tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_badCertDomainFixup.js (4675B)

      1 /* Any copyright is dedicated to the Public Domain.
      2 * http://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 // This test checks if we are correctly fixing https URLs by prefixing
      7 // with www. when we encounter a SSL_ERROR_BAD_CERT_DOMAIN error.
      8 // For example, https://example.com -> https://www.example.com.
      9 
     10 async function verifyErrorPage(errorPageURL, feltPrivacy = false) {
     11  let certErrorLoaded = BrowserTestUtils.waitForErrorPage(
     12    gBrowser.selectedBrowser
     13  );
     14  BrowserTestUtils.startLoadingURIString(gBrowser, errorPageURL);
     15  await certErrorLoaded;
     16 
     17  await SpecialPowers.spawn(
     18    gBrowser.selectedBrowser,
     19    [feltPrivacy],
     20    async isFeltPrivacy => {
     21      let ec;
     22      if (isFeltPrivacy) {
     23        let netErrorCard =
     24          content.document.querySelector("net-error-card").wrappedJSObject;
     25        await netErrorCard.getUpdateComplete();
     26        netErrorCard.advancedButton.click();
     27        await ContentTaskUtils.waitForCondition(() => {
     28          return (ec = netErrorCard.errorCode);
     29        }, "Error code has been set inside the net-error-card advanced panel");
     30 
     31        is(
     32          ec.textContent.split(" ").at(-1),
     33          "SSL_ERROR_BAD_CERT_DOMAIN",
     34          "Correct error code is shown"
     35        );
     36      } else {
     37        await ContentTaskUtils.waitForCondition(() => {
     38          ec = content.document.getElementById("errorCode");
     39          return ec.textContent;
     40        }, "Error code has been set inside the advanced button panel");
     41        is(
     42          ec.textContent,
     43          "SSL_ERROR_BAD_CERT_DOMAIN",
     44          "Correct error code is shown"
     45        );
     46      }
     47    }
     48  );
     49 }
     50 
     51 // Turn off the pref and ensure that we show the error page as expected.
     52 add_task(async function testNoFixupDisabledByPref() {
     53  for (let feltPrivacyEnabled of [true, false]) {
     54    await SpecialPowers.pushPrefEnv({
     55      set: [
     56        ["security.bad_cert_domain_error.url_fix_enabled", false],
     57        ["security.certerrors.felt-privacy-v1", feltPrivacyEnabled],
     58      ],
     59    });
     60    gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
     61 
     62    await verifyErrorPage(
     63      "https://badcertdomain.example.com",
     64      feltPrivacyEnabled
     65    );
     66    await verifyErrorPage(
     67      "https://www.badcertdomain2.example.com",
     68      feltPrivacyEnabled
     69    );
     70 
     71    BrowserTestUtils.removeTab(gBrowser.selectedTab);
     72    await SpecialPowers.popPrefEnv();
     73  }
     74 });
     75 
     76 // Test that "www." is prefixed to a https url when we encounter a bad cert domain
     77 // error if the "www." form is included in the certificate's subjectAltNames.
     78 add_task(async function testAddPrefixForBadCertDomain() {
     79  gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
     80  let loadSuccessful = BrowserTestUtils.browserLoaded(
     81    gBrowser.selectedBrowser,
     82    false,
     83    "https://www.badcertdomain.example.com/"
     84  );
     85  BrowserTestUtils.startLoadingURIString(
     86    gBrowser,
     87    "https://badcertdomain.example.com"
     88  );
     89  await loadSuccessful;
     90 
     91  BrowserTestUtils.removeTab(gBrowser.selectedTab);
     92 });
     93 
     94 // Test that we don't prefix "www." to a https url when we encounter a bad cert domain
     95 // error under certain conditions.
     96 add_task(async function testNoFixupCases() {
     97  for (let feltPrivacyEnabled of [true, false]) {
     98    await SpecialPowers.pushPrefEnv({
     99      set: [["security.certerrors.felt-privacy-v1", feltPrivacyEnabled]],
    100    });
    101    gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
    102 
    103    // Test for when "www." form is not present in the certificate.
    104    await verifyErrorPage(
    105      "https://mismatch.badcertdomain.example.com",
    106      feltPrivacyEnabled
    107    );
    108 
    109    // Test that urls with IP addresses are not fixed.
    110    await SpecialPowers.pushPrefEnv({
    111      set: [["network.proxy.allow_hijacking_localhost", true]],
    112    });
    113    await verifyErrorPage("https://127.0.0.3:433", feltPrivacyEnabled);
    114    await SpecialPowers.popPrefEnv();
    115 
    116    // Test that urls with ports are not fixed.
    117    await verifyErrorPage(
    118      "https://badcertdomain.example.com:82",
    119      feltPrivacyEnabled
    120    );
    121 
    122    BrowserTestUtils.removeTab(gBrowser.selectedTab);
    123 
    124    await SpecialPowers.popPrefEnv();
    125  }
    126 });
    127 
    128 // Test removing "www." prefix if the "www."-less form is included in the
    129 // certificate's subjectAltNames.
    130 add_task(async function testRemovePrefixForBadCertDomain() {
    131  gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser);
    132  let loadSuccessful = BrowserTestUtils.browserLoaded(
    133    gBrowser.selectedBrowser,
    134    false,
    135    "https://badcertdomain2.example.com/"
    136  );
    137  BrowserTestUtils.startLoadingURIString(
    138    gBrowser,
    139    "https://www.badcertdomain2.example.com"
    140  );
    141  await loadSuccessful;
    142 
    143  BrowserTestUtils.removeTab(gBrowser.selectedTab);
    144 });