Bug 1919469 - Throw an exception when a certificate error is encountered during account set-up. r=#thunderbird-reviewers

There's an exception thrown here for other types of connection errors. The error handler logs a
message to the console which can be useful for debugging setup errors.

Differential Revision: https://phabricator.services.mozilla.com/D222592

mail/components/accountcreation/modules/GuessConfig.sys.mjs

@@ -3,12 +3,19 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 import { AccountCreationUtils } from "resource:///modules/accountcreation/AccountCreationUtils.sys.mjs";
+import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";
 
 const lazy = {};
 ChromeUtils.defineESModuleGetters(lazy, {
   AccountConfig: "resource:///modules/accountcreation/AccountConfig.sys.mjs",
   Sanitizer: "resource:///modules/accountcreation/Sanitizer.sys.mjs",
 });
+XPCOMUtils.defineLazyServiceGetter(
+  lazy,
+  "nssErrorsService",
+  "@mozilla.org/nss_errors_service;1",
+  Ci.nsINSSErrorsService
+);
 
 import { setTimeout } from "resource://gre/modules/Timer.sys.mjs";
 
@@ -1201,11 +1208,8 @@ function SocketUtil(
         // Did it fail because of a bad certificate?
         let isCertError = false;
         if (!Components.isSuccessCode(status)) {
-          const nssErrorsService = Cc[
-            "@mozilla.org/nss_errors_service;1"
-          ].getService(Ci.nsINSSErrorsService);
           try {
-            const errorType = nssErrorsService.getErrorClass(status);
+            const errorType = lazy.nssErrorsService.getErrorClass(status);
             if (errorType == Ci.nsINSSErrorsService.ERROR_CLASS_BAD_CERT) {
               isCertError = true;
             }
@@ -1224,6 +1228,12 @@ function SocketUtil(
             gAccountSetupLogger.info(
               `Bad (overridable) certificate for ${hostname}:${port}. Set mailnews.auto_config.guess.requireGoodCert to false to allow detecting this as a valid SSL/TLS configuration`
             );
+
+            // Report to the error callback.
+            const errorMessage = lazy.nssErrorsService.getErrorMessage(status);
+            throw new Error(
+              `Connection to ${hostname}:${port} failed: ${errorMessage}`
+            );
           } else {
             const socketTransport = transport.QueryInterface(
               Ci.nsISocketTransport

mail/components/accountcreation/test/xpcshell/test_guessConfig.js

@@ -156,8 +156,13 @@ add_task(async function testSocketUtilIMAPExpiredCert1() {
     Ci.nsMsgSocketType.SSL,
     imapCommands
   );
-  const response = await promise;
-  Assert.equal(response, null);
+  await Assert.rejects(
+    promise,
+    ({ message }) =>
+      message.includes("Connection to expired.test.test:993 failed") &&
+      message.includes("Peer\u2019s Certificate has expired"),
+    "TLS connection error should cause an exception"
+  );
   Assert.ok(!sslErrors._gotCertError);
 
   Assert.ok(
@@ -248,8 +253,15 @@ add_task(async function testSocketUtilIMAPMistmatchedCert1() {
     Ci.nsMsgSocketType.SSL,
     imapCommands
   );
-  const response = await promise;
-  Assert.equal(response, null);
+  await Assert.rejects(
+    promise,
+    ({ message }) =>
+      message.includes("Connection to mitm.test.test:993 failed") &&
+      message.includes(
+        "domain name does not match the server\u2019s certificate"
+      ),
+    "TLS connection error should cause an exception"
+  );
   Assert.ok(!sslErrors._gotCertError);
 
   Assert.ok(