
michael@0: /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
michael@0: /* vim: set ts=8 sts=2 et sw=2 tw=80: */
michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0:  * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0:  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0: 
michael@0: #include "nsNSSIOLayer.h"
michael@0: #include "sslproto.h"
michael@0: 
michael@0: #include "gtest/gtest.h"
michael@0: 
michael@0: NS_NAMED_LITERAL_CSTRING(HOST, "example.org");
michael@0: const int16_t PORT = 443;
michael@0: 
michael@0: class TLSIntoleranceTest : public ::testing::Test
michael@0: {
michael@0: protected:
michael@0:   nsSSLIOLayerHelpers helpers;
michael@0: };
michael@0: 
michael@0: TEST_F(TLSIntoleranceTest, Test_1_2_through_3_0)
michael@0: {
michael@0:   // No adjustment made when there is no entry for the site.
michael@0:   {
michael@0:     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                               SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:     helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0: 
michael@0:     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0:                                                     range.min, range.max));
michael@0:   }
michael@0: 
michael@0:   {
michael@0:     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                               SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:     helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
michael@0: 
michael@0:     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0:                                                     range.min, range.max));
michael@0:   }
michael@0: 
michael@0:   {
michael@0:     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                               SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:     helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
michael@0: 
michael@0:     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0:                                                     range.min, range.max));
michael@0:   }
michael@0: 
michael@0:   {
michael@0:     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                               SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0: 
michael@0:     helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.max);
michael@0: 
michael@0:     // false because we reached the floor set by range.min
michael@0:     ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0:                                                      range.min, range.max));
michael@0:   }
michael@0: 
michael@0:   {
michael@0:     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                               SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:     helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:     // When rememberIntolerantAtVersion returns false, it also resets the
michael@0:     // intolerance information for the server.
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0:   }
michael@0: }
michael@0: 
michael@0: TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_1)
michael@0: {
michael@0:   ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0:                                                   SSL_LIBRARY_VERSION_3_0,
michael@0:                                                   SSL_LIBRARY_VERSION_TLS_1_0));
michael@0:   helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0);
michael@0:   SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                             SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:   helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:   ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:   ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
michael@0: }
michael@0: 
michael@0: TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_2)
michael@0: {
michael@0:   ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0:                                                   SSL_LIBRARY_VERSION_3_0,
michael@0:                                                   SSL_LIBRARY_VERSION_TLS_1_0));
michael@0:   helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
michael@0:   SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                             SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:   helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:   ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:   ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
michael@0: }
michael@0: 
michael@0: TEST_F(TLSIntoleranceTest, Test_Intolerant_Does_Not_Override_Tolerant)
michael@0: {
michael@0:   // No adjustment made when there is no entry for the site.
michael@0:   helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_0);
michael@0:   // false because we reached the floor set by rememberTolerantAtVersion.
michael@0:   ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
michael@0:                                                    SSL_LIBRARY_VERSION_3_0,
michael@0:                                                    SSL_LIBRARY_VERSION_TLS_1_0));
michael@0:   SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                             SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:   helpers.adjustForTLSIntolerance(HOST, PORT, range);
michael@0:   ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
michael@0:   ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0: }
michael@0: 
michael@0: TEST_F(TLSIntoleranceTest, Test_Port_Is_Relevant)
michael@0: {
michael@0:   helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
michael@0:   ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1,
michael@0:                                                    SSL_LIBRARY_VERSION_3_0,
michael@0:                                                    SSL_LIBRARY_VERSION_TLS_1_2));
michael@0:   ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2,
michael@0:                                                   SSL_LIBRARY_VERSION_3_0,
michael@0:                                                   SSL_LIBRARY_VERSION_TLS_1_2));
michael@0: 
michael@0:   {
michael@0:     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                               SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:     helpers.adjustForTLSIntolerance(HOST, 1, range);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
michael@0:   }
michael@0: 
michael@0:   {
michael@0:     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
michael@0:                               SSL_LIBRARY_VERSION_TLS_1_2 };
michael@0:     helpers.adjustForTLSIntolerance(HOST, 2, range);
michael@0:     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
michael@0:   }
michael@0: }