1 files changed, 129 insertions, 0 deletions
diff --git a/toolkit/components/antitracking/test/xpcshell/test_staticPartition_clientAuthRemember.js b/toolkit/components/antitracking/test/xpcshell/test_staticPartition_clientAuthRemember.js
new file mode 100644
index 0000000000..ba2f6c6894
--- /dev/null
+++ b/toolkit/components/antitracking/test/xpcshell/test_staticPartition_clientAuthRemember.js
@@ -0,0 +1,129 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+"use strict";
+
+let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService(
+  Ci.nsIClientAuthRememberService
+);
+let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function getOAWithPartitionKey(
+  { scheme = "https", topLevelBaseDomain, port = null } = {},
+  originAttributes = {}
+) {
+  if (!topLevelBaseDomain || !scheme) {
+    return originAttributes;
+  }
+
+  return {
+    ...originAttributes,
+    partitionKey: `(${scheme},${topLevelBaseDomain}${port ? `,${port}` : ""})`,
+  };
+}
+
+// These are not actual server and client certs. The ClientAuthRememberService
+// does not care which certs we store decisions for, as long as they're valid.
+let [clientCert] = certDB.getCerts();
+
+function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) {
+  let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
+  cars.rememberDecisionScriptable(host, attrs, clientCert);
+}
+
+function testSecurityInfo({
+  host,
+  topLevelBaseDomain,
+  originAttributes = {},
+  expected = true,
+}) {
+  let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
+
+  let messageSuffix = `for ${host}`;
+  if (topLevelBaseDomain) {
+    messageSuffix += ` partitioned under ${topLevelBaseDomain}`;
+  }
+
+  let hasRemembered = cars.hasRememberedDecisionScriptable(host, attrs, {});
+
+  Assert.equal(
+    hasRemembered,
+    expected,
+    `CAR ${expected ? "is set" : "is not set"} ${messageSuffix}`
+  );
+}
+
+function addTestEntries() {
+  let entries = [
+    { host: "example.net" },
+    { host: "test.example.net" },
+    { host: "example.org" },
+    { host: "example.com", topLevelBaseDomain: "example.net" },
+    {
+      host: "test.example.net",
+      topLevelBaseDomain: "example.org",
+    },
+    {
+      host: "foo.example.com",
+      originAttributes: {
+        privateBrowsingId: 1,
+      },
+    },
+  ];
+
+  info("Add test state");
+  entries.forEach(addSecurityInfo);
+  info("Ensure we have the correct state initially");
+  entries.forEach(testSecurityInfo);
+}
+
+add_task(async () => {
+  addTestEntries();
+
+  info("Should not be set for unrelated host");
+  [undefined, "example.org", "example.net", "example.com"].forEach(
+    topLevelBaseDomain =>
+      testSecurityInfo({
+        host: "mochit.test",
+        topLevelBaseDomain,
+        expected: false,
+      })
+  );
+
+  info("Should not be set for unrelated subdomain");
+  testSecurityInfo({ host: "foo.example.net", expected: false });
+
+  info("Should not be set for unpartitioned first party");
+  testSecurityInfo({
+    host: "example.com",
+    expected: false,
+  });
+
+  info("Should not be set under different first party");
+  testSecurityInfo({
+    host: "example.com",
+    topLevelBaseDomain: "example.org",
+    expected: false,
+  });
+  testSecurityInfo({
+    host: "test.example.net",
+    topLevelBaseDomain: "example.com",
+    expected: false,
+  });
+
+  info("Should not be set in partitioned context");
+  ["example.com", "example.net", "example.org", "mochi.test"].forEach(
+    topLevelBaseDomain =>
+      testSecurityInfo({
+        host: "foo.example.com",
+        topLevelBaseDomain,
+        expected: false,
+      })
+  );
+
+  // Cleanup
+  cars.clearRememberedDecisions();
+});