tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_bad_cert.html (2588B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <!--
      4 https://bugzilla.mozilla.org/show_bug.cgi?id=1719309
      5 Test that bad cert sites won't get upgraded by https-first
      6 -->
      7 
      8 <head>
      9  <title>HTTPS-FirstMode - Bad Certificates</title>
     10  <script src="/tests/SimpleTest/SimpleTest.js"></script>
     11  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
     12 </head>
     13 
     14 <body>
     15  <h1>HTTPS-First Mode</h1>
     16  <p>Test: Downgrade bad certificates without warning page </p>
     17  <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1706351">Bug 1719309</a>
     18 
     19  <script class="testbody" type="text/javascript">
     20  "use strict";
     21  /*
     22   * We perform the following tests:
     23   * 1. Request nocert.example.com which is a site without a certificate
     24   * 2. Request a site with self-signed cert (self-signed.example.com)
     25   * 3. Request a site with an untrusted cert (untrusted.example.com)
     26   * 4. Request a site with an expired cert
     27   * 5. Request a site with an untrusted and expired cert
     28   * 6. Request a site with no subject alternative dns name matching
     29   *
     30   * Expected result: Https-first tries to upgrade each request. Receives for each one an SSL_ERROR_*
     31   * and downgrades back to http.
     32   */
     33  const badCertificates = ["nocert","self-signed", "untrusted","expired","untrusted-expired", "no-subject-alt-name"];
     34  let currentTest = 0;
     35  let testWin;
     36  window.addEventListener("message", receiveMessage);
     37 
     38  // Receive message and verify that it is from an http site.
     39  // Verify that we got the correct message and an http scheme
     40  async function receiveMessage(event) {
     41    let data = event.data;
     42    let currentBadCert = badCertificates[currentTest];
     43    ok(data.result === "downgraded", "Downgraded request " + currentBadCert);
     44    ok(data.scheme === "http:", "Received 'http' for " + currentBadCert);
     45    testWin.close();
     46    await SpecialPowers.removePermission(
     47      "https-only-load-insecure",
     48      `http://${currentBadCert}.example.com`
     49    );
     50    if (++currentTest < badCertificates.length) {
     51      startTest();
     52      return;
     53    }
     54    window.removeEventListener("message", receiveMessage);
     55    SimpleTest.finish();
     56  }
     57 
     58  async function startTest() {
     59    const currentCode = badCertificates[currentTest];
     60    // make a request to a subdomain of example.com with a bad certificate
     61    testWin = window.open(`http://${currentCode}.example.com/tests/dom/security/test/https-first/file_bad_cert.sjs`);
     62  }
     63 
     64  // Set preference and start test
     65  SpecialPowers.pushPrefEnv({ set: [
     66    ["dom.security.https_first", true],
     67  ]}, startTest);
     68  SimpleTest.waitForExplicitFinish();
     69  </script>
     70 </body>
     71 </html>