browser_setIgnoreCertificateErrors.js

Enable keyboard shortcuts

/* Any copyright is dedicated to the Public Domain.

 * http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

const { STATE_IS_SECURE, STATE_IS_BROKEN, STATE_IS_INSECURE } =

  Ci.nsIWebProgressListener;

// from ../../../build/pgo/server-locations.txt

const NO_CERT = "https://nocert.example.com:443";

const SELF_SIGNED = "https://self-signed.example.com:443";

const UNTRUSTED = "https://untrusted.example.com:443";

const EXPIRED = "https://expired.example.com:443";

const MISMATCH_EXPIRED = "https://mismatch.expired.example.com:443";

const MISMATCH_UNTRUSTED = "https://mismatch.untrusted.example.com:443";

const UNTRUSTED_EXPIRED = "https://untrusted-expired.example.com:443";

const MISMATCH_UNTRUSTED_EXPIRED =

  "https://mismatch.untrusted-expired.example.com:443";

const BAD_CERTS = [

  NO_CERT,

  SELF_SIGNED,

  UNTRUSTED,

  EXPIRED,

  MISMATCH_EXPIRED,

  MISMATCH_UNTRUSTED,

  UNTRUSTED_EXPIRED,

  MISMATCH_UNTRUSTED_EXPIRED,

];

function getConnectionState() {

  // prevents items that are being lazy loaded causing issues

  document.getElementById("identity-icon-box").click();

  gIdentityHandler.refreshIdentityPopup();

  return document.getElementById("identity-popup").getAttribute("connection");

/**

 * Compares the security state of the page with what is expected.

 * Returns one of "secure", "broken", "insecure", or "unknown".

*/

function isSecurityState(browser, expectedState) {

  const ui = browser.securityUI;

  if (!ui) {

    ok(false, "No security UI to get the security state");

    return;

  const isSecure = ui.state & STATE_IS_SECURE;

  const isBroken = ui.state & STATE_IS_BROKEN;

  const isInsecure = ui.state & STATE_IS_INSECURE;

  let actualState;

  if (isSecure && !(isBroken || isInsecure)) {

    actualState = "secure";

  } else if (isBroken && !(isSecure || isInsecure)) {

    actualState = "broken";

  } else if (isInsecure && !(isSecure || isBroken)) {

    actualState = "insecure";

  } else {

    actualState = "unknown";

is(

    expectedState,

    actualState,

    `Expected state is ${expectedState} and actual state is ${actualState}`

);

add_task(async function testDefault() {

  for (const url of BAD_CERTS) {

    info(`Navigating to ${url}`);

    const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);

    BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, url);

    await loaded;

is(

      getConnectionState(),

      "cert-error-page",

      "Security error page is present"

);

    isSecurityState(gBrowser, "insecure");

});

add_task(async function testIgnore({ client }) {

  const { Security } = client;

  info("Enable security certificate override");

  await Security.setIgnoreCertificateErrors({ ignore: true });

  for (const url of BAD_CERTS) {

    info(`Navigating to ${url}`);

    BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, url);

    await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);

is(

      getConnectionState(),

      "secure-cert-user-overridden",

      "Security certificate was overridden by user"

);

    isSecurityState(gBrowser, "secure");

});

add_task(async function testUnignore({ client }) {

  const { Security } = client;

  info("Disable security certificate override");

  await Security.setIgnoreCertificateErrors({ ignore: false });

  for (const url of BAD_CERTS) {

    info(`Navigating to ${url}`);

    const loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);

    BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, url);

    await loaded;

is(

      getConnectionState(),

      "cert-error-page",

      "Security error page is present"

);

    isSecurityState(gBrowser, "insecure");

});

// smoke test for unignored -> ignored -> unignored

add_task(async function testToggle({ client }) {

  const { Security } = client;

  let loaded;

  info("Enable security certificate override");

  await Security.setIgnoreCertificateErrors({ ignore: true });

  info(`Navigating to ${UNTRUSTED} having set the override`);

  BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, UNTRUSTED);

  await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);

is(

    getConnectionState(),

    "secure-cert-user-overridden",

    "Security certificate was overridden by user"

);

  isSecurityState(gBrowser, "secure");

  info("Disable security certificate override");

  await Security.setIgnoreCertificateErrors({ ignore: false });

  info(`Navigating to ${UNTRUSTED} having unset the override`);

  loaded = BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser);

  BrowserTestUtils.startLoadingURIString(gBrowser.selectedBrowser, UNTRUSTED);

  await loaded;

is(

    getConnectionState(),

    "cert-error-page",

    "Security error page is present by default"

);

  isSecurityState(gBrowser, "insecure");

});