summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
blob: ac3abd44e6dc251b2b1dd441de32ce91c396a958 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// Any copyright is dedicated to the Public Domain.
// http://creativecommons.org/publicdomain/zero/1.0/
"use strict";

// Tests that the UI for editing the trust of a CA certificate correctly
// reflects trust in the cert DB, and correctly updates trust in the cert DB
// when requested.

var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
  Ci.nsIX509CertDB
);

/**
 * The cert we're editing the trust of.
 *
 * @type {nsIX509Cert}
 */
var gCert;

/**
 * Opens the cert trust editing dialog.
 *
 * @returns {Promise}
 *          A promise that resolves when the dialog has finished loading with
 *          the window of the opened dialog.
 */
function openEditCertTrustDialog() {
  let win = window.openDialog(
    "chrome://pippki/content/editcacert.xhtml",
    "",
    "",
    gCert
  );
  return new Promise((resolve, reject) => {
    win.addEventListener(
      "load",
      function() {
        executeSoon(() => resolve(win));
      },
      { once: true }
    );
  });
}

add_setup(async function() {
  // Initially trust ca.pem for SSL but not e-mail.
  gCert = await readCertificate("ca.pem", "CT,,");
  Assert.ok(
    gCertDB.isCertTrusted(
      gCert,
      Ci.nsIX509Cert.CA_CERT,
      Ci.nsIX509CertDB.TRUSTED_SSL
    ),
    "Sanity check: ca.pem should be trusted for SSL"
  );
  Assert.ok(
    !gCertDB.isCertTrusted(
      gCert,
      Ci.nsIX509Cert.CA_CERT,
      Ci.nsIX509CertDB.TRUSTED_EMAIL
    ),
    "Sanity check: ca.pem should not be trusted for e-mail"
  );
});

// Tests the following:
// 1. The checkboxes correctly reflect the trust set in setup().
// 2. Accepting the dialog after flipping some of the checkboxes results in the
//    correct trust being set in the cert DB.
add_task(async function testAcceptDialog() {
  let win = await openEditCertTrustDialog();

  let sslCheckbox = win.document.getElementById("trustSSL");
  let emailCheckbox = win.document.getElementById("trustEmail");
  Assert.ok(sslCheckbox.checked, "Cert should be trusted for SSL in UI");
  Assert.ok(
    !emailCheckbox.checked,
    "Cert should not be trusted for e-mail in UI"
  );

  sslCheckbox.checked = false;
  emailCheckbox.checked = true;

  info("Accepting dialog");
  win.document.getElementById("editCaCert").acceptDialog();
  await BrowserTestUtils.windowClosed(win);

  Assert.ok(
    !gCertDB.isCertTrusted(
      gCert,
      Ci.nsIX509Cert.CA_CERT,
      Ci.nsIX509CertDB.TRUSTED_SSL
    ),
    "Cert should no longer be trusted for SSL"
  );
  Assert.ok(
    gCertDB.isCertTrusted(
      gCert,
      Ci.nsIX509Cert.CA_CERT,
      Ci.nsIX509CertDB.TRUSTED_EMAIL
    ),
    "Cert should now be trusted for e-mail"
  );
});

// Tests the following:
// 1. The checkboxes correctly reflect the trust set in testAcceptDialog().
// 2. Canceling the dialog even after flipping the checkboxes doesn't result in
//    a change of trust in the cert DB.
add_task(async function testCancelDialog() {
  let win = await openEditCertTrustDialog();

  let sslCheckbox = win.document.getElementById("trustSSL");
  let emailCheckbox = win.document.getElementById("trustEmail");
  Assert.ok(!sslCheckbox.checked, "Cert should not be trusted for SSL in UI");
  Assert.ok(emailCheckbox.checked, "Cert should be trusted for e-mail in UI");

  sslCheckbox.checked = true;
  emailCheckbox.checked = false;

  info("Canceling dialog");
  win.document.getElementById("editCaCert").cancelDialog();
  await BrowserTestUtils.windowClosed(win);

  Assert.ok(
    !gCertDB.isCertTrusted(
      gCert,
      Ci.nsIX509Cert.CA_CERT,
      Ci.nsIX509CertDB.TRUSTED_SSL
    ),
    "Cert should still not be trusted for SSL"
  );
  Assert.ok(
    gCertDB.isCertTrusted(
      gCert,
      Ci.nsIX509Cert.CA_CERT,
      Ci.nsIX509CertDB.TRUSTED_EMAIL
    ),
    "Cert should still be trusted for e-mail"
  );
});