summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first/test_bad_cert.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 19:33:14 +0000
commit36d22d82aa202bb199967e9512281e9a53db42c9 (patch)
tree105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/https-first/test_bad_cert.html
parentInitial commit. (diff)
downloadfirefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz
firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/https-first/test_bad_cert.html')
-rw-r--r--dom/security/test/https-first/test_bad_cert.html67
1 files changed, 67 insertions, 0 deletions
diff --git a/dom/security/test/https-first/test_bad_cert.html b/dom/security/test/https-first/test_bad_cert.html
new file mode 100644
index 0000000000..d7e9296d97
--- /dev/null
+++ b/dom/security/test/https-first/test_bad_cert.html
@@ -0,0 +1,67 @@
+<!DOCTYPE HTML>
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=1719309
+Test that bad cert sites won't get upgraded by https-first
+-->
+
+<head>
+ <title>HTTPS-FirstMode - Bad Certificates</title>
+ <script src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+
+<body>
+ <h1>HTTPS-First Mode</h1>
+ <p>Test: Downgrade bad certificates without warning page </p>
+ <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1706351">Bug 1719309</a>
+
+ <script class="testbody" type="text/javascript">
+ "use strict";
+ /*
+ * We perform the following tests:
+ * 1. Request nocert.example.com which is a site without a certificate
+ * 2. Request a site with self-signed cert (self-signed.example.com)
+ * 3. Request a site with an untrusted cert (untrusted.example.com)
+ * 4. Request a site with an expired cert
+ * 5. Request a site with an untrusted and expired cert
+ * 6. Request a site with no subject alternative dns name matching
+ *
+ * Expected result: Https-first tries to upgrade each request. Receives for each one an SSL_ERROR_*
+ * and downgrades back to http.
+ */
+ const badCertificates = ["nocert","self-signed", "untrusted","expired","untrusted-expired", "no-subject-alt-name"];
+ let currentTest = 0;
+ let testWin;
+ window.addEventListener("message", receiveMessage);
+
+ // Receive message and verify that it is from an http site.
+ // Verify that we got the correct message and an http scheme
+ async function receiveMessage(event) {
+ let data = event.data;
+ let currentBadCert = badCertificates[currentTest];
+ ok(data.result === "downgraded", "Downgraded request " + currentBadCert);
+ ok(data.scheme === "http:", "Received 'http' for " + currentBadCert);
+ testWin.close();
+ if (++currentTest < badCertificates.length) {
+ startTest();
+ return;
+ }
+ window.removeEventListener("message", receiveMessage);
+ SimpleTest.finish();
+ }
+
+ async function startTest() {
+ const currentCode = badCertificates[currentTest];
+ // make a request to a subdomain of example.com with a bad certificate
+ testWin = window.open(`http://${currentCode}.example.com/tests/dom/security/test/https-first/file_bad_cert.sjs`);
+ }
+
+ // Set preference and start test
+ SpecialPowers.pushPrefEnv({ set: [
+ ["dom.security.https_first", true],
+ ]}, startTest);
+ SimpleTest.waitForExplicitFinish();
+ </script>
+</body>
+</html>