mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-11-07 11:48:19 +02:00
ef0a88c6f2
The public key pinning implementation is much less complex than the HSTS implementation, and only needs a small subset of the parameters of the latter. Furthermore, the information it relies on is static, and so is safe to access from content processes. This patch separates the two implementations, thus simplifying both of them and avoiding some unnecessary IPC calls in the process. Differential Revision: https://phabricator.services.mozilla.com/D117096
148 lines
3.9 KiB
JavaScript
148 lines
3.9 KiB
JavaScript
/* Any copyright is dedicated to the Public Domain.
|
|
http://creativecommons.org/publicdomain/zero/1.0/ */
|
|
|
|
/**
|
|
* Test for SecuritySettingsCleaner.
|
|
*/
|
|
|
|
"use strict";
|
|
|
|
let gSSService = Cc["@mozilla.org/ssservice;1"].getService(
|
|
Ci.nsISiteSecurityService
|
|
);
|
|
|
|
function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) {
|
|
let uri = Services.io.newURI(`https://${host}`);
|
|
|
|
let secInfo = Cc[
|
|
"@mozilla.org/security/transportsecurityinfo;1"
|
|
].createInstance(Ci.nsITransportSecurityInfo);
|
|
|
|
gSSService.processHeader(
|
|
uri,
|
|
"max-age=1000;",
|
|
secInfo,
|
|
0,
|
|
Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST,
|
|
getOAWithPartitionKey(topLevelBaseDomain, originAttributes)
|
|
);
|
|
}
|
|
|
|
function addTestSecurityInfo() {
|
|
// First party
|
|
addSecurityInfo({ host: "example.net" });
|
|
addSecurityInfo({ host: "test.example.net" });
|
|
addSecurityInfo({ host: "example.org" });
|
|
|
|
// Third-party partitioned
|
|
addSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" });
|
|
addSecurityInfo({ host: "example.net", topLevelBaseDomain: "example.org" });
|
|
addSecurityInfo({
|
|
host: "test.example.net",
|
|
topLevelBaseDomain: "example.org",
|
|
});
|
|
|
|
// Ensure we have the correct state initially.
|
|
testSecurityInfo({ host: "example.net" });
|
|
testSecurityInfo({ host: "test.example.net" });
|
|
testSecurityInfo({ host: "example.org" });
|
|
testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" });
|
|
testSecurityInfo({ host: "example.net", topLevelBaseDomain: "example.org" });
|
|
testSecurityInfo({
|
|
host: "test.example.net",
|
|
topLevelBaseDomain: "example.org",
|
|
});
|
|
}
|
|
|
|
function testSecurityInfo({
|
|
host,
|
|
topLevelBaseDomain,
|
|
expected = true,
|
|
originAttributes = {},
|
|
}) {
|
|
let uri = Services.io.newURI(`https://${host}`);
|
|
let isSecure = gSSService.isSecureURI(
|
|
uri,
|
|
0,
|
|
getOAWithPartitionKey(topLevelBaseDomain, originAttributes)
|
|
);
|
|
|
|
let message = `HSTS ${expected ? "is set" : "is not set"} for ${host}`;
|
|
if (topLevelBaseDomain) {
|
|
message += ` partitioned under ${topLevelBaseDomain}`;
|
|
}
|
|
Assert.equal(isSecure, expected, message);
|
|
}
|
|
|
|
add_task(async function test_baseDomain() {
|
|
gSSService.clearAll();
|
|
addTestSecurityInfo();
|
|
|
|
// Clear security settings of example.net including partitions.
|
|
await new Promise(aResolve => {
|
|
Services.clearData.deleteDataFromBaseDomain(
|
|
"example.net",
|
|
false,
|
|
Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS,
|
|
aResolve
|
|
);
|
|
});
|
|
|
|
testSecurityInfo({ host: "example.net", expected: false });
|
|
// SecuritySettingsCleaner also removes subdomain settings.
|
|
testSecurityInfo({ host: "test.example.net", expected: false });
|
|
testSecurityInfo({ host: "example.org" });
|
|
|
|
testSecurityInfo({
|
|
host: "example.com",
|
|
topLevelBaseDomain: "example.net",
|
|
expected: false,
|
|
});
|
|
testSecurityInfo({
|
|
host: "example.net",
|
|
topLevelBaseDomain: "example.org",
|
|
expected: false,
|
|
});
|
|
testSecurityInfo({
|
|
host: "test.example.net",
|
|
topLevelBaseDomain: "example.org",
|
|
expected: false,
|
|
});
|
|
|
|
// Cleanup
|
|
gSSService.clearAll();
|
|
});
|
|
|
|
add_task(async function test_host() {
|
|
gSSService.clearAll();
|
|
addTestSecurityInfo();
|
|
|
|
// Clear security settings of example.net without partitions.
|
|
await new Promise(aResolve => {
|
|
Services.clearData.deleteDataFromHost(
|
|
"example.net",
|
|
false,
|
|
Ci.nsIClearDataService.CLEAR_SECURITY_SETTINGS,
|
|
aResolve
|
|
);
|
|
});
|
|
|
|
testSecurityInfo({ host: "example.net", expected: false });
|
|
testSecurityInfo({ host: "test.example.net", expected: false });
|
|
testSecurityInfo({ host: "example.org" });
|
|
|
|
testSecurityInfo({ host: "example.com", topLevelBaseDomain: "example.net" });
|
|
testSecurityInfo({
|
|
host: "example.net",
|
|
topLevelBaseDomain: "example.org",
|
|
expected: false,
|
|
});
|
|
testSecurityInfo({
|
|
host: "test.example.net",
|
|
topLevelBaseDomain: "example.org",
|
|
expected: false,
|
|
});
|
|
|
|
// Cleanup
|
|
gSSService.clearAll();
|
|
});
|