зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1224478 - Replace do_check_* calls with their Assert.jsm equivalents in PSM xpcshell tests. r=keeler
Also replaces if-do_throw() blocks with equivalent Assert.jsm method calls.
This commit is contained in:
Cykesiopka
Родитель
aaae326704
Коммит
af62dfe8e5
|
|
@ -2,21 +2,21 @@ function run_test() {
|
|||
var SSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"expired.example.com", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.bugzilla.mozilla.org", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"incsubdomain.example.com", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.incsubdomain.example.com", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.login.persona.org", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"expired.example.com", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.bugzilla.mozilla.org", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"incsubdomain.example.com", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.incsubdomain.example.com", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.login.persona.org", 0));
|
||||
do_test_finished();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -174,20 +174,20 @@ var tests = [
|
|||
function run_test() {
|
||||
var verifier = Cc["@mozilla.org/security/datasignatureverifier;1"].
|
||||
createInstance(Ci.nsIDataSignatureVerifier);
|
||||
|
||||
|
||||
for (var t = 0; t < tests.length; t++) {
|
||||
let testShouldThrow = tests[t][4];
|
||||
try {
|
||||
var result = verifier.verifyData(data[tests[t][0]],
|
||||
signatures[tests[t][1]],
|
||||
keys[tests[t][2]]);
|
||||
if (tests[t][4])
|
||||
do_throw("Test " + t + " didn't throw");
|
||||
if (result != tests[t][3])
|
||||
do_throw("Test " + t + " was " + result + " but should have been " + tests[t][3]);
|
||||
ok(!testShouldThrow,
|
||||
`Test ${t} should reach here only if not expected to throw`);
|
||||
equal(result, tests[t][3],
|
||||
`Actual and expected result should match for test ${t}`);
|
||||
}
|
||||
catch (e) {
|
||||
if (!tests[t][4])
|
||||
do_throw("Test " + t + " threw " + e);
|
||||
ok(testShouldThrow, `Test ${t} should throw only if expected to: ${e}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,22 +71,14 @@ function doHash(algo, value, cmp) {
|
|||
value = converter.convertToByteArray(value);
|
||||
hash.update(value, value.length);
|
||||
var hash1 = hexdigest(hash.finish(false));
|
||||
if (cmp != hash1) {
|
||||
do_throw("Hash mismatch!\n" +
|
||||
" Expected: " + cmp + "\n" +
|
||||
" Actual: " + hash1 + "\n" +
|
||||
" Algo: " + algo);
|
||||
}
|
||||
equal(hash1, cmp,
|
||||
`Actual and expected hash for ${algo} should match`);
|
||||
|
||||
hash.initWithString(algo);
|
||||
hash.update(value, value.length);
|
||||
var hash2 = hexdigest(hash.finish(false));
|
||||
if (cmp != hash2) {
|
||||
do_throw("Hash mismatch after crypto hash re-init!\n" +
|
||||
" Expected: " + cmp + "\n" +
|
||||
" Actual: " + hash2 + "\n" +
|
||||
" Algo: " + algo);
|
||||
}
|
||||
equal(hash2, cmp,
|
||||
`Actual and expected hash for ${algo} should match after re-init`);
|
||||
}
|
||||
|
||||
function doHashStream(algo, value, cmp) {
|
||||
|
|
@ -97,12 +89,8 @@ function doHashStream(algo, value, cmp) {
|
|||
var stream = converter.convertToInputStream(value);
|
||||
hash.updateFromStream(stream, stream.available());
|
||||
hash = hexdigest(hash.finish(false));
|
||||
if (cmp != hash) {
|
||||
do_throw("Hash mismatch!\n" +
|
||||
" Expected: " + cmp + "\n" +
|
||||
" Actual: " + hash + "\n" +
|
||||
" Algo: " + algo);
|
||||
}
|
||||
equal(hash, cmp,
|
||||
`Actual and expected hash for ${algo} should match updating from stream`);
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
|
|
@ -110,7 +98,7 @@ function run_test() {
|
|||
hashes[algo].forEach(
|
||||
function(e, i) {
|
||||
doHash(algo, messages[i], e);
|
||||
|
||||
|
||||
if (messages[i].length) {
|
||||
// this test doesn't work for empty string/stream
|
||||
doHashStream(algo, messages[i], e);
|
||||
|
|
|
|||
|
|
@ -9,11 +9,11 @@ var gSSService = null;
|
|||
var gProfileDir = null;
|
||||
|
||||
function do_state_written(aSubject, aTopic, aData) {
|
||||
do_check_eq(aData, SSS_STATE_FILE_NAME);
|
||||
equal(aData, SSS_STATE_FILE_NAME);
|
||||
|
||||
let stateFile = gProfileDir.clone();
|
||||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
do_check_true(stateFile.exists());
|
||||
ok(stateFile.exists());
|
||||
let stateFileContents = readFile(stateFile);
|
||||
// the last part is removed because it's the empty string after the final \n
|
||||
let lines = stateFileContents.split('\n').slice(0, -1);
|
||||
|
|
@ -35,15 +35,15 @@ function do_state_written(aSubject, aTopic, aData) {
|
|||
}
|
||||
}
|
||||
|
||||
do_check_true(foundLegitSite);
|
||||
ok(foundLegitSite);
|
||||
do_test_finished();
|
||||
}
|
||||
|
||||
function do_state_read(aSubject, aTopic, aData) {
|
||||
do_check_eq(aData, SSS_STATE_FILE_NAME);
|
||||
equal(aData, SSS_STATE_FILE_NAME);
|
||||
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"frequentlyused.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"frequentlyused.example.com", 0));
|
||||
let sslStatus = new FakeSSLStatus();
|
||||
for (let i = 0; i < 2000; i++) {
|
||||
let uri = Services.io.newURI("http://bad" + i + ".example.com", null, null);
|
||||
|
|
@ -62,7 +62,7 @@ function run_test() {
|
|||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
// Assuming we're working with a clean slate, the file shouldn't exist
|
||||
// until we create it.
|
||||
do_check_false(stateFile.exists());
|
||||
ok(!stateFile.exists());
|
||||
let outputStream = FileUtils.openFileOutputStream(stateFile);
|
||||
let now = (new Date()).getTime();
|
||||
let line = "frequentlyused.example.com:HSTS\t4\t0\t" + (now + 100000) + ",1,0\n";
|
||||
|
|
@ -72,5 +72,5 @@ function run_test() {
|
|||
do_test_pending();
|
||||
gSSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_true(gSSService != null);
|
||||
notEqual(gSSService, null);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,43 +12,43 @@ function writeLine(aLine, aOutputStream) {
|
|||
var gSSService = null;
|
||||
|
||||
function checkStateRead(aSubject, aTopic, aData) {
|
||||
do_check_eq(aData, SSS_STATE_FILE_NAME);
|
||||
equal(aData, SSS_STATE_FILE_NAME);
|
||||
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"expired.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"incsubdomain.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.incsubdomain.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.login.persona.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"expired.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"incsubdomain.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.incsubdomain.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.login.persona.org", 0));
|
||||
|
||||
// Clearing the data should make everything go back to default.
|
||||
gSSService.clearAll();
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"expired.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.bugzilla.mozilla.org", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"incsubdomain.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.incsubdomain.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.login.persona.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"expired.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.bugzilla.mozilla.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"incsubdomain.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.incsubdomain.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.login.persona.org", 0));
|
||||
do_test_finished();
|
||||
}
|
||||
|
||||
|
|
@ -58,7 +58,7 @@ function run_test() {
|
|||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
// Assuming we're working with a clean slate, the file shouldn't exist
|
||||
// until we create it.
|
||||
do_check_false(stateFile.exists());
|
||||
ok(!stateFile.exists());
|
||||
let outputStream = FileUtils.openFileOutputStream(stateFile);
|
||||
let now = (new Date()).getTime();
|
||||
writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream);
|
||||
|
|
@ -73,5 +73,5 @@ function run_test() {
|
|||
do_test_pending();
|
||||
gSSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_true(gSSService != null);
|
||||
notEqual(gSSService, null);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ function run_test() {
|
|||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
// Assuming we're working with a clean slate, the file shouldn't exist
|
||||
// until we create it.
|
||||
do_check_false(stateFile.exists());
|
||||
ok(!stateFile.exists());
|
||||
let outputStream = FileUtils.openFileOutputStream(stateFile);
|
||||
let now = (new Date()).getTime();
|
||||
writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream);
|
||||
|
|
@ -36,5 +36,5 @@ function run_test() {
|
|||
do_test_pending();
|
||||
var SSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_true(SSService != null);
|
||||
notEqual(SSService, null);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,15 +9,15 @@ var gSSService = null;
|
|||
|
||||
function checkStateRead(aSubject, aTopic, aData) {
|
||||
// nonexistent.example.com should never be an HSTS host
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"nonexistent.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"nonexistent.example.com", 0));
|
||||
// bugzilla.mozilla.org is preloaded
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
// notexpired.example.com is an HSTS host in a different test - we
|
||||
// want to make sure that test hasn't interfered with this one.
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notexpired.example.com", 0));
|
||||
do_test_finished();
|
||||
}
|
||||
|
||||
|
|
@ -27,14 +27,14 @@ function run_test() {
|
|||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
// Assuming we're working with a clean slate, the file shouldn't exist
|
||||
// until we create it.
|
||||
do_check_false(stateFile.exists());
|
||||
ok(!stateFile.exists());
|
||||
stateFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0x1a4); // 0x1a4 == 0644
|
||||
do_check_true(stateFile.exists());
|
||||
ok(stateFile.exists());
|
||||
// Initialize nsISiteSecurityService after do_get_profile() so it
|
||||
// can read the state file.
|
||||
Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
|
||||
do_test_pending();
|
||||
gSSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_true(gSSService != null);
|
||||
notEqual(gSSService, null);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -12,16 +12,16 @@ function writeLine(aLine, aOutputStream) {
|
|||
var gSSService = null;
|
||||
|
||||
function checkStateRead(aSubject, aTopic, aData) {
|
||||
do_check_eq(aData, SSS_STATE_FILE_NAME);
|
||||
equal(aData, SSS_STATE_FILE_NAME);
|
||||
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example2.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example3.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example2.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example3.example.com", 0));
|
||||
do_test_finished();
|
||||
}
|
||||
|
||||
|
|
@ -31,7 +31,7 @@ function run_test() {
|
|||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
// Assuming we're working with a clean slate, the file shouldn't exist
|
||||
// until we create it.
|
||||
do_check_false(stateFile.exists());
|
||||
ok(!stateFile.exists());
|
||||
let outputStream = FileUtils.openFileOutputStream(stateFile);
|
||||
let now = (new Date()).getTime();
|
||||
writeLine("example1.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
|
||||
|
|
@ -47,5 +47,5 @@ function run_test() {
|
|||
do_test_pending();
|
||||
gSSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_true(gSSService != null);
|
||||
notEqual(gSSService, null);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,22 +13,22 @@ function writeLine(aLine, aOutputStream) {
|
|||
var gSSService = null;
|
||||
|
||||
function checkStateRead(aSubject, aTopic, aData) {
|
||||
do_check_eq(aData, SSS_STATE_FILE_NAME);
|
||||
equal(aData, SSS_STATE_FILE_NAME);
|
||||
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example0.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example423.example.com", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1023.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1024.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1025.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example9000.example.com", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example99999.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example0.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example423.example.com", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1023.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1024.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example1025.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example9000.example.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example99999.example.com", 0));
|
||||
do_test_finished();
|
||||
}
|
||||
|
||||
|
|
@ -38,7 +38,7 @@ function run_test() {
|
|||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
// Assuming we're working with a clean slate, the file shouldn't exist
|
||||
// until we create it.
|
||||
do_check_false(stateFile.exists());
|
||||
ok(!stateFile.exists());
|
||||
let outputStream = FileUtils.openFileOutputStream(stateFile);
|
||||
let now = (new Date()).getTime();
|
||||
for (let i = 0; i < 10000; i++) {
|
||||
|
|
@ -51,5 +51,5 @@ function run_test() {
|
|||
do_test_pending();
|
||||
gSSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_true(gSSService != null);
|
||||
notEqual(gSSService, null);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,15 +17,15 @@ const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
|
|||
// separated by newlines ('\n')
|
||||
|
||||
function checkStateWritten(aSubject, aTopic, aData) {
|
||||
do_check_eq(aData, SSS_STATE_FILE_NAME);
|
||||
equal(aData, SSS_STATE_FILE_NAME);
|
||||
|
||||
let stateFile = gProfileDir.clone();
|
||||
stateFile.append(SSS_STATE_FILE_NAME);
|
||||
do_check_true(stateFile.exists());
|
||||
ok(stateFile.exists());
|
||||
let stateFileContents = readFile(stateFile);
|
||||
// the last line is removed because it's just a trailing newline
|
||||
let lines = stateFileContents.split('\n').slice(0, -1);
|
||||
do_check_eq(lines.length, EXPECTED_ENTRIES);
|
||||
equal(lines.length, EXPECTED_ENTRIES);
|
||||
let sites = {}; // a map of domain name -> [the entry in the state file]
|
||||
for (let line of lines) {
|
||||
let parts = line.split('\t');
|
||||
|
|
@ -37,7 +37,7 @@ function checkStateWritten(aSubject, aTopic, aData) {
|
|||
if (host.indexOf("HPKP") != -1) {
|
||||
expectedColumns = EXPECTED_HPKP_COLUMNS;
|
||||
}
|
||||
do_check_eq(entry.length, expectedColumns);
|
||||
equal(entry.length, expectedColumns);
|
||||
sites[host] = entry;
|
||||
}
|
||||
|
||||
|
|
@ -85,7 +85,7 @@ function checkStateWritten(aSubject, aTopic, aData) {
|
|||
if (sites["dynamic-pin.example.com:HPKP"][2] != 1) {
|
||||
return;
|
||||
}
|
||||
do_check_eq(sites["dynamic-pin.example.com:HPKP"][3], NON_ISSUED_KEY_HASH);
|
||||
equal(sites["dynamic-pin.example.com:HPKP"][3], NON_ISSUED_KEY_HASH);
|
||||
|
||||
do_test_finished();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,50 +7,47 @@
|
|||
function run_test() {
|
||||
let SSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com.", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com.", 0));
|
||||
// These cases are only relevant as long as bug 1118522 hasn't been fixed.
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com..", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com..", 0));
|
||||
|
||||
let uri = Services.io.newURI("https://example.com", null, null);
|
||||
let sslStatus = new FakeSSLStatus();
|
||||
SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=1000;includeSubdomains", sslStatus, 0);
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com.", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com..", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com.", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com..", 0));
|
||||
|
||||
do_check_true(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
uri, 0));
|
||||
ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
|
||||
uri = Services.io.newURI("https://example.com.", null, null);
|
||||
do_check_true(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
uri, 0));
|
||||
ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
|
||||
uri = Services.io.newURI("https://example.com..", null, null);
|
||||
do_check_true(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
uri, 0));
|
||||
ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
|
||||
|
||||
SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com.", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com..", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com.", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.com..", 0));
|
||||
|
||||
// Somehow creating this malformed URI succeeds - we need to handle it
|
||||
// gracefully.
|
||||
uri = Services.io.newURI("https://../foo", null, null);
|
||||
do_check_eq(uri.host, "..");
|
||||
equal(uri.host, "..");
|
||||
try {
|
||||
SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
|
||||
do_check_false(true); // this shouldn't run
|
||||
ok(false); // this shouldn't run
|
||||
} catch (e) {
|
||||
do_check_eq(e.result, Cr.NS_ERROR_UNEXPECTED);
|
||||
equal(e.result, Cr.NS_ERROR_UNEXPECTED);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,27 +10,25 @@
|
|||
function run_test() {
|
||||
let SSService = Cc["@mozilla.org/ssservice;1"]
|
||||
.getService(Ci.nsISiteSecurityService);
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"chart.apis.google.com", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"CHART.APIS.GOOGLE.COM", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.chart.apis.google.com", 0));
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"SUB.CHART.APIS.GOOGLE.COM", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.apis.google.com", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"EXAMPLE.APIS.GOOGLE.COM", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.example.apis.google.com", 0));
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"SUB.EXAMPLE.APIS.GOOGLE.COM", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"chart.apis.google.com", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"CHART.APIS.GOOGLE.COM", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.chart.apis.google.com", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"SUB.CHART.APIS.GOOGLE.COM", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"example.apis.google.com", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"EXAMPLE.APIS.GOOGLE.COM", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sub.example.apis.google.com", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"SUB.EXAMPLE.APIS.GOOGLE.COM", 0));
|
||||
// also check isSecureURI
|
||||
let chartURI = Services.io.newURI("http://chart.apis.google.com", null, null);
|
||||
do_check_false(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
chartURI, 0));
|
||||
ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, chartURI, 0));
|
||||
let otherURI = Services.io.newURI("http://other.apis.google.com", null, null);
|
||||
do_check_true(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
otherURI, 0));
|
||||
ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, otherURI, 0));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
function check_ip(s, v, ip) {
|
||||
let sslStatus = new FakeSSLStatus();
|
||||
do_check_false(s.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, ip, 0));
|
||||
ok(!s.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, ip, 0));
|
||||
|
||||
let str = "https://";
|
||||
if (v == 6) {
|
||||
|
|
@ -25,8 +25,8 @@ function check_ip(s, v, ip) {
|
|||
* If processHeader indeed ignore the header, then the output parameters will
|
||||
* remain empty, and we shouldn't see the values passed as the header.
|
||||
*/
|
||||
do_check_neq(parsedMaxAge.value, 1000);
|
||||
do_check_neq(parsedIncludeSubdomains.value, true);
|
||||
notEqual(parsedMaxAge.value, 1000);
|
||||
notEqual(parsedIncludeSubdomains.value, true);
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
|
|
|
|||
|
|
@ -36,55 +36,54 @@ function run_test() {
|
|||
|
||||
function test_part1() {
|
||||
// check that a host not in the list is not identified as an sts host
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"nonexistent.mozilla.com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"nonexistent.mozilla.com", 0));
|
||||
|
||||
// check that an ancestor domain is not identified as an sts host
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"com", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "com", 0));
|
||||
|
||||
// check that the pref to toggle using the preload list works
|
||||
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true);
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
|
||||
// check that a subdomain is an sts host (includeSubdomains is set)
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
|
||||
// check that another subdomain is an sts host (includeSubdomains is set)
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"a.b.c.def.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"a.b.c.def.bugzilla.mozilla.org", 0));
|
||||
|
||||
// check that a subdomain is not an sts host (includeSubdomains is not set)
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.www.torproject.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.www.torproject.org", 0));
|
||||
|
||||
// check that a host with a dot on the end won't break anything
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notsts.nonexistent.mozilla.com.", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"notsts.nonexistent.mozilla.com.", 0));
|
||||
|
||||
// check that processing a header with max-age: 0 will remove a preloaded
|
||||
// site from the list
|
||||
var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=0", sslStatus, 0);
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
// check that processing another header (with max-age non-zero) will
|
||||
// re-enable a site's sts status
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=1000", sslStatus, 0);
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
// but this time include subdomains was not set, so test for that
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
gSSService.clearAll();
|
||||
|
||||
// check that processing a header with max-age: 0 from a subdomain of a site
|
||||
|
|
@ -92,10 +91,10 @@ function test_part1() {
|
|||
var uri = Services.io.newURI("http://subdomain.www.torproject.org", null, null);
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=0", sslStatus, 0);
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"www.torproject.org", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.www.torproject.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"www.torproject.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.www.torproject.org", 0));
|
||||
|
||||
var uri = Services.io.newURI("http://subdomain.bugzilla.mozilla.org", null, null);
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
|
|
@ -109,14 +108,14 @@ function test_part1() {
|
|||
// |-- subdomain.bugzilla.mozilla.org IS sts host
|
||||
// | `-- another.subdomain.bugzilla.mozilla.org IS sts host
|
||||
// `-- sibling.bugzilla.mozilla.org IS sts host
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sibling.bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"another.subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sibling.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"another.subdomain.bugzilla.mozilla.org", 0));
|
||||
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=1000", sslStatus, 0);
|
||||
|
|
@ -125,12 +124,12 @@ function test_part1() {
|
|||
// |-- subdomain.bugzilla.mozilla.org (include subdomains is false) IS sts host
|
||||
// | `-- another.subdomain.bugzilla.mozilla.org IS NOT sts host
|
||||
// `-- sibling.bugzilla.mozilla.org IS sts host
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sibling.bugzilla.mozilla.org", 0));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"another.subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"sibling.bugzilla.mozilla.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"another.subdomain.bugzilla.mozilla.org", 0));
|
||||
|
||||
// Test that an expired non-private browsing entry results in correctly
|
||||
// identifying a host that is on the preload list as no longer sts.
|
||||
|
|
@ -138,14 +137,14 @@ function test_part1() {
|
|||
// a site on the preload list, and that header later expires. We need to
|
||||
// then treat that host as no longer an sts host.)
|
||||
// (sanity check first - this should be in the preload list)
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
var uri = Services.io.newURI("http://login.persona.org", null, null);
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=1", sslStatus, 0);
|
||||
do_timeout(1250, function() {
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
run_next_test();
|
||||
});
|
||||
}
|
||||
|
|
@ -155,35 +154,35 @@ const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
|
|||
function test_private_browsing1() {
|
||||
gSSService.clearAll();
|
||||
// sanity - bugzilla.mozilla.org is preloaded, includeSubdomains set
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
|
||||
var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=0", sslStatus, IS_PRIVATE);
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"a.b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"a.b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
|
||||
// check adding it back in
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=1000", sslStatus, IS_PRIVATE);
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
// but no includeSubdomains this time
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
|
||||
// do the hokey-pokey...
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=0", sslStatus, IS_PRIVATE);
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", IS_PRIVATE));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", IS_PRIVATE));
|
||||
|
||||
// Test that an expired private browsing entry results in correctly
|
||||
// identifying a host that is on the preload list as no longer sts.
|
||||
|
|
@ -191,14 +190,14 @@ function test_private_browsing1() {
|
|||
// a site on the preload list, and that header later expires. We need to
|
||||
// then treat that host as no longer an sts host.)
|
||||
// (sanity check first - this should be in the preload list)
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", IS_PRIVATE));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", IS_PRIVATE));
|
||||
var uri = Services.io.newURI("http://login.persona.org", null, null);
|
||||
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
|
||||
"max-age=1", sslStatus, IS_PRIVATE);
|
||||
do_timeout(1250, function() {
|
||||
do_check_false(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", IS_PRIVATE));
|
||||
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", IS_PRIVATE));
|
||||
// Simulate leaving private browsing mode
|
||||
Services.obs.notifyObservers(null, "last-pb-context-exited", null);
|
||||
});
|
||||
|
|
@ -206,16 +205,16 @@ function test_private_browsing1() {
|
|||
|
||||
function test_private_browsing2() {
|
||||
// if this test gets this far, it means there's a private browsing service
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
// the bugzilla.mozilla.org entry has includeSubdomains set
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"subdomain.bugzilla.mozilla.org", 0));
|
||||
|
||||
// Now that we're out of private browsing mode, we need to make sure
|
||||
// we've "forgotten" that we "forgot" this site's sts status.
|
||||
do_check_true(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"login.persona.org", 0));
|
||||
|
||||
run_next_test();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,19 +6,19 @@ function run_test() {
|
|||
.getService(Ci.nsISiteSecurityService);
|
||||
|
||||
// check that a host on the preload list is identified as an sts host
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
|
||||
// now simulate that it's 19 weeks later than it actually is
|
||||
let offsetSeconds = 19 * 7 * 24 * 60 * 60;
|
||||
Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
|
||||
|
||||
// check that the preloaded host is no longer considered sts
|
||||
do_check_false(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
|
||||
// just make sure we can get everything back to normal
|
||||
Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
|
||||
do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
|
||||
"bugzilla.mozilla.org", 0));
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче