summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_sts_fqdn.js
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests/unit/test_sts_fqdn.js')
-rw-r--r--security/manager/ssl/tests/unit/test_sts_fqdn.js50
1 files changed, 50 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js
new file mode 100644
index 000000000..c2c3eb2bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+function run_test() {
+ let SSService = Cc["@mozilla.org/ssservice;1"]
+ .getService(Ci.nsISiteSecurityService);
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com", 0));
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com.", 0));
+ // These cases are only relevant as long as bug 1118522 hasn't been fixed.
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com..", 0));
+
+ let uri = Services.io.newURI("https://example.com", null, null);
+ let sslStatus = new FakeSSLStatus();
+ SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+ "max-age=1000;includeSubdomains", sslStatus, 0);
+ ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com", 0));
+ ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com.", 0));
+ ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com..", 0));
+
+ ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+ uri = Services.io.newURI("https://example.com.", null, null);
+ ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+ uri = Services.io.newURI("https://example.com..", null, null);
+ ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+
+ SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com", 0));
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com.", 0));
+ ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+ "example.com..", 0));
+
+ // Somehow creating this malformed URI succeeds - we need to handle it
+ // gracefully.
+ uri = Services.io.newURI("https://../foo", null, null);
+ equal(uri.host, "..");
+ throws(() => {
+ SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+ }, /NS_ERROR_UNEXPECTED/, "Malformed URI should be rejected");
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 21:08:16 +0000