Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-11 20:35:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 932519 - (2/3) rename OCSP response generation test code to remove "stapling" r=cviecco r=briansmith

Browse Source
This commit is contained in:
David Keeler 2013-11-11 13:42:35 -08:00
parent 67c258e9bf
commit ebbb41103e
3 changed files with 62 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
View File

@ -21,21 +21,21 @@ using namespace mozilla::test;
const OCSPHost sOCSPHosts[] =
{
{ "ocsp-stapling-good.example.com", OSRTGood },
{ "ocsp-stapling-revoked.example.com", OSRTRevoked },
{ "ocsp-stapling-unknown.example.com", OSRTUnknown },
{ "ocsp-stapling-good-other.example.com", OSRTGoodOtherCert },
{ "ocsp-stapling-good-other-ca.example.com", OSRTGoodOtherCA },
{ "ocsp-stapling-expired.example.com", OSRTExpired },
{ "ocsp-stapling-expired-fresh-ca.example.com", OSRTExpiredFreshCA },
{ "ocsp-stapling-none.example.com", OSRTNone },
{ "ocsp-stapling-empty.example.com", OSRTEmpty },
{ "ocsp-stapling-malformed.example.com", OSRTMalformed },
{ "ocsp-stapling-srverr.example.com", OSRTSrverr },
{ "ocsp-stapling-trylater.example.com", OSRTTryLater },
{ "ocsp-stapling-needssig.example.com", OSRTNeedsSig },
{ "ocsp-stapling-unauthorized.example.com", OSRTUnauthorized },
{ nullptr, OSRTNull }
{ "ocsp-stapling-good.example.com", ORTGood },
{ "ocsp-stapling-revoked.example.com", ORTRevoked },
{ "ocsp-stapling-unknown.example.com", ORTUnknown },
{ "ocsp-stapling-good-other.example.com", ORTGoodOtherCert },
{ "ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA },
{ "ocsp-stapling-expired.example.com", ORTExpired },
{ "ocsp-stapling-expired-fresh-ca.example.com", ORTExpiredFreshCA },
{ "ocsp-stapling-none.example.com", ORTNone },
{ "ocsp-stapling-empty.example.com", ORTEmpty },
{ "ocsp-stapling-malformed.example.com", ORTMalformed },
{ "ocsp-stapling-srverr.example.com", ORTSrverr },
{ "ocsp-stapling-trylater.example.com", ORTTryLater },
{ "ocsp-stapling-needssig.example.com", ORTNeedsSig },
{ "ocsp-stapling-unauthorized.example.com", ORTUnauthorized },
{ nullptr, ORTNull }
};
int32_t
@ -60,7 +60,7 @@ DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr,
}
// If the OCSP response type is "none", don't staple a response.
if (host->mOSRT == OSRTNone) {
if (host->mORT == ORTNone) {
return 0;
}
@ -71,7 +71,7 @@ DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr,
}
// response is contained by the arena - freeing the arena will free it
SECItemArray *response = GetOCSPResponseForType(host->mOSRT, cert, arena);
SECItemArray *response = GetOCSPResponseForType(host->mORT, cert, arena);
if (!response) {
PORT_FreeArena(arena, PR_FALSE);
return SSL_SNI_SEND_ALERT;

54
security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
View File

@ -15,12 +15,12 @@ using namespace mozilla::test;
SECItemArray *
GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
GetOCSPResponseForType(OCSPResponseType aORT, CERTCertificate *aCert,
PLArenaPool *aArena)
{
if (aOSRT == OSRTNone) {
if (aORT == ORTNone) {
if (gDebugLevel >= DEBUG_WARNINGS) {
fprintf(stderr, "GetOCSPResponseForType called with type OSRTNone, "
fprintf(stderr, "GetOCSPResponseForType called with type ORTNone, "
"which makes no sense.\n");
}
return nullptr;
@ -39,9 +39,9 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
PRTime oldNextUpdate = oldNow + 10 * PR_USEC_PER_SEC;
CERTOCSPSingleResponse *sr = nullptr;
switch (aOSRT) {
case OSRTGood:
case OSRTGoodOtherCA:
switch (aORT) {
case ORTGood:
case ORTGoodOtherCA:
sr = CERT_CreateOCSPSingleResponseGood(aArena, id, now, &nextUpdate);
if (!sr) {
PrintPRError("CERT_CreateOCSPSingleResponseGood failed");
@ -49,7 +49,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
}
id.forget(); // owned by sr now
break;
case OSRTRevoked:
case ORTRevoked:
sr = CERT_CreateOCSPSingleResponseRevoked(aArena, id, now, &nextUpdate,
expiredTime, nullptr);
if (!sr) {
@ -58,7 +58,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
}
id.forget(); // owned by sr now
break;
case OSRTUnknown:
case ORTUnknown:
sr = CERT_CreateOCSPSingleResponseUnknown(aArena, id, now, &nextUpdate);
if (!sr) {
PrintPRError("CERT_CreateOCSPSingleResponseUnknown failed");
@ -66,8 +66,8 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
}
id.forget(); // owned by sr now
break;
case OSRTExpired:
case OSRTExpiredFreshCA:
case ORTExpired:
case ORTExpiredFreshCA:
sr = CERT_CreateOCSPSingleResponseGood(aArena, id, oldNow, &oldNextUpdate);
if (!sr) {
PrintPRError("CERT_CreateOCSPSingleResponseGood failed");
@ -75,7 +75,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
}
id.forget(); // owned by sr now
break;
case OSRTGoodOtherCert:
case ORTGoodOtherCert:
{
ScopedCERTCertificate otherCert(
PK11_FindCertFromNickname("ocspOtherEndEntity", nullptr));
@ -97,22 +97,22 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
otherID.forget(); // owned by sr now
break;
}
case OSRTEmpty:
case OSRTMalformed:
case OSRTSrverr:
case OSRTTryLater:
case OSRTNeedsSig:
case OSRTUnauthorized:
case ORTEmpty:
case ORTMalformed:
case ORTSrverr:
case ORTTryLater:
case ORTNeedsSig:
case ORTUnauthorized:
break;
default:
if (gDebugLevel >= DEBUG_ERRORS) {
fprintf(stderr, "bad ocsp response type: %d\n", aOSRT);
fprintf(stderr, "bad ocsp response type: %d\n", aORT);
}
return nullptr;
}
ScopedCERTCertificate ca;
if (aOSRT == OSRTGoodOtherCA) {
if (aORT == ORTGoodOtherCA) {
ca = PK11_FindCertFromNickname("otherCA", nullptr);
if (!ca) {
PrintPRError("PK11_FindCertFromNickname failed");
@ -128,14 +128,14 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
}
PRTime signTime = now;
if (aOSRT == OSRTExpired) {
if (aORT == ORTExpired) {
signTime = oldNow;
}
CERTOCSPSingleResponse **responses;
SECItem *response = nullptr;
switch (aOSRT) {
case OSRTMalformed:
switch (aORT) {
case ORTMalformed:
response = CERT_CreateEncodedOCSPErrorResponse(
aArena, SEC_ERROR_OCSP_MALFORMED_REQUEST);
if (!response) {
@ -143,7 +143,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
return nullptr;
}
break;
case OSRTSrverr:
case ORTSrverr:
response = CERT_CreateEncodedOCSPErrorResponse(
aArena, SEC_ERROR_OCSP_SERVER_ERROR);
if (!response) {
@ -151,7 +151,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
return nullptr;
}
break;
case OSRTTryLater:
case ORTTryLater:
response = CERT_CreateEncodedOCSPErrorResponse(
aArena, SEC_ERROR_OCSP_TRY_SERVER_LATER);
if (!response) {
@ -159,7 +159,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
return nullptr;
}
break;
case OSRTNeedsSig:
case ORTNeedsSig:
response = CERT_CreateEncodedOCSPErrorResponse(
aArena, SEC_ERROR_OCSP_REQUEST_NEEDS_SIG);
if (!response) {
@ -167,7 +167,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
return nullptr;
}
break;
case OSRTUnauthorized:
case ORTUnauthorized:
response = CERT_CreateEncodedOCSPErrorResponse(
aArena, SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST);
if (!response) {
@ -175,7 +175,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
return nullptr;
}
break;
case OSRTEmpty:
case ORTEmpty:
break;
default:
// responses is contained in aArena and will be freed when aArena is

36
security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
View File

@ -11,33 +11,33 @@
#include "certt.h"
#include "seccomon.h"
enum OCSPStapleResponseType
enum OCSPResponseType
{
OSRTNull = 0,
OSRTGood, // the certificate is good
OSRTRevoked, // the certificate has been revoked
OSRTUnknown, // the responder doesn't know if the cert is good
OSRTGoodOtherCert, // the response references a different certificate
OSRTGoodOtherCA, // the wrong CA has signed the response
OSRTExpired, // the signature on the response has expired
OSRTExpiredFreshCA, // fresh signature, but old validity period
OSRTNone, // no stapled response
OSRTEmpty, // an empty stapled response
OSRTMalformed, // the response from the responder was malformed
OSRTSrverr, // the response indicates there was a server error
OSRTTryLater, // the responder replied with "try again later"
OSRTNeedsSig, // the response needs a signature
OSRTUnauthorized // the responder is not authorized for this certificate
ORTNull = 0,
ORTGood, // the certificate is good
ORTRevoked, // the certificate has been revoked
ORTUnknown, // the responder doesn't know if the cert is good
ORTGoodOtherCert, // the response references a different certificate
ORTGoodOtherCA, // the wrong CA has signed the response
ORTExpired, // the signature on the response has expired
ORTExpiredFreshCA, // fresh signature, but old validity period
ORTNone, // no stapled response
ORTEmpty, // an empty stapled response
ORTMalformed, // the response from the responder was malformed
ORTSrverr, // the response indicates there was a server error
ORTTryLater, // the responder replied with "try again later"
ORTNeedsSig, // the response needs a signature
ORTUnauthorized // the responder is not authorized for this certificate
};
struct OCSPHost
{
const char *mHostName;
OCSPStapleResponseType mOSRT;
OCSPResponseType mORT;
};
SECItemArray *
GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert,
GetOCSPResponseForType(OCSPResponseType aORT, CERTCertificate *aCert,
PLArenaPool *aArena);
#endif // OCSPCommon_h