summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/tests/mochitest/browser/browser_certViewer.js')
-rw-r--r--security/manager/ssl/tests/mochitest/browser/browser_certViewer.js107
1 files changed, 107 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
new file mode 100644
index 0000000000..489d7a4ef6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@@ -0,0 +1,107 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Repeatedly opens the certificate viewer dialog with various certificates and
+// determines that the viewer correctly identifies either what usages those
+// certificates are valid for or what errors prevented the certificates from
+// being verified.
+
+var { AppConstants } = ChromeUtils.importESModule(
+ "resource://gre/modules/AppConstants.sys.mjs"
+);
+
+add_task(async function testCAandTitle() {
+ let cert = await readCertificate("ca.pem", "CTu,CTu,CTu");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "ca");
+});
+
+add_task(async function testSSLEndEntity() {
+ let cert = await readCertificate("ssl-ee.pem", ",,");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "ssl-ee");
+});
+
+add_task(async function testEmailEndEntity() {
+ let cert = await readCertificate("email-ee.pem", ",,");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "email-ee");
+});
+
+add_task(async function testCodeSignEndEntity() {
+ let cert = await readCertificate("code-ee.pem", ",,");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "code-ee");
+});
+
+add_task(async function testExpired() {
+ let cert = await readCertificate("expired-ca.pem", ",,");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "expired-ca");
+});
+
+add_task(async function testUntrusted() {
+ let cert = await readCertificate("untrusted-ca.pem", "p,p,p");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "untrusted-ca");
+});
+
+add_task(async function testInvalid() {
+ // This certificate has a keyUsage extension asserting cRLSign and
+ // keyCertSign, but it doesn't have a basicConstraints extension. This
+ // shouldn't be valid for any usage. Sadly, we give a pretty bad error
+ // message in this case.
+ let cert = await readCertificate("invalid.pem", ",,");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "invalid");
+});
+
+add_task(async function testLongOID() {
+ // This certificate has a certificatePolicies extension with a policy with a
+ // very long OID. This tests that we don't crash when looking at it.
+ let cert = await readCertificate("longOID.pem", ",,");
+ let url = getURL(cert);
+ await openCertViewerAndCheckTabName(url, "Long OID");
+});
+
+/**
+ * Given a certificate, returns its PEMs (each one of the certificate chain) string in a url.
+ *
+ * @param {object} cert
+ * A certificate object
+ * @returns {string} an URL for opening the certificate viewer
+ */
+function getURL(cert) {
+ // Note that we don't get the certificate chain as in e.g browser/base/content/browser.js,
+ // because all the .pem files when opened with CS (https://github.com/april/certainly-something)
+ // shows only one certificate
+ let derb64 = encodeURIComponent(cert.getBase64DERString());
+ return `about:certificate?cert=${derb64}`;
+}
+
+/**
+ * Given an certificate URL, opens the new certificate viewer and check
+ * if a certain element exists, with its expected result.
+ *
+ * @param {string} url
+ * The URL with the certificate info
+ * @param {string} expectedTabName
+ * The expected name of the tab in the certificate viewer
+ */
+async function openCertViewerAndCheckTabName(url, expectedTabName) {
+ await BrowserTestUtils.withNewTab({ gBrowser, url }, async function(browser) {
+ await SpecialPowers.spawn(browser, [expectedTabName], async function(
+ expectedTabName
+ ) {
+ let certificateSection = await ContentTaskUtils.waitForCondition(() => {
+ return content.document.querySelector("certificate-section");
+ }, "Certificate section found");
+ let tabName = certificateSection.shadowRoot.querySelector(
+ ".tab[idnumber='0']"
+ ).textContent;
+ Assert.equal(tabName, expectedTabName);
+ });
+ });
+}