summaryrefslogtreecommitdiffstats
path: root/caps/tests/gtest/TestPrincipalSerialization.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'caps/tests/gtest/TestPrincipalSerialization.cpp')
-rw-r--r--caps/tests/gtest/TestPrincipalSerialization.cpp192
1 files changed, 192 insertions, 0 deletions
diff --git a/caps/tests/gtest/TestPrincipalSerialization.cpp b/caps/tests/gtest/TestPrincipalSerialization.cpp
new file mode 100644
index 0000000000..2e7d5afd0d
--- /dev/null
+++ b/caps/tests/gtest/TestPrincipalSerialization.cpp
@@ -0,0 +1,192 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "gtest/gtest.h"
+#include "mozilla/Base64.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/ContentPrincipal.h"
+#include "mozilla/NullPrincipal.h"
+#include "mozilla/SystemPrincipal.h"
+#include "mozilla/ExpandedPrincipal.h"
+
+using mozilla::BasePrincipal;
+using mozilla::ContentPrincipal;
+using mozilla::NullPrincipal;
+using mozilla::SystemPrincipal;
+
+// None of these tests work in debug due to assert guards
+#ifndef MOZ_DEBUG
+
+// calling toJSON() twice with the same string arg
+// (ensure that we truncate correctly where needed)
+TEST(PrincipalSerialization, ReusedJSONArgument)
+{
+ nsCOMPtr<nsIScriptSecurityManager> ssm =
+ nsScriptSecurityManager::GetScriptSecurityManager();
+
+ nsAutoCString spec("https://mozilla.com");
+ nsCOMPtr<nsIPrincipal> principal;
+ nsresult rv =
+ ssm->CreateContentPrincipalFromOrigin(spec, getter_AddRefs(principal));
+ ASSERT_EQ(rv, NS_OK);
+
+ nsAutoCString JSON;
+ rv = BasePrincipal::Cast(principal)->ToJSON(JSON);
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_TRUE(JSON.EqualsLiteral("{\"1\":{\"0\":\"https://mozilla.com/\"}}"));
+
+ nsAutoCString spec2("https://example.com");
+ nsCOMPtr<nsIPrincipal> principal2;
+ rv = ssm->CreateContentPrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+ ASSERT_EQ(rv, NS_OK);
+
+ // Reuse JSON without truncation to check the code is doing this
+ rv = BasePrincipal::Cast(principal2)->ToJSON(JSON);
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_TRUE(JSON.EqualsLiteral("{\"1\":{\"0\":\"https://example.com/\"}}"));
+}
+
+// Double check that if we have two valid principals in a serialized JSON that
+// nullptr is returned
+TEST(PrincipalSerialization, TwoKeys)
+{
+ // Sanity check that this returns a system principal
+ nsCOMPtr<nsIPrincipal> systemPrincipal =
+ BasePrincipal::FromJSON("{\"3\":{}}"_ns);
+ ASSERT_EQ(BasePrincipal::Cast(systemPrincipal)->Kind(),
+ BasePrincipal::eSystemPrincipal);
+
+ // Sanity check that this returns a content principal
+ nsCOMPtr<nsIPrincipal> contentPrincipal =
+ BasePrincipal::FromJSON("{\"1\":{\"0\":\"https://mozilla.com\"}}"_ns);
+ ASSERT_EQ(BasePrincipal::Cast(contentPrincipal)->Kind(),
+ BasePrincipal::eContentPrincipal);
+
+ // Check both combined don't return a principal
+ nsCOMPtr<nsIPrincipal> combinedPrincipal = BasePrincipal::FromJSON(
+ "{\"1\":{\"0\":\"https://mozilla.com\"},\"3\":{}}"_ns);
+ ASSERT_EQ(nullptr, combinedPrincipal);
+}
+
+#endif // ifndef MOZ_DEBUG
+
+TEST(PrincipalSerialization, ExpandedPrincipal)
+{
+ // Check basic Expandedprincipal works without OA
+ nsCOMPtr<nsIScriptSecurityManager> ssm =
+ nsScriptSecurityManager::GetScriptSecurityManager();
+
+ uint32_t length = 2;
+ nsTArray<nsCOMPtr<nsIPrincipal> > allowedDomains(length);
+ allowedDomains.SetLength(length);
+
+ nsAutoCString spec("https://mozilla.com");
+ nsCOMPtr<nsIPrincipal> principal;
+ nsresult rv =
+ ssm->CreateContentPrincipalFromOrigin(spec, getter_AddRefs(principal));
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_EQ(BasePrincipal::Cast(principal)->Kind(),
+ BasePrincipal::eContentPrincipal);
+ allowedDomains[0] = principal;
+
+ nsAutoCString spec2("https://mozilla.org");
+ nsCOMPtr<nsIPrincipal> principal2;
+ rv = ssm->CreateContentPrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_EQ(BasePrincipal::Cast(principal2)->Kind(),
+ BasePrincipal::eContentPrincipal);
+ allowedDomains[1] = principal2;
+
+ mozilla::OriginAttributes attrs;
+ RefPtr<ExpandedPrincipal> result =
+ ExpandedPrincipal::Create(allowedDomains, attrs);
+ ASSERT_EQ(BasePrincipal::Cast(result)->Kind(),
+ BasePrincipal::eExpandedPrincipal);
+
+ nsAutoCString JSON;
+ rv = BasePrincipal::Cast(result)->ToJSON(JSON);
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_STREQ(JSON.get(),
+ "{\"2\":{\"0\":[{\"1\":{\"0\":\"https://mozilla.com/"
+ "\"}},{\"1\":{\"0\":\"https://mozilla.org/\"}}]}}");
+
+ nsCOMPtr<nsIPrincipal> returnedPrincipal = BasePrincipal::FromJSON(JSON);
+ auto outPrincipal = BasePrincipal::Cast(returnedPrincipal);
+ ASSERT_EQ(outPrincipal->Kind(), BasePrincipal::eExpandedPrincipal);
+
+ ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal));
+ ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal2));
+
+ nsAutoCString specDev("https://mozilla.dev");
+ nsCOMPtr<nsIPrincipal> principalDev;
+ rv = ssm->CreateContentPrincipalFromOrigin(specDev,
+ getter_AddRefs(principalDev));
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_EQ(BasePrincipal::Cast(principalDev)->Kind(),
+ BasePrincipal::eContentPrincipal);
+
+ ASSERT_FALSE(outPrincipal->FastSubsumesIgnoringFPD(principalDev));
+}
+
+TEST(PrincipalSerialization, ExpandedPrincipalOA)
+{
+ // Check Expandedprincipal works with top level OA
+ nsCOMPtr<nsIScriptSecurityManager> ssm =
+ nsScriptSecurityManager::GetScriptSecurityManager();
+
+ uint32_t length = 2;
+ nsTArray<nsCOMPtr<nsIPrincipal> > allowedDomains(length);
+ allowedDomains.SetLength(length);
+
+ nsAutoCString spec("https://mozilla.com");
+ nsCOMPtr<nsIPrincipal> principal;
+ nsresult rv =
+ ssm->CreateContentPrincipalFromOrigin(spec, getter_AddRefs(principal));
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_EQ(BasePrincipal::Cast(principal)->Kind(),
+ BasePrincipal::eContentPrincipal);
+ allowedDomains[0] = principal;
+
+ nsAutoCString spec2("https://mozilla.org");
+ nsCOMPtr<nsIPrincipal> principal2;
+ rv = ssm->CreateContentPrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_EQ(BasePrincipal::Cast(principal2)->Kind(),
+ BasePrincipal::eContentPrincipal);
+ allowedDomains[1] = principal2;
+
+ mozilla::OriginAttributes attrs;
+ nsAutoCString suffix("^userContextId=1");
+ bool ok = attrs.PopulateFromSuffix(suffix);
+ ASSERT_TRUE(ok);
+
+ RefPtr<ExpandedPrincipal> result =
+ ExpandedPrincipal::Create(allowedDomains, attrs);
+ ASSERT_EQ(BasePrincipal::Cast(result)->Kind(),
+ BasePrincipal::eExpandedPrincipal);
+
+ nsAutoCString JSON;
+ rv = BasePrincipal::Cast(result)->ToJSON(JSON);
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_STREQ(JSON.get(),
+ "{\"2\":{\"0\":[{\"1\":{\"0\":\"https://mozilla.com/"
+ "\"}},{\"1\":{\"0\":\"https://mozilla.org/"
+ "\"}}],\"1\":\"^userContextId=1\"}}");
+
+ nsCOMPtr<nsIPrincipal> returnedPrincipal = BasePrincipal::FromJSON(JSON);
+ auto outPrincipal = BasePrincipal::Cast(returnedPrincipal);
+ ASSERT_EQ(outPrincipal->Kind(), BasePrincipal::eExpandedPrincipal);
+
+ ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal));
+ ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal2));
+
+ nsAutoCString specDev("https://mozilla.dev");
+ nsCOMPtr<nsIPrincipal> principalDev;
+ rv = ssm->CreateContentPrincipalFromOrigin(specDev,
+ getter_AddRefs(principalDev));
+ ASSERT_EQ(rv, NS_OK);
+ ASSERT_EQ(BasePrincipal::Cast(principalDev)->Kind(),
+ BasePrincipal::eContentPrincipal);
+
+ ASSERT_FALSE(outPrincipal->FastSubsumesIgnoringFPD(principalDev));
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 22:22:27 +0000