91 lines
2.3 KiB
JavaScript
91 lines
2.3 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
"use strict";
|
|
|
|
// Tests handling of certificates marked as permitting delegated credentials
|
|
|
|
function shouldBeDelegatedCredential(aTransportSecurityInfo) {
|
|
Assert.ok(
|
|
aTransportSecurityInfo.isDelegatedCredential,
|
|
"This host should have used a delegated credential"
|
|
);
|
|
}
|
|
|
|
function shouldNotBeDelegatedCredential(aTransportSecurityInfo) {
|
|
Assert.ok(
|
|
!aTransportSecurityInfo.isDelegatedCredential,
|
|
"This host should not have used a delegated credential"
|
|
);
|
|
}
|
|
|
|
do_get_profile();
|
|
|
|
add_tls_server_setup(
|
|
"DelegatedCredentialsServer",
|
|
"test_delegated_credentials"
|
|
);
|
|
|
|
// Test:
|
|
// Server certificate supports DC
|
|
// Server DC support enabled
|
|
// Client DC support disabled
|
|
// Result: Successful connection without DC
|
|
add_test(function () {
|
|
clearSessionCache();
|
|
Services.prefs.setBoolPref(
|
|
"security.tls.enable_delegated_credentials",
|
|
false
|
|
);
|
|
run_next_test();
|
|
});
|
|
add_connection_test(
|
|
"delegated-enabled.example.com",
|
|
PRErrorCodeSuccess,
|
|
null,
|
|
shouldNotBeDelegatedCredential
|
|
);
|
|
|
|
// Test:
|
|
// Server certificate does not support DC
|
|
// Server DC support enabled
|
|
// Client DC support enabled
|
|
// Result: SSL_ERROR_DC_INVALID_KEY_USAGE from client when
|
|
// checking DC against EE cert, no DC in aTransportSecurityInfo.
|
|
add_test(function () {
|
|
clearSessionCache();
|
|
Services.prefs.setBoolPref("security.tls.enable_delegated_credentials", true);
|
|
run_next_test();
|
|
});
|
|
add_connection_test(
|
|
"standard-enabled.example.com",
|
|
SSL_ERROR_DC_INVALID_KEY_USAGE,
|
|
null,
|
|
// We'll never |mHaveCipherSuiteAndProtocol|,
|
|
// and therefore can't check IsDelegatedCredential
|
|
null
|
|
);
|
|
|
|
// Test:
|
|
// Server certificate supports DC
|
|
// Server DC support disabled
|
|
// Client DC support enabled
|
|
// Result: Successful connection without DC
|
|
add_connection_test(
|
|
"delegated-disabled.example.com",
|
|
PRErrorCodeSuccess,
|
|
null,
|
|
shouldNotBeDelegatedCredential
|
|
);
|
|
|
|
// Test:
|
|
// Server certificate supports DC
|
|
// Server DC support enabled
|
|
// Client DC support enabled
|
|
// Result: Successful connection with DC
|
|
add_connection_test(
|
|
"delegated-enabled.example.com",
|
|
PRErrorCodeSuccess,
|
|
null,
|
|
shouldBeDelegatedCredential
|
|
);
|