horok/firefox
1
0
Fork 0
Code Activity
firefox/netwerk/test/unit/test_httpssvc_retry_without_ech.js
Daniel Baumann 5e9a113729
Adding upstream version 140.0. 
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
2025-06-25 09:37:52 +02:00

136 lines
3.8 KiB
JavaScript
Raw Permalink Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
let trrServer;
const certOverrideService = Cc[
"@mozilla.org/security/certoverride;1"
].getService(Ci.nsICertOverrideService);
add_setup(async function setup() {
trr_test_setup();
Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRFIRST);
Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
// An arbitrary, non-ECH server.
await asyncStartTLSTestServer(
"DelegatedCredentialsServer",
"../../../security/manager/ssl/tests/unit/test_delegated_credentials"
);
let nssComponent = Cc["@mozilla.org/psm;1"].getService(Ci.nsINSSComponent);
await nssComponent.asyncClearSSLExternalAndInternalSessionCache();
});
registerCleanupFunction(async () => {
trr_clear_prefs();
Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
Services.prefs.clearUserPref("network.dns.echconfig.enabled");
Services.prefs.clearUserPref(
"network.dns.echconfig.fallback_to_origin_when_all_failed"
);
if (trrServer) {
await trrServer.stop();
}
});
function makeChan(url) {
let chan = NetUtil.newChannel({
uri: url,
loadUsingSystemPrincipal: true,
contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
}).QueryInterface(Ci.nsIHttpChannel);
return chan;
}
function channelOpenPromise(chan, flags) {
return new Promise(resolve => {
function finish(req, buffer) {
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
false
);
resolve([req, buffer]);
}
certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
false
);
chan.asyncOpen(new ChannelListener(finish, null, flags));
});
}
add_task(async function testRetryWithoutECH() {
const ECH_CONFIG_FIXED =
"AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
trrServer = new TRRServer();
await trrServer.start();
Services.prefs.setIntPref("network.trr.mode", 3);
Services.prefs.setCharPref(
"network.trr.uri",
`https://foo.example.com:${trrServer.port()}/dns-query`
);
Services.prefs.setBoolPref(
"network.dns.echconfig.fallback_to_origin_when_all_failed",
true
);
// Only the last record is valid to use.
await trrServer.registerDoHAnswers(
"delegated-disabled.example.com",
"HTTPS",
{
answers: [
{
name: "delegated-disabled.example.com",
ttl: 55,
type: "HTTPS",
flush: false,
data: {
priority: 1,
name: "delegated-disabled.example.com",
values: [
{
key: "echconfig",
value: ECH_CONFIG_FIXED,
needBase64Decode: true,
},
],
},
},
],
}
);
await trrServer.registerDoHAnswers("delegated-disabled.example.com", "A", {
answers: [
{
name: "delegated-disabled.example.com",
ttl: 55,
type: "A",
flush: false,
data: "127.0.0.1",
},
],
});
await new TRRDNSListener("delegated-disabled.example.com", {
type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
});
let chan = makeChan(`https://delegated-disabled.example.com:8443`);
await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
let securityInfo = chan.securityInfo;
Assert.ok(
!securityInfo.isAcceptedEch,
"This host should not have accepted ECH"
);
await trrServer.stop();
});
View git blame Copy permalink