michael@0: // -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
michael@0: // This Source Code Form is subject to the terms of the Mozilla Public
michael@0: // License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0: // file, You can obtain one at http://mozilla.org/MPL/2.0/.
michael@0: "use strict";
michael@0: 
michael@0: function run_test() {
michael@0:   do_get_profile();
michael@0: 
michael@0:   add_tls_server_setup("OCSPStaplingServer");
michael@0: 
michael@0:   let socket = Cc["@mozilla.org/network/server-socket;1"]
michael@0:                  .createInstance(Ci.nsIServerSocket);
michael@0:   socket.init(8080, true, -1);
michael@0: 
michael@0: 
michael@0:   add_tests_in_mode(true, true);
michael@0:   add_tests_in_mode(false, true);
michael@0:   add_tests_in_mode(true, false);
michael@0:   add_tests_in_mode(false, false);
michael@0: 
michael@0:   add_test(function() { socket.close(); run_next_test(); });
michael@0:   run_next_test();
michael@0: }
michael@0: 
michael@0: function add_tests_in_mode(useMozillaPKIX, useHardFail) {
michael@0:   let startTime;
michael@0:   add_test(function () {
michael@0:     Services.prefs.setBoolPref("security.use_mozillapkix_verification",
michael@0:                                useMozillaPKIX);
michael@0:     Services.prefs.setBoolPref("security.OCSP.require", useHardFail);
michael@0:     startTime = new Date();
michael@0:     run_next_test();
michael@0:   });
michael@0: 
michael@0:   add_connection_test("ocsp-stapling-none.example.com", useHardFail
michael@0:                       ? getXPCOMStatusFromNSS(SEC_ERROR_OCSP_SERVER_ERROR)
michael@0:                       : Cr.NS_OK, clearSessionCache);
michael@0: 
michael@0:   // Reset state
michael@0:   add_test(function() {
michael@0:     let endTime = new Date();
michael@0:     // With OCSP hard-fail on, we timeout after 10 seconds.
michael@0:     // With OCSP soft-fail, we timeout after 2 seconds.
michael@0:     if (useHardFail) {
michael@0:       do_check_true((endTime - startTime) > 10000);
michael@0:     } else {
michael@0:       do_check_true((endTime - startTime) > 2000);
michael@0:     }
michael@0:     // Make sure we didn't wait too long.
michael@0:     // (Unfortunately, we probably can't have a tight upper bound on
michael@0:     // how long is too long for this test, because we might be running
michael@0:     // on slow hardware.)
michael@0:     do_check_true((endTime - startTime) < 60000);
michael@0:     clearOCSPCache();
michael@0:     run_next_test();
michael@0:   });
michael@0: }