summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_sss_savestate.js
blob: a4d8b52976df53067ca5dd3295f17c56df31c3d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";

// The purpose of this test is to see that the site security service properly
// writes its state file.

const EXPECTED_ENTRIES = 6;
const EXPECTED_HSTS_COLUMNS = 3;
const EXPECTED_HPKP_COLUMNS = 4;
var gProfileDir = null;

const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";

// For reference, the format of the state file is a list of:
// <domain name> <expiration time in milliseconds>,<sts status>,<includeSubdomains>
// separated by newlines ('\n')

function checkStateWritten(aSubject, aTopic, aData) {
  if (aData == PRELOAD_STATE_FILE_NAME) {
    return;
  }

  equal(aData, SSS_STATE_FILE_NAME);

  let stateFile = gProfileDir.clone();
  stateFile.append(SSS_STATE_FILE_NAME);
  ok(stateFile.exists());
  let stateFileContents = readFile(stateFile);
  // the last line is removed because it's just a trailing newline
  let lines = stateFileContents.split('\n').slice(0, -1);
  equal(lines.length, EXPECTED_ENTRIES);
  let sites = {}; // a map of domain name -> [the entry in the state file]
  for (let line of lines) {
    let parts = line.split('\t');
    let host = parts[0];
    let score = parts[1];
    let lastAccessed = parts[2];
    let entry = parts[3].split(',');
    let expectedColumns = EXPECTED_HSTS_COLUMNS;
    if (host.indexOf("HPKP") != -1) {
      expectedColumns = EXPECTED_HPKP_COLUMNS;
    }
    equal(entry.length, expectedColumns);
    sites[host] = entry;
  }

  // We can receive multiple data-storage-written events. In particular, we
  // may receive one where DataStorage wrote out data before we were done
  // processing all of our headers. In this case, the data may not be
  // as we expect. We only care about the final one being correct, however,
  // so we return and wait for the next event if things aren't as we expect.
  // sites[url][1] corresponds to SecurityPropertySet (if 1) and
  //                              SecurityPropertyUnset (if 0)
  // sites[url][2] corresponds to includeSubdomains
  if (sites["includesubdomains.preloaded.test:HSTS"][1] != 1) {
    return;
  }
  if (sites["includesubdomains.preloaded.test:HSTS"][2] != 0) {
    return;
  }
  if (sites["a.example.com:HSTS"][1] != 1) {
    return;
  }
  if (sites["a.example.com:HSTS"][2] != 1) {
    return;
  }
  if (sites["b.example.com:HSTS"][1] != 1) {
    return;
  }
  if (sites["b.example.com:HSTS"][2] != 0) {
    return;
  }
  if (sites["c.c.example.com:HSTS"][1] != 1) {
    return;
  }
  if (sites["c.c.example.com:HSTS"][2] != 1) {
    return;
  }
  if (sites["d.example.com:HSTS"][1] != 1) {
    return;
  }
  if (sites["d.example.com:HSTS"][2] != 0) {
    return;
  }
  if (sites["dynamic-pin.example.com:HPKP"][1] != 1) {
    return;
  }
  if (sites["dynamic-pin.example.com:HPKP"][2] != 1) {
    return;
  }
  equal(sites["dynamic-pin.example.com:HPKP"][3], NON_ISSUED_KEY_HASH);

  do_test_finished();
}

function run_test() {
  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
  gProfileDir = do_get_profile();
  let SSService = Cc["@mozilla.org/ssservice;1"]
                    .getService(Ci.nsISiteSecurityService);
  // Put an HPKP entry
  SSService.setKeyPins("dynamic-pin.example.com", true,
                       new Date().getTime() + 1000000, 1,
                       [NON_ISSUED_KEY_HASH]);

  let uris = [ Services.io.newURI("http://includesubdomains.preloaded.test", null, null),
               Services.io.newURI("http://a.example.com", null, null),
               Services.io.newURI("http://b.example.com", null, null),
               Services.io.newURI("http://c.c.example.com", null, null),
               Services.io.newURI("http://d.example.com", null, null) ];

  for (let i = 0; i < 1000; i++) {
    let uriIndex = i % uris.length;
    // vary max-age
    let maxAge = "max-age=" + (i * 1000);
     // alternate setting includeSubdomains
    let includeSubdomains = (i % 2 == 0 ? "; includeSubdomains" : "");
    let sslStatus = new FakeSSLStatus();
    SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
                            uris[uriIndex], maxAge + includeSubdomains,
                            sslStatus, 0);
  }

  do_test_pending();
  Services.obs.addObserver(checkStateWritten, "data-storage-written", false);
}