merge

toolkit/mozapps/extensions/test/Makefile.in

@@ -43,6 +43,7 @@ ADDONSRC = $(srcdir)/unit/addons
 TESTROOT = $(shell cd $(DEPTH) && pwd)/_tests/xpcshell-simple/$(MODULE)
 TESTPROFILE = $(TESTROOT)/profile
 TESTXPI = $(TESTROOT)/unit/addons
+relativesrcdir  = toolkit/mozapps/extensions/test
 
 include $(DEPTH)/config/autoconf.mk
 
@@ -52,8 +53,19 @@ XPCSHELL_TESTS = \
   unit \
   $(NULL)
 
+_CHROME_FILES = \
+  test_bug435743_1.xul \
+  test_bug435743_2.xul \
+  bug435743.rdf \
+  bug435743.xpi \
+  bug435743.sjs \
+  $(NULL)
+
 include $(topsrcdir)/config/rules.mk
 
+libs:: $(_CHROME_FILES)
+	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
+
 libs::
 	rm -rf $(TESTXPI)
 	mkdir -p $(TESTXPI)

toolkit/mozapps/extensions/test/bug435743.rdf

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<RDF:RDF xmlns:RDF="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+         xmlns:em="http://www.mozilla.org/2004/em-rdf#">
+</RDF:RDF>

toolkit/mozapps/extensions/test/bug435743.sjs

@@ -0,0 +1,4 @@
+function handleRequest(request, response) {
+  response.setStatusLine(request.httpVersion, 301, "Moved Permanently");
+  response.setHeader("Location", request.queryString, false);
+}

toolkit/mozapps/extensions/test/test_bug435743_1.xul

@@ -0,0 +1,375 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
+<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
+
+<!-- Tests that add-on updates correctly fail in the presence of invalid https -->
+
+<window title="Bug 435743 Test"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        onload="test();">
+<script type="application/javascript" 
+        src="chrome://mochikit/content/MochiKit/packed.js"/>
+<script type="application/javascript"
+        src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+<script type="application/javascript">
+<![CDATA[
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+
+const updaterdf = "chrome/toolkit/mozapps/extensions/test/bug435743.rdf";
+const redirect = "chrome/toolkit/mozapps/extensions/test/bug435743.sjs?";
+const PREFIX_NS_EM = "http://www.mozilla.org/2004/em-rdf#";
+const PREFIX_ITEM_URI = "urn:mozilla:item:";
+
+SimpleTest.waitForExplicitFinish();
+
+var gAddons;
+var gEMDS;
+var gRDF;
+
+// The test http server doesn't seem keen on responding to lots of simultaneous
+// connections in a timely fashion, so this does one update check at a time.
+function UpdateRunner(addons, checker) {
+  this.checker = checker;
+  this.results = [];
+  this.addons = addons;
+  this.pos = 0;
+  this.startNextUpdate();
+}
+
+UpdateRunner.prototype = {
+  checker: null,
+  results: null,
+  addons: null,
+  pos: null,
+
+  startNextUpdate: function() {
+    var em = Cc["@mozilla.org/extensions/manager;1"].
+             getService(Ci.nsIExtensionManager);
+    em.update([this.addons[this.pos]], 1,
+              Ci.nsIExtensionManager.UPDATE_NOTIFY_NEWVERSION, this);
+  },
+
+  onUpdateStarted: function() {
+  },
+
+  onUpdateEnded: function() {
+    try {
+      this.pos++;
+      if (this.pos < this.addons.length)
+        this.startNextUpdate();
+      else
+        this.checker(this.results);
+     }
+     catch (e) {
+       alert(e);
+     }
+  },
+
+  onAddonUpdateStarted: function(addon) {
+  },
+
+  onAddonUpdateEnded: function(addon, status) {
+    this.results[addon.id] = status;
+  }
+};
+
+function badCertListener(host, bits) {
+  this.host = host;
+  this.bits = bits;
+}
+
+badCertListener.prototype = {
+  host: null,
+  bits: null,
+
+  getInterface: function (aIID) {
+    return this.QueryInterface(aIID);
+  },
+
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Ci.nsIBadCertListener2) ||
+        aIID.equals(Ci.nsIInterfaceRequestor) ||
+        aIID.equals(Ci.nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  },
+
+  notifyCertProblem: function (socketInfo, sslStatus, targetHost) {
+    cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
+                    .serverCert;
+    var cos = Cc["@mozilla.org/security/certoverride;1"].
+              getService(Ci.nsICertOverrideService);
+    cos.rememberValidityOverride(this.host, -1, cert, this.bits, false);
+    return true;
+  }
+}
+
+// Add overrides for the bad certificates
+function addCertOverrides() {
+  var req = new XMLHttpRequest();
+  try {
+    req.open("GET", "https://nocert.example.com/" + updaterdf, false);
+    req.channel.notificationCallbacks = new badCertListener("nocert.example.com",
+                                                            Ci.nsICertOverrideService.ERROR_MISMATCH);
+    req.send(null);
+  }
+  catch (e) { }
+  try {
+    req = new XMLHttpRequest();
+    req.open("GET", "https://self-signed.example.com/" + updaterdf, false);
+    req.channel.notificationCallbacks = new badCertListener("self-signed.example.com",
+                                                            Ci.nsICertOverrideService.ERROR_UNTRUSTED);
+    req.send(null);
+  }
+  catch (e) { }
+  try {
+    req = new XMLHttpRequest();
+    req.open("GET", "https://untrusted.example.com/" + updaterdf, false);
+    req.channel.notificationCallbacks = new badCertListener("untrusted.example.com",
+                                                            Ci.nsICertOverrideService.ERROR_UNTRUSTED);
+    req.send(null);
+  }
+  catch (e) { }
+}
+
+function makeAddon(id, updateURL) {
+  var item = Cc["@mozilla.org/updates/item;1"].
+             createInstance(Ci.nsIUpdateItem);
+  item.init("bug435743_" + id + "@tests.mozilla.org", "1.0", "app-profile",
+            null, null, "Test add-on " + id, null, null, null, updateURL,
+            null, Ci.nsIUpdateItem.TYPE_EXTENSION, null);
+
+  // This is enough to convince the extension manager this item is actually
+  // installed and so the update check can proceed
+  gEMDS.Assert(gRDF.GetResource(PREFIX_ITEM_URI + item.id),
+               gRDF.GetResource(PREFIX_NS_EM + "installLocation"),
+               gRDF.GetLiteral("app-profile"), true);
+  return item;
+}
+
+function test() {
+  var em = Cc["@mozilla.org/extensions/manager;1"].
+           getService(Ci.nsIExtensionManager);
+  gEMDS = em.datasource;
+  gRDF = Cc["@mozilla.org/rdf/rdf-service;1"].
+         getService(Ci.nsIRDFService);
+
+  gAddons = [
+    // Tests that a simple update.rdf retrieval works as expected.
+    makeAddon("1_1", "http://example.com/" + updaterdf),
+    makeAddon("1_2", "https://example.com/" + updaterdf),
+    makeAddon("1_3", "https://nocert.example.com/" + updaterdf),
+    makeAddon("1_4", "https://self-signed.example.com/" + updaterdf),
+    makeAddon("1_5", "https://untrusted.example.com/" + updaterdf),
+
+    // Tests that redirecting from http to other servers works as expected
+    makeAddon("2_1", "http://example.com/" + redirect + "http://example.com/" + updaterdf),
+    makeAddon("2_2", "http://example.com/" + redirect + "https://example.com/" + updaterdf),
+    makeAddon("2_3", "http://example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
+    makeAddon("2_4", "http://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
+    makeAddon("2_5", "http://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
+
+    // Tests that redirecting from valid https to other servers works as expected
+    makeAddon("3_1", "https://example.com/" + redirect + "http://example.com/" + updaterdf),
+    makeAddon("3_2", "https://example.com/" + redirect + "https://example.com/" + updaterdf),
+    makeAddon("3_3", "https://example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
+    makeAddon("3_4", "https://example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
+    makeAddon("3_5", "https://example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
+
+    // Tests that redirecting from nocert https to other servers works as expected
+    makeAddon("4_1", "https://nocert.example.com/" + redirect + "http://example.com/" + updaterdf),
+    makeAddon("4_2", "https://nocert.example.com/" + redirect + "https://example.com/" + updaterdf),
+    makeAddon("4_3", "https://nocert.example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
+    makeAddon("4_4", "https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
+    makeAddon("4_5", "https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
+
+    // Tests that redirecting from self-signed https to other servers works as expected
+    makeAddon("5_1", "https://self-signed.example.com/" + redirect + "http://example.com/" + updaterdf),
+    makeAddon("5_2", "https://self-signed.example.com/" + redirect + "https://example.com/" + updaterdf),
+    makeAddon("5_3", "https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
+    makeAddon("5_4", "https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
+    makeAddon("5_5", "https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf),
+
+    // Tests that redirecting from untrusted https to other servers works as expected
+    makeAddon("6_1", "https://untrusted.example.com/" + redirect + "http://example.com/" + updaterdf),
+    makeAddon("6_2", "https://untrusted.example.com/" + redirect + "https://example.com/" + updaterdf),
+    makeAddon("6_3", "https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + updaterdf),
+    makeAddon("6_4", "https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + updaterdf),
+    makeAddon("6_5", "https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + updaterdf)
+  ];
+
+  new UpdateRunner(gAddons, check_pt_1);
+}
+
+function finish() {
+  // Remove the hacked entries from the datasource.
+  for (let i = 0; i < gAddons.length; i++) {
+    gEMDS.Unassert(gRDF.GetResource(PREFIX_ITEM_URI + gAddons[i].id),
+                   gRDF.GetResource(PREFIX_NS_EM + "installLocation"),
+                   gRDF.GetLiteral("app-profile"), true);
+  }
+
+  var cos = Cc["@mozilla.org/security/certoverride;1"].
+            getService(Ci.nsICertOverrideService);
+  cos.clearValidityOverride("nocert.example.com", -1);
+  cos.clearValidityOverride("self-signed.example.com", -1);
+  cos.clearValidityOverride("untrusted.example.com", -1);
+
+  SimpleTest.finish();
+}
+
+function check_pt_1(gResults) {
+  is(gResults["bug435743_1_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http update url");
+  is(gResults["bug435743_1_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https update url from a non built-in CA");
+  is(gResults["bug435743_1_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for nocert https update url");
+  is(gResults["bug435743_1_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for self-signed https update url");
+  is(gResults["bug435743_1_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for untrusted https update url");
+
+  is(gResults["bug435743_2_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http to http redirect");
+  is(gResults["bug435743_2_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http to https redirect for a non built-in CA");
+  is(gResults["bug435743_2_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a http to nocert https redirect");
+  is(gResults["bug435743_2_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a http to self-signed https redirect");
+  is(gResults["bug435743_2_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a http to untrusted https update url");
+
+  is(gResults["bug435743_3_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to http redirect");
+  is(gResults["bug435743_3_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to https redirect for a non build-in CA");
+  is(gResults["bug435743_3_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to nocert https redirect");
+  is(gResults["bug435743_3_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to self-signed https redirect");
+  is(gResults["bug435743_3_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to untrusted https redirect");
+
+  is(gResults["bug435743_4_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to http redirect");
+  is(gResults["bug435743_4_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to https redirect");
+  is(gResults["bug435743_4_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to nocert https redirect");
+  is(gResults["bug435743_4_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to self-signed https redirect");
+  is(gResults["bug435743_4_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to untrusted https redirect");
+
+  is(gResults["bug435743_5_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to http redirect");
+  is(gResults["bug435743_5_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to https redirect");
+  is(gResults["bug435743_5_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to nocert https redirect");
+  is(gResults["bug435743_5_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to self-signed https redirect");
+  is(gResults["bug435743_5_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to untrusted https redirect");
+
+  is(gResults["bug435743_6_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to http redirect");
+  is(gResults["bug435743_6_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to https redirect");
+  is(gResults["bug435743_6_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to nocert https redirect");
+  is(gResults["bug435743_6_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to self-signed https redirect");
+  is(gResults["bug435743_6_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to untrusted https redirect");
+
+  addCertOverrides()
+
+  new UpdateRunner(gAddons, check_pt_2);
+}
+
+function check_pt_2(gResults) {
+  is(gResults["bug435743_1_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http update url");
+  is(gResults["bug435743_1_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https update url from a non built-in CA");
+  is(gResults["bug435743_1_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for nocert https update url");
+  is(gResults["bug435743_1_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for self-signed https update url");
+  is(gResults["bug435743_1_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for untrusted https update url");
+
+  // Note that redirects from insecure http to broken https with exceptions is
+  // allowed. They were insecure to start with so things can't get any worse
+  is(gResults["bug435743_2_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http to http redirect");
+  is(gResults["bug435743_2_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http to https redirect for a non built-in CA");
+  is(gResults["bug435743_2_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http to nocert https redirect");
+  is(gResults["bug435743_2_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http to self-signed https redirect");
+  is(gResults["bug435743_2_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_NO_UPDATE,
+     "Should have seen no failure for a http to untrusted https update url");
+
+  is(gResults["bug435743_3_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to http redirect");
+  is(gResults["bug435743_3_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to https redirect for a non built-in CA");
+  is(gResults["bug435743_3_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to nocert https redirect");
+  is(gResults["bug435743_3_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to self-signed https redirect");
+  is(gResults["bug435743_3_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a https to untrusted https redirect");
+
+  is(gResults["bug435743_4_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to http redirect");
+  is(gResults["bug435743_4_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to https redirect");
+  is(gResults["bug435743_4_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to nocert https redirect");
+  is(gResults["bug435743_4_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to self-signed https redirect");
+  is(gResults["bug435743_4_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a nocert https to untrusted https redirect");
+
+  is(gResults["bug435743_5_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to http redirect");
+  is(gResults["bug435743_5_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to https redirect");
+  is(gResults["bug435743_5_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to nocert https redirect");
+  is(gResults["bug435743_5_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to self-signed https redirect");
+  is(gResults["bug435743_5_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a self-signed https to untrusted https redirect");
+
+  is(gResults["bug435743_6_1@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to http redirect");
+  is(gResults["bug435743_6_2@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to https redirect");
+  is(gResults["bug435743_6_3@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to nocert https redirect");
+  is(gResults["bug435743_6_4@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to self-signed https redirect");
+  is(gResults["bug435743_6_5@tests.mozilla.org"], Ci.nsIAddonUpdateCheckListener.STATUS_FAILURE,
+     "Should have seen a failure for a untrusted https to untrusted https redirect");
+
+  finish();
+}
+]]>
+</script>
+
+<body xmlns="http://www.w3.org/1999/xhtml">
+  <p id="display"></p>
+  <div id="content" style="display: none"></div>
+  <pre id="test"></pre>
+</body>
+</window>

toolkit/mozapps/extensions/test/test_bug435743_2.xul

@@ -0,0 +1,240 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
+<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>
+
+<!-- Tests that add-on installs correctly fail in the presence of invalid https -->
+
+<window title="Bug 435743 Test"
+        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+        onload="run_test_1();">
+<script type="application/javascript" 
+        src="chrome://mochikit/content/MochiKit/packed.js"/>
+<script type="application/javascript"
+        src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>
+
+<script type="application/javascript">
+<![CDATA[
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+
+const xpi = "chrome/toolkit/mozapps/extensions/test/bug435743.xpi";
+const redirect = "chrome/toolkit/mozapps/extensions/test/bug435743.sjs?";
+
+const SUCCESS = 0;
+const DOWNLOAD_ERROR = -228;
+
+SimpleTest.waitForExplicitFinish();
+
+function badCertListener(host, bits) {
+  this.host = host;
+  this.bits = bits;
+}
+
+badCertListener.prototype = {
+  host: null,
+  bits: null,
+
+  getInterface: function (aIID) {
+    return this.QueryInterface(aIID);
+  },
+
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Ci.nsIBadCertListener2) ||
+        aIID.equals(Ci.nsIInterfaceRequestor) ||
+        aIID.equals(Ci.nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  },
+
+  notifyCertProblem: function (socketInfo, sslStatus, targetHost) {
+    cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
+                    .serverCert;
+    var cos = Cc["@mozilla.org/security/certoverride;1"].
+              getService(Ci.nsICertOverrideService);
+    cos.rememberValidityOverride(this.host, -1, cert, this.bits, false);
+    return true;
+  }
+}
+
+// Add overrides for the bad certificates
+function addCertOverrides() {
+  var req = new XMLHttpRequest();
+  try {
+    req.open("GET", "https://nocert.example.com/" + xpi, false);
+    req.channel.notificationCallbacks = new badCertListener("nocert.example.com",
+                                                            Ci.nsICertOverrideService.ERROR_MISMATCH);
+    req.send(null);
+  }
+  catch (e) { }
+  try {
+    req = new XMLHttpRequest();
+    req.open("GET", "https://self-signed.example.com/" + xpi, false);
+    req.channel.notificationCallbacks = new badCertListener("self-signed.example.com",
+                                                            Ci.nsICertOverrideService.ERROR_UNTRUSTED);
+    req.send(null);
+  }
+  catch (e) { }
+  try {
+    req = new XMLHttpRequest();
+    req.open("GET", "https://untrusted.example.com/" + xpi, false);
+    req.channel.notificationCallbacks = new badCertListener("untrusted.example.com",
+                                                            Ci.nsICertOverrideService.ERROR_UNTRUSTED);
+    req.send(null);
+  }
+  catch (e) { }
+}
+
+function XPIInstaller(urls, nextTest) {
+  this.urls = urls;
+  this.pos = 0;
+  this.nextTest = nextTest;
+  this.installNextAddon();
+}
+
+XPIInstaller.prototype = {
+  urls: null,
+  pos: null,
+  nextTest: null,
+
+  installNextAddon: function() {
+    var manager = Cc["@mozilla.org/xpinstall/install-manager;1"].
+                  createInstance(Ci.nsIXPInstallManager);
+    manager.initManagerFromChrome([this.urls[this.pos].url], 1, this);
+  },
+
+  onProgress: function(index, value, maxValue) {
+  },
+
+  onStateChange: function(index, state, value) {
+    if (state == Ci.nsIXPIProgressDialog.INSTALL_DONE) {
+      is(value, this.urls[this.pos].expected, "Expected the right state for " + this.urls[this.pos].url);
+    }
+    else if (state == Ci.nsIXPIProgressDialog.DIALOG_CLOSE) {
+      var em = Cc["@mozilla.org/extensions/manager;1"].
+               getService(Ci.nsIExtensionManager);
+      em.cancelInstallItem("bug435743@tests.mozilla.org");
+      this.pos++;
+      if (this.pos < this.urls.length)
+        this.installNextAddon();
+      else
+        this.nextTest();
+    }
+  }
+};
+
+function run_test_1() {
+  var urls = [
+    // Tests that a simple xpi retrieval works as expected.
+    { url: "http://example.com/" + xpi, expected: SUCCESS },
+    { url: "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },                // Fails because non-built in CAs aren't allowed
+    { url: "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from http to other servers works as expected
+    { url: "http://example.com/" + redirect + "http://example.com/" + xpi, expected: SUCCESS },
+    { url: "http://example.com/" + redirect + "https://example.com/" + xpi, expected: SUCCESS },
+    { url: "http://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "http://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "http://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from valid https to other servers works as expected
+    { url: "https://example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },      // Fails because non-built in CAs aren't allowed
+    { url: "https://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from nocert https to other servers works as expected
+    { url: "https://nocert.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from self-signed https to other servers works as expected
+    { url: "https://self-signed.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from untrusted https to other servers works as expected
+    { url: "https://untrusted.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR }
+  ];
+  new XPIInstaller(urls, run_test_2);
+}
+
+function run_test_2() {
+  addCertOverrides();
+
+  var urls = [
+    // Tests that a simple xpi retrieval works as expected.
+    { url: "http://example.com/" + xpi, expected: SUCCESS },
+    { url: "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },                 // Fails because non-built in CAs aren't allowed
+    { url: "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from http to other servers works as expected
+    // These should all succeed, the url redirected to isn't any less secure than the original insecure http.
+    { url: "http://example.com/" + redirect + "http://example.com/" + xpi, expected: SUCCESS },
+    { url: "http://example.com/" + redirect + "https://example.com/" + xpi, expected: SUCCESS },
+    { url: "http://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: SUCCESS },
+    { url: "http://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: SUCCESS },
+    { url: "http://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: SUCCESS },
+
+    // Tests that redirecting from valid https to other servers works as expected
+    { url: "https://example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },      // Fails because non-built in CAs aren't allowed
+    { url: "https://example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from nocert https to other servers works as expected
+    { url: "https://nocert.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://nocert.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from self-signed https to other servers works as expected
+    { url: "https://self-signed.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://self-signed.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+
+    // Tests that redirecting from untrusted https to other servers works as expected
+    { url: "https://untrusted.example.com/" + redirect + "http://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://nocert.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://self-signed.example.com/" + xpi, expected: DOWNLOAD_ERROR },
+    { url: "https://untrusted.example.com/" + redirect + "https://untrusted.example.com/" + xpi, expected: DOWNLOAD_ERROR }
+  ];
+  new XPIInstaller(urls, finish);
+}
+
+function finish() {
+  var cos = Cc["@mozilla.org/security/certoverride;1"].
+            getService(Ci.nsICertOverrideService);
+  cos.clearValidityOverride("nocert.example.com", -1);
+  cos.clearValidityOverride("self-signed.example.com", -1);
+  cos.clearValidityOverride("untrusted.example.com", -1);
+
+  SimpleTest.finish();
+}
+]]>
+</script>
+
+<body xmlns="http://www.w3.org/1999/xhtml">
+  <p id="display"></p>
+  <div id="content" style="display: none"></div>
+  <pre id="test"></pre>
+</body>
+</window>

xpinstall/Makefile.in

@@ -50,4 +50,8 @@ include $(DEPTH)/config/autoconf.mk
 MODULE		= xpinstall
 DIRS		= public src
 
+ifdef ENABLE_TESTS
+DIRS += tests
+endif
+
 include $(topsrcdir)/config/rules.mk

xpinstall/tests/Makefile.in

@@ -0,0 +1,99 @@
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+# Mozilla Foundation.
+# Portions created by the Initial Developer are Copyright (C) 2008
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either of the GNU General Public License Version 2 or later (the "GPL"),
+# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+DEPTH		= ../..
+topsrcdir	= @top_srcdir@
+srcdir		= @srcdir@
+VPATH		= @srcdir@
+relativesrcdir  = xpinstall/tests
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+_BROWSER_FILES = harness.js \
+                 browser_unsigned_url.js \
+                 browser_unsigned_trigger.js \
+                 browser_whitelist.js \
+                 browser_whitelist2.js \
+                 browser_whitelist3.js \
+                 browser_whitelist4.js \
+                 browser_whitelist5.js \
+                 browser_whitelist6.js \
+                 browser_hash.js \
+                 browser_badhash.js \
+                 browser_badhashtype.js \
+                 browser_signed_url.js \
+                 browser_signed_trigger.js \
+                 browser_signed_untrusted.js \
+                 browser_signed_tampered.js \
+                 browser_signed_multiple.js \
+                 browser_empty.js \
+                 browser_corrupt.js \
+                 browser_cookies.js \
+                 browser_cookies2.js \
+                 browser_cookies3.js \
+                 browser_cookies4.js \
+                 browser_enabled.js \
+                 browser_enabled2.js \
+                 browser_enabled3.js \
+                 browser_softwareupdate.js \
+                 browser_installchrome.js \
+                 browser_opendialog.js \
+                 browser_localfile.js \
+                 browser_localfile2.js \
+                 browser_auth.js \
+                 browser_auth2.js \
+                 browser_auth3.js \
+                 browser_offline.js \
+                 browser_chrome.js \
+                 browser_cancel.js \
+                 unsigned.xpi \
+                 signed.xpi \
+                 signed2.xpi \
+                 signed-untrusted.xpi \
+                 signed-tampered.xpi \
+                 empty.xpi \
+                 corrupt.xpi \
+                 enabled.html \
+                 installtrigger.html \
+                 startsoftwareupdate.html \
+                 installchrome.html \
+                 authRedirect.sjs \
+                 cookieRedirect.sjs \
+                 $(NULL)
+
+libs::	$(_BROWSER_FILES)
+	$(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/browser/$(relativesrcdir)

xpinstall/tests/authRedirect.sjs

@@ -0,0 +1,21 @@
+// Simple script redirects to the query part of the uri if the browser
+// authenticates with username "testuser" password "testpass"
+
+function handleRequest(request, response) {
+  if (request.hasHeader("Authorization")) {
+    if (request.getHeader("Authorization") == "Basic dGVzdHVzZXI6dGVzdHBhc3M=") {
+      response.setStatusLine(request.httpVersion, 302, "Found");
+      response.setHeader("Location", request.queryString);
+      response.write("See " + request.queryString);
+    }
+    else {
+      response.setStatusLine(request.httpVersion, 403, "Forbidden");
+      response.write("Invalid credentials");
+    }
+  }
+  else {
+    response.setStatusLine(request.httpVersion, 401, "Authentication required");
+    response.setHeader("WWW-Authenticate", "basic realm=\"XPInstall\"", false);
+    response.write("Unauthenticed request");
+  }
+}

xpinstall/tests/browser_auth.js

@@ -0,0 +1,50 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install succeeds when authentication is required
+// This verifies bug 312473
+function test() {
+  Harness.authenticationCallback = get_auth_info;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "authRedirect.sjs?" + TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function get_auth_info() {
+  return [ "testuser", "testpass" ];
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var authMgr = Components.classes['@mozilla.org/network/http-auth-manager;1']
+                          .getService(Components.interfaces.nsIHttpAuthManager);
+  authMgr.clearAll();
+
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_auth2.js

@@ -0,0 +1,47 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install fails when authentication is required and bad
+// credentials are given
+// This verifies bug 312473
+function test() {
+  Harness.authenticationCallback = get_auth_info;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "authRedirect.sjs?" + TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function get_auth_info() {
+  return [ "baduser", "badpass" ];
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -228, "Install should fail");
+}
+
+function finish_test() {
+  var authMgr = Components.classes['@mozilla.org/network/http-auth-manager;1']
+                          .getService(Components.interfaces.nsIHttpAuthManager);
+  authMgr.clearAll();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_auth3.js

@@ -0,0 +1,47 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install fails when authentication is required and it is
+// canceled
+// This verifies bug 312473
+function test() {
+  Harness.authenticationCallback = get_auth_info;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "authRedirect.sjs?" + TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function get_auth_info() {
+  return null;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -228, "Install should fail");
+}
+
+function finish_test() {
+  var authMgr = Components.classes['@mozilla.org/network/http-auth-manager;1']
+                          .getService(Components.interfaces.nsIHttpAuthManager);
+  authMgr.clearAll();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_badhash.js

@@ -0,0 +1,41 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install fails when an invalid hash is included
+// This verifies bug 302284
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": {
+      URL: TESTROOT + "unsigned.xpi",
+      Hash: "sha1:643b08418599ddbd1ea8a511c90696578fb844b9",
+      toString: function() { return this.URL; }
+    }
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -261, "Install should fail");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_badhashtype.js

@@ -0,0 +1,41 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install fails when an unknown hash type is included
+// This verifies bug 302284
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": {
+      URL: TESTROOT + "unsigned.xpi",
+      Hash: "foo:3d0dc22e1f394e159b08aaf5f0f97de4d5c65f4f",
+      toString: function() { return this.URL; }
+    }
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -261, "Install should fail");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_cancel.js

@@ -0,0 +1,45 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests that cancelling an in progress download works.
+var gManager = null;
+
+function test() {
+  waitForExplicitFinish();
+  gManager = Components.classes["@mozilla.org/xpinstall/install-manager;1"]
+                       .createInstance(Components.interfaces.nsIXPInstallManager);
+  gManager.initManagerFromChrome([ TESTROOT + "unsigned.xpi" ],
+                                 1, listener);
+}
+
+function finish_test() {
+  finish();
+}
+
+var listener = {
+  onStateChange: function(index, state, value) {
+    is(index, 0, "There is only one download");
+    if (state == Components.interfaces.nsIXPIProgressDialog.INSTALL_DONE)
+      is(value, -210, "Install should have been cancelled");
+    else if (state == Components.interfaces.nsIXPIProgressDialog.DIALOG_CLOSE)
+      finish_test();
+  },
+
+  onProgress: function(index, value, maxValue) {
+    is(index, 0, "There is only one download");
+    gManager.QueryInterface(Components.interfaces.nsIObserver);
+    gManager.observe(null, "xpinstall-progress", "cancel");
+  },
+
+  QueryInterface: function(iid) {
+    if (iid.equals(Components.interfaces.nsIXPIProgressDialog) ||
+        iid.equals(Components.interfaces.nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  }
+};
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_chrome.js

@@ -0,0 +1,45 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests that starting a download from chrome works and bypasses the whitelist
+function test() {
+  waitForExplicitFinish();
+  var xpimgr = Components.classes["@mozilla.org/xpinstall/install-manager;1"]
+                         .createInstance(Components.interfaces.nsIXPInstallManager);
+  xpimgr.initManagerFromChrome([ TESTROOT + "unsigned.xpi" ],
+                               1, listener);
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  finish();
+}
+
+var listener = {
+  onStateChange: function(index, state, value) {
+    is(index, 0, "There is only one download");
+    if (state == Components.interfaces.nsIXPIProgressDialog.INSTALL_DONE)
+      is(value, 0, "Install should have succeeded");
+    else if (state == Components.interfaces.nsIXPIProgressDialog.DIALOG_CLOSE)
+      finish_test();
+  },
+
+  onProgress: function(index, value, maxValue) {
+    is(index, 0, "There is only one download");
+  },
+
+  QueryInterface: function(iid) {
+    if (iid.equals(Components.interfaces.nsIXPIProgressDialog) ||
+        iid.equals(Components.interfaces.nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  }
+};
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_cookies.js

@@ -0,0 +1,38 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test that an install that requires cookies to be sent fails when no cookies
+// are set
+// This verifies bug 462739
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Cookie check": TESTROOT + "cookieRedirect.sjs?" + TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -228, "Install should fail");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_cookies2.js

@@ -0,0 +1,51 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test that an install that requires cookies to be sent succeeds when cookies
+// are set
+// This verifies bug 462739
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var cm = Components.classes["@mozilla.org/cookiemanager;1"]
+                     .getService(Components.interfaces.nsICookieManager2);
+  cm.add("example.com", "/browser/xpinstall/tests", "xpinstall", "true", false,
+         false, true, (Date.now() / 1000) + 60);
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Cookie check": TESTROOT + "cookieRedirect.sjs?" + TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var cm = Components.classes["@mozilla.org/cookiemanager;1"]
+                     .getService(Components.interfaces.nsICookieManager2);
+  cm.remove("example.com", "xpinstall", "/browser/xpinstall/tests", false);
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_cookies3.js

@@ -0,0 +1,59 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test that an install that requires cookies to be sent succeeds when cookies
+// are set and third party cookies are disabled.
+// This verifies bug 462739
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var cm = Components.classes["@mozilla.org/cookiemanager;1"]
+                     .getService(Components.interfaces.nsICookieManager2);
+  cm.add("example.com", "/browser/xpinstall/tests", "xpinstall", "true", false,
+         false, true, (Date.now() / 1000) + 60);
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.setIntPref("network.cookie.cookieBehavior", 1);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Cookie check": TESTROOT + "cookieRedirect.sjs?" + TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var cm = Components.classes["@mozilla.org/cookiemanager;1"]
+                     .getService(Components.interfaces.nsICookieManager2);
+  cm.remove("example.com", "xpinstall", "/browser/xpinstall/tests", false);
+
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.clearUserPref("network.cookie.cookieBehavior");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_cookies4.js

@@ -0,0 +1,56 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test that an install that requires cookies to be sent fails when cookies
+// are set and third party cookies are disabled and the request is to a third
+// party.
+// This verifies bug 462739
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var cm = Components.classes["@mozilla.org/cookiemanager;1"]
+                     .getService(Components.interfaces.nsICookieManager2);
+  cm.add("example.com", "/browser/xpinstall/tests", "xpinstall", "true", false,
+         false, true, (Date.now() / 1000) + 60);
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.setIntPref("network.cookie.cookieBehavior", 1);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Cookie check": TESTROOT2 + "cookieRedirect.sjs?" + TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -228, "Install should fail");
+}
+
+function finish_test() {
+  var cm = Components.classes["@mozilla.org/cookiemanager;1"]
+                     .getService(Components.interfaces.nsICookieManager2);
+  cm.remove("example.com", "xpinstall", "/browser/xpinstall/tests", false);
+
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.clearUserPref("network.cookie.cookieBehavior");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_corrupt.js

@@ -0,0 +1,39 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install fails when the xpi is corrupt.
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Corrupt XPI": TESTROOT + "corrupt.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -207, "Install should fail");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  var doc = gBrowser.contentDocument;
+  is(doc.getElementById("status").textContent, "-207", "Callback should have seen the failure");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_empty.js

@@ -0,0 +1,36 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install fails when there is no install script present.
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Empty XPI": TESTROOT + "empty.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -204, "Install should fail");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_enabled.js

@@ -0,0 +1,25 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an InstallTrigger.enabled is working
+function test() {
+  waitForExplicitFinish();
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.selectedBrowser.addEventListener("load", function() {
+    // Allow the in-page load handler to run first
+    executeSoon(page_loaded);
+  }, true);
+  gBrowser.loadURI(TESTROOT + "enabled.html");
+}
+
+function page_loaded() {
+  gBrowser.selectedBrowser.removeEventListener("load", arguments.callee, false);
+  var doc = gBrowser.contentDocument;
+  is(doc.getElementById("enabled").textContent, "true", "installTrigger should have been enabled");
+  gBrowser.removeCurrentTab();
+  finish();
+}

xpinstall/tests/browser_enabled2.js

@@ -0,0 +1,33 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an InstallTrigger.enabled is working
+function test() {
+  waitForExplicitFinish();
+
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.setBoolPref("xpinstall.enabled", false);
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.selectedBrowser.addEventListener("load", function() {
+    // Allow the in-page load handler to run first
+    executeSoon(page_loaded);
+  }, true);
+  gBrowser.loadURI(TESTROOT + "enabled.html");
+}
+
+function page_loaded() {
+  gBrowser.selectedBrowser.removeEventListener("load", arguments.callee, false);
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.clearUserPref("xpinstall.enabled");
+
+  var doc = gBrowser.contentDocument;
+  is(doc.getElementById("enabled").textContent, "false", "installTrigger should have not been enabled");
+  gBrowser.removeCurrentTab();
+  finish();
+}

xpinstall/tests/browser_enabled3.js

@@ -0,0 +1,37 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an InstallTrigger.install call fails when xpinstall is disabled
+function test() {
+  waitForExplicitFinish();
+
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.setBoolPref("xpinstall.enabled", false);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.selectedBrowser.addEventListener("load", function() {
+    // Allow the in-page load handler to run first
+    executeSoon(page_loaded);
+  }, true);
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function page_loaded() {
+  gBrowser.selectedBrowser.removeEventListener("load", arguments.callee, false);
+  var prefs = Components.classes["@mozilla.org/preferences;1"]
+                        .getService(Components.interfaces.nsIPrefBranch);
+  prefs.clearUserPref("xpinstall.enabled");
+
+  var doc = gBrowser.contentDocument;
+  is(doc.getElementById("return").textContent, "false", "installTrigger should have not been enabled");
+  gBrowser.removeCurrentTab();
+  finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_hash.js

@@ -0,0 +1,45 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install succeeds when a valid hash is included
+// This verifies bug 302284
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": {
+      URL: TESTROOT + "unsigned.xpi",
+      Hash: "sha1:3d0dc22e1f394e159b08aaf5f0f97de4d5c65f4f",
+      toString: function() { return this.URL; }
+    }
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_installchrome.js

@@ -0,0 +1,37 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests that calling InstallTrigger.installChrome works
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installchrome.html? " + encodeURIComponent(TESTROOT + "unsigned.xpi"));
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_localfile.js

@@ -0,0 +1,33 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an local file works when loading the url
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var cr = Components.classes["@mozilla.org/chrome/chrome-registry;1"]
+                     .getService(Components.interfaces.nsIChromeRegistry);
+  var path = cr.convertChromeURL(makeURI(CHROMEROOT + "unsigned.xpi")).spec;
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(path);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_localfile2.js

@@ -0,0 +1,35 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install fails if the url is a local file when requested from
+// web content
+function test() {
+  waitForExplicitFinish();
+
+  var cr = Components.classes["@mozilla.org/chrome/chrome-registry;1"]
+                     .getService(Components.interfaces.nsIChromeRegistry);
+  var path = cr.convertChromeURL(makeURI(CHROMEROOT + "unsigned.xpi")).spec;
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": path
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.selectedBrowser.addEventListener("load", function() {
+    // Allow the in-page load handler to run first
+    executeSoon(page_loaded);
+  }, true);
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function page_loaded() {
+  gBrowser.selectedBrowser.removeEventListener("load", arguments.callee, false);
+
+  var doc = gBrowser.contentDocument;
+  is(doc.getElementById("return").textContent, "exception", "installTrigger should have failed");
+  gBrowser.removeCurrentTab();
+  finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_navigateaway.js

@@ -0,0 +1,47 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests that navigating away from the initiating page during the install
+// doesn't break the install.
+// This verifies bug 473060
+function test() {
+  Harness.downloadProgressCallback = download_progress;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function download_progress(addon, value, maxValue) {
+  gBrowser.loadURI("about:blank");
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_navigateaway2.js

@@ -0,0 +1,46 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests that closing the initiating page during the install doesn't break the
+// install.
+// This verifies bugs 473060 and 475347
+function test() {
+  Harness.downloadProgressCallback = download_progress;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function download_progress(addon, value, maxValue) {
+  gBrowser.removeCurrentTab();
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_offline.js

@@ -0,0 +1,43 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests that going offline cancels an in progress download.
+function test() {
+  Harness.downloadProgressCallback = download_progress;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function download_progress(addon, value, maxValue) {
+  BrowserOffline.toggleOfflineStatus();
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -210, "Install should be cancelled");
+}
+
+function finish_test() {
+  BrowserOffline.toggleOfflineStatus();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_opendialog.js

@@ -0,0 +1,42 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Test whether an install succeeds when the progress dialog is already open.
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  BrowserOpenAddonsMgr();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_signed_multiple.js

@@ -0,0 +1,58 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing two signed add-ons in the same trigger works.
+// This verifies bug 453545
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Signed XPI": TESTROOT + "signed.xpi",
+    "Signed XPI 2": TESTROOT + "signed2.xpi",
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 2, "Should be 2 items listed in the confirmation dialog");
+  is(items[0].name, "Signed XPI", "Should have seen the name from the trigger list");
+  is(items[0].url, TESTROOT + "signed.xpi", "Should have listed the correct url for the item");
+  is(items[0].cert, "(Mozilla Testing)", "Should have seen the signer");
+  is(items[0].signed, "true", "Should have listed the item as signed");
+  is(items[1].name, "Signed XPI 2", "Should have seen the name from the trigger list");
+  is(items[1].url, TESTROOT + "signed2.xpi", "Should have listed the correct url for the item");
+  is(items[1].cert, "(Mozilla Testing)", "Should have seen the signer");
+  is(items[1].signed, "true", "Should have listed the item as signed");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Installs should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("signed-xpi@tests.mozilla.org");
+  em.cancelInstallItem("signed-xpi2@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_signed_tampered.js

@@ -0,0 +1,47 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing a signed add-on that has been tampered with after signing.
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Tampered Signed XPI": TESTROOT + "signed-tampered.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+  is(items[0].name, "Tampered Signed XPI", "Should have seen the name from the trigger list");
+  is(items[0].url, TESTROOT + "signed-tampered.xpi", "Should have listed the correct url for the item");
+  is(items[0].cert, "(Mozilla Testing)", "Should have seen the signer");
+  is(items[0].signed, "true", "Should have listed the item as signed");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -260, "Install should fail");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_signed_trigger.js

@@ -0,0 +1,52 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an signed add-on through an InstallTrigger call in web
+// content.
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Signed XPI": TESTROOT + "signed.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+  is(items[0].name, "Signed XPI", "Should have seen the name from the trigger list");
+  is(items[0].url, TESTROOT + "signed.xpi", "Should have listed the correct url for the item");
+  is(items[0].cert, "(Mozilla Testing)", "Should have seen the signer");
+  is(items[0].signed, "true", "Should have listed the item as signed");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("signed-xpi@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_signed_untrusted.js

@@ -0,0 +1,48 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an add-on signed by an untrusted certificate through an
+// InstallTrigger call in web content.
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Untrusted Signed XPI": TESTROOT + "signed-untrusted.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+  is(items[0].name, "Untrusted Signed XPI", "Should have seen the name from the trigger list");
+  is(items[0].url, TESTROOT + "signed-untrusted.xpi", "Should have listed the correct url for the item");
+  is(items[0].cert, "(Unknown Organisation)", "Should have seen the supposed signer");
+  is(items[0].signed, "true", "Should have listed the item as signed");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, -260, "Install should fail");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_signed_url.js

@@ -0,0 +1,40 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an signed add-on by navigating directly to the url
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "signed.xpi");
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+  is(items[0].name, "signed.xpi", "Should have had the filename for the item name");
+  is(items[0].url, TESTROOT + "signed.xpi", "Should have listed the correct url for the item");
+  is(items[0].cert, "(Mozilla Testing)", "Should have seen the signer");
+  is(items[0].signed, "true", "Should have listed the item as signed");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("signed-xpi@tests.mozilla.org");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_softwareupdate.js

@@ -0,0 +1,37 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests that calling InstallTrigger.startSoftwareUpdate works
+function test() {
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "startsoftwareupdate.html? " + encodeURIComponent(TESTROOT + "unsigned.xpi"));
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_unsigned_trigger.js

@@ -0,0 +1,60 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through an InstallTrigger call in web
+// content.
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": {
+      URL: TESTROOT + "unsigned.xpi",
+      IconURL: TESTROOT + "icon.png",
+      toString: function() { return this.URL; }
+    }
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+  is(items[0].name, "Unsigned XPI", "Should have seen the name from the trigger list");
+  is(items[0].url, TESTROOT + "unsigned.xpi", "Should have listed the correct url for the item");
+  is(items[0].icon, TESTROOT + "icon.png", "Should have listed the correct icon for the item");
+  is(items[0].signed, "false", "Should have listed the item as unsigned");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  var doc = gBrowser.contentDocument;
+  is(doc.getElementById("return").textContent, "true", "installTrigger should have claimed success");
+  is(doc.getElementById("status").textContent, "0", "Callback should have seen a success");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_unsigned_url.js

@@ -0,0 +1,40 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on by navigating directly to the url
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "unsigned.xpi");
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+  is(items[0].name, "unsigned.xpi", "Should have had the filename for the item name");
+  is(items[0].url, TESTROOT + "unsigned.xpi", "Should have listed the correct url for the item");
+  is(items[0].icon, "", "Should have listed no icon for the item");
+  is(items[0].signed, "false", "Should have listed the item as unsigned");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_whitelist.js

@@ -0,0 +1,49 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through an InstallTrigger call in web
+// content. This should be blocked by the whitelist check.
+// This verifies bug 252830
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installBlockedCallback = allow_blocked;
+  Harness.installEndedCallback = check_xpi_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function allow_blocked() {
+  return true;
+}
+
+function confirm_install(window) {
+  items = window.document.getElementById("itemList").childNodes;
+  is(items.length, 1, "Should only be 1 item listed in the confirmation dialog");
+  is(items[0].name, "Unsigned XPI", "Should have seen the name from the trigger list");
+  is(items[0].url, TESTROOT + "unsigned.xpi", "Should have listed the correct url for the item");
+  is(items[0].signed, "false", "Should have listed the item as unsigned");
+  return true;
+}
+
+function check_xpi_install(addon, status) {
+  is(status, 0, "Install should succeed");
+}
+
+function finish_test() {
+  var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                     .getService(Components.interfaces.nsIExtensionManager);
+  em.cancelInstallItem("unsigned-xpi@tests.mozilla.org");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_whitelist2.js

@@ -0,0 +1,38 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through an InstallTrigger call in web
+// content. This should be blocked by the whitelist check because the source
+// is not whitelisted, even though the target is.
+function test() {
+  Harness.installBlockedCallback = allow_blocked;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.org/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT2 + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installtrigger.html?" + triggers);
+}
+
+function allow_blocked() {
+  return false;
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.org", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_whitelist3.js

@@ -0,0 +1,37 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through a navigation. Should not be
+// blocked since the referer is whitelisted.
+function test() {
+  Harness.installConfirmCallback = confirm_install;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.org/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT2 + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "unsigned.xpi", makeURI(TESTROOT2 + "test.html"));
+}
+
+function confirm_install(window) {
+  return false;
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.org", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_whitelist4.js

@@ -0,0 +1,37 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through a navigation. Should be
+// blocked since the referer is not whitelisted even though the target is.
+function test() {
+  Harness.installBlockedCallback = allow_blocked;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
+
+  var triggers = encodeURIComponent(JSON.stringify({
+    "Unsigned XPI": TESTROOT2 + "unsigned.xpi"
+  }));
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "unsigned.xpi", makeURI(TESTROOT2 + "test.html"));
+}
+
+function allow_blocked() {
+  return false;
+}
+
+function finish_test() {
+  var pm = Components.classes["@mozilla.org/permissionmanager;1"]
+                     .getService(Components.interfaces.nsIPermissionManager);
+  pm.remove("example.com", "install");
+
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_whitelist5.js

@@ -0,0 +1,27 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through a startSoftwareUpdate call in web
+// content. This should be blocked by the whitelist check.
+// This verifies bug 252830
+function test() {
+  Harness.installBlockedCallback = allow_blocked;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "startsoftwareupdate.html? " + encodeURIComponent(TESTROOT + "unsigned.xpi"));
+}
+
+function allow_blocked() {
+  return false;
+}
+
+function finish_test() {
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/browser_whitelist6.js

@@ -0,0 +1,27 @@
+// Load in the test harness
+var scriptLoader = Components.classes["@mozilla.org/moz/jssubscript-loader;1"]
+                             .getService(Components.interfaces.mozIJSSubScriptLoader);
+scriptLoader.loadSubScript("chrome://mochikit/content/browser/xpinstall/tests/harness.js", this);
+
+// ----------------------------------------------------------------------------
+// Tests installing an unsigned add-on through an installChrome call in web
+// content. This should be blocked by the whitelist check.
+// This verifies bug 252830
+function test() {
+  Harness.installBlockedCallback = allow_blocked;
+  Harness.installsCompletedCallback = finish_test;
+  Harness.setup();
+
+  gBrowser.selectedTab = gBrowser.addTab();
+  gBrowser.loadURI(TESTROOT + "installchrome.html? " + encodeURIComponent(TESTROOT + "unsigned.xpi"));
+}
+
+function allow_blocked() {
+  return false;
+}
+
+function finish_test() {
+  gBrowser.removeCurrentTab();
+  Harness.finish();
+}
+// ----------------------------------------------------------------------------

xpinstall/tests/cookieRedirect.sjs

@@ -0,0 +1,24 @@
+// Simple script redirects to the query part of the uri if the cookie "xpinstall"
+// has the value "true", otherwise gives a 500 error.
+
+function handleRequest(request, response)
+{
+  let cookie = null;
+  if (request.hasHeader("Cookie")) {
+    let cookies = request.getHeader("Cookie").split(";");
+    for (let i = 0; i < cookies.length; i++) {
+      if (cookies[i].substring(0, 10) == "xpinstall=")
+        cookie = cookies[i].substring(10);
+    }
+  }
+
+  if (cookie == "true") {
+    response.setStatusLine(request.httpVersion, 302, "Found");
+    response.setHeader("Location", request.queryString);
+    response.write("See " + request.queryString);
+  }
+  else {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    response.write("Invalid request");
+  }
+}

xpinstall/tests/corrupt.xpi

@@ -0,0 +1 @@
+This is a corrupt zip file

xpinstall/tests/enabled.html

@@ -0,0 +1,20 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html>
+
+<!-- This page will test if InstallTrigger seems to be enabled -->
+
+<head>
+<title>InstallTrigger tests</title>
+<script type="text/javascript">
+function init() {
+  document.getElementById("enabled").textContent = InstallTrigger.enabled() ? "true" : "false";
+}
+</script>
+</head>
+<body onload="init()">
+<p>InstallTrigger tests</p>
+<p id="enabled"></p>
+</body>
+</html>

xpinstall/tests/harness.js

@@ -0,0 +1,257 @@
+const TESTROOT = "http://example.com/browser/xpinstall/tests/";
+const TESTROOT2 = "http://example.org/browser/xpinstall/tests/";
+const CHROMEROOT = "chrome://mochikit/content/browser/xpinstall/tests/"
+const XPINSTALL_URL = "chrome://mozapps/content/xpinstall/xpinstallConfirm.xul";
+const PROMPT_URL = "chrome://global/content/commonDialog.xul";
+const ADDONS_URL = "chrome://mozapps/content/extensions/extensions.xul";
+
+/**
+ * This is a test harness designed to handle responding to UI during the process
+ * of installing an XPI. A test can set callbacks to hear about specific parts
+ * of the sequence.
+ * Before use setup must be called and finish must be called afterwards.
+ */
+var Harness = {
+  // If set then the install is expected to be blocked by the whitelist. The
+  // callback should return true to continue with the install anyway.
+  installBlockedCallback: null,
+  // If set will be called in the event of authentication being needed to get
+  // the xpi. Should return a 2 element array of username and password, or
+  // null to not authenticate.
+  authenticationCallback: null,
+  // If set this will be called to allow checking the contents of the xpinstall
+  // confirmation dialog. The callback should return true to continue the install.
+  installConfirmCallback: null,
+  // If set will be called when downloading of an item has begun.
+  downloadStartedCallback: null,
+  // If set will be called during the download of an item.
+  downloadProgressCallback: null,
+  // If set will be called when downloading of an item has ended.
+  downloadEndedCallback: null,
+  // If set will be called when installation by the extension manager of an xpi
+  // item starts
+  installStartedCallback: null,
+  // If set will be called when each xpi item to be installed completes
+  // installation.
+  installEndedCallback: null,
+  // If set will be called when all triggered items are installed or the install
+  // is canceled.
+  installsCompletedCallback: null,
+
+  listenerIndex: null,
+
+  // Setup and tear down functions
+  setup: function() {
+    waitForExplicitFinish();
+
+    var os = Components.classes["@mozilla.org/observer-service;1"]
+                       .getService(Components.interfaces.nsIObserverService);
+    os.addObserver(this, "xpinstall-install-blocked", false);
+
+    var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+                       .getService(Components.interfaces.nsIWindowMediator);
+    wm.addListener(this);
+
+    var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                       .getService(Components.interfaces.nsIExtensionManager);
+    this.listenerIndex = em.addInstallListener(this);
+  },
+
+  finish: function() {
+    var os = Components.classes["@mozilla.org/observer-service;1"]
+                       .getService(Components.interfaces.nsIObserverService);
+    os.removeObserver(this, "xpinstall-install-blocked");
+
+    var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"]
+                       .getService(Components.interfaces.nsIWindowMediator);
+    wm.removeListener(this);
+    var win = wm.getMostRecentWindow("Extension:Manager");
+    if (win)
+      win.close();
+
+    var em = Components.classes["@mozilla.org/extensions/manager;1"]
+                       .getService(Components.interfaces.nsIExtensionManager);
+    em.removeInstallListenerAt(this.listenerIndex);
+    finish();
+  },
+
+  endTest: function() {
+    // Defer the final notification to allow things like the InstallTrigger
+    // callback to complete
+    executeSoon(this.installsCompletedCallback);
+
+    this.installBlockedCallback = null;
+    this.authenticationCallback = null;
+    this.installConfirmCallback = null;
+    this.downloadStartedCallback = null;
+    this.downloadProgressCallback = null;
+    this.downloadEndedCallback = null;
+    this.installStartedCallback = null;
+    this.installEndedCallback = null;
+    this.installsCompletedCallback = null;
+  },
+
+  // Window open handling
+  windowLoad: function(window) {
+    // Allow any other load handlers to execute
+    var self = this;
+    executeSoon(function() { self.windowReady(window); } );
+  },
+
+  windowReady: function(window) {
+    if (window.document.location.href == XPINSTALL_URL) {
+      if (this.installBlockedCallback)
+        ok(false, "Should have been blocked by the whitelist");
+
+      // If there is a confirm callback then its return status determines whether
+      // to install the items or not. If not the test is over.
+      if (this.installConfirmCallback && !this.installConfirmCallback(window)) {
+        window.document.documentElement.cancelDialog();
+        this.endTest();
+      }
+      else {
+        // Initially the accept button is disabled on a countdown timer
+        var button = window.document.documentElement.getButton("accept");
+        button.disabled = false;
+        window.document.documentElement.acceptDialog();
+      }
+    }
+    else if (window.document.location.href == PROMPT_URL) {
+      switch (window.gCommonDialogParam.GetInt(3)) {
+        case 0: if (window.opener.document.location.href == ADDONS_URL) {
+                  // A prompt opened by the add-ons manager is liable to be an
+                  // xpinstall error, just close it, we'll see the error in
+                  // onInstallEnded anyway.
+                  window.document.documentElement.acceptDialog();
+                }
+                break;
+        case 2: if (window.gCommonDialogParam.GetInt(4) != 1) {
+                  // This is a login dialog, hopefully an authentication prompt
+                  // for the xpi.
+                  if (this.authenticationCallback) {
+                    var auth = this.authenticationCallback();
+                    if (auth && auth.length == 2) {
+                      window.document.getElementById("loginTextbox").value = auth[0];
+                      window.document.getElementById("password1Textbox").value = auth[1];
+                      window.document.documentElement.acceptDialog();
+                    }
+                    else {
+                      window.document.documentElement.cancelDialog();
+                    }
+                  }
+                  else {
+                    window.document.documentElement.cancelDialog();
+                  }
+                }
+                break;
+      }
+    }
+  },
+
+  // Install blocked handling
+
+  installBlocked: function() {
+    // The browser should have a notification box animating now
+    var notificationBox = gBrowser.getNotificationBox(gBrowser.selectedBrowser);
+    var self = this;
+    this.waitForNotification(notificationBox, function() { self.notificationComplete() });
+  },
+
+  // This delays until a notification has finished animating it. It's a bit of a
+  // hack due to the timeout use but should be safe.
+  waitForNotification: function(notificationBox, callback) {
+    if (!notificationBox._timer) {
+      callback();
+      return;
+    }
+  
+    setTimeout(arguments.callee, 50, notificationBox, callback);
+  },
+
+  notificationComplete: function() {
+    ok(!!this.installBlockedCallback, "Shouldn't have been blocked by the whitelist");
+    var notification = gBrowser.getNotificationBox(gBrowser.selectedBrowser)
+                               .getNotificationWithValue("xpinstall");
+    if (this.installBlockedCallback && this.installBlockedCallback()) {
+      this.installBlockedCallback = null;
+      notification.firstChild.click();
+    }
+    else {
+      notification.close();
+      this.endTest();
+    }
+  },
+
+  // nsIWindowMediatorListener
+
+  onWindowTitleChange: function(window, title) {
+  },
+
+  onOpenWindow: function(window) {
+    var domwindow = window.QueryInterface(Components.interfaces.nsIInterfaceRequestor)
+                          .getInterface(Components.interfaces.nsIDOMWindowInternal);
+    var self = this;
+    domwindow.addEventListener("load", function() {
+      self.windowLoad(domwindow);
+    }, false);
+  },
+
+  onCloseWindow: function(window) {
+  },
+
+  // nsIAddonInstallListener
+
+  onDownloadStarted: function(addon) {
+    if (this.downloadStartedCallback)
+      this.downloadStartedCallback(addon);
+  },
+
+  onDownloadProgress: function(addon, value, maxValue) {
+    if (this.downloadProgressCallback)
+      this.downloadProgressCallback(addon, value, maxValue);
+  },
+
+  onDownloadEnded: function(addon) {
+    if (this.downloadEndedCallback)
+      this.downloadEndedCallback(addon);
+  },
+
+  onInstallStarted: function(addon) {
+    if (this.installStartedCallback)
+      this.installStartedCallback(addon);
+  },
+
+  onCompatibilityCheckStarted: function(addon) {
+  },
+
+  onCompatibilityCheckEnded: function(addon, status) {
+  },
+
+  onInstallEnded: function(addon, status) {
+    if (this.installEndedCallback)
+      this.installEndedCallback(addon, status);
+  },
+
+  onInstallsCompleted: function() {
+    this.endTest();
+  },
+
+  // nsIObserver
+
+  observe: function(subject, topic, data) {
+    // Make sure the main UI has received the event too and so has started
+    // displaying the notification.
+    var self = this;
+    executeSoon(function() { self.installBlocked() });
+  },
+
+  QueryInterface: function(iid) {
+    if (iid.equals(Components.interfaces.nsIObserver) ||
+        iid.equals(Components.interfaces.nsIAddonInstallListener) ||
+        iid.equals(Components.interfaces.nsIWindowMediatorListener) ||
+        iid.equals(Components.interfaces.nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  }
+}

xpinstall/tests/installchrome.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html>
+
+<!-- This page will accept a url as the uri query and pass it to InstallTrigger.installChrome -->
+
+<head>
+<title>InstallTrigger tests</title>
+<script type="text/javascript">
+function startInstall() {
+  InstallTrigger.installChrome(InstallTrigger.SKIN,
+                               decodeURIComponent(document.location.search.substring(1)),
+                               "test");
+}
+</script>
+</head>
+<body onload="startInstall()">
+<p>InstallTrigger tests</p>
+</body>
+</html>

xpinstall/tests/installtrigger.html

@@ -0,0 +1,32 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html>
+
+<!-- This page will accept some json as the uri query and pass it to InstallTrigger.install -->
+
+<head>
+<title>InstallTrigger tests</title>
+<script type="text/javascript">
+function installCallback(url, status) {
+  document.getElementById("status").textContent = status;
+}
+
+function startInstall() {
+  var text = decodeURIComponent(document.location.search.substring(1));
+  var triggers = JSON.parse(text);
+  try {
+    document.getElementById("return").textContent = InstallTrigger.install(triggers, installCallback);
+  }
+  catch (e) {
+    document.getElementById("return").textContent = "exception";
+  }
+}
+</script>
+</head>
+<body onload="startInstall()">
+<p>InstallTrigger tests</p>
+<p id="return"></p>
+<p id="status"></p>
+</body>
+</html>

xpinstall/tests/startsoftwareupdate.html

@@ -0,0 +1,19 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html>
+
+<!-- This page will accept a url as the uri query and pass it to InstallTrigger.startSoftwareUpdate -->
+
+<head>
+<title>InstallTrigger tests</title>
+<script type="text/javascript">
+function startInstall() {
+  InstallTrigger.startSoftwareUpdate(decodeURIComponent(document.location.search.substring(1)));
+}
+</script>
+</head>
+<body onload="startInstall()">
+<p>InstallTrigger tests</p>
+</body>
+</html>