summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
blob: 489d7a4ef636501f5cc686a797ad92772bbc6934 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";

// Repeatedly opens the certificate viewer dialog with various certificates and
// determines that the viewer correctly identifies either what usages those
// certificates are valid for or what errors prevented the certificates from
// being verified.

var { AppConstants } = ChromeUtils.importESModule(
  "resource://gre/modules/AppConstants.sys.mjs"
);

add_task(async function testCAandTitle() {
  let cert = await readCertificate("ca.pem", "CTu,CTu,CTu");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "ca");
});

add_task(async function testSSLEndEntity() {
  let cert = await readCertificate("ssl-ee.pem", ",,");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "ssl-ee");
});

add_task(async function testEmailEndEntity() {
  let cert = await readCertificate("email-ee.pem", ",,");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "email-ee");
});

add_task(async function testCodeSignEndEntity() {
  let cert = await readCertificate("code-ee.pem", ",,");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "code-ee");
});

add_task(async function testExpired() {
  let cert = await readCertificate("expired-ca.pem", ",,");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "expired-ca");
});

add_task(async function testUntrusted() {
  let cert = await readCertificate("untrusted-ca.pem", "p,p,p");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "untrusted-ca");
});

add_task(async function testInvalid() {
  // This certificate has a keyUsage extension asserting cRLSign and
  // keyCertSign, but it doesn't have a basicConstraints extension. This
  // shouldn't be valid for any usage. Sadly, we give a pretty bad error
  // message in this case.
  let cert = await readCertificate("invalid.pem", ",,");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "invalid");
});

add_task(async function testLongOID() {
  // This certificate has a certificatePolicies extension with a policy with a
  // very long OID. This tests that we don't crash when looking at it.
  let cert = await readCertificate("longOID.pem", ",,");
  let url = getURL(cert);
  await openCertViewerAndCheckTabName(url, "Long OID");
});

/**
 * Given a certificate, returns its PEMs (each one of the certificate chain) string in a url.
 *
 * @param {object} cert
 *      A certificate object
 * @returns {string} an URL for opening the certificate viewer
 */
function getURL(cert) {
  // Note that we don't get the certificate chain as in e.g browser/base/content/browser.js,
  // because all the .pem files when opened with CS (https://github.com/april/certainly-something)
  // shows only one certificate
  let derb64 = encodeURIComponent(cert.getBase64DERString());
  return `about:certificate?cert=${derb64}`;
}

/**
 * Given an certificate URL, opens the new certificate viewer and check
 * if a certain element exists, with its expected result.
 *
 * @param {string} url
 *        The URL with the certificate info
 * @param {string} expectedTabName
 *        The expected name of the tab in the certificate viewer
 */
async function openCertViewerAndCheckTabName(url, expectedTabName) {
  await BrowserTestUtils.withNewTab({ gBrowser, url }, async function(browser) {
    await SpecialPowers.spawn(browser, [expectedTabName], async function(
      expectedTabName
    ) {
      let certificateSection = await ContentTaskUtils.waitForCondition(() => {
        return content.document.querySelector("certificate-section");
      }, "Certificate section found");
      let tabName = certificateSection.shadowRoot.querySelector(
        ".tab[idnumber='0']"
      ).textContent;
      Assert.equal(tabName, expectedTabName);
    });
  });
}