bug 1290613 - remove unnecessary invalidIdentities parameter from startOCSPResponder r=Cykesiopka
authorDavid Keeler <dkeeler@mozilla.com>
Wed, 03 Aug 2016 15:01:50 -0700
changeset 312141 d465e3e3b6f27c6ac6296150b68d0b951f1d2e61
parent 312140 ddf122a7200b0f87d50b3ba959d34db1ecfefa59
child 312142 fabfb2ff761eace61d0433e4d6e3d74e0cba193e
push id81294
push userryanvm@gmail.com
push dateThu, 01 Sep 2016 02:34:56 +0000
treeherdermozilla-inbound@a7ef41c19c53 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersCykesiopka
bugs1290613
milestone51.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1290613 - remove unnecessary invalidIdentities parameter from startOCSPResponder r=Cykesiopka MozReview-Commit-ID: KBiRbkLllmu
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/test_ev_certs.js
security/manager/ssl/tests/unit/test_keysize_ev.js
security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
security/manager/ssl/tests/unit/test_ocsp_url.js
security/manager/ssl/tests/unit/test_validity.js
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -553,45 +553,38 @@ function getFailingHttpServer(serverPort
 // handler can cause timeouts, the expected responses are pre-generated
 // all at once before starting the server. This means that their producedAt
 // times will all be the same. If a test depends on this not being the case,
 // perhaps calling startOCSPResponder twice (at different times) will be
 // necessary.
 //
 // serverPort is the port of the http OCSP responder
 // identity is the http hostname that will answer the OCSP requests
-// invalidIdentities is an array of identities that if used an
-//   will cause a test failure
 // nssDBLocation is the location of the NSS database from where the OCSP
 //   responses will be generated (assumes appropiate keys are present)
 // expectedCertNames is an array of nicks of the certs to be responsed
 // expectedBasePaths is an optional array that is used to indicate
 //   what is the expected base path of the OCSP request.
-function startOCSPResponder(serverPort, identity, invalidIdentities,
-                            nssDBLocation, expectedCertNames,
-                            expectedBasePaths, expectedMethods,
-                            expectedResponseTypes) {
+function startOCSPResponder(serverPort, identity, nssDBLocation,
+                            expectedCertNames, expectedBasePaths,
+                            expectedMethods, expectedResponseTypes) {
   let ocspResponseGenerationArgs = expectedCertNames.map(
     function(expectedNick) {
       let responseType = "good";
       if (expectedResponseTypes && expectedResponseTypes.length >= 1) {
         responseType = expectedResponseTypes.shift();
       }
       return [responseType, expectedNick, "unused"];
     }
   );
   let ocspResponses = generateOCSPResponses(ocspResponseGenerationArgs,
                                             nssDBLocation);
   let httpServer = new HttpServer();
   httpServer.registerPrefixHandler("/",
     function handleServerCallback(aRequest, aResponse) {
-      invalidIdentities.forEach(function(identity) {
-        Assert.notEqual(aRequest.host, identity,
-                        "Request host and invalid identity should not match");
-      });
       do_print("got request for: " + aRequest.path);
       let basePath = aRequest.path.slice(1).split("/")[0];
       if (expectedBasePaths.length >= 1) {
         Assert.equal(basePath, expectedBasePaths.shift(),
                      "Actual and expected base path should match");
       }
       Assert.ok(expectedCertNames.length >= 1,
                 "expectedCertNames should contain >= 1 entries");
@@ -599,19 +592,16 @@ function startOCSPResponder(serverPort, 
         Assert.equal(aRequest.method, expectedMethods.shift(),
                      "Actual and expected fetch method should match");
       }
       aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
       aResponse.setHeader("Content-Type", "application/ocsp-response");
       aResponse.write(ocspResponses.shift());
     });
   httpServer.identity.setPrimary("http", identity, serverPort);
-  invalidIdentities.forEach(function(identity) {
-    httpServer.identity.add("http", identity, serverPort);
-  });
   httpServer.start(serverPort);
   return {
     stop: function(callback) {
       // make sure we consumed each expected response
       Assert.equal(ocspResponses.length, 0,
                    "Should have 0 remaining expected OCSP responses");
       if (expectedMethods) {
         Assert.equal(expectedMethods.length, 0,
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -29,24 +29,23 @@ var certList = [
 
 function load_ca(ca_name) {
   addCertFromFile(certdb, `test_ev_certs/${ca_name}.pem`, "CTu,CTu,CTu");
 }
 
 const SERVER_PORT = 8888;
 
 function failingOCSPResponder() {
-  return getFailingHttpServer(SERVER_PORT,
-                              ["www.example.com", "crl.example.com"]);
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
 }
 
 function start_ocsp_responder(expectedCertNames) {
   let expectedPaths = expectedCertNames.slice();
-  return startOCSPResponder(SERVER_PORT, "www.example.com", ["crl.example.com"],
-                            "test_ev_certs", expectedCertNames, expectedPaths);
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_ev_certs",
+                            expectedCertNames, expectedPaths);
 }
 
 function check_cert_err(cert_name, expected_error) {
   let cert = certdb.findCertByNickname(cert_name);
   checkCertErrorGeneric(certdb, cert, expected_error, certificateUsageSSLServer);
 }
 
 
@@ -59,18 +58,17 @@ function run_test() {
   for (let i = 0 ; i < certList.length; i++) {
     let cert_filename = certList[i] + ".pem";
     addCertFromFile(certdb, "test_ev_certs/" + cert_filename, ',,');
   }
   load_ca("evroot");
   load_ca("non-evroot-ca");
 
   // setup and start ocsp responder
-  Services.prefs.setCharPref("network.dns.localDomains",
-                             'www.example.com, crl.example.com');
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
 
   add_test(function () {
     clearOCSPCache();
     let ocspResponder = start_ocsp_responder(
                           gEVExpected ? ["int-ev-valid", "ev-valid"]
                                       : ["ev-valid"]);
     check_ee_for_ev("ev-valid", gEVExpected);
@@ -258,17 +256,17 @@ function run_test() {
             "Actual and expected error code should match for local only EV");
       failingOcspResponder.stop(run_next_test);
     });
   });
 
   // Bug 991815 old but valid intermediates are OK
   add_test(function () {
     clearOCSPCache();
-    let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com", [],
+    let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com",
                           "test_ev_certs",
                           gEVExpected ? ["int-ev-valid", "ev-valid"]
                                       : ["ev-valid"],
                           [], [],
                           gEVExpected ? ["longvalidityalmostold", "good"]
                                       : ["good"]);
     check_ee_for_ev("ev-valid", gEVExpected);
     ocspResponder.stop(run_next_test);
@@ -279,34 +277,34 @@ function run_test() {
   add_test(function () {
     clearOCSPCache();
     // Since Mozilla::pkix does not consider the old almost invalid OCSP
     // response valid, it does not cache the old response and thus
     // makes a separate request for DV
     let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"];
     let debugResponseArray = ["good", "longvalidityalmostold",
                               "longvalidityalmostold"];
-    let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com", [],
+    let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com",
                           "test_ev_certs",
                           gEVExpected ? debugCertNickArray : ["ev-valid"],
                           [], [],
                           gEVExpected ? debugResponseArray
                                       : ["longvalidityalmostold"]);
     check_ee_for_ev("ev-valid", false);
     ocspResponder.stop(run_next_test);
   });
 
   // Bug 991815 Valid but Ancient (almost two year old) responses are Not OK for
   // EV (still OK for soft fail DV)
   add_test(function () {
     clearOCSPCache();
     let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"];
     let debugResponseArray = ["good", "ancientstillvalid",
                               "ancientstillvalid"];
-    let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com", [],
+    let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com",
                           "test_ev_certs",
                           gEVExpected ? debugCertNickArray : ["ev-valid"],
                           [], [],
                           gEVExpected ? debugResponseArray
                                       : ["ancientstillvalid"]);
     check_ee_for_ev("ev-valid", false);
     ocspResponder.stop(run_next_test);
   });
--- a/security/manager/ssl/tests/unit/test_keysize_ev.js
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@@ -9,18 +9,18 @@
 do_get_profile(); // Must be called before getting nsIX509CertDB
 const certDB = Cc["@mozilla.org/security/x509certdb;1"]
                  .getService(Ci.nsIX509CertDB);
 
 const SERVER_PORT = 8888;
 
 function getOCSPResponder(expectedCertNames) {
   let expectedPaths = expectedCertNames.slice();
-  return startOCSPResponder(SERVER_PORT, "www.example.com", [],
-                            "test_keysize_ev/", expectedCertNames, expectedPaths);
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_keysize_ev/",
+                            expectedCertNames, expectedPaths);
 }
 
 function loadCert(certName, trustString) {
   let certFilename = "test_keysize_ev/" + certName + ".pem";
   addCertFromFile(certDB, certFilename, trustString);
   return constructCertFromFile(certFilename);
 }
 
--- a/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
@@ -20,17 +20,17 @@ function loadCert(certName, trustString)
   addCertFromFile(gCertDB, `test_ev_certs/${certName}.pem`, trustString);
 }
 
 function getFailingOCSPResponder() {
   return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
 }
 
 function getOCSPResponder(expectedCertNames) {
-  return startOCSPResponder(SERVER_PORT, "www.example.com", [], "test_ev_certs",
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_ev_certs",
                             expectedCertNames, []);
 }
 
 // Tests that in ocspOff mode, OCSP fetches are never done.
 function testOff() {
   add_test(() => {
     Services.prefs.setIntPref("security.OCSP.enabled", 0);
     do_print("Setting security.OCSP.enabled to 0");
--- a/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
@@ -12,17 +12,17 @@
 do_get_profile(); // must be called before getting nsIX509CertDB
 const certdb = Cc["@mozilla.org/security/x509certdb;1"]
                  .getService(Ci.nsIX509CertDB);
 
 const SERVER_PORT = 8888;
 
 function start_ocsp_responder(expectedCertNames, expectedPaths,
                               expectedMethods) {
-  return startOCSPResponder(SERVER_PORT, "www.example.com", [],
+  return startOCSPResponder(SERVER_PORT, "www.example.com",
                             "test_ocsp_fetch_method", expectedCertNames,
                             expectedPaths, expectedMethods);
 }
 
 function check_cert_err(cert_name, expected_error) {
   let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
   return checkCertErrorGeneric(certdb, cert, expected_error,
                                certificateUsageSSLServer);
--- a/security/manager/ssl/tests/unit/test_ocsp_url.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_url.js
@@ -15,17 +15,17 @@ const certdb = Cc["@mozilla.org/security
 
 const SERVER_PORT = 8888;
 
 function failingOCSPResponder() {
   return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
 }
 
 function start_ocsp_responder(expectedCertNames, expectedPaths) {
-  return startOCSPResponder(SERVER_PORT, "www.example.com", [],
+  return startOCSPResponder(SERVER_PORT, "www.example.com",
                             "test_ocsp_url", expectedCertNames, expectedPaths);
 }
 
 function check_cert_err(cert_name, expected_error) {
   let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem");
   return checkCertErrorGeneric(certdb, cert, expected_error,
                                certificateUsageSSLServer);
 }
--- a/security/manager/ssl/tests/unit/test_validity.js
+++ b/security/manager/ssl/tests/unit/test_validity.js
@@ -9,18 +9,18 @@
 do_get_profile(); // Must be called before getting nsIX509CertDB
 const certDB = Cc["@mozilla.org/security/x509certdb;1"]
                  .getService(Ci.nsIX509CertDB);
 
 const SERVER_PORT = 8888;
 
 function getOCSPResponder(expectedCertNames) {
   let expectedPaths = expectedCertNames.slice();
-  return startOCSPResponder(SERVER_PORT, "www.example.com", [],
-                            "test_validity", expectedCertNames, expectedPaths);
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_validity",
+                            expectedCertNames, expectedPaths);
 }
 
 function certFromFile(filename) {
   return constructCertFromFile(`test_validity/${filename}`);
 }
 
 function loadCert(certFilename, trustString) {
   addCertFromFile(certDB, `test_validity/${certFilename}`, trustString);