security/manager/ssl/tests/mochitest/browser/browser_clientAuth_speculative_connection.js

   1 /* eslint-disable mozilla/no-arbitrary-setTimeout */
   2 /* This Source Code Form is subject to the terms of the Mozilla Public
   3  * License, v. 2.0. If a copy of the MPL was not distributed with this
   4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   5
   6 "use strict";
   7
   8 // Tests that with speculative connections enabled, connections to servers that
   9 // request a client authentication certificate succeed (the specific bug that
  10 // was addressed with this patch involved navigation hanging because the
  11 // connection to the server couldn't make progress without asking for a client
  12 // authentication certificate, but it also wouldn't ask for a client
  13 // authentication certificate until the connection had been claimed, which
  14 // required that it make progress first).
  15
  16 const { MockRegistrar } = ChromeUtils.importESModule(
  17   "resource://testing-common/MockRegistrar.sys.mjs"
  18 );
  19
  20 const TEST_PATH = getRootDirectory(gTestPath).replace(
  21   "chrome://mochitests/content",
  22   "https://example.com"
  23 );
  24
  25 let chooseCertificateCalled = false;
  26
  27 const clientAuthDialogService = {
  28   chooseCertificate(hostname, certArray, loadContext, callback) {
  29     is(
  30       certArray.length,
  31       1,
  32       "should have only one client certificate available"
  33     );
  34     ok(
  35       !chooseCertificateCalled,
  36       "chooseCertificate should only be called once"
  37     );
  38     chooseCertificateCalled = true;
  39     callback.certificateChosen(certArray[0], false);
  40   },
  41
  42   QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogService"]),
  43 };
  44
  45 add_setup(async function () {
  46   await SpecialPowers.pushPrefEnv({
  47     set: [
  48       // Enable speculative connections.
  49       ["network.http.speculative-parallel-limit", 6],
  50       // Always ask to select a client authentication certificate.
  51       ["security.default_personal_cert", "Ask Every Time"],
  52     ],
  53   });
  54   let clientAuthDialogServiceCID = MockRegistrar.register(
  55     "@mozilla.org/security/ClientAuthDialogService;1",
  56     clientAuthDialogService
  57   );
  58   registerCleanupFunction(async function () {
  59     MockRegistrar.unregister(clientAuthDialogServiceCID);
  60   });
  61 });
  62
  63 add_task(
  64   async function test_no_client_auth_selection_dialog_for_speculative_connections() {
  65     await BrowserTestUtils.withNewTab(
  66       `${TEST_PATH}browser_clientAuth_speculative_connection.html`,
  67       async browser => {
  68         // Click the link to navigate to a page that requests a client
  69         // authentication certificate. Necko will make a speculative
  70         // connection, but unfortunately there's no event or notification to
  71         // observe. This test ensures that the navigation succeeds and that a
  72         // client authentication certificate was requested.
  73         let loaded = BrowserTestUtils.browserLoaded(
  74           browser,
  75           false,
  76           "https://requireclientcert.example.com/"
  77         );
  78         await BrowserTestUtils.synthesizeMouseAtCenter("#link", {}, browser);
  79         await loaded;
  80         ok(chooseCertificateCalled, "chooseCertificate must have been called");
  81       }
  82     );
  83   }
  84 );