browser_aboutCertError_exception.js (15816B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 const BAD_CERT = "https://expired.example.com/"; 7 const BAD_STS_CERT = 8 "https://badchain.include-subdomains.pinning.example.com:443"; 9 const PREF_PERMANENT_OVERRIDE = "security.certerrors.permanentOverride"; 10 11 // Security CertError Felt Privacy set to false 12 add_task(async function checkExceptionDialogButton_feltPrivacyToFalse() { 13 await setSecurityCertErrorsFeltPrivacyToFalse(); 14 info( 15 "Loading a bad cert page and making sure the exceptionDialogButton directly adds an exception" 16 ); 17 let tab = await openErrorPage(BAD_CERT); 18 let browser = tab.linkedBrowser; 19 let loaded = BrowserTestUtils.browserLoaded(browser, false, BAD_CERT); 20 info("Clicking the exceptionDialogButton in advanced panel"); 21 await SpecialPowers.spawn(browser, [], async function () { 22 let doc = content.document; 23 let exceptionButton = doc.getElementById("exceptionDialogButton"); 24 exceptionButton.click(); 25 }); 26 27 info("Loading the url after adding exception"); 28 await loaded; 29 30 await SpecialPowers.spawn(browser, [], async function () { 31 let doc = content.document; 32 ok( 33 !doc.documentURI.startsWith("about:certerror"), 34 "Exception has been added" 35 ); 36 }); 37 38 let certOverrideService = Cc[ 39 "@mozilla.org/security/certoverride;1" 40 ].getService(Ci.nsICertOverrideService); 41 certOverrideService.clearValidityOverride("expired.example.com", -1, {}); 42 BrowserTestUtils.removeTab(gBrowser.selectedTab); 43 await SpecialPowers.popPrefEnv(); 44 }); 45 46 add_task(async function checkPermanentExceptionPref_feltPrivacyToFalse() { 47 await setSecurityCertErrorsFeltPrivacyToFalse(); 48 info( 49 "Loading a bad cert page and making sure the permanent state of exceptions can be controlled via pref" 50 ); 51 52 for (let permanentOverride of [false, true]) { 53 await SpecialPowers.pushPrefEnv({ 54 set: [[PREF_PERMANENT_OVERRIDE, permanentOverride]], 55 }); 56 57 let tab = await openErrorPage(BAD_CERT); 58 let browser = tab.linkedBrowser; 59 let loaded = BrowserTestUtils.browserLoaded(browser, false, BAD_CERT); 60 info("Clicking the exceptionDialogButton in advanced panel"); 61 let serverCertBytes = await SpecialPowers.spawn( 62 browser, 63 [], 64 async function () { 65 let doc = content.document; 66 let exceptionButton = doc.getElementById("exceptionDialogButton"); 67 exceptionButton.click(); 68 return content.docShell.failedChannel.securityInfo.serverCert.getRawDER(); 69 } 70 ); 71 72 info("Loading the url after adding exception"); 73 await loaded; 74 75 await SpecialPowers.spawn(browser, [], async function () { 76 let doc = content.document; 77 ok( 78 !doc.documentURI.startsWith("about:certerror"), 79 "Exception has been added" 80 ); 81 }); 82 83 let certOverrideService = Cc[ 84 "@mozilla.org/security/certoverride;1" 85 ].getService(Ci.nsICertOverrideService); 86 87 let isTemporary = {}; 88 let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( 89 Ci.nsIX509CertDB 90 ); 91 let cert = certdb.constructX509(serverCertBytes); 92 let hasException = certOverrideService.hasMatchingOverride( 93 "expired.example.com", 94 -1, 95 {}, 96 cert, 97 isTemporary 98 ); 99 ok(hasException, "Has stored an exception for the page."); 100 is( 101 isTemporary.value, 102 !permanentOverride, 103 `Has stored a ${ 104 permanentOverride ? "permanent" : "temporary" 105 } exception for the page.` 106 ); 107 108 certOverrideService.clearValidityOverride("expired.example.com", -1, {}); 109 BrowserTestUtils.removeTab(gBrowser.selectedTab); 110 } 111 112 await SpecialPowers.flushPrefEnv(); 113 }); 114 115 add_task(async function checkBadStsCert_feltPrivacyToFalse() { 116 await setSecurityCertErrorsFeltPrivacyToFalse(); 117 info("Loading a badStsCert and making sure exception button doesn't show up"); 118 119 for (let useFrame of [false]) { 120 let tab = await openErrorPage(BAD_STS_CERT, useFrame); 121 let browser = tab.linkedBrowser; 122 123 await SpecialPowers.spawn( 124 browser, 125 [{ frame: useFrame }], 126 async function ({ frame }) { 127 let doc = frame 128 ? content.document.querySelector("iframe").contentDocument 129 : content.document; 130 let exceptionButton = doc.getElementById("exceptionDialogButton"); 131 ok( 132 ContentTaskUtils.isHidden(exceptionButton), 133 "Exception button is hidden." 134 ); 135 } 136 ); 137 138 let message = await SpecialPowers.spawn( 139 browser, 140 [{ frame: useFrame }], 141 async function ({ frame }) { 142 let doc = frame 143 ? content.document.querySelector("iframe").contentDocument 144 : content.document; 145 let advancedButton = doc.getElementById("advancedButton"); 146 advancedButton.click(); 147 148 // aboutNetError.mjs is using async localization to format several 149 // messages and in result the translation may be applied later. 150 // We want to return the textContent of the element only after 151 // the translation completes, so let's wait for it here. 152 let elements = [doc.getElementById("badCertTechnicalInfo")]; 153 await ContentTaskUtils.waitForCondition(() => { 154 return elements.every(elem => !!elem.textContent.trim().length); 155 }); 156 157 return doc.getElementById("badCertTechnicalInfo").textContent; 158 } 159 ); 160 ok( 161 message.includes("SSL_ERROR_BAD_CERT_DOMAIN"), 162 "Didn't find SSL_ERROR_BAD_CERT_DOMAIN." 163 ); 164 ok( 165 message.includes("The certificate is only valid for"), 166 "Didn't find error message." 167 ); 168 ok( 169 message.includes("a certificate that is not valid for"), 170 "Didn't find error message." 171 ); 172 ok( 173 message.includes("badchain.include-subdomains.pinning.example.com"), 174 "Didn't find domain in error message." 175 ); 176 177 BrowserTestUtils.removeTab(gBrowser.selectedTab); 178 } 179 await SpecialPowers.popPrefEnv(); 180 }); 181 182 add_task( 183 async function checkhideAddExceptionButtonViaPref_feltPrivacyToFalse() { 184 info( 185 "Loading a bad cert page and verifying the pref security.certerror.hideAddException" 186 ); 187 await SpecialPowers.pushPrefEnv({ 188 set: [ 189 ["security.certerror.hideAddException", true], 190 ["security.certerrors.felt-privacy-v1", false], 191 ], 192 }); 193 194 for (let useFrame of [false, true]) { 195 let tab = await openErrorPage(BAD_CERT, useFrame); 196 let browser = tab.linkedBrowser; 197 198 await SpecialPowers.spawn( 199 browser, 200 [{ frame: useFrame }], 201 async function ({ frame }) { 202 let doc = frame 203 ? content.document.querySelector("iframe").contentDocument 204 : content.document; 205 206 let exceptionButton = doc.getElementById("exceptionDialogButton"); 207 ok( 208 ContentTaskUtils.isHidden(exceptionButton), 209 "Exception button is hidden." 210 ); 211 } 212 ); 213 214 BrowserTestUtils.removeTab(gBrowser.selectedTab); 215 } 216 217 await SpecialPowers.flushPrefEnv(); 218 } 219 ); 220 221 add_task( 222 async function checkhideAddExceptionButtonInFrames_feltPrivacyToFalse() { 223 await setSecurityCertErrorsFeltPrivacyToFalse(); 224 info("Loading a bad cert page in a frame and verifying it's hidden."); 225 let tab = await openErrorPage(BAD_CERT, true); 226 let browser = tab.linkedBrowser; 227 228 await SpecialPowers.spawn(browser, [], async function () { 229 let doc = content.document.querySelector("iframe").contentDocument; 230 let exceptionButton = doc.getElementById("exceptionDialogButton"); 231 ok( 232 ContentTaskUtils.isHidden(exceptionButton), 233 "Exception button is hidden." 234 ); 235 }); 236 237 BrowserTestUtils.removeTab(gBrowser.selectedTab); 238 await SpecialPowers.popPrefEnv(); 239 } 240 ); 241 242 // Security CertError Felt Privacy set to true 243 add_task(async function checkExceptionDialogButton_feltPrivacyToTrue() { 244 await setSecurityCertErrorsFeltPrivacyToTrue(); 245 info( 246 "Loading a bad cert page and making sure the exceptionDialogButton directly adds an exception" 247 ); 248 let tab = await openErrorPage(BAD_CERT); 249 let browser = tab.linkedBrowser; 250 let loaded = BrowserTestUtils.browserLoaded(browser, false, BAD_CERT); 251 info("Clicking the exceptionDialogButton in advanced panel"); 252 await SpecialPowers.spawn(browser, [], async function () { 253 const netErrorCard = 254 content.document.querySelector("net-error-card").wrappedJSObject; 255 await netErrorCard.getUpdateComplete(); 256 257 // Perform user button click interaction 258 netErrorCard.advancedButton.scrollIntoView(true); 259 EventUtils.synthesizeMouseAtCenter( 260 netErrorCard.advancedButton, 261 {}, 262 content 263 ); 264 await ContentTaskUtils.waitForCondition( 265 () => 266 netErrorCard.exceptionButton && !netErrorCard.exceptionButton.disabled, 267 "Wait for the exception button to be created." 268 ); 269 270 info("Clicking the Proceed Risky button in advanced panel"); 271 netErrorCard.exceptionButton.scrollIntoView(true); 272 EventUtils.synthesizeMouseAtCenter( 273 netErrorCard.exceptionButton, 274 {}, 275 content 276 ); 277 }); 278 279 info("Loading the url after adding exception"); 280 await loaded; 281 282 await SpecialPowers.spawn(browser, [], async function () { 283 let doc = content.document; 284 Assert.ok( 285 !doc.documentURI.startsWith("about:certerror"), 286 "Exception has been added" 287 ); 288 }); 289 290 let certOverrideService = Cc[ 291 "@mozilla.org/security/certoverride;1" 292 ].getService(Ci.nsICertOverrideService); 293 certOverrideService.clearValidityOverride("expired.example.com", -1, {}); 294 BrowserTestUtils.removeTab(gBrowser.selectedTab); 295 await SpecialPowers.popPrefEnv(); 296 }); 297 298 add_task(async function checkPermanentExceptionPref_feltPrivacyToTrue() { 299 info( 300 "Loading a bad cert page and making sure the permanent state of exceptions can be controlled via pref" 301 ); 302 303 for (let permanentOverride of [false, true]) { 304 await SpecialPowers.pushPrefEnv({ 305 set: [ 306 [PREF_PERMANENT_OVERRIDE, permanentOverride], 307 ["security.certerrors.felt-privacy-v1", true], 308 ], 309 }); 310 311 let tab = await openErrorPage(BAD_CERT); 312 let browser = tab.linkedBrowser; 313 let loaded = BrowserTestUtils.browserLoaded(browser, false, BAD_CERT); 314 info("Clicking the exceptionDialogButton in advanced panel"); 315 let serverCertBytes = await SpecialPowers.spawn( 316 browser, 317 [], 318 async function () { 319 const netErrorCard = 320 content.document.querySelector("net-error-card").wrappedJSObject; 321 await netErrorCard.getUpdateComplete(); 322 323 // Perform user button click interaction 324 netErrorCard.advancedButton.scrollIntoView(true); 325 EventUtils.synthesizeMouseAtCenter( 326 netErrorCard.advancedButton, 327 {}, 328 content 329 ); 330 await ContentTaskUtils.waitForCondition( 331 () => 332 netErrorCard.exceptionButton && 333 !netErrorCard.exceptionButton.disabled, 334 "Wait for the exception button to be created." 335 ); 336 337 info("Clicking the Proceed Risky button in advanced panel"); 338 netErrorCard.exceptionButton.scrollIntoView(true); 339 EventUtils.synthesizeMouseAtCenter( 340 netErrorCard.exceptionButton, 341 {}, 342 content 343 ); 344 return content.docShell.failedChannel.securityInfo.serverCert.getRawDER(); 345 } 346 ); 347 348 info("Loading the url after adding exception"); 349 await loaded; 350 351 await SpecialPowers.spawn(browser, [], async function () { 352 let doc = content.document; 353 Assert.ok( 354 !doc.documentURI.startsWith("about:certerror"), 355 "Exception has been added" 356 ); 357 }); 358 359 let certOverrideService = Cc[ 360 "@mozilla.org/security/certoverride;1" 361 ].getService(Ci.nsICertOverrideService); 362 363 let isTemporary = {}; 364 let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( 365 Ci.nsIX509CertDB 366 ); 367 let cert = certdb.constructX509(serverCertBytes); 368 let hasException = certOverrideService.hasMatchingOverride( 369 "expired.example.com", 370 -1, 371 {}, 372 cert, 373 isTemporary 374 ); 375 Assert.ok(hasException, "Has stored an exception for the page."); 376 Assert.equal( 377 isTemporary.value, 378 !permanentOverride, 379 `Has stored a ${ 380 permanentOverride ? "permanent" : "temporary" 381 } exception for the page.` 382 ); 383 384 certOverrideService.clearValidityOverride("expired.example.com", -1, {}); 385 BrowserTestUtils.removeTab(gBrowser.selectedTab); 386 } 387 await SpecialPowers.flushPrefEnv(); 388 }); 389 390 add_task(async function checkBadStsCert_feltPrivacyToTrue() { 391 await setSecurityCertErrorsFeltPrivacyToTrue(); 392 info("Loading a badStsCert and making sure exception button doesn't show up"); 393 394 for (let useFrame of [false, true]) { 395 let tab = await openErrorPage(BAD_STS_CERT, useFrame); 396 let browser = tab.linkedBrowser; 397 398 await SpecialPowers.spawn( 399 browser, 400 [{ frame: useFrame }], 401 async function ({ frame }) { 402 let doc = frame 403 ? content.document.querySelector("iframe").contentDocument 404 : content.document; 405 406 const netErrorCard = 407 doc.querySelector("net-error-card").wrappedJSObject; 408 await netErrorCard.getUpdateComplete(); 409 410 // Perform user button click interaction to load exception button 411 netErrorCard.advancedButton.click(); 412 413 Assert.ok( 414 !netErrorCard.exceptionButton, 415 "The exception button is not found in DOM." 416 ); 417 } 418 ); 419 420 BrowserTestUtils.removeTab(gBrowser.selectedTab); 421 } 422 await SpecialPowers.popPrefEnv(); 423 }); 424 425 add_task(async function checkhideAddExceptionButtonViaPref_feltPrivacyToTrue() { 426 info( 427 "Loading a bad cert page and verifying the pref security.certerror.hideAddException" 428 ); 429 430 await SpecialPowers.pushPrefEnv({ 431 set: [ 432 ["security.certerror.hideAddException", true], 433 ["security.certerrors.felt-privacy-v1", true], 434 ], 435 }); 436 437 for (let useFrame of [false, true]) { 438 let tab = await openErrorPage(BAD_CERT, useFrame); 439 let browser = tab.linkedBrowser; 440 441 await SpecialPowers.spawn( 442 browser, 443 [{ frame: useFrame }], 444 async function ({ frame }) { 445 let doc = frame 446 ? content.document.querySelector("iframe").contentDocument 447 : content.document; 448 449 const netErrorCard = 450 doc.querySelector("net-error-card").wrappedJSObject; 451 await netErrorCard.getUpdateComplete(); 452 453 // Perform user button click interaction to load exception button 454 netErrorCard.advancedButton.click(); 455 456 Assert.ok( 457 !netErrorCard.exceptionButton, 458 "The exception button is not found in DOM." 459 ); 460 } 461 ); 462 463 BrowserTestUtils.removeTab(gBrowser.selectedTab); 464 } 465 await SpecialPowers.flushPrefEnv(); 466 }); 467 468 add_task( 469 async function checkhideAddExceptionButtonInFrames_feltPrivacyToTrue() { 470 await setSecurityCertErrorsFeltPrivacyToTrue(); 471 info("Loading a bad cert page in a frame and verifying it's hidden."); 472 let tab = await openErrorPage(BAD_CERT, true); 473 let browser = tab.linkedBrowser; 474 475 await SpecialPowers.spawn(browser, [], async function () { 476 let doc = content.document.querySelector("iframe").contentDocument; 477 const netErrorCard = doc.querySelector("net-error-card").wrappedJSObject; 478 await netErrorCard.getUpdateComplete(); 479 480 // Perform user button click interaction to load exception button 481 netErrorCard.advancedButton.click(); 482 483 Assert.ok( 484 !netErrorCard.exceptionButton, 485 "The exception button is not found in DOM." 486 ); 487 }); 488 489 BrowserTestUtils.removeTab(gBrowser.selectedTab); 490 await SpecialPowers.popPrefEnv(); 491 } 492 );