired.example.com:443";
const MISMATCH_UNTRUSTED_EXPIRED =
"https://mismatch.untrusted-expired.example.com:443";
const BAD_CERTS = [
NO_CERT,
SELF_SIGNED,
UNTRUSTED,
EXPIRED,
MISMATCH_EXPIRED,
MISMATCH_UNTRUSTED,
UNTRUSTED_EXPIRED,
MISMATCH_UNTRUSTED_EXPIRED,
];
function getConnectionState() {
// prevents items that are being lazy loaded causing issues
document.getElementById("identity-icon-box").click();
gIdentityHandler.refreshIdentityPopup();
return document.getElementById("identity-popup").getAttribute("connection");
}
/**
* Compares the security state of the page with what is expected.
* Returns one of "secure", "broken", "insecure", or "unknown".
*/
function isSecurityState(browser, expectedState) {
const ui = browser.securityUI;
if (!ui) {
ok(false, "No security UI to get the security state");
return;
}
const isSecure = ui.state & STATE_IS_SECURE;
const isBroken = ui.state & STATE_IS_BROKEN;
const isInsecure = ui.state & STATE_IS_INSECURE;
let actualState;
if (isSecure && !(isBroken || isInsecure)) {
actualState = "secure";
} else if (isBroken && !(isSecure || isInsecure)) {
actualState = "broken";
} else if (isInsecure && !(isSecure || isBroken)) {
actualState = "insecure";
} else {
actualState = "unknown";
}
is(
expectedState,
actualState,
`Expected state is ${expectedState} and actual state is ${actualState}`
);
}
add_task(async function testDefault() {
for (const url of BAD_CERTS) {
info(`Navigating to ${url}`);
const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, url);
await loaded;
is(
getConnectionState(),
"cert-error-page",
"Security error page is present"
);
isSecurityState(gBrowser, "insecure");
}
});
add_task(async function testIgnore({ client }) {
const { Security } = client;
info("Enable security certificate override");
await Security.setIgnoreCertificateErrors({ ignore: true });
for (const url of BAD_CERTS) {
info(`Navigating to ${url}`);
BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, url);
await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
is(
getConnectionState(),
"secure-cert-user-overridden",
"Security certificate was overridden by user"
);
isSecurityState(gBrowser, "secure");
}
});
add_task(async function testUnignore({ client }) {
const { Security } = client;
info("Disable security certificate override");
await Security.setIgnoreCertificateErrors({ ignore: false });
for (const url of BAD_CERTS) {
info(`Navigating to ${url}`);
const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, url);
await loaded;
is(
getConnectionState(),
"cert-error-page",
"Security error page is present"
);
isSecurityState(gBrowser, "insecure");
}
});
// smoke test for unignored -> ignored -> unignored
add_task(async function testToggle({ client }) {
const { Security } = client;
let loaded;
info("Enable security certificate override");
await Security.setIgnoreCertificateErrors({ ignore: true });
info(`Navigating to ${UNTRUSTED} having set the override`);
BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, UNTRUSTED);
await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
is(
getConnectionState(),
"secure-cert-user-overridden",
"Security certificate was overridden by user"
);
isSecurityState(gBrowser, "secure");
info("Disable security certificate override");
await Security.setIgnoreCertificateErrors({ ignore: false });
info(`Navigating to ${UNTRUSTED} having unset the override`);
loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);
BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, UNTRUSTED);
await loaded;
is(
getConnectionState(),
"cert-error-page",
"Security error page is present by default"
);
isSecurityState(gBrowser, "insecure");
});
|
