1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// Tests handling of certificates marked as permitting delegated credentials
function shouldBeDelegatedCredential(aTransportSecurityInfo) {
Assert.ok(
aTransportSecurityInfo.isDelegatedCredential,
"This host should have used a delegated credential"
);
}
function shouldNotBeDelegatedCredential(aTransportSecurityInfo) {
Assert.ok(
!aTransportSecurityInfo.isDelegatedCredential,
"This host should not have used a delegated credential"
);
}
do_get_profile();
add_tls_server_setup(
"DelegatedCredentialsServer",
"test_delegated_credentials"
);
// Test:
// Server certificate supports DC
// Server DC support enabled
// Client DC support disabled
// Result: Successful connection without DC
add_test(function () {
clearSessionCache();
Services.prefs.setBoolPref(
"security.tls.enable_delegated_credentials",
false
);
run_next_test();
});
add_connection_test(
"delegated-enabled.example.com",
PRErrorCodeSuccess,
null,
shouldNotBeDelegatedCredential
);
// Test:
// Server certificate does not support DC
// Server DC support enabled
// Client DC support enabled
// Result: SSL_ERROR_DC_INVALID_KEY_USAGE from client when
// checking DC against EE cert, no DC in aTransportSecurityInfo.
add_test(function () {
clearSessionCache();
Services.prefs.setBoolPref("security.tls.enable_delegated_credentials", true);
run_next_test();
});
add_connection_test(
"standard-enabled.example.com",
SSL_ERROR_DC_INVALID_KEY_USAGE,
null,
// We'll never |mHaveCipherSuiteAndProtocol|,
// and therefore can't check IsDelegatedCredential
null
);
// Test:
// Server certificate supports DC
// Server DC support disabled
// Client DC support enabled
// Result: Successful connection without DC
add_connection_test(
"delegated-disabled.example.com",
PRErrorCodeSuccess,
null,
shouldNotBeDelegatedCredential
);
// Test:
// Server certificate supports DC
// Server DC support enabled
// Client DC support enabled
// Result: Successful connection with DC
add_connection_test(
"delegated-enabled.example.com",
PRErrorCodeSuccess,
null,
shouldBeDelegatedCredential
);
|
