diff options
Diffstat (limited to 'security/manager/ssl/tests/unit/test_sss_enumerate.js')
| -rw-r--r-- | security/manager/ssl/tests/unit/test_sss_enumerate.js | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sss_enumerate.js b/security/manager/ssl/tests/unit/test_sss_enumerate.js new file mode 100644 index 0000000000..a785e31cdf --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sss_enumerate.js @@ -0,0 +1,79 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +do_get_profile(); // must be done before instantiating nsIX509CertDB + +const SECS_IN_A_WEEK = 7 * 24 * 60 * 60 * 1000; +const TESTCASES = [ + { + hostname: "a.pinning.example.com", + includeSubdomains: true, + expireTime: Date.now() + 12 * SECS_IN_A_WEEK * 1000, + }, + { + hostname: "b.pinning.example.com", + includeSubdomains: false, + expireTime: Date.now() + 13 * SECS_IN_A_WEEK * 1000, + }, +].sort((a, b) => a.expireTime - b.expireTime); + +let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService); + +function getEntries() { + return Array.from(sss.enumerate()); +} + +function checkSiteSecurityStateAttrs(entries) { + entries.sort((a, b) => a.expireTime - b.expireTime); + equal( + entries.length, + TESTCASES.length, + "Should get correct number of entries" + ); + for (let i = 0; i < TESTCASES.length; i++) { + equal(entries[i].hostname, TESTCASES[i].hostname, "Hostnames should match"); + equal( + entries[i].securityPropertyState, + Ci.nsISiteSecurityState.SECURITY_PROPERTY_SET, + "Entries should have security property set" + ); + equal( + entries[i].includeSubdomains, + TESTCASES[i].includeSubdomains, + "IncludeSubdomains should match" + ); + // There's a delay from our "now" and the "now" that the implementation uses. + less( + Math.abs(entries[i].expireTime - TESTCASES[i].expireTime), + 60000, + "ExpireTime should be within 60-second error" + ); + } +} + +function run_test() { + sss.clearAll(); + + for (const testcase of TESTCASES) { + const uri = Services.io.newURI(`https://${testcase.hostname}`); + + // MaxAge is in seconds. + let maxAge = Math.round((testcase.expireTime - Date.now()) / 1000); + let header = `max-age=${maxAge}`; + if (testcase.includeSubdomains) { + header += "; includeSubdomains"; + } + sss.processHeader(uri, header); + } + + let hstsEntries = getEntries(); + + checkSiteSecurityStateAttrs(hstsEntries); + + sss.clearAll(); + hstsEntries = getEntries(); + + equal(hstsEntries.length, 0, "Should clear all HSTS entries"); +} |