From a0279ce7ca4add9c096ac7178e1c15095c569e9d Mon Sep 17 00:00:00 2001 From: Cykesiopka Date: Tue, 14 Jul 2015 23:19:00 +0200 Subject: [PATCH] Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler --- .../tests/unit/test_add_preexisting_cert.js | 8 +++++- .../manager/ssl/tests/unit/test_ev_certs.js | 27 ++++++++++--------- .../manager/ssl/tests/unit/test_getchain.js | 12 +++++---- ...st_intermediate_basic_usage_constraints.js | 4 +-- .../tests/unit/test_pkcs11_insert_remove.js | 10 +++---- .../test_pkcs11_no_events_after_removal.js | 15 ++++++----- .../unit/test_signed_apps-marketplace.js | 11 ++++---- .../ssl/tests/unit/test_signed_apps.js | 8 +++--- 8 files changed, 54 insertions(+), 41 deletions(-) diff --git a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js index 6c6035f7c81..bfe62781141 100644 --- a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js +++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js @@ -2,6 +2,12 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// Tests that adding a certificate already present in the certificate database +// with different trust bits than those stored in the database does not result +// in the new trust bits being ignored. + do_get_profile(); let certDB = Cc["@mozilla.org/security/x509certdb;1"] .getService(Ci.nsIX509CertDB); @@ -34,7 +40,7 @@ function run_test() { // addCertFromBase64(). We use findCertByNickname first to ensure that the // certificate already exists. let int_cert = certDB.findCertByNickname(null, "int-limited-depth"); - ok(int_cert); + notEqual(int_cert, null, "Intermediate cert should be in the cert DB"); let base64_cert = btoa(getDERString(int_cert)); certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument"); checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER, diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js index d8ffd661223..593fdaed2ca 100644 --- a/security/manager/ssl/tests/unit/test_ev_certs.js +++ b/security/manager/ssl/tests/unit/test_ev_certs.js @@ -105,7 +105,8 @@ function run_test() { ocspResponder.stop(run_next_test); }); - // bug 917380: Chcek that an untrusted EV root is untrusted. + // bug 917380: Check that explicitly removing trust from an EV root actually + // causes the root to be untrusted. const nsIX509Cert = Ci.nsIX509Cert; add_test(function() { let evRootCA = certdb.findCertByNickname(null, evrootnick); @@ -113,11 +114,11 @@ function run_test() { clearOCSPCache(); let ocspResponder = failingOCSPResponder(); - check_cert_err("ev-valid",SEC_ERROR_UNKNOWN_ISSUER); + check_cert_err("ev-valid", SEC_ERROR_UNKNOWN_ISSUER); ocspResponder.stop(run_next_test); }); - // bug 917380: Chcek that a trusted EV root is trusted after disabling and + // bug 917380: Check that a trusted EV root is trusted after disabling and // re-enabling trust. add_test(function() { let evRootCA = certdb.findCertByNickname(null, evrootnick); @@ -206,10 +207,11 @@ function run_test() { let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags, null, verifiedChain, hasEVPolicy); - do_check_eq(hasEVPolicy.value, gEVExpected); - do_check_eq(error, - gEVExpected ? PRErrorCodeSuccess - : SEC_ERROR_POLICY_VALIDATION_FAILED); + equal(hasEVPolicy.value, gEVExpected, + "Actual and expected EV status should match for local only EV"); + equal(error, + gEVExpected ? PRErrorCodeSuccess : SEC_ERROR_POLICY_VALIDATION_FAILED, + "Actual and expected error code should match for local only EV"); failingOcspResponder.stop(run_next_test); }); }); @@ -229,11 +231,10 @@ function run_test() { }); // Bug 991815 old but valid end-entities are NOT OK for EV - // Unfortunatelly because of soft-fail we consider these OK for DV - // libpkix does not enforce the age restriction and thus EV is valid + // Unfortunately because of soft-fail we consider these OK for DV. add_test(function () { clearOCSPCache(); - // Since Mozilla::pkix does not consider the old amost invalid OCSP + // Since Mozilla::pkix does not consider the old almost invalid OCSP // response valid, it does not cache the old response and thus // makes a separate request for DV let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"]; @@ -287,7 +288,9 @@ function check_no_ocsp_requests(cert_name, expected_error) { let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags, null, verifiedChain, hasEVPolicy); // Since we're not doing OCSP requests, no certificate will be EV. - do_check_eq(hasEVPolicy.value, false); - do_check_eq(expected_error, error); + equal(hasEVPolicy.value, false, + "EV status should be false when not doing OCSP requests"); + equal(error, expected_error, + "Actual and expected error should match when not doing OCSP requests"); ocspResponder.stop(run_next_test); } diff --git a/security/manager/ssl/tests/unit/test_getchain.js b/security/manager/ssl/tests/unit/test_getchain.js index f9a6a39aba8..b1d56c1a4f4 100644 --- a/security/manager/ssl/tests/unit/test_getchain.js +++ b/security/manager/ssl/tests/unit/test_getchain.js @@ -14,7 +14,7 @@ let certList = [ 'ee', 'ca-1', 'ca-2', -] +]; function load_cert(cert_name, trust_string) { var cert_filename = cert_name + ".der"; @@ -41,11 +41,13 @@ function get_ca_array() { function check_matching_issuer_and_getchain(expected_issuer_serial, cert) { const nsIX509Cert = Components.interfaces.nsIX509Cert; - do_check_eq(expected_issuer_serial, cert.issuer.serialNumber); + equal(expected_issuer_serial, cert.issuer.serialNumber, + "Expected and actual issuer serial numbers should match"); let chain = cert.getChain(); let issuer_via_getchain = chain.queryElementAt(1, nsIX509Cert); // The issuer returned by cert.issuer or cert.getchain should be consistent. - do_check_eq(cert.issuer.serialNumber, issuer_via_getchain.serialNumber); + equal(cert.issuer.serialNumber, issuer_via_getchain.serialNumber, + "Serial numbers via cert.issuer and via getChain() should match"); } function check_getchain(ee_cert, ssl_ca, email_ca){ @@ -63,7 +65,7 @@ function check_getchain(ee_cert, ssl_ca, email_ca){ check_matching_issuer_and_getchain(email_ca.serialNumber, ee_cert); certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, 0); // Do a final test on the case of no trust. The results must - // be cosistent (the actual value is non-deterministic). + // be consistent (the actual value is non-deterministic). check_matching_issuer_and_getchain(ee_cert.issuer.serialNumber, ee_cert); } @@ -76,7 +78,7 @@ function run_test() { } let ee_cert = certdb.findCertByNickname(null, 'ee'); - do_check_false(!ee_cert); + notEqual(ee_cert, null, "EE cert should be in the cert DB"); let ca = get_ca_array(); diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js index 56578b75ae3..7e2675a094f 100644 --- a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js +++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js @@ -23,8 +23,8 @@ function test_cert_for_usages(certChainNicks, expected_usages_string) { let verified = {}; let usages = {}; cert.getUsagesString(true, verified, usages); - do_print("usages.value = " + usages.value); - do_check_eq(expected_usages_string, usages.value); + equal(expected_usages_string, usages.value, + "Expected and actual usages string should match"); } function run_test() { diff --git a/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js index d04cc1c9f95..d4b98b2d65c 100644 --- a/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js +++ b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js @@ -2,6 +2,7 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; // This test loads a testing PKCS #11 module that simulates a token being // inserted and removed from a slot every 50ms. This causes the observer @@ -13,8 +14,6 @@ do_get_profile(); Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); -let { Services } = Cu.import("resource://gre/modules/Services.jsm", {}); - const gExpectedTokenLabel = "Test PKCS11 TokeƱ Label"; function SmartcardObserver(type) { @@ -24,8 +23,9 @@ function SmartcardObserver(type) { SmartcardObserver.prototype = { observe: function(subject, topic, data) { - do_check_eq(topic, this.type); - do_check_eq(gExpectedTokenLabel, data); + equal(topic, this.type, "Observed and expected types should match"); + equal(gExpectedTokenLabel, data, + "Expected and observed token labels should match"); Services.obs.removeObserver(this, this.type); do_test_finished(); } @@ -45,6 +45,6 @@ function run_test() { let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile); libraryFile.append("pkcs11testmodule"); libraryFile.append(libraryName); - ok(libraryFile.exists()); + ok(libraryFile.exists(), "The pkcs11testmodule file should exist"); pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0); } diff --git a/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js index 96cd62e09e0..8a00d2cc72f 100644 --- a/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js +++ b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js @@ -2,6 +2,7 @@ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; // This test loads a testing PKCS #11 module that simulates a token being // inserted and removed from a slot every 50ms. This causes the observer @@ -13,21 +14,21 @@ do_get_profile(); Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports); -let { Services } = Cu.import("resource://gre/modules/Services.jsm", {}); - function run_test() { let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11); let libraryName = ctypes.libraryName("pkcs11testmodule"); let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile); libraryFile.append("pkcs11testmodule"); libraryFile.append(libraryName); - ok(libraryFile.exists()); + ok(libraryFile.exists(), "The pkcs11testmodule file should exist"); pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0); pkcs11.deleteModule("PKCS11 Test Module"); - Services.obs.addObserver(function() { do_check_true(false); }, - "smartcard-insert", false); - Services.obs.addObserver(function() { do_check_true(false); }, - "smartcard-remove", false); + Services.obs.addObserver(function() { + ok(false, "smartcard-insert event should not have been emitted"); + }, "smartcard-insert", false); + Services.obs.addObserver(function() { + ok(false, "smartcard-remove event should not have been emitted"); + }, "smartcard-remove", false); do_timeout(500, do_test_finished); do_test_pending(); } diff --git a/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js index a19c4677cb8..9f2af752dd6 100644 --- a/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js +++ b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js @@ -1,8 +1,5 @@ "use strict"; -const isB2G = ("@mozilla.org/b2g-process-global;1" in Cc); - - do_get_profile(); // must be called before getting nsIX509CertDB const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB); @@ -13,9 +10,11 @@ function run_test() { function check_open_result(name, expectedRv) { return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) { do_print("openSignedAppFileCallback called for " + name); - do_check_eq(rv, expectedRv); - do_check_eq(aZipReader != null, Components.isSuccessCode(expectedRv)); - do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv)); + equal(rv, expectedRv, "Actual and expected return value should match"); + equal(aZipReader != null, Components.isSuccessCode(expectedRv), + "ZIP reader should be null only if the return value denotes failure"); + equal(aSignerCert != null, Components.isSuccessCode(expectedRv), + "Signer cert should be null only if the return value denotes failure"); run_next_test(); }; } diff --git a/security/manager/ssl/tests/unit/test_signed_apps.js b/security/manager/ssl/tests/unit/test_signed_apps.js index 2e964f4fd14..0eaf5fc6492 100644 --- a/security/manager/ssl/tests/unit/test_signed_apps.js +++ b/security/manager/ssl/tests/unit/test_signed_apps.js @@ -117,9 +117,11 @@ function run_test() { function check_open_result(name, expectedRv) { return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) { do_print("openSignedAppFileCallback called for " + name); - do_check_eq(rv, expectedRv); - do_check_eq(aZipReader != null, Components.isSuccessCode(expectedRv)); - do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv)); + equal(rv, expectedRv, "Actual and expected return value should match"); + equal(aZipReader != null, Components.isSuccessCode(expectedRv), + "ZIP reader should be null only if the return value denotes failure"); + equal(aSignerCert != null, Components.isSuccessCode(expectedRv), + "Signer cert should be null only if the return value denotes failure"); run_next_test(); }; }