nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/browser/base/content/test/siteIdentity/browser_navigation_failures.js

178 lines
5.5 KiB
JavaScript
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/ */
// Tests that the site identity indicator is properly updated for navigations
// that fail for various reasons. In particular, we currently test TLS handshake
// failures, about: pages that don't actually exist, and situations where the
// TLS handshake completes but the server then closes the connection.
// See bug 1492424, bug 1493427, and bug 1391207.
const kSecureURI =
getRootDirectory(gTestPath).replace(
"chrome://mochitests/content",
"https://example.com"
) + "dummy_page.html";
add_task(async function() {
await BrowserTestUtils.withNewTab(kSecureURI, async browser => {
let identityMode = window.document.getElementById("identity-box").className;
is(identityMode, "verifiedDomain", "identity should be secure before");
const TLS_HANDSHAKE_FAILURE_URI = "https://ssl3.example.com/";
// Try to connect to a server where the TLS handshake will fail.
BrowserTestUtils.loadURI(browser, TLS_HANDSHAKE_FAILURE_URI);
await BrowserTestUtils.browserLoaded(
browser,
false,
TLS_HANDSHAKE_FAILURE_URI,
true
);
let newIdentityMode = window.document.getElementById("identity-box")
.className;
is(
newIdentityMode,
"unknownIdentity",
"identity should be unknown (not secure) after"
);
});
});
add_task(async function() {
await BrowserTestUtils.withNewTab(kSecureURI, async browser => {
let identityMode = window.document.getElementById("identity-box").className;
is(identityMode, "verifiedDomain", "identity should be secure before");
const BAD_ABOUT_PAGE_URI = "about:somethingthatdoesnotexist";
// Try to load an about: page that doesn't exist
BrowserTestUtils.loadURI(browser, BAD_ABOUT_PAGE_URI);
await BrowserTestUtils.browserLoaded(
browser,
false,
BAD_ABOUT_PAGE_URI,
true
);
let newIdentityMode = window.document.getElementById("identity-box")
.className;
is(
newIdentityMode,
"unknownIdentity",
"identity should be unknown (not secure) after"
);
});
});
// Helper function to start a TLS server that will accept a connection, complete
// the TLS handshake, but then close the connection.
function startServer(cert) {
let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
Ci.nsITLSServerSocket
);
tlsServer.init(-1, true, -1);
tlsServer.serverCert = cert;
let input, output;
let listener = {
onSocketAccepted(socket, transport) {
let connectionInfo = transport.securityInfo.QueryInterface(
Ci.nsITLSServerConnectionInfo
);
connectionInfo.setSecurityObserver(listener);
input = transport.openInputStream(0, 0, 0);
output = transport.openOutputStream(0, 0, 0);
},
onHandshakeDone(socket, status) {
input.asyncWait(
{
onInputStreamReady(readyInput) {
try {
input.close();
output.close();
} catch (e) {
info(e);
}
},
},
0,
0,
Services.tm.currentThread
);
},
onStopListening() {},
};
tlsServer.setSessionTickets(false);
tlsServer.asyncListen(listener);
return tlsServer;
}
// Test that if we complete a TLS handshake but the server closes the connection
// just after doing so (resulting in a "connection reset" error page), the site
// identity information gets updated appropriately (it should indicate "not
// secure").
add_task(async function() {
await SpecialPowers.pushPrefEnv({
// This test fails on some platforms if we leave IPv6 enabled.
set: [["network.dns.disableIPv6", true]],
});
let certService = Cc["@mozilla.org/security/local-cert-service;1"].getService(
Ci.nsILocalCertService
);
let certOverrideService = Cc[
"@mozilla.org/security/certoverride;1"
].getService(Ci.nsICertOverrideService);
let cert = await new Promise((resolve, reject) => {
certService.getOrCreateCert("broken-tls-server", {
handleCert(c, rv) {
if (!Components.isSuccessCode(rv)) {
reject(rv);
return;
}
resolve(c);
},
});
});
// Start a server and trust its certificate.
let server = startServer(cert);
let overrideBits =
Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH;
certOverrideService.rememberValidityOverride(
"localhost",
server.port,
{},
cert,
overrideBits,
true
);
// Un-do configuration changes we've made when the test is done.
registerCleanupFunction(() => {
certOverrideService.clearValidityOverride("localhost", server.port, {});
server.close();
});
// Open up a new tab...
await BrowserTestUtils.withNewTab("about:blank", async browser => {
const TLS_HANDSHAKE_FAILURE_URI = `https://localhost:${server.port}/`;
// Try to connect to a server where the TLS handshake will succeed, but then
// the server closes the connection right after.
BrowserTestUtils.loadURI(browser, TLS_HANDSHAKE_FAILURE_URI);
await BrowserTestUtils.browserLoaded(
browser,
false,
TLS_HANDSHAKE_FAILURE_URI,
true
);
let identityMode = window.document.getElementById("identity-box").className;
is(identityMode, "unknownIdentity", "identity should be 'unknown'");
});
});
View git blame Copy permalink