wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 783047 - Update tests to remove MAC support for SafeBrowsing. r=mmc,dcamp

Browse Source
This commit is contained in:
Gian-Carlo Pascutto 2014-01-16 09:27:58 +01:00
parent 1bcb47660a
commit 678476e864
6 changed files with 12 additions and 373 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
toolkit/components/url-classifier/tests/unit/head_urlclassifier.js
View File

@ -111,7 +111,7 @@ function buildBareUpdate(chunks, hashSize) {
/**
* Performs an update of the dbservice manually, bypassing the stream updater
*/
function doSimpleUpdate(updateText, success, failure, clientKey) {
function doSimpleUpdate(updateText, success, failure) {
var listener = {
QueryInterface: function(iid)
{
@ -128,8 +128,7 @@ function doSimpleUpdate(updateText, success, failure, clientKey) {
};
dbservice.beginUpdate(listener,
"test-phish-simple,test-malware-simple",
clientKey);
"test-phish-simple,test-malware-simple");
dbservice.beginStream("", "");
dbservice.updateStream(updateText);
dbservice.finishStream();
@ -164,7 +163,7 @@ function doErrorUpdate(tables, success, failure) {
* Performs an update of the dbservice using the stream updater and a
* data: uri
*/
function doStreamUpdate(updateText, success, failure, downloadFailure, clientKey) {
function doStreamUpdate(updateText, success, failure, downloadFailure) {
var dataUpdate = "data:," + encodeURIComponent(updateText);
if (!downloadFailure)
@ -172,7 +171,7 @@ function doStreamUpdate(updateText, success, failure, downloadFailure, clientKey
streamUpdater.updateUrl = dataUpdate;
streamUpdater.downloadUpdates("test-phish-simple,test-malware-simple", "",
clientKey, success, failure, downloadFailure);
success, failure, downloadFailure);
}
var gAssertions = {
@ -267,7 +266,7 @@ function updateError(arg)
}
// Runs a set of updates, and then checks a set of assertions.
function doUpdateTest(updates, assertions, successCallback, errorCallback, clientKey) {
function doUpdateTest(updates, assertions, successCallback, errorCallback) {
var errorUpdate = function() {
checkAssertions(assertions, errorCallback);
}
@ -275,7 +274,7 @@ function doUpdateTest(updates, assertions, successCallback, errorCallback, clien
var runUpdate = function() {
if (updates.length > 0) {
var update = updates.shift();
doStreamUpdate(update, runUpdate, errorUpdate, null, clientKey);
doStreamUpdate(update, runUpdate, errorUpdate, null);
} else {
checkAssertions(assertions, successCallback);
}

2
toolkit/components/url-classifier/tests/unit/test_digest256.js
View File

@ -118,7 +118,7 @@ add_test(function test_update() {
}
streamUpdater.downloadUpdates(
"goog-downloadwhite-digest256",
"goog-downloadwhite-digest256;\n", "",
"goog-downloadwhite-digest256;\n",
updateSuccess, handleError, handleError);
});

67
toolkit/components/url-classifier/tests/unit/test_keymanager.js
View File

@ -1,67 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
Cu.import("resource://gre/modules/osfile.jsm");
var kf = "keytest.txt"; // not an actual keyfile
function run_test() {
run_next_test();
}
add_task(function empty_disk() {
var jslib = Cc["@mozilla.org/url-classifier/jslib;1"]
.getService().wrappedJSObject;
this.PROT_UrlCryptoKeyManager = jslib.PROT_UrlCryptoKeyManager;
yield OS.File.remove(kf);
do_print("simulate nothing on disk, then get something from server");
var km = new PROT_UrlCryptoKeyManager(kf, true);
do_check_false(km.hasKey()); // KM already has key?
km.maybeLoadOldKey();
do_check_false(km.hasKey()); // KM loaded nonexistent key?
yield km.onGetKeyResponse(null);
do_check_false(km.hasKey()); // KM got key from null response?
yield km.onGetKeyResponse("");
do_check_false(km.hasKey()); // KM got key from an empty response?
yield km.onGetKeyResponse("aslkaslkdf:34:a230\nskdjfaljsie");
do_check_false(km.hasKey()); // KM got key from garbage response?
var realResponse = "clientkey:24:zGbaDbx1pxoYe7siZYi8VA==\n" +
"wrappedkey:24:MTr1oDt6TSOFQDTvKCWz9PEn";
yield km.onGetKeyResponse(realResponse);
// Will have written it to the file as a side effect
do_check_true(km.hasKey()); // KM could not get key from a real response?
do_check_eq(km.clientKey_, "zGbaDbx1pxoYe7siZYi8VA=="); // Parsed wrong client key from response?
do_check_eq(km.wrappedKey_, "MTr1oDt6TSOFQDTvKCWz9PEn"); // Parsed wrong wrapped key from response?
do_print("simulate something on disk, then get something from server");
var km = new PROT_UrlCryptoKeyManager(kf, true);
do_check_false(km.hasKey()); // KM already has key?
yield km.maybeLoadOldKey();
do_check_true(km.hasKey()); // KM couldn't load existing key from disk?
do_check_eq(km.clientKey_ , "zGbaDbx1pxoYe7siZYi8VA=="); // Parsed wrong client key from disk?
do_check_eq(km.wrappedKey_, "MTr1oDt6TSOFQDTvKCWz9PEn"); // Parsed wrong wrapped key from disk?
var realResponse2 = "clientkey:24:dtmbEN1kgN/LmuEoYifaFw==\n" +
"wrappedkey:24:MTpPH3pnLDKihecOci+0W5dk";
yield km.onGetKeyResponse(realResponse2);
do_check_true(km.hasKey()); // KM couldn't replace key from server response?
do_check_eq(km.clientKey_, "dtmbEN1kgN/LmuEoYifaFw=="); // Replace client key from server failed?
do_check_eq(km.wrappedKey_, "MTpPH3pnLDKihecOci+0W5dk"); // Replace wrapped key from server failed?
do_print("check overwriting a key on disk");
km = new PROT_UrlCryptoKeyManager(kf, true);
do_check_false(km.hasKey()); // KM already has key?
yield km.maybeLoadOldKey();
do_check_true(km.hasKey()); // KM couldn't load existing key from file?
do_check_eq(km.clientKey_, "dtmbEN1kgN/LmuEoYifaFw=="); // Replace client key on disk failed?
do_check_eq(km.wrappedKey_, "MTpPH3pnLDKihecOci+0W5dk"); // Replace wrapped key on disk failed?
do_print("Test that we only fetch at most two getkey's per lifetime of the manager");
var km = new PROT_UrlCryptoKeyManager(kf, true);
km.reKey();
for (var i = 0; i < km.MAX_REKEY_TRIES; i++)
do_check_true(km.maybeReKey()); // Couldn't rekey?
do_check_false(km.maybeReKey()); // Rekeyed when max hit?
yield OS.File.remove(kf);
});

53
toolkit/components/url-classifier/tests/unit/test_partial.js
View File

@ -6,7 +6,6 @@
function DummyCompleter() {
this.fragments = {};
this.queries = [];
this.cachable = true;
this.tableName = "test-phish-simple";
}
@ -36,7 +35,7 @@ complete: function(partialHash, cb)
for (var i = 0; i < fragments[partialHash].length; i++) {
var chunkId = fragments[partialHash][i][0];
var hash = fragments[partialHash][i][1];
cb.completion(hash, self.tableName, chunkId, self.cachable);
cb.completion(hash, self.tableName, chunkId);
}
}
cb.completionFinished(0);
@ -131,13 +130,6 @@ function installFailingCompleter(table) {
return completer;
}
function installUncachableCompleter(table, fragments, conflictFragments)
{
var completer = setupCompleter(table, fragments, conflictFragments);
completer.cachable = false;
return completer;
}
// Helper assertion for checking dummy completer queries
gAssertions.completerQueried = function(data, cb)
{
@ -646,48 +638,6 @@ function testCachedResultsFailure()
});
}
function setupUncachedResults(addUrls, part2)
{
var update = buildPhishingUpdate(
[
{ "chunkNum" : 1,
"urls" : addUrls
}],
4);
var completer = installUncachableCompleter('test-phish-simple', [[1, addUrls]], []);
var assertions = {
"tableData" : "test-phish-simple;a:1",
// Request the add url. This should cause the completion to be cached.
"urlsExist" : addUrls,
// Make sure the completer was actually queried.
"completerQueried" : [completer, addUrls]
};
doUpdateTest([update], assertions,
function() {
// Give the dbservice a chance to cache the result.
var timer = new Timer(3000, part2);
}, updateError);
}
function testUncachedResults()
{
setupUncachedResults(["foo.com/a"], function(add) {
// This is called after setupCachedResults(). Verify that
// checking the url again does not cause a completer request.
// install a new completer, this one should be queried.
var newCompleter = installCompleter('test-phish-simple', [[1, ["foo.com/a"]]], []);
var assertions = {
"urlsExist" : ["foo.com/a"],
"completerQueried" : [newCompleter, ["foo.com/a"]]
};
checkAssertions(assertions, runNextTest);
});
}
function testErrorList()
{
var addUrls = [ "foo.com/a", "foo.com/b", "bar.com/c" ];
@ -865,7 +815,6 @@ function run_test()
testCachedResultsWithExpire,
testCachedResultsUpdate,
testCachedResultsFailure,
testUncachedResults,
testStaleList,
testStaleListEmpty,
testErrorList,

249
toolkit/components/url-classifier/tests/unit/test_streamupdater.js
View File

@ -1,29 +1,9 @@
var gClientKeyRaw="TESTCLIENTKEY";
// no btoa() available in xpcshell, precalculated for TESTCLIENTKEY.
var gClientKey = "VEVTVENMSUVOVEtFWQ==";
function MAC(content, clientKey)
{
var hmac = Cc["@mozilla.org/security/hmac;1"].createInstance(Ci.nsICryptoHMAC);
var converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"].
createInstance(Ci.nsIScriptableUnicodeConverter);
converter.charset = "UTF-8";
var keyObject = Cc["@mozilla.org/security/keyobjectfactory;1"]
.getService(Ci.nsIKeyObjectFactory).keyFromString(Ci.nsIKeyObject.HMAC, clientKey);
hmac.init(Ci.nsICryptoHMAC.SHA1, keyObject);
var data = converter.convertToByteArray(content);
hmac.update(data, data.length);
return hmac.finish(true);
}
function doTest(updates, assertions, expectError, clientKey)
function doTest(updates, assertions, expectError)
{
if (expectError) {
doUpdateTest(updates, assertions, updateError, runNextTest, clientKey);
doUpdateTest(updates, assertions, updateError, runNextTest);
} else {
doUpdateTest(updates, assertions, runNextTest, updateError, clientKey);
doUpdateTest(updates, assertions, runNextTest, updateError);
}
}
@ -181,180 +161,6 @@ function testMultipleTables() {
doTest([update], assertions, false);
}
// Test a simple update with a valid message authentication code.
function testValidMAC() {
var addUrls = [ "foo.com/a", "foo.com/b", "bar.com/c" ];
var update = buildPhishingUpdate(
[
{ "chunkNum" : 1,
"urls" : addUrls
}]);
update = "m:" + MAC(update, gClientKeyRaw) + "\n" + update;
var assertions = {
"tableData" : "test-phish-simple;a:1",
"urlsExist" : addUrls
};
doTest([update], assertions, false, gClientKey);
}
// Test a simple update with an invalid message authentication code.
function testInvalidMAC() {
var addUrls = [ "foo.com/a", "foo.com/b", "bar.com/c" ];
var update = buildPhishingUpdate(
[
{ "chunkNum" : 1,
"urls" : addUrls
}]);
update = "m:INVALIDMAC\n" + update;
var assertions = {
"tableData" : "",
"urlsDontExist" : addUrls
};
doTest([update], assertions, true, gClientKey);
}
// Test a simple update without a message authentication code, when it is
// expecting one.
function testNoMAC() {
var addUrls = [ "foo.com/a", "foo.com/b", "bar.com/c" ];
var update = buildPhishingUpdate(
[
{ "chunkNum" : 1,
"urls" : addUrls
}]);
var assertions = {
"tableData" : "",
"urlsDontExist" : addUrls
};
doTest([update], assertions, true, gClientKey);
}
// Test an update with a valid message authentication code, with forwards.
function testValidForwardMAC() {
var add1Urls = [ "foo.com/a", "bar.com/c" ];
var add2Urls = [ "foo.com/b" ];
var add3Urls = [ "bar.com/d" ];
var update = "n:1000\n";
update += "i:test-phish-simple\n";
var update1 = buildBareUpdate(
[{ "chunkNum" : 1,
"urls" : add1Urls }]);
update += "u:data:," + encodeURIComponent(update1) +
"," + MAC(update1, gClientKeyRaw) + "\n";
var update2 = buildBareUpdate(
[{ "chunkNum" : 2,
"urls" : add2Urls }]);
update += "u:data:," + encodeURIComponent(update2) +
"," + MAC(update2, gClientKeyRaw) + "\n";
var update3 = buildBareUpdate(
[{ "chunkNum" : 3,
"urls" : add3Urls }]);
update += "u:data:," + encodeURIComponent(update3) +
"," + MAC(update3, gClientKeyRaw) + "\n";
var assertions = {
"tableData" : "test-phish-simple;a:1-3",
"urlsExist" : add1Urls.concat(add2Urls).concat(add3Urls)
};
update = "m:" + MAC(update, gClientKeyRaw) + "\n" + update;
doTest([update], assertions, false, gClientKey);
}
// Test an update with a valid message authentication code, but with
// invalid MACs on the forwards.
function testInvalidForwardMAC() {
var add1Urls = [ "foo.com/a", "bar.com/c" ];
var add2Urls = [ "foo.com/b" ];
var add3Urls = [ "bar.com/d" ];
var update = "n:1000\n";
update += "i:test-phish-simple\n";
var update1 = buildBareUpdate(
[{ "chunkNum" : 1,
"urls" : add1Urls }]);
update += "u:data:," + encodeURIComponent(update1) +
",BADMAC\n";
var update2 = buildBareUpdate(
[{ "chunkNum" : 2,
"urls" : add2Urls }]);
update += "u:data:," + encodeURIComponent(update2) +
",BADMAC\n";
var update3 = buildBareUpdate(
[{ "chunkNum" : 3,
"urls" : add3Urls }]);
update += "u:data:," + encodeURIComponent(update3) +
",BADMAC\n";
var assertions = {
"tableData" : "",
"urlsDontExist" : add1Urls.concat(add2Urls).concat(add3Urls)
};
update = "m:" + MAC(update, gClientKeyRaw) + "\n" + update;
doTest([update], assertions, true, gClientKey);
}
// Test an update with a valid message authentication code, but no MAC
// specified for sub-urls.
function testNoForwardMAC() {
var add1Urls = [ "foo.com/a", "bar.com/c" ];
var add2Urls = [ "foo.com/b" ];
var add3Urls = [ "bar.com/d" ];
var update = "n:1000\n";
update += "i:test-phish-simple\n";
// XXX : This test presents invalid data: urls as forwards. A valid
// data url requires a comma, which the code will interpret as the
// separator for a MAC.
// Unfortunately this means that the update will fail even if the code
// isn't properly detecting a missing MAC update. I'm not sure how to
// test that :/
var update1 = buildBareUpdate(
[{ "chunkNum" : 1,
"urls" : add1Urls }]);
update += "u:data:" + encodeURIComponent(update1) + "\n";
var update2 = buildBareUpdate(
[{ "chunkNum" : 2,
"urls" : add2Urls }]);
update += "u:data:" + encodeURIComponent(update2) + "\n";
var update3 = buildBareUpdate(
[{ "chunkNum" : 3,
"urls" : add3Urls }]);
update += "u:data:" + encodeURIComponent(update3) + "\n";
var assertions = {
"tableData" : "",
"urlsDontExist" : add1Urls.concat(add2Urls).concat(add3Urls)
};
update = "m:" + MAC(update, gClientKeyRaw) + "\n" + update;
doTest([update], assertions, true, gClientKey);
}
function Observer(callback) {
this.observe = callback;
}
@ -371,44 +177,6 @@ QueryInterface: function(iid)
}
};
var gGotRekey;
gAssertions.gotRekey = function(data, cb)
{
do_check_eq(gGotRekey, data);
cb();
}
// Tests a rekey request.
function testRekey() {
var addUrls = [ "foo.com/a", "foo.com/b", "bar.com/c" ];
var update = buildPhishingUpdate(
[
{ "chunkNum" : 1,
"urls" : addUrls
}]);
update = "e:pleaserekey\n" + update;
var assertions = {
"tableData" : "",
"urlsDontExist" : addUrls,
"gotRekey" : true
};
gGotRekey = false;
var observerService = Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService);
observerService.addObserver(new Observer(function(subject, topic, data) {
if (topic == "url-classifier-rekey-requested") {
gGotRekey = true;
}
}),
"url-classifier-rekey-requested",
false);
doTest([update], assertions, true, gClientKey);
}
// Tests a database reset request.
function testReset() {
var addUrls1 = [ "foo.com/a", "foo.com/b" ];
@ -445,16 +213,7 @@ function run_test()
testInvalidUrlForward,
testErrorUrlForward,
testMultipleTables,
testReset,
// XXX: we're currently "once MAC, always MAC",
// so any test not using a MAC must go above
testValidMAC,
testInvalidMAC,
testNoMAC,
testValidForwardMAC,
testInvalidForwardMAC,
testNoForwardMAC,
testRekey
testReset
]);
}

1
toolkit/components/url-classifier/tests/unit/xpcshell.ini
View File

@ -5,7 +5,6 @@ support-files =
data/digest1.chunk
data/digest2.chunk
[test_keymanager.js]
[test_addsub.js]
[test_backoff.js]
[test_dbservice.js]