1 files changed, 158 insertions, 0 deletions

diff --git a/browser/base/content/test/about/browser_aboutCertError_mitm.js b/browser/base/content/test/about/browser_aboutCertError_mitm.js
new file mode 100644
index 0000000000..5c9b5e8144
--- /dev/null
+++ b/browser/base/content/test/about/browser_aboutCertError_mitm.js
@@ -0,0 +1,158 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const PREF_MITM_PRIMING = "security.certerrors.mitm.priming.enabled";
+const PREF_MITM_PRIMING_ENDPOINT = "security.certerrors.mitm.priming.endpoint";
+const PREF_MITM_CANARY_ISSUER = "security.pki.mitm_canary_issuer";
+const PREF_MITM_AUTO_ENABLE_ENTERPRISE_ROOTS =
+  "security.certerrors.mitm.auto_enable_enterprise_roots";
+const PREF_ENTERPRISE_ROOTS = "security.enterprise_roots.enabled";
+
+const UNKNOWN_ISSUER = "https://untrusted.example.com";
+
+// Check that basic MitM priming works and the MitM error page is displayed successfully.
+add_task(async function checkMitmPriming() {
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      [PREF_MITM_PRIMING, true],
+      [PREF_MITM_PRIMING_ENDPOINT, UNKNOWN_ISSUER],
+    ],
+  });
+
+  let browser;
+  let certErrorLoaded;
+  await BrowserTestUtils.openNewForegroundTab(
+    gBrowser,
+    () => {
+      gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, UNKNOWN_ISSUER);
+      browser = gBrowser.selectedBrowser;
+      // The page will reload by itself after the initial canary request, so we wait
+      // until the AboutNetErrorLoad event has happened twice.
+      certErrorLoaded = new Promise(resolve => {
+        let loaded = 0;
+        let removeEventListener = BrowserTestUtils.addContentEventListener(
+          browser,
+          "AboutNetErrorLoad",
+          () => {
+            if (++loaded == 2) {
+              removeEventListener();
+              resolve();
+            }
+          },
+          { capture: false, wantUntrusted: true }
+        );
+      });
+    },
+    false
+  );
+
+  await certErrorLoaded;
+
+  await SpecialPowers.spawn(browser, [], () => {
+    is(
+      content.document.body.getAttribute("code"),
+      "MOZILLA_PKIX_ERROR_MITM_DETECTED",
+      "MitM error page has loaded."
+    );
+  });
+
+  ok(true, "Successfully loaded the MitM error page.");
+
+  is(
+    Services.prefs.getStringPref(PREF_MITM_CANARY_ISSUER),
+    "CN=Unknown CA",
+    "Stored the correct issuer"
+  );
+
+  await SpecialPowers.spawn(browser, [], async () => {
+    const shortDesc = content.document.querySelector("#errorShortDesc");
+    const whatToDo = content.document.querySelector("#errorWhatToDoText");
+
+    await ContentTaskUtils.waitForCondition(
+      () => shortDesc.textContent != "" && whatToDo.textContent != "",
+      "DOM localization has been updated"
+    );
+
+    ok(
+      shortDesc.textContent.includes("Unknown CA"),
+      "Shows the name of the issuer."
+    );
+
+    ok(
+      whatToDo.textContent.includes("Unknown CA"),
+      "Shows the name of the issuer."
+    );
+  });
+
+  BrowserTestUtils.removeTab(gBrowser.selectedTab);
+
+  Services.prefs.clearUserPref(PREF_MITM_CANARY_ISSUER);
+});
+
+// Check that we set the enterprise roots pref correctly on MitM
+add_task(async function checkMitmAutoEnableEnterpriseRoots() {
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      [PREF_MITM_PRIMING, true],
+      [PREF_MITM_PRIMING_ENDPOINT, UNKNOWN_ISSUER],
+      [PREF_MITM_AUTO_ENABLE_ENTERPRISE_ROOTS, true],
+      [PREF_ENTERPRISE_ROOTS, false],
+    ],
+  });
+
+  let browser;
+  let certErrorLoaded;
+
+  let prefChanged = TestUtils.waitForPrefChange(
+    PREF_ENTERPRISE_ROOTS,
+    value => value === true
+  );
+  await BrowserTestUtils.openNewForegroundTab(
+    gBrowser,
+    () => {
+      gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, UNKNOWN_ISSUER);
+      browser = gBrowser.selectedBrowser;
+      // The page will reload by itself after the initial canary request, so we wait
+      // until the AboutNetErrorLoad event has happened twice.
+      certErrorLoaded = new Promise(resolve => {
+        let loaded = 0;
+        let removeEventListener = BrowserTestUtils.addContentEventListener(
+          browser,
+          "AboutNetErrorLoad",
+          () => {
+            if (++loaded == 2) {
+              removeEventListener();
+              resolve();
+            }
+          },
+          { capture: false, wantUntrusted: true }
+        );
+      });
+    },
+    false
+  );
+
+  await certErrorLoaded;
+  await prefChanged;
+
+  await SpecialPowers.spawn(browser, [], () => {
+    is(
+      content.document.body.getAttribute("code"),
+      "MOZILLA_PKIX_ERROR_MITM_DETECTED",
+      "MitM error page has loaded."
+    );
+  });
+
+  ok(true, "Successfully loaded the MitM error page.");
+
+  ok(
+    !Services.prefs.prefHasUserValue(PREF_ENTERPRISE_ROOTS),
+    "Flipped the enterprise roots pref back"
+  );
+
+  BrowserTestUtils.removeTab(gBrowser.selectedTab);
+
+  Services.prefs.clearUserPref(PREF_MITM_CANARY_ISSUER);
+});