1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
// Tests that security info parser gives correct general security state for
// different cases.
const wpl = Ci.nsIWebProgressListener;
// This *cannot* be used as an nsITransportSecurityInfo (since that interface is
// builtinclass) but the methods being tested aren't defined by XPCOM and aren't
// calling QueryInterface, so this usage is fine.
const MockSecurityInfo = {
securityState: wpl.STATE_IS_BROKEN,
errorCode: 0,
// nsISSLStatus.TLS_VERSION_1_2
protocolVersion: 3,
cipherName: "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
};
add_task(async function run_test() {
await test_nullSecurityInfo();
await test_insecureSecurityInfoWithNSSError();
await test_insecureSecurityInfoWithoutNSSError();
await test_brokenSecurityInfo();
await test_secureSecurityInfo();
});
/**
* Test that undefined security information is returns "insecure".
*/
async function test_nullSecurityInfo() {
const result = await NetworkHelper.parseSecurityInfo(null, {}, {}, new Map());
equal(
result.state,
"insecure",
"state == 'insecure' when securityInfo was undefined"
);
}
/**
* Test that STATE_IS_INSECURE with NSSError returns "broken"
*/
async function test_insecureSecurityInfoWithNSSError() {
MockSecurityInfo.securityState = wpl.STATE_IS_INSECURE;
// Taken from security/manager/ssl/tests/unit/head_psm.js.
MockSecurityInfo.errorCode = -8180;
const result = await NetworkHelper.parseSecurityInfo(
MockSecurityInfo,
{},
{},
new Map()
);
equal(
result.state,
"broken",
"state == 'broken' if securityState contains STATE_IS_INSECURE flag AND " +
"errorCode is NSS error."
);
MockSecurityInfo.errorCode = 0;
}
/**
* Test that STATE_IS_INSECURE without NSSError returns "insecure"
*/
async function test_insecureSecurityInfoWithoutNSSError() {
MockSecurityInfo.securityState = wpl.STATE_IS_INSECURE;
const result = await NetworkHelper.parseSecurityInfo(
MockSecurityInfo,
{},
{},
new Map()
);
equal(
result.state,
"insecure",
"state == 'insecure' if securityState contains STATE_IS_INSECURE flag BUT " +
"errorCode is not NSS error."
);
}
/**
* Test that STATE_IS_SECURE returns "secure"
*/
async function test_secureSecurityInfo() {
MockSecurityInfo.securityState = wpl.STATE_IS_SECURE;
const result = await NetworkHelper.parseSecurityInfo(
MockSecurityInfo,
{},
{},
new Map()
);
equal(
result.state,
"secure",
"state == 'secure' if securityState contains STATE_IS_SECURE flag"
);
}
/**
* Test that STATE_IS_BROKEN returns "weak"
*/
async function test_brokenSecurityInfo() {
MockSecurityInfo.securityState = wpl.STATE_IS_BROKEN;
const result = await NetworkHelper.parseSecurityInfo(
MockSecurityInfo,
{},
{},
new Map()
);
equal(
result.state,
"weak",
"state == 'weak' if securityState contains STATE_IS_BROKEN flag"
);
}
|
