Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Tue, 09 Dec 2014 12:07:00 -0500
changeset 219053 e9c1ac01cfe521759a63496ed54103a5cfe782c6
parent 219052 46b73f0a5e886babd4382551229695d0bf3b7ed4
child 219054 4f58ec16c641ca89343d6f24eb6f3bba092e1d39
push id52720
push userryanvm@gmail.com
push dateWed, 10 Dec 2014 17:42:21 +0000
treeherdermozilla-inbound@e9c1ac01cfe5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdkeeler
bugs1109245
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1109245 - Modify test_keysize_ev.js to run on B2G. r=dkeeler
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/test_ev_certs.js
security/manager/ssl/tests/unit/test_keysize_ev.js
security/manager/ssl/tests/unit/xpcshell.ini
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -13,16 +13,22 @@ let { Promise } = Cu.import("resource://
 let { HttpServer } = Cu.import("resource://testing-common/httpd.js", {});
 let { ctypes } = Cu.import("resource://gre/modules/ctypes.jsm");
 
 let gIsWindows = ("@mozilla.org/windows-registry-key;1" in Cc);
 
 const isDebugBuild = Cc["@mozilla.org/xpcom/debug;1"]
                        .getService(Ci.nsIDebug2).isDebugBuild;
 
+// The test EV roots are only enabled in debug builds as a security measure.
+//
+// Bug 1008316: B2G doesn't have EV enabled, so EV is not expected even in debug
+// builds.
+const gEVExpected = isDebugBuild && !("@mozilla.org/b2g-process-global;1" in Cc);
+
 const SSS_STATE_FILE_NAME = "SiteSecurityServiceState.txt";
 
 const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
 const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
 const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
 
 // Sort in numerical order
 const SEC_ERROR_INVALID_ARGS                            = SEC_ERROR_BASE +   5; // -8187
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -1,22 +1,15 @@
 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
 // This Source Code Form is subject to the terms of the Mozilla Public
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 "use strict";
 
-// XXX: The isDebugBuild tests you see are here because the test EV root is
-// only enabled for EV in debug builds, as a security measure. An ugly hack.
-//
-// Bug 1008316: B2G doesn't have EV enabled, so EV is not expected even in debug
-// builds.
-const gEVExpected = isDebugBuild && !("@mozilla.org/b2g-process-global;1" in Cc);
-
 do_get_profile(); // must be called before getting nsIX509CertDB
 const certdb = Cc["@mozilla.org/security/x509certdb;1"]
                  .getService(Ci.nsIX509CertDB);
 
 const evrootnick = "XPCShell EV Testing (untrustworthy) CA - Mozilla - " +
                    "EV debug test CA";
 
 // This is the list of certificates needed for the test
@@ -28,17 +21,17 @@ let certList = [
   'ev-valid-anypolicy-int',
   'int-ev-valid-anypolicy-int',
   'no-ocsp-url-cert', // a cert signed by the EV auth that has no OCSP url
                       // but that contains a valid CRLDP.
 
   // Testing a root that looks like EV but is not EV enabled
   'int-non-ev-root',
   'non-ev-root',
-]
+];
 
 function load_ca(ca_name) {
   var ca_filename = ca_name + ".der";
   addCertFromFile(certdb, "test_ev_certs/" + ca_filename, 'CTu,CTu,CTu');
 }
 
 const SERVER_PORT = 8888;
 
--- a/security/manager/ssl/tests/unit/test_keysize_ev.js
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@@ -109,36 +109,36 @@ function checkForKeyType(keyType, inadeq
   let eeNotOKName = "ev_ee_" + keyType + "_" + inadequateKeySize;
 
   // Chain with certs that have adequate sizes for EV and DV
   // In opt builds, this chain is only validated for DV. Hence, an OCSP fetch
   // will for example not be done for the "ev_int_rsa_2048-evroot" intermediate
   // in such a build.
   let intFullName = intOKName + "-" + rootOKName;
   let eeFullName = eeOKName + "-" + intOKName + "-" + rootOKName;
-  let expectedNamesForOCSP = isDebugBuild
+  let expectedNamesForOCSP = gEVExpected
                            ? [ intFullName,
                                eeFullName ]
                            : [ eeFullName ];
   addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
-                      [ intFullName ], eeFullName, isDebugBuild);
+                      [ intFullName ], eeFullName, gEVExpected);
 
   // Chain with a root cert that has an inadequate size for EV, but
   // adequate size for DV
   intFullName = intOKName + "-" + rootNotOKName;
   eeFullName = eeOKName + "-" + intOKName + "-" + rootNotOKName;
   expectedNamesForOCSP = [ eeFullName ];
   addKeySizeTestForEV(expectedNamesForOCSP, rootNotOKName,
                       [ intFullName ], eeFullName, false);
 
   // Chain with an intermediate cert that has an inadequate size for EV, but
   // adequate size for DV
   intFullName = intNotOKName + "-" + rootOKName;
   eeFullName = eeOKName + "-" + intNotOKName + "-" + rootOKName;
-  expectedNamesForOCSP = isDebugBuild
+  expectedNamesForOCSP = gEVExpected
                        ? [ intFullName ]
                        : [ eeFullName ];
   addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
                       [ intFullName ], eeFullName, false);
 
   // Chain with an end entity cert that has an inadequate size for EV, but
   // adequate size for DV
   intFullName = intOKName + "-" + rootOKName;
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -76,16 +76,14 @@ run-sequentially = hardcoded ports
 [test_ocsp_fetch_method.js]
 run-sequentially = hardcoded ports
 [test_ocsp_no_hsts_upgrade.js]
 run-sequentially = hardcoded ports
 [test_add_preexisting_cert.js]
 [test_keysize.js]
 [test_keysize_ev.js]
 run-sequentially = hardcoded ports
-# Bug 1008316: B2G doesn't have EV enabled
-skip-if = buildapp == "b2g"
 [test_cert_chains.js]
 run-sequentially = hardcoded ports
 [test_client_cert.js]
 run-sequentially = hardcoded ports
 [test_nsCertType.js]
 run-sequentially = hardcoded ports