tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_client_cert.js (2446B)

      1 /* Any copyright is dedicated to the Public Domain.
      2   https://creativecommons.org/publicdomain/zero/1.0/ */
      3 
      4 "use strict";
      5 
      6 // Test that HTTPS-Only/-First doesn't downgrade the current load on its
      7 // background timer if the load is blocked by the client certificate dialog (Bug
      8 // 1968527).
      9 
     10 function runTest() {
     11  return BrowserTestUtils.withNewTab("about:blank", async function (browser) {
     12    const certDialogPromise = new Promise(resolve =>
     13      Services.obs.addObserver(resolve, "cert-dialog-loaded")
     14    );
     15 
     16    BrowserTestUtils.startLoadingURIString(
     17      browser,
     18      // eslint-disable-next-line @microsoft/sdl/no-insecure-url
     19      "http://requireclientcert.example.com"
     20    );
     21 
     22    const certDialog = await certDialogPromise;
     23 
     24    is(certDialog.checkVisibility(), true, "Client cert dialog should be open");
     25 
     26    is(browser.currentURI.displaySpec, "about:blank", "Page should be loading");
     27 
     28    await new Promise(resolve => {
     29      // The expected behavior is to have no downgrade happen and have the load
     30      // continue indefinetely waiting for user input. There is no event we can
     31      // listen to to test this, so we will have to do this with a timeout
     32      // instead.
     33      // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
     34      setTimeout(resolve, 500);
     35    });
     36 
     37    is(
     38      certDialog.checkVisibility(),
     39      true,
     40      "Client cert dialog should still be open after 500ms"
     41    );
     42 
     43    is(
     44      browser.currentURI.displaySpec,
     45      "about:blank",
     46      "Page should still be loading after 500ms"
     47    );
     48  });
     49 }
     50 
     51 add_setup(async function () {
     52  await SpecialPowers.pushPrefEnv({
     53    set: [
     54      ["security.default_personal_cert", "Ask Every Time"],
     55      // (Almost) instantly perform the downgrade
     56      ["dom.security.https_only_fire_http_request_background_timer_ms", 100],
     57    ],
     58  });
     59 });
     60 
     61 describe("Client certificate", function () {
     62  afterEach(async function () {
     63    // Forget about requireclientcert.example.com again
     64    await new Promise(resolve =>
     65      Services.clearData.deleteDataFromHost(
     66        "requireclientcert.example.com",
     67        false,
     68        Services.clearData.CLEAR_CLIENT_AUTH_REMEMBER_SERVICE,
     69        resolve
     70      )
     71    );
     72  });
     73 
     74  it("HTTPS-First", async function () {
     75    await runTest();
     76  });
     77 
     78  it("HTTPS-Only", async function () {
     79    await SpecialPowers.pushPrefEnv({
     80      set: [["dom.security.https_only_mode", true]],
     81    });
     82 
     83    await runTest();
     84  });
     85 });