--- a/devtools/shared/webconsole/test/test_network_security-hpkp.html
+++ b/devtools/shared/webconsole/test/test_network_security-hpkp.html
@@ -17,29 +17,51 @@
SimpleTest.waitForExplicitFinish();
let gCurrentTestCase = -1;
const HPKP_PREF = "security.cert_pinning.process_headers_from_non_builtin_roots";
// Static pins tested by unit/test_security-info-static-hpkp.js.
const TEST_CASES = [
{
- desc: "no Public Key Pinning",
+ desc: "no HSTS or HPKP",
url: "https://example.com",
+ usesHSTS: false,
+ usesPinning: false,
+ },
+ {
+ desc: "HSTS from this response, no Public Key Pinning",
+ url: "https://example.com/" +
+ "browser/browser/base/content/test/general/browser_star_hsts.sjs",
+ usesHSTS: true,
usesPinning: false,
},
{
- desc: "dynamic Public Key Pinning with this request",
+ desc: "stored HSTS from previous response, no Public Key Pinning",
+ url: "https://example.com/",
+ usesHSTS: true,
+ usesPinning: false,
+ },
+ {
+ desc: "no Public Key Pinning or HSTS",
+ url: "https://include-subdomains.pinning-dynamic.example.com/",
+ usesHSTS: false,
+ usesPinning: false,
+ },
+ {
+ desc: "dynamic Public Key Pinning with this request, no HSTS",
url: "https://include-subdomains.pinning-dynamic.example.com/" +
"browser/browser/base/content/test/general/pinning_headers.sjs",
+ usesHSTS: false,
usesPinning: true,
},
{
- desc: "dynamic Public Key Pinning with previous request",
+ desc: "dynamic Public Key Pinning with previous request, no HSTS",
url: "https://include-subdomains.pinning-dynamic.example.com/",
+ usesHSTS: false,
usesPinning: true,
}
];
function startTest() {
// Need to enable this pref or pinning headers are rejected due test
// certificate.
Services.prefs.setBoolPref(HPKP_PREF, true);
@@ -49,21 +71,23 @@ function startTest() {
// Reset pinning state.
let gSSService = Cc["@mozilla.org/ssservice;1"]
.getService(Ci.nsISiteSecurityService);
let gIOService = Cc["@mozilla.org/network/io-service;1"]
.getService(Ci.nsIIOService);
for (let {url} of TEST_CASES) {
let uri = gIOService.newURI(url);
+ gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
}
});
- info("Test detection of Public Key Pinning.");
+ info("Test detection of HTTP Strict Transport Security" +
+ " and Public Key Pinning.");
removeEventListener("load", startTest);
attachConsoleToTab(["NetworkActivity"], onAttach);
}
function onAttach(state, response) {
onNetworkEventUpdate = onNetworkEventUpdate.bind(null, state);
state.dbgClient.addListener("networkEventUpdate", onNetworkEventUpdate);
@@ -83,16 +107,18 @@ function runNextCase(state) {
let iframe = document.querySelector("iframe").contentWindow;
iframe.wrappedJSObject.makeXhrCallback("GET", url);
}
function onNetworkEventUpdate(state, type, packet) {
function onSecurityInfo(received) {
let data = TEST_CASES[gCurrentTestCase];
+ is(received.securityInfo.hsts, data.usesHSTS,
+ "Strict Transport Security detected correctly.");
is(received.securityInfo.hpkp, data.usesPinning,
"Public Key Pinning detected correctly.");
runNextCase(state);
}
if (packet.updateType === "securityInfo") {
state.client.getSecurityInfo(packet.from, onSecurityInfo);