tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_ocsp_private_caching.js (2921B)

      1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
      2 // This Source Code Form is subject to the terms of the Mozilla Public
      3 // License, v. 2.0. If a copy of the MPL was not distributed with this
      4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
      5 
      6 "use strict";
      7 
      8 // In which we connect to a host and encounter OCSP responses with the
      9 // Cache-Control header set, which normally Necko would cache. This test
     10 // ensures that these responses aren't cached. PSM has its own OCSP cache, so
     11 // Necko shouldn't also be caching them.
     12 
     13 do_get_profile(); // must be called before getting nsIX509CertDB
     14 
     15 const SERVER_PORT = 8888;
     16 
     17 function add_flush_cache() {
     18  add_test(() => {
     19    // This appears to either fire multiple times or fire once for every
     20    // observer that has ever been passed to flush. To prevent multiple calls to
     21    // run_next_test, keep track of if this observer has already called it.
     22    let observed = false;
     23    let observer = {
     24      observe: () => {
     25        if (!observed) {
     26          observed = true;
     27          run_next_test();
     28        }
     29      },
     30    };
     31    Services.cache2.QueryInterface(Ci.nsICacheTesting).flush(observer);
     32  });
     33 }
     34 
     35 function add_ocsp_necko_cache_test(loadContext) {
     36  // Pre-testcase cleanup/setup.
     37  add_test(() => {
     38    Services.cache2.clear();
     39    run_next_test();
     40  });
     41  add_flush_cache();
     42 
     43  let responder;
     44  add_test(() => {
     45    clearOCSPCache();
     46    clearSessionCache();
     47    responder = startOCSPResponder(
     48      SERVER_PORT,
     49      "localhost",
     50      "ocsp_certs",
     51      ["default-ee"],
     52      [],
     53      [],
     54      [],
     55      [["Cache-Control", "max-age=1000"]]
     56    );
     57    run_next_test();
     58  });
     59 
     60  // Prepare a connection that will cause an OCSP request.
     61  add_connection_test(
     62    "ocsp-stapling-none.example.com",
     63    PRErrorCodeSuccess,
     64    null,
     65    null,
     66    null,
     67    loadContext.originAttributes
     68  );
     69 
     70  add_flush_cache();
     71 
     72  // Traverse the cache and ensure the response was not cached.
     73  add_test(() => {
     74    let foundEntry = false;
     75    let visitor = {
     76      onCacheStorageInfo() {},
     77      onCacheEntryInfo(aURI) {
     78        Assert.equal(
     79          aURI.spec,
     80          "http://localhost:8888/",
     81          "expected OCSP request URI should match"
     82        );
     83        foundEntry = true;
     84      },
     85      onCacheEntryVisitCompleted() {
     86        Assert.ok(!foundEntry, "should not find a cached entry");
     87        run_next_test();
     88      },
     89      QueryInterface: ChromeUtils.generateQI(["nsICacheStorageVisitor"]),
     90    };
     91    Services.cache2.asyncVisitAllStorages(visitor, true);
     92  });
     93 
     94  // Clean up (stop the responder).
     95  add_test(() => {
     96    responder.stop(run_next_test);
     97  });
     98 }
     99 
    100 function run_test() {
    101  Services.prefs.setIntPref("security.OCSP.enabled", 1);
    102  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
    103  add_ocsp_necko_cache_test(Services.loadContextInfo.private);
    104  add_ocsp_necko_cache_test(Services.loadContextInfo.default);
    105  run_next_test();
    106 }