Adding upstream version 110.0.1.upstream/110.0.1upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

5 files changed, 280 insertions, 0 deletions

diff --git a/dom/u2f/tests/browser/browser.ini b/dom/u2f/tests/browser/browser.ini
new file mode 100644
index 0000000000..705fba44dc
--- /dev/null
+++ b/dom/u2f/tests/browser/browser.ini
@@ -0,0 +1,10 @@
+[DEFAULT]
+support-files =
+  head.js
+  tab_u2f_result.html
+skip-if =
+  win10_2004 # Test not relevant on 1903+
+  win11_2009 # Test not relevant on 1903+
+
+[browser_abort_visibility.js]
+[browser_appid_localhost.js]
diff --git a/dom/u2f/tests/browser/browser_abort_visibility.js b/dom/u2f/tests/browser/browser_abort_visibility.js
new file mode 100644
index 0000000000..1eb915fc76
--- /dev/null
+++ b/dom/u2f/tests/browser/browser_abort_visibility.js
@@ -0,0 +1,137 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const TEST_URL =
+  "https://example.com/browser/dom/u2f/tests/browser/tab_u2f_result.html";
+
+async function assertStatus(tab, expected) {
+  let actual = await SpecialPowers.spawn(
+    tab.linkedBrowser,
+    [],
+    async function() {
+      return content.document.getElementById("status").value;
+    }
+  );
+  is(actual, expected, "u2f request " + expected);
+}
+
+async function waitForStatus(tab, expected) {
+  /* eslint-disable no-shadow */
+  await SpecialPowers.spawn(tab.linkedBrowser, [[expected]], async function(
+    expected
+  ) {
+    return ContentTaskUtils.waitForCondition(() => {
+      return content.document.getElementById("status").value == expected;
+    });
+  });
+  /* eslint-enable no-shadow */
+
+  await assertStatus(tab, expected);
+}
+
+function startMakeCredentialRequest(tab) {
+  let challenge = crypto.getRandomValues(new Uint8Array(16));
+  challenge = bytesToBase64UrlSafe(challenge);
+
+  /* eslint-disable no-shadow */
+  return SpecialPowers.spawn(tab.linkedBrowser, [[challenge]], async function([
+    challenge,
+  ]) {
+    let appId = content.location.origin;
+    let request = { version: "U2F_V2", challenge };
+
+    let status = content.document.getElementById("status");
+
+    content.u2f.register(appId, [request], [], result => {
+      status.value = result.errorCode ? "aborted" : completed;
+    });
+
+    status.value = "pending";
+  });
+  /* eslint-enable no-shadow */
+}
+
+function startGetAssertionRequest(tab) {
+  let challenge = crypto.getRandomValues(new Uint8Array(16));
+  challenge = bytesToBase64UrlSafe(challenge);
+
+  let keyHandle = crypto.getRandomValues(new Uint8Array(16));
+  keyHandle = bytesToBase64UrlSafe(keyHandle);
+
+  /* eslint-disable no-shadow */
+  return SpecialPowers.spawn(
+    tab.linkedBrowser,
+    [[challenge, keyHandle]],
+    async function([challenge, keyHandle]) {
+      let appId = content.location.origin;
+      let key = { version: "U2F_V2", keyHandle };
+
+      let status = content.document.getElementById("status");
+
+      content.u2f.sign(appId, challenge, [key], result => {
+        status.value = result.errorCode ? "aborted" : completed;
+      });
+
+      status.value = "pending";
+    }
+  );
+  /* eslint-enable no-shadow */
+}
+
+// Test that MakeCredential() and GetAssertion() requests
+// are aborted when the current tab loses its focus.
+add_task(async function test_abort() {
+  // Enable the USB token.
+  Services.prefs.setBoolPref("security.webauth.u2f", true);
+  Services.prefs.setBoolPref(
+    "security.webauth.webauthn_enable_softtoken",
+    false
+  );
+  Services.prefs.setBoolPref("security.webauth.webauthn_enable_usbtoken", true);
+  Services.prefs.setBoolPref(
+    "security.webauth.webauthn_enable_android_fido2",
+    false
+  );
+
+  // Create a new tab for the MakeCredential() request.
+  let tab_create = await BrowserTestUtils.openNewForegroundTab(
+    gBrowser,
+    TEST_URL
+  );
+
+  // Start the request.
+  await startMakeCredentialRequest(tab_create);
+  await assertStatus(tab_create, "pending");
+
+  // Open another tab and switch to it. The first will lose focus.
+  let tab_get = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_URL);
+
+  // Start a GetAssertion() request in the second tab. That will abort the first.
+  await startGetAssertionRequest(tab_get);
+  await waitForStatus(tab_get, "pending");
+  await waitForStatus(tab_create, "aborted");
+
+  // Start a second request in the second tab. It should remain pending.
+  await startGetAssertionRequest(tab_get);
+  await waitForStatus(tab_get, "pending");
+
+  // Switch back to the first tab. The second should still be pending
+  await BrowserTestUtils.switchTab(gBrowser, tab_create);
+  await assertStatus(tab_get, "pending");
+
+  // Switch back to the get tab. The second should remain pending
+  await BrowserTestUtils.switchTab(gBrowser, tab_get);
+  await assertStatus(tab_get, "pending");
+
+  // Close tabs.
+  BrowserTestUtils.removeTab(tab_create);
+  BrowserTestUtils.removeTab(tab_get);
+
+  // Cleanup.
+  Services.prefs.clearUserPref("security.webauth.u2f");
+  Services.prefs.clearUserPref("security.webauth.webauthn_enable_softtoken");
+  Services.prefs.clearUserPref("security.webauth.webauthn_enable_usbtoken");
+});
diff --git a/dom/u2f/tests/browser/browser_appid_localhost.js b/dom/u2f/tests/browser/browser_appid_localhost.js
new file mode 100644
index 0000000000..6ffb3b486e
--- /dev/null
+++ b/dom/u2f/tests/browser/browser_appid_localhost.js
@@ -0,0 +1,98 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const TEST_URL = "https://localhost/";
+
+function promiseU2FRegister(tab, app_id) {
+  let challenge = crypto.getRandomValues(new Uint8Array(16));
+  challenge = bytesToBase64UrlSafe(challenge);
+
+  /* eslint-disable no-shadow */
+  return SpecialPowers.spawn(
+    tab.linkedBrowser,
+    [[app_id, challenge]],
+    async function([app_id, challenge]) {
+      return new Promise(resolve => {
+        let version = "U2F_V2";
+        content.u2f.register(app_id, [{ version, challenge }], [], resolve);
+      });
+    }
+  );
+  /* eslint-enable no-shadow */
+}
+
+add_task(async function() {
+  // By default, proxies don't apply to localhost. We need them to for this test, though:
+  await SpecialPowers.pushPrefEnv({
+    set: [["network.proxy.allow_hijacking_localhost", true]],
+  });
+  // Enable the soft token.
+  Services.prefs.setBoolPref("security.webauth.u2f", true);
+  Services.prefs.setBoolPref(
+    "security.webauth.webauthn_enable_softtoken",
+    true
+  );
+  Services.prefs.setBoolPref(
+    "security.webauth.webauthn_enable_usbtoken",
+    false
+  );
+  Services.prefs.setBoolPref(
+    "security.webauth.webauthn_enable_android_fido2",
+    false
+  );
+
+  // Open a new tab.
+  let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, TEST_URL);
+
+  // Check that we have the right origin, and U2F is available.
+  let ready = await SpecialPowers.spawn(tab.linkedBrowser, [], async () => {
+    return content.location.origin == "https://localhost" && !!content.u2f;
+  });
+  ok(ready, "Origin is https://localhost. U2F is available.");
+
+  // Test: Null AppID
+  await promiseU2FRegister(tab, null).then(res => {
+    is(res.errorCode, 0, "Null AppID should work.");
+  });
+
+  // Test: Empty AppID
+  await promiseU2FRegister(tab, "").then(res => {
+    is(res.errorCode, 0, "Empty AppID should work.");
+  });
+
+  // Test: Correct TLD, incorrect scheme
+  await promiseU2FRegister(tab, "http://localhost/appId").then(res => {
+    isnot(res.errorCode, 0, "Incorrect scheme.");
+  });
+
+  // Test: Incorrect TLD
+  await promiseU2FRegister(tab, "https://localhost.ssl/appId").then(res => {
+    isnot(res.errorCode, 0, "Incorrect TLD.");
+  });
+
+  // Test: Incorrect TLD
+  await promiseU2FRegister(tab, "https://sub.localhost/appId").then(res => {
+    isnot(res.errorCode, 0, "Incorrect TLD.");
+  });
+
+  // Test: Correct TLD
+  await promiseU2FRegister(tab, "https://localhost/appId").then(res => {
+    is(res.errorCode, 0, "https://localhost/appId should work.");
+  });
+
+  // Test: Correct TLD
+  await promiseU2FRegister(tab, "https://localhost:443/appId").then(res => {
+    is(res.errorCode, 0, "https://localhost:443/appId should work.");
+  });
+
+  // Close tab.
+  BrowserTestUtils.removeTab(tab);
+
+  // Cleanup.
+  Services.prefs.clearUserPref("security.webauth.u2f");
+  Services.prefs.clearUserPref("security.webauth.webauthn_enable_softtoken");
+  Services.prefs.clearUserPref("security.webauth.webauthn_enable_usbtoken");
+});
diff --git a/dom/u2f/tests/browser/head.js b/dom/u2f/tests/browser/head.js
new file mode 100644
index 0000000000..ba79b94853
--- /dev/null
+++ b/dom/u2f/tests/browser/head.js
@@ -0,0 +1,21 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+function bytesToBase64(u8a) {
+  let CHUNK_SZ = 0x8000;
+  let c = [];
+  for (let i = 0; i < u8a.length; i += CHUNK_SZ) {
+    c.push(String.fromCharCode.apply(null, u8a.subarray(i, i + CHUNK_SZ)));
+  }
+  return window.btoa(c.join(""));
+}
+
+function bytesToBase64UrlSafe(buf) {
+  return bytesToBase64(buf)
+    .replace(/\+/g, "-")
+    .replace(/\//g, "_")
+    .replace(/=/g, "");
+}
diff --git a/dom/u2f/tests/browser/tab_u2f_result.html b/dom/u2f/tests/browser/tab_u2f_result.html
new file mode 100644
index 0000000000..cc324b61a6
--- /dev/null
+++ b/dom/u2f/tests/browser/tab_u2f_result.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<meta charset=utf-8>
+<head>
+  <title>Generic U2F Test Result Page</title>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+
+<h1>Generic U2F Test Result Page</h1>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1420906">Mozilla Bug 1420906</a>
+<input type="text" id="status" value="init" />
+
+</body>
+</html>