1 files changed, 149 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_token.js b/security/manager/ssl/tests/unit/test_pkcs11_token.js
new file mode 100644
index 0000000000..575fc26b88
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_token.js
@@ -0,0 +1,149 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 token, using
+// the internal key token.
+// We don't use either of the test tokens in the test PKCS #11 module because:
+//   1. Test token 1 cyclically inserts and removes itself in a tight loop.
+//      Using token 1 would complicate the test and introduce intermittent
+//      failures.
+//   2. Neither test token implements login or password related functionality.
+//      We want to test such functionality.
+//   3. Using the internal token lets us actually test the internal token works
+//      as expected.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function checkBasicAttributes(token) {
+  let bundle = Services.strings.createBundle(
+    "chrome://pipnss/locale/pipnss.properties"
+  );
+
+  let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
+  equal(
+    token.tokenName,
+    expectedTokenName,
+    "Actual and expected name should match"
+  );
+  equal(
+    token.tokenManID,
+    bundle.GetStringFromName("ManufacturerID"),
+    "Actual and expected manufacturer ID should match"
+  );
+  equal(
+    token.tokenHWVersion,
+    "0.0",
+    "Actual and expected hardware version should match"
+  );
+  equal(
+    token.tokenFWVersion,
+    "0.0",
+    "Actual and expected firmware version should match"
+  );
+  equal(
+    token.tokenSerialNumber,
+    "0000000000000000",
+    "Actual and expected serial number should match"
+  );
+}
+
+/**
+ * Checks the various password related features of the given token.
+ * The token should already have been init with a password and be logged into.
+ * The password of the token will be reset after calling this function.
+ *
+ * @param {nsIPK11Token} token
+ *        The token to test.
+ * @param {string} initialPW
+ *        The password that the token should have been init with.
+ */
+function checkPasswordFeaturesAndResetPassword(token, initialPW) {
+  ok(
+    !token.needsUserInit,
+    "Token should not need user init after setting a password"
+  );
+  ok(
+    token.hasPassword,
+    "Token should have a password after setting a password"
+  );
+
+  ok(
+    token.checkPassword(initialPW),
+    "checkPassword() should succeed if the correct initial password is given"
+  );
+  token.changePassword(initialPW, "newPW ÿ 一二三");
+  ok(
+    token.checkPassword("newPW ÿ 一二三"),
+    "checkPassword() should succeed if the correct new password is given"
+  );
+
+  ok(
+    !token.checkPassword("wrongPW"),
+    "checkPassword() should fail if an incorrect password is given"
+  );
+  ok(
+    !token.isLoggedIn(),
+    "Token should be logged out after an incorrect password was given"
+  );
+  ok(
+    !token.needsUserInit,
+    "Token should still be init with a password even if an incorrect " +
+      "password was given"
+  );
+
+  token.reset();
+  ok(token.needsUserInit, "Token should need password init after reset");
+  ok(!token.hasPassword, "Token should not have a password after reset");
+  ok(!token.isLoggedIn(), "Token should be logged out of after reset");
+}
+
+function run_test() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
+    Ci.nsIPK11TokenDB
+  );
+  let token = tokenDB.getInternalKeyToken();
+  notEqual(token, null, "The internal token should be present");
+  ok(
+    token.isInternalKeyToken,
+    "The internal token should be represented as such"
+  );
+
+  checkBasicAttributes(token);
+
+  ok(!token.isLoggedIn(), "Token should not be logged into yet");
+  // Test that attempting to log out even when the token was not logged into
+  // does not result in an error.
+  token.logoutSimple();
+  ok(!token.isLoggedIn(), "Token should still not be logged into");
+  ok(
+    !token.hasPassword,
+    "Token should not have a password before it has been set"
+  );
+
+  let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三";
+  token.initPassword(initialPW);
+  token.login(/* force */ false);
+  ok(token.isLoggedIn(), "Token should now be logged into");
+
+  checkPasswordFeaturesAndResetPassword(token, initialPW);
+
+  // We reset the password previously, so we need to initialize again.
+  token.initPassword("arbitrary");
+  ok(
+    token.isLoggedIn(),
+    "Token should be logged into after initializing password again"
+  );
+  token.logoutSimple();
+  ok(
+    !token.isLoggedIn(),
+    "Token should be logged out after calling logoutSimple()"
+  );
+
+  ok(
+    token.needsLogin(),
+    "The internal token should always need authentication"
+  );
+}