mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-01 17:23:59 +00:00
Bug 910207 - Test that speculative connect is not enabled when there is a user cert installed (https only) r=mak
MozReview-Commit-ID: 1A2vvkPdPA7 --HG-- rename : browser/base/content/test/urlbar/browser_urlbar_search_speculative_connect_mousedown.js => browser/base/content/test/urlbar/browser_urlbar_search_no_speculative_connect_with_client_cert.js extra : rebase_source : c9dea67bec1b3f3c2a30426b4fd16c3ac135755f
This commit is contained in:
parent
7822c999e1
commit
b346e0794e
@ -120,6 +120,7 @@ support-files =
|
||||
searchSuggestionEngine2.xml
|
||||
searchSuggestionEngine.sjs
|
||||
[browser_urlbar_search_speculative_connect_mousedown.js]
|
||||
[browser_urlbar_search_no_speculative_connect_with_client_cert.js]
|
||||
[browser_urlbar_stop_pending.js]
|
||||
support-files =
|
||||
slow-page.sjs
|
||||
|
@ -0,0 +1,181 @@
|
||||
/* eslint-disable mozilla/no-arbitrary-setTimeout */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
"use strict";
|
||||
|
||||
// Tests that we don't speculatively connect when user certificates are installed
|
||||
|
||||
const { MockRegistrar } =
|
||||
Cu.import("resource://testing-common/MockRegistrar.jsm", {});
|
||||
|
||||
const certService = Cc["@mozilla.org/security/local-cert-service;1"]
|
||||
.getService(Ci.nsILocalCertService);
|
||||
const certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
|
||||
.getService(Ci.nsICertOverrideService);
|
||||
|
||||
const host = "localhost";
|
||||
let uri;
|
||||
let handshakeDone = false;
|
||||
let expectingChooseCertificate = false;
|
||||
let chooseCertificateCalled = false;
|
||||
|
||||
const clientAuthDialogs = {
|
||||
chooseCertificate(ctx, hostname, port, organization, issuerOrg, certList,
|
||||
selectedIndex) {
|
||||
ok(expectingChooseCertificate,
|
||||
`${expectingChooseCertificate ? "" : "not "}expecting chooseCertificate to be called`);
|
||||
is(certList.length, 1, "should have only one client certificate available");
|
||||
selectedIndex.value = 0;
|
||||
chooseCertificateCalled = true;
|
||||
return true;
|
||||
},
|
||||
|
||||
QueryInterface: XPCOMUtils.generateQI([Ci.nsIClientAuthDialogs]),
|
||||
};
|
||||
|
||||
function startServer(cert) {
|
||||
let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"]
|
||||
.createInstance(Ci.nsITLSServerSocket);
|
||||
tlsServer.init(-1, true, -1);
|
||||
tlsServer.serverCert = cert;
|
||||
|
||||
let input, output;
|
||||
|
||||
let listener = {
|
||||
onSocketAccepted(socket, transport) {
|
||||
info("Accepted TLS client connection");
|
||||
let connectionInfo = transport.securityInfo
|
||||
.QueryInterface(Ci.nsITLSServerConnectionInfo);
|
||||
connectionInfo.setSecurityObserver(listener);
|
||||
input = transport.openInputStream(0, 0, 0);
|
||||
output = transport.openOutputStream(0, 0, 0);
|
||||
},
|
||||
|
||||
onHandshakeDone(socket, status) {
|
||||
info("TLS handshake done");
|
||||
handshakeDone = true;
|
||||
|
||||
input.asyncWait({
|
||||
onInputStreamReady(readyInput) {
|
||||
try {
|
||||
let request = NetUtil.readInputStreamToString(readyInput,
|
||||
readyInput.available());
|
||||
ok(request.startsWith("GET /") && request.includes("HTTP/1.1"),
|
||||
"expecting an HTTP/1.1 GET request");
|
||||
let response = "HTTP/1.1 200 OK\r\nContent-Type:text/plain\r\n" +
|
||||
"Connection:Close\r\nContent-Length:2\r\n\r\nOK";
|
||||
output.write(response, response.length);
|
||||
} catch (e) {
|
||||
// This will fail when we close the speculative connection.
|
||||
}
|
||||
}
|
||||
}, 0, 0, Services.tm.currentThread);
|
||||
},
|
||||
|
||||
onStopListening() {
|
||||
info("onStopListening");
|
||||
input.close();
|
||||
output.close();
|
||||
}
|
||||
};
|
||||
|
||||
tlsServer.setSessionCache(false);
|
||||
tlsServer.setSessionTickets(false);
|
||||
tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_ALWAYS);
|
||||
|
||||
tlsServer.asyncListen(listener);
|
||||
|
||||
return tlsServer;
|
||||
}
|
||||
|
||||
let server;
|
||||
|
||||
add_task(async function setup() {
|
||||
await SpecialPowers.pushPrefEnv({
|
||||
set: [["browser.urlbar.autoFill", true],
|
||||
// Turn off search suggestion so we won't speculative connect to the search engine.
|
||||
["browser.search.suggest.enabled", false],
|
||||
["browser.urlbar.speculativeConnect.enabled", true],
|
||||
// In mochitest this number is 0 by default but we have to turn it on.
|
||||
["network.http.speculative-parallel-limit", 6],
|
||||
// The http server is using IPv4, so it's better to disable IPv6 to avoid weird
|
||||
// networking problem.
|
||||
["network.dns.disableIPv6", true],
|
||||
["security.default_personal_cert", "Ask Every Time"]],
|
||||
});
|
||||
|
||||
let clientAuthDialogsCID =
|
||||
MockRegistrar.register("@mozilla.org/nsClientAuthDialogs;1",
|
||||
clientAuthDialogs);
|
||||
|
||||
let cert = await new Promise((resolve, reject) => {
|
||||
certService.getOrCreateCert("speculative-connect", {
|
||||
handleCert(c, rv) {
|
||||
if (!Components.isSuccessCode(rv)) {
|
||||
reject(rv);
|
||||
return;
|
||||
}
|
||||
resolve(c);
|
||||
}
|
||||
});
|
||||
});
|
||||
server = startServer(cert);
|
||||
uri = `https://${host}:${server.port}/`;
|
||||
info(`running tls server at ${uri}`);
|
||||
await PlacesTestUtils.addVisits([{
|
||||
uri,
|
||||
title: "test visit for speculative connection",
|
||||
transition: Ci.nsINavHistoryService.TRANSITION_TYPED,
|
||||
}]);
|
||||
|
||||
let overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
|
||||
Ci.nsICertOverrideService.ERROR_MISMATCH;
|
||||
certOverrideService.rememberValidityOverride("localhost", server.port, cert,
|
||||
overrideBits, true);
|
||||
|
||||
registerCleanupFunction(async function() {
|
||||
await PlacesUtils.history.clear();
|
||||
MockRegistrar.unregister(clientAuthDialogsCID);
|
||||
certOverrideService.clearValidityOverride("localhost", server.port);
|
||||
});
|
||||
});
|
||||
|
||||
add_task(async function popup_mousedown_no_client_cert_dialog_until_navigate_test() {
|
||||
const test = {
|
||||
// To not trigger autofill, search keyword starts from the second character.
|
||||
search: host.substr(1, 4),
|
||||
completeValue: uri
|
||||
};
|
||||
info(`Searching for '${test.search}'`);
|
||||
await promiseAutocompleteResultPopup(test.search, window, true);
|
||||
let controller = gURLBar.popup.input.controller;
|
||||
// The first item should be 'Search with ...' thus we want the second.
|
||||
let value = controller.getFinalCompleteValueAt(1);
|
||||
info(`The value of the second item is ${value}`);
|
||||
is(value, test.completeValue, "The second item has the url we visited.");
|
||||
|
||||
await BrowserTestUtils.waitForCondition(() => {
|
||||
return !!gURLBar.popup.richlistbox.childNodes[1] &&
|
||||
is_visible(gURLBar.popup.richlistbox.childNodes[1]);
|
||||
}, "the node is there.");
|
||||
|
||||
expectingChooseCertificate = false;
|
||||
let listitem = gURLBar.popup.richlistbox.childNodes[1];
|
||||
EventUtils.synthesizeMouseAtCenter(listitem, {type: "mousedown"}, window);
|
||||
is(gURLBar.popup.richlistbox.selectedIndex, 1, "The second item is selected");
|
||||
|
||||
// We shouldn't have triggered a speculative connection, because a client
|
||||
// certificate is installed.
|
||||
SimpleTest.requestFlakyTimeout("Wait for UI");
|
||||
await new Promise(resolve => setTimeout(resolve, 200));
|
||||
|
||||
// Now mouseup, expect that we choose a client certificate, and expect that
|
||||
// we successfully load a page.
|
||||
expectingChooseCertificate = true;
|
||||
EventUtils.synthesizeMouseAtCenter(listitem, {type: "mouseup"}, window);
|
||||
await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
|
||||
ok(chooseCertificateCalled, "chooseCertificate must have been called");
|
||||
server.close();
|
||||
});
|
Loading…
Reference in New Issue
Block a user