netwerk/test/unit/test_client_auth_with_proxy.js

   1 /* This Source Code Form is subject to the terms of the Mozilla Public
   2  * License, v. 2.0. If a copy of the MPL was not distributed with this
   3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   4
   5 "use strict";
   6
   7 /* import-globals-from head_cache.js */
   8 /* import-globals-from head_cookies.js */
   9 /* import-globals-from head_channels.js */
  10 /* import-globals-from head_servers.js */
  11
  12 const { MockRegistrar } = ChromeUtils.importESModule(
  13   "resource://testing-common/MockRegistrar.sys.mjs"
  14 );
  15
  16 const certOverrideService = Cc[
  17   "@mozilla.org/security/certoverride;1"
  18 ].getService(Ci.nsICertOverrideService);
  19
  20 function makeChan(uri) {
  21   let chan = NetUtil.newChannel({
  22     uri,
  23     loadUsingSystemPrincipal: true,
  24   }).QueryInterface(Ci.nsIHttpChannel);
  25   chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
  26   return chan;
  27 }
  28
  29 function channelOpenPromise(chan, flags) {
  30   return new Promise(resolve => {
  31     function finish(req, buffer) {
  32       resolve([req, buffer]);
  33     }
  34     chan.asyncOpen(new ChannelListener(finish, null, flags));
  35   });
  36 }
  37
  38 class SecurityObserver {
  39   constructor(input, output) {
  40     this.input = input;
  41     this.output = output;
  42   }
  43
  44   onHandshakeDone() {
  45     info("TLS handshake done");
  46
  47     let output = this.output;
  48     this.input.asyncWait(
  49       {
  50         onInputStreamReady(readyInput) {
  51           let request = NetUtil.readInputStreamToString(
  52             readyInput,
  53             readyInput.available()
  54           );
  55           ok(
  56             request.startsWith("GET /") && request.includes("HTTP/1.1"),
  57             "expecting an HTTP/1.1 GET request"
  58           );
  59           let response =
  60             "HTTP/1.1 200 OK\r\nContent-Type:text/plain\r\n" +
  61             "Connection:Close\r\nContent-Length:2\r\n\r\nOK";
  62           output.write(response, response.length);
  63         },
  64       },
  65       0,
  66       0,
  67       Services.tm.currentThread
  68     );
  69   }
  70 }
  71
  72 function startServer(cert) {
  73   let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
  74     Ci.nsITLSServerSocket
  75   );
  76   tlsServer.init(-1, true, -1);
  77   tlsServer.serverCert = cert;
  78
  79   let securityObservers = [];
  80
  81   let listener = {
  82     onSocketAccepted(socket, transport) {
  83       info("Accepted TLS client connection");
  84       let connectionInfo = transport.securityCallbacks.getInterface(
  85         Ci.nsITLSServerConnectionInfo
  86       );
  87       let input = transport.openInputStream(0, 0, 0);
  88       let output = transport.openOutputStream(0, 0, 0);
  89       connectionInfo.setSecurityObserver(new SecurityObserver(input, output));
  90     },
  91
  92     onStopListening() {
  93       info("onStopListening");
  94       for (let securityObserver of securityObservers) {
  95         securityObserver.input.close();
  96         securityObserver.output.close();
  97       }
  98     },
  99   };
 100
 101   tlsServer.setSessionTickets(false);
 102   tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_ALWAYS);
 103
 104   tlsServer.asyncListen(listener);
 105
 106   return tlsServer;
 107 }
 108
 109 // Replace the UI dialog that prompts the user to pick a client certificate.
 110 const clientAuthDialogService = {
 111   chooseCertificate(hostname, certArray, loadContext, callback) {
 112     callback.certificateChosen(certArray[0], false);
 113   },
 114   QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogService"]),
 115 };
 116
 117 let server;
 118 add_setup(async function setup() {
 119   do_get_profile();
 120
 121   let clientAuthDialogServiceCID = MockRegistrar.register(
 122     "@mozilla.org/security/ClientAuthDialogService;1",
 123     clientAuthDialogService
 124   );
 125
 126   let cert = getTestServerCertificate();
 127   ok(!!cert, "Got self-signed cert");
 128   server = startServer(cert);
 129
 130   certOverrideService.rememberValidityOverride(
 131     "localhost",
 132     server.port,
 133     {},
 134     cert,
 135     true
 136   );
 137
 138   registerCleanupFunction(async function () {
 139     MockRegistrar.unregister(clientAuthDialogServiceCID);
 140     certOverrideService.clearValidityOverride("localhost", server.port, {});
 141     server.close();
 142   });
 143 });
 144
 145 add_task(async function test_client_auth_with_proxy() {
 146   let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
 147     Ci.nsIX509CertDB
 148   );
 149   addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
 150   addCertFromFile(certdb, "proxy-ca.pem", "CTu,u,u");
 151
 152   let proxies = [
 153     NodeHTTPProxyServer,
 154     NodeHTTPSProxyServer,
 155     NodeHTTP2ProxyServer,
 156   ];
 157
 158   for (let p of proxies) {
 159     info(`Test with proxy:${p.name}`);
 160     let proxy = new p();
 161     await proxy.start();
 162     registerCleanupFunction(async () => {
 163       await proxy.stop();
 164     });
 165
 166     let chan = makeChan(`https://localhost:${server.port}`);
 167     let [req, buff] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
 168     equal(req.status, Cr.NS_OK);
 169     equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
 170     equal(buff, "OK");
 171     req.QueryInterface(Ci.nsIProxiedChannel);
 172     ok(!!req.proxyInfo);
 173     notEqual(req.proxyInfo.type, "direct");
 174     await proxy.stop();
 175   }
 176 });