summaryrefslogtreecommitdiffstats
path: root/dom/media/webrtc/tests/mochitests/test_peerConnection_certificates.html
diff options
context:
space:
mode:
Diffstat (limited to 'dom/media/webrtc/tests/mochitests/test_peerConnection_certificates.html')
-rw-r--r--dom/media/webrtc/tests/mochitests/test_peerConnection_certificates.html185
1 files changed, 185 insertions, 0 deletions
diff --git a/dom/media/webrtc/tests/mochitests/test_peerConnection_certificates.html b/dom/media/webrtc/tests/mochitests/test_peerConnection_certificates.html
new file mode 100644
index 0000000000..561f285f60
--- /dev/null
+++ b/dom/media/webrtc/tests/mochitests/test_peerConnection_certificates.html
@@ -0,0 +1,185 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <script type="application/javascript" src="pc.js"></script>
+</head>
+<body>
+<pre id="test">
+<script type="application/javascript">
+ createHTML({
+ bug: "1172785",
+ title: "Certificate management"
+ });
+
+ function badCertificate(config, expectedError, message) {
+ return RTCPeerConnection.generateCertificate(config)
+ .then(() => ok(false, message),
+ e => is(e.name, expectedError, message));
+ }
+
+ // Checks a handful of obviously bad options to RTCCertificate.create(). Most
+ // of the checking is done by the WebCrypto code underpinning this, hence the
+ // baffling error codes, but a sanity check is still in order.
+ function checkBadParameters() {
+ return Promise.all([
+ badCertificate({
+ name: "RSASSA-PKCS1-v1_5",
+ hash: "SHA-256",
+ modulusLength: 1023,
+ publicExponent: new Uint8Array([1, 0, 1])
+ }, "NotSupportedError", "1023-bit is too small to succeed"),
+
+ badCertificate({
+ name: "RSASSA-PKCS1-v1_5",
+ hash: "SHA-384",
+ modulusLength: 2048,
+ publicExponent: new Uint8Array([1, 0, 1])
+ }, "NotSupportedError", "SHA-384 isn't supported yet"),
+
+ // A SyntaxError happens in the "generate key operation" step, but
+ // webrtc-pc does not say to reject the promise if this step fails.
+ // It does say to throw NotSupportedError if we have passed "an
+ // algorithm that the user agent cannot or will not use to generate a
+ // certificate".
+ badCertificate({
+ name: "ECDH",
+ namedCurve: "P-256"
+ }, "NotSupportedError", "ECDH is rejected because the usage is neither \"deriveKey\" or \"deriveBits\""),
+
+ badCertificate({
+ name: "not a valid algorithm"
+ }, "NotSupportedError", "not a valid algorithm"),
+
+ badCertificate("ECDSA", "NotSupportedError", "a bare name is not enough"),
+
+ badCertificate({
+ name: "ECDSA",
+ namedCurve: "not a curve"
+ }, "NotSupportedError", "ECDSA with an unknown curve")
+ ]);
+ }
+
+ function createDB() {
+ var openDB = indexedDB.open("genericstore");
+ openDB.onupgradeneeded = e => {
+ var db = e.target.result;
+ db.createObjectStore("data");
+ };
+ return new Promise(resolve => {
+ openDB.onsuccess = e => resolve(e.target.result);
+ });
+ }
+
+ function resultPromise(tx, op) {
+ return new Promise((resolve, reject) => {
+ op.onsuccess = e => resolve(e.target.result);
+ op.onerror = () => reject(op.error);
+ tx.onabort = () => reject(tx.error);
+ });
+ }
+
+ function store(db, value) {
+ var tx = db.transaction("data", "readwrite");
+ var store = tx.objectStore("data");
+ return resultPromise(tx, store.put(value, "value"));
+ }
+
+ function retrieve(db) {
+ var tx = db.transaction("data", "readonly");
+ var store = tx.objectStore("data");
+ return resultPromise(tx, store.get("value"));
+ }
+
+ // Creates a database, stores a value, retrieves it.
+ function storeAndRetrieve(value) {
+ return createDB().then(db => {
+ return store(db, value)
+ .then(() => retrieve(db))
+ .then(retrieved => {
+ db.close();
+ return retrieved;
+ });
+ });
+ }
+
+ var test;
+ runNetworkTest(function (options) {
+ var expiredCert;
+ return Promise.resolve()
+ .then(() => RTCPeerConnection.generateCertificate({
+ name: "ECDSA",
+ namedCurve: "P-256",
+ expires: 1 // smallest possible expiration window
+ }))
+ .then(cert => {
+ ok(!isNaN(cert.expires), 'cert has expiration time');
+ info('Expires at ' + new Date(cert.expires));
+ expiredCert = cert;
+ })
+
+ .then(() => checkBadParameters())
+
+ .then(() => {
+ var delay = expiredCert.expires - Date.now();
+ // Hopefully this delay is never needed.
+ if (delay > 0) {
+ return new Promise(r => setTimeout(r, delay));
+ }
+ })
+ .then(() => {
+ ok(expiredCert.expires <= Date.now(), 'Cert should be at or past expiration');
+ try {
+ new RTCPeerConnection({ certificates: [expiredCert] });
+ ok(false, 'Constructing peer connection with an expired cert is not allowed');
+ } catch(e) {
+ is(e.name, 'InvalidAccessError',
+ 'Constructing peer connection with an expired certs is not allowed');
+ }
+ })
+
+ .then(() => Promise.all([
+ RTCPeerConnection.generateCertificate({
+ name: "ECDSA",
+ namedCurve: "P-256"
+ }),
+ RTCPeerConnection.generateCertificate({
+ name: "RSASSA-PKCS1-v1_5",
+ hash: "SHA-256",
+ modulusLength: 2048,
+ publicExponent: new Uint8Array([1, 0, 1])
+ })
+ ]))
+
+ // A round trip through indexedDB should not do anything.
+ .then(storeAndRetrieve)
+ .then(certs => {
+ try {
+ new RTCPeerConnection({ certificates: certs });
+ ok(false, 'Constructing peer connection with multiple certs is not allowed');
+ } catch(e) {
+ is(e.name, 'NotSupportedError',
+ 'Constructing peer connection with multiple certs is not allowed');
+ }
+ return certs;
+ })
+ .then(certs => {
+ test = new PeerConnectionTest({
+ config_local: {
+ certificates: [certs[0]]
+ },
+ config_remote: {
+ certificates: [certs[1]]
+ }
+ });
+ test.setMediaConstraints([{audio: true}], [{audio: true}]);
+ return test.run();
+ })
+ .catch(e => {
+ console.log('test failure', e);
+ ok(false, 'test failed: ' + e);
+ });
+ });
+</script>
+</pre>
+</body>
+</html>