Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler

security/manager/ssl/tests/unit/test_add_preexisting_cert.js

@@ -2,6 +2,12 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests that adding a certificate already present in the certificate database
+// with different trust bits than those stored in the database does not result
+// in the new trust bits being ignored.
+
 do_get_profile();
 let certDB = Cc["@mozilla.org/security/x509certdb;1"]
                .getService(Ci.nsIX509CertDB);
@@ -34,7 +40,7 @@ function run_test() {
   // addCertFromBase64(). We use findCertByNickname first to ensure that the
   // certificate already exists.
   let int_cert = certDB.findCertByNickname(null, "int-limited-depth");
-  ok(int_cert);
+  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
   let base64_cert = btoa(getDERString(int_cert));
   certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
   checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER,

security/manager/ssl/tests/unit/test_ev_certs.js

@@ -105,7 +105,8 @@ function run_test() {
     ocspResponder.stop(run_next_test);
   });
 
-  // bug 917380: Chcek that an untrusted EV root is untrusted.
+  // bug 917380: Check that explicitly removing trust from an EV root actually
+  // causes the root to be untrusted.
   const nsIX509Cert = Ci.nsIX509Cert;
   add_test(function() {
     let evRootCA = certdb.findCertByNickname(null, evrootnick);
@@ -113,11 +114,11 @@ function run_test() {
 
     clearOCSPCache();
     let ocspResponder = failingOCSPResponder();
-    check_cert_err("ev-valid",SEC_ERROR_UNKNOWN_ISSUER);
+    check_cert_err("ev-valid", SEC_ERROR_UNKNOWN_ISSUER);
     ocspResponder.stop(run_next_test);
   });
 
-  // bug 917380: Chcek that a trusted EV root is trusted after disabling and
+  // bug 917380: Check that a trusted EV root is trusted after disabling and
   // re-enabling trust.
   add_test(function() {
     let evRootCA = certdb.findCertByNickname(null, evrootnick);
@@ -206,10 +207,11 @@ function run_test() {
 
       let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags,
                                        null, verifiedChain, hasEVPolicy);
-      do_check_eq(hasEVPolicy.value, gEVExpected);
+      equal(hasEVPolicy.value, gEVExpected,
-      do_check_eq(error,
+            "Actual and expected EV status should match for local only EV");
-                  gEVExpected ? PRErrorCodeSuccess
+      equal(error,
-                              : SEC_ERROR_POLICY_VALIDATION_FAILED);
+            gEVExpected ? PRErrorCodeSuccess : SEC_ERROR_POLICY_VALIDATION_FAILED,
+            "Actual and expected error code should match for local only EV");
       failingOcspResponder.stop(run_next_test);
     });
   });
@@ -229,11 +231,10 @@ function run_test() {
   });
 
   // Bug 991815 old but valid end-entities are NOT OK for EV
-  // Unfortunatelly because of soft-fail we consider these OK for DV
+  // Unfortunately because of soft-fail we consider these OK for DV.
-  // libpkix does not enforce the age restriction and thus EV is valid
   add_test(function () {
     clearOCSPCache();
-    // Since Mozilla::pkix does not consider the old amost invalid OCSP
+    // Since Mozilla::pkix does not consider the old almost invalid OCSP
     // response valid, it does not cache the old response and thus
     // makes a separate request for DV
     let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"];
@@ -287,7 +288,9 @@ function check_no_ocsp_requests(cert_name, expected_error) {
   let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags,
                                    null, verifiedChain, hasEVPolicy);
   // Since we're not doing OCSP requests, no certificate will be EV.
-  do_check_eq(hasEVPolicy.value, false);
+  equal(hasEVPolicy.value, false,
-  do_check_eq(expected_error, error);
+        "EV status should be false when not doing OCSP requests");
+  equal(error, expected_error,
+        "Actual and expected error should match when not doing OCSP requests");
   ocspResponder.stop(run_next_test);
 }

security/manager/ssl/tests/unit/test_getchain.js

@@ -14,7 +14,7 @@ let certList = [
   'ee',
   'ca-1',
   'ca-2',
-]
+];
 
 function load_cert(cert_name, trust_string) {
   var cert_filename = cert_name + ".der";
@@ -41,11 +41,13 @@ function get_ca_array() {
 function check_matching_issuer_and_getchain(expected_issuer_serial, cert) {
   const nsIX509Cert = Components.interfaces.nsIX509Cert;
 
-  do_check_eq(expected_issuer_serial, cert.issuer.serialNumber);
+  equal(expected_issuer_serial, cert.issuer.serialNumber,
+        "Expected and actual issuer serial numbers should match");
   let chain = cert.getChain();
   let issuer_via_getchain = chain.queryElementAt(1, nsIX509Cert);
   // The issuer returned by cert.issuer or cert.getchain should be consistent.
-  do_check_eq(cert.issuer.serialNumber, issuer_via_getchain.serialNumber);
+  equal(cert.issuer.serialNumber, issuer_via_getchain.serialNumber,
+        "Serial numbers via cert.issuer and via getChain() should match");
 }
 
 function check_getchain(ee_cert, ssl_ca, email_ca){
@@ -63,7 +65,7 @@ function check_getchain(ee_cert, ssl_ca, email_ca){
   check_matching_issuer_and_getchain(email_ca.serialNumber, ee_cert);
   certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, 0);
   // Do a final test on the case of no trust. The results must
-  // be cosistent (the actual value is non-deterministic).
+  // be consistent (the actual value is non-deterministic).
   check_matching_issuer_and_getchain(ee_cert.issuer.serialNumber, ee_cert);
 }
 
@@ -76,7 +78,7 @@ function run_test() {
   }
 
   let ee_cert = certdb.findCertByNickname(null, 'ee');
-  do_check_false(!ee_cert);
+  notEqual(ee_cert, null, "EE cert should be in the cert DB");
 
   let ca = get_ca_array();
 

security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js

@@ -23,8 +23,8 @@ function test_cert_for_usages(certChainNicks, expected_usages_string) {
   let verified = {};
   let usages = {};
   cert.getUsagesString(true, verified, usages);
-  do_print("usages.value = " + usages.value);
+  equal(expected_usages_string, usages.value,
-  do_check_eq(expected_usages_string, usages.value);
+        "Expected and actual usages string should match");
 }
 
 function run_test() {

security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js

@@ -2,6 +2,7 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
 
 // This test loads a testing PKCS #11 module that simulates a token being
 // inserted and removed from a slot every 50ms. This causes the observer
@@ -13,8 +14,6 @@
 do_get_profile();
 Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
 
-let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
-
 const gExpectedTokenLabel = "Test PKCS11 Tokeñ Label";
 
 function SmartcardObserver(type) {
@@ -24,8 +23,9 @@ function SmartcardObserver(type) {
 
 SmartcardObserver.prototype = {
   observe: function(subject, topic, data) {
-    do_check_eq(topic, this.type);
+    equal(topic, this.type, "Observed and expected types should match");
-    do_check_eq(gExpectedTokenLabel, data);
+    equal(gExpectedTokenLabel, data,
+          "Expected and observed token labels should match");
     Services.obs.removeObserver(this, this.type);
     do_test_finished();
   }
@@ -45,6 +45,6 @@ function run_test() {
   let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
   libraryFile.append("pkcs11testmodule");
   libraryFile.append(libraryName);
-  ok(libraryFile.exists());
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
   pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
 }

security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js

@@ -2,6 +2,7 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
 
 // This test loads a testing PKCS #11 module that simulates a token being
 // inserted and removed from a slot every 50ms. This causes the observer
@@ -13,21 +14,21 @@
 do_get_profile();
 Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
 
-let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
-
 function run_test() {
   let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
   let libraryName = ctypes.libraryName("pkcs11testmodule");
   let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
   libraryFile.append("pkcs11testmodule");
   libraryFile.append(libraryName);
-  ok(libraryFile.exists());
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
   pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
   pkcs11.deleteModule("PKCS11 Test Module");
-  Services.obs.addObserver(function() { do_check_true(false); },
+  Services.obs.addObserver(function() {
-                           "smartcard-insert", false);
+    ok(false, "smartcard-insert event should not have been emitted");
-  Services.obs.addObserver(function() { do_check_true(false); },
+  }, "smartcard-insert", false);
-                           "smartcard-remove", false);
+  Services.obs.addObserver(function() {
+    ok(false, "smartcard-remove event should not have been emitted");
+  }, "smartcard-remove", false);
   do_timeout(500, do_test_finished);
   do_test_pending();
 }

security/manager/ssl/tests/unit/test_signed_apps-marketplace.js

@@ -1,8 +1,5 @@
 "use strict";
 
-const isB2G = ("@mozilla.org/b2g-process-global;1" in Cc);
-
-
 do_get_profile(); // must be called before getting nsIX509CertDB
 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
 
@@ -13,9 +10,11 @@ function run_test() {
 function check_open_result(name, expectedRv) {
   return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
     do_print("openSignedAppFileCallback called for " + name);
-    do_check_eq(rv, expectedRv);
+    equal(rv, expectedRv, "Actual and expected return value should match");
-    do_check_eq(aZipReader != null,  Components.isSuccessCode(expectedRv));
+    equal(aZipReader != null, Components.isSuccessCode(expectedRv),
-    do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
+          "ZIP reader should be null only if the return value denotes failure");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "Signer cert should be null only if the return value denotes failure");
     run_next_test();
   };
 }

security/manager/ssl/tests/unit/test_signed_apps.js

@@ -117,9 +117,11 @@ function run_test() {
 function check_open_result(name, expectedRv) {
   return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
     do_print("openSignedAppFileCallback called for " + name);
-    do_check_eq(rv, expectedRv);
+    equal(rv, expectedRv, "Actual and expected return value should match");
-    do_check_eq(aZipReader != null,  Components.isSuccessCode(expectedRv));
+    equal(aZipReader != null, Components.isSuccessCode(expectedRv),
-    do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
+          "ZIP reader should be null only if the return value denotes failure");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "Signer cert should be null only if the return value denotes failure");
     run_next_test();
   };
 }