diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /browser/base/content/test/about/browser_aboutCertError_mitm.js | |
parent | Initial commit. (diff) | |
download | firefox-esr-upstream.tar.xz firefox-esr-upstream.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | browser/base/content/test/about/browser_aboutCertError_mitm.js | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/browser/base/content/test/about/browser_aboutCertError_mitm.js b/browser/base/content/test/about/browser_aboutCertError_mitm.js new file mode 100644 index 0000000000..5c9b5e8144 --- /dev/null +++ b/browser/base/content/test/about/browser_aboutCertError_mitm.js @@ -0,0 +1,158 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const PREF_MITM_PRIMING = "security.certerrors.mitm.priming.enabled"; +const PREF_MITM_PRIMING_ENDPOINT = "security.certerrors.mitm.priming.endpoint"; +const PREF_MITM_CANARY_ISSUER = "security.pki.mitm_canary_issuer"; +const PREF_MITM_AUTO_ENABLE_ENTERPRISE_ROOTS = + "security.certerrors.mitm.auto_enable_enterprise_roots"; +const PREF_ENTERPRISE_ROOTS = "security.enterprise_roots.enabled"; + +const UNKNOWN_ISSUER = "https://untrusted.example.com"; + +// Check that basic MitM priming works and the MitM error page is displayed successfully. +add_task(async function checkMitmPriming() { + await SpecialPowers.pushPrefEnv({ + set: [ + [PREF_MITM_PRIMING, true], + [PREF_MITM_PRIMING_ENDPOINT, UNKNOWN_ISSUER], + ], + }); + + let browser; + let certErrorLoaded; + await BrowserTestUtils.openNewForegroundTab( + gBrowser, + () => { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, UNKNOWN_ISSUER); + browser = gBrowser.selectedBrowser; + // The page will reload by itself after the initial canary request, so we wait + // until the AboutNetErrorLoad event has happened twice. + certErrorLoaded = new Promise(resolve => { + let loaded = 0; + let removeEventListener = BrowserTestUtils.addContentEventListener( + browser, + "AboutNetErrorLoad", + () => { + if (++loaded == 2) { + removeEventListener(); + resolve(); + } + }, + { capture: false, wantUntrusted: true } + ); + }); + }, + false + ); + + await certErrorLoaded; + + await SpecialPowers.spawn(browser, [], () => { + is( + content.document.body.getAttribute("code"), + "MOZILLA_PKIX_ERROR_MITM_DETECTED", + "MitM error page has loaded." + ); + }); + + ok(true, "Successfully loaded the MitM error page."); + + is( + Services.prefs.getStringPref(PREF_MITM_CANARY_ISSUER), + "CN=Unknown CA", + "Stored the correct issuer" + ); + + await SpecialPowers.spawn(browser, [], async () => { + const shortDesc = content.document.querySelector("#errorShortDesc"); + const whatToDo = content.document.querySelector("#errorWhatToDoText"); + + await ContentTaskUtils.waitForCondition( + () => shortDesc.textContent != "" && whatToDo.textContent != "", + "DOM localization has been updated" + ); + + ok( + shortDesc.textContent.includes("Unknown CA"), + "Shows the name of the issuer." + ); + + ok( + whatToDo.textContent.includes("Unknown CA"), + "Shows the name of the issuer." + ); + }); + + BrowserTestUtils.removeTab(gBrowser.selectedTab); + + Services.prefs.clearUserPref(PREF_MITM_CANARY_ISSUER); +}); + +// Check that we set the enterprise roots pref correctly on MitM +add_task(async function checkMitmAutoEnableEnterpriseRoots() { + await SpecialPowers.pushPrefEnv({ + set: [ + [PREF_MITM_PRIMING, true], + [PREF_MITM_PRIMING_ENDPOINT, UNKNOWN_ISSUER], + [PREF_MITM_AUTO_ENABLE_ENTERPRISE_ROOTS, true], + [PREF_ENTERPRISE_ROOTS, false], + ], + }); + + let browser; + let certErrorLoaded; + + let prefChanged = TestUtils.waitForPrefChange( + PREF_ENTERPRISE_ROOTS, + value => value === true + ); + await BrowserTestUtils.openNewForegroundTab( + gBrowser, + () => { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, UNKNOWN_ISSUER); + browser = gBrowser.selectedBrowser; + // The page will reload by itself after the initial canary request, so we wait + // until the AboutNetErrorLoad event has happened twice. + certErrorLoaded = new Promise(resolve => { + let loaded = 0; + let removeEventListener = BrowserTestUtils.addContentEventListener( + browser, + "AboutNetErrorLoad", + () => { + if (++loaded == 2) { + removeEventListener(); + resolve(); + } + }, + { capture: false, wantUntrusted: true } + ); + }); + }, + false + ); + + await certErrorLoaded; + await prefChanged; + + await SpecialPowers.spawn(browser, [], () => { + is( + content.document.body.getAttribute("code"), + "MOZILLA_PKIX_ERROR_MITM_DETECTED", + "MitM error page has loaded." + ); + }); + + ok(true, "Successfully loaded the MitM error page."); + + ok( + !Services.prefs.prefHasUserValue(PREF_ENTERPRISE_ROOTS), + "Flipped the enterprise roots pref back" + ); + + BrowserTestUtils.removeTab(gBrowser.selectedTab); + + Services.prefs.clearUserPref(PREF_MITM_CANARY_ISSUER); +}); |