diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /security/manager/ssl/tests/unit/test_delegated_credentials.js | |
parent | Initial commit. (diff) | |
download | thunderbird-upstream.tar.xz thunderbird-upstream.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/tests/unit/test_delegated_credentials.js')
-rw-r--r-- | security/manager/ssl/tests/unit/test_delegated_credentials.js | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_delegated_credentials.js b/security/manager/ssl/tests/unit/test_delegated_credentials.js new file mode 100644 index 0000000000..1bb6f70aad --- /dev/null +++ b/security/manager/ssl/tests/unit/test_delegated_credentials.js @@ -0,0 +1,91 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// Tests handling of certificates marked as permitting delegated credentials + +function shouldBeDelegatedCredential(aTransportSecurityInfo) { + Assert.ok( + aTransportSecurityInfo.isDelegatedCredential, + "This host should have used a delegated credential" + ); +} + +function shouldNotBeDelegatedCredential(aTransportSecurityInfo) { + Assert.ok( + !aTransportSecurityInfo.isDelegatedCredential, + "This host should not have used a delegated credential" + ); +} + +do_get_profile(); + +add_tls_server_setup( + "DelegatedCredentialsServer", + "test_delegated_credentials" +); + +// Test: +// Server certificate supports DC +// Server DC support enabled +// Client DC support disabled +// Result: Successful connection without DC +add_test(function () { + clearSessionCache(); + Services.prefs.setBoolPref( + "security.tls.enable_delegated_credentials", + false + ); + run_next_test(); +}); +add_connection_test( + "delegated-enabled.example.com", + PRErrorCodeSuccess, + null, + shouldNotBeDelegatedCredential +); + +// Test: +// Server certificate does not support DC +// Server DC support enabled +// Client DC support enabled +// Result: SSL_ERROR_DC_INVALID_KEY_USAGE from client when +// checking DC against EE cert, no DC in aTransportSecurityInfo. +add_test(function () { + clearSessionCache(); + Services.prefs.setBoolPref("security.tls.enable_delegated_credentials", true); + run_next_test(); +}); +add_connection_test( + "standard-enabled.example.com", + SSL_ERROR_DC_INVALID_KEY_USAGE, + null, + // We'll never |mHaveCipherSuiteAndProtocol|, + // and therefore can't check IsDelegatedCredential + null +); + +// Test: +// Server certificate supports DC +// Server DC support disabled +// Client DC support enabled +// Result: Successful connection without DC +add_connection_test( + "delegated-disabled.example.com", + PRErrorCodeSuccess, + null, + shouldNotBeDelegatedCredential +); + +// Test: +// Server certificate supports DC +// Server DC support enabled +// Client DC support enabled +// Result: Successful connection with DC +add_connection_test( + "delegated-enabled.example.com", + PRErrorCodeSuccess, + null, + shouldBeDelegatedCredential +); |