The Tor Browser / file diff

     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/security/manager/ssl/tests/unit/test_ocsp_required.js	Wed Dec 31 06:09:35 2014 +0100
     1.3 @@ -0,0 +1,60 @@
     1.4 +// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
     1.5 +// This Source Code Form is subject to the terms of the Mozilla Public
     1.6 +// License, v. 2.0. If a copy of the MPL was not distributed with this
     1.7 +// file, You can obtain one at http://mozilla.org/MPL/2.0/.
     1.8 +"use strict";
     1.9 +
    1.10 +// In which we connect to a domain (as faked by a server running locally)
    1.11 +// and start up an OCSP responder (also basically faked) that gives a
    1.12 +// response with a bad signature. With security.OCSP.require set to true,
    1.13 +// this should fail (but it also shouldn't cause assertion failures).
    1.14 +
    1.15 +let gOCSPRequestCount = 0;
    1.16 +
    1.17 +function run_test() {
    1.18 +  do_get_profile();
    1.19 +  Services.prefs.setBoolPref("security.OCSP.require", true);
    1.20 +
    1.21 +  // We don't actually make use of stapling in this test. This is just how we
    1.22 +  // get a TLS connection.
    1.23 +  add_tls_server_setup("OCSPStaplingServer");
    1.24 +
    1.25 +  let args = [["bad-signature", "localhostAndExampleCom", "unused"]];
    1.26 +  let ocspResponses = generateOCSPResponses(args, "tlsserver");
    1.27 +  let ocspResponseBadSignature = ocspResponses[0];
    1.28 +
    1.29 +  let ocspResponder = new HttpServer();
    1.30 +  ocspResponder.registerPrefixHandler("/", function (request, response) {
    1.31 +    response.setStatusLine(request.httpVersion, 200, "OK");
    1.32 +    response.setHeader("Content-Type", "application/ocsp-response");
    1.33 +    response.write(ocspResponseBadSignature);
    1.34 +    gOCSPRequestCount++;
    1.35 +  });
    1.36 +  ocspResponder.start(8080);
    1.37 +
    1.38 +  add_tests_in_mode(true);
    1.39 +  add_tests_in_mode(false);
    1.40 +
    1.41 +  add_test(function () { ocspResponder.stop(run_next_test); });
    1.42 +
    1.43 +  run_next_test();
    1.44 +}
    1.45 +
    1.46 +function add_tests_in_mode(useMozillaPKIX)
    1.47 +{
    1.48 +  add_test(function () {
    1.49 +    Services.prefs.setBoolPref("security.use_mozillapkix_verification",
    1.50 +                               useMozillaPKIX);
    1.51 +    run_next_test();
    1.52 +  });
    1.53 +
    1.54 +  add_connection_test("ocsp-stapling-none.example.com",
    1.55 +                      getXPCOMStatusFromNSS(SEC_ERROR_OCSP_BAD_SIGNATURE));
    1.56 +  add_connection_test("ocsp-stapling-none.example.com",
    1.57 +                      getXPCOMStatusFromNSS(SEC_ERROR_OCSP_BAD_SIGNATURE));
    1.58 +  add_test(function () {
    1.59 +    do_check_eq(gOCSPRequestCount, 1);
    1.60 +    gOCSPRequestCount = 0;
    1.61 +    run_next_test();
    1.62 +  });
    1.63 +}