Bug 1167866 - Add result strings to PSM test_cert* xpcshell tests. r=keeler
authorCykesiopka <cykesiopka.bmo@gmail.com>
Sat, 23 May 2015 19:57:32 -0700
changeset 268037 74707e11f71832919e58f0b5e396da8df692ae46
parent 268036 8e0ef5947c31d902bb2af7e5c770c46083eb10f7
child 268038 ddd42b7a311189bfe4c93f89a9863cc05ee98015
push id2294
push userbsmedberg@mozilla.com
push dateWed, 27 May 2015 15:05:10 +0000
reviewerskeeler
bugs1167866
milestone41.0a1
Bug 1167866 - Add result strings to PSM test_cert* xpcshell tests. r=keeler
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/test_cert_chains.js
security/manager/ssl/tests/unit/test_cert_overrides.js
security/manager/ssl/tests/unit/test_cert_signatures.js
security/manager/ssl/tests/unit/test_cert_trust.js
security/manager/ssl/tests/unit/test_certificate_usages.js
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -600,17 +600,18 @@ FakeSSLStatus.prototype = {
 // directly.
 function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
   let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
                                .SSLStatus;
   let bits =
     (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
     (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
     (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
-  do_check_eq(bits, aExpectedBits);
+  Assert.equal(bits, aExpectedBits,
+               "Actual and expected override bits should match");
   let cert = sslstatus.serverCert;
   let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
                               .getService(Ci.nsICertOverrideService);
   certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
                                                true);
 }
 
 // Given a host, expected error bits (see nsICertOverrideService.idl), and
--- a/security/manager/ssl/tests/unit/test_cert_chains.js
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -15,49 +15,60 @@ function build_cert_chain(certNames) {
   return certList;
 }
 
 function test_cert_equals() {
   let certA = constructCertFromFile("tlsserver/default-ee.der");
   let certB = constructCertFromFile("tlsserver/default-ee.der");
   let certC = constructCertFromFile("tlsserver/expired-ee.der");
 
-  do_check_false(certA == certB);
-  do_check_true(certA.equals(certB));
-  do_check_false(certA.equals(certC));
+  ok(certA != certB,
+     "Cert objects constructed from the same file should not be equal" +
+     " according to the equality operators");
+  ok(certA.equals(certB),
+     "equals() on cert objects constructed from the same cert file should" +
+     " return true");
+  ok(!certA.equals(certC),
+     "equals() on cert objects constructed from files for different certs" +
+     " should return false");
 }
 
 function test_cert_list_serialization() {
   let certList = build_cert_chain(['default-ee', 'expired-ee']);
 
   // Serialize the cert list to a string
   let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
                     .getService(Ci.nsISerializationHelper);
   certList.QueryInterface(Ci.nsISerializable);
   let serialized = serHelper.serializeToString(certList);
 
   // Deserialize from the string and compare to the original object
   let deserialized = serHelper.deserializeObject(serialized);
   deserialized.QueryInterface(Ci.nsIX509CertList);
-  do_check_true(certList.equals(deserialized));
+  ok(certList.equals(deserialized),
+     "Deserialized cert list should equal the original");
 }
 
 function test_security_info_serialization(securityInfo, expectedErrorCode) {
   // Serialize the securityInfo to a string
   let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
                     .getService(Ci.nsISerializationHelper);
   let serialized = serHelper.serializeToString(securityInfo);
 
   // Deserialize from the string and compare to the original object
   let deserialized = serHelper.deserializeObject(serialized);
   deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
-  do_check_eq(securityInfo.securityState, deserialized.securityState);
-  do_check_eq(securityInfo.errorMessage, deserialized.errorMessage);
-  do_check_eq(securityInfo.errorCode, expectedErrorCode);
-  do_check_eq(deserialized.errorCode, expectedErrorCode);
+  equal(securityInfo.securityState, deserialized.securityState,
+        "Original and deserialized security state should match");
+  equal(securityInfo.errorMessage, deserialized.errorMessage,
+        "Original and deserialized error message should match");
+  equal(securityInfo.errorCode, expectedErrorCode,
+        "Original and expected error code should match");
+  equal(deserialized.errorCode, expectedErrorCode,
+        "Deserialized and expected error code should match");
 }
 
 function run_test() {
   do_get_profile();
   add_tls_server_setup("BadCertServer");
 
   // Test nsIX509Cert.equals
   add_test(function() {
@@ -73,42 +84,51 @@ function run_test() {
 
   // Test successful connection (failedCertChain should be null)
   add_connection_test(
     // re-use pinning certs (keeler)
     "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
     function withSecurityInfo(aTransportSecurityInfo) {
       aTransportSecurityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
       test_security_info_serialization(aTransportSecurityInfo, 0);
-      do_check_eq(aTransportSecurityInfo.failedCertChain, null);
+      equal(aTransportSecurityInfo.failedCertChain, null,
+            "failedCertChain for a successful connection should be null");
     }
   );
 
   // Test overrideable connection failure (failedCertChain should be non-null)
   add_connection_test(
     "expired.example.com",
     SEC_ERROR_EXPIRED_CERTIFICATE,
     null,
     function withSecurityInfo(securityInfo) {
       securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
       test_security_info_serialization(securityInfo, SEC_ERROR_EXPIRED_CERTIFICATE);
-      do_check_neq(securityInfo.failedCertChain, null);
+      notEqual(securityInfo.failedCertChain, null,
+               "failedCertChain should not be null for an overrideable" +
+               " connection failure");
       let originalCertChain = build_cert_chain(["expired-ee", "test-ca"]);
-      do_check_true(originalCertChain.equals(securityInfo.failedCertChain));
+      ok(originalCertChain.equals(securityInfo.failedCertChain),
+         "failedCertChain should equal the original cert chain for an" +
+         " overrideable connection failure");
     }
   );
 
   // Test non-overrideable error (failedCertChain should be non-null)
   add_connection_test(
     "inadequatekeyusage.example.com",
     SEC_ERROR_INADEQUATE_KEY_USAGE,
     null,
     function withSecurityInfo(securityInfo) {
       securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
       test_security_info_serialization(securityInfo, SEC_ERROR_INADEQUATE_KEY_USAGE);
-      do_check_neq(securityInfo.failedCertChain, null);
+      notEqual(securityInfo.failedCertChain, null,
+               "failedCertChain should not be null for a non-overrideable" +
+               " connection failure");
       let originalCertChain = build_cert_chain(["inadequatekeyusage-ee", "test-ca"]);
-      do_check_true(originalCertChain.equals(securityInfo.failedCertChain));
+      ok(originalCertChain.equals(securityInfo.failedCertChain),
+         "failedCertChain should equal the original cert chain for a" +
+         " non-overrideable connection failure");
     }
   );
 
   run_next_test();
 }
--- a/security/manager/ssl/tests/unit/test_cert_overrides.js
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -16,50 +16,71 @@ do_get_profile();
 function add_non_overridable_test(aHost, aExpectedError) {
   add_connection_test(
     aHost, aExpectedError, null,
     function (securityInfo) {
       // bug 754369 - no SSLStatus probably means this is a non-overridable
       // error, which is what we're testing (although it would be best to test
       // this directly).
       securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
-      do_check_eq(securityInfo.SSLStatus, null);
+      equal(securityInfo.SSLStatus, null,
+            "As a proxy to checking that the connection error is" +
+            " non-overridable, SSLStatus should be null");
     });
 }
 
 function check_telemetry() {
   let histogram = Cc["@mozilla.org/base/telemetry;1"]
                     .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_CERT_ERROR_OVERRIDES")
                     .snapshot();
-  do_check_eq(histogram.counts[ 0], 0);
-  do_check_eq(histogram.counts[ 2], 7); // SEC_ERROR_UNKNOWN_ISSUER
-  do_check_eq(histogram.counts[ 3], 1); // SEC_ERROR_CA_CERT_INVALID
-  do_check_eq(histogram.counts[ 4], 0); // SEC_ERROR_UNTRUSTED_ISSUER
-  do_check_eq(histogram.counts[ 5], 1); // SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
-  do_check_eq(histogram.counts[ 6], 0); // SEC_ERROR_UNTRUSTED_CERT
-  do_check_eq(histogram.counts[ 7], 0); // SEC_ERROR_INADEQUATE_KEY_USAGE
-  do_check_eq(histogram.counts[ 8], 2); // SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
-  do_check_eq(histogram.counts[ 9], 6); // SSL_ERROR_BAD_CERT_DOMAIN
-  do_check_eq(histogram.counts[10], 5); // SEC_ERROR_EXPIRED_CERTIFICATE
-  do_check_eq(histogram.counts[11], 2); // MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
-  do_check_eq(histogram.counts[12], 1); // MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA
-  do_check_eq(histogram.counts[13], 0); // MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE
-  do_check_eq(histogram.counts[14], 2); // MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE
-  do_check_eq(histogram.counts[15], 1); // MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE
-  do_check_eq(histogram.counts[16], 2); // SEC_ERROR_INVALID_TIME
+  equal(histogram.counts[ 0], 0, "Should have 0 unclassified counts");
+  equal(histogram.counts[ 2], 7,
+        "Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
+  equal(histogram.counts[ 3], 1,
+        "Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match");
+  equal(histogram.counts[ 4], 0,
+        "Actual and expected SEC_ERROR_UNTRUSTED_ISSUER counts should match");
+  equal(histogram.counts[ 5], 1,
+        "Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE counts should match");
+  equal(histogram.counts[ 6], 0,
+        "Actual and expected SEC_ERROR_UNTRUSTED_CERT counts should match");
+  equal(histogram.counts[ 7], 0,
+        "Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE counts should match");
+  equal(histogram.counts[ 8], 2,
+        "Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED counts should match");
+  equal(histogram.counts[ 9], 6,
+        "Actual and expected SSL_ERROR_BAD_CERT_DOMAIN counts should match");
+  equal(histogram.counts[10], 5,
+        "Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE counts should match");
+  equal(histogram.counts[11], 2,
+        "Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY counts should match");
+  equal(histogram.counts[12], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA counts should match");
+  equal(histogram.counts[13], 0,
+        "Actual and expected MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE counts should match");
+  equal(histogram.counts[14], 2,
+        "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE counts should match");
+  equal(histogram.counts[15], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE counts should match");
+  equal(histogram.counts[16], 2,
+        "Actual and expected SEC_ERROR_INVALID_TIME counts should match");
 
   let keySizeHistogram = Cc["@mozilla.org/base/telemetry;1"]
                            .getService(Ci.nsITelemetry)
                            .getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS")
                            .snapshot();
-  do_check_eq(keySizeHistogram.counts[0], 0);
-  do_check_eq(keySizeHistogram.counts[1], 0); // 0 successful verifications of 2048-bit keys
-  do_check_eq(keySizeHistogram.counts[2], 4); // 4 successful verifications of 1024-bit keys
-  do_check_eq(keySizeHistogram.counts[3], 48); // 48 verification failures
+  equal(keySizeHistogram.counts[0], 0,
+        "Actual and expected unchecked key size counts should match");
+  equal(keySizeHistogram.counts[1], 0,
+        "Actual and expected successful verifications of 2048-bit keys should match");
+  equal(keySizeHistogram.counts[2], 4,
+        "Actual and expected successful verifications of 1024-bit keys should match");
+  equal(keySizeHistogram.counts[3], 48,
+        "Actual and expected key size verification failures should match");
 
   run_next_test();
 }
 
 function run_test() {
   add_tls_server_setup("BadCertServer");
 
   let fakeOCSPResponder = new HttpServer();
--- a/security/manager/ssl/tests/unit/test_cert_signatures.js
+++ b/security/manager/ssl/tests/unit/test_cert_signatures.js
@@ -31,17 +31,17 @@ function load_ca(ca_name) {
 
 function check_ca(ca_name) {
   do_print("ca_name=" + ca_name);
   let cert = certdb.findCertByNickname(null, ca_name);
 
   let verified = {};
   let usages = {};
   cert.getUsagesString(true, verified, usages);
-  do_check_eq('SSL CA', usages.value);
+  equal("SSL CA", usages.value, "Usages string for a CA cert should be 'SSL CA'");
 }
 
 function run_test() {
   // Load the ca into mem
   load_ca("ca-rsa");
   load_ca("ca-p384");
 
   clearOCSPCache();
@@ -83,11 +83,12 @@ function run_test() {
   for (let cert_name in cert2usage) {
     do_print("cert_name=" + cert_name);
 
     let cert = certdb.findCertByNickname(null, cert_name);
 
     let verified = {};
     let usages = {};
     cert.getUsagesString(true, verified, usages);
-    do_check_eq(cert2usage[cert_name], usages.value);
+    equal(cert2usage[cert_name], usages.value,
+          "Expected and actual usages string should match");
   }
 }
--- a/security/manager/ssl/tests/unit/test_cert_trust.js
+++ b/security/manager/ssl/tests/unit/test_cert_trust.js
@@ -189,20 +189,20 @@ function test_ca_distrust(ee_cert, cert_
 
 
 function run_test() {
   for (let i = 0 ; i < certList.length; i++) {
     load_cert(certList[i], ',,');
   }
 
   let ca_cert = certdb.findCertByNickname(null, 'ca');
-  do_check_false(!ca_cert)
+  notEqual(ca_cert, null, "CA cert should be in the cert DB");
   let int_cert = certdb.findCertByNickname(null, 'int');
-  do_check_false(!int_cert)
+  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
   let ee_cert = certdb.findCertByNickname(null, 'ee');
-  do_check_false(!ee_cert);
+  notEqual(ee_cert, null, "EE cert should be in the cert DB");
 
   setup_basic_trusts(ca_cert, int_cert);
   test_ca_distrust(ee_cert, ca_cert, true);
 
   setup_basic_trusts(ca_cert, int_cert);
   test_ca_distrust(ee_cert, int_cert, false);
 }
--- a/security/manager/ssl/tests/unit/test_certificate_usages.js
+++ b/security/manager/ssl/tests/unit/test_certificate_usages.js
@@ -34,17 +34,16 @@ function run_test() {
   // EKU.
   var ca_usages = ['SSL CA',
                    'SSL CA',
                    'SSL CA',
                    ''];
 
   // mozilla::pkix doesn't implement the Netscape Object Signer restriction.
   var basicEndEntityUsages = 'Client,Server,Sign,Encrypt,Object Signer';
-  var basicEndEntityUsagesWithObjectSigner = basicEndEntityUsages + ",Object Signer"
 
   // mozilla::pkix won't let a certificate with the 'Status Responder' EKU get
   // validated for any other usage.
   var ee_usages = [
     [ basicEndEntityUsages,
       basicEndEntityUsages,
       basicEndEntityUsages,
       basicEndEntityUsages,
@@ -90,35 +89,38 @@ function run_test() {
       '',
       '',
       '',
       '',
       ''
      ]
   ];
 
-  do_check_eq(gNumCAs, ca_usages.length);
+  equal(gNumCAs, ca_usages.length,
+        "Number of CAs and length of ca_usages array should match");
 
   for (var i = 0; i < gNumCAs; i++) {
     var ca_name = "ca-" + (i + 1);
     var verified = {};
     var usages = {};
     var cert = certdb.findCertByNickname(null, ca_name);
     cert.getUsagesString(true, verified, usages);
-    do_check_eq(ca_usages[i], usages.value);
+    equal(ca_usages[i], usages.value,
+          "Expected and actual CA usages string should match");
     if (ca_usages[i].indexOf('SSL CA') != -1) {
       checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
                             certificateUsageVerifyCA);
     }
     //now the ee, names also one based
     for (var j = 0; j < ee_usages[i].length; j++) {
       var ee_name = "ee-" + (j + 1) + "-" + ca_name;
       var ee_filename = ee_name + ".der";
       addCertFromFile(certdb, "test_certificate_usages/" + ee_filename, ",,");
       var ee_cert;
       ee_cert = certdb.findCertByNickname(null, ee_name);
       var verified = {};
       var usages = {};
       ee_cert.getUsagesString(true, verified, usages);
-      do_check_eq(ee_usages[i][j], usages.value);
+      equal(ee_usages[i][j], usages.value,
+            "Expected and actual EE usages string should match");
     }
   }
 }