From 4c2087cc6249fc3d99a9e4b8b3fa31ce8150f3a8 Mon Sep 17 00:00:00 2001
From: Barret Rennie <barret@brennie.ca>
Date: Tue, 6 Aug 2019 17:55:56 +0000
Subject: [PATCH] Bug 1564221 - Do not use FakeTransportSecurityInfo in
 test_sss_originAttributes.js r=keeler

As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use
JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch
migrates `test_sss_originAttributes.js` to use `add_connection_test()` to get a
valid `nsITransportSecurityInfo` instance for the unit tests.

Differential Revision: https://phabricator.services.mozilla.com/D40351

--HG--
extra : moz-landing-system : lando
---
 .../tests/unit/test_sss_originAttributes.js   | 84 ++++++++++---------
 security/manager/ssl/tests/unit/xpcshell.ini  |  1 +
 2 files changed, 47 insertions(+), 38 deletions(-)

diff --git a/security/manager/ssl/tests/unit/test_sss_originAttributes.js b/security/manager/ssl/tests/unit/test_sss_originAttributes.js
index a1de2edb29e5..150b82122ed1 100644
--- a/security/manager/ssl/tests/unit/test_sss_originAttributes.js
+++ b/security/manager/ssl/tests/unit/test_sss_originAttributes.js
@@ -30,27 +30,13 @@ Services.prefs.setBoolPref(
   true
 );
 
-let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
-  Ci.nsIX509CertDB
-);
-addCertFromFile(certdb, "test_pinning_dynamic/pinningroot.pem", "CTu,CTu,CTu");
-
 let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
-let host = "a.pinning2.example.com";
+let host = "a.pinning.example.com";
 let uri = Services.io.newURI("https://" + host);
 
-// This test re-uses certificates from pinning tests because that's easier and
-// simpler than recreating new certificates, hence the slightly longer than
-// necessary domain name.
-let secInfo = new FakeTransportSecurityInfo(
-  constructCertFromFile(
-    "test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem"
-  )
-);
-
 // Check if originAttributes1 and originAttributes2 are isolated with respect
 // to HSTS/HPKP storage.
-function doTest(originAttributes1, originAttributes2, shouldShare) {
+function doTest(secInfo, originAttributes1, originAttributes2, shouldShare) {
   sss.clearAll();
   for (let type of [
     Ci.nsISiteSecurityService.HEADER_HSTS,
@@ -139,7 +125,7 @@ function doTest(originAttributes1, originAttributes2, shouldShare) {
   );
 }
 
-function testInvalidOriginAttributes(originAttributes) {
+function testInvalidOriginAttributes(secInfo, originAttributes) {
   for (let type of [
     Ci.nsISiteSecurityService.HEADER_HSTS,
     Ci.nsISiteSecurityService.HEADER_HPKP,
@@ -188,27 +174,49 @@ function testInvalidOriginAttributes(originAttributes) {
   );
 }
 
-function run_test() {
+function add_tests() {
   sss.clearAll();
-  let originAttributesList = [];
-  for (let userContextId of [0, 1, 2]) {
-    for (let firstPartyDomain of ["", "foo.com", "bar.com"]) {
-      originAttributesList.push({ userContextId, firstPartyDomain });
-    }
-  }
-  for (let attrs1 of originAttributesList) {
-    for (let attrs2 of originAttributesList) {
-      // SSS storage is not isolated by userContext
-      doTest(
-        attrs1,
-        attrs2,
-        attrs1.firstPartyDomain == attrs2.firstPartyDomain
-      );
-    }
-  }
 
-  testInvalidOriginAttributes(undefined);
-  testInvalidOriginAttributes(null);
-  testInvalidOriginAttributes(1);
-  testInvalidOriginAttributes("foo");
+  let secInfo = null;
+  add_connection_test(
+    "a.pinning.example.com",
+    PRErrorCodeSuccess,
+    undefined,
+    aSecInfo => {
+      secInfo = aSecInfo;
+    }
+  );
+
+  add_task(function() {
+    let originAttributesList = [];
+    for (let userContextId of [0, 1, 2]) {
+      for (let firstPartyDomain of ["", "foo.com", "bar.com"]) {
+        originAttributesList.push({ userContextId, firstPartyDomain });
+      }
+    }
+    for (let attrs1 of originAttributesList) {
+      for (let attrs2 of originAttributesList) {
+        // SSS storage is not isolated by userContext
+        doTest(
+          secInfo,
+          attrs1,
+          attrs2,
+          attrs1.firstPartyDomain == attrs2.firstPartyDomain
+        );
+      }
+    }
+
+    testInvalidOriginAttributes(secInfo, undefined);
+    testInvalidOriginAttributes(secInfo, null);
+    testInvalidOriginAttributes(secInfo, 1);
+    testInvalidOriginAttributes(secInfo, "foo");
+  });
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
+
+  add_tests();
+
+  run_next_test();
 }
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini
index 76520087856d..2d4834406005 100644
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -194,6 +194,7 @@ run-sequentially = hardcoded ports
 run-sequentially = hardcoded ports
 [test_sss_eviction.js]
 [test_sss_originAttributes.js]
+run-sequentially = hardcoded ports
 [test_sss_readstate.js]
 [test_sss_readstate_child.js]
 support-files = sss_readstate_child_worker.js