1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
// Repeatedly opens the certificate viewer dialog with various certificates and
// determines that the viewer correctly identifies either what usages those
// certificates are valid for or what errors prevented the certificates from
// being verified.
add_task(async function testCAandTitle() {
let cert = await readCertificate("ca.pem", "CTu,CTu,CTu");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "ca");
});
add_task(async function testSSLEndEntity() {
let cert = await readCertificate("ssl-ee.pem", ",,");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "ssl-ee");
});
add_task(async function testEmailEndEntity() {
let cert = await readCertificate("email-ee.pem", ",,");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "email-ee");
});
add_task(async function testCodeSignEndEntity() {
let cert = await readCertificate("code-ee.pem", ",,");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "code-ee");
});
add_task(async function testExpired() {
let cert = await readCertificate("expired-ca.pem", ",,");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "expired-ca");
});
add_task(async function testUntrusted() {
let cert = await readCertificate("untrusted-ca.pem", "p,p,p");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "untrusted-ca");
});
add_task(async function testInvalid() {
// This certificate has a keyUsage extension asserting cRLSign and
// keyCertSign, but it doesn't have a basicConstraints extension. This
// shouldn't be valid for any usage. Sadly, we give a pretty bad error
// message in this case.
let cert = await readCertificate("invalid.pem", ",,");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "invalid");
});
add_task(async function testLongOID() {
// This certificate has a certificatePolicies extension with a policy with a
// very long OID. This tests that we don't crash when looking at it.
let cert = await readCertificate("longOID.pem", ",,");
let url = getURL(cert);
await openCertViewerAndCheckTabName(url, "Long OID");
});
/**
* Given a certificate, returns its PEMs (each one of the certificate chain) string in a url.
*
* @param {object} cert
* A certificate object
* @returns {string} an URL for opening the certificate viewer
*/
function getURL(cert) {
// Note that we don't get the certificate chain as in e.g browser/base/content/browser.js,
// because all the .pem files when opened with CS (https://github.com/april/certainly-something)
// shows only one certificate
let derb64 = encodeURIComponent(cert.getBase64DERString());
return `about:certificate?cert=${derb64}`;
}
/**
* Given an certificate URL, opens the new certificate viewer and check
* if a certain element exists, with its expected result.
*
* @param {string} url
* The URL with the certificate info
* @param {string} expectedTabName
* The expected name of the tab in the certificate viewer
*/
async function openCertViewerAndCheckTabName(url, expectedTabName) {
await BrowserTestUtils.withNewTab(
{ gBrowser, url },
async function (browser) {
await SpecialPowers.spawn(
browser,
[expectedTabName],
async function (expectedTabName) {
let certificateSection = await ContentTaskUtils.waitForCondition(
() => {
return content.document.querySelector("certificate-section");
},
"Certificate section found"
);
let tabName =
certificateSection.shadowRoot.querySelector(
".tab[idnumber='0']"
).textContent;
Assert.equal(tabName, expectedTabName);
}
);
}
);
}
|
