summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_sts_fqdn.js
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /security/manager/ssl/tests/unit/test_sts_fqdn.js
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/manager/ssl/tests/unit/test_sts_fqdn.js')
-rw-r--r--security/manager/ssl/tests/unit/test_sts_fqdn.js50
1 files changed, 50 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js
new file mode 100644
index 000000000..c2c3eb2bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+function run_test() {
+ let SSService = Cc["@mozilla.org/ssservice;1"]
+ .getService(Ci.nsISiteSecurityService);
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com", 0));
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com.", 0));
+ // These cases are only relevant as long as bug 1118522 hasn't been fixed.
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com..", 0));
+
+ let uri = Services.io.newURI("https://example.com", null, null);
+ let sslStatus = new FakeSSLStatus();
+ SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+ "max-age=1000;includeSubdomains", sslStatus, 0);
+ ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com", 0));
+ ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com.", 0));
+ ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com..", 0));
+
+ ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+ uri = Services.io.newURI("https://example.com.", null, null);
+ ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+ uri = Services.io.newURI("https://example.com..", null, null);
+ ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+
+ SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com", 0));
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com.", 0));
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com..", 0));
+
+ // Somehow creating this malformed URI succeeds - we need to handle it
+ // gracefully.
+ uri = Services.io.newURI("https://../foo", null, null);
+ equal(uri.host, "..");
+ throws(() => {
+ SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+ }, /NS_ERROR_UNEXPECTED/, "Malformed URI should be rejected");
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-02 04:58:10 +0000