bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
☠☠ backed out by e7ab435c8d1e ☠ ☠
authorDavid Keeler <dkeeler@mozilla.com>
Thu, 30 Jul 2015 10:20:52 -0700
changeset 288111 ebd4e3880403ff962f8ce0cbd04fef2f6010a0b6
parent 288110 331e489c753420ba3aeb537fe6af196f1a0ffee2
child 288112 95bd6642e4b1c4facd070773d91d00317e74deea
push id5067
push userraliiev@mozilla.com
push dateMon, 21 Sep 2015 14:04:52 +0000
treeherdermozilla-beta@14221ffe5b2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmgoodwin
bugs1189427
milestone42.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1189427 - convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
security/manager/ssl/tests/unit/moz.build
security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.der
security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec
security/manager/ssl/tests/unit/test_ocsp_fetch_method/b.der
security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.der
security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec
security/manager/ssl/tests/unit/test_ocsp_fetch_method/cert9.db
security/manager/ssl/tests/unit/test_ocsp_fetch_method/generate.py
security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.der
security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec
security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec
security/manager/ssl/tests/unit/test_ocsp_fetch_method/key4.db
security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build
security/manager/ssl/tests/unit/test_ocsp_fetch_method/pkcs11.txt
--- a/security/manager/ssl/tests/unit/moz.build
+++ b/security/manager/ssl/tests/unit/moz.build
@@ -10,14 +10,15 @@ TEST_DIRS += [
     'test_cert_embedded_null',
     'test_cert_keyUsage',
     'test_cert_trust',
     'test_cert_version',
     'test_ev_certs',
     'test_intermediate_basic_usage_constraints',
     'test_keysize_ev',
     'test_pinning_dynamic',
+    'test_ocsp_fetch_method',
     'test_ocsp_url',
     'test_validity',
 ]
 
 if not CONFIG['MOZ_NO_SMART_CARDS']:
     DIRS += ['pkcs11testmodule']
--- a/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
@@ -18,24 +18,24 @@ const SERVER_PORT = 8888;
 function start_ocsp_responder(expectedCertNames, expectedPaths,
                               expectedMethods) {
   return startOCSPResponder(SERVER_PORT, "www.example.com", [],
                             "test_ocsp_fetch_method", expectedCertNames,
                             expectedPaths, expectedMethods);
 }
 
 function check_cert_err(cert_name, expected_error) {
-  let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".der");
+  let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
   return checkCertErrorGeneric(certdb, cert, expected_error,
                                certificateUsageSSLServer);
 }
 
 function run_test() {
-  addCertFromFile(certdb, "test_ocsp_fetch_method/ca.der", 'CTu,CTu,CTu');
-  addCertFromFile(certdb, "test_ocsp_fetch_method/int.der", ',,');
+  addCertFromFile(certdb, "test_ocsp_fetch_method/ca.pem", 'CTu,CTu,CTu');
+  addCertFromFile(certdb, "test_ocsp_fetch_method/int.pem", ',,');
 
   // Enabled so that we can force ocsp failure responses.
   Services.prefs.setBoolPref("security.OCSP.require", true);
 
   Services.prefs.setCharPref("network.dns.localDomains",
                              "www.example.com");
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
 
@@ -50,21 +50,10 @@ function run_test() {
   add_test(function() {
     clearOCSPCache();
     Services.prefs.setBoolPref("security.OCSP.GET.enabled", true);
     let ocspResponder = start_ocsp_responder(["a"], [], ["GET"]);
     check_cert_err("a", PRErrorCodeSuccess);
     ocspResponder.stop(run_next_test);
   });
 
-  // GET does fallback on bad entry
-  add_test(function() {
-    clearOCSPCache();
-    Services.prefs.setBoolPref("security.OCSP.GET.enabled", true);
-    // Bug 1016681 mozilla::pkix does not support fallback yet.
-    // let ocspResponder = start_ocsp_responder(["b", "a"], [], ["GET", "POST"]);
-    // check_cert_err("a", PRErrorCodeSuccess);
-    // ocspResponder.stop(run_next_test);
-    run_next_test();
-  });
-
   run_next_test();
 }
deleted file mode 100644
index 48b71256a6befd2675b22410362d6bc5d6160464..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:a
+extension:authorityInformationAccess:http://www.example.com:8888/
deleted file mode 100644
index b7a751f540da98e11903956f1413ed14611a5701..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100644
index 20e8db54b0893a46b85356ab5c59bdd83cdd4e9f..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
deleted file mode 100644
index e54db78087a5091c79ff2756a5bbabbbb2577001..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
deleted file mode 100755
--- a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/generate.py
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/python
-
-import tempfile, os, sys
-
-libpath = os.path.abspath('../psm_common_py')
-sys.path.append(libpath)
-import CertUtils
-
-srcdir = os.getcwd()
-db = tempfile.mkdtemp()
-
-def generate_ca_cert(db_dir, dest_dir, noise_file, name):
-    return CertUtils.generate_ca_cert(db_dir, dest_dir, noise_file, name,
-                                      3, True)
-
-def generate_child_cert(db_dir, dest_dir, noise_file, name, ca_nick, is_ee,
-                        ocsp_url):
-    return CertUtils.generate_child_cert(db_dir, dest_dir, noise_file, name,
-                                         ca_nick, 3, True, is_ee, ocsp_url)
-
-def generate_certs():
-    [noise_file, pwd_file] = CertUtils.init_nss_db(srcdir)
-    generate_ca_cert(srcdir, srcdir, noise_file, 'ca')
-    generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '')
-    ocsp_url = "http://www.example.com:8888/"
-    generate_child_cert(srcdir, srcdir, noise_file, "a", 'int', True, ocsp_url)
-    generate_child_cert(srcdir, srcdir, noise_file, "b", 'int', True, ocsp_url)
-
-generate_certs()
deleted file mode 100644
index 661e814efaa9f67bc37bcef536b7f358ee34a666..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
new file mode 100644
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
deleted file mode 100644
index ada3335ecf24660ab3a4e0979a133ed8df901389..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
GIT binary patch
literal 0
Hc$@<O00001
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build
@@ -0,0 +1,31 @@
+# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+test_certificates = (
+    'a.pem',
+    'ca.pem',
+    'int.pem',
+)
+
+for test_certificate in test_certificates:
+    input_file = test_certificate + '.certspec'
+    GENERATED_FILES += [test_certificate]
+    props = GENERATED_FILES[test_certificate]
+    props.script = '../pycert.py'
+    props.inputs = [input_file]
+    TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_ocsp_fetch_method += ['!%s' % test_certificate]
+
+test_keys = (
+    'int.key',
+)
+
+for test_key in test_keys:
+    input_file = test_key + '.keyspec'
+    GENERATED_FILES += [test_key]
+    props = GENERATED_FILES[test_key]
+    props.script = '../pykey.py'
+    props.inputs = [input_file]
+    TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_ocsp_fetch_method += ['!%s' % test_key]
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/pkcs11.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-library=
-name=NSS Internal PKCS #11 Module
-parameters=configdir='sql:/home/cviecco/hg/mozilla-central-unified/security/manager/ssl/tests/unit/test_ocsp_fetch_method' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
-NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
-