Bug 1664998 - Added partitioning unit test for nsIClientAuthRememberService. r=timhuang
authorPaul Zuehlcke <pbz@mozilla.com>
Tue, 17 Aug 2021 12:49:39 +0000
changeset 589085 85f69a0ff41639eb85641cb4c6453a7802beb37f
parent 589084 5784d93242d114bc4b13d6a0729dd11696b1c69a
child 589086 1a79385f2a43953397f1ca4b4ce510bdb1d371d5
push id38714
push usernbeleuzu@mozilla.com
push dateTue, 17 Aug 2021 21:49:10 +0000
treeherdermozilla-central@659f053820bf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstimhuang
bugs1664998
milestone93.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1664998 - Added partitioning unit test for nsIClientAuthRememberService. r=timhuang Differential Revision: https://phabricator.services.mozilla.com/D122609
toolkit/components/antitracking/test/xpcshell/test_staticPartition_clientAuthRemember.js
toolkit/components/antitracking/test/xpcshell/xpcshell.ini
new file mode 100644
--- /dev/null
+++ b/toolkit/components/antitracking/test/xpcshell/test_staticPartition_clientAuthRemember.js
@@ -0,0 +1,134 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+"use strict";
+
+let cars = Cc["@mozilla.org/security/clientAuthRememberService;1"].getService(
+  Ci.nsIClientAuthRememberService
+);
+let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+  Ci.nsIX509CertDB
+);
+
+function getOAWithPartitionKey(
+  { scheme = "https", topLevelBaseDomain, port = null } = {},
+  originAttributes = {}
+) {
+  if (!topLevelBaseDomain || !scheme) {
+    return originAttributes;
+  }
+
+  return {
+    ...originAttributes,
+    partitionKey: `(${scheme},${topLevelBaseDomain}${port ? `,${port}` : ""})`,
+  };
+}
+
+// These are not actual server and client certs. The ClientAuthRememberService
+// does not care which certs we store decisions for, as long as they're valid.
+let [serverCert, clientCert] = certDB.getCerts();
+
+function addSecurityInfo({ host, topLevelBaseDomain, originAttributes = {} }) {
+  let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
+  cars.rememberDecisionScriptable(host, attrs, serverCert, clientCert);
+}
+
+function testSecurityInfo({
+  host,
+  topLevelBaseDomain,
+  originAttributes = {},
+  expected = true,
+}) {
+  let attrs = getOAWithPartitionKey({ topLevelBaseDomain }, originAttributes);
+
+  let messageSuffix = `for ${host}`;
+  if (topLevelBaseDomain) {
+    messageSuffix += ` partitioned under ${topLevelBaseDomain}`;
+  }
+
+  let hasRemembered = cars.hasRememberedDecisionScriptable(
+    host,
+    attrs,
+    serverCert,
+    {}
+  );
+
+  Assert.equal(
+    hasRemembered,
+    expected,
+    `CAR ${expected ? "is set" : "is not set"} ${messageSuffix}`
+  );
+}
+
+function addTestEntries() {
+  let entries = [
+    { host: "example.net" },
+    { host: "test.example.net" },
+    { host: "example.org" },
+    { host: "example.com", topLevelBaseDomain: "example.net" },
+    {
+      host: "test.example.net",
+      topLevelBaseDomain: "example.org",
+    },
+    {
+      host: "foo.example.com",
+      originAttributes: {
+        privateBrowsingId: 1,
+      },
+    },
+  ];
+
+  info("Add test state");
+  entries.forEach(addSecurityInfo);
+  info("Ensure we have the correct state initially");
+  entries.forEach(testSecurityInfo);
+}
+
+add_task(async () => {
+  addTestEntries();
+
+  info("Should not be set for unrelated host");
+  [undefined, "example.org", "example.net", "example.com"].forEach(
+    topLevelBaseDomain =>
+      testSecurityInfo({
+        host: "mochit.test",
+        topLevelBaseDomain,
+        expected: false,
+      })
+  );
+
+  info("Should not be set for unrelated subdomain");
+  testSecurityInfo({ host: "foo.example.net", expected: false });
+
+  info("Should not be set for unpartitioned first party");
+  testSecurityInfo({
+    host: "example.com",
+    expected: false,
+  });
+
+  info("Should not be set under different first party");
+  testSecurityInfo({
+    host: "example.com",
+    topLevelBaseDomain: "example.org",
+    expected: false,
+  });
+  testSecurityInfo({
+    host: "test.example.net",
+    topLevelBaseDomain: "example.com",
+    expected: false,
+  });
+
+  info("Should not be set in partitioned context");
+  ["example.com", "example.net", "example.org", "mochi.test"].forEach(
+    topLevelBaseDomain =>
+      testSecurityInfo({
+        host: "foo.example.com",
+        topLevelBaseDomain,
+        expected: false,
+      })
+  );
+
+  // Cleanup
+  cars.clearRememberedDecisions();
+});
--- a/toolkit/components/antitracking/test/xpcshell/xpcshell.ini
+++ b/toolkit/components/antitracking/test/xpcshell/xpcshell.ini
@@ -4,16 +4,17 @@ head = head.js ../../../../components/ur
 [test_cookie_behavior.js]
 [test_getPartitionKeyFromURL.js]
 [test_purge_trackers.js]
 skip-if = win10_2004 # Bug 1718292
 [test_purge_trackers_telemetry.js]
 [test_tracking_db_service.js]
 skip-if = toolkit == "android" # Bug 1697936
 [test_rejectForeignAllowList.js]
+[test_staticPartition_clientAuthRemember.js]
 [test_staticPartition_font.js]
 support-files =
   data/font.woff
 skip-if =
   apple_silicon
 [test_staticPartition_image.js]
 [test_staticPartition_authhttp.js]
 [test_staticPartition_prefetch.js]