Bug 1092835 - Tests for SSL3/RC4 only servers. r=keeler,past

2024-09-13 09:24:08 -07:00 · 2014-12-10 00:54:07 +09:00 · 2014-12-10 00:54:07 +09:00 · d47a70f86f
commit d47a70f86f
parent 605569f981
4 changed files with 63 additions and 43 deletions
--- a/browser/devtools/webconsole/test/browser_webconsole_certificate_messages.js
+++ b/browser/devtools/webconsole/test/browser_webconsole_certificate_messages.js
@ -2,72 +2,87 @@
 /* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/ */

-// Tests that the Web Console shows SHA-1 Certificate warnings
+// Tests that the Web Console shows weak crypto warnings (SHA-1 Certificate, SSLv3, and RC4)

-const TEST_BAD_URI = "https://sha1ee.example.com/browser/browser/devtools/webconsole/test/test-certificate-messages.html";
-const TEST_GOOD_URI = "https://sha256ee.example.com/browser/browser/devtools/webconsole/test/test-certificate-messages.html";
+const TEST_URI_PATH = "/browser/browser/devtools/webconsole/test/test-certificate-messages.html";
+let gWebconsoleTests = [
+  {url: "https://sha1ee.example.com" + TEST_URI_PATH,
+   name: "SHA1 warning displayed successfully",
+   warning: ["SHA-1"], nowarning: ["SSL 3.0", "RC4"]},
+  {url: "https://ssl3.example.com" + TEST_URI_PATH,
+   name: "SSL3 warning displayed successfully",
+   pref: [["security.tls.version.min", 0]],
+   warning: ["SSL 3.0"], nowarning: ["SHA-1", "RC4"]},
+  {url: "https://rc4.example.com" + TEST_URI_PATH,
+   name: "RC4 warning displayed successfully",
+   warning: ["RC4"], nowarning: ["SHA-1", "SSL 3.0"]},
+  {url: "https://ssl3rc4.example.com" + TEST_URI_PATH,
+   name: "SSL3 and RC4 warning displayed successfully",
+   pref: [["security.tls.version.min", 0]],
+   warning: ["SSL 3.0", "RC4"], nowarning: ["SHA-1"]},
+  {url: "https://sha256ee.example.com" + TEST_URI_PATH,
+   name: "SSL warnings appropriately not present",
+   warning: [], nowarning: ["SHA-1", "SSL 3.0", "RC4"]},
+];
 const TRIGGER_MSG = "If you haven't seen ssl warnings yet, you won't";

 let gHud = undefined;
+let gCurrentTest;

 function test() {
  registerCleanupFunction(function () {
    gHud = null;
  });

-  addTab("data:text/html;charset=utf8,Web Console SHA-1 warning test");
+  addTab("data:text/html;charset=utf8,Web Console weak crypto warnings test");
  browser.addEventListener("load", function _onLoad() {
    browser.removeEventListener("load", _onLoad, true);
-    openConsole(null, loadBadDocument);
+    openConsole(null, runTestLoop);
  }, true);
 }

-function loadBadDocument(theHud) {
-  gHud = theHud;
-  browser.addEventListener("load", onBadLoad, true);
-  content.location = TEST_BAD_URI;
+function runTestLoop(theHud) {
+  gCurrentTest = gWebconsoleTests.shift();
+  if (!gCurrentTest) {
+    finishTest();
+  }
+  if (!gHud) {
+    gHud = theHud;
+  }
+  gHud.jsterm.clearOutput();
+  browser.addEventListener("load", onLoad, true);
+  if (gCurrentTest.pref) {
+    SpecialPowers.pushPrefEnv({"set": gCurrentTest.pref},
+      function() {
+        content.location = gCurrentTest.url;
+      });
+  } else {
+    content.location = gCurrentTest.url;
+  }
 }

-function onBadLoad(aEvent) {
-  browser.removeEventListener("load", onBadLoad, true);
-  testForWarningMessage();
-}
-
-function loadGoodDocument(theHud) {
-  gHud.jsterm.clearOutput()
-  browser.addEventListener("load", onGoodLoad, true);
-  content.location = TEST_GOOD_URI;
-}
-
-function onGoodLoad(aEvent) {
-  browser.removeEventListener("load", onGoodLoad, true);
-  testForNoWarning();
-}
-
-function testForWarningMessage() {
+function onLoad(aEvent) {
+  browser.removeEventListener("load", onLoad, true);
  let aOutputNode = gHud.outputNode;

  waitForSuccess({
-      name: "SHA1 warning displayed successfully",
+      name: gCurrentTest.name,
      validatorFn: function() {
-        return gHud.outputNode.textContent.indexOf("SHA-1") > -1;
-      },
-      successFn: loadGoodDocument,
-      failureFn: finishTest,
-    });
-}
-
-function testForNoWarning() {
-  let aOutputNode = gHud.outputNode;
-
-  waitForSuccess({
-      name: "SHA1 warning appropriately missed",
-      validatorFn: function() {
-        if (gHud.outputNode.textContent.indexOf(TRIGGER_MSG) > -1) {
-          return gHud.outputNode.textContent.indexOf("SHA-1") == -1;
+        if (gHud.outputNode.textContent.indexOf(TRIGGER_MSG) >= 0) {
+          for (let warning of gCurrentTest.warning) {
+            if (gHud.outputNode.textContent.indexOf(warning) < 0) {
+              return false;
+            }
+          }
+          for (let nowarning of gCurrentTest.nowarning) {
+            if (gHud.outputNode.textContent.indexOf(nowarning) >= 0) {
+              return false;
+            }
+          }
+          return true;
        }
      },
-      successFn: finishTest,
+      successFn: runTestLoop,
      failureFn: finishTest,
    });
 }
--- a/build/pgo/certs/cert8.db
+++ b/build/pgo/certs/cert8.db
--- a/build/pgo/certs/key3.db
+++ b/build/pgo/certs/key3.db
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@ -233,3 +233,8 @@ https://include-subdomains.pinning.example.com:443                privileged,cer
 # Hosts for sha1 console warning tests
 https://sha1ee.example.com:443                                    privileged,cert=sha1_end_entity
 https://sha256ee.example.com:443                                  privileged,cert=sha256_end_entity
+
+# Hosts for ssl3/rc4 console warning tests
+https://ssl3.example.com:443        privileged,ssl3
+https://rc4.example.com:443         privileged,rc4
+https://ssl3rc4.example.com:443     privileged,ssl3,rc4