summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests')
-rw-r--r--security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js2
-rw-r--r--security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js2
-rw-r--r--security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js2
-rw-r--r--security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js2
-rw-r--r--security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js2
-rw-r--r--security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js4
-rw-r--r--security/manager/ssl/tests/mochitest/browser/head.js2
-rw-r--r--security/manager/ssl/tests/mochitest/mixedcontent/mochitest.toml1
-rw-r--r--security/manager/ssl/tests/unit/head_psm.js14
-rw-r--r--security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js4
-rw-r--r--security/manager/ssl/tests/unit/test_certDB_import.js4
-rw-r--r--security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js6
-rw-r--r--security/manager/ssl/tests/unit/test_cert_dbKey.js30
-rw-r--r--security/manager/ssl/tests/unit/test_cert_utf8.js5
-rw-r--r--security/manager/ssl/tests/unit/test_ev_certs.js4
-rw-r--r--security/manager/ssl/tests/unit/test_faulty_server.js2
-rw-r--r--security/manager/ssl/tests/unit/test_logoutAndTeardown.js2
-rw-r--r--security/manager/ssl/tests/unit/test_ocsp_private_caching.js11
-rw-r--r--security/manager/ssl/tests/unit/test_ocsp_timeout.js12
-rw-r--r--security/manager/ssl/tests/unit/test_oskeystore.js20
-rw-r--r--security/manager/ssl/tests/unit/test_osreauthenticator.js5
-rw-r--r--security/manager/ssl/tests/unit/test_password_prompt.js2
-rw-r--r--security/manager/ssl/tests/unit/test_pkcs11_slot.js2
-rw-r--r--security/manager/ssl/tests/unit/test_sdr.js2
-rw-r--r--security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js2
-rw-r--r--security/manager/ssl/tests/unit/test_self_signed_certs.js2
-rw-r--r--security/manager/ssl/tests/unit/test_signed_apps.js375
-rw-r--r--security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-es384.zip (renamed from security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip)bin458426 -> 457632 bytes
-rw-r--r--security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-ps256.zip (renamed from security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip)bin459192 -> 458467 bytes
-rw-r--r--security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256.zip (renamed from security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip)bin459315 -> 456863 bytes
-rw-r--r--security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-ps256.zip (renamed from security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip)bin460028 -> 457742 bytes
-rw-r--r--security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js2
-rw-r--r--security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp2
33 files changed, 361 insertions, 164 deletions
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js b/security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js
index 0916ac5ce4..fa8a887753 100644
--- a/security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_add_exception_dialog.js
@@ -20,7 +20,7 @@ function test() {
function testAddCertificate() {
win.removeEventListener("load", testAddCertificate);
- Services.obs.addObserver(async function onCertUI(aSubject, aTopic, aData) {
+ Services.obs.addObserver(async function onCertUI() {
Services.obs.removeObserver(onCertUI, "cert-exception-ui-ready");
ok(win.gCert, "The certificate information should be available now");
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
index a8ff7cc8fb..7e8fa034ff 100644
--- a/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
@@ -92,7 +92,7 @@ function openDeleteCertConfirmDialog(tabID) {
gCertArray,
retVals
);
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
win.addEventListener(
"load",
function () {
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
index 51715b1352..c01ed84122 100644
--- a/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
@@ -56,7 +56,7 @@ function openCertDownloadDialog(cert) {
cert,
returnVals
);
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
win.addEventListener(
"load",
function () {
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
index 9a36eca7bf..5743e01f6f 100644
--- a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
@@ -31,7 +31,7 @@ function openEditCertTrustDialog() {
"",
gCert
);
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
win.addEventListener(
"load",
function () {
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
index 8e6af27cbb..dc3b754531 100644
--- a/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
@@ -73,7 +73,7 @@ function openSetP12PasswordDialog() {
"",
returnVals
);
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
win.addEventListener(
"load",
function () {
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
index 9e4e244123..4b7b78df8d 100644
--- a/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_loadPKCS11Module_ui.js
@@ -38,7 +38,7 @@ const gMockPKCS11ModuleDB = {
}
},
- deleteModule(moduleName) {
+ deleteModule() {
Assert.ok(false, `deleteModule: should not be called`);
},
@@ -102,7 +102,7 @@ var gMockPromptServiceCID = MockRegistrar.register(
);
var gMockFilePicker = SpecialPowers.MockFilePicker;
-gMockFilePicker.init(window);
+gMockFilePicker.init(window.browsingContext);
var gTempFile = Services.dirsvc.get("TmpD", Ci.nsIFile);
gTempFile.append("browser_loadPKCS11Module_ui-fakeModule");
diff --git a/security/manager/ssl/tests/mochitest/browser/head.js b/security/manager/ssl/tests/mochitest/browser/head.js
index 1ae951d7a5..f64e2afc6e 100644
--- a/security/manager/ssl/tests/mochitest/browser/head.js
+++ b/security/manager/ssl/tests/mochitest/browser/head.js
@@ -70,7 +70,7 @@ function readCertificate(filename, trustString) {
*/
async function openCertManager() {
let win = window.openDialog("chrome://pippki/content/certManager.xhtml");
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
win.addEventListener(
"load",
function () {
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.toml b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.toml
index 1a37ba6f38..4935021410 100644
--- a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.toml
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.toml
@@ -7,6 +7,7 @@ skip-if = [
prefs = [
"security.mixed_content.upgrade_display_content=false",
"dom.security.https_first=false",
+ "dom.block_download_insecure=false",
]
support-files = [
"alloworigin.sjs",
diff --git a/security/manager/ssl/tests/unit/head_psm.js b/security/manager/ssl/tests/unit/head_psm.js
index d34c7fdc1d..5667d2e020 100644
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -300,7 +300,7 @@ function checkCertErrorGenericAtTime(
/* optional */ hostname,
/* optional */ flags = NO_FLAGS
) {
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
let result = new CertVerificationExpectedErrorResult(
cert.commonName,
expectedError,
@@ -570,7 +570,7 @@ async function asyncConnectTo(
Connection.prototype = {
// nsITransportEventSink
- onTransportStatus(aTransport, aStatus, aProgress, aProgressMax) {
+ onTransportStatus(aTransport, aStatus) {
if (
!this.connected &&
aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO
@@ -596,7 +596,7 @@ async function asyncConnectTo(
},
// nsIOutputStreamCallback
- onOutputStreamReady(aStream) {
+ onOutputStreamReady() {
if (aAfterStreamOpen) {
aAfterStreamOpen(this.transport);
}
@@ -774,7 +774,7 @@ function generateOCSPResponses(ocspRespArray, nssDBlocation) {
// serverIdentities.
function getFailingHttpServer(serverPort, serverIdentities) {
let httpServer = new HttpServer();
- httpServer.registerPrefixHandler("/", function (request, response) {
+ httpServer.registerPrefixHandler("/", function () {
Assert.ok(false, "HTTP responder should not have been queried");
});
httpServer.identity.setPrimary("http", serverIdentities.shift(), serverPort);
@@ -902,7 +902,7 @@ function startOCSPResponder(
// Given an OCSP responder (see startOCSPResponder), returns a promise that
// resolves when the responder has successfully stopped.
function stopOCSPResponder(responder) {
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
responder.stop(resolve);
});
}
@@ -977,7 +977,7 @@ class CertVerificationResult {
this.resolve = resolve;
}
- verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) {
+ verifyCertFinished(aPRErrorCode) {
if (this.successExpected) {
equal(
aPRErrorCode,
@@ -1017,7 +1017,7 @@ function asyncTestCertificateUsages(certdb, cert, expectedUsages) {
let now = new Date().getTime() / 1000;
let promises = [];
Object.keys(allCertificateUsages).forEach(usageString => {
- let promise = new Promise((resolve, reject) => {
+ let promise = new Promise(resolve => {
let usage = allCertificateUsages[usageString];
let successExpected = expectedUsages.includes(usage);
let result = new CertVerificationResult(
diff --git a/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js
index 25f4ab58bf..471330302f 100644
--- a/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js
+++ b/security/manager/ssl/tests/unit/test_certDB_export_pkcs12_with_primary_password.js
@@ -30,7 +30,7 @@ var gPrompt = {
ok(false, "not expecting alert() to be called");
},
- promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+ promptPassword(dialogTitle, text, password, checkMsg) {
equal(
text,
"Please enter your Primary Password.",
@@ -44,7 +44,7 @@ var gPrompt = {
const gPromptFactory = {
QueryInterface: ChromeUtils.generateQI(["nsIPromptFactory"]),
- getPrompt: (aWindow, aIID) => gPrompt,
+ getPrompt: () => gPrompt,
};
function findCertByCommonName(commonName) {
diff --git a/security/manager/ssl/tests/unit/test_certDB_import.js b/security/manager/ssl/tests/unit/test_certDB_import.js
index 86c66f4989..f91a7b750f 100644
--- a/security/manager/ssl/tests/unit/test_certDB_import.js
+++ b/security/manager/ssl/tests/unit/test_certDB_import.js
@@ -28,11 +28,11 @@ const gCertificateDialogs = {
trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
return true;
},
- setPKCS12FilePassword: (ctx, password) => {
+ setPKCS12FilePassword: () => {
// This is only relevant to exporting.
ok(false, "setPKCS12FilePassword() should not have been called");
},
- getPKCS12FilePassword: (ctx, password) => {
+ getPKCS12FilePassword: () => {
// We don't test anything that calls this method yet.
ok(false, "getPKCS12FilePassword() should not have been called");
},
diff --git a/security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js b/security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js
index ab1ad36fd2..07e360fffd 100644
--- a/security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js
+++ b/security/manager/ssl/tests/unit/test_certDB_import_with_primary_password.js
@@ -28,11 +28,11 @@ const gCertificateDialogs = {
trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
return true;
},
- setPKCS12FilePassword: (ctx, password) => {
+ setPKCS12FilePassword: () => {
// This is only relevant to exporting.
ok(false, "setPKCS12FilePassword() should not have been called");
},
- getPKCS12FilePassword: (ctx, password) => {
+ getPKCS12FilePassword: () => {
// We don't test anything that calls this method yet.
ok(false, "getPKCS12FilePassword() should not have been called");
},
@@ -47,7 +47,7 @@ var gMockPrompter = {
// This intentionally does not use arrow function syntax to avoid an issue
// where in the context of the arrow function, |this != gMockPrompter| due to
// how objects get wrapped when going across xpcom boundaries.
- promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+ promptPassword(dialogTitle, text, password, checkMsg) {
this.numPrompts++;
if (this.numPrompts > 1) {
// don't keep retrying a bad password
diff --git a/security/manager/ssl/tests/unit/test_cert_dbKey.js b/security/manager/ssl/tests/unit/test_cert_dbKey.js
index 3ff36f905c..4f729b037e 100644
--- a/security/manager/ssl/tests/unit/test_cert_dbKey.js
+++ b/security/manager/ssl/tests/unit/test_cert_dbKey.js
@@ -34,8 +34,9 @@ function encodeCommonNameAsBytes(commonName) {
// SEQUENCE must be 127. Everything not in the contents of the common name
// will take up 11 bytes, so the value of the common name itself can be at
// most 116 bytes.
- ok(
- commonName.length <= 116,
+ Assert.lessOrEqual(
+ commonName.length,
+ 116,
"test assumption: common name can't be longer than 116 bytes (makes " +
"DER encoding easier)"
);
@@ -88,13 +89,15 @@ function run_test() {
"consists only of a common name"
);
let issuerBytes = encodeCommonNameAsBytes(cert.issuerCommonName);
- ok(
- issuerBytes.length < 256,
+ Assert.less(
+ issuerBytes.length,
+ 256,
"test assumption: length of encoded issuer is less than 256 bytes"
);
let serialNumberBytes = hexStringToBytes(cert.serialNumber);
- ok(
- serialNumberBytes.length < 256,
+ Assert.less(
+ serialNumberBytes.length,
+ 256,
"test assumption: length of encoded serial number is less than 256 bytes"
);
let dbKeyHeader = [
@@ -129,13 +132,15 @@ function run_test() {
"nsIX509CertDB.findCertByDBKey should find the right certificate"
);
- ok(
- expectedDbKey.length > 64,
+ Assert.greater(
+ expectedDbKey.length,
+ 64,
"test assumption: dbKey should be longer than 64 characters"
);
let expectedDbKeyWithCRLF = expectedDbKey.replace(/(.{64})/, "$1\r\n");
- ok(
- expectedDbKeyWithCRLF.indexOf("\r\n") == 64,
+ Assert.equal(
+ expectedDbKeyWithCRLF.indexOf("\r\n"),
+ 64,
"test self-check: adding CRLF to dbKey should succeed"
);
certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF);
@@ -145,8 +150,9 @@ function run_test() {
);
let expectedDbKeyWithSpaces = expectedDbKey.replace(/(.{64})/, "$1 ");
- ok(
- expectedDbKeyWithSpaces.indexOf(" ") == 64,
+ Assert.equal(
+ expectedDbKeyWithSpaces.indexOf(" "),
+ 64,
"test self-check: adding spaces to dbKey should succeed"
);
certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces);
diff --git a/security/manager/ssl/tests/unit/test_cert_utf8.js b/security/manager/ssl/tests/unit/test_cert_utf8.js
index caeddd8158..82677237a3 100644
--- a/security/manager/ssl/tests/unit/test_cert_utf8.js
+++ b/security/manager/ssl/tests/unit/test_cert_utf8.js
@@ -60,8 +60,9 @@ function testUTF8InField(field, replacementPrefix, certificateBytesToAlter) {
let uniqueIssuerReplacement =
"ALWAYS MAKE ME UNIQU" + String.fromCharCode(gUniqueIssuerCounter);
bytes = bytes.replace("ALWAYS MAKE ME UNIQUE", uniqueIssuerReplacement);
- ok(
- gUniqueIssuerCounter < 127,
+ Assert.less(
+ gUniqueIssuerCounter,
+ 127,
"should have enough ASCII replacements to make a unique issuer DN"
);
gUniqueIssuerCounter++;
diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js
index f163623919..99b5bda0f0 100644
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -84,7 +84,7 @@ function asyncTestEV(
ocspResponseTypes = undefined
) {
let now = Date.now() / 1000;
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
let ocspResponder = expectedOCSPRequestPaths.length
? startOCSPResponder(
SERVER_PORT,
@@ -157,7 +157,7 @@ function verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, expectSuccess) {
if (expectSuccess && gEVExpected) {
expectedErrorCode = PRErrorCodeSuccess;
}
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
let ocspResponder = failingOCSPResponder();
let result = new EVCertVerificationResult(
cert.subjectName,
diff --git a/security/manager/ssl/tests/unit/test_faulty_server.js b/security/manager/ssl/tests/unit/test_faulty_server.js
index 7536a91104..f617908e28 100644
--- a/security/manager/ssl/tests/unit/test_faulty_server.js
+++ b/security/manager/ssl/tests/unit/test_faulty_server.js
@@ -13,7 +13,7 @@ var httpServer = null;
let handlerCallbacks = {};
-function listenHandler(metadata, response) {
+function listenHandler(metadata) {
info(metadata.path);
handlerCallbacks[metadata.path] = (handlerCallbacks[metadata.path] || 0) + 1;
}
diff --git a/security/manager/ssl/tests/unit/test_logoutAndTeardown.js b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
index 1582978398..531b1acb22 100644
--- a/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
+++ b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
@@ -163,7 +163,7 @@ function storeCertOverride(port, cert) {
function startClient(port) {
let req = new XMLHttpRequest();
req.open("GET", `https://${hostname}:${port}`);
- return new Promise((resolve, reject) => {
+ return new Promise(resolve => {
req.onload = () => {
ok(false, "should not have gotten load event");
resolve();
diff --git a/security/manager/ssl/tests/unit/test_ocsp_private_caching.js b/security/manager/ssl/tests/unit/test_ocsp_private_caching.js
index 47b976cf71..3a56118bdf 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_private_caching.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_private_caching.js
@@ -74,16 +74,7 @@ function add_ocsp_necko_cache_test(loadContext) {
let foundEntry = false;
let visitor = {
onCacheStorageInfo() {},
- onCacheEntryInfo(
- aURI,
- aIdEnhance,
- aDataSize,
- aFetchCount,
- aLastModifiedTime,
- aExpirationTime,
- aPinned,
- aInfo
- ) {
+ onCacheEntryInfo(aURI) {
Assert.equal(
aURI.spec,
"http://localhost:8888/",
diff --git a/security/manager/ssl/tests/unit/test_ocsp_timeout.js b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
index 8d606bc028..5d3487bfe7 100644
--- a/security/manager/ssl/tests/unit/test_ocsp_timeout.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
@@ -21,7 +21,7 @@ var gSocketListener = {
socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, 30);
},
- onStopListening(serverSocket, status) {},
+ onStopListening() {},
};
function run_test() {
@@ -77,8 +77,9 @@ function add_one_test(useHardFail, timeoutPrefName, timeoutMilliseconds) {
// prevent intermittent failures (this only appeared to be a problem on
// Windows XP). See Bug 1121117.
const FUZZ_MS = 300;
- ok(
- timeDifference + FUZZ_MS > timeoutMilliseconds,
+ Assert.greater(
+ timeDifference + FUZZ_MS,
+ timeoutMilliseconds,
`OCSP timeout should be ~${timeoutMilliseconds}s for ` +
`${useHardFail ? "hard" : "soft"}-fail`
);
@@ -86,8 +87,9 @@ function add_one_test(useHardFail, timeoutPrefName, timeoutMilliseconds) {
// (Unfortunately, we probably can't have a tight upper bound on
// how long is too long for this test, because we might be running
// on slow hardware.)
- ok(
- timeDifference < 60000,
+ Assert.less(
+ timeDifference,
+ 60000,
"Automatic OCSP timeout shouldn't be more than 60s"
);
diff --git a/security/manager/ssl/tests/unit/test_oskeystore.js b/security/manager/ssl/tests/unit/test_oskeystore.js
index fcc9de6c59..9efcaa69a6 100644
--- a/security/manager/ssl/tests/unit/test_oskeystore.js
+++ b/security/manager/ssl/tests/unit/test_oskeystore.js
@@ -51,8 +51,9 @@ async function encrypt_decrypt_test() {
// Decrypting should give us the plaintext bytes again.
try {
let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
- ok(
- plaintext.toString() == text.toString(),
+ Assert.equal(
+ plaintext.toString(),
+ text.toString(),
"Decrypted plaintext should be the same as text."
);
} catch (e) {
@@ -102,8 +103,9 @@ add_task(async function () {
await keystore.asyncRecoverSecret(LABELS[0], recoveryPhrase);
let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
- ok(
- plaintext.toString() == text.toString(),
+ Assert.equal(
+ plaintext.toString(),
+ text.toString(),
"Decrypted plaintext should be the same as text."
);
@@ -166,8 +168,9 @@ add_task(async function () {
await keystore.asyncRecoverSecret(LABELS[0], recoveryPhrase);
let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
- ok(
- plaintext.toString() == text.toString(),
+ Assert.equal(
+ plaintext.toString(),
+ text.toString(),
"Decrypted plaintext should be the same as text (once we have the original key again)."
);
@@ -204,8 +207,9 @@ add_task(async function () {
await keystore.asyncRecoverSecret(LABELS[0], newRecoveryPhrase);
let plaintext = await keystore.asyncDecryptBytes(LABELS[0], ciphertext);
- ok(
- plaintext.toString() == text.toString(),
+ Assert.equal(
+ plaintext.toString(),
+ text.toString(),
"Decrypted plaintext should be the same as text (once we have the new key again)."
);
diff --git a/security/manager/ssl/tests/unit/test_osreauthenticator.js b/security/manager/ssl/tests/unit/test_osreauthenticator.js
index 01784a5fef..55d9710c0d 100644
--- a/security/manager/ssl/tests/unit/test_osreauthenticator.js
+++ b/security/manager/ssl/tests/unit/test_osreauthenticator.js
@@ -13,14 +13,15 @@ add_task(async function test_asyncReauthenticateUser() {
].getService(Ci.nsIOSReauthenticator);
ok(reauthenticator, "nsIOSReauthenticator should be available");
const EXPECTED = false; // Change this variable to suit your needs while testing.
- ok(
+ Assert.equal(
(
await reauthenticator.asyncReauthenticateUser(
"this is the prompt string",
"this is the caption string",
null
)
- )[0] == EXPECTED,
+ )[0],
+ EXPECTED,
"nsIOSReauthenticator.asyncReauthenticateUser should return a boolean array with the first item being the authentication result of: " +
EXPECTED
);
diff --git a/security/manager/ssl/tests/unit/test_password_prompt.js b/security/manager/ssl/tests/unit/test_password_prompt.js
index cf4c6db7bf..a88dd67703 100644
--- a/security/manager/ssl/tests/unit/test_password_prompt.js
+++ b/security/manager/ssl/tests/unit/test_password_prompt.js
@@ -16,7 +16,7 @@ var gMockPrompter = {
// This intentionally does not use arrow function syntax to avoid an issue
// where in the context of the arrow function, |this != gMockPrompter| due to
// how objects get wrapped when going across xpcom boundaries.
- promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+ promptPassword(dialogTitle, text, password, checkMsg) {
this.numPrompts++;
if (this.numPrompts > 1) {
// don't keep retrying a bad password
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_slot.js b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
index dba2a4d3a1..f04c296f9b 100644
--- a/security/manager/ssl/tests/unit/test_pkcs11_slot.js
+++ b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
@@ -44,7 +44,7 @@ var gPrompt = {
const gPromptFactory = {
QueryInterface: ChromeUtils.generateQI(["nsIPromptFactory"]),
- getPrompt: (aWindow, aIID) => gPrompt,
+ getPrompt: () => gPrompt,
};
function run_test() {
diff --git a/security/manager/ssl/tests/unit/test_sdr.js b/security/manager/ssl/tests/unit/test_sdr.js
index e9e477efc5..73c2219fc6 100644
--- a/security/manager/ssl/tests/unit/test_sdr.js
+++ b/security/manager/ssl/tests/unit/test_sdr.js
@@ -22,7 +22,7 @@ const gTokenPasswordDialogs = {
};
let gMockPrompter = {
- promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+ promptPassword() {
// Returning false simulates the user canceling the password prompt.
return false;
},
diff --git a/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
index 5c1b2bb653..fa2b536036 100644
--- a/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
+++ b/security/manager/ssl/tests/unit/test_sdr_preexisting_with_password.js
@@ -17,7 +17,7 @@ var gMockPrompter = {
// This intentionally does not use arrow function syntax to avoid an issue
// where in the context of the arrow function, |this != gMockPrompter| due to
// how objects get wrapped when going across xpcom boundaries.
- promptPassword(dialogTitle, text, password, checkMsg, checkValue) {
+ promptPassword(dialogTitle, text, password, checkMsg) {
this.numPrompts++;
if (this.numPrompts > 1) {
// don't keep retrying a bad password
diff --git a/security/manager/ssl/tests/unit/test_self_signed_certs.js b/security/manager/ssl/tests/unit/test_self_signed_certs.js
index ef0a38f9bc..2500ea38a5 100644
--- a/security/manager/ssl/tests/unit/test_self_signed_certs.js
+++ b/security/manager/ssl/tests/unit/test_self_signed_certs.js
@@ -65,7 +65,7 @@ add_task(async function test_no_overlong_path_building() {
}
let timeAfter = Date.now();
let secondsElapsed = (timeAfter - timeBefore) / 1000;
- ok(secondsElapsed < 120, "verifications shouldn't take too long");
+ Assert.less(secondsElapsed, 120, "verifications shouldn't take too long");
});
add_task(async function test_no_bad_signature() {
diff --git a/security/manager/ssl/tests/unit/test_signed_apps.js b/security/manager/ssl/tests/unit/test_signed_apps.js
index 4893bfd714..3ec35a8608 100644
--- a/security/manager/ssl/tests/unit/test_signed_apps.js
+++ b/security/manager/ssl/tests/unit/test_signed_apps.js
@@ -96,7 +96,7 @@ function tamper(inFilePath, outFilePath, modifications, newEntries) {
}
}
-function removeEntry(entry, entryInput) {
+function removeEntry() {
return [null, null];
}
@@ -116,8 +116,8 @@ function truncateEntry(entry, entryInput) {
return [entry, content];
}
-function check_open_result(name, expectedRv) {
- return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
+function check_open_result(name, expectedRv, expectedSignatureAlgorithms) {
+ return function openSignedAppFileCallback(rv, aZipReader, aSignatureInfos) {
info("openSignedAppFileCallback called for " + name);
equal(rv, expectedRv, "Actual and expected return value should match");
equal(
@@ -126,10 +126,17 @@ function check_open_result(name, expectedRv) {
"ZIP reader should be null only if the return value denotes failure"
);
equal(
- aSignerCert != null,
- Components.isSuccessCode(expectedRv),
- "Signer cert should be null only if the return value denotes failure"
+ aSignatureInfos.length,
+ expectedSignatureAlgorithms.length,
+ "Should have the same number of expected signature infos"
);
+ for (let i = 0; i < expectedSignatureAlgorithms.length; i++) {
+ equal(
+ aSignatureInfos[i].signatureAlgorithm,
+ expectedSignatureAlgorithms[i],
+ "Should have expected signature algorithm"
+ );
+ }
run_next_test();
};
}
@@ -149,89 +156,152 @@ function tampered_app_path(test_name) {
var hashTestcases = [
// SHA-256 in PKCS#7 + SHA-256 present elsewhere => OK
- { name: "app_mf-1-256_sf-1-256_p7-1-256", expectedResult: Cr.NS_OK },
- { name: "app_mf-1-256_sf-1-256_p7-256", expectedResult: Cr.NS_OK },
- { name: "app_mf-1-256_sf-256_p7-1-256", expectedResult: Cr.NS_OK },
- { name: "app_mf-1-256_sf-256_p7-256", expectedResult: Cr.NS_OK },
- { name: "app_mf-256_sf-1-256_p7-1-256", expectedResult: Cr.NS_OK },
- { name: "app_mf-256_sf-1-256_p7-256", expectedResult: Cr.NS_OK },
- { name: "app_mf-256_sf-256_p7-1-256", expectedResult: Cr.NS_OK },
- { name: "app_mf-256_sf-256_p7-256", expectedResult: Cr.NS_OK },
+ {
+ name: "app_mf-1-256_sf-1-256_p7-1-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
+ {
+ name: "app_mf-1-256_sf-1-256_p7-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
+ {
+ name: "app_mf-1-256_sf-256_p7-1-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
+ {
+ name: "app_mf-1-256_sf-256_p7-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
+ {
+ name: "app_mf-256_sf-1-256_p7-1-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
+ {
+ name: "app_mf-256_sf-1-256_p7-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
+ {
+ name: "app_mf-256_sf-256_p7-1-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
+ {
+ name: "app_mf-256_sf-256_p7-256",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256],
+ },
// SHA-1 in PKCS#7 + SHA-1 present elsewhere => OK
- { name: "app_mf-1-256_sf-1-256_p7-1", expectedResult: Cr.NS_OK },
- { name: "app_mf-1-256_sf-1_p7-1", expectedResult: Cr.NS_OK },
- { name: "app_mf-1_sf-1-256_p7-1", expectedResult: Cr.NS_OK },
- { name: "app_mf-1_sf-1_p7-1", expectedResult: Cr.NS_OK },
+ {
+ name: "app_mf-1-256_sf-1-256_p7-1",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1],
+ },
+ {
+ name: "app_mf-1-256_sf-1_p7-1",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1],
+ },
+ {
+ name: "app_mf-1_sf-1-256_p7-1",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1],
+ },
+ {
+ name: "app_mf-1_sf-1_p7-1",
+ expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1],
+ },
// SHA-256 in PKCS#7 + SHA-256 not present elsewhere => INVALID
{
name: "app_mf-1-256_sf-1_p7-1-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1-256_sf-1_p7-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1_sf-1-256_p7-1-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1_sf-1-256_p7-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1_sf-1_p7-1-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1_sf-1_p7-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1_sf-256_p7-1-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1_sf-256_p7-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-256_sf-1_p7-1-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-256_sf-1_p7-256",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
// SHA-1 in PKCS#7 + SHA-1 not present elsewhere => INVALID
{
name: "app_mf-1-256_sf-256_p7-1",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-1_sf-256_p7-1",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-256_sf-1-256_p7-1",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-256_sf-1_p7-1",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
{
name: "app_mf-256_sf-256_p7-1",
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
},
];
// Policy values for the preference "security.signed_app_signatures.policy"
const PKCS7WithSHA1OrSHA256 = 0b0;
-const PKCS7WithSHA256 = 0b1;
+const PKCS7_WITH_SHA256 = 0b1;
const COSEAndPKCS7WithSHA1OrSHA256 = 0b10;
const COSEAndPKCS7WithSHA256 = 0b11;
const COSERequiredAndPKCS7WithSHA1OrSHA256 = 0b100;
@@ -254,7 +324,11 @@ for (let testcase of hashTestcases) {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path(testcase.name),
- check_open_result(testcase.name, testcase.expectedResult)
+ check_open_result(
+ testcase.name,
+ testcase.expectedResult,
+ testcase.expectedSignatureAlgorithms
+ )
);
});
}
@@ -265,7 +339,8 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
original_app_path("empty_signerInfos"),
check_open_result(
"the signerInfos in the PKCS#7 signature is empty",
- Cr.NS_ERROR_CMS_VERIFY_NOT_SIGNED
+ Cr.NS_ERROR_CMS_VERIFY_NOT_SIGNED,
+ []
)
);
});
@@ -274,7 +349,7 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("unsigned_app"),
- check_open_result("unsigned", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED)
+ check_open_result("unsigned", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED, [])
);
});
@@ -284,7 +359,8 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
original_app_path("unknown_issuer_app"),
check_open_result(
"unknown_issuer",
- getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)
+ getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER),
+ []
)
);
});
@@ -293,7 +369,10 @@ add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("cose_signed_with_pkcs7"),
- check_open_result("cose_signed_with_pkcs7", Cr.NS_OK)
+ check_open_result("cose_signed_with_pkcs7", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256,
+ ])
);
});
@@ -301,7 +380,9 @@ add_signature_test(COSEAndPKCS7WithSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("app_mf-256_sf-256_p7-256"),
- check_open_result("no COSE but correct PK#7", Cr.NS_OK)
+ check_open_result("no COSE but correct PK#7", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256,
+ ])
);
});
@@ -311,7 +392,8 @@ add_signature_test(COSEAndPKCS7WithSHA256, function () {
original_app_path("app_mf-1_sf-256_p7-256"),
check_open_result(
"no COSE and wrong PK#7 hash",
- Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+ Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ []
)
);
});
@@ -322,7 +404,8 @@ add_signature_test(COSERequiredAndPKCS7WithSHA1OrSHA256, function () {
original_app_path("app_mf-256_sf-256_p7-256"),
check_open_result(
"COSE signature missing (SHA1 or 256)",
- Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+ Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE,
+ []
)
);
});
@@ -333,7 +416,8 @@ add_signature_test(COSERequiredAndPKCS7WithSHA256, function () {
original_app_path("app_mf-256_sf-256_p7-256"),
check_open_result(
"COSE signature missing (SHA256)",
- Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+ Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE,
+ []
)
);
});
@@ -344,7 +428,8 @@ add_signature_test(COSERequiredAndPKCS7WithSHA256, function () {
original_app_path("only_cose_signed"),
check_open_result(
"COSE signature only (PK#7 allowed, not present)",
- Cr.NS_OK
+ Cr.NS_OK,
+ [Ci.nsIAppSignatureInfo.COSE_WITH_SHA256]
)
);
});
@@ -355,7 +440,8 @@ add_signature_test(COSERequiredAndPKCS7WithSHA1OrSHA256, function () {
original_app_path("only_cose_signed"),
check_open_result(
"COSE signature only (PK#7 allowed, not present)",
- Cr.NS_OK
+ Cr.NS_OK,
+ [Ci.nsIAppSignatureInfo.COSE_WITH_SHA256]
)
);
});
@@ -364,7 +450,10 @@ add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("cose_multiple_signed_with_pkcs7"),
- check_open_result("cose_multiple_signed_with_pkcs7", Cr.NS_OK)
+ check_open_result("cose_multiple_signed_with_pkcs7", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256,
+ ])
);
});
@@ -372,7 +461,10 @@ add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("cose_int_signed_with_pkcs7"),
- check_open_result("COSE signed with an intermediate", Cr.NS_OK)
+ check_open_result("COSE signed with an intermediate", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256,
+ ])
);
});
@@ -382,7 +474,8 @@ add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
original_app_path("only_cose_signed"),
check_open_result(
"PK7 signature missing",
- Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED
+ Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED,
+ []
)
);
});
@@ -393,7 +486,8 @@ add_signature_test(COSEOnly, function () {
original_app_path("cose_multiple_signed_with_pkcs7"),
check_open_result(
"Expected only COSE signature",
- Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+ []
)
);
});
@@ -402,7 +496,9 @@ add_signature_test(COSEOnly, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("only_cose_multiple_signed"),
- check_open_result("only Multiple COSE signatures", Cr.NS_OK)
+ check_open_result("only Multiple COSE signatures", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ ])
);
});
@@ -410,7 +506,9 @@ add_signature_test(COSEOnly, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("only_cose_signed"),
- check_open_result("only_cose_signed", Cr.NS_OK)
+ check_open_result("only_cose_signed", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ ])
);
});
@@ -418,7 +516,9 @@ add_signature_test(COSEOnlyAgain, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("only_cose_signed"),
- check_open_result("only_cose_signed (again)", Cr.NS_OK)
+ check_open_result("only_cose_signed (again)", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ ])
);
});
@@ -428,7 +528,8 @@ add_signature_test(COSEOnly, function () {
original_app_path("cose_signed_with_pkcs7"),
check_open_result(
"COSE only expected but also PK#7 signed",
- Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+ []
)
);
});
@@ -440,7 +541,9 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("app_mf-1_sf-1_p7-1"),
- check_open_result("identity_tampering", Cr.NS_OK)
+ check_open_result("identity_tampering", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1,
+ ])
);
});
@@ -455,7 +558,7 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("missing_rsa", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED)
+ check_open_result("missing_rsa", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED, [])
);
});
@@ -470,7 +573,7 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("missing_sf", Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID)
+ check_open_result("missing_sf", Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID, [])
);
});
@@ -487,7 +590,8 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
tampered,
check_open_result(
"missing_manifest_mf",
- Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+ Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ []
)
);
});
@@ -503,7 +607,7 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("missing_entry", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING)
+ check_open_result("missing_entry", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING, [])
);
});
@@ -518,7 +622,11 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("truncated_entry", Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY)
+ check_open_result(
+ "truncated_entry",
+ Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+ []
+ )
);
});
@@ -535,7 +643,8 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
tampered,
check_open_result(
"truncated_manifestFile",
- Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+ Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ []
)
);
});
@@ -553,7 +662,8 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
tampered,
check_open_result(
"truncated_signatureFile",
- getXPCOMStatusFromNSS(SEC_ERROR_PKCS7_BAD_SIGNATURE)
+ getXPCOMStatusFromNSS(SEC_ERROR_PKCS7_BAD_SIGNATURE),
+ []
)
);
});
@@ -569,7 +679,11 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("truncated_pkcs7File", Cr.NS_ERROR_CMS_VERIFY_NOT_SIGNED)
+ check_open_result(
+ "truncated_pkcs7File",
+ Cr.NS_ERROR_CMS_VERIFY_NOT_SIGNED,
+ []
+ )
);
});
@@ -581,7 +695,11 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("unsigned_entry", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY)
+ check_open_result(
+ "unsigned_entry",
+ Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+ []
+ )
);
});
@@ -595,35 +713,41 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
tampered,
check_open_result(
"unsigned_metainf_entry",
- Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+ []
)
);
});
-add_signature_test(PKCS7WithSHA256, function testSHA1Disabled() {
+add_signature_test(PKCS7_WITH_SHA256, function testSHA1Disabled() {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("app_mf-1_sf-1_p7-1"),
check_open_result(
"SHA-1 should not be accepted if disabled by policy",
- Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+ Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE,
+ []
)
);
});
-add_signature_test(PKCS7WithSHA256, function testSHA256WorksWithSHA1Disabled() {
- certdb.openSignedAppFileAsync(
- Ci.nsIX509CertDB.AppXPCShellRoot,
- original_app_path("app_mf-256_sf-256_p7-256"),
- check_open_result(
- "SHA-256 should work if SHA-1 is disabled by policy",
- Cr.NS_OK
- )
- );
-});
+add_signature_test(
+ PKCS7_WITH_SHA256,
+ function testSHA256WorksWithSHA1Disabled() {
+ certdb.openSignedAppFileAsync(
+ Ci.nsIX509CertDB.AppXPCShellRoot,
+ original_app_path("app_mf-256_sf-256_p7-256"),
+ check_open_result(
+ "SHA-256 should work if SHA-1 is disabled by policy",
+ Cr.NS_OK,
+ [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256]
+ )
+ );
+ }
+);
add_signature_test(
- PKCS7WithSHA256,
+ PKCS7_WITH_SHA256,
function testMultipleSignaturesWorkWithSHA1Disabled() {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
@@ -631,7 +755,8 @@ add_signature_test(
check_open_result(
"Multiple signatures should work if SHA-1 is " +
"disabled by policy (if SHA-256 signature verifies)",
- Cr.NS_OK
+ Cr.NS_OK,
+ [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256]
)
);
}
@@ -642,26 +767,43 @@ var cosePolicies = [
COSERequiredAndPKCS7WithSHA1OrSHA256,
];
-// PS256 is not yet supported.
+// NOTE: The zip files referenced in coseTestcasesStage and coseTestcasesProd
+// were originally generated with
+// https://github.com/mozilla-services/autograph/blob/c890e14de5b04dcff9be0d07fdea4ae6bbb58557/tools/autograph-client/build_test_xpis.sh
+// Since then, the mechanism to sign these packages have changed, see
+// https://bugzilla.mozilla.org/show_bug.cgi?id=1885457 for details.
+
var coseTestcasesStage = [
{
- name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384",
+ name: "addons-stage-tomato-clock-sha1-es256-es384",
expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1,
+ ],
root: Ci.nsIX509CertDB.AddonsStageRoot,
},
{
- name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256",
+ name: "addons-stage-tomato-clock-sha1-es256-ps256",
+ // PS256 is not yet supported.
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
root: Ci.nsIX509CertDB.AddonsStageRoot,
},
{
- name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256",
+ name: "addons-stage-tomato-clock-sha1-es256",
expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1,
+ ],
root: Ci.nsIX509CertDB.AddonsStageRoot,
},
{
- name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256",
+ name: "addons-stage-tomato-clock-sha1-ps256",
+ // PS256 is not yet supported.
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
root: Ci.nsIX509CertDB.AddonsStageRoot,
},
];
@@ -670,21 +812,33 @@ var coseTestcasesProd = [
{
name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-ES384",
expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1,
+ ],
root: Ci.nsIX509CertDB.AddonsPublicRoot,
},
{
name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-PS256",
+ // PS256 is not yet supported.
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
root: Ci.nsIX509CertDB.AddonsPublicRoot,
},
{
name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256",
expectedResult: Cr.NS_OK,
+ expectedSignatureAlgorithms: [
+ Ci.nsIAppSignatureInfo.COSE_WITH_SHA256,
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1,
+ ],
root: Ci.nsIX509CertDB.AddonsPublicRoot,
},
{
name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-PS256",
+ // PS256 is not yet supported.
expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ expectedSignatureAlgorithms: [],
root: Ci.nsIX509CertDB.AddonsPublicRoot,
},
];
@@ -695,7 +849,11 @@ for (let policy of cosePolicies) {
certdb.openSignedAppFileAsync(
testcase.root,
original_app_path(testcase.name),
- check_open_result(testcase.name, testcase.expectedResult)
+ check_open_result(
+ testcase.name,
+ testcase.expectedResult,
+ testcase.expectedSignatureAlgorithms
+ )
);
});
}
@@ -714,7 +872,8 @@ add_signature_test(COSEAndPKCS7WithSHA256, function testCOSESigTampered() {
tampered,
check_open_result(
"cose_sig_tampered",
- Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+ []
)
);
});
@@ -732,7 +891,11 @@ add_signature_test(COSEAndPKCS7WithSHA256, function testCOSESigRemoved() {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("cose_sig_removed", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING)
+ check_open_result(
+ "cose_sig_removed",
+ Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+ []
+ )
);
});
@@ -749,7 +912,8 @@ add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEManifestTampered() {
tampered,
check_open_result(
"cose_manifest_tampered",
- Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+ []
)
);
});
@@ -767,7 +931,8 @@ add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEManifestRemoved() {
tampered,
check_open_result(
"cose_manifest_removed",
- Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING
+ Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+ []
)
);
});
@@ -780,7 +945,11 @@ add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEFileAdded() {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("cose_file_added", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY)
+ check_open_result(
+ "cose_file_added",
+ Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+ []
+ )
);
});
@@ -795,7 +964,11 @@ add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEFileRemoved() {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
tampered,
- check_open_result("cose_file_removed", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING)
+ check_open_result(
+ "cose_file_removed",
+ Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+ []
+ )
);
});
@@ -812,7 +985,8 @@ add_signature_test(COSEAndPKCS7WithSHA256, function testCOSEFileTampered() {
tampered,
check_open_result(
"cose_file_tampered",
- Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+ []
)
);
});
@@ -830,7 +1004,8 @@ add_signature_test(COSEOnly, function testOnlyCOSESigTampered() {
tampered,
check_open_result(
"only_cose_sig_tampered",
- Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+ Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ []
)
);
});
@@ -848,7 +1023,8 @@ add_signature_test(COSEOnly, function testOnlyCOSESigRemoved() {
tampered,
check_open_result(
"only_cose_sig_removed",
- Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+ Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE,
+ []
)
);
});
@@ -866,7 +1042,8 @@ add_signature_test(COSEOnly, function testOnlyCOSEManifestTampered() {
tampered,
check_open_result(
"only_cose_manifest_tampered",
- Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID
+ Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+ []
)
);
});
@@ -884,7 +1061,8 @@ add_signature_test(COSEOnly, function testOnlyCOSEManifestRemoved() {
tampered,
check_open_result(
"only_cose_manifest_removed",
- Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE
+ Cr.NS_ERROR_SIGNED_JAR_WRONG_SIGNATURE,
+ []
)
);
});
@@ -899,7 +1077,8 @@ add_signature_test(COSEOnly, function testOnlyCOSEFileAdded() {
tampered,
check_open_result(
"only_cose_file_added",
- Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+ []
)
);
});
@@ -917,7 +1096,8 @@ add_signature_test(COSEOnly, function testOnlyCOSEFileRemoved() {
tampered,
check_open_result(
"only_cose_file_removed",
- Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING
+ Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+ []
)
);
});
@@ -935,7 +1115,8 @@ add_signature_test(COSEOnly, function testOnlyCOSEFileTampered() {
tampered,
check_open_result(
"only_cose_file_tampered",
- Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+ []
)
);
});
@@ -951,7 +1132,8 @@ add_signature_test(COSEAndPKCS7WithSHA1OrSHA256, function () {
check_open_result(
"tampered COSE with good PKCS7 signature should fail " +
"when COSE and PKCS7 is processed",
- Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+ []
)
);
});
@@ -963,7 +1145,8 @@ add_signature_test(COSEOnly, function () {
check_open_result(
"tampered COSE with good PKCS7 signature should fail " +
"when only COSE is processed",
- Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY
+ Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+ []
)
);
});
@@ -974,9 +1157,10 @@ add_signature_test(PKCS7WithSHA1OrSHA256, function () {
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("cose_tampered_good_pkcs7"),
check_open_result(
- "tampered COSE with good PKCS7 signature should succeed" +
+ "tampered COSE with good PKCS7 signature should succeed " +
"when COSE is not processed",
- Cr.NS_OK
+ Cr.NS_OK,
+ [Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA1]
)
);
});
@@ -985,7 +1169,7 @@ add_test(function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("bug_1411458"),
- check_open_result("bug 1411458", Cr.NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO)
+ check_open_result("bug 1411458", Cr.NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO, [])
);
});
@@ -994,7 +1178,9 @@ add_test(function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("big_manifest"),
- check_open_result("add-on with big manifest file", Cr.NS_OK)
+ check_open_result("add-on with big manifest file", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256,
+ ])
);
});
@@ -1006,7 +1192,8 @@ add_test(function () {
original_app_path("huge_manifest"),
check_open_result(
"add-on with huge manifest file",
- Cr.NS_ERROR_SIGNED_JAR_ENTRY_INVALID
+ Cr.NS_ERROR_SIGNED_JAR_ENTRY_INVALID,
+ []
)
);
});
@@ -1017,7 +1204,9 @@ add_test(function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("validity_not_yet_valid"),
- check_open_result("validity_not_yet_valid", Cr.NS_OK)
+ check_open_result("validity_not_yet_valid", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256,
+ ])
);
});
@@ -1027,7 +1216,9 @@ add_test(function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot,
original_app_path("validity_expired"),
- check_open_result("validity_expired", Cr.NS_OK)
+ check_open_result("validity_expired", Cr.NS_OK, [
+ Ci.nsIAppSignatureInfo.PKCS7_WITH_SHA256,
+ ])
);
});
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-es384.zip
index b1d1999551..cb6767385c 100644
--- a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip
+++ b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-es384.zip
Binary files differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-ps256.zip
index b74e087620..d67b405ff7 100644
--- a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip
+++ b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-ps256.zip
Binary files differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256.zip
index 0ce563680d..146bc0caf9 100644
--- a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip
+++ b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256.zip
Binary files differ
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-ps256.zip
index 772c42e494..6f16f2c4f7 100644
--- a/security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256.zip
+++ b/security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-ps256.zip
Binary files differ
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
index 6b1b4a5ba6..f5f4a4ace7 100644
--- a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
@@ -6,7 +6,7 @@ var gSSService = Cc["@mozilla.org/ssservice;1"].getService(
function Observer() {}
Observer.prototype = {
- observe(subject, topic, data) {
+ observe(subject, topic) {
if (topic == "last-pb-context-exited") {
run_next_test();
}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp
index 38bfa87e1a..4764ed921d 100644
--- a/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/FaultyServer.cpp
@@ -157,7 +157,7 @@ void SecretCallbackFailZeroRtt(PRFileDesc* fd, PRUint16 epoch,
} else if (!strcmp(host->mHostName, kHostZeroRttAlertVersion)) {
SSL3_SendAlert(ss, alert_fatal, protocol_version);
} else if (!strcmp(host->mHostName, kHostZeroRttAlertUnexpected)) {
- SSL3_SendAlert(ss, alert_fatal, no_alert);
+ SSL3_SendAlert(ss, alert_fatal, unexpected_message);
}
}
}