bug 1290613 - remove unnecessary invalidIdentities parameter from startOCSPResponder r?Cykesiopka
MozReview-Commit-ID: KBiRbkLllmu
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -553,45 +553,38 @@ function getFailingHttpServer(serverPort
// handler can cause timeouts, the expected responses are pre-generated
// all at once before starting the server. This means that their producedAt
// times will all be the same. If a test depends on this not being the case,
// perhaps calling startOCSPResponder twice (at different times) will be
// necessary.
//
// serverPort is the port of the http OCSP responder
// identity is the http hostname that will answer the OCSP requests
-// invalidIdentities is an array of identities that if used an
-// will cause a test failure
// nssDBLocation is the location of the NSS database from where the OCSP
// responses will be generated (assumes appropiate keys are present)
// expectedCertNames is an array of nicks of the certs to be responsed
// expectedBasePaths is an optional array that is used to indicate
// what is the expected base path of the OCSP request.
-function startOCSPResponder(serverPort, identity, invalidIdentities,
- nssDBLocation, expectedCertNames,
- expectedBasePaths, expectedMethods,
- expectedResponseTypes) {
+function startOCSPResponder(serverPort, identity, nssDBLocation,
+ expectedCertNames, expectedBasePaths,
+ expectedMethods, expectedResponseTypes) {
let ocspResponseGenerationArgs = expectedCertNames.map(
function(expectedNick) {
let responseType = "good";
if (expectedResponseTypes && expectedResponseTypes.length >= 1) {
responseType = expectedResponseTypes.shift();
}
return [responseType, expectedNick, "unused"];
}
);
let ocspResponses = generateOCSPResponses(ocspResponseGenerationArgs,
nssDBLocation);
let httpServer = new HttpServer();
httpServer.registerPrefixHandler("/",
function handleServerCallback(aRequest, aResponse) {
- invalidIdentities.forEach(function(identity) {
- Assert.notEqual(aRequest.host, identity,
- "Request host and invalid identity should not match");
- });
do_print("got request for: " + aRequest.path);
let basePath = aRequest.path.slice(1).split("/")[0];
if (expectedBasePaths.length >= 1) {
Assert.equal(basePath, expectedBasePaths.shift(),
"Actual and expected base path should match");
}
Assert.ok(expectedCertNames.length >= 1,
"expectedCertNames should contain >= 1 entries");
@@ -599,19 +592,16 @@ function startOCSPResponder(serverPort,
Assert.equal(aRequest.method, expectedMethods.shift(),
"Actual and expected fetch method should match");
}
aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
aResponse.setHeader("Content-Type", "application/ocsp-response");
aResponse.write(ocspResponses.shift());
});
httpServer.identity.setPrimary("http", identity, serverPort);
- invalidIdentities.forEach(function(identity) {
- httpServer.identity.add("http", identity, serverPort);
- });
httpServer.start(serverPort);
return {
stop: function(callback) {
// make sure we consumed each expected response
Assert.equal(ocspResponses.length, 0,
"Should have 0 remaining expected OCSP responses");
if (expectedMethods) {
Assert.equal(expectedMethods.length, 0,--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -29,24 +29,23 @@ var certList = [
function load_ca(ca_name) {
addCertFromFile(certdb, `test_ev_certs/${ca_name}.pem`, "CTu,CTu,CTu");
}
const SERVER_PORT = 8888;
function failingOCSPResponder() {
- return getFailingHttpServer(SERVER_PORT,
- ["www.example.com", "crl.example.com"]);
+ return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
}
function start_ocsp_responder(expectedCertNames) {
let expectedPaths = expectedCertNames.slice();
- return startOCSPResponder(SERVER_PORT, "www.example.com", ["crl.example.com"],
- "test_ev_certs", expectedCertNames, expectedPaths);
+ return startOCSPResponder(SERVER_PORT, "www.example.com", "test_ev_certs",
+ expectedCertNames, expectedPaths);
}
function check_cert_err(cert_name, expected_error) {
let cert = certdb.findCertByNickname(cert_name);
checkCertErrorGeneric(certdb, cert, expected_error, certificateUsageSSLServer);
}
@@ -59,18 +58,17 @@ function run_test() {
for (let i = 0 ; i < certList.length; i++) {
let cert_filename = certList[i] + ".pem";
addCertFromFile(certdb, "test_ev_certs/" + cert_filename, ',,');
}
load_ca("evroot");
load_ca("non-evroot-ca");
// setup and start ocsp responder
- Services.prefs.setCharPref("network.dns.localDomains",
- 'www.example.com, crl.example.com');
+ Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
Services.prefs.setIntPref("security.OCSP.enabled", 1);
add_test(function () {
clearOCSPCache();
let ocspResponder = start_ocsp_responder(
gEVExpected ? ["int-ev-valid", "ev-valid"]
: ["ev-valid"]);
check_ee_for_ev("ev-valid", gEVExpected);
@@ -258,17 +256,17 @@ function run_test() {
"Actual and expected error code should match for local only EV");
failingOcspResponder.stop(run_next_test);
});
});
// Bug 991815 old but valid intermediates are OK
add_test(function () {
clearOCSPCache();
- let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com", [],
+ let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com",
"test_ev_certs",
gEVExpected ? ["int-ev-valid", "ev-valid"]
: ["ev-valid"],
[], [],
gEVExpected ? ["longvalidityalmostold", "good"]
: ["good"]);
check_ee_for_ev("ev-valid", gEVExpected);
ocspResponder.stop(run_next_test);
@@ -279,34 +277,34 @@ function run_test() {
add_test(function () {
clearOCSPCache();
// Since Mozilla::pkix does not consider the old almost invalid OCSP
// response valid, it does not cache the old response and thus
// makes a separate request for DV
let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"];
let debugResponseArray = ["good", "longvalidityalmostold",
"longvalidityalmostold"];
- let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com", [],
+ let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com",
"test_ev_certs",
gEVExpected ? debugCertNickArray : ["ev-valid"],
[], [],
gEVExpected ? debugResponseArray
: ["longvalidityalmostold"]);
check_ee_for_ev("ev-valid", false);
ocspResponder.stop(run_next_test);
});
// Bug 991815 Valid but Ancient (almost two year old) responses are Not OK for
// EV (still OK for soft fail DV)
add_test(function () {
clearOCSPCache();
let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"];
let debugResponseArray = ["good", "ancientstillvalid",
"ancientstillvalid"];
- let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com", [],
+ let ocspResponder = startOCSPResponder(SERVER_PORT, "www.example.com",
"test_ev_certs",
gEVExpected ? debugCertNickArray : ["ev-valid"],
[], [],
gEVExpected ? debugResponseArray
: ["ancientstillvalid"]);
check_ee_for_ev("ev-valid", false);
ocspResponder.stop(run_next_test);
});--- a/security/manager/ssl/tests/unit/test_keysize_ev.js
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@@ -9,18 +9,18 @@
do_get_profile(); // Must be called before getting nsIX509CertDB
const certDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
const SERVER_PORT = 8888;
function getOCSPResponder(expectedCertNames) {
let expectedPaths = expectedCertNames.slice();
- return startOCSPResponder(SERVER_PORT, "www.example.com", [],
- "test_keysize_ev/", expectedCertNames, expectedPaths);
+ return startOCSPResponder(SERVER_PORT, "www.example.com", "test_keysize_ev/",
+ expectedCertNames, expectedPaths);
}
function loadCert(certName, trustString) {
let certFilename = "test_keysize_ev/" + certName + ".pem";
addCertFromFile(certDB, certFilename, trustString);
return constructCertFromFile(certFilename);
}
--- a/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
@@ -20,17 +20,17 @@ function loadCert(certName, trustString)
addCertFromFile(gCertDB, `test_ev_certs/${certName}.pem`, trustString);
}
function getFailingOCSPResponder() {
return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
}
function getOCSPResponder(expectedCertNames) {
- return startOCSPResponder(SERVER_PORT, "www.example.com", [], "test_ev_certs",
+ return startOCSPResponder(SERVER_PORT, "www.example.com", "test_ev_certs",
expectedCertNames, []);
}
// Tests that in ocspOff mode, OCSP fetches are never done.
function testOff() {
add_test(() => {
Services.prefs.setIntPref("security.OCSP.enabled", 0);
do_print("Setting security.OCSP.enabled to 0");--- a/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
@@ -12,17 +12,17 @@
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
const SERVER_PORT = 8888;
function start_ocsp_responder(expectedCertNames, expectedPaths,
expectedMethods) {
- return startOCSPResponder(SERVER_PORT, "www.example.com", [],
+ return startOCSPResponder(SERVER_PORT, "www.example.com",
"test_ocsp_fetch_method", expectedCertNames,
expectedPaths, expectedMethods);
}
function check_cert_err(cert_name, expected_error) {
let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
return checkCertErrorGeneric(certdb, cert, expected_error,
certificateUsageSSLServer);--- a/security/manager/ssl/tests/unit/test_ocsp_url.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_url.js
@@ -15,17 +15,17 @@ const certdb = Cc["@mozilla.org/security
const SERVER_PORT = 8888;
function failingOCSPResponder() {
return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
}
function start_ocsp_responder(expectedCertNames, expectedPaths) {
- return startOCSPResponder(SERVER_PORT, "www.example.com", [],
+ return startOCSPResponder(SERVER_PORT, "www.example.com",
"test_ocsp_url", expectedCertNames, expectedPaths);
}
function check_cert_err(cert_name, expected_error) {
let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem");
return checkCertErrorGeneric(certdb, cert, expected_error,
certificateUsageSSLServer);
}--- a/security/manager/ssl/tests/unit/test_validity.js
+++ b/security/manager/ssl/tests/unit/test_validity.js
@@ -9,18 +9,18 @@
do_get_profile(); // Must be called before getting nsIX509CertDB
const certDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
const SERVER_PORT = 8888;
function getOCSPResponder(expectedCertNames) {
let expectedPaths = expectedCertNames.slice();
- return startOCSPResponder(SERVER_PORT, "www.example.com", [],
- "test_validity", expectedCertNames, expectedPaths);
+ return startOCSPResponder(SERVER_PORT, "www.example.com", "test_validity",
+ expectedCertNames, expectedPaths);
}
function certFromFile(filename) {
return constructCertFromFile(`test_validity/${filename}`);
}
function loadCert(certFilename, trustString) {
addCertFromFile(certDB, `test_validity/${certFilename}`, trustString);