1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// The purpose of this test is to create a mostly bogus site security service
// state file and see that the site security service handles it properly.
var gSSService = null;
function checkStateRead(aSubject, aTopic, aData) {
if (aData == CLIENT_AUTH_FILE_NAME) {
return;
}
equal(aData, SSS_STATE_FILE_NAME);
const HSTS_HOSTS = [
"https://example1.example.com",
"https://example2.example.com",
];
for (let host of HSTS_HOSTS) {
ok(
gSSService.isSecureURI(Services.io.newURI(host)),
`${host} should be HSTS enabled`
);
}
const NOT_HSTS_HOSTS = [
"https://example.com",
"https://example3.example.com",
"https://extra.comma.example.com",
"https://empty.statestring.example.com",
"https://rubbish.statestring.example.com",
"https://spaces.statestring.example.com",
"https://invalid.expirytime.example.com",
"https://text.securitypropertystate.example.com",
"https://invalid.securitypropertystate.example.com",
"https://text.includesubdomains.example.com",
"https://invalid.includesubdomains.example.com",
];
for (let host of NOT_HSTS_HOSTS) {
ok(
!gSSService.isSecureURI(Services.io.newURI(host)),
`${host} should not be HSTS enabled`
);
}
do_test_finished();
}
function run_test() {
Services.prefs.setBoolPref("security.cert_pinning.hpkp.enabled", true);
let profileDir = do_get_profile();
let stateFile = profileDir.clone();
stateFile.append(SSS_STATE_FILE_NAME);
// Assuming we're working with a clean slate, the file shouldn't exist
// until we create it.
ok(!stateFile.exists());
let outputStream = FileUtils.openFileOutputStream(stateFile);
let expiryTime = Date.now() + 100000;
let lines = [
// General state file entry tests.
`example1.example.com:HSTS\t0\t0\t${expiryTime},1,0`,
"I'm a lumberjack and I'm okay; I work all night and I sleep all day!",
"This is a totally bogus entry\t",
"0\t0\t0\t0\t",
"\t\t\t\t\t\t\t",
"example.com:HSTS\t\t\t\t\t\t\t",
"example3.example.com:HSTS\t0\t\t\t\t\t\t",
`example2.example.com:HSTS\t0\t0\t${expiryTime},1,0`,
// HSTS state string parsing tests
`extra.comma.example.com:HSTS\t0\t0\t${expiryTime},,1,0`,
"empty.statestring.example.com:HSTS\t0\t0\t",
"rubbish.statestring.example.com:HSTS\t0\t0\tfoobar",
`spaces.statestring.example.com:HSTS\t0\t0\t${expiryTime}, 1,0 `,
`invalid.expirytime.example.com:HSTS\t0\t0\t${expiryTime}foo123,1,0`,
`text.securitypropertystate.example.com:HSTS\t0\t0\t${expiryTime},1foo,0`,
`invalid.securitypropertystate.example.com:HSTS\t0\t0\t${expiryTime},999,0`,
`text.includesubdomains.example.com:HSTS\t0\t0\t${expiryTime},1,1foo`,
`invalid.includesubdomains.example.com:HSTS\t0\t0\t${expiryTime},1,0foo`,
];
writeLinesAndClose(lines, outputStream);
Services.obs.addObserver(checkStateRead, "data-storage-ready");
do_test_pending();
gSSService = Cc["@mozilla.org/ssservice;1"].getService(
Ci.nsISiteSecurityService
);
notEqual(gSSService, null);
Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
registerCleanupFunction(() => {
Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
});
}
|