Bug 413909 - nsCertOverrideService IDN handling is broken; tests; r=kaie

build/pgo/certs/Makefile.in

@@ -48,6 +48,7 @@ _CERTS_DIR = $(_PROFILE_DIR)/certs
 
 # Extension of files must be '.server'
 _SERVER_CERTS = \
+    bug413909cert.server \
     $(NULL)
 
 # Extension of files must be '.ca'

build/pgo/server-locations.txt

@@ -129,6 +129,9 @@ https://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:443   privileged
 http://xn--hxajbheg2az3al.xn--jxalpdlp:80        privileged
 http://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:80   privileged
 
+# Bug 413909 test host
+https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp:443   privileged,cert=bug413909cert
+
 #
 # These hosts are used in tests which exercise privilege-granting functionality;
 # we could reuse some of the names above, but specific names make it easier to

security/manager/ssl/Makefile.in

@@ -42,8 +42,6 @@ srcdir		= @srcdir@
 VPATH		= @srcdir@
 
 MODULE		= pipnss
-DIRS		= src public
-
-XPCSHELL_TESTS  = tests
+DIRS		  = src public tests
 
 include $(topsrcdir)/config/rules.mk

security/manager/ssl/tests/Makefile.in

@@ -0,0 +1,48 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Jan Bambas <honzab@firemni.cz>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+DEPTH		= ../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+
+MODULE		= pipnss
+DIRS		= mochitest
+XPCSHELL_TESTS  = unit
+
+include $(topsrcdir)/config/rules.mk

security/manager/ssl/tests/mochitest/Makefile.in

@@ -0,0 +1,53 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+# Mozilla Foundation.
+# Portions created by the Initial Developer are Copyright (C) 2007
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#   Jan Bambas <honzab@firemni.cz>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either of the GNU General Public License Version 2 or later (the "GPL"),
+# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+DEPTH		= ../../../../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+relativesrcdir	= security/ssl
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+_CHROME_FILES	= \
+    test_bug413909.html \
+		$(NULL)
+
+libs:: $(_CHROME_FILES)
+	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)

security/manager/ssl/tests/mochitest/test_bug413909.html

@@ -0,0 +1,139 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Test bug 413909</title>
+  <script type="text/javascript" src="chrome://mochikit/content/MochiKit/packed.js"></script>
+  <script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>        
+  <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css" />
+</head>
+<body onload="onWindowLoad()">
+
+<iframe name="frame1" src="https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp/" onload="onFrameLoad()"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+var certOverrideService = Components.classes["@mozilla.org/security/certoverride;1"]
+  .getService(Components.interfaces.nsICertOverrideService);
+var cert = null;
+var certListener = null;
+var frameLoadTimeout = null;
+
+SimpleTest.waitForExplicitFinish();
+
+function badCertListener() 
+{
+}
+
+badCertListener.prototype = {
+  exceptionAdded: false,
+
+  getInterface: function (aIID) {
+    return this.QueryInterface(aIID);
+  },
+
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Components.interfaces.nsIBadCertListener2) ||
+        aIID.equals(Components.interfaces.nsIInterfaceRequestor) ||
+        aIID.equals(Components.interfaces.nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  },  
+
+  notifyCertProblem: function MSR_notifyCertProblem(socketInfo, sslStatus, targetHost) {
+    cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
+      .serverCert;
+
+    certOverrideService.rememberValidityOverride(
+      "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+      -1,
+      cert,
+      certOverrideService.ERROR_UNTRUSTED,
+      false);
+
+    this.exceptionAdded = true;
+    return true;
+  }
+}
+
+function apiTest(expected)
+{
+  var has;
+  var bits = {}, temp = {};
+
+  has = certOverrideService.hasMatchingOverride(
+      "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", 
+      -1, cert, bits, temp);
+  is(has, expected, "hasMatchingOverride "+expected+" for default port value");
+
+  has = certOverrideService.hasMatchingOverride(
+      "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", 
+      443, cert, bits, temp);
+  is(has, expected, "hasMatchingOverride "+expected+" for explicit port value");
+
+  has = certOverrideService.hasMatchingOverride(
+      "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", 
+      563, cert, bits, temp);
+  ok(!has, "hasMatchingOverride false for invalid port value");
+
+  has = certOverrideService.hasMatchingOverride(
+      window.frame1.location.hostname, 
+      -1, cert, bits, temp);
+  ok(!has, "hasMatchingOverride false for default port value and non-ascii host");
+
+  has = certOverrideService.hasMatchingOverride(
+      window.frame1.location.hostname, 
+      443, cert, bits, temp);
+  ok(!has, "hasMatchingOverride false for explicit port value and non-ascii host");
+
+  has = certOverrideService.hasMatchingOverride(
+      window.frame1.location.hostname, 
+      563, cert, bits, temp);
+  ok(!has, "hasMatchingOverride false for invalid port value and non-ascii host");
+}
+
+function onFrameLoad()
+{
+  ok(certListener.exceptionAdded, "Secure page loaded after exception was added and not sooner");
+  if (!certListener.exceptionAdded)
+    return;
+
+  apiTest(true);
+  certOverrideService.clearValidityOverride(
+    "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", -1);
+  apiTest(false);
+
+  clearTimeout(frameLoadTimeout);
+  SimpleTest.finish();
+}
+
+function onWindowLoad()
+{
+  var req = new XMLHttpRequest();
+  try
+  {
+    certListener = new badCertListener();
+
+    req.open("GET", "https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp/", false);
+    req.channel.notificationCallbacks = certListener;
+    req.send(null);
+  }
+  catch(ex)
+  {
+    // ignore
+  }
+
+  // There is no error event indicating frame load error,
+  // simulate using timeout.
+  frameLoadTimeout = setTimeout(function() 
+  {
+    ok(false, "Secure page did not load, adding exception failed?");
+    SimpleTest.finish();
+  }, 5000);
+
+  window.frame1.location.reload();
+}
+
+</script>
+</body>
+</html>