// This test waits for a lot of subframe loads, causing it to take a long time,
// especially with Fission enabled.
requestLongerTimeout(2);

const BASE_FILE =
  "http://mochi.test:8888/browser/dom/ipc/tests/file_domainPolicy_base.html";
const SCRIPT_PATH = "/browser/dom/ipc/tests/file_disableScript.html";

const TEST_POLICY = {
  exceptions: ["http://test1.example.com", "http://example.com"],
  superExceptions: ["http://test2.example.org", "https://test1.example.com"],
  exempt: [
    "http://test1.example.com",
    "http://example.com",
    "http://test2.example.org",
    "http://sub1.test2.example.org",
    "https://sub1.test1.example.com",
  ],
  notExempt: [
    "http://test2.example.com",
    "http://sub1.test1.example.com",
    "http://www.example.com",
    "https://test2.example.com",
    "https://example.com",
    "http://test1.example.org",
  ],
};

// To make sure we never leave up an activated domain policy after a failed
// test, let's make this global.
var policy;

function activateDomainPolicy(isBlock) {
  policy = Services.scriptSecurityManager.activateDomainPolicy();

  if (isBlock === undefined) {
    return;
  }

  let set = isBlock ? policy.blocklist : policy.allowlist;
  for (let e of TEST_POLICY.exceptions) {
    set.add(makeURI(e));
  }

  let superSet = isBlock ? policy.superBlocklist : policy.superAllowlist;
  for (let e of TEST_POLICY.superExceptions) {
    superSet.add(makeURI(e));
  }
}

function deactivateDomainPolicy() {
  if (policy) {
    policy.deactivate();
    policy = null;
  }
}

add_setup(async function () {
  await SpecialPowers.pushPrefEnv({
    set: [["browser.pagethumbnails.capturing_disabled", false]],
  });

  registerCleanupFunction(() => {
    deactivateDomainPolicy();
  });
});

add_task(async function test_domainPolicy() {
  function test(testFunc, { activateFirst, isBlock }) {
    if (activateFirst) {
      activateDomainPolicy(isBlock);
    }
    return BrowserTestUtils.withNewTab(
      {
        gBrowser,
        opening: BASE_FILE,
        forceNewProcess: true,
      },
      async browser => {
        if (!activateFirst) {
          activateDomainPolicy(isBlock);
        }
        await testFunc(browser);
        deactivateDomainPolicy();
      }
    );
  }

  async function testDomain(browser, domain, expectEnabled = false) {
    function navigateFrame() {
      let url = domain + SCRIPT_PATH;
      return SpecialPowers.spawn(browser, [url], async src => {
        let iframe = content.document.getElementById("root");
        await new Promise(resolve => {
          iframe.addEventListener("load", resolve, { once: true });
          iframe.src = src;
        });
        return iframe.browsingContext;
      });
    }

    function checkScriptEnabled(bc) {
      return SpecialPowers.spawn(bc, [expectEnabled], enabled => {
        content.wrappedJSObject.gFiredOnclick = false;
        content.document.body.dispatchEvent(new content.Event("click"));
        Assert.equal(
          content.wrappedJSObject.gFiredOnclick,
          enabled,
          `Checking script-enabled for ${content.name} (${content.location})`
        );
      });
    }

    let browsingContext = await navigateFrame();
    return checkScriptEnabled(browsingContext);
  }

  async function testList(browser, list, expectEnabled) {
    // Run these sequentially to avoid navigating multiple domains at once.
    for (let domain of list) {
      await testDomain(browser, domain, expectEnabled);
    }
  }

  info("1. Testing simple blocklist policy");

  info("1A. Creating child process first, activating domainPolicy after");
  await test(
    async browser => {
      policy.blocklist.add(Services.io.newURI("http://example.com"));
      await testDomain(browser, "http://example.com");
    },
    { activateFirst: false }
  );

  info("1B. Activating domainPolicy first, creating child process after");
  await test(
    async browser => {
      policy.blocklist.add(Services.io.newURI("http://example.com"));
      await testDomain(browser, "http://example.com");
    },
    { activateFirst: true }
  );

  info("2. Testing Blocklist-style Domain Policy");

  info("2A. Activating domainPolicy first, creating child process after");
  await test(
    async browser => {
      await testList(browser, TEST_POLICY.notExempt, true);
      await testList(browser, TEST_POLICY.exempt, false);
    },
    { activateFirst: true, isBlock: true }
  );

  info("2B. Creating child process first, activating domainPolicy after");
  await test(
    async browser => {
      await testList(browser, TEST_POLICY.notExempt, true);
      await testList(browser, TEST_POLICY.exempt, false);
    },
    { activateFirst: false, isBlock: true }
  );

  info("3. Testing Allowlist-style Domain Policy");
  await SpecialPowers.pushPrefEnv({ set: [["javascript.enabled", false]] });

  info("3A. Activating domainPolicy first, creating child process after");
  await test(
    async browser => {
      await testList(browser, TEST_POLICY.notExempt, false);
      await testList(browser, TEST_POLICY.exempt, true);
    },
    { activateFirst: true, isBlock: false }
  );

  info("3B. Creating child process first, activating domainPolicy after");
  await test(
    async browser => {
      await testList(browser, TEST_POLICY.notExempt, false);
      await testList(browser, TEST_POLICY.exempt, true);
    },
    { activateFirst: false, isBlock: false }
  );

  finish();
});