summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_delegated_credentials.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /security/manager/ssl/tests/unit/test_delegated_credentials.js
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/tests/unit/test_delegated_credentials.js')
-rw-r--r--security/manager/ssl/tests/unit/test_delegated_credentials.js91
1 files changed, 91 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials.js b/security/manager/ssl/tests/unit/test_delegated_credentials.js
new file mode 100644
index 0000000000..a1623ddcb2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_delegated_credentials.js
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests handling of certificates marked as permitting delegated credentials
+
+function shouldBeDelegatedCredential(aTransportSecurityInfo) {
+ Assert.ok(
+ aTransportSecurityInfo.isDelegatedCredential,
+ "This host should have used a delegated credential"
+ );
+}
+
+function shouldNotBeDelegatedCredential(aTransportSecurityInfo) {
+ Assert.ok(
+ !aTransportSecurityInfo.isDelegatedCredential,
+ "This host should not have used a delegated credential"
+ );
+}
+
+do_get_profile();
+
+add_tls_server_setup(
+ "DelegatedCredentialsServer",
+ "test_delegated_credentials"
+);
+
+// Test:
+// Server certificate supports DC
+// Server DC support enabled
+// Client DC support disabled
+// Result: Successful connection without DC
+add_test(function() {
+ clearSessionCache();
+ Services.prefs.setBoolPref(
+ "security.tls.enable_delegated_credentials",
+ false
+ );
+ run_next_test();
+});
+add_connection_test(
+ "delegated-enabled.example.com",
+ PRErrorCodeSuccess,
+ null,
+ shouldNotBeDelegatedCredential
+);
+
+// Test:
+// Server certificate does not support DC
+// Server DC support enabled
+// Client DC support enabled
+// Result: SSL_ERROR_DC_INVALID_KEY_USAGE from client when
+// checking DC against EE cert, no DC in aTransportSecurityInfo.
+add_test(function() {
+ clearSessionCache();
+ Services.prefs.setBoolPref("security.tls.enable_delegated_credentials", true);
+ run_next_test();
+});
+add_connection_test(
+ "standard-enabled.example.com",
+ SSL_ERROR_DC_INVALID_KEY_USAGE,
+ null,
+ // We'll never |mHaveCipherSuiteAndProtocol|,
+ // and therefore can't check IsDelegatedCredential
+ null
+);
+
+// Test:
+// Server certificate supports DC
+// Server DC support disabled
+// Client DC support enabled
+// Result: Successful connection without DC
+add_connection_test(
+ "delegated-disabled.example.com",
+ PRErrorCodeSuccess,
+ null,
+ shouldNotBeDelegatedCredential
+);
+
+// Test:
+// Server certificate supports DC
+// Server DC support enabled
+// Client DC support enabled
+// Result: Successful connection with DC
+add_connection_test(
+ "delegated-enabled.example.com",
+ PRErrorCodeSuccess,
+ null,
+ shouldBeDelegatedCredential
+);