michael@0: /* Any copyright is dedicated to the Public Domain. michael@0: * http://creativecommons.org/publicdomain/zero/1.0/ michael@0: */ michael@0: michael@0: const xpi = RELATIVE_DIR + "addons/browser_installssl.xpi"; michael@0: const redirect = RELATIVE_DIR + "redirect.sjs?"; michael@0: const SUCCESS = 0; michael@0: const NETWORK_FAILURE = AddonManager.ERROR_NETWORK_FAILURE; michael@0: michael@0: const HTTP = "http://example.com/"; michael@0: const HTTPS = "https://example.com/"; michael@0: const NOCERT = "https://nocert.example.com/"; michael@0: const SELFSIGNED = "https://self-signed.example.com/"; michael@0: const UNTRUSTED = "https://untrusted.example.com/"; michael@0: const EXPIRED = "https://expired.example.com/"; michael@0: michael@0: const PREF_INSTALL_REQUIREBUILTINCERTS = "extensions.install.requireBuiltInCerts"; michael@0: michael@0: var gTests = []; michael@0: var gStart = 0; michael@0: var gLast = 0; michael@0: var gPendingInstall = null; michael@0: michael@0: function test() { michael@0: gStart = Date.now(); michael@0: requestLongerTimeout(4); michael@0: waitForExplicitFinish(); michael@0: michael@0: registerCleanupFunction(function() { michael@0: var cos = Cc["@mozilla.org/security/certoverride;1"]. michael@0: getService(Ci.nsICertOverrideService); michael@0: cos.clearValidityOverride("nocert.example.com", -1); michael@0: cos.clearValidityOverride("self-signed.example.com", -1); michael@0: cos.clearValidityOverride("untrusted.example.com", -1); michael@0: cos.clearValidityOverride("expired.example.com", -1); michael@0: michael@0: try { michael@0: Services.prefs.clearUserPref(PREF_INSTALL_REQUIREBUILTINCERTS); michael@0: } michael@0: catch (e) { michael@0: } michael@0: michael@0: if (gPendingInstall) { michael@0: gTests = []; michael@0: ok(false, "Timed out in the middle of downloading " + gPendingInstall.sourceURI.spec); michael@0: try { michael@0: gPendingInstall.cancel(); michael@0: } michael@0: catch (e) { michael@0: } michael@0: } michael@0: }); michael@0: michael@0: run_next_test(); michael@0: } michael@0: michael@0: function end_test() { michael@0: info("All tests completed in " + (Date.now() - gStart) + "ms"); michael@0: finish(); michael@0: } michael@0: michael@0: function add_install_test(mainURL, redirectURL, expectedStatus) { michael@0: gTests.push([mainURL, redirectURL, expectedStatus]); michael@0: } michael@0: michael@0: function run_install_tests(callback) { michael@0: function run_next_install_test() { michael@0: if (gTests.length == 0) { michael@0: callback(); michael@0: return; michael@0: } michael@0: gLast = Date.now(); michael@0: michael@0: let [mainURL, redirectURL, expectedStatus] = gTests.shift(); michael@0: if (redirectURL) { michael@0: var url = mainURL + redirect + redirectURL + xpi; michael@0: var message = "Should have seen the right result for an install redirected from " + michael@0: mainURL + " to " + redirectURL; michael@0: } michael@0: else { michael@0: url = mainURL + xpi; michael@0: message = "Should have seen the right result for an install from " + michael@0: mainURL; michael@0: } michael@0: michael@0: AddonManager.getInstallForURL(url, function(install) { michael@0: gPendingInstall = install; michael@0: install.addListener({ michael@0: onDownloadEnded: function(install) { michael@0: is(SUCCESS, expectedStatus, message); michael@0: info("Install test ran in " + (Date.now() - gLast) + "ms"); michael@0: // Don't proceed with the install michael@0: install.cancel(); michael@0: gPendingInstall = null; michael@0: run_next_install_test(); michael@0: return false; michael@0: }, michael@0: michael@0: onDownloadFailed: function(install) { michael@0: is(install.error, expectedStatus, message); michael@0: info("Install test ran in " + (Date.now() - gLast) + "ms"); michael@0: gPendingInstall = null; michael@0: run_next_install_test(); michael@0: } michael@0: }); michael@0: install.install(); michael@0: }, "application/x-xpinstall"); michael@0: } michael@0: michael@0: run_next_install_test(); michael@0: } michael@0: michael@0: // Add overrides for the bad certificates michael@0: function addCertOverrides() { michael@0: addCertOverride("nocert.example.com", Ci.nsICertOverrideService.ERROR_MISMATCH); michael@0: addCertOverride("self-signed.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED); michael@0: addCertOverride("untrusted.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED); michael@0: addCertOverride("expired.example.com", Ci.nsICertOverrideService.ERROR_TIME); michael@0: } michael@0: michael@0: // Runs tests with built-in certificates required, no certificate exceptions michael@0: // and no hashes michael@0: add_test(function() { michael@0: // Tests that a simple install works as expected. michael@0: add_install_test(HTTP, null, SUCCESS); michael@0: add_install_test(HTTPS, null, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, null, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, null, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, null, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, null, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from http to other servers works as expected michael@0: add_install_test(HTTP, HTTP, SUCCESS); michael@0: add_install_test(HTTP, HTTPS, SUCCESS); michael@0: add_install_test(HTTP, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(HTTP, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(HTTP, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(HTTP, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from valid https to other servers works as expected michael@0: add_install_test(HTTPS, HTTP, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from nocert https to other servers works as expected michael@0: add_install_test(NOCERT, HTTP, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from self-signed https to other servers works as expected michael@0: add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from untrusted https to other servers works as expected michael@0: add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from expired https to other servers works as expected michael@0: add_install_test(EXPIRED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: run_install_tests(run_next_test); michael@0: }); michael@0: michael@0: // Runs tests without requiring built-in certificates, no certificate michael@0: // exceptions and no hashes michael@0: add_test(function() { michael@0: Services.prefs.setBoolPref(PREF_INSTALL_REQUIREBUILTINCERTS, false); michael@0: michael@0: // Tests that a simple install works as expected. michael@0: add_install_test(HTTP, null, SUCCESS); michael@0: add_install_test(HTTPS, null, SUCCESS); michael@0: add_install_test(NOCERT, null, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, null, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, null, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, null, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from http to other servers works as expected michael@0: add_install_test(HTTP, HTTP, SUCCESS); michael@0: add_install_test(HTTP, HTTPS, SUCCESS); michael@0: add_install_test(HTTP, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(HTTP, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(HTTP, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(HTTP, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from valid https to other servers works as expected michael@0: add_install_test(HTTPS, HTTP, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, HTTPS, SUCCESS); michael@0: add_install_test(HTTPS, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from nocert https to other servers works as expected michael@0: add_install_test(NOCERT, HTTP, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from self-signed https to other servers works as expected michael@0: add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from untrusted https to other servers works as expected michael@0: add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from expired https to other servers works as expected michael@0: add_install_test(EXPIRED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: run_install_tests(run_next_test); michael@0: }); michael@0: michael@0: // Runs tests with built-in certificates required, all certificate exceptions michael@0: // and no hashes michael@0: add_test(function() { michael@0: Services.prefs.clearUserPref(PREF_INSTALL_REQUIREBUILTINCERTS); michael@0: addCertOverrides(); michael@0: michael@0: // Tests that a simple install works as expected. michael@0: add_install_test(HTTP, null, SUCCESS); michael@0: add_install_test(HTTPS, null, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, null, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, null, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, null, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, null, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from http to other servers works as expected michael@0: add_install_test(HTTP, HTTP, SUCCESS); michael@0: add_install_test(HTTP, HTTPS, SUCCESS); michael@0: add_install_test(HTTP, NOCERT, SUCCESS); michael@0: add_install_test(HTTP, SELFSIGNED, SUCCESS); michael@0: add_install_test(HTTP, UNTRUSTED, SUCCESS); michael@0: add_install_test(HTTP, EXPIRED, SUCCESS); michael@0: michael@0: // Tests that redirecting from valid https to other servers works as expected michael@0: add_install_test(HTTPS, HTTP, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from nocert https to other servers works as expected michael@0: add_install_test(NOCERT, HTTP, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from self-signed https to other servers works as expected michael@0: add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from untrusted https to other servers works as expected michael@0: add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: // Tests that redirecting from expired https to other servers works as expected michael@0: add_install_test(EXPIRED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, HTTPS, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, NOCERT, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, SELFSIGNED, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, UNTRUSTED, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, EXPIRED, NETWORK_FAILURE); michael@0: michael@0: run_install_tests(run_next_test); michael@0: }); michael@0: michael@0: // Runs tests without requiring built-in certificates, all certificate michael@0: // exceptions and no hashes michael@0: add_test(function() { michael@0: Services.prefs.setBoolPref(PREF_INSTALL_REQUIREBUILTINCERTS, false); michael@0: michael@0: // Tests that a simple install works as expected. michael@0: add_install_test(HTTP, null, SUCCESS); michael@0: add_install_test(HTTPS, null, SUCCESS); michael@0: add_install_test(NOCERT, null, SUCCESS); michael@0: add_install_test(SELFSIGNED, null, SUCCESS); michael@0: add_install_test(UNTRUSTED, null, SUCCESS); michael@0: add_install_test(EXPIRED, null, SUCCESS); michael@0: michael@0: // Tests that redirecting from http to other servers works as expected michael@0: add_install_test(HTTP, HTTP, SUCCESS); michael@0: add_install_test(HTTP, HTTPS, SUCCESS); michael@0: add_install_test(HTTP, NOCERT, SUCCESS); michael@0: add_install_test(HTTP, SELFSIGNED, SUCCESS); michael@0: add_install_test(HTTP, UNTRUSTED, SUCCESS); michael@0: add_install_test(HTTP, EXPIRED, SUCCESS); michael@0: michael@0: // Tests that redirecting from valid https to other servers works as expected michael@0: add_install_test(HTTPS, HTTP, NETWORK_FAILURE); michael@0: add_install_test(HTTPS, HTTPS, SUCCESS); michael@0: add_install_test(HTTPS, NOCERT, SUCCESS); michael@0: add_install_test(HTTPS, SELFSIGNED, SUCCESS); michael@0: add_install_test(HTTPS, UNTRUSTED, SUCCESS); michael@0: add_install_test(HTTPS, EXPIRED, SUCCESS); michael@0: michael@0: // Tests that redirecting from nocert https to other servers works as expected michael@0: add_install_test(NOCERT, HTTP, NETWORK_FAILURE); michael@0: add_install_test(NOCERT, HTTPS, SUCCESS); michael@0: add_install_test(NOCERT, NOCERT, SUCCESS); michael@0: add_install_test(NOCERT, SELFSIGNED, SUCCESS); michael@0: add_install_test(NOCERT, UNTRUSTED, SUCCESS); michael@0: add_install_test(NOCERT, EXPIRED, SUCCESS); michael@0: michael@0: // Tests that redirecting from self-signed https to other servers works as expected michael@0: add_install_test(SELFSIGNED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(SELFSIGNED, HTTPS, SUCCESS); michael@0: add_install_test(SELFSIGNED, NOCERT, SUCCESS); michael@0: add_install_test(SELFSIGNED, SELFSIGNED, SUCCESS); michael@0: add_install_test(SELFSIGNED, UNTRUSTED, SUCCESS); michael@0: add_install_test(SELFSIGNED, EXPIRED, SUCCESS); michael@0: michael@0: // Tests that redirecting from untrusted https to other servers works as expected michael@0: add_install_test(UNTRUSTED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(UNTRUSTED, HTTPS, SUCCESS); michael@0: add_install_test(UNTRUSTED, NOCERT, SUCCESS); michael@0: add_install_test(UNTRUSTED, SELFSIGNED, SUCCESS); michael@0: add_install_test(UNTRUSTED, UNTRUSTED, SUCCESS); michael@0: add_install_test(UNTRUSTED, EXPIRED, SUCCESS); michael@0: michael@0: // Tests that redirecting from expired https to other servers works as expected michael@0: add_install_test(EXPIRED, HTTP, NETWORK_FAILURE); michael@0: add_install_test(EXPIRED, HTTPS, SUCCESS); michael@0: add_install_test(EXPIRED, NOCERT, SUCCESS); michael@0: add_install_test(EXPIRED, SELFSIGNED, SUCCESS); michael@0: add_install_test(EXPIRED, UNTRUSTED, SUCCESS); michael@0: add_install_test(EXPIRED, EXPIRED, SUCCESS); michael@0: michael@0: run_install_tests(run_next_test); michael@0: });