Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler

This commit is contained in:
Cykesiopka 2015-07-14 23:19:00 +02:00
parent 8cf4bed83b
commit a0279ce7ca
8 changed files with 54 additions and 41 deletions

View File

@ -2,6 +2,12 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// Tests that adding a certificate already present in the certificate database
// with different trust bits than those stored in the database does not result
// in the new trust bits being ignored.
do_get_profile();
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
@ -34,7 +40,7 @@ function run_test() {
// addCertFromBase64(). We use findCertByNickname first to ensure that the
// certificate already exists.
let int_cert = certDB.findCertByNickname(null, "int-limited-depth");
ok(int_cert);
notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
let base64_cert = btoa(getDERString(int_cert));
certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER,

View File

@ -105,7 +105,8 @@ function run_test() {
ocspResponder.stop(run_next_test);
});
// bug 917380: Chcek that an untrusted EV root is untrusted.
// bug 917380: Check that explicitly removing trust from an EV root actually
// causes the root to be untrusted.
const nsIX509Cert = Ci.nsIX509Cert;
add_test(function() {
let evRootCA = certdb.findCertByNickname(null, evrootnick);
@ -113,11 +114,11 @@ function run_test() {
clearOCSPCache();
let ocspResponder = failingOCSPResponder();
check_cert_err("ev-valid",SEC_ERROR_UNKNOWN_ISSUER);
check_cert_err("ev-valid", SEC_ERROR_UNKNOWN_ISSUER);
ocspResponder.stop(run_next_test);
});
// bug 917380: Chcek that a trusted EV root is trusted after disabling and
// bug 917380: Check that a trusted EV root is trusted after disabling and
// re-enabling trust.
add_test(function() {
let evRootCA = certdb.findCertByNickname(null, evrootnick);
@ -206,10 +207,11 @@ function run_test() {
let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags,
null, verifiedChain, hasEVPolicy);
do_check_eq(hasEVPolicy.value, gEVExpected);
do_check_eq(error,
gEVExpected ? PRErrorCodeSuccess
: SEC_ERROR_POLICY_VALIDATION_FAILED);
equal(hasEVPolicy.value, gEVExpected,
"Actual and expected EV status should match for local only EV");
equal(error,
gEVExpected ? PRErrorCodeSuccess : SEC_ERROR_POLICY_VALIDATION_FAILED,
"Actual and expected error code should match for local only EV");
failingOcspResponder.stop(run_next_test);
});
});
@ -229,11 +231,10 @@ function run_test() {
});
// Bug 991815 old but valid end-entities are NOT OK for EV
// Unfortunatelly because of soft-fail we consider these OK for DV
// libpkix does not enforce the age restriction and thus EV is valid
// Unfortunately because of soft-fail we consider these OK for DV.
add_test(function () {
clearOCSPCache();
// Since Mozilla::pkix does not consider the old amost invalid OCSP
// Since Mozilla::pkix does not consider the old almost invalid OCSP
// response valid, it does not cache the old response and thus
// makes a separate request for DV
let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"];
@ -287,7 +288,9 @@ function check_no_ocsp_requests(cert_name, expected_error) {
let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags,
null, verifiedChain, hasEVPolicy);
// Since we're not doing OCSP requests, no certificate will be EV.
do_check_eq(hasEVPolicy.value, false);
do_check_eq(expected_error, error);
equal(hasEVPolicy.value, false,
"EV status should be false when not doing OCSP requests");
equal(error, expected_error,
"Actual and expected error should match when not doing OCSP requests");
ocspResponder.stop(run_next_test);
}

View File

@ -14,7 +14,7 @@ let certList = [
'ee',
'ca-1',
'ca-2',
]
];
function load_cert(cert_name, trust_string) {
var cert_filename = cert_name + ".der";
@ -41,11 +41,13 @@ function get_ca_array() {
function check_matching_issuer_and_getchain(expected_issuer_serial, cert) {
const nsIX509Cert = Components.interfaces.nsIX509Cert;
do_check_eq(expected_issuer_serial, cert.issuer.serialNumber);
equal(expected_issuer_serial, cert.issuer.serialNumber,
"Expected and actual issuer serial numbers should match");
let chain = cert.getChain();
let issuer_via_getchain = chain.queryElementAt(1, nsIX509Cert);
// The issuer returned by cert.issuer or cert.getchain should be consistent.
do_check_eq(cert.issuer.serialNumber, issuer_via_getchain.serialNumber);
equal(cert.issuer.serialNumber, issuer_via_getchain.serialNumber,
"Serial numbers via cert.issuer and via getChain() should match");
}
function check_getchain(ee_cert, ssl_ca, email_ca){
@ -63,7 +65,7 @@ function check_getchain(ee_cert, ssl_ca, email_ca){
check_matching_issuer_and_getchain(email_ca.serialNumber, ee_cert);
certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, 0);
// Do a final test on the case of no trust. The results must
// be cosistent (the actual value is non-deterministic).
// be consistent (the actual value is non-deterministic).
check_matching_issuer_and_getchain(ee_cert.issuer.serialNumber, ee_cert);
}
@ -76,7 +78,7 @@ function run_test() {
}
let ee_cert = certdb.findCertByNickname(null, 'ee');
do_check_false(!ee_cert);
notEqual(ee_cert, null, "EE cert should be in the cert DB");
let ca = get_ca_array();

View File

@ -23,8 +23,8 @@ function test_cert_for_usages(certChainNicks, expected_usages_string) {
let verified = {};
let usages = {};
cert.getUsagesString(true, verified, usages);
do_print("usages.value = " + usages.value);
do_check_eq(expected_usages_string, usages.value);
equal(expected_usages_string, usages.value,
"Expected and actual usages string should match");
}
function run_test() {

View File

@ -2,6 +2,7 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// This test loads a testing PKCS #11 module that simulates a token being
// inserted and removed from a slot every 50ms. This causes the observer
@ -13,8 +14,6 @@
do_get_profile();
Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
const gExpectedTokenLabel = "Test PKCS11 Tokeñ Label";
function SmartcardObserver(type) {
@ -24,8 +23,9 @@ function SmartcardObserver(type) {
SmartcardObserver.prototype = {
observe: function(subject, topic, data) {
do_check_eq(topic, this.type);
do_check_eq(gExpectedTokenLabel, data);
equal(topic, this.type, "Observed and expected types should match");
equal(gExpectedTokenLabel, data,
"Expected and observed token labels should match");
Services.obs.removeObserver(this, this.type);
do_test_finished();
}
@ -45,6 +45,6 @@ function run_test() {
let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
libraryFile.append("pkcs11testmodule");
libraryFile.append(libraryName);
ok(libraryFile.exists());
ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
}

View File

@ -2,6 +2,7 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// This test loads a testing PKCS #11 module that simulates a token being
// inserted and removed from a slot every 50ms. This causes the observer
@ -13,21 +14,21 @@
do_get_profile();
Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
function run_test() {
let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
let libraryName = ctypes.libraryName("pkcs11testmodule");
let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
libraryFile.append("pkcs11testmodule");
libraryFile.append(libraryName);
ok(libraryFile.exists());
ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
pkcs11.deleteModule("PKCS11 Test Module");
Services.obs.addObserver(function() { do_check_true(false); },
"smartcard-insert", false);
Services.obs.addObserver(function() { do_check_true(false); },
"smartcard-remove", false);
Services.obs.addObserver(function() {
ok(false, "smartcard-insert event should not have been emitted");
}, "smartcard-insert", false);
Services.obs.addObserver(function() {
ok(false, "smartcard-remove event should not have been emitted");
}, "smartcard-remove", false);
do_timeout(500, do_test_finished);
do_test_pending();
}

View File

@ -1,8 +1,5 @@
"use strict";
const isB2G = ("@mozilla.org/b2g-process-global;1" in Cc);
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
@ -13,9 +10,11 @@ function run_test() {
function check_open_result(name, expectedRv) {
return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
do_print("openSignedAppFileCallback called for " + name);
do_check_eq(rv, expectedRv);
do_check_eq(aZipReader != null, Components.isSuccessCode(expectedRv));
do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
equal(rv, expectedRv, "Actual and expected return value should match");
equal(aZipReader != null, Components.isSuccessCode(expectedRv),
"ZIP reader should be null only if the return value denotes failure");
equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
"Signer cert should be null only if the return value denotes failure");
run_next_test();
};
}

View File

@ -117,9 +117,11 @@ function run_test() {
function check_open_result(name, expectedRv) {
return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
do_print("openSignedAppFileCallback called for " + name);
do_check_eq(rv, expectedRv);
do_check_eq(aZipReader != null, Components.isSuccessCode(expectedRv));
do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
equal(rv, expectedRv, "Actual and expected return value should match");
equal(aZipReader != null, Components.isSuccessCode(expectedRv),
"ZIP reader should be null only if the return value denotes failure");
equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
"Signer cert should be null only if the return value denotes failure");
run_next_test();
};
}