browser_navigation_failures.js (5192B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* Any copyright is dedicated to the Public Domain. 4 * http://creativecommons.org/publicdomain/zero/1.0/ */ 5 6 // Tests that the site identity indicator is properly updated for navigations 7 // that fail for various reasons. In particular, we currently test TLS handshake 8 // failures, about: pages that don't actually exist, and situations where the 9 // TLS handshake completes but the server then closes the connection. 10 // See bug 1492424, bug 1493427, and bug 1391207. 11 12 const kSecureURI = 13 getRootDirectory(gTestPath).replace( 14 "chrome://mochitests/content", 15 "https://example.com" 16 ) + "dummy_page.html"; 17 add_task(async function () { 18 await BrowserTestUtils.withNewTab(kSecureURI, async browser => { 19 let identityMode = window.document.getElementById("identity-box").className; 20 is(identityMode, "verifiedDomain", "identity should be secure before"); 21 22 const TLS_HANDSHAKE_FAILURE_URI = "https://ssl3.example.com/"; 23 // Try to connect to a server where the TLS handshake will fail. 24 BrowserTestUtils.startLoadingURIString(browser, TLS_HANDSHAKE_FAILURE_URI); 25 await BrowserTestUtils.browserLoaded( 26 browser, 27 false, 28 TLS_HANDSHAKE_FAILURE_URI, 29 true 30 ); 31 32 let newIdentityMode = 33 window.document.getElementById("identity-box").className; 34 is( 35 newIdentityMode, 36 "certErrorPage notSecureText", 37 "identity should be unknown (not secure) after" 38 ); 39 }); 40 }); 41 42 add_task(async function () { 43 await BrowserTestUtils.withNewTab(kSecureURI, async browser => { 44 let identityMode = window.document.getElementById("identity-box").className; 45 is(identityMode, "verifiedDomain", "identity should be secure before"); 46 47 const BAD_ABOUT_PAGE_URI = "about:somethingthatdoesnotexist"; 48 // Try to load an about: page that doesn't exist 49 BrowserTestUtils.startLoadingURIString(browser, BAD_ABOUT_PAGE_URI); 50 await BrowserTestUtils.browserLoaded( 51 browser, 52 false, 53 BAD_ABOUT_PAGE_URI, 54 true 55 ); 56 57 let newIdentityMode = 58 window.document.getElementById("identity-box").className; 59 is( 60 newIdentityMode, 61 "unknownIdentity", 62 "identity should be unknown (not secure) after" 63 ); 64 }); 65 }); 66 67 // Helper function to start a TLS server that will accept a connection, complete 68 // the TLS handshake, but then close the connection. 69 function startServer(cert) { 70 let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance( 71 Ci.nsITLSServerSocket 72 ); 73 tlsServer.init(-1, true, -1); 74 tlsServer.serverCert = cert; 75 76 let input, output; 77 78 let listener = { 79 onSocketAccepted(socket, transport) { 80 let connectionInfo = transport.securityCallbacks.getInterface( 81 Ci.nsITLSServerConnectionInfo 82 ); 83 connectionInfo.setSecurityObserver(listener); 84 input = transport.openInputStream(0, 0, 0); 85 output = transport.openOutputStream(0, 0, 0); 86 }, 87 88 onHandshakeDone() { 89 input.asyncWait( 90 { 91 onInputStreamReady() { 92 try { 93 input.close(); 94 output.close(); 95 } catch (e) { 96 info(e); 97 } 98 }, 99 }, 100 0, 101 0, 102 Services.tm.currentThread 103 ); 104 }, 105 106 onStopListening() {}, 107 }; 108 109 tlsServer.setSessionTickets(false); 110 tlsServer.asyncListen(listener); 111 112 return tlsServer; 113 } 114 115 // Test that if we complete a TLS handshake but the server closes the connection 116 // just after doing so (resulting in a "connection reset" error page), the site 117 // identity information gets updated appropriately (it should indicate "not 118 // secure"). 119 add_task(async function () { 120 await SpecialPowers.pushPrefEnv({ 121 // This test fails on some platforms if we leave IPv6 enabled. 122 set: [["network.dns.disableIPv6", true]], 123 }); 124 125 let certOverrideService = Cc[ 126 "@mozilla.org/security/certoverride;1" 127 ].getService(Ci.nsICertOverrideService); 128 129 let cert = getTestServerCertificate(); 130 // Start a server and trust its certificate. 131 let server = startServer(cert); 132 certOverrideService.rememberValidityOverride( 133 "localhost", 134 server.port, 135 {}, 136 cert, 137 true 138 ); 139 140 // Un-do configuration changes we've made when the test is done. 141 registerCleanupFunction(() => { 142 certOverrideService.clearValidityOverride("localhost", server.port, {}); 143 server.close(); 144 }); 145 146 // Open up a new tab... 147 await BrowserTestUtils.withNewTab("about:blank", async browser => { 148 const TLS_HANDSHAKE_FAILURE_URI = `https://localhost:${server.port}/`; 149 // Try to connect to a server where the TLS handshake will succeed, but then 150 // the server closes the connection right after. 151 BrowserTestUtils.startLoadingURIString(browser, TLS_HANDSHAKE_FAILURE_URI); 152 await BrowserTestUtils.browserLoaded( 153 browser, 154 false, 155 TLS_HANDSHAKE_FAILURE_URI, 156 true 157 ); 158 159 let identityMode = window.document.getElementById("identity-box").className; 160 is( 161 identityMode, 162 "certErrorPage notSecureText", 163 "identity should be 'unknown'" 164 ); 165 }); 166 });