1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
"use strict";
let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService(
Ci.nsIClientAuthRememberService
);
let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
Ci.nsIX509CertDB
);
function getOAWithPartitionKey(
{ scheme = "https", topLevelBaseDomain, port = null } = {},
originAttributes = {}
) {
if (!topLevelBaseDomain || !scheme) {
return originAttributes;
}
return {
...originAttributes,
partitionKey: `(${scheme},${topLevelBaseDomain}${port ? `,${port}` : ""})`,
};
}
// These are not actual server and client certs. The ClientAuthRememberService
// does not care which certs we store decisions for, as long as they're valid.
let [clientCert] = certDB.getCerts();
function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) {
let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
cars.rememberDecisionScriptable(host, attrs, clientCert);
}
function testSecurityInfo({
host,
topLevelBaseDomain,
originAttributes = {},
expected = true,
}) {
let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
let messageSuffix = `for ${host}`;
if (topLevelBaseDomain) {
messageSuffix += ` partitioned under ${topLevelBaseDomain}`;
}
let hasRemembered = cars.hasRememberedDecisionScriptable(host, attrs, {});
Assert.equal(
hasRemembered,
expected,
`CAR ${expected ? "is set" : "is not set"} ${messageSuffix}`
);
}
function addTestEntries() {
let entries = [
{ host: "example.net" },
{ host: "test.example.net" },
{ host: "example.org" },
{ host: "example.com", topLevelBaseDomain: "example.net" },
{
host: "test.example.net",
topLevelBaseDomain: "example.org",
},
{
host: "foo.example.com",
originAttributes: {
privateBrowsingId: 1,
},
},
];
info("Add test state");
entries.forEach(addSecurityInfo);
info("Ensure we have the correct state initially");
entries.forEach(testSecurityInfo);
}
add_task(async () => {
addTestEntries();
info("Should not be set for unrelated host");
[undefined, "example.org", "example.net", "example.com"].forEach(
topLevelBaseDomain =>
testSecurityInfo({
host: "mochit.test",
topLevelBaseDomain,
expected: false,
})
);
info("Should not be set for unrelated subdomain");
testSecurityInfo({ host: "foo.example.net", expected: false });
info("Should not be set for unpartitioned first party");
testSecurityInfo({
host: "example.com",
expected: false,
});
info("Should not be set under different first party");
testSecurityInfo({
host: "example.com",
topLevelBaseDomain: "example.org",
expected: false,
});
testSecurityInfo({
host: "test.example.net",
topLevelBaseDomain: "example.com",
expected: false,
});
info("Should not be set in partitioned context");
["example.com", "example.net", "example.org", "mochi.test"].forEach(
topLevelBaseDomain =>
testSecurityInfo({
host: "foo.example.com",
topLevelBaseDomain,
expected: false,
})
);
// Cleanup
cars.clearRememberedDecisions();
});
|
