| blob | bd41eec964119aa7bfba0a252d4de0c964858a69 |
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 "use strict";
7 let trrServer;
9 const certOverrideService = Cc[
10 "@mozilla.org/security/certoverride;1"
11 ].getService(Ci.nsICertOverrideService);
13 add_setup(async function setup() {
14 // Allow telemetry probes which may otherwise be disabled for some
15 // applications (e.g. Thunderbird).
16 Services.prefs.setBoolPref(
17 "toolkit.telemetry.testing.overrideProductsCheck",
18 true
19 );
21 trr_test_setup();
23 Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
24 Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
25 Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
26 Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", false);
27 Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
28 Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRONLY);
30 // Set the server to always select http/1.1
31 Services.env.set("MOZ_TLS_ECH_ALPN_FLAG", 1);
33 await asyncStartTLSTestServer(
34 "EncryptedClientHelloServer",
35 "../../../security/manager/ssl/tests/unit/test_encrypted_client_hello"
36 );
37 });
39 registerCleanupFunction(async () => {
40 trr_clear_prefs();
41 Services.prefs.clearUserPref("network.trr.mode");
42 Services.prefs.clearUserPref("network.trr.uri");
43 Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
44 Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
45 Services.prefs.clearUserPref("network.dns.echconfig.enabled");
46 Services.prefs.clearUserPref("network.dns.http3_echconfig.enabled");
47 Services.prefs.clearUserPref(
48 "network.dns.echconfig.fallback_to_origin_when_all_failed"
49 );
50 Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
51 Services.prefs.clearUserPref("network.dns.port_prefixed_qname_https_rr");
52 Services.env.set("MOZ_TLS_ECH_ALPN_FLAG", "");
53 if (trrServer) {
54 await trrServer.stop();
55 }
56 });
58 function makeChan(url) {
59 let chan = NetUtil.newChannel({
60 uri: url,
61 loadUsingSystemPrincipal: true,
62 contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
63 }).QueryInterface(Ci.nsIHttpChannel);
64 return chan;
65 }
67 function channelOpenPromise(chan, flags) {
68 return new Promise(resolve => {
69 function finish(req, buffer) {
70 certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
71 false
72 );
73 resolve([req, buffer]);
74 }
75 certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
76 true
77 );
78 let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
79 internal.setWaitForHTTPSSVCRecord();
80 chan.asyncOpen(new ChannelListener(finish, null, flags));
81 });
82 }
84 function ActivityObserver() {}
86 ActivityObserver.prototype = {
87 activites: [],
88 observeConnectionActivity(
89 aHost,
90 aPort,
91 aSSL,
92 aHasECH,
93 aIsHttp3,
94 aActivityType,
95 aActivitySubtype,
96 aTimestamp,
97 aExtraStringData
98 ) {
99 dump(
100 "*** Connection Activity 0x" +
101 aActivityType.toString(16) +
102 " 0x" +
103 aActivitySubtype.toString(16) +
104 " " +
105 aExtraStringData +
106 "\n"
107 );
108 this.activites.push({ host: aHost, subType: aActivitySubtype });
109 },
110 };
112 function checkHttpActivities(activites) {
113 let foundDNSAndSocket = false;
114 let foundSettingECH = false;
115 let foundConnectionCreated = false;
116 for (let activity of activites) {
117 switch (activity.subType) {
118 case Ci.nsIHttpActivityObserver.ACTIVITY_SUBTYPE_DNSANDSOCKET_CREATED:
119 case Ci.nsIHttpActivityObserver
120 .ACTIVITY_SUBTYPE_SPECULATIVE_DNSANDSOCKET_CREATED:
121 foundDNSAndSocket = true;
122 break;
123 case Ci.nsIHttpActivityDistributor.ACTIVITY_SUBTYPE_ECH_SET:
124 foundSettingECH = true;
125 break;
126 case Ci.nsIHttpActivityDistributor.ACTIVITY_SUBTYPE_CONNECTION_CREATED:
127 foundConnectionCreated = true;
128 break;
129 default:
130 break;
131 }
132 }
134 Assert.equal(foundDNSAndSocket, true, "Should have one DnsAndSock created");
135 Assert.equal(foundSettingECH, true, "Should have echConfig");
136 Assert.equal(
137 foundConnectionCreated,
138 true,
139 "Should have one connection created"
140 );
141 }
143 async function testWrapper(alpnAdvertisement) {
144 const ECH_CONFIG_FIXED =
145 "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
146 trrServer = new TRRServer();
147 await trrServer.start();
149 let observerService = Cc[
150 "@mozilla.org/network/http-activity-distributor;1"
151 ].getService(Ci.nsIHttpActivityDistributor);
152 let observer = new ActivityObserver();
153 observerService.addObserver(observer);
154 observerService.observeConnection = true;
156 Services.prefs.setCharPref(
157 "network.trr.uri",
158 `https://foo.example.com:${trrServer.port}/dns-query`
159 );
161 // Only the last record is valid to use.
162 await trrServer.registerDoHAnswers("ech-private.example.com", "HTTPS", {
163 answers: [
164 {
165 name: "ech-private.example.com",
166 ttl: 55,
167 type: "HTTPS",
168 flush: false,
169 data: {
170 priority: 1,
171 name: "ech-private.example.com",
172 values: [
173 { key: "alpn", value: alpnAdvertisement },
174 { key: "port", value: 8443 },
175 {
176 key: "echconfig",
177 value: ECH_CONFIG_FIXED,
178 needBase64Decode: true,
179 },
180 ],
181 },
182 },
183 ],
184 });
186 await trrServer.registerDoHAnswers("ech-private.example.com", "A", {
187 answers: [
188 {
189 name: "ech-private.example.com",
190 ttl: 55,
191 type: "A",
192 flush: false,
193 data: "127.0.0.1",
194 },
195 ],
196 });
198 await new TRRDNSListener("ech-private.example.com", {
199 type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
200 });
202 HandshakeTelemetryHelpers.resetHistograms();
203 let chan = makeChan(`https://ech-private.example.com`);
204 await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
205 let securityInfo = chan.securityInfo;
206 Assert.ok(securityInfo.isAcceptedEch, "This host should have accepted ECH");
208 // Only check telemetry if network process is disabled.
209 if (!mozinfo.socketprocess_networking) {
210 HandshakeTelemetryHelpers.checkSuccess(["", "_ECH", "_FIRST_TRY"]);
211 HandshakeTelemetryHelpers.checkEmpty(["_CONSERVATIVE", "_ECH_GREASE"]);
212 }
214 await trrServer.stop();
215 observerService.removeObserver(observer);
216 observerService.observeConnection = false;
218 let filtered = observer.activites.filter(
219 activity => activity.host === "ech-private.example.com"
220 );
221 checkHttpActivities(filtered);
222 }
224 add_task(async function h1Advertised() {
225 await testWrapper(["http/1.1"]);
226 });
228 add_task(async function h2Advertised() {
229 await testWrapper(["h2"]);
230 });
232 add_task(async function h3Advertised() {
233 await testWrapper(["h3"]);
234 });
236 add_task(async function h1h2Advertised() {
237 await testWrapper(["http/1.1", "h2"]);
238 });
240 add_task(async function h2h3Advertised() {
241 await testWrapper(["h3", "h2"]);
242 });
244 add_task(async function unknownAdvertised() {
245 await testWrapper(["foo"]);
246 });