diff options
Diffstat (limited to '')
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting.js | 48 | ||||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb | bin | 0 -> 45056 bytes | |||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin | bin | 0 -> 122 bytes | |||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb | bin | 0 -> 8192 bytes | |||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js | 83 | ||||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage | bin | 0 -> 97 bytes | |||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment | 1 | ||||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter | bin | 0 -> 15244 bytes | |||
-rw-r--r-- | security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin | bin | 0 -> 1607775 bytes |
9 files changed, 132 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js b/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js new file mode 100644 index 0000000000..8a757c199c --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting.js @@ -0,0 +1,48 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// This file tests that cert_storage correctly persists its "has prior data" +// information across runs of the browser. +// (The test DB files for this test were created by running the test +// `test_cert_storage_broken_db.js` and copying them from that test's profile +// directory.) + +/* eslint-disable no-unused-vars */ +add_task(async function () { + let dbDirectory = do_get_profile(); + dbDirectory.append("security_state"); + let dbFile = do_get_file("test_cert_storage_preexisting/data.safe.bin"); + dbFile.copyTo(dbDirectory, "data.safe.bin"); + + let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService( + Ci.nsICertStorage + ); + let hasPriorRevocationData = await new Promise(resolve => { + certStorage.hasPriorData( + Ci.nsICertStorage.DATA_TYPE_REVOCATION, + (rv, hasPriorData) => { + Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed"); + resolve(hasPriorData); + } + ); + }); + Assert.equal( + hasPriorRevocationData, + true, + "should have prior revocation data" + ); + + let hasPriorCertData = await new Promise(resolve => { + certStorage.hasPriorData( + Ci.nsICertStorage.DATA_TYPE_CERTIFICATE, + (rv, hasPriorData) => { + Assert.equal(rv, Cr.NS_OK, "hasPriorData should succeed"); + resolve(hasPriorData); + } + ); + }); + Assert.equal(hasPriorCertData, true, "should have prior cert data"); +}); diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb Binary files differnew file mode 100644 index 0000000000..df4cb182a7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.mdb diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin Binary files differnew file mode 100644 index 0000000000..011ed93484 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/data.safe.bin diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb Binary files differnew file mode 100644 index 0000000000..dc4b50fdfc --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting/lock.mdb diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js new file mode 100644 index 0000000000..c444bdd945 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite.js @@ -0,0 +1,83 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// This file tests that cert_storage correctly persists its information across +// runs of the browser specifically in the case of CRLite. +// (The test DB files for this test were created by running the test +// `test_cert_storage_direct.js` and copying them from that test's profile +// directory.) + +/* eslint-disable no-unused-vars */ +add_task(async function () { + Services.prefs.setIntPref( + "security.pki.crlite_mode", + CRLiteModeEnforcePrefValue + ); + + let dbDirectory = do_get_profile(); + dbDirectory.append("security_state"); + let crliteFile = do_get_file( + "test_cert_storage_preexisting_crlite/crlite.filter" + ); + crliteFile.copyTo(dbDirectory, "crlite.filter"); + let coverageFile = do_get_file( + "test_cert_storage_preexisting_crlite/crlite.coverage" + ); + coverageFile.copyTo(dbDirectory, "crlite.coverage"); + let enrollmentFile = do_get_file( + "test_cert_storage_preexisting_crlite/crlite.enrollment" + ); + enrollmentFile.copyTo(dbDirectory, "crlite.enrollment"); + + let certStorage = Cc["@mozilla.org/security/certstorage;1"].getService( + Ci.nsICertStorage + ); + + // Add an empty stash to ensure the filter is considered to be fresh. + await new Promise(resolve => { + certStorage.addCRLiteStash(new Uint8Array([]), (rv, _) => { + Assert.equal(rv, Cr.NS_OK, "marked filter as fresh"); + resolve(); + }); + }); + + let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( + Ci.nsIX509CertDB + ); + let validCertIssuer = constructCertFromFile( + "test_cert_storage_direct/valid-cert-issuer.pem" + ); + let validCert = constructCertFromFile( + "test_cert_storage_direct/valid-cert.pem" + ); + await checkCertErrorGenericAtTime( + certdb, + validCert, + PRErrorCodeSuccess, + certificateUsageSSLServer, + new Date("2019-10-28T00:00:00Z").getTime() / 1000, + false, + "skynew.jp", + Ci.nsIX509CertDB.FLAG_LOCAL_ONLY + ); + + let revokedCertIssuer = constructCertFromFile( + "test_cert_storage_direct/revoked-cert-issuer.pem" + ); + let revokedCert = constructCertFromFile( + "test_cert_storage_direct/revoked-cert.pem" + ); + await checkCertErrorGenericAtTime( + certdb, + revokedCert, + SEC_ERROR_REVOKED_CERTIFICATE, + certificateUsageSSLServer, + new Date("2019-11-04T00:00:00Z").getTime() / 1000, + false, + "schunk-group.com", + Ci.nsIX509CertDB.FLAG_LOCAL_ONLY + ); +}); diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage Binary files differnew file mode 100644 index 0000000000..2bd13319e5 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.coverage diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment new file mode 100644 index 0000000000..aac0238188 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.enrollment @@ -0,0 +1 @@ +3):fv 0yQ'jf@(,v~;P;ҧmځbgt(MTNTbkڠ$
\ No newline at end of file diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter Binary files differnew file mode 100644 index 0000000000..34ced4b840 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/crlite.filter diff --git a/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin Binary files differnew file mode 100644 index 0000000000..d96571f128 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_cert_storage_preexisting_crlite/data.safe.bin |