1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
"use strict";
// In which we connect to a host and encounter OCSP responses with the
// Cache-Control header set, which normally Necko would cache. This test
// ensures that these responses aren't cached. PSM has its own OCSP cache, so
// Necko shouldn't also be caching them.
do_get_profile(); // must be called before getting nsIX509CertDB
const SERVER_PORT = 8888;
function add_flush_cache() {
add_test(() => {
// This appears to either fire multiple times or fire once for every
// observer that has ever been passed to flush. To prevent multiple calls to
// run_next_test, keep track of if this observer has already called it.
let observed = false;
let observer = {
observe: () => {
if (!observed) {
observed = true;
run_next_test();
}
},
};
Services.cache2.QueryInterface(Ci.nsICacheTesting).flush(observer);
});
}
function add_ocsp_necko_cache_test(loadContext) {
// Pre-testcase cleanup/setup.
add_test(() => {
Services.cache2.clear();
run_next_test();
});
add_flush_cache();
let responder;
add_test(() => {
clearOCSPCache();
clearSessionCache();
responder = startOCSPResponder(
SERVER_PORT,
"localhost",
"ocsp_certs",
["default-ee"],
[],
[],
[],
[["Cache-Control", "max-age=1000"]]
);
run_next_test();
});
// Prepare a connection that will cause an OCSP request.
add_connection_test(
"ocsp-stapling-none.example.com",
PRErrorCodeSuccess,
null,
null,
null,
loadContext.originAttributes
);
add_flush_cache();
// Traverse the cache and ensure the response was not cached.
add_test(() => {
let foundEntry = false;
let visitor = {
onCacheStorageInfo() {},
onCacheEntryInfo(
aURI,
aIdEnhance,
aDataSize,
aFetchCount,
aLastModifiedTime,
aExpirationTime,
aPinned,
aInfo
) {
Assert.equal(
aURI.spec,
"http://localhost:8888/",
"expected OCSP request URI should match"
);
foundEntry = true;
},
onCacheEntryVisitCompleted() {
Assert.ok(!foundEntry, "should not find a cached entry");
run_next_test();
},
QueryInterface: ChromeUtils.generateQI(["nsICacheStorageVisitor"]),
};
Services.cache2.asyncVisitAllStorages(visitor, true);
});
// Clean up (stop the responder).
add_test(() => {
responder.stop(run_next_test);
});
}
function run_test() {
Services.prefs.setIntPref("security.OCSP.enabled", 1);
add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
add_ocsp_necko_cache_test(Services.loadContextInfo.private);
add_ocsp_necko_cache_test(Services.loadContextInfo.default);
run_next_test();
}
|