tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

browser_clientAuth_speculative_connection.js (3079B)

      1 /* eslint-disable mozilla/no-arbitrary-setTimeout */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 "use strict";
      7 
      8 // Tests that with speculative connections enabled, connections to servers that
      9 // request a client authentication certificate succeed (the specific bug that
     10 // was addressed with this patch involved navigation hanging because the
     11 // connection to the server couldn't make progress without asking for a client
     12 // authentication certificate, but it also wouldn't ask for a client
     13 // authentication certificate until the connection had been claimed, which
     14 // required that it make progress first).
     15 
     16 const { MockRegistrar } = ChromeUtils.importESModule(
     17  "resource://testing-common/MockRegistrar.sys.mjs"
     18 );
     19 
     20 const TEST_PATH = getRootDirectory(gTestPath).replace(
     21  "chrome://mochitests/content",
     22  "https://example.com"
     23 );
     24 
     25 let chooseCertificateCalled = false;
     26 
     27 const clientAuthDialogService = {
     28  chooseCertificate(hostname, certArray, loadContext, caNames, callback) {
     29    is(
     30      certArray.length,
     31      1,
     32      "should have only one client certificate available"
     33    );
     34    ok(
     35      !chooseCertificateCalled,
     36      "chooseCertificate should only be called once"
     37    );
     38    chooseCertificateCalled = true;
     39    callback.certificateChosen(certArray[0], false);
     40  },
     41 
     42  QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogService"]),
     43 };
     44 
     45 add_setup(async function () {
     46  await SpecialPowers.pushPrefEnv({
     47    set: [
     48      ["test.wait300msAfterTabSwitch", true],
     49      // Enable speculative connections.
     50      ["network.http.speculative-parallel-limit", 6],
     51      // Always ask to select a client authentication certificate.
     52      ["security.default_personal_cert", "Ask Every Time"],
     53    ],
     54  });
     55  let clientAuthDialogServiceCID = MockRegistrar.register(
     56    "@mozilla.org/security/ClientAuthDialogService;1",
     57    clientAuthDialogService
     58  );
     59  registerCleanupFunction(async function () {
     60    MockRegistrar.unregister(clientAuthDialogServiceCID);
     61  });
     62 });
     63 
     64 add_task(
     65  async function test_no_client_auth_selection_dialog_for_speculative_connections() {
     66    await BrowserTestUtils.withNewTab(
     67      `${TEST_PATH}browser_clientAuth_speculative_connection.html`,
     68      async browser => {
     69        // Click the link to navigate to a page that requests a client
     70        // authentication certificate. Necko will make a speculative
     71        // connection, but unfortunately there's no event or notification to
     72        // observe. This test ensures that the navigation succeeds and that a
     73        // client authentication certificate was requested.
     74        let loaded = BrowserTestUtils.browserLoaded(
     75          browser,
     76          false,
     77          "https://requireclientcert.example.com/"
     78        );
     79        await BrowserTestUtils.synthesizeMouseAtCenter("#link", {}, browser);
     80        await loaded;
     81        ok(chooseCertificateCalled, "chooseCertificate must have been called");
     82      }
     83    );
     84  }
     85 );