Bug 1919469 - Throw an exception when a certificate error is encountered during account set-up. r=#thunderbird-reviewers

There's an exception thrown here for other types of connection errors. The error handler logs a message to the console which can be useful for debugging setup errors. Differential Revision: https://phabricator.services.mozilla.com/D222592
2024-09-18 09:31:54 +00:00 · 2024-09-18 09:31:54 +00:00 · 6ddc777114
--- a/mail/components/accountcreation/modules/GuessConfig.sys.mjs
+++ b/mail/components/accountcreation/modules/GuessConfig.sys.mjs
@ -3,12 +3,19 @@
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

 import { AccountCreationUtils } from "resource:///modules/accountcreation/AccountCreationUtils.sys.mjs";
+import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs";

 const lazy = {};
 ChromeUtils.defineESModuleGetters(lazy, {
  AccountConfig: "resource:///modules/accountcreation/AccountConfig.sys.mjs",
  Sanitizer: "resource:///modules/accountcreation/Sanitizer.sys.mjs",
 });
+XPCOMUtils.defineLazyServiceGetter(
+  lazy,
+  "nssErrorsService",
+  "@mozilla.org/nss_errors_service;1",
+  Ci.nsINSSErrorsService
+);

 import { setTimeout } from "resource://gre/modules/Timer.sys.mjs";

@ -1201,11 +1208,8 @@ function SocketUtil(
        // Did it fail because of a bad certificate?
        let isCertError = false;
        if (!Components.isSuccessCode(status)) {
-          const nssErrorsService = Cc[
-            "@mozilla.org/nss_errors_service;1"
-          ].getService(Ci.nsINSSErrorsService);
          try {
-            const errorType = nssErrorsService.getErrorClass(status);
+            const errorType = lazy.nssErrorsService.getErrorClass(status);
            if (errorType == Ci.nsINSSErrorsService.ERROR_CLASS_BAD_CERT) {
              isCertError = true;
            }
@ -1224,6 +1228,12 @@ function SocketUtil(
            gAccountSetupLogger.info(
              `Bad (overridable) certificate for ${hostname}:${port}. Set mailnews.auto_config.guess.requireGoodCert to false to allow detecting this as a valid SSL/TLS configuration`
            );
+
+            // Report to the error callback.
+            const errorMessage = lazy.nssErrorsService.getErrorMessage(status);
+            throw new Error(
+              `Connection to ${hostname}:${port} failed: ${errorMessage}`
+            );
          } else {
            const socketTransport = transport.QueryInterface(
              Ci.nsISocketTransport
--- a/mail/components/accountcreation/test/xpcshell/test_guessConfig.js
+++ b/mail/components/accountcreation/test/xpcshell/test_guessConfig.js
@ -156,8 +156,13 @@ add_task(async function testSocketUtilIMAPExpiredCert1() {
    Ci.nsMsgSocketType.SSL,
    imapCommands
  );
-  const response = await promise;
-  Assert.equal(response, null);
+  await Assert.rejects(
+    promise,
+    ({ message }) =>
+      message.includes("Connection to expired.test.test:993 failed") &&
+      message.includes("Peer\u2019s Certificate has expired"),
+    "TLS connection error should cause an exception"
+  );
  Assert.ok(!sslErrors._gotCertError);

  Assert.ok(
@ -248,8 +253,15 @@ add_task(async function testSocketUtilIMAPMistmatchedCert1() {
    Ci.nsMsgSocketType.SSL,
    imapCommands
  );
-  const response = await promise;
-  Assert.equal(response, null);
+  await Assert.rejects(
+    promise,
+    ({ message }) =>
+      message.includes("Connection to mitm.test.test:993 failed") &&
+      message.includes(
+        "domain name does not match the server\u2019s certificate"
+      ),
+    "TLS connection error should cause an exception"
+  );
  Assert.ok(!sslErrors._gotCertError);

  Assert.ok(