1 files changed, 122 insertions, 0 deletions

diff --git a/devtools/shared/network-observer/test/xpcshell/test_security-info-state.js b/devtools/shared/network-observer/test/xpcshell/test_security-info-state.js
new file mode 100644
index 0000000000..be622b2019
--- /dev/null
+++ b/devtools/shared/network-observer/test/xpcshell/test_security-info-state.js
@@ -0,0 +1,122 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+// Tests that security info parser gives correct general security state for
+// different cases.
+
+const wpl = Ci.nsIWebProgressListener;
+
+// This *cannot* be used as an nsITransportSecurityInfo (since that interface is
+// builtinclass) but the methods being tested aren't defined by XPCOM and aren't
+// calling QueryInterface, so this usage is fine.
+const MockSecurityInfo = {
+  securityState: wpl.STATE_IS_BROKEN,
+  errorCode: 0,
+  // nsISSLStatus.TLS_VERSION_1_2
+  protocolVersion: 3,
+  cipherName: "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
+};
+
+add_task(async function run_test() {
+  await test_nullSecurityInfo();
+  await test_insecureSecurityInfoWithNSSError();
+  await test_insecureSecurityInfoWithoutNSSError();
+  await test_brokenSecurityInfo();
+  await test_secureSecurityInfo();
+});
+
+/**
+ * Test that undefined security information is returns "insecure".
+ */
+async function test_nullSecurityInfo() {
+  const result = await NetworkHelper.parseSecurityInfo(null, {}, {}, new Map());
+  equal(
+    result.state,
+    "insecure",
+    "state == 'insecure' when securityInfo was undefined"
+  );
+}
+
+/**
+ * Test that STATE_IS_INSECURE with NSSError returns "broken"
+ */
+async function test_insecureSecurityInfoWithNSSError() {
+  MockSecurityInfo.securityState = wpl.STATE_IS_INSECURE;
+
+  // Taken from security/manager/ssl/tests/unit/head_psm.js.
+  MockSecurityInfo.errorCode = -8180;
+
+  const result = await NetworkHelper.parseSecurityInfo(
+    MockSecurityInfo,
+    {},
+    {},
+    new Map()
+  );
+  equal(
+    result.state,
+    "broken",
+    "state == 'broken' if securityState contains STATE_IS_INSECURE flag AND " +
+      "errorCode is NSS error."
+  );
+
+  MockSecurityInfo.errorCode = 0;
+}
+
+/**
+ * Test that STATE_IS_INSECURE without NSSError returns "insecure"
+ */
+async function test_insecureSecurityInfoWithoutNSSError() {
+  MockSecurityInfo.securityState = wpl.STATE_IS_INSECURE;
+
+  const result = await NetworkHelper.parseSecurityInfo(
+    MockSecurityInfo,
+    {},
+    {},
+    new Map()
+  );
+  equal(
+    result.state,
+    "insecure",
+    "state == 'insecure' if securityState contains STATE_IS_INSECURE flag BUT " +
+      "errorCode is not NSS error."
+  );
+}
+
+/**
+ * Test that STATE_IS_SECURE returns "secure"
+ */
+async function test_secureSecurityInfo() {
+  MockSecurityInfo.securityState = wpl.STATE_IS_SECURE;
+
+  const result = await NetworkHelper.parseSecurityInfo(
+    MockSecurityInfo,
+    {},
+    {},
+    new Map()
+  );
+  equal(
+    result.state,
+    "secure",
+    "state == 'secure' if securityState contains STATE_IS_SECURE flag"
+  );
+}
+
+/**
+ * Test that STATE_IS_BROKEN returns "weak"
+ */
+async function test_brokenSecurityInfo() {
+  MockSecurityInfo.securityState = wpl.STATE_IS_BROKEN;
+
+  const result = await NetworkHelper.parseSecurityInfo(
+    MockSecurityInfo,
+    {},
+    {},
+    new Map()
+  );
+  equal(
+    result.state,
+    "weak",
+    "state == 'weak' if securityState contains STATE_IS_BROKEN flag"
+  );
+}