security/manager/ssl/tests/unit/test_ocsp_timeout.js@b8a032363ba2 (annotated)
security/manager/ssl/tests/unit/test_ocsp_timeout.js
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | // -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- |
| michael@0 | 2 | // This Source Code Form is subject to the terms of the Mozilla Public |
| michael@0 | 3 | // License, v. 2.0. If a copy of the MPL was not distributed with this |
| michael@0 | 4 | // file, You can obtain one at http://mozilla.org/MPL/2.0/. |
| michael@0 | 5 | "use strict"; |
| michael@0 | 6 | |
| michael@0 | 7 | function run_test() { |
| michael@0 | 8 | do_get_profile(); |
| michael@0 | 9 | |
| michael@0 | 10 | add_tls_server_setup("OCSPStaplingServer"); |
| michael@0 | 11 | |
| michael@0 | 12 | let socket = Cc["@mozilla.org/network/server-socket;1"] |
| michael@0 | 13 | .createInstance(Ci.nsIServerSocket); |
| michael@0 | 14 | socket.init(8080, true, -1); |
| michael@0 | 15 | |
| michael@0 | 16 | |
| michael@0 | 17 | add_tests_in_mode(true, true); |
| michael@0 | 18 | add_tests_in_mode(false, true); |
| michael@0 | 19 | add_tests_in_mode(true, false); |
| michael@0 | 20 | add_tests_in_mode(false, false); |
| michael@0 | 21 | |
| michael@0 | 22 | add_test(function() { socket.close(); run_next_test(); }); |
| michael@0 | 23 | run_next_test(); |
| michael@0 | 24 | } |
| michael@0 | 25 | |
| michael@0 | 26 | function add_tests_in_mode(useMozillaPKIX, useHardFail) { |
| michael@0 | 27 | let startTime; |
| michael@0 | 28 | add_test(function () { |
| michael@0 | 29 | Services.prefs.setBoolPref("security.use_mozillapkix_verification", |
| michael@0 | 30 | useMozillaPKIX); |
| michael@0 | 31 | Services.prefs.setBoolPref("security.OCSP.require", useHardFail); |
| michael@0 | 32 | startTime = new Date(); |
| michael@0 | 33 | run_next_test(); |
| michael@0 | 34 | }); |
| michael@0 | 35 | |
| michael@0 | 36 | add_connection_test("ocsp-stapling-none.example.com", useHardFail |
| michael@0 | 37 | ? getXPCOMStatusFromNSS(SEC_ERROR_OCSP_SERVER_ERROR) |
| michael@0 | 38 | : Cr.NS_OK, clearSessionCache); |
| michael@0 | 39 | |
| michael@0 | 40 | // Reset state |
| michael@0 | 41 | add_test(function() { |
| michael@0 | 42 | let endTime = new Date(); |
| michael@0 | 43 | // With OCSP hard-fail on, we timeout after 10 seconds. |
| michael@0 | 44 | // With OCSP soft-fail, we timeout after 2 seconds. |
| michael@0 | 45 | if (useHardFail) { |
| michael@0 | 46 | do_check_true((endTime - startTime) > 10000); |
| michael@0 | 47 | } else { |
| michael@0 | 48 | do_check_true((endTime - startTime) > 2000); |
| michael@0 | 49 | } |
| michael@0 | 50 | // Make sure we didn't wait too long. |
| michael@0 | 51 | // (Unfortunately, we probably can't have a tight upper bound on |
| michael@0 | 52 | // how long is too long for this test, because we might be running |
| michael@0 | 53 | // on slow hardware.) |
| michael@0 | 54 | do_check_true((endTime - startTime) < 60000); |
| michael@0 | 55 | clearOCSPCache(); |
| michael@0 | 56 | run_next_test(); |
| michael@0 | 57 | }); |
| michael@0 | 58 | } |
