1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,124 @@
1.4 +<!-- This Source Code Form is subject to the terms of the Mozilla Public
1.5 + - License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
1.7 +
1.8 +<!DOCTYPE HTML>
1.9 +<html>
1.10 +<head>
1.11 + <title>opens additional content that should be converted to https</title>
1.12 + <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
1.13 + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
1.14 +
1.15 + <script class="testbody" type="text/javascript">
1.16 + SimpleTest.waitForExplicitFinish();
1.17 +
1.18 + const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
1.19 +
1.20 + // initialized manually here
1.21 + var testsleft = {'plain': 4, 'subdom': 4};
1.22 + var roundsLeft = 2;
1.23 +
1.24 + var testframes = {
1.25 + 'samedom':
1.26 + {'url': "http://example.com" + STSPATH + "/verify.sjs",
1.27 + 'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
1.28 + 'subdom':
1.29 + {'url': "http://test1.example.com" + STSPATH + "/verify.sjs",
1.30 + 'expected': {'plain': 'INSECURE', 'subdom': 'SECURE'}},
1.31 + 'otherdom':
1.32 + {'url': "http://example.org" + STSPATH + "/verify.sjs",
1.33 + 'expected': {'plain': 'INSECURE', 'subdom': 'INSECURE'}},
1.34 + 'alreadysecure':
1.35 + {'url': "https://test2.example.com" + STSPATH + "/verify.sjs",
1.36 + 'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
1.37 + };
1.38 +
1.39 + function startRound(round) {
1.40 + var frame = document.createElement("iframe");
1.41 + frame.setAttribute('id', 'ifr_bootstrap');
1.42 + frame.setAttribute('src', "https://example.com" + STSPATH + "/" + round + "_bootstrap.html");
1.43 + document.body.appendChild(frame);
1.44 + }
1.45 +
1.46 + function endRound(round) {
1.47 + // remove all the iframes in the document
1.48 + document.body.removeChild(document.getElementById('ifr_bootstrap'));
1.49 + for (var test in testframes)
1.50 + document.body.removeChild(document.getElementById('ifr_' + test));
1.51 +
1.52 + // clean up the STS state
1.53 + const Cc = SpecialPowers.Cc;
1.54 + const Ci = SpecialPowers.Ci;
1.55 + var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
1.56 + var thehost = ios.newURI("http://example.com", null, null);
1.57 +
1.58 + var sss = Cc["@mozilla.org/ssservice;1"].getService(Ci.nsISiteSecurityService);
1.59 + sss.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, thehost, 0);
1.60 + }
1.61 +
1.62 + function loadVerifyFrames(round) {
1.63 + for (var test in testframes) {
1.64 + var frame = document.createElement("iframe");
1.65 + frame.setAttribute('id', 'ifr_' + test);
1.66 + frame.setAttribute('src', testframes[test].url + '?id=' + test);
1.67 + document.body.appendChild(frame);
1.68 + }
1.69 + }
1.70 +
1.71 + /* Messages received are in this format:
1.72 + * (BOOTSTRAP|SECURE|INSECURE) testid
1.73 + * For example: "BOOTSTRAP plain"
1.74 + * or: "INSECURE otherdom"
1.75 + */
1.76 + function onMessageReceived(event) {
1.77 +
1.78 + // otherwise, it's a test result
1.79 + var result = event.data.split(/\s+/);
1.80 + if (result.length != 2) {
1.81 + SimpleTest.ok(false, event.data);
1.82 + return;
1.83 + }
1.84 +
1.85 + // figure out which round of tests we're in
1.86 + var round = (roundsLeft == 2) ? 'plain' : 'subdom';
1.87 +
1.88 + if (result[0] === "BOOTSTRAP") {
1.89 + loadVerifyFrames(round);
1.90 + return;
1.91 + }
1.92 +
1.93 + // check if the result (SECURE/INSECURE) is expected for this round/test combo
1.94 + SimpleTest.is(result[0], testframes[result[1]].expected[round],
1.95 + "in ROUND " + round + ", test " + result[1]);
1.96 + testsleft[round]--;
1.97 +
1.98 + // check if there are more tests to run.
1.99 + if (testsleft[round] < 1) {
1.100 + // if not, advance to next round
1.101 + endRound(round);
1.102 + roundsLeft--;
1.103 +
1.104 + // defer this so it doesn't muck with the stack too much.
1.105 + if (roundsLeft == 1)
1.106 + setTimeout(function () {
1.107 + startRound('subdom');
1.108 + }, 0);
1.109 + }
1.110 +
1.111 + if (roundsLeft < 1) {
1.112 + SimpleTest.finish();
1.113 + }
1.114 + }
1.115 +
1.116 + // listen for calls back from the sts-setting iframe and then
1.117 + // the verification frames.
1.118 + window.addEventListener("message", onMessageReceived, false);
1.119 + window.addEventListener('load', function() {startRound('plain');}, false);
1.120 + </script>
1.121 +</head>
1.122 +
1.123 +<body>
1.124 + This test will load some iframes and do some tests.
1.125 +
1.126 +</body>
1.127 +</html>
