1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
/* Any copyright is dedicated to the Public Domain.
* http://creativecommons.org/publicdomain/zero/1.0/
*/
"use strict";
let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService(
Ci.nsIClientAuthRememberService
);
let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
Ci.nsIX509CertDB
);
function getOAWithPartitionKey(
{ scheme = "https", topLevelBaseDomain, port = null } = {},
originAttributes = {}
) {
if (!topLevelBaseDomain || !scheme) {
return originAttributes;
}
return {
...originAttributes,
partitionKey: `(${scheme},${topLevelBaseDomain}${port ? `,${port}` : ""})`,
};
}
// These are not actual server and client certs. The ClientAuthRememberService
// does not care which certs we store decisions for, as long as they're valid.
let [serverCert, clientCert] = certDB.getCerts();
function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) {
let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
cars.rememberDecisionScriptable(host, attrs, serverCert, clientCert);
}
function testSecurityInfo({
host,
topLevelBaseDomain,
originAttributes = {},
expected = true,
}) {
let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
let messageSuffix = `for ${host}`;
if (topLevelBaseDomain) {
messageSuffix += ` partitioned under ${topLevelBaseDomain}`;
}
let hasRemembered = cars.hasRememberedDecisionScriptable(
host,
attrs,
serverCert,
{}
);
Assert.equal(
hasRemembered,
expected,
`CAR ${expected ? "is set" : "is not set"} ${messageSuffix}`
);
}
function addTestEntries() {
let entries = [
{ host: "example.net" },
{ host: "test.example.net" },
{ host: "example.org" },
{ host: "example.com", topLevelBaseDomain: "example.net" },
{
host: "test.example.net",
topLevelBaseDomain: "example.org",
},
{
host: "foo.example.com",
originAttributes: {
privateBrowsingId: 1,
},
},
];
info("Add test state");
entries.forEach(addSecurityInfo);
info("Ensure we have the correct state initially");
entries.forEach(testSecurityInfo);
}
add_task(async () => {
addTestEntries();
info("Should not be set for unrelated host");
[undefined, "example.org", "example.net", "example.com"].forEach(
topLevelBaseDomain =>
testSecurityInfo({
host: "mochit.test",
topLevelBaseDomain,
expected: false,
})
);
info("Should not be set for unrelated subdomain");
testSecurityInfo({ host: "foo.example.net", expected: false });
info("Should not be set for unpartitioned first party");
testSecurityInfo({
host: "example.com",
expected: false,
});
info("Should not be set under different first party");
testSecurityInfo({
host: "example.com",
topLevelBaseDomain: "example.org",
expected: false,
});
testSecurityInfo({
host: "test.example.net",
topLevelBaseDomain: "example.com",
expected: false,
});
info("Should not be set in partitioned context");
["example.com", "example.net", "example.org", "mochi.test"].forEach(
topLevelBaseDomain =>
testSecurityInfo({
host: "foo.example.com",
topLevelBaseDomain,
expected: false,
})
);
// Cleanup
cars.clearRememberedDecisions();
});
|
