forked from mirrors/gecko-dev
79 lines
2.2 KiB
JavaScript
79 lines
2.2 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
"use strict";
|
|
|
|
do_get_profile(); // must be done before instantiating nsIX509CertDB
|
|
|
|
const SECS_IN_A_WEEK = 7 * 24 * 60 * 60;
|
|
const TESTCASES = [
|
|
{
|
|
hostname: "a.pinning.example.com",
|
|
includeSubdomains: true,
|
|
expireTime: Date.now() + 12 * SECS_IN_A_WEEK * 1000,
|
|
},
|
|
{
|
|
hostname: "b.pinning.example.com",
|
|
includeSubdomains: false,
|
|
expireTime: Date.now() + 13 * SECS_IN_A_WEEK * 1000,
|
|
},
|
|
].sort((a, b) => a.expireTime - b.expireTime);
|
|
|
|
let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
|
|
|
|
function getEntries() {
|
|
return Array.from(sss.enumerate());
|
|
}
|
|
|
|
function checkSiteSecurityStateAttrs(entries) {
|
|
entries.sort((a, b) => a.expireTime - b.expireTime);
|
|
equal(
|
|
entries.length,
|
|
TESTCASES.length,
|
|
"Should get correct number of entries"
|
|
);
|
|
for (let i = 0; i < TESTCASES.length; i++) {
|
|
equal(entries[i].hostname, TESTCASES[i].hostname, "Hostnames should match");
|
|
equal(
|
|
entries[i].securityPropertyState,
|
|
Ci.nsISiteSecurityState.SECURITY_PROPERTY_SET,
|
|
"Entries should have security property set"
|
|
);
|
|
equal(
|
|
entries[i].includeSubdomains,
|
|
TESTCASES[i].includeSubdomains,
|
|
"IncludeSubdomains should match"
|
|
);
|
|
// There's a delay from our "now" and the "now" that the implementation uses.
|
|
less(
|
|
Math.abs(entries[i].expireTime - TESTCASES[i].expireTime),
|
|
60000,
|
|
"ExpireTime should be within 60-second error"
|
|
);
|
|
}
|
|
}
|
|
|
|
function run_test() {
|
|
sss.clearAll();
|
|
|
|
for (const testcase of TESTCASES) {
|
|
const uri = Services.io.newURI(`https://${testcase.hostname}`);
|
|
|
|
// MaxAge is in seconds.
|
|
let maxAge = Math.round((testcase.expireTime - Date.now()) / 1000);
|
|
let header = `max-age=${maxAge}`;
|
|
if (testcase.includeSubdomains) {
|
|
header += "; includeSubdomains";
|
|
}
|
|
sss.processHeader(uri, header);
|
|
}
|
|
|
|
let hstsEntries = getEntries();
|
|
|
|
checkSiteSecurityStateAttrs(hstsEntries);
|
|
|
|
sss.clearAll();
|
|
hstsEntries = getEntries();
|
|
|
|
equal(hstsEntries.length, 0, "Should clear all HSTS entries");
|
|
}
|