1 files changed, 60 insertions, 7 deletions
diff --git a/toolkit/modules/tests/xpcshell/test_GMPInstallManager.js b/toolkit/modules/tests/xpcshell/test_GMPInstallManager.js
index a0d12b8a6a..be1be93968 100644
--- a/toolkit/modules/tests/xpcshell/test_GMPInstallManager.js
+++ b/toolkit/modules/tests/xpcshell/test_GMPInstallManager.js
@@ -837,6 +837,60 @@ add_task(async function test_checkForAddons_contentSignatureFailure() {
 });
 
 /**
+ * Tests that the signature verification URL is as expected.
+ */
+add_task(async function test_checkForAddons_get_verifier_url() {
+  const previousUrlOverride = setupContentSigTestPrefs();
+
+  let installManager = new GMPInstallManager();
+  // checkForAddons() calls _getContentSignatureRootForURL() with the return
+  // value of _getURL(), which is effectively KEY_URL_OVERRIDE or KEY_URL
+  // followed by some normalization.
+  const rootForUrl = async () => {
+    const url = await installManager._getURL();
+    return installManager._getContentSignatureRootForURL(url);
+  };
+
+  Assert.equal(
+    await rootForUrl(),
+    Ci.nsIX509CertDB.AppXPCShellRoot,
+    "XPCShell root used by default in xpcshell test"
+  );
+
+  const defaultPrefs = Services.prefs.getDefaultBranch("");
+  const defaultUrl = defaultPrefs.getStringPref(GMPPrefs.KEY_URL);
+  Preferences.set(GMPPrefs.KEY_URL_OVERRIDE, defaultUrl);
+  Assert.equal(
+    await rootForUrl(),
+    Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot,
+    "Production cert should be used for the default Balrog URL: " + defaultUrl
+  );
+
+  // The current Balrog endpoint is at aus5.mozilla.org. Confirm that the prod
+  // cert is used even if we bump the version (e.g. aus6):
+  const potentialProdUrl = "https://aus1337.mozilla.org/potential/prod/URL";
+  Preferences.set(GMPPrefs.KEY_URL_OVERRIDE, potentialProdUrl);
+  Assert.equal(
+    await rootForUrl(),
+    Ci.nsIContentSignatureVerifier.ContentSignatureProdRoot,
+    "Production cert should be used for: " + potentialProdUrl
+  );
+
+  // Stage URL documented at https://mozilla-balrog.readthedocs.io/en/latest/infrastructure.html
+  const stageUrl = "https://stage.balrog.nonprod.cloudops.mozgcp.net/etc.";
+  Preferences.set(GMPPrefs.KEY_URL_OVERRIDE, stageUrl);
+  Assert.equal(
+    await rootForUrl(),
+    Ci.nsIContentSignatureVerifier.ContentSignatureStageRoot,
+    "Stage cert should be used with the stage URL: " + stageUrl
+  );
+
+  installManager.uninit();
+
+  revertContentSigTestPrefs(previousUrlOverride);
+});
+
+/**
  * Tests that checkForAddons() works as expected when certificate pinning
  * checking is enabled. We plan to move away from cert pinning in favor of
  * content signature checks, but part of doing this is comparing the telemetry
@@ -1175,7 +1229,7 @@ add_test(function test_installAddon_noServer() {
       GMPInstallManager.overrideLeaveDownloadedZip = true;
       let installPromise = installManager.installAddon(gmpAddon);
       installPromise.then(
-        extractedPaths => {
+        () => {
           do_throw("No server for install should reject");
         },
         err => {
@@ -1324,8 +1378,8 @@ function mockRequest(inputStatus, inputResponse, options) {
   this._options = options || {};
 }
 mockRequest.prototype = {
-  overrideMimeType(aMimetype) {},
-  setRequestHeader(aHeader, aValue) {},
+  overrideMimeType() {},
+  setRequestHeader() {},
   status: null,
   channel: { set notificationCallbacks(aVal) {} },
   open(aMethod, aUrl) {
@@ -1339,7 +1393,7 @@ mockRequest.prototype = {
   },
   responseXML: null,
   responseText: null,
-  send(aBody) {
+  send() {
     executeSoon(() => {
       try {
         if (this._options.dropRequest) {
@@ -1427,9 +1481,8 @@ mockRequest.prototype = {
       }
     }
   },
-  addEventListener(aEvent, aValue, aCapturing) {
-    // eslint-disable-next-line no-eval
-    eval("this._on" + aEvent + " = aValue");
+  addEventListener(aEvent, aValue) {
+    this[`_on${aEvent}`] = aValue;
   },
   get wrappedJSObject() {
     return this;