no bug - Import translations from android-l10n r=release a=l10n CLOSED TREE
[gecko.git] / security / manager / ssl / tests / unit / test_ocsp_url.js
blob6ff79df03f8256f1a5ad35bd0b1bf453bea5c77e
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
2 // This Source Code Form is subject to the terms of the Mozilla Public
3 // License, v. 2.0. If a copy of the MPL was not distributed with this
4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 "use strict";
8 // In which we try to validate several ocsp responses, checking in particular
9 // if the ocsp url is valid and the path expressed is correctly passed to
10 // the caller.
12 do_get_profile(); // must be called before getting nsIX509CertDB
13 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
14   Ci.nsIX509CertDB
17 const SERVER_PORT = 8888;
19 function failingOCSPResponder() {
20   return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
23 function start_ocsp_responder(expectedCertNames, expectedPaths) {
24   return startOCSPResponder(
25     SERVER_PORT,
26     "www.example.com",
27     "test_ocsp_url",
28     expectedCertNames,
29     expectedPaths
30   );
33 function check_cert_err(cert_name, expected_error) {
34   let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem");
35   return checkCertErrorGeneric(
36     certdb,
37     cert,
38     expected_error,
39     certificateUsageSSLServer
40   );
43 add_task(async function () {
44   addCertFromFile(certdb, "test_ocsp_url/ca.pem", "CTu,CTu,CTu");
45   addCertFromFile(certdb, "test_ocsp_url/int.pem", ",,");
47   // Enabled so that we can force ocsp failure responses.
48   Services.prefs.setBoolPref("security.OCSP.require", true);
50   Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
51   Services.prefs.setIntPref("security.OCSP.enabled", 1);
53   // Note: We don't test the case of a well-formed HTTP URL with an empty port
54   //       because the OCSP code would then send a request to port 80, which we
55   //       can't use in tests.
57   clearOCSPCache();
58   let ocspResponder = failingOCSPResponder();
59   await check_cert_err("bad-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
60   await stopOCSPResponder(ocspResponder);
62   clearOCSPCache();
63   ocspResponder = failingOCSPResponder();
64   await check_cert_err("empty-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
65   await stopOCSPResponder(ocspResponder);
67   clearOCSPCache();
68   ocspResponder = failingOCSPResponder();
69   await check_cert_err("ftp-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
70   await stopOCSPResponder(ocspResponder);
72   clearOCSPCache();
73   ocspResponder = failingOCSPResponder();
74   await check_cert_err("https-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
75   await stopOCSPResponder(ocspResponder);
77   clearOCSPCache();
78   ocspResponder = start_ocsp_responder(["hTTp-url"], ["hTTp-url"]);
79   await check_cert_err("hTTp-url", PRErrorCodeSuccess);
80   await stopOCSPResponder(ocspResponder);
82   clearOCSPCache();
83   ocspResponder = failingOCSPResponder();
84   await check_cert_err("negative-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
85   await stopOCSPResponder(ocspResponder);
87   clearOCSPCache();
88   ocspResponder = failingOCSPResponder();
89   await check_cert_err("no-host-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
90   await stopOCSPResponder(ocspResponder);
92   clearOCSPCache();
93   ocspResponder = start_ocsp_responder(["no-path-url"], [""]);
94   await check_cert_err("no-path-url", PRErrorCodeSuccess);
95   await stopOCSPResponder(ocspResponder);
97   clearOCSPCache();
98   ocspResponder = failingOCSPResponder();
99   await check_cert_err(
100     "no-scheme-host-port",
101     SEC_ERROR_CERT_BAD_ACCESS_LOCATION
102   );
103   await stopOCSPResponder(ocspResponder);
105   clearOCSPCache();
106   ocspResponder = failingOCSPResponder();
107   await check_cert_err("no-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
108   await stopOCSPResponder(ocspResponder);
110   clearOCSPCache();
111   ocspResponder = failingOCSPResponder();
112   await check_cert_err("unknown-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
113   await stopOCSPResponder(ocspResponder);
115   // Note: We currently don't have anything that ensures user:pass sections
116   //       weren't sent. The following test simply checks that such sections
117   //       don't cause failures.
118   clearOCSPCache();
119   ocspResponder = start_ocsp_responder(["user-pass"], [""]);
120   await check_cert_err("user-pass", PRErrorCodeSuccess);
121   await stopOCSPResponder(ocspResponder);