Adding upstream version 86.0.1.upstream/86.0.1 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-28 14:29:10 +0000
commit: 2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree: b80bf8bf13c3766139fbacc530efd0dd9d54394c /security/manager/ssl/tests/unit/test_sss_resetState.js
parent: Initial commit. (diff)
download: firefox-upstream.tar.xz
firefox-upstream.zip
1 files changed, 113 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sss_resetState.js b/security/manager/ssl/tests/unit/test_sss_resetState.js
new file mode 100644
index 0000000000..1850442b64
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_resetState.js
@@ -0,0 +1,113 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that resetting HSTS state in the way the "forget about this site"
+// functionality does works as expected for preloaded and non-preloaded sites.
+
+do_get_profile();
+
+var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+  Ci.nsISiteSecurityService
+);
+
+function test_removeState(secInfo, type, flags) {
+  info(`running test_removeState(type=${type}, flags=${flags})`);
+  // Simulate visiting a non-preloaded site by processing an HSTS header check
+  // that the HSTS bit gets set, simulate "forget about this site" (call
+  // removeState), and then check that the HSTS bit isn't set.
+  let notPreloadedURI = Services.io.newURI("https://not-preloaded.example.com");
+  ok(!gSSService.isSecureURI(type, notPreloadedURI, flags));
+  gSSService.processHeader(
+    type,
+    notPreloadedURI,
+    "max-age=1000;",
+    secInfo,
+    flags,
+    Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
+  );
+  ok(gSSService.isSecureURI(type, notPreloadedURI, flags));
+  gSSService.resetState(type, notPreloadedURI, flags);
+  ok(!gSSService.isSecureURI(type, notPreloadedURI, flags));
+
+  // Simulate visiting a non-preloaded site that unsets HSTS by processing
+  // an HSTS header with "max-age=0", check that the HSTS bit isn't
+  // set, simulate "forget about this site" (call removeState), and then check
+  // that the HSTS bit isn't set.
+  gSSService.processHeader(
+    type,
+    notPreloadedURI,
+    "max-age=0;",
+    secInfo,
+    flags,
+    Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
+  );
+  ok(!gSSService.isSecureURI(type, notPreloadedURI, flags));
+  gSSService.resetState(type, notPreloadedURI, flags);
+  ok(!gSSService.isSecureURI(type, notPreloadedURI, flags));
+
+  // Simulate visiting a preloaded site by processing an HSTS header, check
+  // that the HSTS bit is still set, simulate "forget about this site"
+  // (call removeState), and then check that the HSTS bit is still set.
+  let preloadedHost = "includesubdomains.preloaded.test";
+  let preloadedURI = Services.io.newURI(`https://${preloadedHost}`);
+  ok(gSSService.isSecureURI(type, preloadedURI, flags));
+  gSSService.processHeader(
+    type,
+    preloadedURI,
+    "max-age=1000;",
+    secInfo,
+    flags,
+    Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
+  );
+  ok(gSSService.isSecureURI(type, preloadedURI, flags));
+  gSSService.resetState(type, preloadedURI, flags);
+  ok(gSSService.isSecureURI(type, preloadedURI, flags));
+
+  // Simulate visiting a preloaded site that unsets HSTS by processing an
+  // HSTS header with "max-age=0", check that the HSTS bit is what we
+  // expect (see below), simulate "forget about this site" (call removeState),
+  // and then check that the HSTS bit is set.
+  gSSService.processHeader(
+    type,
+    preloadedURI,
+    "max-age=0;",
+    secInfo,
+    flags,
+    Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
+  );
+  ok(!gSSService.isSecureURI(type, preloadedURI, flags));
+  gSSService.resetState(type, preloadedURI, flags);
+  ok(gSSService.isSecureURI(type, preloadedURI, flags));
+}
+
+function add_tests() {
+  let secInfo = null;
+  add_connection_test(
+    "not-preloaded.example.com",
+    PRErrorCodeSuccess,
+    undefined,
+    aSecInfo => {
+      secInfo = aSecInfo;
+    }
+  );
+
+  add_task(() => {
+    test_removeState(secInfo, Ci.nsISiteSecurityService.HEADER_HSTS, 0);
+    test_removeState(
+      secInfo,
+      Ci.nsISiteSecurityService.HEADER_HSTS,
+      Ci.nsISocketProvider.NO_PERMANENT_STORAGE
+    );
+  });
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+
+  add_tests();
+  run_next_test();
+}
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-28 14:29:10 +0000
commit	2aa4a82499d4becd2284cdb482213d541b8804dd (patch)
tree	b80bf8bf13c3766139fbacc530efd0dd9d54394c /security/manager/ssl/tests/unit/test_sss_resetState.js
parent	Initial commit. (diff)
download	firefox-upstream.tar.xz firefox-upstream.zip