1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
const PREF_MITM_PRIMING = "security.certerrors.mitm.priming.enabled";
const PREF_MITM_PRIMING_ENDPOINT = "security.certerrors.mitm.priming.endpoint";
const PREF_MITM_CANARY_ISSUER = "security.pki.mitm_canary_issuer";
const PREF_MITM_AUTO_ENABLE_ENTERPRISE_ROOTS =
"security.certerrors.mitm.auto_enable_enterprise_roots";
const PREF_ENTERPRISE_ROOTS = "security.enterprise_roots.enabled";
const UNKNOWN_ISSUER = "https://untrusted.example.com";
// Check that basic MitM priming works and the MitM error page is displayed successfully.
add_task(async function checkMitmPriming() {
await SpecialPowers.pushPrefEnv({
set: [
[PREF_MITM_PRIMING, true],
[PREF_MITM_PRIMING_ENDPOINT, UNKNOWN_ISSUER],
],
});
let browser;
let certErrorLoaded;
await BrowserTestUtils.openNewForegroundTab(
gBrowser,
() => {
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, UNKNOWN_ISSUER);
browser = gBrowser.selectedBrowser;
// The page will reload by itself after the initial canary request, so we wait
// until the AboutNetErrorLoad event has happened twice.
certErrorLoaded = new Promise(resolve => {
let loaded = 0;
let removeEventListener = BrowserTestUtils.addContentEventListener(
browser,
"AboutNetErrorLoad",
() => {
if (++loaded == 2) {
removeEventListener();
resolve();
}
},
{ capture: false, wantUntrusted: true }
);
});
},
false
);
await certErrorLoaded;
await SpecialPowers.spawn(browser, [], () => {
is(
content.document.body.getAttribute("code"),
"MOZILLA_PKIX_ERROR_MITM_DETECTED",
"MitM error page has loaded."
);
});
ok(true, "Successfully loaded the MitM error page.");
is(
Services.prefs.getStringPref(PREF_MITM_CANARY_ISSUER),
"CN=Unknown CA",
"Stored the correct issuer"
);
await SpecialPowers.spawn(browser, [], async () => {
const shortDesc = content.document.querySelector("#errorShortDesc");
const whatToDo = content.document.querySelector("#errorWhatToDoText");
await ContentTaskUtils.waitForCondition(
() => shortDesc.textContent != "" && whatToDo.textContent != "",
"DOM localization has been updated"
);
ok(
shortDesc.textContent.includes("Unknown CA"),
"Shows the name of the issuer."
);
ok(
whatToDo.textContent.includes("Unknown CA"),
"Shows the name of the issuer."
);
});
BrowserTestUtils.removeTab(gBrowser.selectedTab);
Services.prefs.clearUserPref(PREF_MITM_CANARY_ISSUER);
});
// Check that we set the enterprise roots pref correctly on MitM
add_task(async function checkMitmAutoEnableEnterpriseRoots() {
await SpecialPowers.pushPrefEnv({
set: [
[PREF_MITM_PRIMING, true],
[PREF_MITM_PRIMING_ENDPOINT, UNKNOWN_ISSUER],
[PREF_MITM_AUTO_ENABLE_ENTERPRISE_ROOTS, true],
[PREF_ENTERPRISE_ROOTS, false],
],
});
let browser;
let certErrorLoaded;
let prefChanged = TestUtils.waitForPrefChange(
PREF_ENTERPRISE_ROOTS,
value => value === true
);
await BrowserTestUtils.openNewForegroundTab(
gBrowser,
() => {
gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, UNKNOWN_ISSUER);
browser = gBrowser.selectedBrowser;
// The page will reload by itself after the initial canary request, so we wait
// until the AboutNetErrorLoad event has happened twice.
certErrorLoaded = new Promise(resolve => {
let loaded = 0;
let removeEventListener = BrowserTestUtils.addContentEventListener(
browser,
"AboutNetErrorLoad",
() => {
if (++loaded == 2) {
removeEventListener();
resolve();
}
},
{ capture: false, wantUntrusted: true }
);
});
},
false
);
await certErrorLoaded;
await prefChanged;
await SpecialPowers.spawn(browser, [], () => {
is(
content.document.body.getAttribute("code"),
"MOZILLA_PKIX_ERROR_MITM_DETECTED",
"MitM error page has loaded."
);
});
ok(true, "Successfully loaded the MitM error page.");
ok(
!Services.prefs.prefHasUserValue(PREF_ENTERPRISE_ROOTS),
"Flipped the enterprise roots pref back"
);
BrowserTestUtils.removeTab(gBrowser.selectedTab);
Services.prefs.clearUserPref(PREF_MITM_CANARY_ISSUER);
});
|
