149 lines
4.5 KiB
JavaScript
149 lines
4.5 KiB
JavaScript
/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
|
|
// Any copyright is dedicated to the Public Domain.
|
|
// http://creativecommons.org/publicdomain/zero/1.0/
|
|
"use strict";
|
|
|
|
// Tests the methods and attributes for interfacing with a PKCS #11 token, using
|
|
// the internal key token.
|
|
// We don't use either of the test tokens in the test PKCS #11 module because:
|
|
// 1. Test token 1 cyclically inserts and removes itself in a tight loop.
|
|
// Using token 1 would complicate the test and introduce intermittent
|
|
// failures.
|
|
// 2. Neither test token implements login or password related functionality.
|
|
// We want to test such functionality.
|
|
// 3. Using the internal token lets us actually test the internal token works
|
|
// as expected.
|
|
|
|
// Ensure that the appropriate initialization has happened.
|
|
do_get_profile();
|
|
|
|
function checkBasicAttributes(token) {
|
|
let bundle = Services.strings.createBundle(
|
|
"chrome://pipnss/locale/pipnss.properties"
|
|
);
|
|
|
|
let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
|
|
equal(
|
|
token.tokenName,
|
|
expectedTokenName,
|
|
"Actual and expected name should match"
|
|
);
|
|
equal(
|
|
token.tokenManID,
|
|
bundle.GetStringFromName("ManufacturerID"),
|
|
"Actual and expected manufacturer ID should match"
|
|
);
|
|
equal(
|
|
token.tokenHWVersion,
|
|
"0.0",
|
|
"Actual and expected hardware version should match"
|
|
);
|
|
equal(
|
|
token.tokenFWVersion,
|
|
"0.0",
|
|
"Actual and expected firmware version should match"
|
|
);
|
|
equal(
|
|
token.tokenSerialNumber,
|
|
"0000000000000000",
|
|
"Actual and expected serial number should match"
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Checks the various password related features of the given token.
|
|
* The token should already have been init with a password and be logged into.
|
|
* The password of the token will be reset after calling this function.
|
|
*
|
|
* @param {nsIPK11Token} token
|
|
* The token to test.
|
|
* @param {string} initialPW
|
|
* The password that the token should have been init with.
|
|
*/
|
|
function checkPasswordFeaturesAndResetPassword(token, initialPW) {
|
|
ok(
|
|
!token.needsUserInit,
|
|
"Token should not need user init after setting a password"
|
|
);
|
|
ok(
|
|
token.hasPassword,
|
|
"Token should have a password after setting a password"
|
|
);
|
|
|
|
ok(
|
|
token.checkPassword(initialPW),
|
|
"checkPassword() should succeed if the correct initial password is given"
|
|
);
|
|
token.changePassword(initialPW, "newPW ÿ 一二三");
|
|
ok(
|
|
token.checkPassword("newPW ÿ 一二三"),
|
|
"checkPassword() should succeed if the correct new password is given"
|
|
);
|
|
|
|
ok(
|
|
!token.checkPassword("wrongPW"),
|
|
"checkPassword() should fail if an incorrect password is given"
|
|
);
|
|
ok(
|
|
!token.isLoggedIn(),
|
|
"Token should be logged out after an incorrect password was given"
|
|
);
|
|
ok(
|
|
!token.needsUserInit,
|
|
"Token should still be init with a password even if an incorrect " +
|
|
"password was given"
|
|
);
|
|
|
|
token.reset();
|
|
ok(token.needsUserInit, "Token should need password init after reset");
|
|
ok(!token.hasPassword, "Token should not have a password after reset");
|
|
ok(!token.isLoggedIn(), "Token should be logged out of after reset");
|
|
}
|
|
|
|
function run_test() {
|
|
let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
|
|
Ci.nsIPK11TokenDB
|
|
);
|
|
let token = tokenDB.getInternalKeyToken();
|
|
notEqual(token, null, "The internal token should be present");
|
|
ok(
|
|
token.isInternalKeyToken,
|
|
"The internal token should be represented as such"
|
|
);
|
|
|
|
checkBasicAttributes(token);
|
|
|
|
ok(!token.isLoggedIn(), "Token should not be logged into yet");
|
|
// Test that attempting to log out even when the token was not logged into
|
|
// does not result in an error.
|
|
token.logoutSimple();
|
|
ok(!token.isLoggedIn(), "Token should still not be logged into");
|
|
ok(
|
|
!token.hasPassword,
|
|
"Token should not have a password before it has been set"
|
|
);
|
|
|
|
let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三";
|
|
token.initPassword(initialPW);
|
|
token.login(/* force */ false);
|
|
ok(token.isLoggedIn(), "Token should now be logged into");
|
|
|
|
checkPasswordFeaturesAndResetPassword(token, initialPW);
|
|
|
|
// We reset the password previously, so we need to initialize again.
|
|
token.initPassword("arbitrary");
|
|
ok(
|
|
token.isLoggedIn(),
|
|
"Token should be logged into after initializing password again"
|
|
);
|
|
token.logoutSimple();
|
|
ok(
|
|
!token.isLoggedIn(),
|
|
"Token should be logged out after calling logoutSimple()"
|
|
);
|
|
|
|
ok(
|
|
token.needsLogin(),
|
|
"The internal token should always need authentication"
|
|
);
|
|
}
|