зеркало из https://github.com/mozilla/gecko-dev.git
Bug 785259 - tests, r=honzab
This commit is contained in:
Родитель
79851a6c4a
Коммит
15554db005
Двоичные данные
build/pgo/certs/cert8.db
Двоичные данные
build/pgo/certs/cert8.db
Двоичный файл не отображается.
Двоичные данные
build/pgo/certs/key3.db
Двоичные данные
build/pgo/certs/key3.db
Двоичный файл не отображается.
|
@ -97,6 +97,10 @@ https://untrusted.example.com:443 privileged,cert=untrusted
|
|||
https://expired.example.com:443 privileged,cert=expired
|
||||
https://requestclientcert.example.com:443 privileged,clientauth=request
|
||||
https://requireclientcert.example.com:443 privileged,clientauth=require
|
||||
https://mismatch.expired.example.com:443 privileged,cert=expired
|
||||
https://mismatch.untrusted.example.com:443 privileged,cert=untrusted
|
||||
https://untrusted-expired.example.com:443 privileged,cert=untrustedandexpired
|
||||
https://mismatch.untrusted-expired.example.com:443 privileged,cert=untrustedandexpired
|
||||
|
||||
# This is here so that we don't load the default live bookmark over
|
||||
# the network in every test suite.
|
||||
|
|
|
@ -18,6 +18,7 @@ MOCHITEST_FILES = \
|
|||
$(NULL)
|
||||
|
||||
MOCHITEST_CHROME_FILES = \
|
||||
test_certificate_overrides.html \
|
||||
test_bug413909.html \
|
||||
test_bug480619.html \
|
||||
test_bug644006.html \
|
||||
|
|
|
@ -0,0 +1,145 @@
|
|||
<!DOCTYPE HTML>
|
||||
<html>
|
||||
<head>
|
||||
<title>Test certificate overrides</title>
|
||||
<script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
|
||||
<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css" />
|
||||
</head>
|
||||
<body>
|
||||
<script class="testbody" type="text/javascript">
|
||||
|
||||
const Cc = Components.classes;
|
||||
const Ci = Components.interfaces;
|
||||
const cos = Cc["@mozilla.org/security/certoverride;1"].
|
||||
getService(Ci.nsICertOverrideService);
|
||||
|
||||
const eu = Ci.nsICertOverrideService.ERROR_UNTRUSTED;
|
||||
const em = Ci.nsICertOverrideService.ERROR_MISMATCH;
|
||||
const et = Ci.nsICertOverrideService.ERROR_TIME;
|
||||
|
||||
// Note: the host index matches the expected error.
|
||||
var testHost = [];
|
||||
testHost[ eu ] = "untrusted.example.com";
|
||||
testHost[ em ] = "nocert.example.com";
|
||||
testHost[ em | eu ] = "mismatch.untrusted.example.com";
|
||||
testHost[ et ] = "expired.example.com";
|
||||
testHost[ et | eu ] = "untrusted-expired.example.com";
|
||||
testHost[ et | em ] = "mismatch.expired.example.com";
|
||||
testHost[ et | em | eu ] = "mismatch.untrusted-expired.example.com";
|
||||
|
||||
var gCertErrorBits;
|
||||
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
// Support for making sure we can talk to the invalid cert the server presents
|
||||
var CertOverrideListener = function(host, port, bits) {
|
||||
this.host = host;
|
||||
if (port) {
|
||||
this.port = port;
|
||||
}
|
||||
this.bits = bits;
|
||||
};
|
||||
|
||||
CertOverrideListener.prototype = {
|
||||
host: null,
|
||||
port: -1,
|
||||
bits: null,
|
||||
getInterface: function(aIID) {
|
||||
return this.QueryInterface(aIID);
|
||||
},
|
||||
QueryInterface: function(aIID) {
|
||||
if (aIID.equals(Ci.nsIBadCertListener2) ||
|
||||
aIID.equals(Ci.nsIInterfaceRequestor) ||
|
||||
aIID.equals(Ci.nsISupports)) {
|
||||
return this;
|
||||
}
|
||||
throw Components.results.NS_ERROR_NO_INTERFACE;
|
||||
},
|
||||
notifyCertProblem: function(socketInfo, sslStatus, targetHost) {
|
||||
var cert = sslStatus.QueryInterface(Ci.nsISSLStatus).serverCert;
|
||||
cos.rememberValidityOverride(this.host, this.port, cert, this.bits, true);
|
||||
gCertErrorBits = 0;
|
||||
if (sslStatus.isUntrusted) {
|
||||
gCertErrorBits |= Ci.nsICertOverrideService.ERROR_UNTRUSTED;
|
||||
}
|
||||
if (sslStatus.isDomainMismatch) {
|
||||
gCertErrorBits |= Ci.nsICertOverrideService.ERROR_MISMATCH;
|
||||
}
|
||||
if (sslStatus.isNotValidAtThisTime) {
|
||||
gCertErrorBits |= Ci.nsICertOverrideService.ERROR_TIME;
|
||||
}
|
||||
return true;
|
||||
},
|
||||
}
|
||||
|
||||
function addCertOverride(host, port, bits)
|
||||
{
|
||||
var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
|
||||
.createInstance(Ci.nsIXMLHttpRequest);
|
||||
var url;
|
||||
if (port) {
|
||||
url = "https://" + host + ":" + port + "/";
|
||||
} else {
|
||||
url = "https://" + host + "/";
|
||||
}
|
||||
req.open("GET", url, false);
|
||||
req.channel.notificationCallbacks = new CertOverrideListener(host, port, bits);
|
||||
try {
|
||||
req.send(null);
|
||||
ok(false, "Connection to host " + host + " succeeded when it should have failed");
|
||||
} catch (e) {
|
||||
// Failure here is expected as the server is not trusted yet.
|
||||
}
|
||||
}
|
||||
|
||||
function xhrConnect(domain,message,expectedSuccess)
|
||||
{
|
||||
var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
|
||||
.createInstance(Ci.nsIXMLHttpRequest);
|
||||
req.open("GET", "https://" + domain + "/", false);
|
||||
try {
|
||||
req.send(null);
|
||||
ok(expectedSuccess, "Page Load success " + message + " expected=" + expectedSuccess);
|
||||
} catch (err) {
|
||||
ok(!expectedSuccess, "Page failed to load " + message + " expected=" + expectedSuccess);
|
||||
}
|
||||
}
|
||||
|
||||
function checkHostConnect(host, overrideBits, successExpected, overridesMustEqualError)
|
||||
{
|
||||
var statusMessage = " overrideBits=" + overrideBits;
|
||||
addCertOverride(host, 443, overrideBits);
|
||||
if (overridesMustEqualError) {
|
||||
is(gCertErrorBits, overrideBits, "Reported Error match: errorbits=" + gCertErrorBits + " host=" + host);
|
||||
}
|
||||
xhrConnect(host, "override host=" + host + statusMessage, successExpected);
|
||||
cos.clearValidityOverride(host, 443);
|
||||
}
|
||||
|
||||
function testCertOverrides()
|
||||
{
|
||||
for (var i = 1; i < testHost.length; ++i) {
|
||||
cos.clearValidityOverride(testHost[i], 443);
|
||||
}
|
||||
const allErrorBits = et | em | eu ;
|
||||
for (var i = 1; i < allErrorBits + 1; ++i) {
|
||||
var overrideBits = i;
|
||||
for (var j = 1; j < testHost.length; ++j){
|
||||
var expectedError = j;
|
||||
var successExpected = (0 == (expectedError & ~overrideBits));
|
||||
var errorMustMatch = (overrideBits == expectedError);
|
||||
checkHostConnect(testHost[j], overrideBits, successExpected, errorMustMatch);
|
||||
}
|
||||
}
|
||||
// Now we test the self-signed. Must return an overridable untrusted error.
|
||||
cos.clearValidityOverride("self-signed.example.com", 443);
|
||||
checkHostConnect("self-signed.example.com", eu, successExpected, true);
|
||||
}
|
||||
|
||||
testCertOverrides();
|
||||
SimpleTest.finish();
|
||||
|
||||
</script>
|
||||
|
||||
</body>
|
||||
</html>
|
Загрузка…
Ссылка в новой задаче