summaryrefslogtreecommitdiffstats
path: root/browser/base/content/test/general/browser_aboutCertError.js
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /browser/base/content/test/general/browser_aboutCertError.js
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'browser/base/content/test/general/browser_aboutCertError.js')
-rw-r--r--browser/base/content/test/general/browser_aboutCertError.js409
1 files changed, 409 insertions, 0 deletions
diff --git a/browser/base/content/test/general/browser_aboutCertError.js b/browser/base/content/test/general/browser_aboutCertError.js
new file mode 100644
index 000000000..0e335066c
--- /dev/null
+++ b/browser/base/content/test/general/browser_aboutCertError.js
@@ -0,0 +1,409 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// This is testing the aboutCertError page (Bug 1207107).
+
+const GOOD_PAGE = "https://example.com/";
+const BAD_CERT = "https://expired.example.com/";
+const UNKNOWN_ISSUER = "https://self-signed.example.com ";
+const BAD_STS_CERT = "https://badchain.include-subdomains.pinning.example.com:443";
+const {TabStateFlusher} = Cu.import("resource:///modules/sessionstore/TabStateFlusher.jsm", {});
+const ss = Cc["@mozilla.org/browser/sessionstore;1"].getService(Ci.nsISessionStore);
+
+add_task(function* checkReturnToAboutHome() {
+ info("Loading a bad cert page directly and making sure 'return to previous page' goes to about:home");
+ let browser;
+ let certErrorLoaded;
+ let tab = yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => {
+ gBrowser.selectedTab = gBrowser.addTab(BAD_CERT);
+ browser = gBrowser.selectedBrowser;
+ certErrorLoaded = waitForCertErrorLoad(browser);
+ }, false);
+
+ info("Loading and waiting for the cert error");
+ yield certErrorLoaded;
+
+ is(browser.webNavigation.canGoBack, false, "!webNavigation.canGoBack");
+ is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward");
+
+ // Populate the shistory entries manually, since it happens asynchronously
+ // and the following tests will be too soon otherwise.
+ yield TabStateFlusher.flush(browser);
+ let {entries} = JSON.parse(ss.getTabState(tab));
+ is(entries.length, 1, "there is one shistory entry");
+
+ info("Clicking the go back button on about:certerror");
+ yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let returnButton = doc.getElementById("returnButton");
+ is(returnButton.getAttribute("autofocus"), "true", "returnButton has autofocus");
+ returnButton.click();
+
+ yield ContentTaskUtils.waitForEvent(this, "pageshow", true);
+ });
+
+ is(browser.webNavigation.canGoBack, true, "webNavigation.canGoBack");
+ is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward");
+ is(gBrowser.currentURI.spec, "about:home", "Went back");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+add_task(function* checkReturnToPreviousPage() {
+ info("Loading a bad cert page and making sure 'return to previous page' goes back");
+ let tab = yield BrowserTestUtils.openNewForegroundTab(gBrowser, GOOD_PAGE);
+ let browser = gBrowser.selectedBrowser;
+
+ info("Loading and waiting for the cert error");
+ let certErrorLoaded = waitForCertErrorLoad(browser);
+ BrowserTestUtils.loadURI(browser, BAD_CERT);
+ yield certErrorLoaded;
+
+ is(browser.webNavigation.canGoBack, true, "webNavigation.canGoBack");
+ is(browser.webNavigation.canGoForward, false, "!webNavigation.canGoForward");
+
+ // Populate the shistory entries manually, since it happens asynchronously
+ // and the following tests will be too soon otherwise.
+ yield TabStateFlusher.flush(browser);
+ let {entries} = JSON.parse(ss.getTabState(tab));
+ is(entries.length, 2, "there are two shistory entries");
+
+ info("Clicking the go back button on about:certerror");
+ yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let returnButton = doc.getElementById("returnButton");
+ returnButton.click();
+
+ yield ContentTaskUtils.waitForEvent(this, "pageshow", true);
+ });
+
+ is(browser.webNavigation.canGoBack, false, "!webNavigation.canGoBack");
+ is(browser.webNavigation.canGoForward, true, "webNavigation.canGoForward");
+ is(gBrowser.currentURI.spec, GOOD_PAGE, "Went back");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+add_task(function* checkBadStsCert() {
+ info("Loading a badStsCert and making sure exception button doesn't show up");
+ yield BrowserTestUtils.openNewForegroundTab(gBrowser, GOOD_PAGE);
+ let browser = gBrowser.selectedBrowser;
+
+ info("Loading and waiting for the cert error");
+ let certErrorLoaded = waitForCertErrorLoad(browser);
+ BrowserTestUtils.loadURI(browser, BAD_STS_CERT);
+ yield certErrorLoaded;
+
+ let exceptionButtonHidden = yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let exceptionButton = doc.getElementById("exceptionDialogButton");
+ return exceptionButton.hidden;
+ });
+ ok(exceptionButtonHidden, "Exception button is hidden");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+const PREF_BLOCKLIST_CLOCK_SKEW_SECONDS = "services.blocklist.clock_skew_seconds";
+
+add_task(function* checkWrongSystemTimeWarning() {
+ function* setUpPage() {
+ let browser;
+ let certErrorLoaded;
+ yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => {
+ gBrowser.selectedTab = gBrowser.addTab(BAD_CERT);
+ browser = gBrowser.selectedBrowser;
+ certErrorLoaded = waitForCertErrorLoad(browser);
+ }, false);
+
+ info("Loading and waiting for the cert error");
+ yield certErrorLoaded;
+
+ return yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let div = doc.getElementById("wrongSystemTimePanel");
+ let systemDateDiv = doc.getElementById("wrongSystemTime_systemDate");
+ let actualDateDiv = doc.getElementById("wrongSystemTime_actualDate");
+ let learnMoreLink = doc.getElementById("learnMoreLink");
+
+ return {
+ divDisplay: content.getComputedStyle(div).display,
+ text: div.textContent,
+ systemDate: systemDateDiv.textContent,
+ actualDate: actualDateDiv.textContent,
+ learnMoreLink: learnMoreLink.href
+ };
+ });
+ }
+
+ let formatter = new Intl.DateTimeFormat();
+
+ // pretend we have a positively skewed (ahead) system time
+ let serverDate = new Date("2015/10/27");
+ let serverDateFmt = formatter.format(serverDate);
+ let localDateFmt = formatter.format(new Date());
+
+ let skew = Math.floor((Date.now() - serverDate.getTime()) / 1000);
+ yield new Promise(r => SpecialPowers.pushPrefEnv({set:
+ [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r));
+
+ info("Loading a bad cert page with a skewed clock");
+ let message = yield Task.spawn(setUpPage);
+
+ isnot(message.divDisplay, "none", "Wrong time message information is visible");
+ ok(message.text.includes("because your clock appears to show the wrong time"),
+ "Correct error message found");
+ ok(message.text.includes("expired.example.com"), "URL found in error message");
+ ok(message.systemDate.includes(localDateFmt), "correct local date displayed");
+ ok(message.actualDate.includes(serverDateFmt), "correct server date displayed");
+ ok(message.learnMoreLink.includes("time-errors"), "time-errors in the Learn More URL");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+
+ // pretend we have a negatively skewed (behind) system time
+ serverDate = new Date();
+ serverDate.setYear(serverDate.getFullYear() + 1);
+ serverDateFmt = formatter.format(serverDate);
+
+ skew = Math.floor((Date.now() - serverDate.getTime()) / 1000);
+ yield new Promise(r => SpecialPowers.pushPrefEnv({set:
+ [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r));
+
+ info("Loading a bad cert page with a skewed clock");
+ message = yield Task.spawn(setUpPage);
+
+ isnot(message.divDisplay, "none", "Wrong time message information is visible");
+ ok(message.text.includes("because your clock appears to show the wrong time"),
+ "Correct error message found");
+ ok(message.text.includes("expired.example.com"), "URL found in error message");
+ ok(message.systemDate.includes(localDateFmt), "correct local date displayed");
+ ok(message.actualDate.includes(serverDateFmt), "correct server date displayed");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+
+ // pretend we only have a slightly skewed system time, four hours
+ skew = 60 * 60 * 4;
+ yield new Promise(r => SpecialPowers.pushPrefEnv({set:
+ [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r));
+
+ info("Loading a bad cert page with an only slightly skewed clock");
+ message = yield Task.spawn(setUpPage);
+
+ is(message.divDisplay, "none", "Wrong time message information is not visible");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+
+ // now pretend we have no skewed system time
+ skew = 0;
+ yield new Promise(r => SpecialPowers.pushPrefEnv({set:
+ [[PREF_BLOCKLIST_CLOCK_SKEW_SECONDS, skew]]}, r));
+
+ info("Loading a bad cert page with no skewed clock");
+ message = yield Task.spawn(setUpPage);
+
+ is(message.divDisplay, "none", "Wrong time message information is not visible");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+add_task(function* checkAdvancedDetails() {
+ info("Loading a bad cert page and verifying the main error and advanced details section");
+ let browser;
+ let certErrorLoaded;
+ yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => {
+ gBrowser.selectedTab = gBrowser.addTab(BAD_CERT);
+ browser = gBrowser.selectedBrowser;
+ certErrorLoaded = waitForCertErrorLoad(browser);
+ }, false);
+
+ info("Loading and waiting for the cert error");
+ yield certErrorLoaded;
+
+ let message = yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let shortDescText = doc.getElementById("errorShortDescText");
+ info("Main error text: " + shortDescText.textContent);
+ ok(shortDescText.textContent.includes("expired.example.com"),
+ "Should list hostname in error message.");
+
+ let advancedButton = doc.getElementById("advancedButton");
+ advancedButton.click();
+ let el = doc.getElementById("errorCode");
+ return { textContent: el.textContent, tagName: el.tagName };
+ });
+ is(message.textContent, "SEC_ERROR_EXPIRED_CERTIFICATE",
+ "Correct error message found");
+ is(message.tagName, "a", "Error message is a link");
+
+ message = yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let errorCode = doc.getElementById("errorCode");
+ errorCode.click();
+ let div = doc.getElementById("certificateErrorDebugInformation");
+ let text = doc.getElementById("certificateErrorText");
+
+ let serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
+ .getService(Ci.nsISerializationHelper);
+ let serializable = docShell.failedChannel.securityInfo
+ .QueryInterface(Ci.nsITransportSecurityInfo)
+ .QueryInterface(Ci.nsISerializable);
+ let serializedSecurityInfo = serhelper.serializeToString(serializable);
+ return {
+ divDisplay: content.getComputedStyle(div).display,
+ text: text.textContent,
+ securityInfoAsString: serializedSecurityInfo
+ };
+ });
+ isnot(message.divDisplay, "none", "Debug information is visible");
+ ok(message.text.includes(BAD_CERT), "Correct URL found");
+ ok(message.text.includes("Certificate has expired"),
+ "Correct error message found");
+ ok(message.text.includes("HTTP Strict Transport Security: false"),
+ "Correct HSTS value found");
+ ok(message.text.includes("HTTP Public Key Pinning: false"),
+ "Correct HPKP value found");
+ let certChain = getCertChain(message.securityInfoAsString);
+ ok(message.text.includes(certChain), "Found certificate chain");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+add_task(function* checkAdvancedDetailsForHSTS() {
+ info("Loading a bad STS cert page and verifying the advanced details section");
+ let browser;
+ let certErrorLoaded;
+ yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => {
+ gBrowser.selectedTab = gBrowser.addTab(BAD_STS_CERT);
+ browser = gBrowser.selectedBrowser;
+ certErrorLoaded = waitForCertErrorLoad(browser);
+ }, false);
+
+ info("Loading and waiting for the cert error");
+ yield certErrorLoaded;
+
+ let message = yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let advancedButton = doc.getElementById("advancedButton");
+ advancedButton.click();
+ let ec = doc.getElementById("errorCode");
+ let cdl = doc.getElementById("cert_domain_link");
+ return {
+ ecTextContent: ec.textContent,
+ ecTagName: ec.tagName,
+ cdlTextContent: cdl.textContent,
+ cdlTagName: cdl.tagName
+ };
+ });
+
+ const badStsUri = Services.io.newURI(BAD_STS_CERT, null, null);
+ is(message.ecTextContent, "SSL_ERROR_BAD_CERT_DOMAIN",
+ "Correct error message found");
+ is(message.ecTagName, "a", "Error message is a link");
+ const url = badStsUri.prePath.slice(badStsUri.prePath.indexOf(".") + 1);
+ is(message.cdlTextContent, url,
+ "Correct cert_domain_link contents found");
+ is(message.cdlTagName, "a", "cert_domain_link is a link");
+
+ message = yield ContentTask.spawn(browser, null, function* () {
+ let doc = content.document;
+ let errorCode = doc.getElementById("errorCode");
+ errorCode.click();
+ let div = doc.getElementById("certificateErrorDebugInformation");
+ let text = doc.getElementById("certificateErrorText");
+
+ let serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
+ .getService(Ci.nsISerializationHelper);
+ let serializable = docShell.failedChannel.securityInfo
+ .QueryInterface(Ci.nsITransportSecurityInfo)
+ .QueryInterface(Ci.nsISerializable);
+ let serializedSecurityInfo = serhelper.serializeToString(serializable);
+ return {
+ divDisplay: content.getComputedStyle(div).display,
+ text: text.textContent,
+ securityInfoAsString: serializedSecurityInfo
+ };
+ });
+ isnot(message.divDisplay, "none", "Debug information is visible");
+ ok(message.text.includes(badStsUri.spec), "Correct URL found");
+ ok(message.text.includes("requested domain name does not match the server\u2019s certificate"),
+ "Correct error message found");
+ ok(message.text.includes("HTTP Strict Transport Security: false"),
+ "Correct HSTS value found");
+ ok(message.text.includes("HTTP Public Key Pinning: true"),
+ "Correct HPKP value found");
+ let certChain = getCertChain(message.securityInfoAsString);
+ ok(message.text.includes(certChain), "Found certificate chain");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+add_task(function* checkUnknownIssuerLearnMoreLink() {
+ info("Loading a cert error for self-signed pages and checking the correct link is shown");
+ let browser;
+ let certErrorLoaded;
+ yield BrowserTestUtils.openNewForegroundTab(gBrowser, () => {
+ gBrowser.selectedTab = gBrowser.addTab(UNKNOWN_ISSUER);
+ browser = gBrowser.selectedBrowser;
+ certErrorLoaded = waitForCertErrorLoad(browser);
+ }, false);
+
+ info("Loading and waiting for the cert error");
+ yield certErrorLoaded;
+
+ let href = yield ContentTask.spawn(browser, null, function* () {
+ let learnMoreLink = content.document.getElementById("learnMoreLink");
+ return learnMoreLink.href;
+ });
+ ok(href.endsWith("security-error"), "security-error in the Learn More URL");
+
+ yield BrowserTestUtils.removeTab(gBrowser.selectedTab);
+});
+
+function waitForCertErrorLoad(browser) {
+ return new Promise(resolve => {
+ info("Waiting for DOMContentLoaded event");
+ browser.addEventListener("DOMContentLoaded", function load() {
+ browser.removeEventListener("DOMContentLoaded", load, false, true);
+ resolve();
+ }, false, true);
+ });
+}
+
+function getCertChain(securityInfoAsString) {
+ let certChain = "";
+ const serhelper = Cc["@mozilla.org/network/serialization-helper;1"]
+ .getService(Ci.nsISerializationHelper);
+ let securityInfo = serhelper.deserializeObject(securityInfoAsString);
+ securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+ let certs = securityInfo.failedCertChain.getEnumerator();
+ while (certs.hasMoreElements()) {
+ let cert = certs.getNext();
+ cert.QueryInterface(Ci.nsIX509Cert);
+ certChain += getPEMString(cert);
+ }
+ return certChain;
+}
+
+function getDERString(cert)
+{
+ var length = {};
+ var derArray = cert.getRawDER(length);
+ var derString = '';
+ for (var i = 0; i < derArray.length; i++) {
+ derString += String.fromCharCode(derArray[i]);
+ }
+ return derString;
+}
+
+function getPEMString(cert)
+{
+ var derb64 = btoa(getDERString(cert));
+ // Wrap the Base64 string into lines of 64 characters,
+ // with CRLF line breaks (as specified in RFC 1421).
+ var wrapped = derb64.replace(/(\S{64}(?!$))/g, "$1\r\n");
+ return "-----BEGIN CERTIFICATE-----\r\n"
+ + wrapped
+ + "\r\n-----END CERTIFICATE-----\r\n";
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 00:27:29 +0000