Bug 1336867 - Remove unsafeProcessHeader and isSecureHost in nsISiteSecurityService r=keeler,mgoodwin,past

--HG--
extra : rebase_source : e4a69e18154adf22e045c820ae2b3fd8a77877a6

browser/base/content/browser.js

@@ -3282,15 +3282,15 @@ function getDetailedCertErrorInfo(location, securityInfo) {
   const sss = Cc["@mozilla.org/ssservice;1"]
                  .getService(Ci.nsISiteSecurityService);
   // SiteSecurityService uses different storage if the channel is
-  // private. Thus we must give isSecureHost correct flags or we
+  // private. Thus we must give isSecureURI correct flags or we
   // might get incorrect results.
   let flags = PrivateBrowsingUtils.isWindowPrivate(window) ?
               Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
 
   let uri = Services.io.newURI(location);
 
-  let hasHSTS = sss.isSecureHost(sss.HEADER_HSTS, uri.host, flags);
+  let hasHSTS = sss.isSecureURI(sss.HEADER_HSTS, uri, flags);
-  let hasHPKP = sss.isSecureHost(sss.HEADER_HPKP, uri.host, flags);
+  let hasHPKP = sss.isSecureURI(sss.HEADER_HPKP, uri, flags);
   certErrorDetails += "\r\n\r\n" +
                       gNavigatorBundle.getFormattedString("certErrorDetailsHSTS.label",
                                                           [hasHSTS]);

devtools/client/debugger/new/debugger.js

@@ -8961,15 +8961,19 @@ var Debugger =
 	
 	
 	        // SiteSecurityService uses different storage if the channel is
-	        // private. Thus we must give isSecureHost correct flags or we
+	        // private. Thus we must give isSecureURI correct flags or we
 	        // might get incorrect results.
 	        let flags = (httpActivity.private) ?
 	                      Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
 	
-	        let host = httpActivity.hostname;
+                if (!uri) {
-	
+                  // isSecureURI only cares about the host, not the scheme.
-	        info.hsts = sss.isSecureHost(sss.HEADER_HSTS, host, flags);
+                  let host = httpActivity.hostname;
-	        info.hpkp = sss.isSecureHost(sss.HEADER_HPKP, host, flags);
+                  uri = Services.io.newURI("https://" + host);
+                }
+
+	        info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags);
+	        info.hpkp = sss.isSecureURI(sss.HEADER_HPKP, uri, flags);
 	      } else {
 	        DevToolsUtils.reportException("NetworkHelper.parseSecurityInfo",
 	          "Could not get HSTS/HPKP status as hostname is not available.");
@@ -37652,15 +37656,19 @@ var Debugger =
 	
 	
 	        // SiteSecurityService uses different storage if the channel is
-	        // private. Thus we must give isSecureHost correct flags or we
+	        // private. Thus we must give isSecureURI correct flags or we
 	        // might get incorrect results.
 	        let flags = (httpActivity.private) ?
 	                      Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
 	
-	        let host = httpActivity.hostname;
+                if (!uri) {
-	
+                  // isSecureURI only cares about the host, not the scheme.
-	        info.hsts = sss.isSecureHost(sss.HEADER_HSTS, host, flags);
+                  let host = httpActivity.hostname;
-	        info.hpkp = sss.isSecureHost(sss.HEADER_HPKP, host, flags);
+                  uri = Services.io.newURI("https://" + host);
+                }
+
+	        info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags);
+	        info.hpkp = sss.isSecureURI(sss.HEADER_HPKP, uri, flags);
 	      } else {
 	        DevToolsUtils.reportException("NetworkHelper.parseSecurityInfo",
 	          "Could not get HSTS/HPKP status as hostname is not available.");

devtools/shared/webconsole/network-helper.js

@@ -633,15 +633,19 @@ var NetworkHelper = {
                       .getService(Ci.nsISiteSecurityService);
 
         // SiteSecurityService uses different storage if the channel is
-        // private. Thus we must give isSecureHost correct flags or we
+        // private. Thus we must give isSecureURI correct flags or we
         // might get incorrect results.
         let flags = (httpActivity.private) ?
                       Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
 
-        let host = httpActivity.hostname;
+        if (!uri) {
+          // isSecureURI only cares about the host, not the scheme.
+          let host = httpActivity.hostname;
+          uri = Services.io.newURI("https://" + host);
+        }
 
-        info.hsts = sss.isSecureHost(sss.HEADER_HSTS, host, flags);
+        info.hsts = sss.isSecureURI(sss.HEADER_HSTS, uri, flags);
-        info.hpkp = sss.isSecureHost(sss.HEADER_HPKP, host, flags);
+        info.hpkp = sss.isSecureURI(sss.HEADER_HPKP, uri, flags);
       } else {
         DevToolsUtils.reportException("NetworkHelper.parseSecurityInfo",
           "Could not get HSTS/HPKP status as hostname is not available.");

security/manager/ssl/SSLServerCertVerification.cpp

@@ -511,22 +511,32 @@ CertErrorRunnable::CheckCertOverrides()
     return new SSLServerCertVerificationResult(mInfoObject,
                                                mDefaultErrorCodeToReport);
   }
-  nsresult nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HSTS,
+  nsCOMPtr<nsIURI> uri;
-                                    mInfoObject->GetHostName(),
+  nsresult nsrv = NS_NewURI(getter_AddRefs(uri),
-                                    mProviderFlags,
+                            NS_LITERAL_CSTRING("https://") +
-                                    nullptr,
+                            mInfoObject->GetHostName());
-                                    &strictTransportSecurityEnabled);
+  if (NS_FAILED(nsrv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p][%p] Creating new URI failed\n", mFdForLogging, this));
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+  nsrv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS,
+                          uri,
+                          mProviderFlags,
+                          nullptr,
+                          &strictTransportSecurityEnabled);
   if (NS_FAILED(nsrv)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
            ("[%p][%p] checking for HSTS failed\n", mFdForLogging, this));
     return new SSLServerCertVerificationResult(mInfoObject,
                                                mDefaultErrorCodeToReport);
   }
-  nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HPKP,
+  nsrv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HPKP,
-                           mInfoObject->GetHostName(),
+                          uri,
-                           mProviderFlags,
+                          mProviderFlags,
-                           nullptr,
+                          nullptr,
-                           &hasPinningInformation);
+                          &hasPinningInformation);
   if (NS_FAILED(nsrv)) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
            ("[%p][%p] checking for HPKP failed\n", mFdForLogging, this));

security/manager/ssl/nsISiteSecurityService.idl

@@ -121,18 +121,6 @@ interface nsISiteSecurityService : nsISupports
                        [optional] out boolean aIncludeSubdomains,
                        [optional] out uint32_t aFailureResult);
 
-    /**
-     * Same as processHeader but without checking for the security properties
-     * of the connection. Use ONLY for testing.
-     */
-    void unsafeProcessHeader(in uint32_t aType,
-                             in nsIURI aSourceURI,
-                             in ACString aHeader,
-                             in uint32_t aFlags,
-                             [optional] out unsigned long long aMaxAge,
-                             [optional] out boolean aIncludeSubdomains,
-                             [optional] out uint32_t aFailureResult);
-
     /**
      * Given a header type, removes state relating to that header of a host,
      * including the includeSubdomains state that would affect subdomains.
@@ -147,21 +135,6 @@ interface nsISiteSecurityService : nsISupports
                      in nsIURI aURI,
                      in uint32_t aFlags);
 
-    /**
-     * See isSecureURI
-     *
-     * @param aType the type of security state in question.
-     * @param aHost the hostname (punycode) to query for state.
-     * @param aFlags  options for this request as defined in nsISocketProvider:
-     *                  NO_PERMANENT_STORAGE
-     * @param aCached true if we have cached information regarding whether or not
-     *                  the host is HSTS, false otherwise.
-     */
-    boolean isSecureHost(in uint32_t aType,
-                         in ACString aHost,
-                         in uint32_t aFlags,
-                         [optional] out boolean aCached);
-
     /**
      * Checks whether or not the URI's hostname has a given security state set.
      * For example, for HSTS:

security/manager/ssl/nsSiteSecurityService.cpp

@@ -575,26 +575,6 @@ nsSiteSecurityService::ProcessHeader(uint32_t aType,
                                aFailureResult);
 }
 
-NS_IMETHODIMP
-nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType,
-                                           nsIURI* aSourceURI,
-                                           const nsACString& aHeader,
-                                           uint32_t aFlags,
-                                           uint64_t* aMaxAge,
-                                           bool* aIncludeSubdomains,
-                                           uint32_t* aFailureResult)
-{
-  // Child processes are not allowed direct access to this.
-  if (!XRE_IsParentProcess()) {
-    MOZ_CRASH("Child process: no direct access to "
-              "nsISiteSecurityService::UnsafeProcessHeader");
-  }
-
-  return ProcessHeaderInternal(aType, aSourceURI, PromiseFlatCString(aHeader),
-                               nullptr, aFlags, aMaxAge, aIncludeSubdomains,
-                               aFailureResult);
-}
-
 nsresult
 nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
                                              nsIURI* aSourceURI,
@@ -1217,7 +1197,7 @@ nsSiteSecurityService::HostHasHSTSEntry(const nsAutoCString& aHost,
   return false;
 }
 
-NS_IMETHODIMP
+nsresult
 nsSiteSecurityService::IsSecureHost(uint32_t aType, const nsACString& aHost,
                                     uint32_t aFlags, bool* aCached,
                                     bool* aResult)

security/manager/ssl/nsSiteSecurityService.h

@@ -172,6 +172,8 @@ private:
                         bool aRequireIncludeSubdomains, uint32_t aFlags,
                         bool* aResult, bool* aCached);
   const nsSTSPreload *GetPreloadListEntry(const char *aHost);
+  nsresult IsSecureHost(uint32_t aType, const nsACString& aHost,
+                        uint32_t aFlags, bool* aCached, bool* aResult);
 
   uint64_t mMaxMaxAge;
   bool mUsePreloadList;

security/manager/ssl/tests/gtest/moz.build

@@ -10,7 +10,6 @@ SOURCES += [
     'DeserializeCertTest.cpp',
     'MD4Test.cpp',
     'OCSPCacheTest.cpp',
-    'STSParserTest.cpp',
     'TLSIntoleranceTest.cpp',
 ]
 

security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js

@@ -54,7 +54,9 @@ function test() {
       uri = aWindow.Services.io.newURI("https://localhost/img.png");
       gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                                "max-age=1000", sslStatus, privacyFlags(aIsPrivateMode));
-      ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "localhost", privacyFlags(aIsPrivateMode)), "checking sts host");
+      ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                                privacyFlags(aIsPrivateMode)),
+                                "checking sts host");
 
       aCallback();
     }, {capture: true, once: true});

security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html

@@ -31,6 +31,7 @@
   Cu.import("resource://testing-common/BrowserTestUtils.jsm");
   Cu.import("resource://testing-common/ContentTask.jsm");
   Cu.import("resource://gre/modules/Task.jsm");
+  Cu.import("resource://gre/modules/Services.jsm");
 
   // This is how many sub-tests (testframes) in each round.
   // When the round begins, this will be initialized.
@@ -242,7 +243,9 @@
     let sss = Cc["@mozilla.org/ssservice;1"]
                 .getService(Ci.nsISiteSecurityService);
     let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
-    SimpleTest.info("State of example.com: " + sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "example.com", flags));
+    SimpleTest.info("State of example.com: " +
+      sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                      Services.io.newURI("https://example.com"), flags));
   }
 
   // These are executed in the order presented.

security/manager/ssl/tests/unit/sss_readstate_child_worker.js

@@ -5,21 +5,29 @@ function run_test() {
   let SSService = Cc["@mozilla.org/ssservice;1"]
                     .getService(Ci.nsISiteSecurityService);
 
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "expired.example.com", 0));
+                            Services.io.newURI("https://expired.example.com"),
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                            "notexpired.example.com", 0));
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                           Services.io.newURI("https://notexpired.example.com"),
-                            "bugzilla.mozilla.org", 0));
+                           0));
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "sub.bugzilla.mozilla.org", 0));
+                           Services.io.newURI("https://bugzilla.mozilla.org"),
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                           0));
-                            "incsubdomain.example.com", 0));
+  ok(!SSService.isSecureURI(
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                            "sub.incsubdomain.example.com", 0));
+       Services.io.newURI("https://sub.bugzilla.mozilla.org"), 0));
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(
-                             "login.persona.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://incsubdomain.example.com"), 0));
-                             "sub.login.persona.org", 0));
+  ok(SSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://sub.incsubdomain.example.com"), 0));
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            Services.io.newURI("https://login.persona.org"),
+                            0));
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            Services.io.newURI("https://sub.login.persona.org"),
+                            0));
   do_test_finished();
 }

security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js

@@ -54,20 +54,16 @@ add_task(function* () {
   sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
                     GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
 
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0),
-                             "a.pinning2.example.com", 0),
             "a.pinning2.example.com should be HSTS");
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
-                             "a.pinning2.example.com", 0),
             "a.pinning2.example.com should be HPKP");
 
   yield ForgetAboutSite.removeDataFromDomain("a.pinning2.example.com");
 
-  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  Assert.ok(!sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0),
-                              "a.pinning2.example.com", 0),
             "a.pinning2.example.com should not be HSTS now");
-  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  Assert.ok(!sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
-                              "a.pinning2.example.com", 0),
             "a.pinning2.example.com should not be HPKP now");
 });
 
@@ -81,11 +77,9 @@ add_task(function* () {
   sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
                     GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
 
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0),
-                             "a.pinning2.example.com", 0),
             "a.pinning2.example.com should be HSTS (subdomain case)");
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
-                             "a.pinning2.example.com", 0),
             "a.pinning2.example.com should be HPKP (subdomain case)");
 
   // Add an unrelated site to HSTS.  Not HPKP because we have no valid keys for
@@ -93,20 +87,17 @@ add_task(function* () {
   let unrelatedURI = Services.io.newURI("https://example.org");
   sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, unrelatedURI,
                     GOOD_MAX_AGE, sslStatus, 0);
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example.org", 0),
+                             unrelatedURI, 0), "example.org should be HSTS");
-            "example.org should be HSTS");
 
   yield ForgetAboutSite.removeDataFromDomain("example.com");
 
-  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  Assert.ok(!sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0),
-                              "a.pinning2.example.com", 0),
             "a.pinning2.example.com should not be HSTS now (subdomain case)");
-  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  Assert.ok(!sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
-                              "a.pinning2.example.com", 0),
             "a.pinning2.example.com should not be HPKP now (subdomain case)");
 
-  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  Assert.ok(sss.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example.org", 0),
+                             unrelatedURI, 0),
             "example.org should still be HSTS");
 });

security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js

@@ -45,8 +45,7 @@ function run_test() {
   let sslStatus = new FakeSSLStatus();
   SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                           "max-age=10000", sslStatus, 0);
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0),
-                            "localhost", 0),
      "Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" +
      " we wouldn't be testing what we think we're testing");
 

security/manager/ssl/tests/unit/test_pinning_dynamic.js

@@ -75,17 +75,21 @@ function run_test() {
 }
 
 function checkDefaultSiteHPKPStatus() {
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(gSSService.isSecureURI(
-                             "a.pinning2.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://a.pinning2.example.com"), 0),
      "a.pinning2.example.com should have HPKP status");
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(!gSSService.isSecureURI(
-                              "x.a.pinning2.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://x.a.pinning2.example.com"), 0),
      "x.a.pinning2.example.com should not have HPKP status");
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(gSSService.isSecureURI(
-                             "b.pinning2.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://b.pinning2.example.com"), 0),
      "b.pinning2.example.com should have HPKP status");
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(gSSService.isSecureURI(
-                             "x.b.pinning2.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://x.b.pinning2.example.com"), 0),
      "x.b.pinning2.example.com should have HPKP status");
 }
 
@@ -159,12 +163,14 @@ function checkStateRead(aSubject, aTopic, aData) {
   checkOK(certFromFile("x.b.pinning2.example.com-pinningroot"),
           "x.b.pinning2.example.com");
 
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(gSSService.isSecureURI(
-                             "a.pinning2.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://a.pinning2.example.com"), 0),
      "a.pinning2.example.com should still have HPKP status after adding" +
      " includeSubdomains to a.pinning2.example.com");
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(gSSService.isSecureURI(
-                             "x.a.pinning2.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://x.a.pinning2.example.com"), 0),
      "x.a.pinning2.example.com should now have HPKP status after adding" +
      " includeSubdomains to a.pinning2.example.com");
 
@@ -225,11 +231,13 @@ function checkStateRead(aSubject, aTopic, aData) {
      "Attempting to set a pin with an incorrect size should fail");
 
   // Ensure built-in pins work as expected
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(!gSSService.isSecureURI(
-                              "nonexistent.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://nonexistent.example.com"), 0),
      "Not built-in nonexistent.example.com should not have HPKP status");
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  ok(gSSService.isSecureURI(
-                             "include-subdomains.pinning.example.com", 0),
+       Ci.nsISiteSecurityService.HEADER_HPKP,
+       Services.io.newURI("https://include-subdomains.pinning.example.com"), 0),
      "Built-in include-subdomains.pinning.example.com should have HPKP status");
 
   gSSService.setKeyPins("a.pinning2.example.com", false, new Date().getTime(),

security/manager/ssl/tests/unit/test_pinning_header_parsing.js

@@ -63,8 +63,8 @@ function checkPassValidPin(pinValue, settingPin, expectedMaxAge) {
 
   // after processing ensure that the postconditions are true, if setting
   // the host must be pinned, if removing the host must not be pinned
-  let hostIsPinned = gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  let hostIsPinned = gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP,
-                                             "a.pinning2.example.com", 0);
+                                             uri, 0);
   if (settingPin) {
     ok(hostIsPinned, "Host should be considered pinned");
   } else {

security/manager/ssl/tests/unit/test_sss_eviction.js

@@ -51,8 +51,9 @@ function do_state_read(aSubject, aTopic, aData) {
 
   equal(aData, SSS_STATE_FILE_NAME);
 
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "frequentlyused.example.com", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://frequentlyused.example.com"), 0));
   let sslStatus = new FakeSSLStatus();
   for (let i = 0; i < 2000; i++) {
     let uri = Services.io.newURI("http://bad" + i + ".example.com");

security/manager/ssl/tests/unit/test_sss_readstate.js

@@ -19,41 +19,55 @@ function checkStateRead(aSubject, aTopic, aData) {
 
   equal(aData, SSS_STATE_FILE_NAME);
 
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "expired.example.com", 0));
+                             Services.io.newURI("https://expired.example.com"),
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             0));
-                             "notexpired.example.com", 0));
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            Services.io.newURI("https://notexpired.example.com"),
-                             "bugzilla.mozilla.org", 0));
+                            0));
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "sub.bugzilla.mozilla.org", 0));
+                            Services.io.newURI("https://bugzilla.mozilla.org"),
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                             "incsubdomain.example.com", 0));
+  ok(!gSSService.isSecureURI(
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "sub.incsubdomain.example.com", 0));
+       Services.io.newURI("https://sub.bugzilla.mozilla.org"), 0));
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                              "login.persona.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://incsubdomain.example.com"), 0));
-                              "sub.login.persona.org", 0));
+  ok(gSSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://sub.incsubdomain.example.com"), 0));
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             Services.io.newURI("https://login.persona.org"),
+                             0));
+  ok(!gSSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://sub.login.persona.org"), 0));
 
   // Clearing the data should make everything go back to default.
   gSSService.clearAll();
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "expired.example.com", 0));
+                             Services.io.newURI("https://expired.example.com"),
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             0));
-                              "notexpired.example.com", 0));
+  ok(!gSSService.isSecureURI(
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "bugzilla.mozilla.org", 0));
+       Services.io.newURI("https://notexpired.example.com"), 0));
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "sub.bugzilla.mozilla.org", 0));
+                            Services.io.newURI("https://bugzilla.mozilla.org"),
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                              "incsubdomain.example.com", 0));
+  ok(gSSService.isSecureURI(
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "sub.incsubdomain.example.com", 0));
+       Services.io.newURI("https://sub.bugzilla.mozilla.org"), 0));
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(
-                             "login.persona.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://incsubdomain.example.com"), 0));
-                             "sub.login.persona.org", 0));
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://sub.incsubdomain.example.com"), 0));
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            Services.io.newURI("https://login.persona.org"), 0));
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            Services.io.newURI("https://sub.login.persona.org"),
+                            0));
   do_test_finished();
 }
 

security/manager/ssl/tests/unit/test_sss_readstate_empty.js

@@ -10,15 +10,18 @@ var gSSService = null;
 
 function checkStateRead(aSubject, aTopic, aData) {
   // nonexistent.example.com should never be an HSTS host
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(
-                              "nonexistent.example.com", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://nonexistent.example.com"), 0));
   // bugzilla.mozilla.org is preloaded
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "bugzilla.mozilla.org", 0));
+                            Services.io.newURI("https://bugzilla.mozilla.org"),
+                            0));
   // notexpired.example.com is an HSTS host in a different test - we
   // want to make sure that test hasn't interfered with this one.
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(
-                              "notexpired.example.com", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://notexpired.example.com"), 0));
   do_test_finished();
 }
 

security/manager/ssl/tests/unit/test_sss_readstate_garbage.js

@@ -19,14 +19,17 @@ function checkStateRead(aSubject, aTopic, aData) {
 
   equal(aData, SSS_STATE_FILE_NAME);
 
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example1.example.com", 0));
+                            Services.io.newURI("https://example1.example.com"),
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                             "example2.example.com", 0));
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            Services.io.newURI("https://example2.example.com"),
-                              "example.com", 0));
+                            0));
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "example3.example.com", 0));
+                             Services.io.newURI("https://example.com"), 0));
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             Services.io.newURI("https://example3.example.com"),
+                             0));
   do_test_finished();
 }
 

security/manager/ssl/tests/unit/test_sss_readstate_huge.js

@@ -20,20 +20,27 @@ function checkStateRead(aSubject, aTopic, aData) {
 
   equal(aData, SSS_STATE_FILE_NAME);
 
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example0.example.com", 0));
+                            Services.io.newURI("https://example0.example.com"),
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                             "example423.example.com", 0));
+  ok(gSSService.isSecureURI(
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example1023.example.com", 0));
+       Services.io.newURI("https://example423.example.com"), 0));
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                              "example1024.example.com", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://example1023.example.com"), 0));
-                              "example1025.example.com", 0));
+  ok(!gSSService.isSecureURI(
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "example9000.example.com", 0));
+       Services.io.newURI("https://example1024.example.com"), 0));
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(
-                              "example99999.example.com", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://example1025.example.com"), 0));
+  ok(!gSSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://example9000.example.com"), 0));
+  ok(!gSSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://example99999.example.com"), 0));
   do_test_finished();
 }
 

security/manager/ssl/tests/unit/test_sts_fqdn.js

@@ -7,38 +7,25 @@
 function run_test() {
   let SSService = Cc["@mozilla.org/ssservice;1"]
                     .getService(Ci.nsISiteSecurityService);
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example.com", 0));
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example.com.", 0));
-  // These cases are only relevant as long as bug 1118522 hasn't been fixed.
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example.com..", 0));
-
   let uri = Services.io.newURI("https://example.com");
+  let uri1 = Services.io.newURI("https://example.com.");
+  let uri2 = Services.io.newURI("https://example.com..");
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri1, 0));
+  // These cases are only relevant as long as bug 1118522 hasn't been fixed.
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri2, 0));
+
   let sslStatus = new FakeSSLStatus();
   SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                           "max-age=1000;includeSubdomains", sslStatus, 0);
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                            "example.com", 0));
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                            "example.com.", 0));
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                            "example.com..", 0));
-
-  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-  uri = Services.io.newURI("https://example.com.");
-  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-  uri = Services.io.newURI("https://example.com..");
   ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri1, 0));
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri2, 0));
 
   SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                             "example.com", 0));
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri1, 0));
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri2, 0));
-                             "example.com.", 0));
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "example.com..", 0));
 
   // Somehow creating this malformed URI succeeds - we need to handle it
   // gracefully.

security/manager/ssl/tests/unit/test_sts_holepunch.js

@@ -10,25 +10,28 @@
 function run_test() {
   let SSService = Cc["@mozilla.org/ssservice;1"]
                     .getService(Ci.nsISiteSecurityService);
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "chart.apis.google.com", 0));
+                            Services.io.newURI("https://chart.apis.google.com"),
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                             "CHART.APIS.GOOGLE.COM", 0));
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            Services.io.newURI("https://CHART.APIS.GOOGLE.COM"),
-                             "sub.chart.apis.google.com", 0));
+                            0));
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(
-                             "SUB.CHART.APIS.GOOGLE.COM", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://sub.chart.apis.google.com"), 0));
-                            "example.apis.google.com", 0));
+  ok(!SSService.isSecureURI(
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                            "EXAMPLE.APIS.GOOGLE.COM", 0));
+       Services.io.newURI("https://SUB.CHART.APIS.GOOGLE.COM"), 0));
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(
-                            "sub.example.apis.google.com", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://example.apis.google.com"), 0));
-                            "SUB.EXAMPLE.APIS.GOOGLE.COM", 0));
+  ok(SSService.isSecureURI(
-  // also check isSecureURI
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  let chartURI = Services.io.newURI("http://chart.apis.google.com");
+       Services.io.newURI("https://EXAMPLE.APIS.GOOGLE.COM"), 0));
-  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, chartURI, 0));
+  ok(SSService.isSecureURI(
-  let otherURI = Services.io.newURI("http://other.apis.google.com");
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, otherURI, 0));
+       Services.io.newURI("https://sub.example.apis.google.com"), 0));
+  ok(SSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://SUB.EXAMPLE.APIS.GOOGLE.COM"), 0));
 }

security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js

@@ -2,7 +2,6 @@
 
 function check_ip(s, v, ip) {
   let sslStatus = new FakeSSLStatus();
-  ok(!s.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, ip, 0));
 
   let str = "https://";
   if (v == 6) {
@@ -15,12 +14,15 @@ function check_ip(s, v, ip) {
   str += "/";
 
   let uri = Services.io.newURI(str);
+  ok(!s.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
 
   let parsedMaxAge = {};
   let parsedIncludeSubdomains = {};
   s.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                   "max-age=1000;includeSubdomains", sslStatus, 0,
                   parsedMaxAge, parsedIncludeSubdomains);
+  ok(!s.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0),
+     "URI should not be secure if it contains an IP address");
 
   /* Test that processHeader will ignore headers for an uri, if the uri
    * contains an IP address not a hostname.

security/manager/ssl/tests/unit/test_sts_parser.js

@@ -1,147 +1,113 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * vim: sw=2 ts=2 sts=2
+ * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-#include <stdio.h>
+"use strict";
 
-#include "gtest/gtest.h"
+// STS parser tests
-#include "nsDependentString.h"
-#include "nsNetUtil.h"
-#include "nsISiteSecurityService.h"
-#include "nsIURI.h"
 
-void
+let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
-TestSuccess(const char* hdr, bool extraTokens,
+let sslStatus = new FakeSSLStatus();
-            uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
-            nsISiteSecurityService* sss)
-{
-  nsCOMPtr<nsIURI> dummyUri;
-  nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
-  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
 
-  uint64_t maxAge = 0;
+function testSuccess(header, expectedMaxAge, expectedIncludeSubdomains) {
-  bool includeSubdomains = false;
+  let dummyUri = Services.io.newURI("https://foo.com/bar.html");
-  rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+  let maxAge = {};
-                                nsDependentCString(hdr), 0, &maxAge,
+  let includeSubdomains = {};
-                                &includeSubdomains, nullptr);
-  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr;
 
-  ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge";
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, dummyUri, header,
-  EXPECT_EQ(includeSubdomains, expectedIncludeSubdomains) <<
+                    sslStatus, 0, maxAge, includeSubdomains);
-    "Did not correctly parse presence/absence of includeSubdomains";
 
-  if (extraTokens) {
+  equal(maxAge.value, expectedMaxAge, "Did not correctly parse maxAge");
-    EXPECT_EQ(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA) <<
+  equal(includeSubdomains.value, expectedIncludeSubdomains,
-      "Extra tokens were expected when parsing, but were not encountered.";
+        "Did not correctly parse presence/absence of includeSubdomains");
-  } else {
-    EXPECT_EQ(rv, NS_OK) << "Unexpected tokens found during parsing.";
-  }
-
-  printf("%s\n", hdr);
 }
 
-void TestFailure(const char* hdr,
+function testFailure(header) {
-                 nsISiteSecurityService* sss)
+  let dummyUri = Services.io.newURI("https://foo.com/bar.html");
-{
+  let maxAge = {};
-  nsCOMPtr<nsIURI> dummyUri;
+  let includeSubdomains = {};
-  nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
-  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
 
-  rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+  throws(() => {
-                                nsDependentCString(hdr), 0, nullptr, nullptr,
+    sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, dummyUri, header,
-                                nullptr);
+                      sslStatus, 0, maxAge, includeSubdomains);
-  ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr;
+  }, "Parsed invalid header: " + header);
-
-  printf("%s\n", hdr);
 }
 
-TEST(psm_STSParser, Test)
+function run_test() {
-{
-    nsresult rv;
-
-    // grab handle to the service
-    nsCOMPtr<nsISiteSecurityService> sss;
-    sss = do_GetService("@mozilla.org/ssservice;1", &rv);
-    ASSERT_TRUE(NS_SUCCEEDED(rv));
-
-    // *** parsing tests
-    printf("*** Attempting to parse valid STS headers ...\n");
-
     // SHOULD SUCCEED:
-    TestSuccess("max-age=100", false, 100, false, sss);
+    testSuccess("max-age=100", 100, false);
-    TestSuccess("max-age  =100", false, 100, false, sss);
+    testSuccess("max-age  =100", 100, false);
-    TestSuccess(" max-age=100", false, 100, false, sss);
+    testSuccess(" max-age=100", 100, false);
-    TestSuccess("max-age = 100 ", false, 100, false, sss);
+    testSuccess("max-age = 100 ", 100, false);
-    TestSuccess(R"(max-age = "100" )", false, 100, false, sss);
+    testSuccess('max-age = "100" ', 100, false);
-    TestSuccess(R"(max-age="100")", false, 100, false, sss);
+    testSuccess('max-age="100"', 100, false);
-    TestSuccess(R"( max-age ="100" )", false, 100, false, sss);
+    testSuccess(' max-age ="100" ', 100, false);
-    TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss);
+    testSuccess("\tmax-age\t=\t\"100\"\t", 100, false);
-    TestSuccess("max-age  =       100             ", false, 100, false, sss);
+    testSuccess("max-age  =       100             ", 100, false);
 
-    TestSuccess("maX-aGe=100", false, 100, false, sss);
+    testSuccess("maX-aGe=100", 100, false);
-    TestSuccess("MAX-age  =100", false, 100, false, sss);
+    testSuccess("MAX-age  =100", 100, false);
-    TestSuccess("max-AGE=100", false, 100, false, sss);
+    testSuccess("max-AGE=100", 100, false);
-    TestSuccess("Max-Age = 100 ", false, 100, false, sss);
+    testSuccess("Max-Age = 100 ", 100, false);
-    TestSuccess("MAX-AGE = 100 ", false, 100, false, sss);
+    testSuccess("MAX-AGE = 100 ", 100, false);
 
-    TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss);
+    testSuccess("max-age=100;includeSubdomains", 100, true);
-    TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss);
+    testSuccess("max-age=100\t; includeSubdomains", 100, true);
-    TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss);
+    testSuccess(" max-age=100; includeSubdomains", 100, true);
-    TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss);
+    testSuccess("max-age = 100 ; includeSubdomains", 100, true);
-    TestSuccess("max-age  =       100             ; includeSubdomains",
+    testSuccess("max-age  =       100             ; includeSubdomains", 100,
-                false, 100, true, sss);
+                true);
 
-    TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss);
+    testSuccess("maX-aGe=100; includeSUBDOMAINS", 100, true);
-    TestSuccess("MAX-age  =100; includeSubDomains", false, 100, true, sss);
+    testSuccess("MAX-age  =100; includeSubDomains", 100, true);
-    TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss);
+    testSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", 100, true);
-    TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss);
+    testSuccess("Max-Age = 100; includesubdomains ", 100, true);
-    TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss);
+    testSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", 100, true);
     // Turns out, the actual directive is entirely optional (hence the
     // trailing semicolon)
-    TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss);
+    testSuccess("max-age=100;includeSubdomains;", 100, true);
 
     // these are weird tests, but are testing that some extended syntax is
     // still allowed (but it is ignored)
-    TestSuccess("max-age=100 ; includesubdomainsSomeStuff",
+    testSuccess("max-age=100 ; includesubdomainsSomeStuff", 100, false);
-                true, 100, false, sss);
+    testSuccess("\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103"
-    TestSuccess("\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103"
+                + "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t",
-                "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t",
+                34520103, true);
-                true, 34520103, true, sss);
+    testSuccess('max-age=100; unrelated="quoted \\"thingy\\""', 100, false);
-    TestSuccess(R"(max-age=100; unrelated="quoted \"thingy\"")",
-                true, 100, false, sss);
 
     // SHOULD FAIL:
-    printf("* Attempting to parse invalid STS headers (should not parse)...\n");
     // invalid max-ages
-    TestFailure("max-age", sss);
+    testFailure("max-age");
-    TestFailure("max-age ", sss);
+    testFailure("max-age ");
-    TestFailure("max-age=p", sss);
+    testFailure("max-age=p");
-    TestFailure("max-age=*1p2", sss);
+    testFailure("max-age=*1p2");
-    TestFailure("max-age=.20032", sss);
+    testFailure("max-age=.20032");
-    TestFailure("max-age=!20032", sss);
+    testFailure("max-age=!20032");
-    TestFailure("max-age==20032", sss);
+    testFailure("max-age==20032");
 
     // invalid headers
-    TestFailure("foobar", sss);
+    testFailure("foobar");
-    TestFailure("maxage=100", sss);
+    testFailure("maxage=100");
-    TestFailure("maxa-ge=100", sss);
+    testFailure("maxa-ge=100");
-    TestFailure("max-ag=100", sss);
+    testFailure("max-ag=100");
-    TestFailure("includesubdomains", sss);
+    testFailure("includesubdomains");
-    TestFailure(";", sss);
+    testFailure(";");
-    TestFailure(R"(max-age="100)", sss);
+    testFailure('max-age="100');
     // The max-age directive here doesn't conform to the spec, so it MUST
     // be ignored. Consequently, the REQUIRED max-age directive is not
     // present in this header, and so it is invalid.
-    TestFailure("max-age=100, max-age=200; includeSubdomains", sss);
+    testFailure("max-age=100, max-age=200; includeSubdomains");
-    TestFailure("max-age=100 includesubdomains", sss);
+    testFailure("max-age=100 includesubdomains");
-    TestFailure("max-age=100 bar foo", sss);
+    testFailure("max-age=100 bar foo");
-    TestFailure("max-age=100randomstuffhere", sss);
+    testFailure("max-age=100randomstuffhere");
     // All directives MUST appear only once in an STS header field.
-    TestFailure("max-age=100; max-age=200", sss);
+    testFailure("max-age=100; max-age=200");
-    TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss);
+    testFailure("includeSubdomains; max-age=200; includeSubdomains");
-    TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss);
+    testFailure("max-age=200; includeSubdomains; includeSubdomains");
     // The includeSubdomains directive is valueless.
-    TestFailure("max-age=100; includeSubdomains=unexpected", sss);
+    testFailure("max-age=100; includeSubdomains=unexpected");
     // LWS must have at least one space or horizontal tab
-    TestFailure("\r\nmax-age=200", sss);
+    testFailure("\r\nmax-age=200");
 }

security/manager/ssl/tests/unit/test_sts_preload_dynamic.js

@@ -16,57 +16,52 @@ function run_test() {
   let SSService = Cc["@mozilla.org/ssservice;1"]
                     .getService(Ci.nsISiteSecurityService);
   let sslStatus = new FakeSSLStatus();
+  let unlikelyHost = "highlyunlikely.example.com";
+  let uri = Services.io.newURI("https://" + unlikelyHost);
+  let subDomainUri = Services.io.newURI("https://subdomain." + unlikelyHost);
 
   // first check that a host probably not on the preload list is not identified
   // as an sts host
-  let unlikelyHost = "highlyunlikely.example.com";
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             unlikelyHost, 0));
 
   // now add a preload entry for this host
   SSService.setHSTSPreload(unlikelyHost, false, Date.now() + 60000);
 
   // check that it's now an STS host
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                            unlikelyHost, 0));
 
   // check that it's honoring the fact we set includeSubdomains to false
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, subDomainUri,
-                             "subdomain." + unlikelyHost, 0));
+                            0));
 
   // clear the non-preloaded entries
   SSService.clearAll();
 
   // check that it's still an STS host
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                            unlikelyHost, 0));
 
   // clear the preloads
   SSService.clearPreloads();
 
   // Check that it's no longer an STS host now that the preloads have been
   // cleared
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                             unlikelyHost, 0));
 
   // Now let's do the same, this time with includeSubdomains on
   SSService.setHSTSPreload(unlikelyHost, true, Date.now() + 60000);
 
   // check that it's now an STS host
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                            unlikelyHost, 0));
 
   // check that it's now including subdomains
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, subDomainUri,
-                            "subdomain." + unlikelyHost, 0));
+                           0));
 
   // Now let's simulate overriding the entry by setting an entry from a header
   // with max-age set to 0
-  let uri = Services.io.newURI("https://" + unlikelyHost);
   SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                           "max-age=0", sslStatus, 0);
 
   // this should no longer be an HSTS host
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                             unlikelyHost, 0));
 }

security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js

@@ -38,67 +38,75 @@ function run_test() {
 
 function test_part1() {
   // check that a host not in the list is not identified as an sts host
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(
-                              "nonexistent.mozilla.com", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://nonexistent.mozilla.com"), 0));
 
   // check that an ancestor domain is not identified as an sts host
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "com", 0));
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             Services.io.newURI("https://com"), 0));
 
   // check that the pref to toggle using the preload list works
   Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "bugzilla.mozilla.org", 0));
+                             Services.io.newURI("https://bugzilla.mozilla.org"),
+                             0));
   Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true);
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "bugzilla.mozilla.org", 0));
+                            Services.io.newURI("https://bugzilla.mozilla.org"),
+                            0));
 
   // check that a subdomain is an sts host (includeSubdomains is set)
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "subdomain.bugzilla.mozilla.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://subdomain.bugzilla.mozilla.org"), 0));
 
   // check that another subdomain is an sts host (includeSubdomains is set)
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "a.b.c.def.bugzilla.mozilla.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://a.b.c.def.bugzilla.mozilla.org"), 0));
 
   // check that a subdomain is not an sts host (includeSubdomains is not set)
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(
-                              "subdomain.www.torproject.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://subdomain.www.torproject.org"), 0));
 
   // check that a host with a dot on the end won't break anything
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(
-                              "notsts.nonexistent.mozilla.com.", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://notsts.nonexistent.mozilla.com."), 0));
 
   // check that processing a header with max-age: 0 will remove a preloaded
   // site from the list
-  let uri = Services.io.newURI("http://bugzilla.mozilla.org");
+  let uri = Services.io.newURI("https://bugzilla.mozilla.org");
+  let subDomainUri =
+    Services.io.newURI("https://subdomain.bugzilla.mozilla.org");
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=0", sslStatus, 0);
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                              "bugzilla.mozilla.org", 0));
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             subDomainUri, 0));
-                              "subdomain.bugzilla.mozilla.org", 0));
   // check that processing another header (with max-age non-zero) will
   // re-enable a site's sts status
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=1000", sslStatus, 0);
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                             "bugzilla.mozilla.org", 0));
   // but this time include subdomains was not set, so test for that
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "subdomain.bugzilla.mozilla.org", 0));
+                             subDomainUri, 0));
   gSSService.clearAll();
 
   // check that processing a header with max-age: 0 from a subdomain of a site
   // will not remove that (ancestor) site from the list
-  uri = Services.io.newURI("http://subdomain.www.torproject.org");
+  uri = Services.io.newURI("https://subdomain.www.torproject.org");
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=0", sslStatus, 0);
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "www.torproject.org", 0));
+                            Services.io.newURI("https://www.torproject.org"),
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                              "subdomain.www.torproject.org", 0));
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
 
-  uri = Services.io.newURI("http://subdomain.bugzilla.mozilla.org");
+  uri = Services.io.newURI("https://subdomain.bugzilla.mozilla.org");
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=0", sslStatus, 0);
   // we received a header with "max-age=0", so we have "no information"
@@ -110,14 +118,19 @@ function test_part1() {
   //     |-- subdomain.bugzilla.mozilla.org                          IS sts host
   //     |   `-- another.subdomain.bugzilla.mozilla.org              IS sts host
   //     `-- sibling.bugzilla.mozilla.org                            IS sts host
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "bugzilla.mozilla.org", 0));
+                            Services.io.newURI("https://bugzilla.mozilla.org"),
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            0));
-                             "subdomain.bugzilla.mozilla.org", 0));
+  ok(gSSService.isSecureURI(
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                             "sibling.bugzilla.mozilla.org", 0));
+       Services.io.newURI("https://subdomain.bugzilla.mozilla.org"), 0));
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "another.subdomain.bugzilla.mozilla.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://sibling.bugzilla.mozilla.org"), 0));
+  ok(gSSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://another.subdomain.bugzilla.mozilla.org"),
+       0));
 
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=1000", sslStatus, 0);
@@ -126,12 +139,16 @@ function test_part1() {
   //     |-- subdomain.bugzilla.mozilla.org (include subdomains is false) IS sts host
   //     |   `-- another.subdomain.bugzilla.mozilla.org              IS NOT sts host
   //     `-- sibling.bugzilla.mozilla.org                            IS sts host
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "subdomain.bugzilla.mozilla.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://subdomain.bugzilla.mozilla.org"), 0));
-                             "sibling.bugzilla.mozilla.org", 0));
+  ok(gSSService.isSecureURI(
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+       Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "another.subdomain.bugzilla.mozilla.org", 0));
+       Services.io.newURI("https://sibling.bugzilla.mozilla.org"), 0));
+  ok(!gSSService.isSecureURI(
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://another.subdomain.bugzilla.mozilla.org"),
+       0));
 
   // Test that an expired non-private browsing entry results in correctly
   // identifying a host that is on the preload list as no longer sts.
@@ -139,14 +156,12 @@ function test_part1() {
   // a site on the preload list, and that header later expires. We need to
   // then treat that host as no longer an sts host.)
   // (sanity check first - this should be in the preload list)
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  uri = Services.io.newURI("https://login.persona.org");
-                             "login.persona.org", 0));
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-  uri = Services.io.newURI("http://login.persona.org");
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=1", sslStatus, 0);
   do_timeout(1250, function() {
-    ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+    ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                                "login.persona.org", 0));
     run_next_test();
   });
 }
@@ -155,36 +170,37 @@ const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
 
 function test_private_browsing1() {
   gSSService.clearAll();
+  let uri = Services.io.newURI("https://bugzilla.mozilla.org");
+  let subDomainUri =
+    Services.io.newURI("https://a.b.c.subdomain.bugzilla.mozilla.org");
   // sanity - bugzilla.mozilla.org is preloaded, includeSubdomains set
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
-                             "bugzilla.mozilla.org", IS_PRIVATE));
+                            IS_PRIVATE));
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, subDomainUri,
-                             "a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+                            IS_PRIVATE));
 
-  let uri = Services.io.newURI("http://bugzilla.mozilla.org");
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=0", sslStatus, IS_PRIVATE);
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
-                              "bugzilla.mozilla.org", IS_PRIVATE));
+                             IS_PRIVATE));
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "a.b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+                             subDomainUri, IS_PRIVATE));
 
   // check adding it back in
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=1000", sslStatus, IS_PRIVATE);
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, IS_PRIVATE));
-                             "bugzilla.mozilla.org", IS_PRIVATE));
   // but no includeSubdomains this time
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+                             subDomainUri, IS_PRIVATE));
 
   // do the hokey-pokey...
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=0", sslStatus, IS_PRIVATE);
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
-                              "bugzilla.mozilla.org", IS_PRIVATE));
+                             IS_PRIVATE));
-  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS,
-                              "subdomain.bugzilla.mozilla.org", IS_PRIVATE));
+                             subDomainUri, IS_PRIVATE));
 
   // Test that an expired private browsing entry results in correctly
   // identifying a host that is on the preload list as no longer sts.
@@ -192,14 +208,14 @@ function test_private_browsing1() {
   // a site on the preload list, and that header later expires. We need to
   // then treat that host as no longer an sts host.)
   // (sanity check first - this should be in the preload list)
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  uri = Services.io.newURI("https://login.persona.org");
-                             "login.persona.org", IS_PRIVATE));
+  ok(gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
-  uri = Services.io.newURI("http://login.persona.org");
+                            IS_PRIVATE));
   gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                            "max-age=1", sslStatus, IS_PRIVATE);
   do_timeout(1250, function() {
-    ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+    ok(!gSSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
-                                "login.persona.org", IS_PRIVATE));
+                               IS_PRIVATE));
     // Simulate leaving private browsing mode
     Services.obs.notifyObservers(null, "last-pb-context-exited", null);
   });
@@ -207,16 +223,19 @@ function test_private_browsing1() {
 
 function test_private_browsing2() {
   // if this test gets this far, it means there's a private browsing service
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "bugzilla.mozilla.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://bugzilla.mozilla.org"), 0));
   // the bugzilla.mozilla.org entry has includeSubdomains set
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "subdomain.bugzilla.mozilla.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://subdomain.bugzilla.mozilla.org"), 0));
 
   // Now that we're out of private browsing mode, we need to make sure
   // we've "forgotten" that we "forgot" this site's sts status.
-  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(gSSService.isSecureURI(
-                             "login.persona.org", 0));
+       Ci.nsISiteSecurityService.HEADER_HSTS,
+       Services.io.newURI("https://login.persona.org"), 0));
 
   run_next_test();
 }

security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js

@@ -5,21 +5,19 @@
 function run_test() {
   let SSService = Cc["@mozilla.org/ssservice;1"]
                     .getService(Ci.nsISiteSecurityService);
+  let uri = Services.io.newURI("https://bugzilla.mozilla.org");
 
   // check that a host on the preload list is identified as an sts host
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                            "bugzilla.mozilla.org", 0));
 
   // now simulate that it's 19 weeks later than it actually is
   let offsetSeconds = 19 * 7 * 24 * 60 * 60;
   Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
 
   // check that the preloaded host is no longer considered sts
-  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                             "bugzilla.mozilla.org", 0));
 
   // just make sure we can get everything back to normal
   Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
-  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
-                            "bugzilla.mozilla.org", 0));
 }

security/manager/ssl/tests/unit/xpcshell.ini

@@ -140,6 +140,7 @@ skip-if = toolkit == 'android'
 [test_sts_fqdn.js]
 [test_sts_holepunch.js]
 [test_sts_ipv4_ipv6.js]
+[test_sts_parser.js]
 [test_sts_preload_dynamic.js]
 [test_sts_preloadlist_perwindowpb.js]
 [test_sts_preloadlist_selfdestruct.js]

services/common/tests/unit/test_blocklist_pinning.js

@@ -92,10 +92,16 @@ add_task(function* test_something() {
               .getService(Ci.nsISiteSecurityService);
 
   // ensure our pins are all missing before we start
-  ok(!sss.isSecureHost(sss.HEADER_HPKP, "one.example.com", 0));
+  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-  ok(!sss.isSecureHost(sss.HEADER_HPKP, "two.example.com", 0));
+                      Services.io.newURI("https://one.example.com"), 0));
-  ok(!sss.isSecureHost(sss.HEADER_HPKP, "three.example.com", 0));
+  ok(!sss.isSecureURI(sss.HEADER_HPKP,
-  ok(!sss.isSecureHost(sss.HEADER_HSTS, "five.example.com", 0));
+                      Services.io.newURI("https://two.example.com"), 0));
+  ok(!sss.isSecureURI(sss.HEADER_HPKP,
+                      Services.io.newURI("https://three.example.com"), 0));
+  ok(!sss.isSecureURI(sss.HEADER_HSTS,
+                      Services.io.newURI("https://four.example.com"), 0));
+  ok(!sss.isSecureURI(sss.HEADER_HSTS,
+                      Services.io.newURI("https://five.example.com"), 0));
 
   // Test an empty db populates
   yield PinningPreloadClient.maybeSync(2000, Date.now());
@@ -109,7 +115,8 @@ add_task(function* test_something() {
   do_check_eq(list.data.length, 1);
 
   // check that a pin exists for one.example.com
-  ok(sss.isSecureHost(sss.HEADER_HPKP, "one.example.com", 0));
+  ok(sss.isSecureURI(sss.HEADER_HPKP,
+                     Services.io.newURI("https://one.example.com"), 0));
 
   // Test the db is updated when we call again with a later lastModified value
   yield PinningPreloadClient.maybeSync(4000, Date.now());
@@ -122,12 +129,15 @@ add_task(function* test_something() {
   yield connection.close();
 
   // check that a pin exists for two.example.com and three.example.com
-  ok(sss.isSecureHost(sss.HEADER_HPKP, "two.example.com", 0));
+  ok(sss.isSecureURI(sss.HEADER_HPKP,
-  ok(sss.isSecureHost(sss.HEADER_HPKP, "three.example.com", 0));
+                     Services.io.newURI("https://two.example.com"), 0));
+  ok(sss.isSecureURI(sss.HEADER_HPKP,
+                     Services.io.newURI("https://three.example.com"), 0));
 
   // check that a pin does not exist for four.example.com - it's in the
   // collection but the version should not match
-  ok(!sss.isSecureHost(sss.HEADER_HPKP, "four.example.com", 0));
+  ok(!sss.isSecureURI(sss.HEADER_HPKP,
+                      Services.io.newURI("https://four.example.com"), 0));
 
   // Try to maybeSync with the current lastModified value - no connection
   // should be attempted.
@@ -146,9 +156,12 @@ add_task(function* test_something() {
   do_check_neq(newValue, 0);
 
   // Check that the HSTS preload added to the collection works...
-  ok(sss.isSecureHost(sss.HEADER_HSTS, "five.example.com", 0));
+  ok(sss.isSecureURI(sss.HEADER_HSTS,
+                     Services.io.newURI("https://five.example.com"), 0));
   // ...and that includeSubdomains is honored
-  ok(!sss.isSecureHost(sss.HEADER_HSTS, "subdomain.five.example.com", 0));
+  ok(!sss.isSecureURI(sss.HEADER_HSTS,
+                      Services.io.newURI("https://subdomain.five.example.com"),
+                      0));
 
   // Check that a sync completes even when there's bad data in the
   // collection. This will throw on fail, so just calling maybeSync is an
@@ -159,7 +172,9 @@ add_task(function* test_something() {
 
   // The STS entry for five.example.com now has includeSubdomains set;
   // ensure that the new includeSubdomains value is honored.
-  ok(sss.isSecureHost(sss.HEADER_HSTS, "subdomain.five.example.com", 0));
+  ok(sss.isSecureURI(sss.HEADER_HSTS,
+                     Services.io.newURI("https://subdomain.five.example.com"),
+                     0));
 });
 
 function run_test() {