mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1179678 - Add result strings to misc PSM xpcshell tests. r=keeler
This commit is contained in:
parent
8cf4bed83b
commit
a0279ce7ca
@ -2,6 +2,12 @@
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
"use strict";
|
||||
|
||||
// Tests that adding a certificate already present in the certificate database
|
||||
// with different trust bits than those stored in the database does not result
|
||||
// in the new trust bits being ignored.
|
||||
|
||||
do_get_profile();
|
||||
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
|
||||
.getService(Ci.nsIX509CertDB);
|
||||
@ -34,7 +40,7 @@ function run_test() {
|
||||
// addCertFromBase64(). We use findCertByNickname first to ensure that the
|
||||
// certificate already exists.
|
||||
let int_cert = certDB.findCertByNickname(null, "int-limited-depth");
|
||||
ok(int_cert);
|
||||
notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
|
||||
let base64_cert = btoa(getDERString(int_cert));
|
||||
certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
|
||||
checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER,
|
||||
|
@ -105,7 +105,8 @@ function run_test() {
|
||||
ocspResponder.stop(run_next_test);
|
||||
});
|
||||
|
||||
// bug 917380: Chcek that an untrusted EV root is untrusted.
|
||||
// bug 917380: Check that explicitly removing trust from an EV root actually
|
||||
// causes the root to be untrusted.
|
||||
const nsIX509Cert = Ci.nsIX509Cert;
|
||||
add_test(function() {
|
||||
let evRootCA = certdb.findCertByNickname(null, evrootnick);
|
||||
@ -113,11 +114,11 @@ function run_test() {
|
||||
|
||||
clearOCSPCache();
|
||||
let ocspResponder = failingOCSPResponder();
|
||||
check_cert_err("ev-valid",SEC_ERROR_UNKNOWN_ISSUER);
|
||||
check_cert_err("ev-valid", SEC_ERROR_UNKNOWN_ISSUER);
|
||||
ocspResponder.stop(run_next_test);
|
||||
});
|
||||
|
||||
// bug 917380: Chcek that a trusted EV root is trusted after disabling and
|
||||
// bug 917380: Check that a trusted EV root is trusted after disabling and
|
||||
// re-enabling trust.
|
||||
add_test(function() {
|
||||
let evRootCA = certdb.findCertByNickname(null, evrootnick);
|
||||
@ -206,10 +207,11 @@ function run_test() {
|
||||
|
||||
let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags,
|
||||
null, verifiedChain, hasEVPolicy);
|
||||
do_check_eq(hasEVPolicy.value, gEVExpected);
|
||||
do_check_eq(error,
|
||||
gEVExpected ? PRErrorCodeSuccess
|
||||
: SEC_ERROR_POLICY_VALIDATION_FAILED);
|
||||
equal(hasEVPolicy.value, gEVExpected,
|
||||
"Actual and expected EV status should match for local only EV");
|
||||
equal(error,
|
||||
gEVExpected ? PRErrorCodeSuccess : SEC_ERROR_POLICY_VALIDATION_FAILED,
|
||||
"Actual and expected error code should match for local only EV");
|
||||
failingOcspResponder.stop(run_next_test);
|
||||
});
|
||||
});
|
||||
@ -229,11 +231,10 @@ function run_test() {
|
||||
});
|
||||
|
||||
// Bug 991815 old but valid end-entities are NOT OK for EV
|
||||
// Unfortunatelly because of soft-fail we consider these OK for DV
|
||||
// libpkix does not enforce the age restriction and thus EV is valid
|
||||
// Unfortunately because of soft-fail we consider these OK for DV.
|
||||
add_test(function () {
|
||||
clearOCSPCache();
|
||||
// Since Mozilla::pkix does not consider the old amost invalid OCSP
|
||||
// Since Mozilla::pkix does not consider the old almost invalid OCSP
|
||||
// response valid, it does not cache the old response and thus
|
||||
// makes a separate request for DV
|
||||
let debugCertNickArray = ["int-ev-valid", "ev-valid", "ev-valid"];
|
||||
@ -287,7 +288,9 @@ function check_no_ocsp_requests(cert_name, expected_error) {
|
||||
let error = certdb.verifyCertNow(cert, certificateUsageSSLServer, flags,
|
||||
null, verifiedChain, hasEVPolicy);
|
||||
// Since we're not doing OCSP requests, no certificate will be EV.
|
||||
do_check_eq(hasEVPolicy.value, false);
|
||||
do_check_eq(expected_error, error);
|
||||
equal(hasEVPolicy.value, false,
|
||||
"EV status should be false when not doing OCSP requests");
|
||||
equal(error, expected_error,
|
||||
"Actual and expected error should match when not doing OCSP requests");
|
||||
ocspResponder.stop(run_next_test);
|
||||
}
|
||||
|
@ -14,7 +14,7 @@ let certList = [
|
||||
'ee',
|
||||
'ca-1',
|
||||
'ca-2',
|
||||
]
|
||||
];
|
||||
|
||||
function load_cert(cert_name, trust_string) {
|
||||
var cert_filename = cert_name + ".der";
|
||||
@ -41,11 +41,13 @@ function get_ca_array() {
|
||||
function check_matching_issuer_and_getchain(expected_issuer_serial, cert) {
|
||||
const nsIX509Cert = Components.interfaces.nsIX509Cert;
|
||||
|
||||
do_check_eq(expected_issuer_serial, cert.issuer.serialNumber);
|
||||
equal(expected_issuer_serial, cert.issuer.serialNumber,
|
||||
"Expected and actual issuer serial numbers should match");
|
||||
let chain = cert.getChain();
|
||||
let issuer_via_getchain = chain.queryElementAt(1, nsIX509Cert);
|
||||
// The issuer returned by cert.issuer or cert.getchain should be consistent.
|
||||
do_check_eq(cert.issuer.serialNumber, issuer_via_getchain.serialNumber);
|
||||
equal(cert.issuer.serialNumber, issuer_via_getchain.serialNumber,
|
||||
"Serial numbers via cert.issuer and via getChain() should match");
|
||||
}
|
||||
|
||||
function check_getchain(ee_cert, ssl_ca, email_ca){
|
||||
@ -63,7 +65,7 @@ function check_getchain(ee_cert, ssl_ca, email_ca){
|
||||
check_matching_issuer_and_getchain(email_ca.serialNumber, ee_cert);
|
||||
certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, 0);
|
||||
// Do a final test on the case of no trust. The results must
|
||||
// be cosistent (the actual value is non-deterministic).
|
||||
// be consistent (the actual value is non-deterministic).
|
||||
check_matching_issuer_and_getchain(ee_cert.issuer.serialNumber, ee_cert);
|
||||
}
|
||||
|
||||
@ -76,7 +78,7 @@ function run_test() {
|
||||
}
|
||||
|
||||
let ee_cert = certdb.findCertByNickname(null, 'ee');
|
||||
do_check_false(!ee_cert);
|
||||
notEqual(ee_cert, null, "EE cert should be in the cert DB");
|
||||
|
||||
let ca = get_ca_array();
|
||||
|
||||
|
@ -23,8 +23,8 @@ function test_cert_for_usages(certChainNicks, expected_usages_string) {
|
||||
let verified = {};
|
||||
let usages = {};
|
||||
cert.getUsagesString(true, verified, usages);
|
||||
do_print("usages.value = " + usages.value);
|
||||
do_check_eq(expected_usages_string, usages.value);
|
||||
equal(expected_usages_string, usages.value,
|
||||
"Expected and actual usages string should match");
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
|
@ -2,6 +2,7 @@
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
"use strict";
|
||||
|
||||
// This test loads a testing PKCS #11 module that simulates a token being
|
||||
// inserted and removed from a slot every 50ms. This causes the observer
|
||||
@ -13,8 +14,6 @@
|
||||
do_get_profile();
|
||||
Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
|
||||
|
||||
let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
|
||||
|
||||
const gExpectedTokenLabel = "Test PKCS11 Tokeñ Label";
|
||||
|
||||
function SmartcardObserver(type) {
|
||||
@ -24,8 +23,9 @@ function SmartcardObserver(type) {
|
||||
|
||||
SmartcardObserver.prototype = {
|
||||
observe: function(subject, topic, data) {
|
||||
do_check_eq(topic, this.type);
|
||||
do_check_eq(gExpectedTokenLabel, data);
|
||||
equal(topic, this.type, "Observed and expected types should match");
|
||||
equal(gExpectedTokenLabel, data,
|
||||
"Expected and observed token labels should match");
|
||||
Services.obs.removeObserver(this, this.type);
|
||||
do_test_finished();
|
||||
}
|
||||
@ -45,6 +45,6 @@ function run_test() {
|
||||
let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
|
||||
libraryFile.append("pkcs11testmodule");
|
||||
libraryFile.append(libraryName);
|
||||
ok(libraryFile.exists());
|
||||
ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
|
||||
pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
|
||||
}
|
||||
|
@ -2,6 +2,7 @@
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
"use strict";
|
||||
|
||||
// This test loads a testing PKCS #11 module that simulates a token being
|
||||
// inserted and removed from a slot every 50ms. This causes the observer
|
||||
@ -13,21 +14,21 @@
|
||||
do_get_profile();
|
||||
Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
|
||||
|
||||
let { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
|
||||
|
||||
function run_test() {
|
||||
let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
|
||||
let libraryName = ctypes.libraryName("pkcs11testmodule");
|
||||
let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
|
||||
libraryFile.append("pkcs11testmodule");
|
||||
libraryFile.append(libraryName);
|
||||
ok(libraryFile.exists());
|
||||
ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
|
||||
pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
|
||||
pkcs11.deleteModule("PKCS11 Test Module");
|
||||
Services.obs.addObserver(function() { do_check_true(false); },
|
||||
"smartcard-insert", false);
|
||||
Services.obs.addObserver(function() { do_check_true(false); },
|
||||
"smartcard-remove", false);
|
||||
Services.obs.addObserver(function() {
|
||||
ok(false, "smartcard-insert event should not have been emitted");
|
||||
}, "smartcard-insert", false);
|
||||
Services.obs.addObserver(function() {
|
||||
ok(false, "smartcard-remove event should not have been emitted");
|
||||
}, "smartcard-remove", false);
|
||||
do_timeout(500, do_test_finished);
|
||||
do_test_pending();
|
||||
}
|
||||
|
@ -1,8 +1,5 @@
|
||||
"use strict";
|
||||
|
||||
const isB2G = ("@mozilla.org/b2g-process-global;1" in Cc);
|
||||
|
||||
|
||||
do_get_profile(); // must be called before getting nsIX509CertDB
|
||||
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
|
||||
|
||||
@ -13,9 +10,11 @@ function run_test() {
|
||||
function check_open_result(name, expectedRv) {
|
||||
return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
|
||||
do_print("openSignedAppFileCallback called for " + name);
|
||||
do_check_eq(rv, expectedRv);
|
||||
do_check_eq(aZipReader != null, Components.isSuccessCode(expectedRv));
|
||||
do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
|
||||
equal(rv, expectedRv, "Actual and expected return value should match");
|
||||
equal(aZipReader != null, Components.isSuccessCode(expectedRv),
|
||||
"ZIP reader should be null only if the return value denotes failure");
|
||||
equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
|
||||
"Signer cert should be null only if the return value denotes failure");
|
||||
run_next_test();
|
||||
};
|
||||
}
|
||||
|
@ -117,9 +117,11 @@ function run_test() {
|
||||
function check_open_result(name, expectedRv) {
|
||||
return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
|
||||
do_print("openSignedAppFileCallback called for " + name);
|
||||
do_check_eq(rv, expectedRv);
|
||||
do_check_eq(aZipReader != null, Components.isSuccessCode(expectedRv));
|
||||
do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
|
||||
equal(rv, expectedRv, "Actual and expected return value should match");
|
||||
equal(aZipReader != null, Components.isSuccessCode(expectedRv),
|
||||
"ZIP reader should be null only if the return value denotes failure");
|
||||
equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
|
||||
"Signer cert should be null only if the return value denotes failure");
|
||||
run_next_test();
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user