| author | Masatoshi Kimura <VYV03354@nifty.ne.jp> |
| Sat, 30 Dec 2017 14:52:10 +0900 | |
| changeset 401123 | 3400bd30ef044952bd34b0e39eea0d1d6d4cd4d0 |
| parent 401122 | 302ea60374722d3dbf01acb656130b6b0eef7e4c |
| child 401124 | 9340a317aed604ad5d426c825e2dbd68f7d70da3 |
| push id | 33331 |
| push user | ccoroiu@mozilla.com |
| push date | Sun, 28 Jan 2018 10:39:25 +0000 |
| treeherder | mozilla-central@9b144f79e512 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | keeler |
| bugs | 1430973 |
| milestone | 60.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| security/manager/ssl/tests/unit/test_nonascii_path.js | file | annotate | diff | comparison | revisions | |
| security/manager/ssl/tests/unit/xpcshell.ini | file | annotate | diff | comparison | revisions |
copy from security/manager/ssl/tests/unit/test_cert_trust.js copy to security/manager/ssl/tests/unit/test_nonascii_path.js --- a/security/manager/ssl/tests/unit/test_cert_trust.js +++ b/security/manager/ssl/tests/unit/test_nonascii_path.js @@ -1,145 +1,46 @@ // -*- indent-tabs-mode: nil; js-indent-level: 2 -*- // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. "use strict"; -do_get_profile(); // must be called before getting nsIX509CertDB +// Tests to make sure that the certificate DB works with non-ASCII paths. + +// Append a single quote and non-ASCII characters to the profile path. +let env = Components.classes["@mozilla.org/process/environment;1"] + .getService(Components.interfaces.nsIEnvironment); +let profd = env.get("XPCSHELL_TEST_PROFILE_DIR"); +let file = Components.classes["@mozilla.org/file/local;1"] + .createInstance(Components.interfaces.nsIFile); +file.initWithPath(profd); +file.append("'รท1"); +env.set("XPCSHELL_TEST_PROFILE_DIR", file.path); + +file = do_get_profile(); // must be called before getting nsIX509CertDB +Assert.ok(/[^\x20-\x7f]/.test(file.path), "the profile path should contain a non-ASCII character"); +if (mozinfo.os == "win") { + file.QueryInterface(Components.interfaces.nsILocalFileWin); + Assert.ok(/[^\x20-\x7f]/.test(file.canonicalPath), "the profile short path should contain a non-ASCII character"); +} + +// Restore the original value. +env.set("XPCSHELL_TEST_PROFILE_DIR", profd); + const certdb = Cc["@mozilla.org/security/x509certdb;1"] .getService(Ci.nsIX509CertDB); function load_cert(cert_name, trust_string) { let cert_filename = cert_name + ".pem"; return addCertFromFile(certdb, "test_cert_trust/" + cert_filename, trust_string); } -function setup_basic_trusts(ca_cert, int_cert) { - certdb.setCertTrust(ca_cert, Ci.nsIX509Cert.CA_CERT, - Ci.nsIX509CertDB.TRUSTED_SSL | - Ci.nsIX509CertDB.TRUSTED_EMAIL); - - certdb.setCertTrust(int_cert, Ci.nsIX509Cert.CA_CERT, 0); -} - -function test_ca_distrust(ee_cert, cert_to_modify_trust, isRootCA) { - // On reset most usages are successful - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLServer); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, - certificateUsageSSLCA); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailRecipient); - - - // Test of active distrust. No usage should pass. - setCertTrust(cert_to_modify_trust, "p,p,p"); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageSSLServer); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, - certificateUsageSSLCA); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageEmailRecipient); - - // Trust set to T - trusted CA to issue client certs, where client cert is - // usageSSLClient. - setCertTrust(cert_to_modify_trust, "T,T,T"); - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageSSLServer); - - // XXX(Bug 982340) - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageSSLClient); - - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, - certificateUsageSSLCA); - - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageEmailRecipient); - - - // Now tests on the SSL trust bit - setCertTrust(cert_to_modify_trust, "p,C,C"); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageSSLServer); - - // XXX(Bug 982340) - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, - certificateUsageSSLCA); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailRecipient); - - // Inherited trust SSL - setCertTrust(cert_to_modify_trust, ",C,C"); - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageSSLServer); - // XXX(Bug 982340) - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, - certificateUsageSSLCA); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailRecipient); - - // Now tests on the EMAIL trust bit - setCertTrust(cert_to_modify_trust, "C,p,C"); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLServer); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, - certificateUsageSSLCA); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER, - certificateUsageEmailRecipient); - - - // inherited EMAIL Trust - setCertTrust(cert_to_modify_trust, "C,,C"); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLServer); - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID, - certificateUsageSSLCA); - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER - : PRErrorCodeSuccess, - certificateUsageEmailRecipient); -} - - function run_test() { let certList = [ "ca", "int", "ee", ]; let loadedCerts = []; for (let certName of certList) { @@ -147,43 +48,9 @@ function run_test() { } let ca_cert = loadedCerts[0]; notEqual(ca_cert, null, "CA cert should have successfully loaded"); let int_cert = loadedCerts[1]; notEqual(int_cert, null, "Intermediate cert should have successfully loaded"); let ee_cert = loadedCerts[2]; notEqual(ee_cert, null, "EE cert should have successfully loaded"); - - setup_basic_trusts(ca_cert, int_cert); - test_ca_distrust(ee_cert, ca_cert, true); - - setup_basic_trusts(ca_cert, int_cert); - test_ca_distrust(ee_cert, int_cert, false); - - // Reset trust to default ("inherit trust") - setCertTrust(ca_cert, ",,"); - setCertTrust(int_cert, ",,"); - - // If an end-entity certificate is manually trusted, it may not be the root of - // its own verified chain. In general this will cause "unknown issuer" errors - // unless a CA trust anchor can be found. - setCertTrust(ee_cert, "CTu,CTu,CTu"); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER, - certificateUsageSSLServer); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNKNOWN_ISSUER, - certificateUsageEmailRecipient); - - // Now make a CA trust anchor available. - setCertTrust(ca_cert, "CTu,CTu,CTu"); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLServer); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageSSLClient); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailSigner); - checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess, - certificateUsageEmailRecipient); }
--- a/security/manager/ssl/tests/unit/xpcshell.ini +++ b/security/manager/ssl/tests/unit/xpcshell.ini @@ -103,16 +103,17 @@ run-sequentially = hardcoded ports [test_keysize_ev.js] run-sequentially = hardcoded ports [test_local_cert.js] [test_logoutAndTeardown.js] run-sequentially = hardcoded ports [test_missing_intermediate.js] run-sequentially = hardcoded ports [test_name_constraints.js] +[test_nonascii_path.js] [test_nsCertType.js] run-sequentially = hardcoded ports [test_nsIX509Cert_utf8.js] [test_nsIX509CertValidity.js] [test_nss_shutdown.js] [test_ocsp_caching.js] run-sequentially = hardcoded ports [test_ocsp_enabled_pref.js]