Bug 1286694 - Part 1: Modify test_tls_server.js to test TLS 1.3. r=keeler
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Wed, 20 Jul 2016 04:59:28 +0900
changeset 345780 b1a5c29d781b6ba6222f4be26094e4c8ae8d8943
parent 345779 6765609dcb46095329ddab3c8791564a44e994c0
child 345781 317aecd284b8a55b335a016a1a5bed3278893c9f
push id6389
push userraliiev@mozilla.com
push dateMon, 19 Sep 2016 13:38:22 +0000
treeherdermozilla-beta@01d67bfe6c81 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1286694
milestone50.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1286694 - Part 1: Modify test_tls_server.js to test TLS 1.3. r=keeler MozReview-Commit-ID: 5OhfwG1J1Hq
netwerk/test/unit/test_tls_server.js
--- a/netwerk/test/unit/test_tls_server.js
+++ b/netwerk/test/unit/test_tls_server.js
@@ -15,16 +15,19 @@ const { Promise: promise } =
 const certService = Cc["@mozilla.org/security/local-cert-service;1"]
                     .getService(Ci.nsILocalCertService);
 const certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
                             .getService(Ci.nsICertOverrideService);
 const socketTransportService =
   Cc["@mozilla.org/network/socket-transport-service;1"]
   .getService(Ci.nsISocketTransportService);
 
+const prefs = Cc["@mozilla.org/preferences-service;1"]
+              .getService(Ci.nsIPrefBranch);
+
 function run_test() {
   run_next_test();
 }
 
 function getCert() {
   let deferred = promise.defer();
   certService.getOrCreateCert("tls-test", {
     handleCert: function(c, rv) {
@@ -33,17 +36,18 @@ function getCert() {
         return;
       }
       deferred.resolve(c);
     }
   });
   return deferred.promise;
 }
 
-function startServer(cert, expectingPeerCert, clientCertificateConfig) {
+function startServer(cert, expectingPeerCert, clientCertificateConfig,
+                     expectedVersion, expectedVersionStr) {
   let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"]
                   .createInstance(Ci.nsITLSServerSocket);
   tlsServer.init(-1, true, -1);
   tlsServer.serverCert = cert;
 
   let input, output;
 
   let listener = {
@@ -59,18 +63,18 @@ function startServer(cert, expectingPeer
       do_print("TLS handshake done");
       if (expectingPeerCert) {
         ok(!!status.peerCert, "Has peer cert");
         ok(status.peerCert.equals(cert), "Peer cert matches expected cert");
       } else {
         ok(!status.peerCert, "No peer cert (as expected)");
       }
 
-      equal(status.tlsVersionUsed, Ci.nsITLSClientStatus.TLS_VERSION_1_2,
-            "Using TLS 1.2");
+      equal(status.tlsVersionUsed, expectedVersion,
+            "Using " + expectedVersionStr);
       equal(status.cipherName, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
             "Using expected cipher");
       equal(status.keyLength, 128, "Using 128-bit key");
       equal(status.macLength, 128, "Using 128-bit MAC");
 
       input.asyncWait({
         onInputStreamReady: function(input) {
           NetUtil.asyncCopy(input, output);
@@ -116,16 +120,17 @@ function startClient(port, cert, expecti
     },
 
     onInputStreamReady: function(input) {
       try {
         let data = NetUtil.readInputStreamToString(input, input.available());
         equal(data, "HELLO", "Echoed data received");
         input.close();
         output.close();
+        ok(!expectingBadCertAlert, "No bad cert alert expected");
         inputDeferred.resolve();
       } catch (e) {
         let errorCode = -1 * (e.result & 0xFFFF);
         if (expectingBadCertAlert && errorCode == SSL_ERROR_BAD_CERT_ALERT) {
           inputDeferred.resolve();
         } else {
           inputDeferred.reject(e);
         }
@@ -161,55 +166,66 @@ function startClient(port, cert, expecti
   output = transport.openOutputStream(0, 0, 0);
 
   return promise.all([inputDeferred.promise, outputDeferred.promise]);
 }
 
 // Replace the UI dialog that prompts the user to pick a client certificate.
 do_load_manifest("client_cert_chooser.manifest");
 
-add_task(function*() {
-  let cert = yield getCert();
-  ok(!!cert, "Got self-signed cert");
-  let port = startServer(cert, true, Ci.nsITLSServerSocket.REQUIRE_ALWAYS);
-  storeCertOverride(port, cert);
-  yield startClient(port, cert, false);
-});
+const tests = [{
+  expectingPeerCert: true,
+  clientCertificateConfig: Ci.nsITLSServerSocket.REQUIRE_ALWAYS,
+  sendClientCert: true,
+  expectingBadCertAlert: false
+}, {
+  expectingPeerCert: true,
+  clientCertificateConfig: Ci.nsITLSServerSocket.REQUIRE_ALWAYS,
+  sendClientCert: false,
+  expectingBadCertAlert: true
+}, {
+  expectingPeerCert: true,
+  clientCertificateConfig: Ci.nsITLSServerSocket.REQUEST_ALWAYS,
+  sendClientCert: true,
+  expectingBadCertAlert: false
+}, {
+  expectingPeerCert: false,
+  clientCertificateConfig: Ci.nsITLSServerSocket.REQUEST_ALWAYS,
+  sendClientCert: false,
+  expectingBadCertAlert: false
+}, {
+  expectingPeerCert: false,
+  clientCertificateConfig: Ci.nsITLSServerSocket.REQUEST_NEVER,
+  sendClientCert: true,
+  expectingBadCertAlert: false
+}, {
+  expectingPeerCert: false,
+  clientCertificateConfig: Ci.nsITLSServerSocket.REQUEST_NEVER,
+  sendClientCert: false,
+  expectingBadCertAlert: false
+}];
 
-add_task(function*() {
-  let cert = yield getCert();
-  ok(!!cert, "Got self-signed cert");
-  let port = startServer(cert, true, Ci.nsITLSServerSocket.REQUIRE_ALWAYS);
-  storeCertOverride(port, cert);
-  yield startClient(port, null, true);
-});
+const versions = [{
+  prefValue: 3, version: Ci.nsITLSClientStatus.TLS_VERSION_1_2, versionStr: "TLS 1.2"
+}, {
+  prefValue: 4, version: Ci.nsITLSClientStatus.TLS_VERSION_1_3, versionStr: "TLS 1.3"
+}];
 
 add_task(function*() {
   let cert = yield getCert();
   ok(!!cert, "Got self-signed cert");
-  let port = startServer(cert, true, Ci.nsITLSServerSocket.REQUEST_ALWAYS);
-  storeCertOverride(port, cert);
-  yield startClient(port, cert, false);
-});
-
-add_task(function*() {
-  let cert = yield getCert();
-  ok(!!cert, "Got self-signed cert");
-  let port = startServer(cert, false, Ci.nsITLSServerSocket.REQUEST_ALWAYS);
-  storeCertOverride(port, cert);
-  yield startClient(port, null, false);
+  for (let v of versions) {
+    prefs.setIntPref("security.tls.version.max", v.prefValue);
+    for (let t of tests) {
+      let port = startServer(cert,
+                             t.expectingPeerCert,
+                             t.clientCertificateConfig,
+                             v.version,
+                             v.versionStr);
+      storeCertOverride(port, cert);
+      yield startClient(port, t.sendClientCert ? cert : null, t.expectingBadCertAlert);
+    }
+  }
 });
 
-add_task(function*() {
-  let cert = yield getCert();
-  ok(!!cert, "Got self-signed cert");
-  let port = startServer(cert, false, Ci.nsITLSServerSocket.REQUEST_NEVER);
-  storeCertOverride(port, cert);
-  yield startClient(port, cert, false);
+do_register_cleanup(function() {
+  prefs.clearUserPref("security.tls.version.max");
 });
-
-add_task(function*() {
-  let cert = yield getCert();
-  ok(!!cert, "Got self-signed cert");
-  let port = startServer(cert, false, Ci.nsITLSServerSocket.REQUEST_NEVER);
-  storeCertOverride(port, cert);
-  yield startClient(port, null, false);
-});