summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/gtest/STSParserTest.cpp
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /security/manager/ssl/tests/gtest/STSParserTest.cpp
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/manager/ssl/tests/gtest/STSParserTest.cpp')
-rw-r--r--security/manager/ssl/tests/gtest/STSParserTest.cpp144
1 files changed, 144 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/gtest/STSParserTest.cpp b/security/manager/ssl/tests/gtest/STSParserTest.cpp
new file mode 100644
index 000000000..bedf57fea
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/STSParserTest.cpp
@@ -0,0 +1,144 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+#include "nsNetUtil.h"
+#include "nsISiteSecurityService.h"
+#include "nsIURI.h"
+
+void
+TestSuccess(const char* hdr, bool extraTokens,
+ uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
+ nsISiteSecurityService* sss)
+{
+ nsCOMPtr<nsIURI> dummyUri;
+ nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
+ ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
+
+ uint64_t maxAge = 0;
+ bool includeSubdomains = false;
+ rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+ hdr, 0, &maxAge, &includeSubdomains, nullptr);
+ ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr;
+
+ ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge";
+ EXPECT_EQ(includeSubdomains, expectedIncludeSubdomains) <<
+ "Did not correctly parse presence/absence of includeSubdomains";
+
+ if (extraTokens) {
+ EXPECT_EQ(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA) <<
+ "Extra tokens were expected when parsing, but were not encountered.";
+ } else {
+ EXPECT_EQ(rv, NS_OK) << "Unexpected tokens found during parsing.";
+ }
+
+ printf("%s\n", hdr);
+}
+
+void TestFailure(const char* hdr,
+ nsISiteSecurityService* sss)
+{
+ nsCOMPtr<nsIURI> dummyUri;
+ nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
+ ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
+
+ rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+ hdr, 0, nullptr, nullptr, nullptr);
+ ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr;
+
+ printf("%s\n", hdr);
+}
+
+TEST(psm_STSParser, Test)
+{
+ nsresult rv;
+
+ // grab handle to the service
+ nsCOMPtr<nsISiteSecurityService> sss;
+ sss = do_GetService("@mozilla.org/ssservice;1", &rv);
+ ASSERT_TRUE(NS_SUCCEEDED(rv));
+
+ // *** parsing tests
+ printf("*** Attempting to parse valid STS headers ...\n");
+
+ // SHOULD SUCCEED:
+ TestSuccess("max-age=100", false, 100, false, sss);
+ TestSuccess("max-age =100", false, 100, false, sss);
+ TestSuccess(" max-age=100", false, 100, false, sss);
+ TestSuccess("max-age = 100 ", false, 100, false, sss);
+ TestSuccess("max-age = \"100\" ", false, 100, false, sss);
+ TestSuccess("max-age=\"100\"", false, 100, false, sss);
+ TestSuccess(" max-age =\"100\" ", false, 100, false, sss);
+ TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss);
+ TestSuccess("max-age = 100 ", false, 100, false, sss);
+
+ TestSuccess("maX-aGe=100", false, 100, false, sss);
+ TestSuccess("MAX-age =100", false, 100, false, sss);
+ TestSuccess("max-AGE=100", false, 100, false, sss);
+ TestSuccess("Max-Age = 100 ", false, 100, false, sss);
+ TestSuccess("MAX-AGE = 100 ", false, 100, false, sss);
+
+ TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss);
+ TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss);
+ TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss);
+ TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss);
+ TestSuccess("max-age = 100 ; includeSubdomains",
+ false, 100, true, sss);
+
+ TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss);
+ TestSuccess("MAX-age =100; includeSubDomains", false, 100, true, sss);
+ TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss);
+ TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss);
+ TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss);
+ // Turns out, the actual directive is entirely optional (hence the
+ // trailing semicolon)
+ TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss);
+
+ // these are weird tests, but are testing that some extended syntax is
+ // still allowed (but it is ignored)
+ TestSuccess("max-age=100 ; includesubdomainsSomeStuff",
+ true, 100, false, sss);
+ TestSuccess("\r\n\t\t \tcompletelyUnrelated = foobar; max-age= 34520103"
+ "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t",
+ true, 34520103, true, sss);
+ TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"",
+ true, 100, false, sss);
+
+ // SHOULD FAIL:
+ printf("* Attempting to parse invalid STS headers (should not parse)...\n");
+ // invalid max-ages
+ TestFailure("max-age", sss);
+ TestFailure("max-age ", sss);
+ TestFailure("max-age=p", sss);
+ TestFailure("max-age=*1p2", sss);
+ TestFailure("max-age=.20032", sss);
+ TestFailure("max-age=!20032", sss);
+ TestFailure("max-age==20032", sss);
+
+ // invalid headers
+ TestFailure("foobar", sss);
+ TestFailure("maxage=100", sss);
+ TestFailure("maxa-ge=100", sss);
+ TestFailure("max-ag=100", sss);
+ TestFailure("includesubdomains", sss);
+ TestFailure(";", sss);
+ TestFailure("max-age=\"100", sss);
+ // The max-age directive here doesn't conform to the spec, so it MUST
+ // be ignored. Consequently, the REQUIRED max-age directive is not
+ // present in this header, and so it is invalid.
+ TestFailure("max-age=100, max-age=200; includeSubdomains", sss);
+ TestFailure("max-age=100 includesubdomains", sss);
+ TestFailure("max-age=100 bar foo", sss);
+ TestFailure("max-age=100randomstuffhere", sss);
+ // All directives MUST appear only once in an STS header field.
+ TestFailure("max-age=100; max-age=200", sss);
+ TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss);
+ TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss);
+ // The includeSubdomains directive is valueless.
+ TestFailure("max-age=100; includeSubdomains=unexpected", sss);
+ // LWS must have at least one space or horizontal tab
+ TestFailure("\r\nmax-age=200", sss);
+}