1 files changed, 75 insertions, 0 deletions

diff --git a/security/manager/ssl/tests/unit/test_ssl_status.js b/security/manager/ssl/tests/unit/test_ssl_status.js
new file mode 100644
index 0000000000..8e9aad40e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ssl_status.js
@@ -0,0 +1,75 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+do_get_profile();
+
+function run_test() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function(request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  // Test successful connection (failedCertChain should be null,
+  // succeededCertChain should be set as expected)
+  add_connection_test(
+    "good.include-subdomains.pinning.example.com",
+    PRErrorCodeSuccess,
+    null,
+    function withSecurityInfo(aSecInfo) {
+      equal(
+        aSecInfo.failedCertChain.length,
+        0,
+        "failedCertChain for a successful connection should be empty"
+      );
+      ok(
+        areCertArraysEqual(
+          aSecInfo.succeededCertChain,
+          build_cert_chain(["default-ee", "test-ca"])
+        ),
+        "succeededCertChain for a successful connection should be as expected"
+      );
+    }
+  );
+
+  // Test failed connection (failedCertChain should be set as expected,
+  // succeededCertChain should be null)
+  add_connection_test(
+    "expired.example.com",
+    SEC_ERROR_EXPIRED_CERTIFICATE,
+    null,
+    function withSecurityInfo(aSecInfo) {
+      equal(
+        aSecInfo.succeededCertChain.length,
+        0,
+        "succeededCertChain for a failed connection should be null"
+      );
+      ok(
+        areCertArraysEqual(
+          aSecInfo.failedCertChain,
+          build_cert_chain(["expired-ee", "test-ca"])
+        ),
+        "failedCertChain for a failed connection should be as expected"
+      );
+    }
+  );
+
+  // Ensure the correct failed cert chain is set on cert override
+  let overrideStatus = {
+    failedCertChain: build_cert_chain(["expired-ee", "test-ca"]),
+  };
+  add_cert_override_test(
+    "expired.example.com",
+    SEC_ERROR_EXPIRED_CERTIFICATE,
+    undefined,
+    overrideStatus
+  );
+
+  run_next_test();
+}