diff options
Diffstat (limited to 'security/manager/ssl/tests/unit/test_sts_fqdn.js')
-rw-r--r-- | security/manager/ssl/tests/unit/test_sts_fqdn.js | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js new file mode 100644 index 000000000..c2c3eb2bd --- /dev/null +++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js @@ -0,0 +1,50 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ +"use strict"; + +function run_test() { + let SSService = Cc["@mozilla.org/ssservice;1"] + .getService(Ci.nsISiteSecurityService); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com.", 0)); + // These cases are only relevant as long as bug 1118522 hasn't been fixed. + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com..", 0)); + + let uri = Services.io.newURI("https://example.com", null, null); + let sslStatus = new FakeSSLStatus(); + SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, + "max-age=1000;includeSubdomains", sslStatus, 0); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com.", 0)); + ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com..", 0)); + + ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + uri = Services.io.newURI("https://example.com.", null, null); + ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + uri = Services.io.newURI("https://example.com..", null, null); + ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0)); + + SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com.", 0)); + ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, + "example.com..", 0)); + + // Somehow creating this malformed URI succeeds - we need to handle it + // gracefully. + uri = Services.io.newURI("https://../foo", null, null); + equal(uri.host, ".."); + throws(() => { + SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0); + }, /NS_ERROR_UNEXPECTED/, "Malformed URI should be rejected"); +} |