From 6bf0a5cb5034a7e684dcc3500e841785237ce2dd Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 19:32:43 +0200
Subject: Adding upstream version 1:115.7.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../extensions/test/browser/browser_updatessl.js   | 389 +++++++++++++++++++++
 1 file changed, 389 insertions(+)
 create mode 100644 toolkit/mozapps/extensions/test/browser/browser_updatessl.js

(limited to 'toolkit/mozapps/extensions/test/browser/browser_updatessl.js')

diff --git a/toolkit/mozapps/extensions/test/browser/browser_updatessl.js b/toolkit/mozapps/extensions/test/browser/browser_updatessl.js
new file mode 100644
index 0000000000..9dbeec4a84
--- /dev/null
+++ b/toolkit/mozapps/extensions/test/browser/browser_updatessl.js
@@ -0,0 +1,389 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+let { AddonUpdateChecker } = ChromeUtils.importESModule(
+  "resource://gre/modules/addons/AddonUpdateChecker.sys.mjs"
+);
+
+const updatejson = RELATIVE_DIR + "browser_updatessl.json";
+const redirect = RELATIVE_DIR + "redirect.sjs?";
+const SUCCESS = 0;
+const DOWNLOAD_ERROR = AddonManager.ERROR_DOWNLOAD_ERROR;
+
+const HTTP = "http://example.com/";
+const HTTPS = "https://example.com/";
+const NOCERT = "https://nocert.example.com/";
+const SELFSIGNED = "https://self-signed.example.com/";
+const UNTRUSTED = "https://untrusted.example.com/";
+const EXPIRED = "https://expired.example.com/";
+
+const PREF_UPDATE_REQUIREBUILTINCERTS = "extensions.update.requireBuiltInCerts";
+
+var gTests = [];
+var gStart = 0;
+var gLast = 0;
+
+var HTTPObserver = {
+  observeActivity(
+    aChannel,
+    aType,
+    aSubtype,
+    aTimestamp,
+    aSizeData,
+    aStringData
+  ) {
+    aChannel.QueryInterface(Ci.nsIChannel);
+
+    dump(
+      "*** HTTP Activity 0x" +
+        aType.toString(16) +
+        " 0x" +
+        aSubtype.toString(16) +
+        " " +
+        aChannel.URI.spec +
+        "\n"
+    );
+  },
+};
+
+function test() {
+  gStart = Date.now();
+  requestLongerTimeout(4);
+  waitForExplicitFinish();
+
+  let observerService = Cc[
+    "@mozilla.org/network/http-activity-distributor;1"
+  ].getService(Ci.nsIHttpActivityDistributor);
+  observerService.addObserver(HTTPObserver);
+
+  registerCleanupFunction(function () {
+    observerService.removeObserver(HTTPObserver);
+  });
+
+  run_next_test();
+}
+
+function end_test() {
+  var cos = Cc["@mozilla.org/security/certoverride;1"].getService(
+    Ci.nsICertOverrideService
+  );
+  cos.clearValidityOverride("nocert.example.com", -1, {});
+  cos.clearValidityOverride("self-signed.example.com", -1, {});
+  cos.clearValidityOverride("untrusted.example.com", -1, {});
+  cos.clearValidityOverride("expired.example.com", -1, {});
+
+  info("All tests completed in " + (Date.now() - gStart) + "ms");
+  finish();
+}
+
+function add_update_test(mainURL, redirectURL, expectedStatus) {
+  gTests.push([mainURL, redirectURL, expectedStatus]);
+}
+
+function run_update_tests(callback) {
+  function run_next_update_test() {
+    if (!gTests.length) {
+      callback();
+      return;
+    }
+    gLast = Date.now();
+
+    let [mainURL, redirectURL, expectedStatus] = gTests.shift();
+    if (redirectURL) {
+      var url = mainURL + redirect + redirectURL + updatejson;
+      var message =
+        "Should have seen the right result for an update check redirected from " +
+        mainURL +
+        " to " +
+        redirectURL;
+    } else {
+      url = mainURL + updatejson;
+      message =
+        "Should have seen the right result for an update check from " + mainURL;
+    }
+
+    AddonUpdateChecker.checkForUpdates("addon1@tests.mozilla.org", url, {
+      onUpdateCheckComplete(updates) {
+        is(updates.length, 1, "Should be the right number of results");
+        is(SUCCESS, expectedStatus, message);
+        info("Update test ran in " + (Date.now() - gLast) + "ms");
+        run_next_update_test();
+      },
+
+      onUpdateCheckError(status) {
+        is(status, expectedStatus, message);
+        info("Update test ran in " + (Date.now() - gLast) + "ms");
+        run_next_update_test();
+      },
+    });
+  }
+
+  run_next_update_test();
+}
+
+// Runs tests with built-in certificates required and no certificate exceptions.
+add_test(async function test_builtin_required() {
+  await SpecialPowers.pushPrefEnv({
+    set: [[PREF_UPDATE_REQUIREBUILTINCERTS, true]],
+  });
+  // Tests that a simple update.json retrieval works as expected.
+  add_update_test(HTTP, null, SUCCESS);
+  add_update_test(HTTPS, null, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, null, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, null, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, null, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, null, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from http to other servers works as expected
+  add_update_test(HTTP, HTTP, SUCCESS);
+  add_update_test(HTTP, HTTPS, SUCCESS);
+  add_update_test(HTTP, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(HTTP, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(HTTP, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(HTTP, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from valid https to other servers works as expected
+  add_update_test(HTTPS, HTTP, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from nocert https to other servers works as expected
+  add_update_test(NOCERT, HTTP, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from self-signed https to other servers works as expected
+  add_update_test(SELFSIGNED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from untrusted https to other servers works as expected
+  add_update_test(UNTRUSTED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from expired https to other servers works as expected
+  add_update_test(EXPIRED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, EXPIRED, DOWNLOAD_ERROR);
+
+  run_update_tests(run_next_test);
+});
+
+// Runs tests without requiring built-in certificates and no certificate
+// exceptions.
+add_test(async function test_builtin_not_required() {
+  await SpecialPowers.pushPrefEnv({
+    set: [[PREF_UPDATE_REQUIREBUILTINCERTS, false]],
+  });
+
+  // Tests that a simple update.json retrieval works as expected.
+  add_update_test(HTTP, null, SUCCESS);
+  add_update_test(HTTPS, null, SUCCESS);
+  add_update_test(NOCERT, null, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, null, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, null, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, null, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from http to other servers works as expected
+  add_update_test(HTTP, HTTP, SUCCESS);
+  add_update_test(HTTP, HTTPS, SUCCESS);
+  add_update_test(HTTP, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(HTTP, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(HTTP, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(HTTP, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from valid https to other servers works as expected
+  add_update_test(HTTPS, HTTP, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, HTTPS, SUCCESS);
+  add_update_test(HTTPS, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from nocert https to other servers works as expected
+  add_update_test(NOCERT, HTTP, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from self-signed https to other servers works as expected
+  add_update_test(SELFSIGNED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from untrusted https to other servers works as expected
+  add_update_test(UNTRUSTED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from expired https to other servers works as expected
+  add_update_test(EXPIRED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, EXPIRED, DOWNLOAD_ERROR);
+
+  run_update_tests(run_next_test);
+});
+
+// Set up overrides for the next test.
+add_test(() => {
+  addCertOverrides().then(run_next_test);
+});
+
+// Runs tests with built-in certificates required and all certificate exceptions.
+add_test(async function test_builtin_required_overrides() {
+  await SpecialPowers.pushPrefEnv({
+    set: [[PREF_UPDATE_REQUIREBUILTINCERTS, true]],
+  });
+
+  // Tests that a simple update.json retrieval works as expected.
+  add_update_test(HTTP, null, SUCCESS);
+  add_update_test(HTTPS, null, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, null, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, null, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, null, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, null, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from http to other servers works as expected
+  add_update_test(HTTP, HTTP, SUCCESS);
+  add_update_test(HTTP, HTTPS, SUCCESS);
+  add_update_test(HTTP, NOCERT, SUCCESS);
+  add_update_test(HTTP, SELFSIGNED, SUCCESS);
+  add_update_test(HTTP, UNTRUSTED, SUCCESS);
+  add_update_test(HTTP, EXPIRED, SUCCESS);
+
+  // Tests that redirecting from valid https to other servers works as expected
+  add_update_test(HTTPS, HTTP, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from nocert https to other servers works as expected
+  add_update_test(NOCERT, HTTP, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from self-signed https to other servers works as expected
+  add_update_test(SELFSIGNED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from untrusted https to other servers works as expected
+  add_update_test(UNTRUSTED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, EXPIRED, DOWNLOAD_ERROR);
+
+  // Tests that redirecting from expired https to other servers works as expected
+  add_update_test(EXPIRED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, HTTPS, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, NOCERT, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, SELFSIGNED, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, UNTRUSTED, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, EXPIRED, DOWNLOAD_ERROR);
+
+  run_update_tests(run_next_test);
+});
+
+// Runs tests without requiring built-in certificates and all certificate
+// exceptions.
+add_test(async function test_builtin_not_required_overrides() {
+  await SpecialPowers.pushPrefEnv({
+    set: [[PREF_UPDATE_REQUIREBUILTINCERTS, false]],
+  });
+
+  // Tests that a simple update.json retrieval works as expected.
+  add_update_test(HTTP, null, SUCCESS);
+  add_update_test(HTTPS, null, SUCCESS);
+  add_update_test(NOCERT, null, SUCCESS);
+  add_update_test(SELFSIGNED, null, SUCCESS);
+  add_update_test(UNTRUSTED, null, SUCCESS);
+  add_update_test(EXPIRED, null, SUCCESS);
+
+  // Tests that redirecting from http to other servers works as expected
+  add_update_test(HTTP, HTTP, SUCCESS);
+  add_update_test(HTTP, HTTPS, SUCCESS);
+  add_update_test(HTTP, NOCERT, SUCCESS);
+  add_update_test(HTTP, SELFSIGNED, SUCCESS);
+  add_update_test(HTTP, UNTRUSTED, SUCCESS);
+  add_update_test(HTTP, EXPIRED, SUCCESS);
+
+  // Tests that redirecting from valid https to other servers works as expected
+  add_update_test(HTTPS, HTTP, DOWNLOAD_ERROR);
+  add_update_test(HTTPS, HTTPS, SUCCESS);
+  add_update_test(HTTPS, NOCERT, SUCCESS);
+  add_update_test(HTTPS, SELFSIGNED, SUCCESS);
+  add_update_test(HTTPS, UNTRUSTED, SUCCESS);
+  add_update_test(HTTPS, EXPIRED, SUCCESS);
+
+  // Tests that redirecting from nocert https to other servers works as expected
+  add_update_test(NOCERT, HTTP, DOWNLOAD_ERROR);
+  add_update_test(NOCERT, HTTPS, SUCCESS);
+  add_update_test(NOCERT, NOCERT, SUCCESS);
+  add_update_test(NOCERT, SELFSIGNED, SUCCESS);
+  add_update_test(NOCERT, UNTRUSTED, SUCCESS);
+  add_update_test(NOCERT, EXPIRED, SUCCESS);
+
+  // Tests that redirecting from self-signed https to other servers works as expected
+  add_update_test(SELFSIGNED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(SELFSIGNED, HTTPS, SUCCESS);
+  add_update_test(SELFSIGNED, NOCERT, SUCCESS);
+  add_update_test(SELFSIGNED, SELFSIGNED, SUCCESS);
+  add_update_test(SELFSIGNED, UNTRUSTED, SUCCESS);
+  add_update_test(SELFSIGNED, EXPIRED, SUCCESS);
+
+  // Tests that redirecting from untrusted https to other servers works as expected
+  add_update_test(UNTRUSTED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(UNTRUSTED, HTTPS, SUCCESS);
+  add_update_test(UNTRUSTED, NOCERT, SUCCESS);
+  add_update_test(UNTRUSTED, SELFSIGNED, SUCCESS);
+  add_update_test(UNTRUSTED, UNTRUSTED, SUCCESS);
+  add_update_test(UNTRUSTED, EXPIRED, SUCCESS);
+
+  // Tests that redirecting from expired https to other servers works as expected
+  add_update_test(EXPIRED, HTTP, DOWNLOAD_ERROR);
+  add_update_test(EXPIRED, HTTPS, SUCCESS);
+  add_update_test(EXPIRED, NOCERT, SUCCESS);
+  add_update_test(EXPIRED, SELFSIGNED, SUCCESS);
+  add_update_test(EXPIRED, UNTRUSTED, SUCCESS);
+  add_update_test(EXPIRED, EXPIRED, SUCCESS);
+
+  run_update_tests(run_next_test);
+});
-- 
cgit v1.2.3