test_client_auth_speculative_connection.js (3194B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 "use strict"; 5 6 ChromeUtils.defineESModuleGetters(this, { 7 setTimeout: "resource://gre/modules/Timer.sys.mjs", 8 }); 9 10 do_get_profile(); 11 12 var gPrompt = { 13 QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]), 14 15 // This intentionally does not use arrow function syntax to avoid an issue 16 // where in the context of the arrow function, |this != gPrompt| due to 17 // how objects get wrapped when going across xpcom boundaries. 18 alert(title, text) { 19 info(`alert('${title}','${text}')`); 20 ok(false, "not expecting alert() to be called"); 21 }, 22 23 promptPassword(dialogTitle, text, _password, _checkMsg) { 24 info(`promptPassword('${dialogTitle}', '${text}')`); 25 ok(false, "not expecting promptPassword() to be called"); 26 }, 27 }; 28 29 const gPromptFactory = { 30 QueryInterface: ChromeUtils.generateQI(["nsIPromptFactory"]), 31 getPrompt: () => gPrompt, 32 }; 33 34 function getTestClientCertificate() { 35 const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService( 36 Ci.nsIX509CertDB 37 ); 38 const certFile = do_get_file("test_certDB_import/encrypted_with_aes.p12"); 39 certDB.importPKCS12File(certFile, "password"); 40 for (const cert of certDB.getCerts()) { 41 if (cert.commonName == "John Doe") { 42 return cert; 43 } 44 } 45 return null; 46 } 47 48 function run_test() { 49 MockRegistrar.register("@mozilla.org/prompter;1", gPromptFactory); 50 51 // Set a primary password. 52 let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService( 53 Ci.nsIPK11TokenDB 54 ); 55 let token = tokenDB.getInternalKeyToken(); 56 token.initPassword("password"); 57 58 let clientAuthRememberService = Cc[ 59 "@mozilla.org/security/clientAuthRememberService;1" 60 ].getService(Ci.nsIClientAuthRememberService); 61 let cert = getTestClientCertificate(); 62 clientAuthRememberService.rememberDecisionScriptable( 63 "requireclientauth.example.com", 64 { partitionKey: "(https,example.com)" }, 65 cert, 66 Ci.nsIClientAuthRememberService.Session 67 ); 68 69 add_tls_server_setup("BadCertAndPinningServer", "bad_certs"); 70 add_test(function () { 71 token.logoutSimple(); 72 run_next_test(); 73 }); 74 Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6); 75 76 add_test(() => { 77 Services.prefs.setCharPref( 78 "network.dns.localDomains", 79 "requireclientauth.example.com" 80 ); 81 let uri = Services.io.newURI("https://requireclientauth.example.com:8443"); 82 let principal = Services.scriptSecurityManager.createContentPrincipal( 83 uri, 84 {} 85 ); 86 87 Services.io 88 .QueryInterface(Ci.nsISpeculativeConnect) 89 .speculativeConnect(uri, principal, null, false); 90 // This is not a robust way to test this, but it's hard to test that 91 // something *didn't* happen (the something being, the primary password 92 // prompt). In any case, if after 3 seconds the prompt hasn't happened, 93 // optimistically assume it won't and pass the test. 94 // eslint-disable-next-line mozilla/no-arbitrary-setTimeout 95 setTimeout(run_next_test, 3000); 96 }); 97 98 run_next_test(); 99 }