зеркало из https://github.com/mozilla/gecko-dev.git
Bug 332442 - Keep track of and delete imported certs in head.js instead of in various test files. r=mgoodwin
head.js is run/included for every test file in the same folder, so having it keep track of and clean up imported certs reduces the amount of duplication. MozReview-Commit-ID: 23482qadMiy --HG-- extra : rebase_source : e74ebc2d38b4abc58cc344742c98919e137e08ba
This commit is contained in:
Родитель
9f8d517918
Коммит
05c6ec703e
|
@ -10,53 +10,43 @@
|
||||||
|
|
||||||
var { OS } = Cu.import("resource://gre/modules/osfile.jsm", {});
|
var { OS } = Cu.import("resource://gre/modules/osfile.jsm", {});
|
||||||
|
|
||||||
var certificates = [];
|
|
||||||
|
|
||||||
registerCleanupFunction(function() {
|
|
||||||
let certdb = Cc["@mozilla.org/security/x509certdb;1"]
|
|
||||||
.getService(Ci.nsIX509CertDB);
|
|
||||||
certificates.forEach(cert => {
|
|
||||||
certdb.deleteCertificate(cert);
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu", certificates);
|
let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkUsages(win, ["SSL Certificate Authority"]);
|
checkUsages(win, ["SSL Certificate Authority"]);
|
||||||
yield BrowserTestUtils.closeWindow(win);
|
yield BrowserTestUtils.closeWindow(win);
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("ssl-ee.pem", ",,", certificates);
|
let cert = yield readCertificate("ssl-ee.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkUsages(win, ["SSL Server Certificate", "SSL Client Certificate"]);
|
checkUsages(win, ["SSL Server Certificate", "SSL Client Certificate"]);
|
||||||
yield BrowserTestUtils.closeWindow(win);
|
yield BrowserTestUtils.closeWindow(win);
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("email-ee.pem", ",,", certificates);
|
let cert = yield readCertificate("email-ee.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate"]);
|
checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate"]);
|
||||||
yield BrowserTestUtils.closeWindow(win);
|
yield BrowserTestUtils.closeWindow(win);
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("code-ee.pem", ",,", certificates);
|
let cert = yield readCertificate("code-ee.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkUsages(win, ["Object Signer"]);
|
checkUsages(win, ["Object Signer"]);
|
||||||
yield BrowserTestUtils.closeWindow(win);
|
yield BrowserTestUtils.closeWindow(win);
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("expired-ca.pem", ",,", certificates);
|
let cert = yield readCertificate("expired-ca.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win, "Could not verify this certificate because it has expired.");
|
checkError(win, "Could not verify this certificate because it has expired.");
|
||||||
yield BrowserTestUtils.closeWindow(win);
|
yield BrowserTestUtils.closeWindow(win);
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("ee-from-expired-ca.pem", ",,", certificates);
|
let cert = yield readCertificate("ee-from-expired-ca.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win,
|
checkError(win,
|
||||||
"Could not verify this certificate because the CA certificate " +
|
"Could not verify this certificate because the CA certificate " +
|
||||||
|
@ -65,7 +55,7 @@ add_task(function* () {
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("unknown-issuer.pem", ",,", certificates);
|
let cert = yield readCertificate("unknown-issuer.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win,
|
checkError(win,
|
||||||
"Could not verify this certificate because the issuer is " +
|
"Could not verify this certificate because the issuer is " +
|
||||||
|
@ -74,7 +64,7 @@ add_task(function* () {
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("md5-ee.pem", ",,", certificates);
|
let cert = yield readCertificate("md5-ee.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win,
|
checkError(win,
|
||||||
"Could not verify this certificate because it was signed using " +
|
"Could not verify this certificate because it was signed using " +
|
||||||
|
@ -84,7 +74,7 @@ add_task(function* () {
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("untrusted-ca.pem", "p,p,p", certificates);
|
let cert = yield readCertificate("untrusted-ca.pem", "p,p,p");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win,
|
checkError(win,
|
||||||
"Could not verify this certificate because it is not trusted.");
|
"Could not verify this certificate because it is not trusted.");
|
||||||
|
@ -92,8 +82,7 @@ add_task(function* () {
|
||||||
});
|
});
|
||||||
|
|
||||||
add_task(function* () {
|
add_task(function* () {
|
||||||
let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,",
|
let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,");
|
||||||
certificates);
|
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win,
|
checkError(win,
|
||||||
"Could not verify this certificate because the issuer is not " +
|
"Could not verify this certificate because the issuer is not " +
|
||||||
|
@ -110,7 +99,7 @@ add_task(function* () {
|
||||||
certBlocklist.revokeCertBySubjectAndPubKey(
|
certBlocklist.revokeCertBySubjectAndPubKey(
|
||||||
"MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
|
"MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
|
||||||
"VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="); // hash of the shared key
|
"VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="); // hash of the shared key
|
||||||
let cert = yield readCertificate("revoked.pem", ",,", certificates);
|
let cert = yield readCertificate("revoked.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win,
|
checkError(win,
|
||||||
"Could not verify this certificate because it has been revoked.");
|
"Could not verify this certificate because it has been revoked.");
|
||||||
|
@ -122,7 +111,7 @@ add_task(function* () {
|
||||||
// keyCertSign, but it doesn't have a basicConstraints extension. This
|
// keyCertSign, but it doesn't have a basicConstraints extension. This
|
||||||
// shouldn't be valid for any usage. Sadly, we give a pretty lame error
|
// shouldn't be valid for any usage. Sadly, we give a pretty lame error
|
||||||
// message in this case.
|
// message in this case.
|
||||||
let cert = yield readCertificate("invalid.pem", ",,", certificates);
|
let cert = yield readCertificate("invalid.pem", ",,");
|
||||||
let win = yield displayCertificate(cert);
|
let win = yield displayCertificate(cert);
|
||||||
checkError(win, "Could not verify this certificate for unknown reasons.");
|
checkError(win, "Could not verify this certificate for unknown reasons.");
|
||||||
yield BrowserTestUtils.closeWindow(win);
|
yield BrowserTestUtils.closeWindow(win);
|
||||||
|
|
|
@ -14,7 +14,6 @@
|
||||||
* @type nsIMutableArray<nsICertTreeItem>
|
* @type nsIMutableArray<nsICertTreeItem>
|
||||||
*/
|
*/
|
||||||
var gCertArray = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
|
var gCertArray = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
|
||||||
var gImportedCerts = [];
|
|
||||||
|
|
||||||
const FAKE_HOST_PORT = "Fake host and port";
|
const FAKE_HOST_PORT = "Fake host and port";
|
||||||
|
|
||||||
|
@ -75,19 +74,11 @@ function openDeleteCertConfirmDialog(tabID) {
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
registerCleanupFunction(() => {
|
|
||||||
let certdb = Cc["@mozilla.org/security/x509certdb;1"]
|
|
||||||
.getService(Ci.nsIX509CertDB);
|
|
||||||
for (let cert of gImportedCerts) {
|
|
||||||
certdb.deleteCertificate(cert);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
add_task(function* setup() {
|
add_task(function* setup() {
|
||||||
for (let testCase of TEST_CASES) {
|
for (let testCase of TEST_CASES) {
|
||||||
let cert = null;
|
let cert = null;
|
||||||
if (testCase.certFilename) {
|
if (testCase.certFilename) {
|
||||||
cert = yield readCertificate(testCase.certFilename, ",,", gImportedCerts);
|
cert = yield readCertificate(testCase.certFilename, ",,");
|
||||||
}
|
}
|
||||||
let certTreeItem = {
|
let certTreeItem = {
|
||||||
hostPort: FAKE_HOST_PORT,
|
hostPort: FAKE_HOST_PORT,
|
||||||
|
|
|
@ -2,6 +2,23 @@
|
||||||
http://creativecommons.org/publicdomain/zero/1.0/ */
|
http://creativecommons.org/publicdomain/zero/1.0/ */
|
||||||
"use strict";
|
"use strict";
|
||||||
|
|
||||||
|
var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
|
||||||
|
.getService(Ci.nsIX509CertDB);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* List of certs imported via readCertificate(). Certs in this list are
|
||||||
|
* automatically deleted from the cert DB when a test including this head file
|
||||||
|
* finishes.
|
||||||
|
* @type nsIX509Cert[]
|
||||||
|
*/
|
||||||
|
var gImportedCerts = [];
|
||||||
|
|
||||||
|
registerCleanupFunction(() => {
|
||||||
|
for (let cert of gImportedCerts) {
|
||||||
|
gCertDB.deleteCertificate(cert);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This function serves the same purpose as the one defined in head_psm.js.
|
* This function serves the same purpose as the one defined in head_psm.js.
|
||||||
*/
|
*/
|
||||||
|
@ -16,18 +33,18 @@ function pemToBase64(pem) {
|
||||||
* a handle to the certificate when that certificate has been read and imported
|
* a handle to the certificate when that certificate has been read and imported
|
||||||
* with the given trust settings.
|
* with the given trust settings.
|
||||||
*
|
*
|
||||||
|
* Certs imported via this function will automatically be deleted from the cert
|
||||||
|
* DB once the calling test finishes.
|
||||||
|
*
|
||||||
* @param {String} filename
|
* @param {String} filename
|
||||||
* The filename of the certificate (assumed to be in the same directory).
|
* The filename of the certificate (assumed to be in the same directory).
|
||||||
* @param {String} trustString
|
* @param {String} trustString
|
||||||
* A string describing how the certificate should be trusted (see
|
* A string describing how the certificate should be trusted (see
|
||||||
* `certutil -A --help`).
|
* `certutil -A --help`).
|
||||||
* @param {nsIX509Cert[]} certificates
|
|
||||||
* An array to append the imported cert to. Useful for making sure
|
|
||||||
* imported certs are cleaned up.
|
|
||||||
* @return {Promise}
|
* @return {Promise}
|
||||||
* A promise that will resolve with a handle to the certificate.
|
* A promise that will resolve with a handle to the certificate.
|
||||||
*/
|
*/
|
||||||
function readCertificate(filename, trustString, certificates) {
|
function readCertificate(filename, trustString) {
|
||||||
return OS.File.read(getTestFilePath(filename)).then(data => {
|
return OS.File.read(getTestFilePath(filename)).then(data => {
|
||||||
let decoder = new TextDecoder();
|
let decoder = new TextDecoder();
|
||||||
let pem = decoder.decode(data);
|
let pem = decoder.decode(data);
|
||||||
|
@ -36,7 +53,7 @@ function readCertificate(filename, trustString, certificates) {
|
||||||
let base64 = pemToBase64(pem);
|
let base64 = pemToBase64(pem);
|
||||||
certdb.addCertFromBase64(base64, trustString, "unused");
|
certdb.addCertFromBase64(base64, trustString, "unused");
|
||||||
let cert = certdb.constructX509FromBase64(base64);
|
let cert = certdb.constructX509FromBase64(base64);
|
||||||
certificates.push(cert);
|
gImportedCerts.push(cert);
|
||||||
return cert;
|
return cert;
|
||||||
}, error => { throw error; });
|
}, error => { throw error; });
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче