Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 595 insertions, 0 deletions

diff --git a/netwerk/test/unit/test_altsvc.js b/netwerk/test/unit/test_altsvc.js
new file mode 100644
index 0000000000..b52f9cdffc
--- /dev/null
+++ b/netwerk/test/unit/test_altsvc.js
@@ -0,0 +1,595 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.import("resource://testing-common/httpd.js");
+
+var h2Port;
+var prefs;
+var http2pref;
+var altsvcpref1;
+var altsvcpref2;
+
+// https://foo.example.com:(h2Port)
+// https://bar.example.com:(h2Port) <- invalid for bar, but ok for foo
+var h1Foo; // server http://foo.example.com:(h1Foo.identity.primaryPort)
+var h1Bar; // server http://bar.example.com:(h1bar.identity.primaryPort)
+
+var otherServer; // server socket listening for other connection.
+
+var h2FooRoute; // foo.example.com:H2PORT
+var h2BarRoute; // bar.example.com:H2PORT
+var h2Route; // :H2PORT
+var httpFooOrigin; // http://foo.exmaple.com:PORT/
+var httpsFooOrigin; // https://foo.exmaple.com:PORT/
+var httpBarOrigin; // http://bar.example.com:PORT/
+var httpsBarOrigin; // https://bar.example.com:PORT/
+
+function run_test() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+  prefs = Services.prefs;
+
+  http2pref = prefs.getBoolPref("network.http.http2.enabled");
+  altsvcpref1 = prefs.getBoolPref("network.http.altsvc.enabled");
+  altsvcpref2 = prefs.getBoolPref("network.http.altsvc.oe", true);
+
+  prefs.setBoolPref("network.http.http2.enabled", true);
+  prefs.setBoolPref("network.http.altsvc.enabled", true);
+  prefs.setBoolPref("network.http.altsvc.oe", true);
+  prefs.setCharPref(
+    "network.dns.localDomains",
+    "foo.example.com, bar.example.com"
+  );
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert. The same cert is used
+  // for both h2FooRoute and h2BarRoute though it is only valid for
+  // the foo.example.com domain name.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  h1Foo = new HttpServer();
+  h1Foo.registerPathHandler("/altsvc-test", h1Server);
+  h1Foo.registerPathHandler("/.well-known/http-opportunistic", h1ServerWK);
+  h1Foo.start(-1);
+  h1Foo.identity.setPrimary(
+    "http",
+    "foo.example.com",
+    h1Foo.identity.primaryPort
+  );
+
+  h1Bar = new HttpServer();
+  h1Bar.registerPathHandler("/altsvc-test", h1Server);
+  h1Bar.start(-1);
+  h1Bar.identity.setPrimary(
+    "http",
+    "bar.example.com",
+    h1Bar.identity.primaryPort
+  );
+
+  h2FooRoute = "foo.example.com:" + h2Port;
+  h2BarRoute = "bar.example.com:" + h2Port;
+  h2Route = ":" + h2Port;
+
+  httpFooOrigin = "http://foo.example.com:" + h1Foo.identity.primaryPort + "/";
+  httpsFooOrigin = "https://" + h2FooRoute + "/";
+  httpBarOrigin = "http://bar.example.com:" + h1Bar.identity.primaryPort + "/";
+  httpsBarOrigin = "https://" + h2BarRoute + "/";
+  dump(
+    "http foo - " +
+      httpFooOrigin +
+      "\n" +
+      "https foo - " +
+      httpsFooOrigin +
+      "\n" +
+      "http bar - " +
+      httpBarOrigin +
+      "\n" +
+      "https bar - " +
+      httpsBarOrigin +
+      "\n"
+  );
+
+  doTest1();
+}
+
+function h1Server(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  try {
+    var hval = "h2=" + metadata.getHeader("x-altsvc");
+    response.setHeader("Alt-Svc", hval, false);
+  } catch (e) {}
+
+  var body = "Q: What did 0 say to 8? A: Nice Belt!\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function h1ServerWK(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/json", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  var body = '["http://foo.example.com:' + h1Foo.identity.primaryPort + '"]';
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function resetPrefs() {
+  prefs.setBoolPref("network.http.http2.enabled", http2pref);
+  prefs.setBoolPref("network.http.altsvc.enabled", altsvcpref1);
+  prefs.setBoolPref("network.http.altsvc.oe", altsvcpref2);
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.security.ports.banned");
+}
+
+function makeChan(origin) {
+  return NetUtil.newChannel({
+    uri: origin + "altsvc-test",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var origin;
+var xaltsvc;
+var loadWithoutClearingMappings = false;
+var disallowH3 = false;
+var disallowH2 = false;
+var nextTest;
+var expectPass = true;
+var waitFor = 0;
+var originAttributes = {};
+
+var Listener = function () {};
+Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    if (expectPass) {
+      if (!Components.isSuccessCode(request.status)) {
+        do_throw(
+          "Channel should have a success code! (" + request.status + ")"
+        );
+      }
+      Assert.equal(request.responseStatus, 200);
+    } else {
+      Assert.equal(Components.isSuccessCode(request.status), false);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    var routed = "";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+    Assert.equal(Components.isSuccessCode(status), expectPass);
+
+    if (waitFor != 0) {
+      Assert.equal(routed, "");
+      do_test_pending();
+      loadWithoutClearingMappings = true;
+      do_timeout(waitFor, doTest);
+      waitFor = 0;
+      xaltsvc = "NA";
+    } else if (xaltsvc == "NA") {
+      Assert.equal(routed, "");
+      nextTest();
+    } else if (routed == xaltsvc) {
+      Assert.equal(routed, xaltsvc); // always true, but a useful log
+      nextTest();
+    } else {
+      dump("poll later for alt svc mapping\n");
+      do_test_pending();
+      loadWithoutClearingMappings = true;
+      do_timeout(500, doTest);
+    }
+
+    do_test_finished();
+  },
+};
+
+function testsDone() {
+  dump("testDone\n");
+  resetPrefs();
+  do_test_pending();
+  otherServer.close();
+  do_test_pending();
+  h1Foo.stop(do_test_finished);
+  do_test_pending();
+  h1Bar.stop(do_test_finished);
+}
+
+function doTest() {
+  dump("execute doTest " + origin + "\n");
+  var chan = makeChan(origin);
+  var listener = new Listener();
+  if (xaltsvc != "NA") {
+    chan.setRequestHeader("x-altsvc", xaltsvc, false);
+  }
+  if (loadWithoutClearingMappings) {
+    chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  } else {
+    chan.loadFlags =
+      Ci.nsIRequest.LOAD_FRESH_CONNECTION |
+      Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  }
+  if (disallowH3) {
+    let internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.allowHttp3 = false;
+    disallowH3 = false;
+  }
+  if (disallowH2) {
+    let internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.allowSpdy = false;
+    disallowH2 = false;
+  }
+  loadWithoutClearingMappings = false;
+  chan.loadInfo.originAttributes = originAttributes;
+  chan.asyncOpen(listener);
+}
+
+// xaltsvc is overloaded to do two things..
+// 1] it is sent in the x-altsvc request header, and the response uses the value in the Alt-Svc response header
+// 2] the test polls until necko sets Alt-Used to that value (i.e. it uses that route)
+//
+// When xaltsvc is set to h2Route (i.e. :port with the implied hostname) it doesn't match the alt-used,
+// which is always explicit, so it needs to be changed after the channel is created but before the
+// listener is invoked
+
+// http://foo served from h2=:port
+function doTest1() {
+  dump("doTest1()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2Route;
+  nextTest = doTest2;
+  do_test_pending();
+  doTest();
+  xaltsvc = h2FooRoute;
+}
+
+// http://foo served from h2=foo:port
+function doTest2() {
+  dump("doTest2()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2FooRoute;
+  nextTest = doTest3;
+  do_test_pending();
+  doTest();
+}
+
+// http://foo served from h2=bar:port
+// requires cert for foo
+function doTest3() {
+  dump("doTest3()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2BarRoute;
+  nextTest = doTest4;
+  do_test_pending();
+  doTest();
+}
+
+// https://bar should fail because host bar has cert for foo
+function doTest4() {
+  dump("doTest4()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest5;
+  do_test_pending();
+  doTest();
+}
+
+// https://foo no alt-svc (just check cert setup)
+function doTest5() {
+  dump("doTest5()\n");
+  origin = httpsFooOrigin;
+  xaltsvc = "NA";
+  expectPass = true;
+  nextTest = doTest6;
+  do_test_pending();
+  doTest();
+}
+
+// https://foo via bar (bar has cert for foo)
+function doTest6() {
+  dump("doTest6()\n");
+  origin = httpsFooOrigin;
+  xaltsvc = h2BarRoute;
+  nextTest = doTest7;
+  do_test_pending();
+  doTest();
+}
+
+// check again https://bar should fail because host bar has cert for foo
+function doTest7() {
+  dump("doTest7()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest8;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar via h2 on bar
+// should not use TLS/h2 because h2BarRoute is not auth'd for bar
+// however the test ought to PASS (i.e. get a 200) because fallback
+// to plaintext happens.. thus the timeout
+function doTest8() {
+  dump("doTest8()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h2BarRoute;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest9;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar served from h2=:port, which is like the bar route in 8
+function doTest9() {
+  dump("doTest9()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h2Route;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest10;
+  do_test_pending();
+  doTest();
+  xaltsvc = h2BarRoute;
+}
+
+// check again https://bar should fail because host bar has cert for foo
+function doTest10() {
+  dump("doTest10()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest11;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar served from h2=foo, should fail because host foo only has
+// cert for foo. Fail in this case means alt-svc is not used, but content
+// is served
+function doTest11() {
+  dump("doTest11()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h2FooRoute;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest12;
+  do_test_pending();
+  doTest();
+}
+
+// Test 12-15:
+// Insert a cache of http://foo served from h2=:port with origin attributes.
+function doTest12() {
+  dump("doTest12()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2Route;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  nextTest = doTest13;
+  do_test_pending();
+  doTest();
+  xaltsvc = h2FooRoute;
+}
+
+// Make sure we get a cache miss with a different userContextId.
+function doTest13() {
+  dump("doTest13()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 2,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest14;
+  do_test_pending();
+  doTest();
+}
+
+// Make sure we get a cache miss with a different firstPartyDomain.
+function doTest14() {
+  dump("doTest14()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "b.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest15;
+  do_test_pending();
+  doTest();
+}
+//
+// Make sure we get a cache hit with the same origin attributes.
+function doTest15() {
+  dump("doTest15()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest16;
+  do_test_pending();
+  doTest();
+  // This ensures a cache hit.
+  xaltsvc = h2FooRoute;
+}
+
+// Make sure we do not use H2 if it is disabled on a channel.
+function doTest16() {
+  dump("doTest16()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  disallowH2 = true;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest17;
+  do_test_pending();
+  doTest();
+}
+
+// Make sure we use H2 if only Http3 is disabled on a channel.
+function doTest17() {
+  dump("doTest17()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2Route;
+  disallowH3 = true;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest18;
+  do_test_pending();
+  doTest();
+  // This should ensures a cache hit.
+  xaltsvc = h2FooRoute;
+}
+
+// Check we don't connect to blocked ports
+function doTest18() {
+  dump("doTest18()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  otherServer.init(-1, true, -1);
+  xaltsvc = "localhost:" + otherServer.port;
+  Services.prefs.setCharPref(
+    "network.security.ports.banned",
+    "" + otherServer.port
+  );
+  dump("Blocked port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(false, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  nextTest = doTest19;
+  do_test_pending();
+  doTest();
+}
+
+// Check we don't connect to blocked ports
+function doTest19() {
+  dump("doTest19()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  const BAD_PORT_U32 = 6667 + 65536;
+  otherServer.init(BAD_PORT_U32, true, -1);
+  Assert.ok(otherServer.port == 6667, "Trying to listen on port 6667");
+  xaltsvc = "localhost:" + BAD_PORT_U32;
+  dump("Blocked port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(false, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  nextTest = doTest20;
+  do_test_pending();
+  doTest();
+}
+function doTest20() {
+  dump("doTest20()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  const BAD_PORT_U64 = 6666 + 429496729;
+  otherServer.init(6666, true, -1);
+  Assert.ok(otherServer.port == 6666, "Trying to listen on port 6666");
+  xaltsvc = "localhost:" + BAD_PORT_U64;
+  dump("Blocked port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(false, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  nextTest = doTest21;
+  do_test_pending();
+  doTest();
+}
+// Port 65535 should be OK
+function doTest21() {
+  dump("doTest21()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  const GOOD_PORT = 65535;
+  otherServer.init(65535, true, -1);
+  Assert.ok(otherServer.port == 65535, "Trying to listen on port 65535");
+  xaltsvc = "localhost:" + GOOD_PORT;
+  dump("Allowed port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(true, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  do_test_pending();
+  doTest();
+}