зеркало из https://github.com/mozilla/gecko-dev.git
Backed out changeset 06f87ee5bbbb (bug 1231203) for xpcshell and TV failures on security/manager/ssl/tests/unit/test_ocsp_private_caching.js on a CLOSED TREE
This commit is contained in:
Родитель
668b05feb3
Коммит
5642ca2d02
|
@ -119,19 +119,13 @@ nsHTTPDownloadEvent::Run()
|
|||
chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS |
|
||||
nsIChannel::LOAD_BYPASS_SERVICE_WORKER);
|
||||
|
||||
// For OCSP requests, only the first party domain and private browsing id
|
||||
// aspects of origin attributes are used. This means that:
|
||||
// a) if first party isolation is enabled, OCSP requests will be isolated
|
||||
// according to the first party domain of the original https request
|
||||
// b) OCSP requests are shared across different containers as long as first
|
||||
// party isolation is not enabled and none of the containers are in private
|
||||
// browsing mode.
|
||||
// For OCSP requests, only the first party domain aspect of origin attributes
|
||||
// is used. This means that OCSP requests are shared across different
|
||||
// containers.
|
||||
if (mRequestSession->mOriginAttributes != OriginAttributes()) {
|
||||
OriginAttributes attrs;
|
||||
attrs.mFirstPartyDomain =
|
||||
mRequestSession->mOriginAttributes.mFirstPartyDomain;
|
||||
attrs.mPrivateBrowsingId =
|
||||
mRequestSession->mOriginAttributes.mPrivateBrowsingId;
|
||||
|
||||
nsCOMPtr<nsILoadInfo> loadInfo = chan->GetLoadInfo();
|
||||
if (loadInfo) {
|
||||
|
|
|
@ -607,12 +607,9 @@ function getFailingHttpServer(serverPort, serverIdentities) {
|
|||
// by which HTTP method the server is expected to be queried.
|
||||
// expectedResponseTypes is an optional array of OCSP response types to use (see
|
||||
// GenerateOCSPResponse.cpp).
|
||||
// responseHeaderPairs is an optional array of HTTP header (name, value) pairs
|
||||
// to set in each response.
|
||||
function startOCSPResponder(serverPort, identity, nssDBLocation,
|
||||
expectedCertNames, expectedBasePaths,
|
||||
expectedMethods, expectedResponseTypes,
|
||||
responseHeaderPairs = []) {
|
||||
expectedMethods, expectedResponseTypes) {
|
||||
let ocspResponseGenerationArgs = expectedCertNames.map(
|
||||
function(expectedNick) {
|
||||
let responseType = "good";
|
||||
|
@ -641,9 +638,6 @@ function startOCSPResponder(serverPort, identity, nssDBLocation,
|
|||
}
|
||||
aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
|
||||
aResponse.setHeader("Content-Type", "application/ocsp-response");
|
||||
for (let headerPair of responseHeaderPairs) {
|
||||
aResponse.setHeader(headerPair[0], headerPair[1]);
|
||||
}
|
||||
aResponse.write(ocspResponses.shift());
|
||||
});
|
||||
httpServer.identity.setPrimary("http", identity, serverPort);
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
|
||||
// This Source Code Form is subject to the terms of the Mozilla Public
|
||||
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
"use strict";
|
||||
|
||||
// In which we connect to a host and encounter OCSP responses with the
|
||||
// Cache-Control header set, which Necko will normally cache. We need to ensure
|
||||
// that these responses aren't cached to disk when the original https request
|
||||
// was in a private context.
|
||||
|
||||
do_get_profile(); // must be called before getting nsIX509CertDB
|
||||
const certdb = Cc["@mozilla.org/security/x509certdb;1"]
|
||||
.getService(Ci.nsIX509CertDB);
|
||||
|
||||
const SERVER_PORT = 8888;
|
||||
|
||||
function start_ocsp_responder(expectedCertNames, expectedPaths,
|
||||
expectedMethods) {
|
||||
return startOCSPResponder(SERVER_PORT, "www.example.com",
|
||||
"test_ocsp_fetch_method", expectedCertNames,
|
||||
expectedPaths, expectedMethods);
|
||||
}
|
||||
|
||||
function check_cert_err(cert_name, expected_error) {
|
||||
let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
|
||||
return checkCertErrorGeneric(certdb, cert, expected_error,
|
||||
certificateUsageSSLServer);
|
||||
}
|
||||
|
||||
function add_ocsp_necko_cache_test(loadContext, shouldFindEntry) {
|
||||
// Pre-testcase cleanup/setup.
|
||||
let responder;
|
||||
add_test(() => {
|
||||
Services.cache2.clear();
|
||||
clearOCSPCache();
|
||||
clearSessionCache();
|
||||
responder = startOCSPResponder(SERVER_PORT, "localhost", "ocsp_certs",
|
||||
["default-ee"], [], [], [],
|
||||
[["Cache-Control", "max-age: 1000"]]);
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
// Prepare a connection that will cause an OCSP request.
|
||||
add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
|
||||
null, null, null, loadContext.originAttributes);
|
||||
|
||||
// Traverse the cache and ensure the response made it into the cache with the
|
||||
// appropriate properties (private or not private).
|
||||
add_test(() => {
|
||||
let foundEntry = false;
|
||||
let visitor = {
|
||||
onCacheStorageInfo() {},
|
||||
onCacheEntryInfo(aURI, aIdEnhance, aDataSize, aFetchCount,
|
||||
aLastModifiedTime, aExpirationTime, aPinned, aInfo) {
|
||||
Assert.equal(aURI.spec, "http://localhost:8888/",
|
||||
"expected OCSP request URI should match");
|
||||
foundEntry = true;
|
||||
},
|
||||
onCacheEntryVisitCompleted() {
|
||||
Assert.equal(foundEntry, shouldFindEntry,
|
||||
"should only find a cached entry if we're expecting one");
|
||||
run_next_test();
|
||||
},
|
||||
QueryInterface(iid) {
|
||||
if (iid.equals(Ci.nsICacheStorageVisitor)) {
|
||||
return this;
|
||||
}
|
||||
throw Cr.NS_ERROR_NO_INTERFACE;
|
||||
},
|
||||
};
|
||||
Services.cache2.asyncVisitAllStorages(visitor, true);
|
||||
});
|
||||
|
||||
// Clean up (stop the responder).
|
||||
add_test(() => {
|
||||
responder.stop(run_next_test);
|
||||
});
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
|
||||
add_ocsp_necko_cache_test(Services.loadContextInfo.default, true);
|
||||
add_ocsp_necko_cache_test(Services.loadContextInfo.private, false);
|
||||
run_next_test();
|
||||
}
|
|
@ -122,8 +122,6 @@ run-sequentially = hardcoded ports
|
|||
run-sequentially = hardcoded ports
|
||||
[test_ocsp_must_staple.js]
|
||||
run-sequentially = hardcoded ports
|
||||
[test_ocsp_private_caching.js]
|
||||
run-sequentially = hardcoded ports
|
||||
[test_ocsp_no_hsts_upgrade.js]
|
||||
run-sequentially = hardcoded ports
|
||||
[test_ocsp_required.js]
|
||||
|
|
Загрузка…
Ссылка в новой задаче