tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_delegated_credentials.js (2357B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 "use strict";
      5 
      6 // Tests handling of certificates marked as permitting delegated credentials
      7 
      8 function shouldBeDelegatedCredential(aTransportSecurityInfo) {
      9  Assert.ok(
     10    aTransportSecurityInfo.isDelegatedCredential,
     11    "This host should have used a delegated credential"
     12  );
     13 }
     14 
     15 function shouldNotBeDelegatedCredential(aTransportSecurityInfo) {
     16  Assert.ok(
     17    !aTransportSecurityInfo.isDelegatedCredential,
     18    "This host should not have used a delegated credential"
     19  );
     20 }
     21 
     22 do_get_profile();
     23 
     24 add_tls_server_setup(
     25  "DelegatedCredentialsServer",
     26  "test_delegated_credentials"
     27 );
     28 
     29 // Test:
     30 // Server certificate supports DC
     31 // Server DC support enabled
     32 // Client DC support disabled
     33 // Result: Successful connection without DC
     34 add_test(function () {
     35  clearSessionCache();
     36  Services.prefs.setBoolPref(
     37    "security.tls.enable_delegated_credentials",
     38    false
     39  );
     40  run_next_test();
     41 });
     42 add_connection_test(
     43  "delegated-enabled.example.com",
     44  PRErrorCodeSuccess,
     45  null,
     46  shouldNotBeDelegatedCredential
     47 );
     48 
     49 // Test:
     50 // Server certificate does not support DC
     51 // Server DC support enabled
     52 // Client DC support enabled
     53 // Result: SSL_ERROR_DC_INVALID_KEY_USAGE from client when
     54 //         checking DC against EE cert, no DC in aTransportSecurityInfo.
     55 add_test(function () {
     56  clearSessionCache();
     57  Services.prefs.setBoolPref("security.tls.enable_delegated_credentials", true);
     58  run_next_test();
     59 });
     60 add_connection_test(
     61  "standard-enabled.example.com",
     62  SSL_ERROR_DC_INVALID_KEY_USAGE,
     63  null,
     64  // We'll never |mHaveCipherSuiteAndProtocol|,
     65  // and therefore can't check IsDelegatedCredential
     66  null
     67 );
     68 
     69 // Test:
     70 // Server certificate supports DC
     71 // Server DC support disabled
     72 // Client DC support enabled
     73 // Result: Successful connection without DC
     74 add_connection_test(
     75  "delegated-disabled.example.com",
     76  PRErrorCodeSuccess,
     77  null,
     78  shouldNotBeDelegatedCredential
     79 );
     80 
     81 // Test:
     82 // Server certificate supports DC
     83 // Server DC support enabled
     84 // Client DC support enabled
     85 // Result: Successful connection with DC
     86 add_connection_test(
     87  "delegated-enabled.example.com",
     88  PRErrorCodeSuccess,
     89  null,
     90  shouldBeDelegatedCredential
     91 );