From ebbb41103ea9224ff4b26ad60a6a62b0afa36664 Mon Sep 17 00:00:00 2001 From: David Keeler Date: Mon, 11 Nov 2013 13:42:35 -0800 Subject: [PATCH] bug 932519 - (2/3) rename OCSP response generation test code to remove "stapling" r=cviecco r=briansmith --- .../unit/tlsserver/cmd/OCSPStaplingServer.cpp | 34 ++++++------ .../tests/unit/tlsserver/lib/OCSPCommon.cpp | 54 +++++++++---------- .../ssl/tests/unit/tlsserver/lib/OCSPCommon.h | 36 ++++++------- 3 files changed, 62 insertions(+), 62 deletions(-) diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp index 3b72c992a833..e93b8736bd5f 100644 --- a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp +++ b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp @@ -21,21 +21,21 @@ using namespace mozilla::test; const OCSPHost sOCSPHosts[] = { - { "ocsp-stapling-good.example.com", OSRTGood }, - { "ocsp-stapling-revoked.example.com", OSRTRevoked }, - { "ocsp-stapling-unknown.example.com", OSRTUnknown }, - { "ocsp-stapling-good-other.example.com", OSRTGoodOtherCert }, - { "ocsp-stapling-good-other-ca.example.com", OSRTGoodOtherCA }, - { "ocsp-stapling-expired.example.com", OSRTExpired }, - { "ocsp-stapling-expired-fresh-ca.example.com", OSRTExpiredFreshCA }, - { "ocsp-stapling-none.example.com", OSRTNone }, - { "ocsp-stapling-empty.example.com", OSRTEmpty }, - { "ocsp-stapling-malformed.example.com", OSRTMalformed }, - { "ocsp-stapling-srverr.example.com", OSRTSrverr }, - { "ocsp-stapling-trylater.example.com", OSRTTryLater }, - { "ocsp-stapling-needssig.example.com", OSRTNeedsSig }, - { "ocsp-stapling-unauthorized.example.com", OSRTUnauthorized }, - { nullptr, OSRTNull } + { "ocsp-stapling-good.example.com", ORTGood }, + { "ocsp-stapling-revoked.example.com", ORTRevoked }, + { "ocsp-stapling-unknown.example.com", ORTUnknown }, + { "ocsp-stapling-good-other.example.com", ORTGoodOtherCert }, + { "ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA }, + { "ocsp-stapling-expired.example.com", ORTExpired }, + { "ocsp-stapling-expired-fresh-ca.example.com", ORTExpiredFreshCA }, + { "ocsp-stapling-none.example.com", ORTNone }, + { "ocsp-stapling-empty.example.com", ORTEmpty }, + { "ocsp-stapling-malformed.example.com", ORTMalformed }, + { "ocsp-stapling-srverr.example.com", ORTSrverr }, + { "ocsp-stapling-trylater.example.com", ORTTryLater }, + { "ocsp-stapling-needssig.example.com", ORTNeedsSig }, + { "ocsp-stapling-unauthorized.example.com", ORTUnauthorized }, + { nullptr, ORTNull } }; int32_t @@ -60,7 +60,7 @@ DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr, } // If the OCSP response type is "none", don't staple a response. - if (host->mOSRT == OSRTNone) { + if (host->mORT == ORTNone) { return 0; } @@ -71,7 +71,7 @@ DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr, } // response is contained by the arena - freeing the arena will free it - SECItemArray *response = GetOCSPResponseForType(host->mOSRT, cert, arena); + SECItemArray *response = GetOCSPResponseForType(host->mORT, cert, arena); if (!response) { PORT_FreeArena(arena, PR_FALSE); return SSL_SNI_SEND_ALERT; diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp index 65f71e49fefd..78b2a1dd354a 100644 --- a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp +++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp @@ -15,12 +15,12 @@ using namespace mozilla::test; SECItemArray * -GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, +GetOCSPResponseForType(OCSPResponseType aORT, CERTCertificate *aCert, PLArenaPool *aArena) { - if (aOSRT == OSRTNone) { + if (aORT == ORTNone) { if (gDebugLevel >= DEBUG_WARNINGS) { - fprintf(stderr, "GetOCSPResponseForType called with type OSRTNone, " + fprintf(stderr, "GetOCSPResponseForType called with type ORTNone, " "which makes no sense.\n"); } return nullptr; @@ -39,9 +39,9 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, PRTime oldNextUpdate = oldNow + 10 * PR_USEC_PER_SEC; CERTOCSPSingleResponse *sr = nullptr; - switch (aOSRT) { - case OSRTGood: - case OSRTGoodOtherCA: + switch (aORT) { + case ORTGood: + case ORTGoodOtherCA: sr = CERT_CreateOCSPSingleResponseGood(aArena, id, now, &nextUpdate); if (!sr) { PrintPRError("CERT_CreateOCSPSingleResponseGood failed"); @@ -49,7 +49,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, } id.forget(); // owned by sr now break; - case OSRTRevoked: + case ORTRevoked: sr = CERT_CreateOCSPSingleResponseRevoked(aArena, id, now, &nextUpdate, expiredTime, nullptr); if (!sr) { @@ -58,7 +58,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, } id.forget(); // owned by sr now break; - case OSRTUnknown: + case ORTUnknown: sr = CERT_CreateOCSPSingleResponseUnknown(aArena, id, now, &nextUpdate); if (!sr) { PrintPRError("CERT_CreateOCSPSingleResponseUnknown failed"); @@ -66,8 +66,8 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, } id.forget(); // owned by sr now break; - case OSRTExpired: - case OSRTExpiredFreshCA: + case ORTExpired: + case ORTExpiredFreshCA: sr = CERT_CreateOCSPSingleResponseGood(aArena, id, oldNow, &oldNextUpdate); if (!sr) { PrintPRError("CERT_CreateOCSPSingleResponseGood failed"); @@ -75,7 +75,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, } id.forget(); // owned by sr now break; - case OSRTGoodOtherCert: + case ORTGoodOtherCert: { ScopedCERTCertificate otherCert( PK11_FindCertFromNickname("ocspOtherEndEntity", nullptr)); @@ -97,22 +97,22 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, otherID.forget(); // owned by sr now break; } - case OSRTEmpty: - case OSRTMalformed: - case OSRTSrverr: - case OSRTTryLater: - case OSRTNeedsSig: - case OSRTUnauthorized: + case ORTEmpty: + case ORTMalformed: + case ORTSrverr: + case ORTTryLater: + case ORTNeedsSig: + case ORTUnauthorized: break; default: if (gDebugLevel >= DEBUG_ERRORS) { - fprintf(stderr, "bad ocsp response type: %d\n", aOSRT); + fprintf(stderr, "bad ocsp response type: %d\n", aORT); } return nullptr; } ScopedCERTCertificate ca; - if (aOSRT == OSRTGoodOtherCA) { + if (aORT == ORTGoodOtherCA) { ca = PK11_FindCertFromNickname("otherCA", nullptr); if (!ca) { PrintPRError("PK11_FindCertFromNickname failed"); @@ -128,14 +128,14 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, } PRTime signTime = now; - if (aOSRT == OSRTExpired) { + if (aORT == ORTExpired) { signTime = oldNow; } CERTOCSPSingleResponse **responses; SECItem *response = nullptr; - switch (aOSRT) { - case OSRTMalformed: + switch (aORT) { + case ORTMalformed: response = CERT_CreateEncodedOCSPErrorResponse( aArena, SEC_ERROR_OCSP_MALFORMED_REQUEST); if (!response) { @@ -143,7 +143,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, return nullptr; } break; - case OSRTSrverr: + case ORTSrverr: response = CERT_CreateEncodedOCSPErrorResponse( aArena, SEC_ERROR_OCSP_SERVER_ERROR); if (!response) { @@ -151,7 +151,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, return nullptr; } break; - case OSRTTryLater: + case ORTTryLater: response = CERT_CreateEncodedOCSPErrorResponse( aArena, SEC_ERROR_OCSP_TRY_SERVER_LATER); if (!response) { @@ -159,7 +159,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, return nullptr; } break; - case OSRTNeedsSig: + case ORTNeedsSig: response = CERT_CreateEncodedOCSPErrorResponse( aArena, SEC_ERROR_OCSP_REQUEST_NEEDS_SIG); if (!response) { @@ -167,7 +167,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, return nullptr; } break; - case OSRTUnauthorized: + case ORTUnauthorized: response = CERT_CreateEncodedOCSPErrorResponse( aArena, SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); if (!response) { @@ -175,7 +175,7 @@ GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, return nullptr; } break; - case OSRTEmpty: + case ORTEmpty: break; default: // responses is contained in aArena and will be freed when aArena is diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h index 9f91f4237924..80e4eec2d150 100644 --- a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h +++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h @@ -11,33 +11,33 @@ #include "certt.h" #include "seccomon.h" -enum OCSPStapleResponseType +enum OCSPResponseType { - OSRTNull = 0, - OSRTGood, // the certificate is good - OSRTRevoked, // the certificate has been revoked - OSRTUnknown, // the responder doesn't know if the cert is good - OSRTGoodOtherCert, // the response references a different certificate - OSRTGoodOtherCA, // the wrong CA has signed the response - OSRTExpired, // the signature on the response has expired - OSRTExpiredFreshCA, // fresh signature, but old validity period - OSRTNone, // no stapled response - OSRTEmpty, // an empty stapled response - OSRTMalformed, // the response from the responder was malformed - OSRTSrverr, // the response indicates there was a server error - OSRTTryLater, // the responder replied with "try again later" - OSRTNeedsSig, // the response needs a signature - OSRTUnauthorized // the responder is not authorized for this certificate + ORTNull = 0, + ORTGood, // the certificate is good + ORTRevoked, // the certificate has been revoked + ORTUnknown, // the responder doesn't know if the cert is good + ORTGoodOtherCert, // the response references a different certificate + ORTGoodOtherCA, // the wrong CA has signed the response + ORTExpired, // the signature on the response has expired + ORTExpiredFreshCA, // fresh signature, but old validity period + ORTNone, // no stapled response + ORTEmpty, // an empty stapled response + ORTMalformed, // the response from the responder was malformed + ORTSrverr, // the response indicates there was a server error + ORTTryLater, // the responder replied with "try again later" + ORTNeedsSig, // the response needs a signature + ORTUnauthorized // the responder is not authorized for this certificate }; struct OCSPHost { const char *mHostName; - OCSPStapleResponseType mOSRT; + OCSPResponseType mORT; }; SECItemArray * -GetOCSPResponseForType(OCSPStapleResponseType aOSRT, CERTCertificate *aCert, +GetOCSPResponseForType(OCSPResponseType aORT, CERTCertificate *aCert, PLArenaPool *aArena); #endif // OCSPCommon_h