gecko-dev/toolkit/components/cleardata/tests/unit/test_certs.js

/* Any copyright is dedicated to the Public Domain.
   http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

const certService = Cc["@mozilla.org/security/local-cert-service;1"].getService(
  Ci.nsILocalCertService
);
const overrideService = Cc["@mozilla.org/security/certoverride;1"].getService(
  Ci.nsICertOverrideService
);
const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
  Ci.nsIX509CertDB
);

const CERT_TEST =
  "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t";

add_task(async function() {
  Assert.ok(Services.clearData);

  const TEST_URI = Services.io.newURI("http://test.com/");
  const ANOTHER_TEST_URI = Services.io.newURI("https://example.com/");
  const YET_ANOTHER_TEST_URI = Services.io.newURI("https://example.test/");
  let cert = certDB.constructX509FromBase64(CERT_TEST);
  let flags = Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS;

  ok(cert, "Cert was created");

  Assert.equal(
    overrideService.isCertUsedForOverrides(cert, true, true),
    0,
    "Cert should not be used for override yet"
  );

  overrideService.rememberValidityOverride(
    TEST_URI.asciiHost,
    TEST_URI.port,
    {},
    cert,
    flags,
    false
  );

  Assert.equal(
    overrideService.isCertUsedForOverrides(cert, true, true),
    1,
    "Cert should be used for override now"
  );

  await new Promise(aResolve => {
    Services.clearData.deleteDataFromHost(
      TEST_URI.asciiHostPort,
      true /* user request */,
      flags,
      value => {
        Assert.equal(value, 0);
        aResolve();
      }
    );
  });

  Assert.equal(
    overrideService.isCertUsedForOverrides(cert, true, true),
    0,
    "Cert should not be used for override now"
  );

  for (let uri of [TEST_URI, ANOTHER_TEST_URI, YET_ANOTHER_TEST_URI]) {
    overrideService.rememberValidityOverride(
      uri.asciiHost,
      uri.port,
      {},
      cert,
      flags,
      false
    );
    Assert.ok(
      overrideService.hasMatchingOverride(
        uri.asciiHost,
        uri.port,
        {},
        cert,
        {},
        {}
      ),
      `Should have added override for ${uri.asciiHost}:${uri.port}`
    );
    Assert.ok(
      !overrideService.hasMatchingOverride(
        uri.asciiHost,
        uri.port,
        { privateBrowsingId: 1 },
        cert,
        {},
        {}
      ),
      `Should not have added override for ${uri.asciiHost}:${uri.port} with private browsing ID`
    );
    overrideService.rememberValidityOverride(
      uri.asciiHost,
      uri.port,
      { privateBrowsingId: 1 },
      cert,
      flags,
      false
    );
    Assert.ok(
      overrideService.hasMatchingOverride(
        uri.asciiHost,
        uri.port,
        { privateBrowsingId: 1 },
        cert,
        {},
        {}
      ),
      `Should have added override for ${uri.asciiHost}:${uri.port} with private browsing ID`
    );
    Assert.ok(
      !overrideService.hasMatchingOverride(
        uri.asciiHost,
        uri.port,
        { privateBrowsingId: 2 },
        cert,
        {},
        {}
      ),
      `Should not have added override for ${uri.asciiHost}:${uri.port} with private browsing ID 2`
    );
  }

  await new Promise(aResolve => {
    Services.clearData.deleteData(flags, value => {
      Assert.equal(value, 0);
      aResolve();
    });
  });

  for (let uri of [TEST_URI, ANOTHER_TEST_URI, YET_ANOTHER_TEST_URI]) {
    Assert.ok(
      !overrideService.hasMatchingOverride(
        uri.asciiHost,
        uri.port,
        {},
        cert,
        {},
        {}
      ),
      `Should have removed override for ${uri.asciiHost}:${uri.port}`
    );
    Assert.ok(
      !overrideService.hasMatchingOverride(
        uri.asciiHost,
        uri.port,
        { privateBrowsingId: 1 },
        cert,
        {},
        {}
      ),
      `Should have removed override for ${uri.asciiHost}:${uri.port} with private browsing attribute`
    );
  }
});

add_task(async function test_deleteByBaseDomain() {
  let toClear = [
    Services.io.newURI("https://example.com"),
    Services.io.newURI("http://example.com:8080"),
    Services.io.newURI("http://test1.example.com"),
    Services.io.newURI("http://foo.bar.example.com"),
  ];

  let toKeep = [
    Services.io.newURI("https://example.org"),
    Services.io.newURI("http://test1.example.org"),
    Services.io.newURI("http://foo.bar.example.org"),
    Services.io.newURI("http://example.test"),
  ];

  let all = toClear.concat(toKeep);

  let cert = certDB.constructX509FromBase64(CERT_TEST);
  ok(cert, "Cert was created");
  Assert.equal(
    overrideService.isCertUsedForOverrides(cert, true, true),
    0,
    "Cert should not be used for override yet"
  );

  let overrideBits =
    Ci.nsICertOverrideService.ERROR_UNTRUSTED |
    Ci.nsICertOverrideService.ERROR_MISMATCH;

  all.forEach(({ asciiHost, port }) =>
    overrideService.rememberValidityOverride(
      asciiHost,
      port,
      {},
      cert,
      overrideBits,
      false
    )
  );

  Assert.equal(
    overrideService.isCertUsedForOverrides(cert, true, true),
    all.length,
    "Cert should be used for override now"
  );

  await new Promise(aResolve => {
    Services.clearData.deleteDataFromBaseDomain(
      "example.com",
      true /* user request */,
      Ci.nsIClearDataService.CLEAR_CERT_EXCEPTIONS,
      value => {
        Assert.equal(value, 0);
        aResolve();
      }
    );
  });

  Assert.equal(
    overrideService.isCertUsedForOverrides(cert, true, true),
    toKeep.length,
    "Cert should still be used for override"
  );

  toClear.forEach(({ asciiHost, port }) =>
    Assert.ok(
      !overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}, {}),
      `Should have cleared override for ${asciiHost}:${port}`
    )
  );

  toKeep.forEach(({ asciiHost, port }) =>
    Assert.ok(
      overrideService.hasMatchingOverride(asciiHost, port, {}, cert, {}, {}),
      `Should have kept override for ${asciiHost}:${port}`
    )
  );

  // Cleanup
  overrideService.clearAllOverrides();
});