/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ // Any copyright is dedicated to the Public Domain. // http://creativecommons.org/publicdomain/zero/1.0/ "use strict"; // Tests the methods and attributes for interfacing with a PKCS #11 token, using // the internal key token. // We don't use either of the test tokens in the test PKCS #11 module because: // 1. Test token 1 cyclically inserts and removes itself in a tight loop. // Using token 1 would complicate the test and introduce intermittent // failures. // 2. Neither test token implements login or password related functionality. // We want to test such functionality. // 3. Using the internal token lets us actually test the internal token works // as expected. // Ensure that the appropriate initialization has happened. do_get_profile(); function checkBasicAttributes(token) { let bundle = Services.strings.createBundle( "chrome://pipnss/locale/pipnss.properties" ); let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription"); equal( token.tokenName, expectedTokenName, "Actual and expected name should match" ); equal( token.tokenManID, bundle.GetStringFromName("ManufacturerID"), "Actual and expected manufacturer ID should match" ); equal( token.tokenHWVersion, "0.0", "Actual and expected hardware version should match" ); equal( token.tokenFWVersion, "0.0", "Actual and expected firmware version should match" ); equal( token.tokenSerialNumber, "0000000000000000", "Actual and expected serial number should match" ); } /** * Checks the various password related features of the given token. * The token should already have been init with a password and be logged into. * The password of the token will be reset after calling this function. * * @param {nsIPK11Token} token * The token to test. * @param {string} initialPW * The password that the token should have been init with. */ function checkPasswordFeaturesAndResetPassword(token, initialPW) { ok( !token.needsUserInit, "Token should not need user init after setting a password" ); ok( token.hasPassword, "Token should have a password after setting a password" ); ok( token.checkPassword(initialPW), "checkPassword() should succeed if the correct initial password is given" ); token.changePassword(initialPW, "newPW ÿ 一二三"); ok( token.checkPassword("newPW ÿ 一二三"), "checkPassword() should succeed if the correct new password is given" ); ok( !token.checkPassword("wrongPW"), "checkPassword() should fail if an incorrect password is given" ); ok( !token.isLoggedIn(), "Token should be logged out after an incorrect password was given" ); ok( !token.needsUserInit, "Token should still be init with a password even if an incorrect " + "password was given" ); token.reset(); ok(token.needsUserInit, "Token should need password init after reset"); ok(!token.hasPassword, "Token should not have a password after reset"); ok(!token.isLoggedIn(), "Token should be logged out of after reset"); } function run_test() { let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService( Ci.nsIPK11TokenDB ); let token = tokenDB.getInternalKeyToken(); notEqual(token, null, "The internal token should be present"); ok( token.isInternalKeyToken, "The internal token should be represented as such" ); checkBasicAttributes(token); ok(!token.isLoggedIn(), "Token should not be logged into yet"); // Test that attempting to log out even when the token was not logged into // does not result in an error. token.logoutSimple(); ok(!token.isLoggedIn(), "Token should still not be logged into"); ok( !token.hasPassword, "Token should not have a password before it has been set" ); let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三"; token.initPassword(initialPW); token.login(/* force */ false); ok(token.isLoggedIn(), "Token should now be logged into"); checkPasswordFeaturesAndResetPassword(token, initialPW); // We reset the password previously, so we need to initialize again. token.initPassword("arbitrary"); ok( token.isLoggedIn(), "Token should be logged into after initializing password again" ); token.logoutSimple(); ok( !token.isLoggedIn(), "Token should be logged out after calling logoutSimple()" ); ok( token.needsLogin(), "The internal token should always need authentication" ); }