diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
commit | 2aa4a82499d4becd2284cdb482213d541b8804dd (patch) | |
tree | b80bf8bf13c3766139fbacc530efd0dd9d54394c /security/manager/ssl/tests/unit/test_sss_savestate.js | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/tests/unit/test_sss_savestate.js')
-rw-r--r-- | security/manager/ssl/tests/unit/test_sss_savestate.js | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sss_savestate.js b/security/manager/ssl/tests/unit/test_sss_savestate.js new file mode 100644 index 0000000000..300afe4983 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_savestate.js @@ -0,0 +1,122 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// The purpose of this test is to see that the site security service properly +// writes its state file. + +const EXPECTED_ENTRIES = 5; +const EXPECTED_HSTS_COLUMNS = 4; +var gProfileDir = null; + +const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + +// For reference, the format of the state file is a list of: +// <domain name> <expiration time in milliseconds>,<sts status>,<includeSubdomains> +// separated by newlines ('\n') + +function checkStateWritten(aSubject, aTopic, aData) { + if (aData == PRELOAD_STATE_FILE_NAME || aData == CLIENT_AUTH_FILE_NAME) { + return; + } + + equal(aData, SSS_STATE_FILE_NAME); + + let stateFile = gProfileDir.clone(); + stateFile.append(SSS_STATE_FILE_NAME); + ok(stateFile.exists()); + let stateFileContents = readFile(stateFile); + // the last line is removed because it's just a trailing newline + let lines = stateFileContents.split("\n").slice(0, -1); + equal(lines.length, EXPECTED_ENTRIES); + let sites = {}; // a map of domain name -> [the entry in the state file] + for (let line of lines) { + let parts = line.split("\t"); + let host = parts[0]; + let entry = parts[3].split(","); + let expectedColumns = EXPECTED_HSTS_COLUMNS; + equal(entry.length, expectedColumns); + sites[host] = entry; + } + + // We can receive multiple data-storage-written events. In particular, we + // may receive one where DataStorage wrote out data before we were done + // processing all of our headers. In this case, the data may not be + // as we expect. We only care about the final one being correct, however, + // so we return and wait for the next event if things aren't as we expect. + // sites[url][1] corresponds to SecurityPropertySet (if 1) and + // SecurityPropertyUnset (if 0) + // sites[url][2] corresponds to includeSubdomains + if (sites["includesubdomains.preloaded.test:HSTS"][1] != 1) { + return; + } + if (sites["includesubdomains.preloaded.test:HSTS"][2] != 0) { + return; + } + if (sites["a.example.com:HSTS"][1] != 1) { + return; + } + if (sites["a.example.com:HSTS"][2] != 1) { + return; + } + if (sites["b.example.com:HSTS"][1] != 1) { + return; + } + if (sites["b.example.com:HSTS"][2] != 0) { + return; + } + if (sites["c.c.example.com:HSTS"][1] != 1) { + return; + } + if (sites["c.c.example.com:HSTS"][2] != 1) { + return; + } + if (sites["d.example.com:HSTS"][1] != 1) { + return; + } + if (sites["d.example.com:HSTS"][2] != 0) { + return; + } + + do_test_finished(); +} + +function run_test() { + Services.prefs.setBoolPref("security.cert_pinning.hpkp.enabled", true); + Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100); + gProfileDir = do_get_profile(); + let SSService = Cc["@mozilla.org/ssservice;1"].getService( + Ci.nsISiteSecurityService + ); + + let uris = [ + Services.io.newURI("http://includesubdomains.preloaded.test"), + Services.io.newURI("http://a.example.com"), + Services.io.newURI("http://b.example.com"), + Services.io.newURI("http://c.c.example.com"), + Services.io.newURI("http://d.example.com"), + ]; + + for (let i = 0; i < 1000; i++) { + let uriIndex = i % uris.length; + // vary max-age + let maxAge = "max-age=" + i * 1000; + // alternate setting includeSubdomains + let includeSubdomains = i % 2 == 0 ? "; includeSubdomains" : ""; + let secInfo = Cc[ + "@mozilla.org/security/transportsecurityinfo;1" + ].createInstance(Ci.nsITransportSecurityInfo); + SSService.processHeader( + Ci.nsISiteSecurityService.HEADER_HSTS, + uris[uriIndex], + maxAge + includeSubdomains, + secInfo, + 0, + Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST + ); + } + + do_test_pending(); + Services.obs.addObserver(checkStateWritten, "data-storage-written"); +} |