1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/toolkit/mozapps/extensions/test/browser/browser_installssl.js Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,374 @@
1.4 +/* Any copyright is dedicated to the Public Domain.
1.5 + * http://creativecommons.org/publicdomain/zero/1.0/
1.6 + */
1.7 +
1.8 +const xpi = RELATIVE_DIR + "addons/browser_installssl.xpi";
1.9 +const redirect = RELATIVE_DIR + "redirect.sjs?";
1.10 +const SUCCESS = 0;
1.11 +const NETWORK_FAILURE = AddonManager.ERROR_NETWORK_FAILURE;
1.12 +
1.13 +const HTTP = "http://example.com/";
1.14 +const HTTPS = "https://example.com/";
1.15 +const NOCERT = "https://nocert.example.com/";
1.16 +const SELFSIGNED = "https://self-signed.example.com/";
1.17 +const UNTRUSTED = "https://untrusted.example.com/";
1.18 +const EXPIRED = "https://expired.example.com/";
1.19 +
1.20 +const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts";
1.21 +
1.22 +var gTests = [];
1.23 +var gStart = 0;
1.24 +var gLast = 0;
1.25 +var gPendingInstall = null;
1.26 +
1.27 +function test() {
1.28 + gStart = Date.now();
1.29 + requestLongerTimeout(4);
1.30 + waitForExplicitFinish();
1.31 +
1.32 + registerCleanupFunction(function() {
1.33 + var cos = Cc["@mozilla.org/security/certoverride;1"].
1.34 + getService(Ci.nsICertOverrideService);
1.35 + cos.clearValidityOverride("nocert.example.com", -1);
1.36 + cos.clearValidityOverride("self-signed.example.com", -1);
1.37 + cos.clearValidityOverride("untrusted.example.com", -1);
1.38 + cos.clearValidityOverride("expired.example.com", -1);
1.39 +
1.40 + try {
1.41 + Services.prefs.clearUserPref(PREF_INSTALL_REQUIREBUILTINCERTS);
1.42 + }
1.43 + catch (e) {
1.44 + }
1.45 +
1.46 + if (gPendingInstall) {
1.47 + gTests = [];
1.48 + ok(false, "Timed out in the middle of downloading " + gPendingInstall.sourceURI.spec);
1.49 + try {
1.50 + gPendingInstall.cancel();
1.51 + }
1.52 + catch (e) {
1.53 + }
1.54 + }
1.55 + });
1.56 +
1.57 + run_next_test();
1.58 +}
1.59 +
1.60 +function end_test() {
1.61 + info("All tests completed in " + (Date.now() - gStart) + "ms");
1.62 + finish();
1.63 +}
1.64 +
1.65 +function add_install_test(mainURL, redirectURL, expectedStatus) {
1.66 + gTests.push([mainURL, redirectURL, expectedStatus]);
1.67 +}
1.68 +
1.69 +function run_install_tests(callback) {
1.70 + function run_next_install_test() {
1.71 + if (gTests.length == 0) {
1.72 + callback();
1.73 + return;
1.74 + }
1.75 + gLast = Date.now();
1.76 +
1.77 + let [mainURL, redirectURL, expectedStatus] = gTests.shift();
1.78 + if (redirectURL) {
1.79 + var url = mainURL + redirect + redirectURL + xpi;
1.80 + var message = "Should have seen the right result for an install redirected from " +
1.81 + mainURL + " to " + redirectURL;
1.82 + }
1.83 + else {
1.84 + url = mainURL + xpi;
1.85 + message = "Should have seen the right result for an install from " +
1.86 + mainURL;
1.87 + }
1.88 +
1.89 + AddonManager.getInstallForURL(url, function(install) {
1.90 + gPendingInstall = install;
1.91 + install.addListener({
1.92 + onDownloadEnded: function(install) {
1.93 + is(SUCCESS, expectedStatus, message);
1.94 + info("Install test ran in " + (Date.now() - gLast) + "ms");
1.95 + // Don't proceed with the install
1.96 + install.cancel();
1.97 + gPendingInstall = null;
1.98 + run_next_install_test();
1.99 + return false;
1.100 + },
1.101 +
1.102 + onDownloadFailed: function(install) {
1.103 + is(install.error, expectedStatus, message);
1.104 + info("Install test ran in " + (Date.now() - gLast) + "ms");
1.105 + gPendingInstall = null;
1.106 + run_next_install_test();
1.107 + }
1.108 + });
1.109 + install.install();
1.110 + }, "application/x-xpinstall");
1.111 + }
1.112 +
1.113 + run_next_install_test();
1.114 +}
1.115 +
1.116 +// Add overrides for the bad certificates
1.117 +function addCertOverrides() {
1.118 + addCertOverride("nocert.example.com", Ci.nsICertOverrideService.ERROR_MISMATCH);
1.119 + addCertOverride("self-signed.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED);
1.120 + addCertOverride("untrusted.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED);
1.121 + addCertOverride("expired.example.com", Ci.nsICertOverrideService.ERROR_TIME);
1.122 +}
1.123 +
1.124 +// Runs tests with built-in certificates required, no certificate exceptions
1.125 +// and no hashes
1.126 +add_test(function() {
1.127 + // Tests that a simple install works as expected.
1.128 + add_install_test(HTTP, null, SUCCESS);
1.129 + add_install_test(HTTPS, null, NETWORK_FAILURE);
1.130 + add_install_test(NOCERT, null, NETWORK_FAILURE);
1.131 + add_install_test(SELFSIGNED, null, NETWORK_FAILURE);
1.132 + add_install_test(UNTRUSTED, null, NETWORK_FAILURE);
1.133 + add_install_test(EXPIRED, null, NETWORK_FAILURE);
1.134 +
1.135 + // Tests that redirecting from http to other servers works as expected
1.136 + add_install_test(HTTP, HTTP, SUCCESS);
1.137 + add_install_test(HTTP, HTTPS, SUCCESS);
1.138 + add_install_test(HTTP, NOCERT, NETWORK_FAILURE);
1.139 + add_install_test(HTTP, SELFSIGNED, NETWORK_FAILURE);
1.140 + add_install_test(HTTP, UNTRUSTED, NETWORK_FAILURE);
1.141 + add_install_test(HTTP, EXPIRED, NETWORK_FAILURE);
1.142 +
1.143 + // Tests that redirecting from valid https to other servers works as expected
1.144 + add_install_test(HTTPS, HTTP, NETWORK_FAILURE);
1.145 + add_install_test(HTTPS, HTTPS, NETWORK_FAILURE);
1.146 + add_install_test(HTTPS, NOCERT, NETWORK_FAILURE);
1.147 + add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE);
1.148 + add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE);
1.149 + add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE);
1.150 +
1.151 + // Tests that redirecting from nocert https to other servers works as expected
1.152 + add_install_test(NOCERT, HTTP, NETWORK_FAILURE);
1.153 + add_install_test(NOCERT, HTTPS, NETWORK_FAILURE);
1.154 + add_install_test(NOCERT, NOCERT, NETWORK_FAILURE);
1.155 + add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE);
1.156 + add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE);
1.157 + add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE);
1.158 +
1.159 + // Tests that redirecting from self-signed https to other servers works as expected
1.160 + add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);
1.161 + add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE);
1.162 + add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE);
1.163 + add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE);
1.164 + add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE);
1.165 + add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE);
1.166 +
1.167 + // Tests that redirecting from untrusted https to other servers works as expected
1.168 + add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);
1.169 + add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE);
1.170 + add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE);
1.171 + add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE);
1.172 + add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE);
1.173 + add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE);
1.174 +
1.175 + // Tests that redirecting from expired https to other servers works as expected
1.176 + add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);
1.177 + add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE);
1.178 + add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE);
1.179 + add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE);
1.180 + add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE);
1.181 + add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE);
1.182 +
1.183 + run_install_tests(run_next_test);
1.184 +});
1.185 +
1.186 +// Runs tests without requiring built-in certificates, no certificate
1.187 +// exceptions and no hashes
1.188 +add_test(function() {
1.189 + Services.prefs.setBoolPref(PREF_INSTALL_REQUIREBUILTINCERTS, false);
1.190 +
1.191 + // Tests that a simple install works as expected.
1.192 + add_install_test(HTTP, null, SUCCESS);
1.193 + add_install_test(HTTPS, null, SUCCESS);
1.194 + add_install_test(NOCERT, null, NETWORK_FAILURE);
1.195 + add_install_test(SELFSIGNED, null, NETWORK_FAILURE);
1.196 + add_install_test(UNTRUSTED, null, NETWORK_FAILURE);
1.197 + add_install_test(EXPIRED, null, NETWORK_FAILURE);
1.198 +
1.199 + // Tests that redirecting from http to other servers works as expected
1.200 + add_install_test(HTTP, HTTP, SUCCESS);
1.201 + add_install_test(HTTP, HTTPS, SUCCESS);
1.202 + add_install_test(HTTP, NOCERT, NETWORK_FAILURE);
1.203 + add_install_test(HTTP, SELFSIGNED, NETWORK_FAILURE);
1.204 + add_install_test(HTTP, UNTRUSTED, NETWORK_FAILURE);
1.205 + add_install_test(HTTP, EXPIRED, NETWORK_FAILURE);
1.206 +
1.207 + // Tests that redirecting from valid https to other servers works as expected
1.208 + add_install_test(HTTPS, HTTP, NETWORK_FAILURE);
1.209 + add_install_test(HTTPS, HTTPS, SUCCESS);
1.210 + add_install_test(HTTPS, NOCERT, NETWORK_FAILURE);
1.211 + add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE);
1.212 + add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE);
1.213 + add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE);
1.214 +
1.215 + // Tests that redirecting from nocert https to other servers works as expected
1.216 + add_install_test(NOCERT, HTTP, NETWORK_FAILURE);
1.217 + add_install_test(NOCERT, HTTPS, NETWORK_FAILURE);
1.218 + add_install_test(NOCERT, NOCERT, NETWORK_FAILURE);
1.219 + add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE);
1.220 + add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE);
1.221 + add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE);
1.222 +
1.223 + // Tests that redirecting from self-signed https to other servers works as expected
1.224 + add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);
1.225 + add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE);
1.226 + add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE);
1.227 + add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE);
1.228 + add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE);
1.229 + add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE);
1.230 +
1.231 + // Tests that redirecting from untrusted https to other servers works as expected
1.232 + add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);
1.233 + add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE);
1.234 + add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE);
1.235 + add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE);
1.236 + add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE);
1.237 + add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE);
1.238 +
1.239 + // Tests that redirecting from expired https to other servers works as expected
1.240 + add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);
1.241 + add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE);
1.242 + add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE);
1.243 + add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE);
1.244 + add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE);
1.245 + add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE);
1.246 +
1.247 + run_install_tests(run_next_test);
1.248 +});
1.249 +
1.250 +// Runs tests with built-in certificates required, all certificate exceptions
1.251 +// and no hashes
1.252 +add_test(function() {
1.253 + Services.prefs.clearUserPref(PREF_INSTALL_REQUIREBUILTINCERTS);
1.254 + addCertOverrides();
1.255 +
1.256 + // Tests that a simple install works as expected.
1.257 + add_install_test(HTTP, null, SUCCESS);
1.258 + add_install_test(HTTPS, null, NETWORK_FAILURE);
1.259 + add_install_test(NOCERT, null, NETWORK_FAILURE);
1.260 + add_install_test(SELFSIGNED, null, NETWORK_FAILURE);
1.261 + add_install_test(UNTRUSTED, null, NETWORK_FAILURE);
1.262 + add_install_test(EXPIRED, null, NETWORK_FAILURE);
1.263 +
1.264 + // Tests that redirecting from http to other servers works as expected
1.265 + add_install_test(HTTP, HTTP, SUCCESS);
1.266 + add_install_test(HTTP, HTTPS, SUCCESS);
1.267 + add_install_test(HTTP, NOCERT, SUCCESS);
1.268 + add_install_test(HTTP, SELFSIGNED, SUCCESS);
1.269 + add_install_test(HTTP, UNTRUSTED, SUCCESS);
1.270 + add_install_test(HTTP, EXPIRED, SUCCESS);
1.271 +
1.272 + // Tests that redirecting from valid https to other servers works as expected
1.273 + add_install_test(HTTPS, HTTP, NETWORK_FAILURE);
1.274 + add_install_test(HTTPS, HTTPS, NETWORK_FAILURE);
1.275 + add_install_test(HTTPS, NOCERT, NETWORK_FAILURE);
1.276 + add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE);
1.277 + add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE);
1.278 + add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE);
1.279 +
1.280 + // Tests that redirecting from nocert https to other servers works as expected
1.281 + add_install_test(NOCERT, HTTP, NETWORK_FAILURE);
1.282 + add_install_test(NOCERT, HTTPS, NETWORK_FAILURE);
1.283 + add_install_test(NOCERT, NOCERT, NETWORK_FAILURE);
1.284 + add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE);
1.285 + add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE);
1.286 + add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE);
1.287 +
1.288 + // Tests that redirecting from self-signed https to other servers works as expected
1.289 + add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);
1.290 + add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE);
1.291 + add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE);
1.292 + add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE);
1.293 + add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE);
1.294 + add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE);
1.295 +
1.296 + // Tests that redirecting from untrusted https to other servers works as expected
1.297 + add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);
1.298 + add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE);
1.299 + add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE);
1.300 + add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE);
1.301 + add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE);
1.302 + add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE);
1.303 +
1.304 + // Tests that redirecting from expired https to other servers works as expected
1.305 + add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);
1.306 + add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE);
1.307 + add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE);
1.308 + add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE);
1.309 + add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE);
1.310 + add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE);
1.311 +
1.312 + run_install_tests(run_next_test);
1.313 +});
1.314 +
1.315 +// Runs tests without requiring built-in certificates, all certificate
1.316 +// exceptions and no hashes
1.317 +add_test(function() {
1.318 + Services.prefs.setBoolPref(PREF_INSTALL_REQUIREBUILTINCERTS, false);
1.319 +
1.320 + // Tests that a simple install works as expected.
1.321 + add_install_test(HTTP, null, SUCCESS);
1.322 + add_install_test(HTTPS, null, SUCCESS);
1.323 + add_install_test(NOCERT, null, SUCCESS);
1.324 + add_install_test(SELFSIGNED, null, SUCCESS);
1.325 + add_install_test(UNTRUSTED, null, SUCCESS);
1.326 + add_install_test(EXPIRED, null, SUCCESS);
1.327 +
1.328 + // Tests that redirecting from http to other servers works as expected
1.329 + add_install_test(HTTP, HTTP, SUCCESS);
1.330 + add_install_test(HTTP, HTTPS, SUCCESS);
1.331 + add_install_test(HTTP, NOCERT, SUCCESS);
1.332 + add_install_test(HTTP, SELFSIGNED, SUCCESS);
1.333 + add_install_test(HTTP, UNTRUSTED, SUCCESS);
1.334 + add_install_test(HTTP, EXPIRED, SUCCESS);
1.335 +
1.336 + // Tests that redirecting from valid https to other servers works as expected
1.337 + add_install_test(HTTPS, HTTP, NETWORK_FAILURE);
1.338 + add_install_test(HTTPS, HTTPS, SUCCESS);
1.339 + add_install_test(HTTPS, NOCERT, SUCCESS);
1.340 + add_install_test(HTTPS, SELFSIGNED, SUCCESS);
1.341 + add_install_test(HTTPS, UNTRUSTED, SUCCESS);
1.342 + add_install_test(HTTPS, EXPIRED, SUCCESS);
1.343 +
1.344 + // Tests that redirecting from nocert https to other servers works as expected
1.345 + add_install_test(NOCERT, HTTP, NETWORK_FAILURE);
1.346 + add_install_test(NOCERT, HTTPS, SUCCESS);
1.347 + add_install_test(NOCERT, NOCERT, SUCCESS);
1.348 + add_install_test(NOCERT, SELFSIGNED, SUCCESS);
1.349 + add_install_test(NOCERT, UNTRUSTED, SUCCESS);
1.350 + add_install_test(NOCERT, EXPIRED, SUCCESS);
1.351 +
1.352 + // Tests that redirecting from self-signed https to other servers works as expected
1.353 + add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE);
1.354 + add_install_test(SELFSIGNED, HTTPS, SUCCESS);
1.355 + add_install_test(SELFSIGNED, NOCERT, SUCCESS);
1.356 + add_install_test(SELFSIGNED, SELFSIGNED, SUCCESS);
1.357 + add_install_test(SELFSIGNED, UNTRUSTED, SUCCESS);
1.358 + add_install_test(SELFSIGNED, EXPIRED, SUCCESS);
1.359 +
1.360 + // Tests that redirecting from untrusted https to other servers works as expected
1.361 + add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE);
1.362 + add_install_test(UNTRUSTED, HTTPS, SUCCESS);
1.363 + add_install_test(UNTRUSTED, NOCERT, SUCCESS);
1.364 + add_install_test(UNTRUSTED, SELFSIGNED, SUCCESS);
1.365 + add_install_test(UNTRUSTED, UNTRUSTED, SUCCESS);
1.366 + add_install_test(UNTRUSTED, EXPIRED, SUCCESS);
1.367 +
1.368 + // Tests that redirecting from expired https to other servers works as expected
1.369 + add_install_test(EXPIRED, HTTP, NETWORK_FAILURE);
1.370 + add_install_test(EXPIRED, HTTPS, SUCCESS);
1.371 + add_install_test(EXPIRED, NOCERT, SUCCESS);
1.372 + add_install_test(EXPIRED, SELFSIGNED, SUCCESS);
1.373 + add_install_test(EXPIRED, UNTRUSTED, SUCCESS);
1.374 + add_install_test(EXPIRED, EXPIRED, SUCCESS);
1.375 +
1.376 + run_install_tests(run_next_test);
1.377 +});
