9 files changed, 132 insertions, 0 deletions

diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js b/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js
new file mode 100644
index 0000000000..8a757c199c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js
@@ -0,0 +1,48 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file tests that cert_storage correctly persists its "has prior data"
+// information across runs of the browser.
+// (The test DB files for this test were created by running the test
+// `test_cert_storage_broken_db.js` and copying them from that test's profile
+// directory.)
+
+/* eslint-disable no-unused-vars */
+add_task(async function () {
+  let dbDirectory = do_get_profile();
+  dbDirectory.append("security_state");
+  let dbFile = do_get_file("test_cert_storage_preexisting/data.safe.bin");
+  dbFile.copyTo(dbDirectory, "data.safe.bin");
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+  let hasPriorRevocationData = await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_REVOCATION,
+      (rv, hasPriorData) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve(hasPriorData);
+      }
+    );
+  });
+  Assert.equal(
+    hasPriorRevocationData,
+    true,
+    "should have prior revocation data"
+  );
+
+  let hasPriorCertData = await new Promise(resolve => {
+    certStorage.hasPriorData(
+      Ci.nsICertStorage.DATA_TYPE_CERTIFICATE,
+      (rv, hasPriorData) => {
+        Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed");
+        resolve(hasPriorData);
+      }
+    );
+  });
+  Assert.equal(hasPriorCertData, true, "should have prior cert data");
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb
new file mode 100644
index 0000000000..df4cb182a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin
new file mode 100644
index 0000000000..011ed93484
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb
new file mode 100644
index 0000000000..dc4b50fdfc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js
new file mode 100644
index 0000000000..c444bdd945
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js
@@ -0,0 +1,83 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This file tests that cert_storage correctly persists its information across
+// runs of the browser specifically in the case of CRLite.
+// (The test DB files for this test were created by running the test
+// `test_cert_storage_direct.js` and copying them from that test's profile
+// directory.)
+
+/* eslint-disable no-unused-vars */
+add_task(async function () {
+  Services.prefs.setIntPref(
+    "security.pki.crlite_mode",
+    CRLiteModeEnforcePrefValue
+  );
+
+  let dbDirectory = do_get_profile();
+  dbDirectory.append("security_state");
+  let crliteFile = do_get_file(
+    "test_cert_storage_preexisting_crlite/crlite.filter"
+  );
+  crliteFile.copyTo(dbDirectory, "crlite.filter");
+  let coverageFile = do_get_file(
+    "test_cert_storage_preexisting_crlite/crlite.coverage"
+  );
+  coverageFile.copyTo(dbDirectory, "crlite.coverage");
+  let enrollmentFile = do_get_file(
+    "test_cert_storage_preexisting_crlite/crlite.enrollment"
+  );
+  enrollmentFile.copyTo(dbDirectory, "crlite.enrollment");
+
+  let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
+    Ci.nsICertStorage
+  );
+
+  // Add an empty stash to ensure the filter is considered to be fresh.
+  await new Promise(resolve => {
+    certStorage.addCRLiteStash(new Uint8Array([]), (rv, _) => {
+      Assert.equal(rv, Cr.NS_OK, "marked filter as fresh");
+      resolve();
+    });
+  });
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  let validCertIssuer = constructCertFromFile(
+    "test_cert_storage_direct/valid-cert-issuer.pem"
+  );
+  let validCert = constructCertFromFile(
+    "test_cert_storage_direct/valid-cert.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    validCert,
+    PRErrorCodeSuccess,
+    certificateUsageSSLServer,
+    new Date("2019-10-28T00:00:00Z").getTime() / 1000,
+    false,
+    "skynew.jp",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+
+  let revokedCertIssuer = constructCertFromFile(
+    "test_cert_storage_direct/revoked-cert-issuer.pem"
+  );
+  let revokedCert = constructCertFromFile(
+    "test_cert_storage_direct/revoked-cert.pem"
+  );
+  await checkCertErrorGenericAtTime(
+    certdb,
+    revokedCert,
+    SEC_ERROR_REVOKED_CERTIFICATE,
+    certificateUsageSSLServer,
+    new Date("2019-11-04T00:00:00Z").getTime() / 1000,
+    false,
+    "schunk-group.com",
+    Ci.nsIX509CertDB.FLAG_LOCAL_ONLY
+  );
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage
new file mode 100644
index 0000000000..2bd13319e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment
new file mode 100644
index 0000000000..aac0238188
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment
@@ -0,0 +1 @@
+
3)����:�f��v�� 0�����y�Q����'�����jf���@(,v�~;�P�;ҧm��ځb�g�t�(M�T��NTbk�ڠ$
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter
new file mode 100644
index 0000000000..34ced4b840
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin
new file mode 100644
index 0000000000..d96571f128
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin