Bug 1174389 - Add result strings to PSM OCSP xpcshell tests. r=keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Thu, 02 Jul 2015 00:45:00 +0200
changeset 251138 1918e65eeb04172d527003ad0737ba4d78f93e72
parent 251137 daffc9a65ab0223a6993a64a4e4b43028f264474
child 251139 eaaff73823bf93c1b8bfc824b74b8380403e56f0
push id13833
push userryanvm@gmail.com
push dateThu, 02 Jul 2015 20:00:55 +0000
treeherderfx-team@98101796b275 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1174389
milestone42.0a1
Bug 1174389 - Add result strings to PSM OCSP xpcshell tests. r=keeler
security/manager/ssl/tests/unit/test_ocsp_caching.js
security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
security/manager/ssl/tests/unit/test_ocsp_required.js
security/manager/ssl/tests/unit/test_ocsp_stapling.js
security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
security/manager/ssl/tests/unit/test_ocsp_timeout.js
--- a/security/manager/ssl/tests/unit/test_ocsp_caching.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_caching.js
@@ -1,14 +1,17 @@
 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 "use strict";
 
+// Checks various aspects of the OCSP cache, mainly to to ensure we do not fetch
+// responses more than necessary.
+
 let gFetchCount = 0;
 let gGoodOCSPResponse = null;
 
 function generateGoodOCSPResponse() {
   let args = [ ["good", "localhostAndExampleCom", "unused" ] ];
   let responses = generateOCSPResponses(args, "tlsserver");
   return responses[0];
 }
@@ -79,29 +82,37 @@ function add_tests() {
   //---------------------------------------------------------------------------
 
   // Reset state
   add_test(function() { clearOCSPCache(); gFetchCount = 0; run_next_test(); });
 
   // This test assumes that OCSPStaplingServer uses the same cert for
   // ocsp-stapling-unknown.example.com and ocsp-stapling-none.example.com.
 
-  // Get an Unknown response for the *.exmaple.com cert and put it in the
+  // Get an Unknown response for the *.example.com cert and put it in the
   // OCSP cache.
   add_connection_test("ocsp-stapling-unknown.example.com",
                       SEC_ERROR_OCSP_UNKNOWN_CERT,
                       clearSessionCache);
-  add_test(function() { do_check_eq(gFetchCount, 0); run_next_test(); });
+  add_test(function() {
+    equal(gFetchCount, 0,
+          "Stapled Unknown response -> a fetch should not have been attempted");
+    run_next_test();
+  });
 
-  // A failure to retrieve an OCSP response must result in the cached Unkown
+  // A failure to retrieve an OCSP response must result in the cached Unknown
   // response being recognized and honored.
   add_connection_test("ocsp-stapling-none.example.com",
                       SEC_ERROR_OCSP_UNKNOWN_CERT,
                       clearSessionCache);
-  add_test(function() { do_check_eq(gFetchCount, 1); run_next_test(); });
+  add_test(function() {
+    equal(gFetchCount, 1,
+          "No stapled response -> a fetch should have been attempted");
+    run_next_test();
+  });
 
   // A valid Good response from the OCSP responder must override the cached
   // Unknown response.
   //
   // Note that We need to make sure that the Unknown response and the Good
   // response have different thisUpdate timestamps; otherwise, the Good
   // response will be seen as "not newer" and it won't replace the existing
   // entry.
@@ -112,46 +123,67 @@ function add_tests() {
     timer.initWithCallback(run_next_test, duration, Ci.nsITimer.TYPE_ONE_SHOT);
   });
   add_test(function() {
     gGoodOCSPResponse = generateGoodOCSPResponse();
     run_next_test();
   });
   add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
                       clearSessionCache);
-  add_test(function() { do_check_eq(gFetchCount, 2); run_next_test(); });
+  add_test(function() {
+    equal(gFetchCount, 2,
+          "Cached Unknown response, no stapled response -> a fetch should" +
+          " have been attempted");
+    run_next_test();
+  });
 
   // The Good response retrieved from the previous fetch must have replaced
   // the Unknown response in the cache, resulting in the catched Good response
   // being returned and no fetch.
   add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
                       clearSessionCache);
-  add_test(function() { do_check_eq(gFetchCount, 2); run_next_test(); });
+  add_test(function() {
+    equal(gFetchCount, 2,
+          "Cached Good response -> a fetch should not have been attempted");
+    run_next_test();
+  });
 
 
   //---------------------------------------------------------------------------
 
   // Reset state
   add_test(function() { clearOCSPCache(); gFetchCount = 0; run_next_test(); });
 
   // A failure to retrieve an OCSP response will result in an error entry being
   // added to the cache.
   add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
                       clearSessionCache);
-  add_test(function() { do_check_eq(gFetchCount, 1); run_next_test(); });
+  add_test(function() {
+    equal(gFetchCount, 1,
+          "No stapled response -> a fetch should have been attempted");
+    run_next_test();
+  });
 
   // The error entry will prevent a fetch from happening for a while.
   add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
                       clearSessionCache);
-  add_test(function() { do_check_eq(gFetchCount, 1); run_next_test(); });
+  add_test(function() {
+    equal(gFetchCount, 1,
+          "Noted OCSP server failure -> a fetch should not have been attempted");
+    run_next_test();
+  });
 
   // The error entry must not prevent a stapled OCSP response from being
   // honored.
   add_connection_test("ocsp-stapling-revoked.example.com",
                       SEC_ERROR_REVOKED_CERTIFICATE,
                       clearSessionCache);
-  add_test(function() { do_check_eq(gFetchCount, 1); run_next_test(); });
+  add_test(function() {
+    equal(gFetchCount, 1,
+          "Stapled Revoked response -> a fetch should not have been attempted");
+    run_next_test();
+  });
 
   //---------------------------------------------------------------------------
 
   // Reset state
   add_test(function() { clearOCSPCache(); gFetchCount = 0; run_next_test(); });
 }
--- a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
@@ -40,13 +40,15 @@ function run_test() {
   add_test(function () { ocspResponder.stop(run_next_test); });
 
   let SSService = Cc["@mozilla.org/ssservice;1"]
                     .getService(Ci.nsISiteSecurityService);
   let uri = Services.io.newURI("http://localhost", null, null);
   let sslStatus = new FakeSSLStatus();
   SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
                           "max-age=10000", sslStatus, 0);
-  do_check_true(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
-                                       "localhost", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "localhost", 0),
+     "Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" +
+     " we wouldn't be testing what we think we're testing");
 
   run_next_test();
 }
--- a/security/manager/ssl/tests/unit/test_ocsp_required.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_required.js
@@ -42,13 +42,14 @@ function run_test() {
 
 function add_tests()
 {
   add_connection_test("ocsp-stapling-none.example.com",
                       SEC_ERROR_OCSP_BAD_SIGNATURE);
   add_connection_test("ocsp-stapling-none.example.com",
                       SEC_ERROR_OCSP_BAD_SIGNATURE);
   add_test(function () {
-    do_check_eq(gOCSPRequestCount, 1);
+    equal(gOCSPRequestCount, 1,
+          "OCSP request count should be 1 due to OCSP response caching");
     gOCSPRequestCount = 0;
     run_next_test();
   });
 }
--- a/security/manager/ssl/tests/unit/test_ocsp_stapling.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
@@ -165,37 +165,43 @@ function add_tests(certDB, otherTestCA) 
                 SEC_ERROR_REVOKED_CERTIFICATE, true);
 }
 
 function check_ocsp_stapling_telemetry() {
   let histogram = Cc["@mozilla.org/base/telemetry;1"]
                     .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_OCSP_STAPLING")
                     .snapshot();
-  do_check_eq(histogram.counts[0], 0); // histogram bucket 0 is unused
-  do_check_eq(histogram.counts[1], 5); // 5 connections with a good response
-  do_check_eq(histogram.counts[2], 18); // 18 connections with no stapled resp.
-  do_check_eq(histogram.counts[3], 0); // 0 connections with an expired response
-  do_check_eq(histogram.counts[4], 21); // 21 connections with bad responses
+  equal(histogram.counts[0], 0,
+        "Should have 0 connections for unused histogram bucket 0");
+  equal(histogram.counts[1], 5,
+        "Actual and expected connections with a good response should match");
+  equal(histogram.counts[2], 18,
+        "Actual and expected connections with no stapled response should match");
+  equal(histogram.counts[3], 0,
+        "Actual and expected connections with an expired response should match");
+  equal(histogram.counts[4], 21,
+        "Actual and expected connections with bad responses should match");
   run_next_test();
 }
 
 function run_test() {
   do_get_profile();
 
   let certDB = Cc["@mozilla.org/security/x509certdb;1"]
                   .getService(Ci.nsIX509CertDB);
   let otherTestCAFile = do_get_file("tlsserver/other-test-ca.der", false);
   let otherTestCADER = readFile(otherTestCAFile);
   let otherTestCA = certDB.constructX509(otherTestCADER, otherTestCADER.length);
 
   let fakeOCSPResponder = new HttpServer();
   fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
     response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
-    do_check_true(gExpectOCSPRequest);
+    ok(gExpectOCSPRequest,
+       "Should be getting an OCSP request only when expected");
   });
   fakeOCSPResponder.start(8888);
 
   add_tls_server_setup("OCSPStaplingServer");
 
   add_tests(certDB, otherTestCA);
 
   add_test(function () {
--- a/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
@@ -16,17 +16,17 @@ function add_ocsp_test(aHost, aExpectedR
   add_connection_test(aHost, aExpectedResult,
     function() {
       clearOCSPCache();
       clearSessionCache();
       gCurrentOCSPResponse = aOCSPResponseToServe;
       gOCSPRequestCount = 0;
     },
     function() {
-      do_check_eq(gOCSPRequestCount, 1);
+      equal(gOCSPRequestCount, 1, "Should have made 1 fallback OCSP request");
     });
 }
 
 do_get_profile();
 Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
 Services.prefs.setIntPref("security.OCSP.enabled", 1);
 let args = [["good", "localhostAndExampleCom", "unused"],
              ["expiredresponse", "localhostAndExampleCom", "unused"],
@@ -153,15 +153,20 @@ function run_test() {
   run_next_test();
 }
 
 function check_ocsp_stapling_telemetry() {
   let histogram = Cc["@mozilla.org/base/telemetry;1"]
                     .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_OCSP_STAPLING")
                     .snapshot();
-  do_check_eq(histogram.counts[0], 0); // histogram bucket 0 is unused
-  do_check_eq(histogram.counts[1], 0); // 0 connections with a good response
-  do_check_eq(histogram.counts[2], 0); // 0 connections with no stapled resp.
-  do_check_eq(histogram.counts[3], 21); // 21 connections with an expired response
-  do_check_eq(histogram.counts[4], 0); // 0 connections with bad responses
+  equal(histogram.counts[0], 0,
+        "Should have 0 connections for unused histogram bucket 0");
+  equal(histogram.counts[1], 0,
+        "Actual and expected connections with a good response should match");
+  equal(histogram.counts[2], 0,
+        "Actual and expected connections with no stapled response should match");
+  equal(histogram.counts[3], 21,
+        "Actual and expected connections with an expired response should match");
+  equal(histogram.counts[4], 0,
+        "Actual and expected connections with bad responses should match");
   run_next_test();
 }
--- a/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
@@ -33,13 +33,13 @@ function run_test() {
 
   add_tls_server_setup("OCSPStaplingServer");
 
   add_ocsp_test("ocsp-stapling-with-intermediate.example.com",
                 PRErrorCodeSuccess);
 
   add_test(function () { ocspResponder.stop(run_next_test); });
   add_test(function() {
-    do_check_eq(gOCSPRequestCount, 0);
+    equal(gOCSPRequestCount, 0, "No OCSP requests should have been made");
     run_next_test();
   });
   run_next_test();
 }
--- a/security/manager/ssl/tests/unit/test_ocsp_timeout.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
@@ -65,21 +65,24 @@ function add_tests_in_mode(useHardFail) 
 
     // With OCSP hard-fail on, we timeout after 10 seconds.
     // With OCSP soft-fail, we timeout after 2 seconds.
     // Date() is not guaranteed to be monotonic, so add extra fuzz time to
     // prevent intermittent failures (this only appeared to be a problem on
     // Windows XP). See Bug 1121117.
     const FUZZ_MS = 300;
     if (useHardFail) {
-      do_check_true(timeDifference + FUZZ_MS > 10000);
+      ok(timeDifference + FUZZ_MS > 10000,
+         "Automatic OCSP timeout should be about 10s for hard-fail");
     } else {
-      do_check_true(timeDifference + FUZZ_MS > 2000);
+      ok(timeDifference + FUZZ_MS > 2000,
+         "Automatic OCSP timeout should be about 2s for soft-fail");
     }
     // Make sure we didn't wait too long.
     // (Unfortunately, we probably can't have a tight upper bound on
     // how long is too long for this test, because we might be running
     // on slow hardware.)
-    do_check_true(timeDifference < 60000);
+    ok(timeDifference < 60000,
+       "Automatic OCSP timeout shouldn't be more than 60s");
     clearOCSPCache();
     run_next_test();
   });
 }