mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
bug 1209695 - fold mochitest test_bug413909.html into xpcshell test_cert_overrides.js r=mgoodwin
test_bug413909.html doesn't need to be a mochitest. Furthermore, test_cert_overrides.js tests a lot of the same functionality. This just moves the unique parts from the old test to a new home in the xpcshell test (to be specific, some IDN handling and that "port" -1 is the same as port 443).
This commit is contained in:
parent
6c58a4fae7
commit
da00b96b84
@ -1,6 +0,0 @@
|
||||
[DEFAULT]
|
||||
tags = psm
|
||||
skip-if = buildapp == 'b2g' || os == 'android'
|
||||
|
||||
[test_bug413909.html]
|
||||
skip-if = buildapp == 'mulet'
|
@ -1,7 +0,0 @@
|
||||
# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
|
||||
# vim: set filetype=python:
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
MOCHITEST_CHROME_MANIFESTS += ['chrome.ini']
|
@ -1,127 +0,0 @@
|
||||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Test bug 413909</title>
|
||||
<script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body onload="onWindowLoad()">
|
||||
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
var certOverrideService = Components.classes["@mozilla.org/security/certoverride;1"]
|
||||
.getService(Components.interfaces.nsICertOverrideService);
|
||||
var cert = null;
|
||||
var certListener = null;
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
function badCertListener()
|
||||
{
|
||||
}
|
||||
|
||||
badCertListener.prototype = {
|
||||
exceptionAdded: false,
|
||||
|
||||
getInterface: function (aIID) {
|
||||
return this.QueryInterface(aIID);
|
||||
},
|
||||
|
||||
QueryInterface: function(aIID) {
|
||||
if (aIID.equals(Components.interfaces.nsIBadCertListener2) ||
|
||||
aIID.equals(Components.interfaces.nsIInterfaceRequestor) ||
|
||||
aIID.equals(Components.interfaces.nsISupports))
|
||||
return this;
|
||||
|
||||
throw Components.results.NS_ERROR_NO_INTERFACE;
|
||||
},
|
||||
|
||||
notifyCertProblem: function MSR_notifyCertProblem(socketInfo, sslStatus, targetHost) {
|
||||
cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
|
||||
.serverCert;
|
||||
|
||||
certOverrideService.rememberValidityOverride(
|
||||
"bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
|
||||
-1,
|
||||
cert,
|
||||
certOverrideService.ERROR_UNTRUSTED,
|
||||
false);
|
||||
|
||||
this.exceptionAdded = true;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
function apiTest(expected)
|
||||
{
|
||||
var has;
|
||||
var bits = {}, temp = {};
|
||||
|
||||
has = certOverrideService.hasMatchingOverride(
|
||||
"bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
|
||||
-1, cert, bits, temp);
|
||||
is(has, expected, "hasMatchingOverride "+expected+" for default port value");
|
||||
|
||||
has = certOverrideService.hasMatchingOverride(
|
||||
"bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
|
||||
443, cert, bits, temp);
|
||||
is(has, expected, "hasMatchingOverride "+expected+" for explicit port value");
|
||||
|
||||
has = certOverrideService.hasMatchingOverride(
|
||||
"bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
|
||||
563, cert, bits, temp);
|
||||
ok(!has, "hasMatchingOverride false for invalid port value");
|
||||
|
||||
has = certOverrideService.hasMatchingOverride(
|
||||
window.frame1.location.hostname,
|
||||
-1, cert, bits, temp);
|
||||
ok(!has, "hasMatchingOverride false for default port value and non-ascii host");
|
||||
|
||||
has = certOverrideService.hasMatchingOverride(
|
||||
window.frame1.location.hostname,
|
||||
443, cert, bits, temp);
|
||||
ok(!has, "hasMatchingOverride false for explicit port value and non-ascii host");
|
||||
|
||||
has = certOverrideService.hasMatchingOverride(
|
||||
window.frame1.location.hostname,
|
||||
563, cert, bits, temp);
|
||||
ok(!has, "hasMatchingOverride false for invalid port value and non-ascii host");
|
||||
}
|
||||
|
||||
function onFrameLoad()
|
||||
{
|
||||
ok(certListener.exceptionAdded, "Secure page loaded after exception was added and not sooner");
|
||||
if (!certListener.exceptionAdded)
|
||||
return;
|
||||
|
||||
apiTest(true);
|
||||
certOverrideService.clearValidityOverride(
|
||||
"bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", -1);
|
||||
apiTest(false);
|
||||
|
||||
SimpleTest.finish();
|
||||
}
|
||||
|
||||
function onWindowLoad()
|
||||
{
|
||||
var req = new XMLHttpRequest();
|
||||
try
|
||||
{
|
||||
certListener = new badCertListener();
|
||||
|
||||
req.open("GET", "https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp/", false);
|
||||
req.channel.notificationCallbacks = certListener;
|
||||
req.send(null);
|
||||
}
|
||||
catch(ex)
|
||||
{
|
||||
// ignore
|
||||
}
|
||||
|
||||
window.frame1.location.reload();
|
||||
}
|
||||
|
||||
</script>
|
||||
<iframe name="frame1" src="https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp/" onload="onFrameLoad()"></iframe>
|
||||
</body>
|
||||
</html>
|
@ -6,8 +6,6 @@
|
||||
|
||||
TEST_DIRS += [
|
||||
'browser',
|
||||
'bugs',
|
||||
'mixedcontent',
|
||||
'stricttransportsecurity',
|
||||
]
|
||||
|
||||
|
@ -0,0 +1,3 @@
|
||||
issuer:Unknown Issuer
|
||||
subject:IDN Certificate
|
||||
extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
|
@ -16,6 +16,7 @@ test_certificates = (
|
||||
'expired-ee.pem',
|
||||
'expiredINT.pem',
|
||||
'expiredissuer.pem',
|
||||
'idn-certificate.pem',
|
||||
'inadequateKeySizeEE.pem',
|
||||
'inadequatekeyusage-ee.pem',
|
||||
'ipAddressAsDNSNameInSAN.pem',
|
||||
|
@ -19,7 +19,7 @@ function check_telemetry() {
|
||||
.getHistogramById("SSL_CERT_ERROR_OVERRIDES")
|
||||
.snapshot();
|
||||
equal(histogram.counts[ 0], 0, "Should have 0 unclassified counts");
|
||||
equal(histogram.counts[ 2], 7,
|
||||
equal(histogram.counts[ 2], 8,
|
||||
"Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
|
||||
equal(histogram.counts[ 3], 1,
|
||||
"Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match");
|
||||
@ -60,13 +60,47 @@ function check_telemetry() {
|
||||
"Actual and expected successful verifications of 2048-bit keys should match");
|
||||
equal(keySizeHistogram.counts[2], 0,
|
||||
"Actual and expected successful verifications of 1024-bit keys should match");
|
||||
equal(keySizeHistogram.counts[3], 54,
|
||||
"Actual and expected key size verification failures should match");
|
||||
equal(keySizeHistogram.counts[3], 56,
|
||||
"Actual and expected verification failures unrelated to key size should match");
|
||||
|
||||
run_next_test();
|
||||
}
|
||||
|
||||
// Internally, specifying "port" -1 is the same as port 443. This tests that.
|
||||
function run_port_equivalency_test(inPort, outPort) {
|
||||
Assert.ok((inPort == 443 && outPort == -1) || (inPort == -1 && outPort == 443),
|
||||
"The two specified ports must be -1 and 443 (in any order)");
|
||||
let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
|
||||
.getService(Ci.nsICertOverrideService);
|
||||
let cert = constructCertFromFile("bad_certs/default-ee.pem");
|
||||
let expectedBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED
|
||||
let expectedTemporary = true;
|
||||
certOverrideService.rememberValidityOverride("example.com", inPort, cert,
|
||||
expectedBits, expectedTemporary);
|
||||
let actualBits = {};
|
||||
let actualTemporary = {};
|
||||
Assert.ok(certOverrideService.hasMatchingOverride("example.com", outPort,
|
||||
cert, actualBits,
|
||||
actualTemporary),
|
||||
`override set on port ${inPort} should match port ${outPort}`);
|
||||
equal(actualBits.value, expectedBits,
|
||||
"input override bits should match output bits");
|
||||
equal(actualTemporary.value, expectedTemporary,
|
||||
"input override temporary value should match output temporary value");
|
||||
Assert.ok(!certOverrideService.hasMatchingOverride("example.com", 563,
|
||||
cert, {}, {}),
|
||||
`override set on port ${inPort} should not match port 563`);
|
||||
certOverrideService.clearValidityOverride("example.com", inPort);
|
||||
Assert.ok(!certOverrideService.hasMatchingOverride("example.com", outPort,
|
||||
cert, actualBits, {}),
|
||||
`override cleared on port ${inPort} should match port ${outPort}`);
|
||||
equal(actualBits.value, 0, "should have no bits set if there is no override");
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
run_port_equivalency_test(-1, 443);
|
||||
run_port_equivalency_test(443, -1);
|
||||
|
||||
Services.prefs.setIntPref("security.OCSP.enabled", 1);
|
||||
add_tls_server_setup("BadCertServer", "bad_certs");
|
||||
|
||||
@ -211,6 +245,23 @@ function add_simple_tests() {
|
||||
add_cert_override_test("badSubjectAltNames.example.com",
|
||||
Ci.nsICertOverrideService.ERROR_MISMATCH,
|
||||
SSL_ERROR_BAD_CERT_DOMAIN);
|
||||
|
||||
add_cert_override_test("bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
|
||||
Ci.nsICertOverrideService.ERROR_UNTRUSTED,
|
||||
SEC_ERROR_UNKNOWN_ISSUER);
|
||||
add_test(function() {
|
||||
// At this point, the override for bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
|
||||
// is still valid. Do some additional tests relating to IDN handling.
|
||||
let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
|
||||
.getService(Ci.nsICertOverrideService);
|
||||
let uri = Services.io.newURI("https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", null, null);
|
||||
let cert = constructCertFromFile("bad_certs/idn-certificate.pem");
|
||||
Assert.ok(certOverrideService.hasMatchingOverride(uri.asciiHost, 8443, cert, {}, {}),
|
||||
"IDN certificate should have matching override using ascii host");
|
||||
Assert.ok(!certOverrideService.hasMatchingOverride(uri.host, 8443, cert, {}, {}),
|
||||
"IDN certificate should not have matching override using (non-ascii) host");
|
||||
run_next_test();
|
||||
});
|
||||
}
|
||||
|
||||
function add_combo_tests() {
|
||||
|
@ -74,6 +74,7 @@ const BadCertHost sBadCertHosts[] =
|
||||
{ "badSubjectAltNames.example.com", "badSubjectAltNames" },
|
||||
{ "ipAddressAsDNSNameInSAN.example.com", "ipAddressAsDNSNameInSAN" },
|
||||
{ "noValidNames.example.com", "noValidNames" },
|
||||
{ "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", "idn-certificate" },
|
||||
{ nullptr, nullptr }
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user