The Tor Browser / file revision

security/manager/ssl/tests/unit/test_ocsp_required.js@b8a032363ba2

security/manager/ssl/tests/unit/test_ocsp_required.js

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

     1 // -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-

     2 // This Source Code Form is subject to the terms of the Mozilla Public

     3 // License, v. 2.0. If a copy of the MPL was not distributed with this

     4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.

     5 "use strict";

     6 

     7 // In which we connect to a domain (as faked by a server running locally)

     8 // and start up an OCSP responder (also basically faked) that gives a

     9 // response with a bad signature. With security.OCSP.require set to true,

    10 // this should fail (but it also shouldn't cause assertion failures).

    11 

    12 let gOCSPRequestCount = 0;

    13 

    14 function run_test() {

    15   do_get_profile();

    16   Services.prefs.setBoolPref("security.OCSP.require", true);

    17 

    18   // We don't actually make use of stapling in this test. This is just how we

    19   // get a TLS connection.

    20   add_tls_server_setup("OCSPStaplingServer");

    21 

    22   let args = [["bad-signature", "localhostAndExampleCom", "unused"]];

    23   let ocspResponses = generateOCSPResponses(args, "tlsserver");

    24   let ocspResponseBadSignature = ocspResponses[0];

    25 

    26   let ocspResponder = new HttpServer();

    27   ocspResponder.registerPrefixHandler("/", function (request, response) {

    28     response.setStatusLine(request.httpVersion, 200, "OK");

    29     response.setHeader("Content-Type", "application/ocsp-response");

    30     response.write(ocspResponseBadSignature);

    31     gOCSPRequestCount++;

    32   });

    33   ocspResponder.start(8080);

    34 

    35   add_tests_in_mode(true);

    36   add_tests_in_mode(false);

    37 

    38   add_test(function () { ocspResponder.stop(run_next_test); });

    39 

    40   run_next_test();

    41 }

    42 

    43 function add_tests_in_mode(useMozillaPKIX)

    44 {

    45   add_test(function () {

    46     Services.prefs.setBoolPref("security.use_mozillapkix_verification",

    47                                useMozillaPKIX);

    48     run_next_test();

    49   });

    50 

    51   add_connection_test("ocsp-stapling-none.example.com",

    52                       getXPCOMStatusFromNSS(SEC_ERROR_OCSP_BAD_SIGNATURE));

    53   add_connection_test("ocsp-stapling-none.example.com",

    54                       getXPCOMStatusFromNSS(SEC_ERROR_OCSP_BAD_SIGNATURE));

    55   add_test(function () {

    56     do_check_eq(gOCSPRequestCount, 1);

    57     gOCSPRequestCount = 0;

    58     run_next_test();

    59   });

    60 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial