summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_enterprise_roots.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /security/manager/ssl/tests/unit/test_enterprise_roots.js
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/manager/ssl/tests/unit/test_enterprise_roots.js')
-rw-r--r--security/manager/ssl/tests/unit/test_enterprise_roots.js82
1 files changed, 82 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_enterprise_roots.js b/security/manager/ssl/tests/unit/test_enterprise_roots.js
new file mode 100644
index 0000000000..6abd7161ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_enterprise_roots.js
@@ -0,0 +1,82 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests enterprise root certificate support. When configured to do so, the
+// platform will attempt to find and import enterprise root certificates. This
+// feature is specific to Windows.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+const { TestUtils } = ChromeUtils.importESModule(
+ "resource://testing-common/TestUtils.sys.mjs"
+);
+
+async function check_no_enterprise_roots_imported(
+ nssComponent,
+ certDB,
+ dbKey = undefined
+) {
+ let enterpriseRoots = nssComponent.getEnterpriseRoots();
+ notEqual(enterpriseRoots, null, "enterprise roots list should not be null");
+ equal(
+ enterpriseRoots.length,
+ 0,
+ "should not have imported any enterprise roots"
+ );
+ if (dbKey) {
+ let cert = certDB.findCertByDBKey(dbKey);
+ // If the garbage-collector hasn't run, there may be reachable copies of
+ // imported enterprise root certificates. If so, they shouldn't be trusted
+ // to issue TLS server auth certificates.
+ if (cert) {
+ await asyncTestCertificateUsages(certDB, cert, []);
+ }
+ }
+}
+
+async function check_some_enterprise_roots_imported(nssComponent, certDB) {
+ let enterpriseRoots = nssComponent.getEnterpriseRoots();
+ notEqual(enterpriseRoots, null, "enterprise roots list should not be null");
+ notEqual(
+ enterpriseRoots.length,
+ 0,
+ "should have imported some enterprise roots"
+ );
+ let foundNonBuiltIn = false;
+ let savedDBKey = null;
+ for (let certDer of enterpriseRoots) {
+ let cert = certDB.constructX509(certDer);
+ notEqual(cert, null, "should be able to decode cert from DER");
+ if (!cert.isBuiltInRoot && !savedDBKey) {
+ foundNonBuiltIn = true;
+ savedDBKey = cert.dbKey;
+ info("saving dbKey from " + cert.commonName);
+ await asyncTestCertificateUsages(certDB, cert, [certificateUsageSSLCA]);
+ break;
+ }
+ }
+ ok(foundNonBuiltIn, "should have found non-built-in root");
+ return savedDBKey;
+}
+
+add_task(async function run_test() {
+ let nssComponent = Cc["@mozilla.org/psm;1"].getService(Ci.nsINSSComponent);
+ let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+ Ci.nsIX509CertDB
+ );
+ nssComponent.getEnterpriseRoots(); // blocks until roots are loaded
+ Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+ await check_no_enterprise_roots_imported(nssComponent, certDB);
+ Services.prefs.setBoolPref("security.enterprise_roots.enabled", true);
+ await TestUtils.topicObserved("psm:enterprise-certs-imported");
+ let savedDBKey = await check_some_enterprise_roots_imported(
+ nssComponent,
+ certDB
+ );
+ Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+ await check_no_enterprise_roots_imported(nssComponent, certDB, savedDBKey);
+});