summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js')
-rw-r--r--security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js269
1 files changed, 269 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
new file mode 100644
index 0000000000..6b1b4a5ba6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
@@ -0,0 +1,269 @@
+"use strict";
+
+var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
+ Ci.nsISiteSecurityService
+);
+
+function Observer() {}
+Observer.prototype = {
+ observe(subject, topic, data) {
+ if (topic == "last-pb-context-exited") {
+ run_next_test();
+ }
+ },
+};
+
+var gObserver = new Observer();
+
+function cleanup() {
+ Services.obs.removeObserver(gObserver, "last-pb-context-exited");
+ gSSService.clearAll();
+}
+
+function run_test() {
+ do_get_profile();
+
+ registerCleanupFunction(cleanup);
+ Services.obs.addObserver(gObserver, "last-pb-context-exited");
+
+ add_test(test_part1);
+ add_test(test_private_browsing1);
+ add_test(test_private_browsing2);
+
+ run_next_test();
+}
+
+function test_part1() {
+ // check that a host not in the list is not identified as an sts host
+ ok(
+ !gSSService.isSecureURI(
+ Services.io.newURI("https://nonexistent.example.com")
+ )
+ );
+
+ // check that an ancestor domain is not identified as an sts host
+ ok(!gSSService.isSecureURI(Services.io.newURI("https://com")));
+
+ // check that the pref to toggle using the preload list works
+ Services.prefs.setBoolPref(
+ "network.stricttransportsecurity.preloadlist",
+ false
+ );
+ ok(
+ !gSSService.isSecureURI(
+ Services.io.newURI("https://includesubdomains.preloaded.test")
+ )
+ );
+ Services.prefs.setBoolPref(
+ "network.stricttransportsecurity.preloadlist",
+ true
+ );
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://includesubdomains.preloaded.test")
+ )
+ );
+
+ // check that a subdomain is an sts host (includeSubdomains is set)
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+ )
+ );
+
+ // check that another subdomain is an sts host (includeSubdomains is set)
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://a.b.c.def.includesubdomains.preloaded.test")
+ )
+ );
+
+ // check that a subdomain is not an sts host (includeSubdomains is not set)
+ ok(
+ !gSSService.isSecureURI(
+ Services.io.newURI("https://subdomain.noincludesubdomains.preloaded.test")
+ )
+ );
+
+ // check that a host with a dot on the end won't break anything
+ ok(
+ !gSSService.isSecureURI(
+ Services.io.newURI("https://notsts.nonexistent.example.com.")
+ )
+ );
+
+ // check that processing a header with max-age: 0 will remove a preloaded
+ // site from the list
+ let uri = Services.io.newURI("https://includesubdomains.preloaded.test");
+ let subDomainUri = Services.io.newURI(
+ "https://subdomain.includesubdomains.preloaded.test"
+ );
+ gSSService.processHeader(uri, "max-age=0");
+ ok(!gSSService.isSecureURI(uri));
+ ok(!gSSService.isSecureURI(subDomainUri));
+ // check that processing another header (with max-age non-zero) will
+ // re-enable a site's sts status
+ gSSService.processHeader(uri, "max-age=1000");
+ ok(gSSService.isSecureURI(uri));
+ // but this time include subdomains was not set, so test for that
+ ok(!gSSService.isSecureURI(subDomainUri));
+ gSSService.clearAll();
+
+ // check that processing a header with max-age: 0 from a subdomain of a site
+ // will not remove that (ancestor) site from the list
+ uri = Services.io.newURI(
+ "https://subdomain.noincludesubdomains.preloaded.test"
+ );
+ gSSService.processHeader(uri, "max-age=0");
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://noincludesubdomains.preloaded.test")
+ )
+ );
+ ok(!gSSService.isSecureURI(uri));
+
+ uri = Services.io.newURI(
+ "https://subdomain.includesubdomains.preloaded.test"
+ );
+ gSSService.processHeader(uri, "max-age=0");
+ // we received a header with "max-age=0", so we have "no information"
+ // regarding the sts state of subdomain.includesubdomains.preloaded.test specifically,
+ // but it is actually still an STS host, because of the preloaded
+ // includesubdomains.preloaded.test including subdomains.
+ // Here's a drawing:
+ // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+ // |-- subdomain.includesubdomains.preloaded.test IS sts host
+ // | `-- another.subdomain.includesubdomains.preloaded.test IS sts host
+ // `-- sibling.includesubdomains.preloaded.test IS sts host
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://includesubdomains.preloaded.test")
+ )
+ );
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+ )
+ );
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://sibling.includesubdomains.preloaded.test")
+ )
+ );
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI(
+ "https://another.subdomain.includesubdomains.preloaded.test"
+ )
+ )
+ );
+
+ gSSService.processHeader(uri, "max-age=1000");
+ // Here's what we have now:
+ // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+ // |-- subdomain.includesubdomains.preloaded.test (include subdomains is false) IS sts host
+ // | `-- another.subdomain.includesubdomains.preloaded.test IS sts host
+ // `-- sibling.includesubdomains.preloaded.test IS sts host
+ // Note that another.subdomain.includesubdomains.preloaded.test IS still an sts host, because
+ // there exists a superdomain that is sts and asserts includeSubdomains (namely,
+ // includesubdomains.preloaded.test)
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+ )
+ );
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://sibling.includesubdomains.preloaded.test")
+ )
+ );
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI(
+ "https://another.subdomain.includesubdomains.preloaded.test"
+ )
+ )
+ );
+
+ // Test that an expired non-private browsing entry results in correctly
+ // identifying a host that is on the preload list as no longer sts.
+ // (This happens when we're in regular browsing mode, we get a header from
+ // a site on the preload list, and that header later expires. We need to
+ // then treat that host as no longer an sts host.)
+ // (sanity check first - this should be in the preload list)
+ uri = Services.io.newURI("https://includesubdomains2.preloaded.test");
+ ok(gSSService.isSecureURI(uri));
+ gSSService.processHeader(uri, "max-age=1");
+ do_timeout(1250, function () {
+ ok(!gSSService.isSecureURI(uri));
+ run_next_test();
+ });
+}
+
+const PRIVATE_ORIGIN_ATTRIBUTES = { privateBrowsingId: 1 };
+
+function test_private_browsing1() {
+ gSSService.clearAll();
+ let uri = Services.io.newURI("https://includesubdomains.preloaded.test");
+ let subDomainUri = Services.io.newURI(
+ "https://a.b.c.subdomain.includesubdomains.preloaded.test"
+ );
+ // sanity - includesubdomains.preloaded.test is preloaded, includeSubdomains set
+ ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+ ok(gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+ gSSService.processHeader(uri, "max-age=0", PRIVATE_ORIGIN_ATTRIBUTES);
+ ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+ ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+ // check adding it back in
+ gSSService.processHeader(uri, "max-age=1000", PRIVATE_ORIGIN_ATTRIBUTES);
+ ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+ // but no includeSubdomains this time
+ ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+ // do the hokey-pokey...
+ gSSService.processHeader(uri, "max-age=0", PRIVATE_ORIGIN_ATTRIBUTES);
+ ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+ ok(!gSSService.isSecureURI(subDomainUri, PRIVATE_ORIGIN_ATTRIBUTES));
+
+ // Test that an expired private browsing entry results in correctly
+ // identifying a host that is on the preload list as no longer sts.
+ // (This happens when we're in private browsing mode, we get a header from
+ // a site on the preload list, and that header later expires. We need to
+ // then treat that host as no longer an sts host.)
+ // (sanity check first - this should be in the preload list)
+ uri = Services.io.newURI("https://includesubdomains2.preloaded.test");
+ ok(gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+ gSSService.processHeader(uri, "max-age=1", PRIVATE_ORIGIN_ATTRIBUTES);
+ do_timeout(1250, function () {
+ ok(!gSSService.isSecureURI(uri, PRIVATE_ORIGIN_ATTRIBUTES));
+ // Simulate leaving private browsing mode
+ Services.obs.notifyObservers(null, "last-pb-context-exited");
+ });
+}
+
+function test_private_browsing2() {
+ // if this test gets this far, it means there's a private browsing service
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://includesubdomains.preloaded.test")
+ )
+ );
+ // the includesubdomains.preloaded.test entry has includeSubdomains set
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://subdomain.includesubdomains.preloaded.test")
+ )
+ );
+
+ // Now that we're out of private browsing mode, we need to make sure
+ // we've "forgotten" that we "forgot" this site's sts status.
+ ok(
+ gSSService.isSecureURI(
+ Services.io.newURI("https://includesubdomains2.preloaded.test")
+ )
+ );
+
+ run_next_test();
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-14 11:25:06 +0000