Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-29 15:52:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 553169: Port tests for bug 435743 to the new extension manager API. r=robstrong

Browse Source
This commit is contained in:
Dave Townsend 2010-04-29 13:11:23 -07:00
parent 1525faa802
commit 0d0d9f9931
11 changed files with 815 additions and 743 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
toolkit/mozapps/extensions/test/Makefile.in
View File

@ -56,19 +56,8 @@ XPCSHELL_TESTS = \
unit \
$(NULL)
_CHROME_FILES = \
test_bug435743_1.xul \
test_bug435743_2.xul \
bug435743.rdf \
bug435743.xpi \
bug435743.sjs \
$(NULL)
include $(topsrcdir)/config/rules.mk
libs:: $(_CHROME_FILES)
$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
libs::
rm -rf $(TESTXPI)
$(NSINSTALL) -D $(TESTXPI)

10
toolkit/mozapps/extensions/test/browser/Makefile.in
View File

@ -39,12 +39,18 @@ DEPTH = ../../../../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
relativesrcdir = toolkit/mozapps/extensions/test
relativesrcdir = toolkit/mozapps/extensions/test/browser
include $(DEPTH)/config/autoconf.mk
_TEST_FILES = \
browser_bug510909.js
head.js \
browser_bug510909.js \
browser_updatessl.js \
browser_updatessl.rdf \
browser_installssl.js \
browser_installssl.xpi \
redirect.sjs \
$(NULL)
include $(topsrcdir)/config/rules.mk

359
toolkit/mozapps/extensions/test/browser/browser_installssl.js Normal file
View File

@ -0,0 +1,359 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
Components.utils.import("resource://gre/modules/AddonManager.jsm");
const xpi = "browser/toolkit/mozapps/extensions/test/browser/browser_installssl.xpi";
const redirect = "browser/toolkit/mozapps/extensions/test/browser/redirect.sjs?";
const SUCCESS = 0;
var gTests = [];
function test() {
waitForExplicitFinish();
run_next_test();
}
function end_test() {
var cos = Cc["@mozilla.org/security/certoverride;1"].
getService(Ci.nsICertOverrideService);
cos.clearValidityOverride("nocert.example.com", -1);
cos.clearValidityOverride("self-signed.example.com", -1);
cos.clearValidityOverride("untrusted.example.com", -1);
cos.clearValidityOverride("expired.example.com", -1);
finish();
}
function add_install_test(url, expectedStatus, message) {
gTests.push([url, expectedStatus, message]);
}
function run_install_tests(callback) {
function run_next_install_test() {
if (gTests.length == 0) {
callback();
return;
}
let [url, expectedStatus, message] = gTests.shift();
AddonManager.getInstallForURL(url, function(install) {
install.addListener({
onDownloadEnded: function(install) {
is(SUCCESS, expectedStatus, message);
run_next_install_test();
// Don't proceed with the install
return false;
},
onDownloadFailed: function(install, status) {
is(status, expectedStatus, message);
run_next_install_test();
}
});
install.install();
}, "application/x-xpinstall");
}
run_next_install_test();
}
// Add overrides for the bad certificates
function addCertOverrides() {
addCertOverride("nocert.example.com", Ci.nsICertOverrideService.ERROR_MISMATCH);
addCertOverride("self-signed.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED);
addCertOverride("untrusted.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED);
addCertOverride("expired.example.com", Ci.nsICertOverrideService.ERROR_TIME);
}
add_test(function() {
// Tests that a simple update.rdf retrieval works as expected.
add_install_test("http://example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http install url");
add_install_test("https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https install url from a non built-in CA");
add_install_test("https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for nocert https install url");
add_install_test("https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for self-signed https install url");
add_install_test("https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for untrusted https install url");
add_install_test("https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for expired https install url");
// Tests that redirecting from http to other servers works as expected
add_install_test("http://example.com/" + redirect + "http://example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to http redirect");
add_install_test("http://example.com/" + redirect + "https://example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to https redirect for a non built-in CA");
add_install_test("http://example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a http to nocert https redirect");
add_install_test("http://example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a http to self-signed https redirect");
add_install_test("http://example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a http to untrusted https install url");
add_install_test("http://example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a http to expired https install url");
// Tests that redirecting from valid https to other servers works as expected
add_install_test("https://example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to http redirect");
add_install_test("https://example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to https redirect for a non built-in CA");
add_install_test("https://example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to nocert https redirect");
add_install_test("https://example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to self-signed https redirect");
add_install_test("https://example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to untrusted https redirect");
add_install_test("https://example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to expired https redirect");
// Tests that redirecting from nocert https to other servers works as expected
add_install_test("https://nocert.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to http redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to nocert https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to self-signed https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to untrusted https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to expired https redirect");
// Tests that redirecting from self-signed https to other servers works as expected
add_install_test("https://self-signed.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to http redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to nocert https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to self-signed https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to untrusted https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to expired https redirect");
// Tests that redirecting from untrusted https to other servers works as expected
add_install_test("https://untrusted.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to http redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to nocert https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to self-signed https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to untrusted https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to expired https redirect");
// Tests that redirecting from expired https to other servers works as expected
add_install_test("https://expired.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to http redirect");
add_install_test("https://expired.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to nocert https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to self-signed https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to untrusted https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to expired https redirect");
run_install_tests(run_next_test);
});
add_test(function() {
addCertOverrides();
// Tests that a simple update.rdf retrieval works as expected.
add_install_test("http://example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http install url");
add_install_test("https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https install url from a non built-in CA");
add_install_test("https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for nocert https install url");
add_install_test("https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for self-signed https install url");
add_install_test("https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for untrusted https install url");
add_install_test("https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for expired https install url");
// Tests that redirecting from http to other servers works as expected
add_install_test("http://example.com/" + redirect + "http://example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to http redirect");
add_install_test("http://example.com/" + redirect + "https://example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to https redirect for a non built-in CA");
add_install_test("http://example.com/" + redirect + "https://nocert.example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to nocert https redirect");
add_install_test("http://example.com/" + redirect + "https://self-signed.example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to self-signed https redirect");
add_install_test("http://example.com/" + redirect + "https://untrusted.example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to untrusted https install url");
add_install_test("http://example.com/" + redirect + "https://expired.example.com/" + xpi,
SUCCESS,
"Should have seen no failure for a http to expired https install url");
// Tests that redirecting from valid https to other servers works as expected
add_install_test("https://example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to http redirect");
add_install_test("https://example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to https redirect for a non built-in CA");
add_install_test("https://example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to nocert https redirect");
add_install_test("https://example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to self-signed https redirect");
add_install_test("https://example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to untrusted https redirect");
add_install_test("https://example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a https to expired https redirect");
// Tests that redirecting from nocert https to other servers works as expected
add_install_test("https://nocert.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to http redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to nocert https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to self-signed https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to untrusted https redirect");
add_install_test("https://nocert.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a nocert https to expired https redirect");
// Tests that redirecting from self-signed https to other servers works as expected
add_install_test("https://self-signed.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to http redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to nocert https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to self-signed https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to untrusted https redirect");
add_install_test("https://self-signed.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a self-signed https to expired https redirect");
// Tests that redirecting from untrusted https to other servers works as expected
add_install_test("https://untrusted.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to http redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to nocert https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to self-signed https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to untrusted https redirect");
add_install_test("https://untrusted.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a untrusted https to expired https redirect");
// Tests that redirecting from expired https to other servers works as expected
add_install_test("https://expired.example.com/" + redirect + "http://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to http redirect");
add_install_test("https://expired.example.com/" + redirect + "https://example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://nocert.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to nocert https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://self-signed.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to self-signed https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://untrusted.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to untrusted https redirect");
add_install_test("https://expired.example.com/" + redirect + "https://expired.example.com/" + xpi,
AddonManager.ERROR_NETWORK_FAILURE,
"Should have seen a failure for a expired https to expired https redirect");
run_install_tests(run_next_test);
});

0
toolkit/mozapps/extensions/test/bug435743.xpi → toolkit/mozapps/extensions/test/browser/browser_installssl.xpi
View File

356
toolkit/mozapps/extensions/test/browser/browser_updatessl.js Normal file
View File

@ -0,0 +1,356 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
Components.utils.import("resource://gre/modules/AddonUpdateChecker.jsm");
const updaterdf = "browser/toolkit/mozapps/extensions/test/browser/browser_updatessl.rdf";
const redirect = "browser/toolkit/mozapps/extensions/test/browser/redirect.sjs?";
const SUCCESS = 0;
var gTests = [];
function test() {
waitForExplicitFinish();
run_next_test();
}
function end_test() {
var cos = Cc["@mozilla.org/security/certoverride;1"].
getService(Ci.nsICertOverrideService);
cos.clearValidityOverride("nocert.example.com", -1);
cos.clearValidityOverride("self-signed.example.com", -1);
cos.clearValidityOverride("untrusted.example.com", -1);
cos.clearValidityOverride("expired.example.com", -1);
finish();
}
function add_update_test(url, expectedStatus, message) {
gTests.push([url, expectedStatus, message]);
}
function run_update_tests(callback) {
function run_next_update_test(pos) {
if (gTests.length == 0) {
callback();
return;
}
let [url, expectedStatus, message] = gTests.shift();
AddonUpdateChecker.checkForUpdates("addon1@tests.mozilla.org", "extension",
null, url, {
onUpdateCheckComplete: function(updates) {
is(updates.length, 1);
is(SUCCESS, expectedStatus, message);
run_next_update_test();
},
onUpdateCheckError: function(status) {
is(status, expectedStatus, message);
run_next_update_test();
}
});
}
run_next_update_test();
}
// Add overrides for the bad certificates
function addCertOverrides() {
addCertOverride("nocert.example.com", Ci.nsICertOverrideService.ERROR_MISMATCH);
addCertOverride("self-signed.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED);
addCertOverride("untrusted.example.com", Ci.nsICertOverrideService.ERROR_UNTRUSTED);
addCertOverride("expired.example.com", Ci.nsICertOverrideService.ERROR_TIME);
}
add_test(function() {
// Tests that a simple update.rdf retrieval works as expected.
add_update_test("http://example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http update url");
add_update_test("https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https update url from a non built-in CA");
add_update_test("https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for nocert https update url");
add_update_test("https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for self-signed https update url");
add_update_test("https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for untrusted https update url");
add_update_test("https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for expired https update url");
// Tests that redirecting from http to other servers works as expected
add_update_test("http://example.com/" + redirect + "http://example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to http redirect");
add_update_test("http://example.com/" + redirect + "https://example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to https redirect for a non built-in CA");
add_update_test("http://example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a http to nocert https redirect");
add_update_test("http://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a http to self-signed https redirect");
add_update_test("http://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a http to untrusted https update url");
add_update_test("http://example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a http to expired https update url");
// Tests that redirecting from valid https to other servers works as expected
add_update_test("https://example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to http redirect");
add_update_test("https://example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to https redirect for a non built-in CA");
add_update_test("https://example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to nocert https redirect");
add_update_test("https://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to self-signed https redirect");
add_update_test("https://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to untrusted https redirect");
add_update_test("https://example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to expired https redirect");
// Tests that redirecting from nocert https to other servers works as expected
add_update_test("https://nocert.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to http redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to nocert https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to self-signed https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to untrusted https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to expired https redirect");
// Tests that redirecting from self-signed https to other servers works as expected
add_update_test("https://self-signed.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to http redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to nocert https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to self-signed https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to untrusted https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to expired https redirect");
// Tests that redirecting from untrusted https to other servers works as expected
add_update_test("https://untrusted.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to http redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to nocert https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to self-signed https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to untrusted https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to expired https redirect");
// Tests that redirecting from expired https to other servers works as expected
add_update_test("https://expired.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to http redirect");
add_update_test("https://expired.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to nocert https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to self-signed https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to untrusted https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to expired https redirect");
run_update_tests(run_next_test);
});
add_test(function() {
addCertOverrides();
// Tests that a simple update.rdf retrieval works as expected.
add_update_test("http://example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http update url");
add_update_test("https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https update url from a non built-in CA");
add_update_test("https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for nocert https update url");
add_update_test("https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for self-signed https update url");
add_update_test("https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for untrusted https update url");
add_update_test("https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for expired https update url");
// Tests that redirecting from http to other servers works as expected
add_update_test("http://example.com/" + redirect + "http://example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to http redirect");
add_update_test("http://example.com/" + redirect + "https://example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to https redirect for a non built-in CA");
add_update_test("http://example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to nocert https redirect");
add_update_test("http://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to self-signed https redirect");
add_update_test("http://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to untrusted https update url");
add_update_test("http://example.com/" + redirect + "https://expired.example.com/" + updaterdf,
SUCCESS,
"Should have seen no failure for a http to expired https update url");
// Tests that redirecting from valid https to other servers works as expected
add_update_test("https://example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to http redirect");
add_update_test("https://example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to https redirect for a non built-in CA");
add_update_test("https://example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to nocert https redirect");
add_update_test("https://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to self-signed https redirect");
add_update_test("https://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to untrusted https redirect");
add_update_test("https://example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a https to expired https redirect");
// Tests that redirecting from nocert https to other servers works as expected
add_update_test("https://nocert.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to http redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to nocert https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to self-signed https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to untrusted https redirect");
add_update_test("https://nocert.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a nocert https to expired https redirect");
// Tests that redirecting from self-signed https to other servers works as expected
add_update_test("https://self-signed.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to http redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to nocert https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to self-signed https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to untrusted https redirect");
add_update_test("https://self-signed.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a self-signed https to expired https redirect");
// Tests that redirecting from untrusted https to other servers works as expected
add_update_test("https://untrusted.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to http redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to nocert https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to self-signed https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to untrusted https redirect");
add_update_test("https://untrusted.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a untrusted https to expired https redirect");
// Tests that redirecting from expired https to other servers works as expected
add_update_test("https://expired.example.com/" + redirect + "http://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to http redirect");
add_update_test("https://expired.example.com/" + redirect + "https://example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://nocert.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to nocert https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to self-signed https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to untrusted https redirect");
add_update_test("https://expired.example.com/" + redirect + "https://expired.example.com/" + updaterdf,
AddonUpdateChecker.ERROR_DOWNLOAD_ERROR,
"Should have seen a failure for a expired https to expired https redirect");
run_update_tests(run_next_test);
});

25
toolkit/mozapps/extensions/test/browser/browser_updatessl.rdf Normal file
View File

@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:extension:addon1@tests.mozilla.org">
<em:updates>
<Seq>
<li>
<Description>
<em:version>2.0</em:version>
<em:targetApplication>
<Description>
<em:id>toolkit@mozilla.org</em:id>
<em:minVersion>0</em:minVersion>
<em:maxVersion>20</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</li>
</Seq>
</em:updates>
</Description>
</RDF>

67
toolkit/mozapps/extensions/test/browser/head.js Normal file
View File

@ -0,0 +1,67 @@
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
var gPendingTests = [];
var gTestsRun = 0;
function add_test(test) {
gPendingTests.push(test);
}
function run_next_test() {
if (gPendingTests.length == 0) {
end_test();
return;
}
gTestsRun++;
info("Running test " + gTestsRun);
gPendingTests.shift()();
}
function CertOverrideListener(host, bits) {
this.host = host;
this.bits = bits;
}
CertOverrideListener.prototype = {
host: null,
bits: null,
getInterface: function (aIID) {
return this.QueryInterface(aIID);
},
QueryInterface: function(aIID) {
if (aIID.equals(Ci.nsIBadCertListener2) ||
aIID.equals(Ci.nsIInterfaceRequestor) ||
aIID.equals(Ci.nsISupports))
return this;
throw Components.results.NS_ERROR_NO_INTERFACE;
},
notifyCertProblem: function (socketInfo, sslStatus, targetHost) {
cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
.serverCert;
var cos = Cc["@mozilla.org/security/certoverride;1"].
getService(Ci.nsICertOverrideService);
cos.rememberValidityOverride(this.host, -1, cert, this.bits, false);
return true;
}
}
// Add overrides for the bad certificates
function addCertOverride(host, bits) {
var req = new XMLHttpRequest();
try {
req.open("GET", "https://" + host + "/", false);
req.channel.notificationCallbacks = new CertOverrideListener(host, bits);
req.send(null);
}
catch (e) {
// This request will fail since the SSL server is not trusted yet
}
}

0
toolkit/mozapps/extensions/test/bug435743.sjs → toolkit/mozapps/extensions/test/browser/redirect.sjs
View File

5
toolkit/mozapps/extensions/test/bug435743.rdf
View File

@ -1,5 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<RDF:RDF xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
</RDF:RDF>

448
toolkit/mozapps/extensions/test/test_bug435743_1.xul
View File

@ -1,448 +0,0 @@
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
<!-- Tests that add-on updates correctly fail in the presence of invalid https -->
<window title="Bug 435743 Test"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="test();">
<script type="application/javascript"
src="chrome://mochikit/content/MochiKit/packed.js"/>
<script type="application/javascript"
src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
<script type="application/javascript">
<![CDATA[
const Cc = Components.classes;
const Ci = Components.interfaces;
const updaterdf = "chrome/toolkit/mozapps/extensions/test/bug435743.rdf";
const redirect = "chrome/toolkit/mozapps/extensions/test/bug435743.sjs?";
const PREFIX_NS_EM = "http://www.mozilla.org/2004/em-rdf#";
const PREFIX_ITEM_URI = "urn:mozilla:item:";
SimpleTest.waitForExplicitFinish();
var gAddons;
var gEMDS;
var gRDF;
// The test http server doesn't seem keen on responding to lots of simultaneous
// connections in a timely fashion, so this does one update check at a time.
function UpdateRunner(addons, checker) {
this.checker = checker;
this.results = [];
this.addons = addons;
this.pos = 0;
this.startNextUpdate();
}
UpdateRunner.prototype = {
checker: null,
results: null,
addons: null,
pos: null,
startNextUpdate: function() {
var em = Cc["@mozilla.org/extensions/manager;1"].
getService(Ci.nsIExtensionManager);
em.update([this.addons[this.pos]], 1,
Ci.nsIExtensionManager.UPDATE_NOTIFY_NEWVERSION, this);
},
onUpdateStarted: function() {
},
onUpdateEnded: function() {
try {
this.pos++;
if (this.pos < this.addons.length)
this.startNextUpdate();
else
this.checker(this.results);
}
catch (e) {
alert(e);
}
},
onAddonUpdateStarted: function(addon) {
},
onAddonUpdateEnded: function(addon, status) {
this.results[addon.id] = status;
}
};
function badCertListener(host, bits) {
this.host = host;
this.bits = bits;
}
badCertListener.prototype = {
host: null,
bits: null,
getInterface: function (aIID) {
return this.QueryInterface(aIID);
},
QueryInterface: function(aIID) {
if (aIID.equals(Ci.nsIBadCertListener2) ||
aIID.equals(Ci.nsIInterfaceRequestor) ||
aIID.equals(Ci.nsISupports))
return this;
throw Components.results.NS_ERROR_NO_INTERFACE;
},
notifyCertProblem: function (socketInfo, sslStatus, targetHost) {
cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
.serverCert;
var cos = Cc["@mozilla.org/security/certoverride;1"].
getService(Ci.nsICertOverrideService);
cos.rememberValidityOverride(this.host, -1, cert, this.bits, false);
return true;
}
}
// Add overrides for the bad certificates
function addCertOverrides() {
var req = new XMLHttpRequest();
try {
req.open("GET", "https://nocert.example.com/" + updaterdf, false);
req.channel.notificationCallbacks = new badCertListener("nocert.example.com",
Ci.nsICertOverrideService.ERROR_MISMATCH);
req.send(null);
}
catch (e) { }
try {
req = new XMLHttpRequest();
req.open("GET", "https://self-signed.example.com/" + updaterdf, false);
req.channel.notificationCallbacks = new badCertListener("self-signed.example.com",
Ci.nsICertOverrideService.ERROR_UNTRUSTED);
req.send(null);
}
catch (e) { }
try {
req = new XMLHttpRequest();
req.open("GET", "https://untrusted.example.com/" + updaterdf, false);
req.channel.notificationCallbacks = new badCertListener("untrusted.example.com",
Ci.nsICertOverrideService.ERROR_UNTRUSTED);
req.send(null);
}
catch (e) { }
try {
req = new XMLHttpRequest();
req.open("GET", "https://expired.example.com/" + updaterdf, false);
req.channel.notificationCallbacks = new badCertListener("expired.example.com",
Ci.nsICertOverrideService.ERROR_TIME);
req.send(null);
}
catch (e) { }
}
function makeAddon(id, updateURL) {
var item = Cc["@mozilla.org/updates/item;1"].
createInstance(Ci.nsIUpdateItem);
item.init("bug435743_" + id + "@tests.mozilla.org", "1.0", "app-profile",
null, null, "Test add-on " + id, null, null, null, updateURL,
null, Ci.nsIUpdateItem.TYPE_EXTENSION, null);
// This is enough to convince the extension manager this item is actually
// installed and so the update check can proceed
gEMDS.Assert(gRDF.GetResource(PREFIX_ITEM_URI + item.id),
gRDF.GetResource(PREFIX_NS_EM + "installLocation"),
gRDF.GetLiteral("app-profile"), true);
return item;
}
function test() {
var em = Cc["@mozilla.org/extensions/manager;1"].
getService(Ci.nsIExtensionManager);
gEMDS = em.datasource;
gRDF = Cc["@mozilla.org/rdf/rdf-service;1"].
getService(Ci.nsIRDFService);
gAddons = [
// Tests that a simple update.rdf retrieval works as expected.
makeAddon("1_1", "http://example.com/" + updaterdf),
makeAddon("1_2", "https://example.com/" + updaterdf),
makeAddon("1_3", "https://nocert.example.com/" + updaterdf),
makeAddon("1_4", "https://self-signed.example.com/" + updaterdf),
makeAddon("1_5", "https://untrusted.example.com/" + updaterdf),
makeAddon("1_6", "https://expired.example.com/" + updaterdf),
// Tests that redirecting from http to other servers works as expected
makeAddon("2_1", "http://example.com/" + redirect + "http://example.com/" + updaterdf),
makeAddon("2_2", "http://example.com/" + redirect + "https://example.com/" + updaterdf),
makeAddon("2_3", "http://example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
makeAddon("2_4", "http://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
makeAddon("2_5", "http://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
makeAddon("2_6", "http://example.com/" + redirect + "https://expired.example.com/" + updaterdf),
// Tests that redirecting from valid https to other servers works as expected
makeAddon("3_1", "https://example.com/" + redirect + "http://example.com/" + updaterdf),
makeAddon("3_2", "https://example.com/" + redirect + "https://example.com/" + updaterdf),
makeAddon("3_3", "https://example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
makeAddon("3_4", "https://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
makeAddon("3_5", "https://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
makeAddon("3_6", "https://example.com/" + redirect + "https://expired.example.com/" + updaterdf),
// Tests that redirecting from nocert https to other servers works as expected
makeAddon("4_1", "https://nocert.example.com/" + redirect + "http://example.com/" + updaterdf),
makeAddon("4_2", "https://nocert.example.com/" + redirect + "https://example.com/" + updaterdf),
makeAddon("4_3", "https://nocert.example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
makeAddon("4_4", "https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
makeAddon("4_5", "https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
makeAddon("4_6", "https://nocert.example.com/" + redirect + "https://expired.example.com/" + updaterdf),
// Tests that redirecting from self-signed https to other servers works as expected
makeAddon("5_1", "https://self-signed.example.com/" + redirect + "http://example.com/" + updaterdf),
makeAddon("5_2", "https://self-signed.example.com/" + redirect + "https://example.com/" + updaterdf),
makeAddon("5_3", "https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
makeAddon("5_4", "https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
makeAddon("5_5", "https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
makeAddon("5_6", "https://self-signed.example.com/" + redirect + "https://expired.example.com/" + updaterdf),
// Tests that redirecting from untrusted https to other servers works as expected
makeAddon("6_1", "https://untrusted.example.com/" + redirect + "http://example.com/" + updaterdf),
makeAddon("6_2", "https://untrusted.example.com/" + redirect + "https://example.com/" + updaterdf),
makeAddon("6_3", "https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
makeAddon("6_4", "https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
makeAddon("6_5", "https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
makeAddon("6_6", "https://untrusted.example.com/" + redirect + "https://expired.example.com/" + updaterdf),
// Tests that redirecting from expired https to other servers works as expected
makeAddon("7_1", "https://expired.example.com/" + redirect + "http://example.com/" + updaterdf),
makeAddon("7_2", "https://expired.example.com/" + redirect + "https://example.com/" + updaterdf),
makeAddon("7_3", "https://expired.example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
makeAddon("7_4", "https://expired.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
makeAddon("7_5", "https://expired.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
makeAddon("7_6", "https://expired.example.com/" + redirect + "https://expired.example.com/" + updaterdf)
];
new UpdateRunner(gAddons, check_pt_1);
}
function finish() {
// Remove the hacked entries from the datasource.
for (let i = 0; i < gAddons.length; i++) {
gEMDS.Unassert(gRDF.GetResource(PREFIX_ITEM_URI + gAddons[i].id),
gRDF.GetResource(PREFIX_NS_EM + "installLocation"),
gRDF.GetLiteral("app-profile"), true);
}
var cos = Cc["@mozilla.org/security/certoverride;1"].
getService(Ci.nsICertOverrideService);
cos.clearValidityOverride("nocert.example.com", -1);
cos.clearValidityOverride("self-signed.example.com", -1);
cos.clearValidityOverride("untrusted.example.com", -1);
cos.clearValidityOverride("expired.example.com", -1);
SimpleTest.finish();
}
function check_pt_1(gResults) {
is(gResults["bug435743_1_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http update url");
is(gResults["bug435743_1_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https update url from a non built-in CA");
is(gResults["bug435743_1_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for nocert https update url");
is(gResults["bug435743_1_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for self-signed https update url");
is(gResults["bug435743_1_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for untrusted https update url");
is(gResults["bug435743_1_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for expired https update url");
is(gResults["bug435743_2_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to http redirect");
is(gResults["bug435743_2_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to https redirect for a non built-in CA");
is(gResults["bug435743_2_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a http to nocert https redirect");
is(gResults["bug435743_2_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a http to self-signed https redirect");
is(gResults["bug435743_2_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a http to untrusted https update url");
is(gResults["bug435743_3_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a http to expired https update url");
is(gResults["bug435743_3_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to http redirect");
is(gResults["bug435743_3_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to https redirect for a non build-in CA");
is(gResults["bug435743_3_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to nocert https redirect");
is(gResults["bug435743_3_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to self-signed https redirect");
is(gResults["bug435743_3_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to untrusted https redirect");
is(gResults["bug435743_3_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to expired https redirect");
is(gResults["bug435743_4_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to http redirect");
is(gResults["bug435743_4_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to https redirect");
is(gResults["bug435743_4_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to nocert https redirect");
is(gResults["bug435743_4_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to self-signed https redirect");
is(gResults["bug435743_4_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to untrusted https redirect");
is(gResults["bug435743_4_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to expired https redirect");
is(gResults["bug435743_5_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to http redirect");
is(gResults["bug435743_5_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to https redirect");
is(gResults["bug435743_5_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to nocert https redirect");
is(gResults["bug435743_5_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to self-signed https redirect");
is(gResults["bug435743_5_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to untrusted https redirect");
is(gResults["bug435743_5_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to expired https redirect");
is(gResults["bug435743_6_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to http redirect");
is(gResults["bug435743_6_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to https redirect");
is(gResults["bug435743_6_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to nocert https redirect");
is(gResults["bug435743_6_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to self-signed https redirect");
is(gResults["bug435743_6_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to untrusted https redirect");
is(gResults["bug435743_6_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to expired https redirect");
is(gResults["bug435743_7_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to http redirect");
is(gResults["bug435743_7_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to https redirect");
is(gResults["bug435743_7_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to nocert https redirect");
is(gResults["bug435743_7_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to self-signed https redirect");
is(gResults["bug435743_7_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to untrusted https redirect");
is(gResults["bug435743_7_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to expired https redirect");
addCertOverrides()
new UpdateRunner(gAddons, check_pt_2);
}
function check_pt_2(gResults) {
is(gResults["bug435743_1_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http update url");
is(gResults["bug435743_1_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https update url from a non built-in CA");
is(gResults["bug435743_1_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for nocert https update url");
is(gResults["bug435743_1_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for self-signed https update url");
is(gResults["bug435743_1_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for untrusted https update url");
is(gResults["bug435743_1_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for expired https update url");
// Note that redirects from insecure http to broken https with exceptions is
// allowed. They were insecure to start with so things can't get any worse
is(gResults["bug435743_2_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to http redirect");
is(gResults["bug435743_2_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to https redirect for a non built-in CA");
is(gResults["bug435743_2_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to nocert https redirect");
is(gResults["bug435743_2_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to self-signed https redirect");
is(gResults["bug435743_2_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to untrusted https update url");
is(gResults["bug435743_2_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
"Should have seen no failure for a http to expired https update url");
is(gResults["bug435743_3_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to http redirect");
is(gResults["bug435743_3_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to https redirect for a non built-in CA");
is(gResults["bug435743_3_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to nocert https redirect");
is(gResults["bug435743_3_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to self-signed https redirect");
is(gResults["bug435743_3_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to untrusted https redirect");
is(gResults["bug435743_3_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a https to expired https redirect");
is(gResults["bug435743_4_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to http redirect");
is(gResults["bug435743_4_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to https redirect");
is(gResults["bug435743_4_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to nocert https redirect");
is(gResults["bug435743_4_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to self-signed https redirect");
is(gResults["bug435743_4_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to untrusted https redirect");
is(gResults["bug435743_4_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a nocert https to expired https redirect");
is(gResults["bug435743_5_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to http redirect");
is(gResults["bug435743_5_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to https redirect");
is(gResults["bug435743_5_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to nocert https redirect");
is(gResults["bug435743_5_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to self-signed https redirect");
is(gResults["bug435743_5_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to untrusted https redirect");
is(gResults["bug435743_5_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a self-signed https to expired https redirect");
is(gResults["bug435743_6_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to http redirect");
is(gResults["bug435743_6_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to https redirect");
is(gResults["bug435743_6_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to nocert https redirect");
is(gResults["bug435743_6_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to self-signed https redirect");
is(gResults["bug435743_6_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to untrusted https redirect");
is(gResults["bug435743_6_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a untrusted https to expired https redirect");
is(gResults["bug435743_7_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to http redirect");
is(gResults["bug435743_7_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to https redirect");
is(gResults["bug435743_7_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to nocert https redirect");
is(gResults["bug435743_7_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to self-signed https redirect");
is(gResults["bug435743_7_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to untrusted https redirect");
is(gResults["bug435743_7_6@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
"Should have seen a failure for a expired https to expired https redirect");
finish();
}
]]>
</script>
<body xmlns="http://www.w3.org/1999/xhtml">
<p id="display"></p>
<div id="content" style="display: none"></div>
<pre id="test"></pre>
</body>
</window>

277
toolkit/mozapps/extensions/test/test_bug435743_2.xul
View File

@ -1,277 +0,0 @@
<?xml version="1.0"?>
<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
<!-- Tests that add-on installs correctly fail in the presence of invalid https -->
<window title="Bug 435743 Test"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="run_test_1();">
<script type="application/javascript"
src="chrome://mochikit/content/MochiKit/packed.js"/>
<script type="application/javascript"
src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
<script type="application/javascript">
<![CDATA[
const Cc = Components.classes;
const Ci = Components.interfaces;
const xpi = "chrome/toolkit/mozapps/extensions/test/bug435743.xpi";
const redirect = "chrome/toolkit/mozapps/extensions/test/bug435743.sjs?";
const SUCCESS = 0;
const DOWNLOAD_ERROR = -228;
SimpleTest.waitForExplicitFinish();
function badCertListener(host, bits) {
this.host = host;
this.bits = bits;
}
badCertListener.prototype = {
host: null,
bits: null,
getInterface: function (aIID) {
return this.QueryInterface(aIID);
},
QueryInterface: function(aIID) {
if (aIID.equals(Ci.nsIBadCertListener2) ||
aIID.equals(Ci.nsIInterfaceRequestor) ||
aIID.equals(Ci.nsISupports))
return this;
throw Components.results.NS_ERROR_NO_INTERFACE;
},
notifyCertProblem: function (socketInfo, sslStatus, targetHost) {
cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
.serverCert;
var cos = Cc["@mozilla.org/security/certoverride;1"].
getService(Ci.nsICertOverrideService);
cos.rememberValidityOverride(this.host, -1, cert, this.bits, false);
return true;
}
}
// Add overrides for the bad certificates
function addCertOverrides() {
var req = new XMLHttpRequest();
try {
req.open("GET", "https://nocert.example.com/" + xpi, false);
req.channel.notificationCallbacks = new badCertListener("nocert.example.com",
Ci.nsICertOverrideService.ERROR_MISMATCH);
req.send(null);
}
catch (e) { }
try {
req = new XMLHttpRequest();
req.open("GET", "https://self-signed.example.com/" + xpi, false);
req.channel.notificationCallbacks = new badCertListener("self-signed.example.com",
Ci.nsICertOverrideService.ERROR_UNTRUSTED);
req.send(null);
}
catch (e) { }
try {
req = new XMLHttpRequest();
req.open("GET", "https://untrusted.example.com/" + xpi, false);
req.channel.notificationCallbacks = new badCertListener("untrusted.example.com",
Ci.nsICertOverrideService.ERROR_UNTRUSTED);
req.send(null);
}
catch (e) { }
try {
req = new XMLHttpRequest();
req.open("GET", "https://expired.example.com/" + xpi, false);
req.channel.notificationCallbacks = new badCertListener("expired.example.com",
Ci.nsICertOverrideService.ERROR_TIME);
req.send(null);
}
catch (e) { }
}
function XPIInstaller(urls, nextTest) {
this.urls = urls;
this.pos = 0;
this.nextTest = nextTest;
this.installNextAddon();
}
XPIInstaller.prototype = {
urls: null,
pos: null,
nextTest: null,
installNextAddon: function() {
var manager = Cc["@mozilla.org/xpinstall/install-manager;1"].
createInstance(Ci.nsIXPInstallManager);
manager.initManagerFromChrome([this.urls[this.pos].url], 1, this);
},
onProgress: function(index, value, maxValue) {
},
onStateChange: function(index, state, value) {
if (state == Ci.nsIXPIProgressDialog.INSTALL_DONE) {
is(value, this.urls[this.pos].expected, "Expected the right state for " + this.urls[this.pos].url);
}
else if (state == Ci.nsIXPIProgressDialog.DIALOG_CLOSE) {
var em = Cc["@mozilla.org/extensions/manager;1"].
getService(Ci.nsIExtensionManager);
em.cancelInstallItem("bug435743@tests.mozilla.org");
this.pos++;
if (this.pos < this.urls.length)
this.installNextAddon();
else
this.nextTest();
}
}
};
function run_test_1() {
var urls = [
// Tests that a simple xpi retrieval works as expected.
{ url: "http://example.com/" + xpi, expected: SUCCESS },
{ url: "https://example.com/" + xpi, expected: DOWNLOAD_ERROR }, // Fails because non-built in CAs aren't allowed
{ url: "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from http to other servers works as expected
{ url: "http://example.com/" + redirect + "http://example.com/" + xpi, expected: SUCCESS },
{ url: "http://example.com/" + redirect + "https://example.com/" + xpi, expected: SUCCESS },
{ url: "http://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "http://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "http://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "http://example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from valid https to other servers works as expected
{ url: "https://example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR }, // Fails because non-built in CAs aren't allowed
{ url: "https://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from nocert https to other servers works as expected
{ url: "https://nocert.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from self-signed https to other servers works as expected
{ url: "https://self-signed.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from untrusted https to other servers works as expected
{ url: "https://untrusted.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from https to other servers works as expected
{ url: "https://expired.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR }
];
new XPIInstaller(urls, run_test_2);
}
function run_test_2() {
addCertOverrides();
var urls = [
// Tests that a simple xpi retrieval works as expected.
{ url: "http://example.com/" + xpi, expected: SUCCESS },
{ url: "https://example.com/" + xpi, expected: DOWNLOAD_ERROR }, // Fails because non-built in CAs aren't allowed
{ url: "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from http to other servers works as expected
// These should all succeed, the url redirected to isn't any less secure than the original insecure http.
{ url: "http://example.com/" + redirect + "http://example.com/" + xpi, expected: SUCCESS },
{ url: "http://example.com/" + redirect + "https://example.com/" + xpi, expected: SUCCESS },
{ url: "http://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: SUCCESS },
{ url: "http://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: SUCCESS },
{ url: "http://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: SUCCESS },
{ url: "http://example.com/" + redirect + "https://expired.example.com/" + xpi, expected: SUCCESS },
// Tests that redirecting from valid https to other servers works as expected
{ url: "https://example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR }, // Fails because non-built in CAs aren't allowed
{ url: "https://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from nocert https to other servers works as expected
{ url: "https://nocert.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://nocert.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from self-signed https to other servers works as expected
{ url: "https://self-signed.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://self-signed.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from untrusted https to other servers works as expected
{ url: "https://untrusted.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://untrusted.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR },
// Tests that redirecting from https to other servers works as expected
{ url: "https://expired.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
{ url: "https://expired.example.com/" + redirect + "https://expired.example.com/" + xpi, expected: DOWNLOAD_ERROR }
];
new XPIInstaller(urls, finish);
}
function finish() {
var cos = Cc["@mozilla.org/security/certoverride;1"].
getService(Ci.nsICertOverrideService);
cos.clearValidityOverride("nocert.example.com", -1);
cos.clearValidityOverride("self-signed.example.com", -1);
cos.clearValidityOverride("untrusted.example.com", -1);
cos.clearValidityOverride("expired.example.com", -1);
SimpleTest.finish();
}
]]>
</script>
<body xmlns="http://www.w3.org/1999/xhtml">
<p id="display"></p>
<div id="content" style="display: none"></div>
<pre id="test"></pre>
</body>
</window>