diff options
Diffstat (limited to 'browser/base/content/test/general/browser_aboutCertError.js')
| -rw-r--r-- | browser/base/content/test/general/browser_aboutCertError.js | 409 |
1 files changed, 0 insertions, 409 deletions
diff --git a/browser/base/content/test/general/browser_aboutCertError.js b/browser/base/content/test/general/browser_aboutCertError.js deleted file mode 100644 index 0e335066c..000000000 --- a/browser/base/content/test/general/browser_aboutCertError.js +++ /dev/null @@ -1,409 +0,0 @@ -/* Any copyright is dedicated to the Public Domain. - * http://creativecommons.org/publicdomain/zero/1.0/ */ - -"use strict"; - -// This is testing the aboutCertError page (Bug 1207107). - -const GOOD_PAGE = "https://example.com/"; -const BAD_CERT = "https://expired.example.com/"; -const UNKNOWN_ISSUER = "https://self-signed.example.com "; -const BAD_STS_CERT = "https://badchain.include-subdomains.pinning.example.com:443"; -const {TabStateFlusher} = Cu.import("resource:///modules/sessionstore/TabStateFlusher.jsm", {}); -const ss = Cc["@mozilla.org/browser/sessionstore;1"].getService(Ci.nsISessionStore); - -add_task(function* checkReturnToAboutHome() { - info("Loading a bad cert page directly and making sure 'return to previous page' goes to about:home"); - let browser; - let certErrorLoaded; - let tab = yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => { - gBrowser.selectedTab = gBrowser.addTab(BAD_CERT); - browser = gBrowser.selectedBrowser; - certErrorLoaded = waitForCertErrorLoad(browser); - }, false); - - info("Loading and waiting for the cert error"); - yield certErrorLoaded; - - is(browser.webNavigation.canGoBack, false, "!webNavigation.canGoBack"); - is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward"); - - // Populate the shistory entries manually, since it happens asynchronously - // and the following tests will be too soon otherwise. - yield TabStateFlusher.flush(browser); - let {entries} = JSON.parse(ss.getTabState(tab)); - is(entries.length, 1, "there is one shistory entry"); - - info("Clicking the go back button on about:certerror"); - yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let returnButton = doc.getElementById("returnButton"); - is(returnButton.getAttribute("autofocus"), "true", "returnButton has autofocus"); - returnButton.click(); - - yield ContentTaskUtils.waitForEvent(this, "pageshow", true); - }); - - is(browser.webNavigation.canGoBack, true, "webNavigation.canGoBack"); - is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward"); - is(gBrowser.currentURI.spec, "about:home", "Went back"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - -add_task(function* checkReturnToPreviousPage() { - info("Loading a bad cert page and making sure 'return to previous page' goes back"); - let tab = yield BrowserTestUtils.openNewForegroundTab(gBrowser, GOOD_PAGE); - let browser = gBrowser.selectedBrowser; - - info("Loading and waiting for the cert error"); - let certErrorLoaded = waitForCertErrorLoad(browser); - BrowserTestUtils.loadURI(browser, BAD_CERT); - yield certErrorLoaded; - - is(browser.webNavigation.canGoBack, true, "webNavigation.canGoBack"); - is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward"); - - // Populate the shistory entries manually, since it happens asynchronously - // and the following tests will be too soon otherwise. - yield TabStateFlusher.flush(browser); - let {entries} = JSON.parse(ss.getTabState(tab)); - is(entries.length, 2, "there are two shistory entries"); - - info("Clicking the go back button on about:certerror"); - yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let returnButton = doc.getElementById("returnButton"); - returnButton.click(); - - yield ContentTaskUtils.waitForEvent(this, "pageshow", true); - }); - - is(browser.webNavigation.canGoBack, false, "!webNavigation.canGoBack"); - is(browser.webNavigation.canGoForward, true, "webNavigation.canGoForward"); - is(gBrowser.currentURI.spec, GOOD_PAGE, "Went back"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - -add_task(function* checkBadStsCert() { - info("Loading a badStsCert and making sure exception button doesn't show up"); - yield BrowserTestUtils.openNewForegroundTab(gBrowser, GOOD_PAGE); - let browser = gBrowser.selectedBrowser; - - info("Loading and waiting for the cert error"); - let certErrorLoaded = waitForCertErrorLoad(browser); - BrowserTestUtils.loadURI(browser, BAD_STS_CERT); - yield certErrorLoaded; - - let exceptionButtonHidden = yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let exceptionButton = doc.getElementById("exceptionDialogButton"); - return exceptionButton.hidden; - }); - ok(exceptionButtonHidden, "Exception button is hidden"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - -const PREF_BLOCKLIST_CLOCK_SKEW_SECONDS = "services.blocklist.clock_skew_seconds"; - -add_task(function* checkWrongSystemTimeWarning() { - function* setUpPage() { - let browser; - let certErrorLoaded; - yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => { - gBrowser.selectedTab = gBrowser.addTab(BAD_CERT); - browser = gBrowser.selectedBrowser; - certErrorLoaded = waitForCertErrorLoad(browser); - }, false); - - info("Loading and waiting for the cert error"); - yield certErrorLoaded; - - return yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let div = doc.getElementById("wrongSystemTimePanel"); - let systemDateDiv = doc.getElementById("wrongSystemTime_systemDate"); - let actualDateDiv = doc.getElementById("wrongSystemTime_actualDate"); - let learnMoreLink = doc.getElementById("learnMoreLink"); - - return { - divDisplay: content.getComputedStyle(div).display, - text: div.textContent, - systemDate: systemDateDiv.textContent, - actualDate: actualDateDiv.textContent, - learnMoreLink: learnMoreLink.href - }; - }); - } - - let formatter = new Intl.DateTimeFormat(); - - // pretend we have a positively skewed (ahead) system time - let serverDate = new Date("2015/10/27"); - let serverDateFmt = formatter.format(serverDate); - let localDateFmt = formatter.format(new Date()); - - let skew = Math.floor((Date.now() - serverDate.getTime()) / 1000); - yield new Promise(r => SpecialPowers.pushPrefEnv({set: - [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r)); - - info("Loading a bad cert page with a skewed clock"); - let message = yield Task.spawn(setUpPage); - - isnot(message.divDisplay, "none", "Wrong time message information is visible"); - ok(message.text.includes("because your clock appears to show the wrong time"), - "Correct error message found"); - ok(message.text.includes("expired.example.com"), "URL found in error message"); - ok(message.systemDate.includes(localDateFmt), "correct local date displayed"); - ok(message.actualDate.includes(serverDateFmt), "correct server date displayed"); - ok(message.learnMoreLink.includes("time-errors"), "time-errors in the Learn More URL"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); - - // pretend we have a negatively skewed (behind) system time - serverDate = new Date(); - serverDate.setYear(serverDate.getFullYear() + 1); - serverDateFmt = formatter.format(serverDate); - - skew = Math.floor((Date.now() - serverDate.getTime()) / 1000); - yield new Promise(r => SpecialPowers.pushPrefEnv({set: - [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r)); - - info("Loading a bad cert page with a skewed clock"); - message = yield Task.spawn(setUpPage); - - isnot(message.divDisplay, "none", "Wrong time message information is visible"); - ok(message.text.includes("because your clock appears to show the wrong time"), - "Correct error message found"); - ok(message.text.includes("expired.example.com"), "URL found in error message"); - ok(message.systemDate.includes(localDateFmt), "correct local date displayed"); - ok(message.actualDate.includes(serverDateFmt), "correct server date displayed"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); - - // pretend we only have a slightly skewed system time, four hours - skew = 60 * 60 * 4; - yield new Promise(r => SpecialPowers.pushPrefEnv({set: - [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r)); - - info("Loading a bad cert page with an only slightly skewed clock"); - message = yield Task.spawn(setUpPage); - - is(message.divDisplay, "none", "Wrong time message information is not visible"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); - - // now pretend we have no skewed system time - skew = 0; - yield new Promise(r => SpecialPowers.pushPrefEnv({set: - [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r)); - - info("Loading a bad cert page with no skewed clock"); - message = yield Task.spawn(setUpPage); - - is(message.divDisplay, "none", "Wrong time message information is not visible"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - -add_task(function* checkAdvancedDetails() { - info("Loading a bad cert page and verifying the main error and advanced details section"); - let browser; - let certErrorLoaded; - yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => { - gBrowser.selectedTab = gBrowser.addTab(BAD_CERT); - browser = gBrowser.selectedBrowser; - certErrorLoaded = waitForCertErrorLoad(browser); - }, false); - - info("Loading and waiting for the cert error"); - yield certErrorLoaded; - - let message = yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let shortDescText = doc.getElementById("errorShortDescText"); - info("Main error text: " + shortDescText.textContent); - ok(shortDescText.textContent.includes("expired.example.com"), - "Should list hostname in error message."); - - let advancedButton = doc.getElementById("advancedButton"); - advancedButton.click(); - let el = doc.getElementById("errorCode"); - return { textContent: el.textContent, tagName: el.tagName }; - }); - is(message.textContent, "SEC_ERROR_EXPIRED_CERTIFICATE", - "Correct error message found"); - is(message.tagName, "a", "Error message is a link"); - - message = yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let errorCode = doc.getElementById("errorCode"); - errorCode.click(); - let div = doc.getElementById("certificateErrorDebugInformation"); - let text = doc.getElementById("certificateErrorText"); - - let serhelper = Cc["@mozilla.org/network/serialization-helper;1"] - .getService(Ci.nsISerializationHelper); - let serializable = docShell.failedChannel.securityInfo - .QueryInterface(Ci.nsITransportSecurityInfo) - .QueryInterface(Ci.nsISerializable); - let serializedSecurityInfo = serhelper.serializeToString(serializable); - return { - divDisplay: content.getComputedStyle(div).display, - text: text.textContent, - securityInfoAsString: serializedSecurityInfo - }; - }); - isnot(message.divDisplay, "none", "Debug information is visible"); - ok(message.text.includes(BAD_CERT), "Correct URL found"); - ok(message.text.includes("Certificate has expired"), - "Correct error message found"); - ok(message.text.includes("HTTP Strict Transport Security: false"), - "Correct HSTS value found"); - ok(message.text.includes("HTTP Public Key Pinning: false"), - "Correct HPKP value found"); - let certChain = getCertChain(message.securityInfoAsString); - ok(message.text.includes(certChain), "Found certificate chain"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - -add_task(function* checkAdvancedDetailsForHSTS() { - info("Loading a bad STS cert page and verifying the advanced details section"); - let browser; - let certErrorLoaded; - yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => { - gBrowser.selectedTab = gBrowser.addTab(BAD_STS_CERT); - browser = gBrowser.selectedBrowser; - certErrorLoaded = waitForCertErrorLoad(browser); - }, false); - - info("Loading and waiting for the cert error"); - yield certErrorLoaded; - - let message = yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let advancedButton = doc.getElementById("advancedButton"); - advancedButton.click(); - let ec = doc.getElementById("errorCode"); - let cdl = doc.getElementById("cert_domain_link"); - return { - ecTextContent: ec.textContent, - ecTagName: ec.tagName, - cdlTextContent: cdl.textContent, - cdlTagName: cdl.tagName - }; - }); - - const badStsUri = Services.io.newURI(BAD_STS_CERT, null, null); - is(message.ecTextContent, "SSL_ERROR_BAD_CERT_DOMAIN", - "Correct error message found"); - is(message.ecTagName, "a", "Error message is a link"); - const url = badStsUri.prePath.slice(badStsUri.prePath.indexOf(".") + 1); - is(message.cdlTextContent, url, - "Correct cert_domain_link contents found"); - is(message.cdlTagName, "a", "cert_domain_link is a link"); - - message = yield ContentTask.spawn(browser, null, function* () { - let doc = content.document; - let errorCode = doc.getElementById("errorCode"); - errorCode.click(); - let div = doc.getElementById("certificateErrorDebugInformation"); - let text = doc.getElementById("certificateErrorText"); - - let serhelper = Cc["@mozilla.org/network/serialization-helper;1"] - .getService(Ci.nsISerializationHelper); - let serializable = docShell.failedChannel.securityInfo - .QueryInterface(Ci.nsITransportSecurityInfo) - .QueryInterface(Ci.nsISerializable); - let serializedSecurityInfo = serhelper.serializeToString(serializable); - return { - divDisplay: content.getComputedStyle(div).display, - text: text.textContent, - securityInfoAsString: serializedSecurityInfo - }; - }); - isnot(message.divDisplay, "none", "Debug information is visible"); - ok(message.text.includes(badStsUri.spec), "Correct URL found"); - ok(message.text.includes("requested domain name does not match the server\u2019s certificate"), - "Correct error message found"); - ok(message.text.includes("HTTP Strict Transport Security: false"), - "Correct HSTS value found"); - ok(message.text.includes("HTTP Public Key Pinning: true"), - "Correct HPKP value found"); - let certChain = getCertChain(message.securityInfoAsString); - ok(message.text.includes(certChain), "Found certificate chain"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - -add_task(function* checkUnknownIssuerLearnMoreLink() { - info("Loading a cert error for self-signed pages and checking the correct link is shown"); - let browser; - let certErrorLoaded; - yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => { - gBrowser.selectedTab = gBrowser.addTab(UNKNOWN_ISSUER); - browser = gBrowser.selectedBrowser; - certErrorLoaded = waitForCertErrorLoad(browser); - }, false); - - info("Loading and waiting for the cert error"); - yield certErrorLoaded; - - let href = yield ContentTask.spawn(browser, null, function* () { - let learnMoreLink = content.document.getElementById("learnMoreLink"); - return learnMoreLink.href; - }); - ok(href.endsWith("security-error"), "security-error in the Learn More URL"); - - yield BrowserTestUtils.removeTab(gBrowser.selectedTab); -}); - -function waitForCertErrorLoad(browser) { - return new Promise(resolve => { - info("Waiting for DOMContentLoaded event"); - browser.addEventListener("DOMContentLoaded", function load() { - browser.removeEventListener("DOMContentLoaded", load, false, true); - resolve(); - }, false, true); - }); -} - -function getCertChain(securityInfoAsString) { - let certChain = ""; - const serhelper = Cc["@mozilla.org/network/serialization-helper;1"] - .getService(Ci.nsISerializationHelper); - let securityInfo = serhelper.deserializeObject(securityInfoAsString); - securityInfo.QueryInterface(Ci.nsITransportSecurityInfo); - let certs = securityInfo.failedCertChain.getEnumerator(); - while (certs.hasMoreElements()) { - let cert = certs.getNext(); - cert.QueryInterface(Ci.nsIX509Cert); - certChain += getPEMString(cert); - } - return certChain; -} - -function getDERString(cert) -{ - var length = {}; - var derArray = cert.getRawDER(length); - var derString = ''; - for (var i = 0; i < derArray.length; i++) { - derString += String.fromCharCode(derArray[i]); - } - return derString; -} - -function getPEMString(cert) -{ - var derb64 = btoa(getDERString(cert)); - // Wrap the Base64 string into lines of 64 characters, - // with CRLF line breaks (as specified in RFC 1421). - var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n"); - return "-----BEGIN CERTIFICATE-----\r\n" - + wrapped - + "\r\n-----END CERTIFICATE-----\r\n"; -} |