Bug 1564221 - Do not use FakeTransportSecurityInfo in test_ocsp_must_staple.js r=keeler

As part of making `nsITranportSecurityInfo` builtinclass, we can no longer use JS-implemented `nsITransportSecurityInfo` instances in test cases. This patch migrates `test_ocsp_must_staple.js` to use `add_connection_test()` to get a valid `nsITransportSecurityInfo` instance for the unit tests. Differential Revision: https://phabricator.services.mozilla.com/D40348 --HG-- extra : moz-landing-system : lando
2024-10-20 16:55:40 +00:00 · 2019-08-06 17:56:02 +00:00 · 2019-08-06 17:56:02 +00:00 · cc3aa27173
commit cc3aa27173
parent fb73718374
1 changed files with 53 additions and 52 deletions
--- a/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
@ -14,17 +14,23 @@ function add_ocsp_test(
  aHost,
  aExpectedResult,
  aStaplingEnabled,
-  aExpectOCSPRequest = false
+  aExpectOCSPRequest = false,
+  aWithSecurityInfo = undefined
 ) {
-  add_connection_test(aHost, aExpectedResult, function() {
-    gExpectOCSPRequest = aExpectOCSPRequest;
-    clearOCSPCache();
-    clearSessionCache();
-    Services.prefs.setBoolPref(
-      "security.ssl.enable_ocsp_stapling",
-      aStaplingEnabled
-    );
-  });
+  add_connection_test(
+    aHost,
+    aExpectedResult,
+    function() {
+      gExpectOCSPRequest = aExpectOCSPRequest;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref(
+        "security.ssl.enable_ocsp_stapling",
+        aStaplingEnabled
+      );
+    },
+    aWithSecurityInfo
+  );
 }

 function add_tests() {
@ -33,50 +39,45 @@ function add_tests() {
  add_ocsp_test(
    "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com",
    PRErrorCodeSuccess,
-    true
+    true,
+    false,
+    function(aSecInfo) {
+      Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1);
+      Services.prefs.setBoolPref(
+        "security.cert_pinning.process_headers_from_non_builtin_roots",
+        true
+      );
+      let uri = Services.io.newURI(
+        "https://ocsp-stapling-must-staple-ee-with-must-staple-int.example.com"
+      );
+      let keyHash = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+      let backupKeyHash = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN=";
+      let header = `max-age=1000; pin-sha256="${keyHash}"; pin-sha256="${backupKeyHash}"`;
+      let ssservice = Cc["@mozilla.org/ssservice;1"].getService(
+        Ci.nsISiteSecurityService
+      );
+      ssservice.processHeader(
+        Ci.nsISiteSecurityService.HEADER_HPKP,
+        uri,
+        header,
+        aSecInfo,
+        0,
+        Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
+      );
+      ok(
+        ssservice.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
+        "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com should have HPKP set"
+      );
+
+      // Clear accumulated state.
+      ssservice.resetState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
+      Services.prefs.clearUserPref(
+        "security.cert_pinning.process_headers_from_non_builtin_roots"
+      );
+      Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
+    }
  );

-  add_test(() => {
-    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1);
-    Services.prefs.setBoolPref(
-      "security.cert_pinning.process_headers_from_non_builtin_roots",
-      true
-    );
-    let uri = Services.io.newURI(
-      "https://ocsp-stapling-must-staple-ee-with-must-staple-int.example.com"
-    );
-    let keyHash = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
-    let backupKeyHash = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN=";
-    let header = `max-age=1000; pin-sha256="${keyHash}"; pin-sha256="${backupKeyHash}"`;
-    let ssservice = Cc["@mozilla.org/ssservice;1"].getService(
-      Ci.nsISiteSecurityService
-    );
-    let secInfo = new FakeTransportSecurityInfo();
-    secInfo.serverCert = constructCertFromFile(
-      "ocsp_certs/must-staple-ee-with-must-staple-int.pem"
-    );
-    ssservice.processHeader(
-      Ci.nsISiteSecurityService.HEADER_HPKP,
-      uri,
-      header,
-      secInfo,
-      0,
-      Ci.nsISiteSecurityService.SOURCE_ORGANIC_REQUEST
-    );
-    ok(
-      ssservice.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
-      "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com should have HPKP set"
-    );
-
-    // Clear accumulated state.
-    ssservice.resetState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
-    Services.prefs.clearUserPref(
-      "security.cert_pinning.process_headers_from_non_builtin_roots"
-    );
-    Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
-    run_next_test();
-  });
-
  // Next, a case where it's present in the intermediate, not the ee
  add_ocsp_test(
    "ocsp-stapling-plain-ee-with-must-staple-int.example.com",