test_ssl_status.js (3409B)
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*- 2 // This Source Code Form is subject to the terms of the Mozilla Public 3 // License, v. 2.0. If a copy of the MPL was not distributed with this 4 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 5 "use strict"; 6 7 do_get_profile(); 8 9 function run_test() { 10 Services.prefs.setIntPref("security.OCSP.enabled", 1); 11 add_tls_server_setup("BadCertAndPinningServer", "bad_certs"); 12 13 let fakeOCSPResponder = new HttpServer(); 14 fakeOCSPResponder.registerPrefixHandler("/", function (request, response) { 15 response.setStatusLine(request.httpVersion, 500, "Internal Server Error"); 16 }); 17 fakeOCSPResponder.start(8888); 18 19 // Test successful connection (both handshakeCertificates and 20 // succeededCertChain should be set as expected). 21 add_connection_test( 22 "good.include-subdomains.pinning.example.com", 23 PRErrorCodeSuccess, 24 null, 25 function withSecurityInfo(aSecInfo) { 26 ok( 27 areCertArraysEqual( 28 aSecInfo.handshakeCertificates, 29 build_cert_chain(["default-ee", "test-ca"]) 30 ), 31 "handshakeCertificates for a successful connection should be as expected" 32 ); 33 ok( 34 areCertArraysEqual( 35 aSecInfo.succeededCertChain, 36 build_cert_chain(["default-ee", "test-ca"]) 37 ), 38 "succeededCertChain for a successful connection should be as expected" 39 ); 40 } 41 ); 42 43 // Test failed connection (handshakeCertificates should be set as expected, 44 // succeededCertChain should be null) 45 add_connection_test( 46 "expired.example.com", 47 SEC_ERROR_EXPIRED_CERTIFICATE, 48 null, 49 function withSecurityInfo(aSecInfo) { 50 equal( 51 aSecInfo.succeededCertChain.length, 52 0, 53 "succeededCertChain for a failed connection should be null" 54 ); 55 ok( 56 areCertArraysEqual( 57 aSecInfo.handshakeCertificates, 58 build_cert_chain(["expired-ee", "test-ca"]) 59 ), 60 "handshakeCertificates for a failed connection should be as expected" 61 ); 62 } 63 ); 64 65 // Test non-overrideable error (handshakeCertificates should be non-null). 66 add_connection_test( 67 "inadequatekeyusage.example.com", 68 SEC_ERROR_INADEQUATE_KEY_USAGE, 69 null, 70 function withSecurityInfo(securityInfo) { 71 ok( 72 areCertArraysEqual( 73 securityInfo.handshakeCertificates, 74 build_cert_chain(["inadequatekeyusage-ee", "test-ca"]) 75 ), 76 "handshakeCertificates for a non-overridable error should be as expected" 77 ); 78 } 79 ); 80 81 // Ensure the correct handshakeCertificates is set on cert error override. 82 // First, add a certificate error override. 83 add_cert_override_test("expired.example.com", SEC_ERROR_EXPIRED_CERTIFICATE); 84 // Then, connect again and validate handshakeCertificates. 85 add_connection_test( 86 "expired.example.com", 87 PRErrorCodeSuccess, 88 null, 89 function withSecurityInfo(aSecInfo) { 90 equal( 91 aSecInfo.succeededCertChain.length, 92 0, 93 "succeededCertChain for a connection with a certificate error override should be null" 94 ); 95 ok( 96 areCertArraysEqual( 97 aSecInfo.handshakeCertificates, 98 build_cert_chain(["expired-ee", "test-ca"]) 99 ), 100 "handshakeCertificates for a connection with a certificate error override should be as expected" 101 ); 102 } 103 ); 104 105 run_next_test(); 106 }