зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1564221 - Do not use FakeTransportSecurityInfo in test_sss_resetState.js r=keeler
As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch migrates `test_sss_resetState.js` to use `add_connection_test()` to get a valid `nsITransportSecurityInfo` instance for the unit tests. Differential Revision: https://phabricator.services.mozilla.com/D40352 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
4c2087cc62
Коммит
a27ae13275
|
@ -10,42 +10,17 @@
|
||||||
|
|
||||||
do_get_profile();
|
do_get_profile();
|
||||||
|
|
||||||
var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
|
|
||||||
Ci.nsIX509CertDB
|
|
||||||
);
|
|
||||||
const ROOT_CERT = addCertFromFile(gCertDB, "bad_certs/test-ca.pem", "CTu,,");
|
|
||||||
|
|
||||||
var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
|
var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
|
||||||
Ci.nsISiteSecurityService
|
Ci.nsISiteSecurityService
|
||||||
);
|
);
|
||||||
|
|
||||||
function run_test() {
|
function test_removeState(secInfo, type, flags) {
|
||||||
Services.prefs.setBoolPref(
|
|
||||||
"security.cert_pinning.process_headers_from_non_builtin_roots",
|
|
||||||
true
|
|
||||||
);
|
|
||||||
test_removeState(Ci.nsISiteSecurityService.HEADER_HSTS, 0);
|
|
||||||
test_removeState(
|
|
||||||
Ci.nsISiteSecurityService.HEADER_HSTS,
|
|
||||||
Ci.nsISocketProvider.NO_PERMANENT_STORAGE
|
|
||||||
);
|
|
||||||
test_removeState(Ci.nsISiteSecurityService.HEADER_HPKP, 0);
|
|
||||||
test_removeState(
|
|
||||||
Ci.nsISiteSecurityService.HEADER_HPKP,
|
|
||||||
Ci.nsISocketProvider.NO_PERMANENT_STORAGE
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
function test_removeState(type, flags) {
|
|
||||||
info(`running test_removeState(type=${type}, flags=${flags})`);
|
info(`running test_removeState(type=${type}, flags=${flags})`);
|
||||||
const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
||||||
const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
|
const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
|
||||||
const PINNING_HEADERS = `pin-sha256="${NON_ISSUED_KEY_HASH}"; pin-sha256="${PINNING_ROOT_KEY_HASH}"`;
|
const PINNING_HEADERS = `pin-sha256="${NON_ISSUED_KEY_HASH}"; pin-sha256="${PINNING_ROOT_KEY_HASH}"`;
|
||||||
let headerAddendum =
|
let headerAddendum =
|
||||||
type == Ci.nsISiteSecurityService.HEADER_HPKP ? PINNING_HEADERS : "";
|
type == Ci.nsISiteSecurityService.HEADER_HPKP ? PINNING_HEADERS : "";
|
||||||
let secInfo = new FakeTransportSecurityInfo(
|
|
||||||
constructCertFromFile("bad_certs/default-ee.pem")
|
|
||||||
);
|
|
||||||
// Simulate visiting a non-preloaded site by processing an HSTS or HPKP header
|
// Simulate visiting a non-preloaded site by processing an HSTS or HPKP header
|
||||||
// (depending on which type we were given), check that the HSTS/HPKP bit gets
|
// (depending on which type we were given), check that the HSTS/HPKP bit gets
|
||||||
// set, simulate "forget about this site" (call removeState), and then check
|
// set, simulate "forget about this site" (call removeState), and then check
|
||||||
|
@ -124,3 +99,49 @@ function test_removeState(type, flags) {
|
||||||
gSSService.resetState(type, preloadedURI, flags);
|
gSSService.resetState(type, preloadedURI, flags);
|
||||||
ok(gSSService.isSecureURI(type, preloadedURI, flags));
|
ok(gSSService.isSecureURI(type, preloadedURI, flags));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function add_tests() {
|
||||||
|
let secInfo = null;
|
||||||
|
add_connection_test(
|
||||||
|
"not-preloaded.example.com",
|
||||||
|
PRErrorCodeSuccess,
|
||||||
|
undefined,
|
||||||
|
aSecInfo => {
|
||||||
|
secInfo = aSecInfo;
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
add_task(() => {
|
||||||
|
test_removeState(secInfo, Ci.nsISiteSecurityService.HEADER_HSTS, 0);
|
||||||
|
test_removeState(
|
||||||
|
secInfo,
|
||||||
|
Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||||
|
Ci.nsISocketProvider.NO_PERMANENT_STORAGE
|
||||||
|
);
|
||||||
|
|
||||||
|
test_removeState(secInfo, Ci.nsISiteSecurityService.HEADER_HPKP, 0);
|
||||||
|
test_removeState(
|
||||||
|
secInfo,
|
||||||
|
Ci.nsISiteSecurityService.HEADER_HPKP,
|
||||||
|
Ci.nsISocketProvider.NO_PERMANENT_STORAGE
|
||||||
|
);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
registerCleanupFunction(() => {
|
||||||
|
Services.prefs.clearUserPref(
|
||||||
|
"sercurity.cert_pinning.process_headers_from_non_builtin_roots"
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
function run_test() {
|
||||||
|
Services.prefs.setBoolPref(
|
||||||
|
"security.cert_pinning.process_headers_from_non_builtin_roots",
|
||||||
|
true
|
||||||
|
);
|
||||||
|
|
||||||
|
add_tls_server_setup("BadCertAndPinningServer", "bad_certs");
|
||||||
|
|
||||||
|
add_tests();
|
||||||
|
run_next_test();
|
||||||
|
}
|
||||||
|
|
|
@ -85,6 +85,7 @@ const BadCertAndPinningHost sBadCertAndPinningHosts[] = {
|
||||||
{"localhost", "unknownissuer"},
|
{"localhost", "unknownissuer"},
|
||||||
{"a.pinning.example.com", "default-ee"},
|
{"a.pinning.example.com", "default-ee"},
|
||||||
{"b.pinning.example.com", "default-ee"},
|
{"b.pinning.example.com", "default-ee"},
|
||||||
|
{"not-preloaded.example.com", "default-ee"},
|
||||||
{nullptr, nullptr}};
|
{nullptr, nullptr}};
|
||||||
|
|
||||||
int32_t DoSNISocketConfigBySubjectCN(PRFileDesc* aFd,
|
int32_t DoSNISocketConfigBySubjectCN(PRFileDesc* aFd,
|
||||||
|
|
|
@ -204,6 +204,7 @@ skip-if = toolkit == 'android'
|
||||||
[test_sss_readstate_garbage.js]
|
[test_sss_readstate_garbage.js]
|
||||||
[test_sss_readstate_huge.js]
|
[test_sss_readstate_huge.js]
|
||||||
[test_sss_resetState.js]
|
[test_sss_resetState.js]
|
||||||
|
run-sequentially = hardcoded ports
|
||||||
[test_sss_savestate.js]
|
[test_sss_savestate.js]
|
||||||
[test_sss_sanitizeOnShutdown.js]
|
[test_sss_sanitizeOnShutdown.js]
|
||||||
firefox-appdir = browser
|
firefox-appdir = browser
|
||||||
|
|
Загрузка…
Ссылка в новой задаче