browser_installssl.js

mozilla-central/toolkit/mozapps/extensions/test/browser/browser_installssl.js (file symbol)

Enable keyboard shortcuts

Source code

File a bug in Toolkit :: Add-ons Manager

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

This test gets skipped with pattern: os == 'linux' && asan
Manifest: toolkit/mozapps/extensions/test/browser/browser.toml

/* Any copyright is dedicated to the Public Domain.

 * http://creativecommons.org/publicdomain/zero/1.0/

*/

const xpi = RELATIVE_DIR + "addons/browser_installssl.xpi";

const redirect = RELATIVE_DIR + "redirect.sjs?";

const SUCCESS = 0;

const NETWORK_FAILURE = AddonManager.ERROR_NETWORK_FAILURE;

const HTTP = "http://example.com/";

const HTTPS = "https://example.com/";

const NOCERT = "https://nocert.example.com/";

const SELFSIGNED = "https://self-signed.example.com/";

const UNTRUSTED = "https://untrusted.example.com/";

const EXPIRED = "https://expired.example.com/";

const PREF_INSTALL_REQUIREBUILTINCERTS =

  "extensions.install.requireBuiltInCerts";

var gTests = [];

var gStart = 0;

var gLast = 0;

var gPendingInstall = null;

function test() {

  gStart = Date.now();

  requestLongerTimeout(4);

  waitForExplicitFinish();

  registerCleanupFunction(function () {

    var cos = Cc["@mozilla.org/security/certoverride;1"].getService(

      Ci.nsICertOverrideService

);

    cos.clearValidityOverride("nocert.example.com", -1, {});

    cos.clearValidityOverride("self-signed.example.com", -1, {});

    cos.clearValidityOverride("untrusted.example.com", -1, {});

    cos.clearValidityOverride("expired.example.com", -1, {});

    if (gPendingInstall) {

      gTests = [];

ok(

        false,

        "Timed out in the middle of downloading " +

          gPendingInstall.sourceURI.spec

);

      try {

        gPendingInstall.cancel();

      } catch (e) {}

});

  run_next_test();

function end_test() {

  info("All tests completed in " + (Date.now() - gStart) + "ms");

  finish();

function add_install_test(mainURL, redirectURL, expectedStatus) {

  gTests.push([mainURL, redirectURL, expectedStatus]);

function run_install_tests(callback) {

  async function run_next_install_test() {

    if (!gTests.length) {

      callback();

      return;

    gLast = Date.now();

    let [mainURL, redirectURL, expectedStatus] = gTests.shift();

    if (redirectURL) {

      var url = mainURL + redirect + redirectURL + xpi;

      var message =

        "Should have seen the right result for an install redirected from " +

        mainURL +

        " to " +

        redirectURL;

    } else {

      url = mainURL + xpi;

      message =

        "Should have seen the right result for an install from " + mainURL;

    let install = await AddonManager.getInstallForURL(url);

    gPendingInstall = install;

    install.addListener({

      onDownloadEnded(install) {

        is(SUCCESS, expectedStatus, message);

        info("Install test ran in " + (Date.now() - gLast) + "ms");

        // Don't proceed with the install

        install.cancel();

        gPendingInstall = null;

        run_next_install_test();

        return false;

},

      onDownloadFailed(install) {

        is(install.error, expectedStatus, message);

        info("Install test ran in " + (Date.now() - gLast) + "ms");

        gPendingInstall = null;

        run_next_install_test();

},

});

    install.install();

  run_next_install_test();

// Runs tests with built-in certificates required, no certificate exceptions

// and no hashes

add_test(async function test_builtin_required() {

  await SpecialPowers.pushPrefEnv({

    set: [[PREF_INSTALL_REQUIREBUILTINCERTS, true]],

});

  // Tests that a simple install works as expected.

  add_install_test(HTTP, null, SUCCESS);

  add_install_test(HTTPS, null, NETWORK_FAILURE);

  add_install_test(NOCERT, null, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, null, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, null, NETWORK_FAILURE);

  add_install_test(EXPIRED, null, NETWORK_FAILURE);

  // Tests that redirecting from http to other servers works as expected

  add_install_test(HTTP, HTTP, SUCCESS);

  add_install_test(HTTP, HTTPS, SUCCESS);

  add_install_test(HTTP, NOCERT, NETWORK_FAILURE);

  add_install_test(HTTP, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(HTTP, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(HTTP, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from valid https to other servers works as expected

  add_install_test(HTTPS, HTTP, NETWORK_FAILURE);

  add_install_test(HTTPS, HTTPS, NETWORK_FAILURE);

  add_install_test(HTTPS, NOCERT, NETWORK_FAILURE);

  add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from nocert https to other servers works as expected

  add_install_test(NOCERT, HTTP, NETWORK_FAILURE);

  add_install_test(NOCERT, HTTPS, NETWORK_FAILURE);

  add_install_test(NOCERT, NOCERT, NETWORK_FAILURE);

  add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from self-signed https to other servers works as expected

  add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from untrusted https to other servers works as expected

  add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from expired https to other servers works as expected

  add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);

  add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE);

  add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE);

  add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE);

  run_install_tests(run_next_test);

});

// Runs tests without requiring built-in certificates, no certificate

// exceptions and no hashes

add_test(async function test_builtin_not_required() {

  await SpecialPowers.pushPrefEnv({

    set: [[PREF_INSTALL_REQUIREBUILTINCERTS, false]],

});

  // Tests that a simple install works as expected.

  add_install_test(HTTP, null, SUCCESS);

  add_install_test(HTTPS, null, SUCCESS);

  add_install_test(NOCERT, null, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, null, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, null, NETWORK_FAILURE);

  add_install_test(EXPIRED, null, NETWORK_FAILURE);

  // Tests that redirecting from http to other servers works as expected

  add_install_test(HTTP, HTTP, SUCCESS);

  add_install_test(HTTP, HTTPS, SUCCESS);

  add_install_test(HTTP, NOCERT, NETWORK_FAILURE);

  add_install_test(HTTP, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(HTTP, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(HTTP, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from valid https to other servers works as expected

  add_install_test(HTTPS, HTTP, NETWORK_FAILURE);

  add_install_test(HTTPS, HTTPS, SUCCESS);

  add_install_test(HTTPS, NOCERT, NETWORK_FAILURE);

  add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from nocert https to other servers works as expected

  add_install_test(NOCERT, HTTP, NETWORK_FAILURE);

  add_install_test(NOCERT, HTTPS, NETWORK_FAILURE);

  add_install_test(NOCERT, NOCERT, NETWORK_FAILURE);

  add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from self-signed https to other servers works as expected

  add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from untrusted https to other servers works as expected

  add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from expired https to other servers works as expected

  add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);

  add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE);

  add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE);

  add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE);

  run_install_tests(run_next_test);

});

// Set up overrides for the next test.

add_test(() => {

  addCertOverrides().then(run_next_test);

});

// Runs tests with built-in certificates required, all certificate exceptions

// and no hashes

add_test(async function test_builtin_required_overrides() {

  await SpecialPowers.pushPrefEnv({

    set: [[PREF_INSTALL_REQUIREBUILTINCERTS, true]],

});

  // Tests that a simple install works as expected.

  add_install_test(HTTP, null, SUCCESS);

  add_install_test(HTTPS, null, NETWORK_FAILURE);

  add_install_test(NOCERT, null, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, null, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, null, NETWORK_FAILURE);

  add_install_test(EXPIRED, null, NETWORK_FAILURE);

  // Tests that redirecting from http to other servers works as expected

  add_install_test(HTTP, HTTP, SUCCESS);

  add_install_test(HTTP, HTTPS, SUCCESS);

  add_install_test(HTTP, NOCERT, SUCCESS);

  add_install_test(HTTP, SELFSIGNED, SUCCESS);

  add_install_test(HTTP, UNTRUSTED, SUCCESS);

  add_install_test(HTTP, EXPIRED, SUCCESS);

  // Tests that redirecting from valid https to other servers works as expected

  add_install_test(HTTPS, HTTP, NETWORK_FAILURE);

  add_install_test(HTTPS, HTTPS, NETWORK_FAILURE);

  add_install_test(HTTPS, NOCERT, NETWORK_FAILURE);

  add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from nocert https to other servers works as expected

  add_install_test(NOCERT, HTTP, NETWORK_FAILURE);

  add_install_test(NOCERT, HTTPS, NETWORK_FAILURE);

  add_install_test(NOCERT, NOCERT, NETWORK_FAILURE);

  add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from self-signed https to other servers works as expected

  add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from untrusted https to other servers works as expected

  add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE);

  // Tests that redirecting from expired https to other servers works as expected

  add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);

  add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE);

  add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE);

  add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE);

  add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE);

  add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE);

  run_install_tests(run_next_test);

});

// Runs tests without requiring built-in certificates, all certificate

// exceptions and no hashes

add_test(async function test_builtin_not_required_overrides() {

  await SpecialPowers.pushPrefEnv({

    set: [[PREF_INSTALL_REQUIREBUILTINCERTS, false]],

});

  // Tests that a simple install works as expected.

  add_install_test(HTTP, null, SUCCESS);

  add_install_test(HTTPS, null, SUCCESS);

  add_install_test(NOCERT, null, SUCCESS);

  add_install_test(SELFSIGNED, null, SUCCESS);

  add_install_test(UNTRUSTED, null, SUCCESS);

  add_install_test(EXPIRED, null, SUCCESS);

  // Tests that redirecting from http to other servers works as expected

  add_install_test(HTTP, HTTP, SUCCESS);

  add_install_test(HTTP, HTTPS, SUCCESS);

  add_install_test(HTTP, NOCERT, SUCCESS);

  add_install_test(HTTP, SELFSIGNED, SUCCESS);

  add_install_test(HTTP, UNTRUSTED, SUCCESS);

  add_install_test(HTTP, EXPIRED, SUCCESS);

  // Tests that redirecting from valid https to other servers works as expected

  add_install_test(HTTPS, HTTP, NETWORK_FAILURE);

  add_install_test(HTTPS, HTTPS, SUCCESS);

  add_install_test(HTTPS, NOCERT, SUCCESS);

  add_install_test(HTTPS, SELFSIGNED, SUCCESS);

  add_install_test(HTTPS, UNTRUSTED, SUCCESS);

  add_install_test(HTTPS, EXPIRED, SUCCESS);

  // Tests that redirecting from nocert https to other servers works as expected

  add_install_test(NOCERT, HTTP, NETWORK_FAILURE);

  add_install_test(NOCERT, HTTPS, SUCCESS);

  add_install_test(NOCERT, NOCERT, SUCCESS);

  add_install_test(NOCERT, SELFSIGNED, SUCCESS);

  add_install_test(NOCERT, UNTRUSTED, SUCCESS);

  add_install_test(NOCERT, EXPIRED, SUCCESS);

  // Tests that redirecting from self-signed https to other servers works as expected

  add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);

  add_install_test(SELFSIGNED, HTTPS, SUCCESS);

  add_install_test(SELFSIGNED, NOCERT, SUCCESS);

  add_install_test(SELFSIGNED, SELFSIGNED, SUCCESS);

  add_install_test(SELFSIGNED, UNTRUSTED, SUCCESS);

  add_install_test(SELFSIGNED, EXPIRED, SUCCESS);

  // Tests that redirecting from untrusted https to other servers works as expected

  add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);

  add_install_test(UNTRUSTED, HTTPS, SUCCESS);

  add_install_test(UNTRUSTED, NOCERT, SUCCESS);

  add_install_test(UNTRUSTED, SELFSIGNED, SUCCESS);

  add_install_test(UNTRUSTED, UNTRUSTED, SUCCESS);

  add_install_test(UNTRUSTED, EXPIRED, SUCCESS);

  // Tests that redirecting from expired https to other servers works as expected

  add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);

  add_install_test(EXPIRED, HTTPS, SUCCESS);

  add_install_test(EXPIRED, NOCERT, SUCCESS);

  add_install_test(EXPIRED, SELFSIGNED, SUCCESS);

  add_install_test(EXPIRED, UNTRUSTED, SUCCESS);

  add_install_test(EXPIRED, EXPIRED, SUCCESS);

  run_install_tests(run_next_test);

});