summaryrefslogtreecommitdiffstats
path: root/toolkit/modules/tests/chrome/test_bug544442_checkCert.xhtml
blob: c8bf11b7048944baafcdc17491eb773272dd945b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?xml version="1.0"?>
<!--
/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/
 */
-->

<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>

<window title="Test CertUtils.sys.mjs checkCert - bug 340198 and bug 544442"
        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
        onload="testStart();">
<script src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>

<script type="application/javascript">
<![CDATA[

SimpleTest.waitForExplicitFinish();

const {CertUtils} = ChromeUtils.importESModule(
  "resource://gre/modules/CertUtils.sys.mjs"
);

function testStart() {
  ok(true, "Entering testStart");

  var request = new XMLHttpRequest();
  request.open("GET", "https://example.com/", true);
  request.channel.notificationCallbacks = new CertUtils.BadCertHandler(true);
  request.onerror = function(event) { testXHRError(event); };
  request.onload = function(event) { testXHRLoad(event); };
  request.send(null);
}

function testXHRError(aEvent) {
  ok(true, "Entering testXHRError - something went wrong");

  var request = aEvent.target;
  var status = 0;
  try {
    status = request.status;
  }
  catch (e) {
  }

  if (status == 0)
    status = request.channel.QueryInterface(Ci.nsIRequest).status;

  ok(false, "XHR onerror called: " + status);

  SimpleTest.finish();
}

function getCheckCertResult(aChannel, aAllowNonBuiltIn, aCerts) {
  try {
    CertUtils.checkCert(aChannel, aAllowNonBuiltIn, aCerts);
  }
  catch (e) {
    return e.result;
  }
  return Cr.NS_OK;
}

function testXHRLoad(aEvent) {
  ok(true, "Entering testXHRLoad");

  var channel = aEvent.target.channel;

  var certs = null;
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ABORT,
     "checkCert should throw NS_ERROR_ABORT when the certificate attributes " +
     "array passed to checkCert is null and the certificate is not builtin");

  is(getCheckCertResult(channel, true, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes array " +
     "passed to checkCert is null and builtin certificates aren't enforced");

  certs = [ { invalidAttribute: "Invalid attribute" } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ILLEGAL_VALUE,
     "checkCert should throw NS_ERROR_ILLEGAL_VALUE when the certificate " +
     "attributes array passed to checkCert has an element that has an " +
     "attribute that does not exist on the certificate");

  certs = [ { issuerName: "Incorrect issuerName" } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ILLEGAL_VALUE,
     "checkCert should throw NS_ERROR_ILLEGAL_VALUE when the certificate " +
     "attributes array passed to checkCert has an element that has an " +
     "issuerName that is not the same as the certificate's");

  var cert = channel.securityInfo.serverCert;

  certs = [ { issuerName: cert.issuerName,
              commonName: cert.commonName } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ABORT,
     "checkCert should throw NS_ERROR_ABORT when the certificate attributes " +
     "array passed to checkCert has a single element that has the same " +
     "issuerName and commonName as the certificate's and the certificate is " +
     "not builtin");

  is(getCheckCertResult(channel, true, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes array " +
     "passed to checkCert has a single element that has the same issuerName " +
     "and commonName as the certificate's and and builtin certificates " +
     "aren't enforced");

  certs = [ { issuerName: "Incorrect issuerName",
              invalidAttribute: "Invalid attribute" },
            { issuerName: cert.issuerName,
              commonName: "Invalid Common Name" },
            { issuerName: cert.issuerName,
              commonName: cert.commonName } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ABORT,
     "checkCert should throw NS_ERROR_ABORT when the certificate attributes " +
     "array passed to checkCert has an element that has the same issuerName " +
     "and commonName as the certificate's and the certificate is not builtin");

  is(getCheckCertResult(channel, true, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes array " +
     "passed to checkCert has an element that has the same issuerName and " +
     "commonName as the certificate's and builtin certificates aren't enforced");

  var mockChannel = { originalURI: SpecialPowers.Services.io.newURI("http://example.com/") };

  certs = [ ];
  is(getCheckCertResult(mockChannel, false, certs), Cr.NS_ERROR_UNEXPECTED,
     "checkCert should throw NS_ERROR_UNEXPECTED when the certificate " +
     "attributes array passed to checkCert is not null and the channel's " +
     "originalURI is not https");

  certs = null;
  is(getCheckCertResult(mockChannel, false, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes object " +
     "passed to checkCert is null and the the channel's originalURI is not " +
     "https");

  SimpleTest.finish();
}

]]>
</script>

<body xmlns="http://www.w3.org/1999/xhtml">
  <p id="display"></p>
  <div id="content" style="display: none"></div>
  <pre id="test"></pre>
</body>
</window>