tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_sss_originAttributes.js (3009B)

      1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
      2 * vim: sw=2 ts=2 sts=2
      3 * This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 "use strict";
      8 
      9 // Ensures nsISiteSecurityService APIs respects origin attributes.
     10 
     11 const GOOD_MAX_AGE_SECONDS = 69403;
     12 const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
     13 
     14 do_get_profile(); // must be done before instantiating nsIX509CertDB
     15 
     16 let sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
     17 let host = "a.pinning.example.com";
     18 let uri = Services.io.newURI("https://" + host);
     19 
     20 // Check if originAttributes1 and originAttributes2 are isolated with respect
     21 // to HSTS storage.
     22 function doTest(originAttributes1, originAttributes2, shouldShare) {
     23  sss.clearAll();
     24  let header = GOOD_MAX_AGE;
     25  // Set HSTS for originAttributes1.
     26  sss.processHeader(uri, header, originAttributes1);
     27  ok(
     28    sss.isSecureURI(uri, originAttributes1),
     29    "URI should be secure given original origin attributes"
     30  );
     31  equal(
     32    sss.isSecureURI(uri, originAttributes2),
     33    shouldShare,
     34    "URI should be secure given different origin attributes if and " +
     35      "only if shouldShare is true"
     36  );
     37 
     38  if (!shouldShare) {
     39    // Remove originAttributes2 from the storage.
     40    sss.resetState(uri, originAttributes2);
     41    ok(
     42      sss.isSecureURI(uri, originAttributes1),
     43      "URI should still be secure given original origin attributes"
     44    );
     45  }
     46 
     47  // Remove originAttributes1 from the storage.
     48  sss.resetState(uri, originAttributes1);
     49  ok(
     50    !sss.isSecureURI(uri, originAttributes1),
     51    "URI should not be secure after removeState"
     52  );
     53 
     54  sss.clearAll();
     55 }
     56 
     57 function testInvalidOriginAttributes(originAttributes) {
     58  let header = GOOD_MAX_AGE;
     59 
     60  let callbacks = [
     61    () => sss.processHeader(uri, header, originAttributes),
     62    () => sss.isSecureURI(uri, originAttributes),
     63    () => sss.resetState(uri, originAttributes),
     64  ];
     65 
     66  for (let callback of callbacks) {
     67    throws(
     68      callback,
     69      /NS_ERROR_ILLEGAL_VALUE/,
     70      "Should get an error with invalid origin attributes"
     71    );
     72  }
     73 }
     74 
     75 function run_test() {
     76  sss.clearAll();
     77 
     78  let originAttributesList = [];
     79  for (let userContextId of [0, 1, 2]) {
     80    for (let firstPartyDomain of ["", "foo.com", "bar.com"]) {
     81      originAttributesList.push({ userContextId, firstPartyDomain });
     82    }
     83  }
     84  for (let attrs1 of originAttributesList) {
     85    for (let attrs2 of originAttributesList) {
     86      // SSS storage is not isolated by userContext
     87      doTest(
     88        attrs1,
     89        attrs2,
     90        attrs1.firstPartyDomain == attrs2.firstPartyDomain
     91      );
     92    }
     93  }
     94 
     95  doTest(
     96    { partitionKey: "(http,example.com,8443)" },
     97    { partitionKey: "(https,example.com)" },
     98    true
     99  );
    100 
    101  testInvalidOriginAttributes(undefined);
    102  testInvalidOriginAttributes(null);
    103  testInvalidOriginAttributes(1);
    104  testInvalidOriginAttributes("foo");
    105 }