--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -600,17 +600,18 @@ FakeSSLStatus.prototype = {
// directly.
function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
.SSLStatus;
let bits =
(sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
(sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
(sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
- do_check_eq(bits, aExpectedBits);
+ Assert.equal(bits, aExpectedBits,
+ "Actual and expected override bits should match");
let cert = sslstatus.serverCert;
let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
.getService(Ci.nsICertOverrideService);
certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
true);
}
// Given a host, expected error bits (see nsICertOverrideService.idl), and
--- a/security/manager/ssl/tests/unit/test_cert_chains.js
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -15,49 +15,60 @@ function build_cert_chain(certNames) {
return certList;
}
function test_cert_equals() {
let certA = constructCertFromFile("tlsserver/default-ee.der");
let certB = constructCertFromFile("tlsserver/default-ee.der");
let certC = constructCertFromFile("tlsserver/expired-ee.der");
- do_check_false(certA == certB);
- do_check_true(certA.equals(certB));
- do_check_false(certA.equals(certC));
+ ok(certA != certB,
+ "Cert objects constructed from the same file should not be equal" +
+ " according to the equality operators");
+ ok(certA.equals(certB),
+ "equals() on cert objects constructed from the same cert file should" +
+ " return true");
+ ok(!certA.equals(certC),
+ "equals() on cert objects constructed from files for different certs" +
+ " should return false");
}
function test_cert_list_serialization() {
let certList = build_cert_chain(['default-ee', 'expired-ee']);
// Serialize the cert list to a string
let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
.getService(Ci.nsISerializationHelper);
certList.QueryInterface(Ci.nsISerializable);
let serialized = serHelper.serializeToString(certList);
// Deserialize from the string and compare to the original object
let deserialized = serHelper.deserializeObject(serialized);
deserialized.QueryInterface(Ci.nsIX509CertList);
- do_check_true(certList.equals(deserialized));
+ ok(certList.equals(deserialized),
+ "Deserialized cert list should equal the original");
}
function test_security_info_serialization(securityInfo, expectedErrorCode) {
// Serialize the securityInfo to a string
let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
.getService(Ci.nsISerializationHelper);
let serialized = serHelper.serializeToString(securityInfo);
// Deserialize from the string and compare to the original object
let deserialized = serHelper.deserializeObject(serialized);
deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
- do_check_eq(securityInfo.securityState, deserialized.securityState);
- do_check_eq(securityInfo.errorMessage, deserialized.errorMessage);
- do_check_eq(securityInfo.errorCode, expectedErrorCode);
- do_check_eq(deserialized.errorCode, expectedErrorCode);
+ equal(securityInfo.securityState, deserialized.securityState,
+ "Original and deserialized security state should match");
+ equal(securityInfo.errorMessage, deserialized.errorMessage,
+ "Original and deserialized error message should match");
+ equal(securityInfo.errorCode, expectedErrorCode,
+ "Original and expected error code should match");
+ equal(deserialized.errorCode, expectedErrorCode,
+ "Deserialized and expected error code should match");
}
function run_test() {
do_get_profile();
add_tls_server_setup("BadCertServer");
// Test nsIX509Cert.equals
add_test(function() {
@@ -73,42 +84,51 @@ function run_test() {
// Test successful connection (failedCertChain should be null)
add_connection_test(
// re-use pinning certs (keeler)
"good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
function withSecurityInfo(aTransportSecurityInfo) {
aTransportSecurityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
test_security_info_serialization(aTransportSecurityInfo, 0);
- do_check_eq(aTransportSecurityInfo.failedCertChain, null);
+ equal(aTransportSecurityInfo.failedCertChain, null,
+ "failedCertChain for a successful connection should be null");
}
);
// Test overrideable connection failure (failedCertChain should be non-null)
add_connection_test(
"expired.example.com",
SEC_ERROR_EXPIRED_CERTIFICATE,
null,
function withSecurityInfo(securityInfo) {
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
test_security_info_serialization(securityInfo, SEC_ERROR_EXPIRED_CERTIFICATE);
- do_check_neq(securityInfo.failedCertChain, null);
+ notEqual(securityInfo.failedCertChain, null,
+ "failedCertChain should not be null for an overrideable" +
+ " connection failure");
let originalCertChain = build_cert_chain(["expired-ee", "test-ca"]);
- do_check_true(originalCertChain.equals(securityInfo.failedCertChain));
+ ok(originalCertChain.equals(securityInfo.failedCertChain),
+ "failedCertChain should equal the original cert chain for an" +
+ " overrideable connection failure");
}
);
// Test non-overrideable error (failedCertChain should be non-null)
add_connection_test(
"inadequatekeyusage.example.com",
SEC_ERROR_INADEQUATE_KEY_USAGE,
null,
function withSecurityInfo(securityInfo) {
securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
test_security_info_serialization(securityInfo, SEC_ERROR_INADEQUATE_KEY_USAGE);
- do_check_neq(securityInfo.failedCertChain, null);
+ notEqual(securityInfo.failedCertChain, null,
+ "failedCertChain should not be null for a non-overrideable" +
+ " connection failure");
let originalCertChain = build_cert_chain(["inadequatekeyusage-ee", "test-ca"]);
- do_check_true(originalCertChain.equals(securityInfo.failedCertChain));
+ ok(originalCertChain.equals(securityInfo.failedCertChain),
+ "failedCertChain should equal the original cert chain for a" +
+ " non-overrideable connection failure");
}
);
run_next_test();
}
--- a/security/manager/ssl/tests/unit/test_cert_overrides.js
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -16,50 +16,71 @@ do_get_profile();
function add_non_overridable_test(aHost, aExpectedError) {
add_connection_test(
aHost, aExpectedError, null,
function (securityInfo) {
// bug 754369 - no SSLStatus probably means this is a non-overridable
// error, which is what we're testing (although it would be best to test
// this directly).
securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
- do_check_eq(securityInfo.SSLStatus, null);
+ equal(securityInfo.SSLStatus, null,
+ "As a proxy to checking that the connection error is" +
+ " non-overridable, SSLStatus should be null");
});
}
function check_telemetry() {
let histogram = Cc["@mozilla.org/base/telemetry;1"]
.getService(Ci.nsITelemetry)
.getHistogramById("SSL_CERT_ERROR_OVERRIDES")
.snapshot();
- do_check_eq(histogram.counts[ 0], 0);
- do_check_eq(histogram.counts[ 2], 7); // SEC_ERROR_UNKNOWN_ISSUER
- do_check_eq(histogram.counts[ 3], 1); // SEC_ERROR_CA_CERT_INVALID
- do_check_eq(histogram.counts[ 4], 0); // SEC_ERROR_UNTRUSTED_ISSUER
- do_check_eq(histogram.counts[ 5], 1); // SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE
- do_check_eq(histogram.counts[ 6], 0); // SEC_ERROR_UNTRUSTED_CERT
- do_check_eq(histogram.counts[ 7], 0); // SEC_ERROR_INADEQUATE_KEY_USAGE
- do_check_eq(histogram.counts[ 8], 2); // SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
- do_check_eq(histogram.counts[ 9], 6); // SSL_ERROR_BAD_CERT_DOMAIN
- do_check_eq(histogram.counts[10], 5); // SEC_ERROR_EXPIRED_CERTIFICATE
- do_check_eq(histogram.counts[11], 2); // MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY
- do_check_eq(histogram.counts[12], 1); // MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA
- do_check_eq(histogram.counts[13], 0); // MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE
- do_check_eq(histogram.counts[14], 2); // MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE
- do_check_eq(histogram.counts[15], 1); // MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE
- do_check_eq(histogram.counts[16], 2); // SEC_ERROR_INVALID_TIME
+ equal(histogram.counts[ 0], 0, "Should have 0 unclassified counts");
+ equal(histogram.counts[ 2], 7,
+ "Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
+ equal(histogram.counts[ 3], 1,
+ "Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match");
+ equal(histogram.counts[ 4], 0,
+ "Actual and expected SEC_ERROR_UNTRUSTED_ISSUER counts should match");
+ equal(histogram.counts[ 5], 1,
+ "Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE counts should match");
+ equal(histogram.counts[ 6], 0,
+ "Actual and expected SEC_ERROR_UNTRUSTED_CERT counts should match");
+ equal(histogram.counts[ 7], 0,
+ "Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE counts should match");
+ equal(histogram.counts[ 8], 2,
+ "Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED counts should match");
+ equal(histogram.counts[ 9], 6,
+ "Actual and expected SSL_ERROR_BAD_CERT_DOMAIN counts should match");
+ equal(histogram.counts[10], 5,
+ "Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE counts should match");
+ equal(histogram.counts[11], 2,
+ "Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY counts should match");
+ equal(histogram.counts[12], 1,
+ "Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA counts should match");
+ equal(histogram.counts[13], 0,
+ "Actual and expected MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE counts should match");
+ equal(histogram.counts[14], 2,
+ "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE counts should match");
+ equal(histogram.counts[15], 1,
+ "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE counts should match");
+ equal(histogram.counts[16], 2,
+ "Actual and expected SEC_ERROR_INVALID_TIME counts should match");
let keySizeHistogram = Cc["@mozilla.org/base/telemetry;1"]
.getService(Ci.nsITelemetry)
.getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS")
.snapshot();
- do_check_eq(keySizeHistogram.counts[0], 0);
- do_check_eq(keySizeHistogram.counts[1], 0); // 0 successful verifications of 2048-bit keys
- do_check_eq(keySizeHistogram.counts[2], 4); // 4 successful verifications of 1024-bit keys
- do_check_eq(keySizeHistogram.counts[3], 48); // 48 verification failures
+ equal(keySizeHistogram.counts[0], 0,
+ "Actual and expected unchecked key size counts should match");
+ equal(keySizeHistogram.counts[1], 0,
+ "Actual and expected successful verifications of 2048-bit keys should match");
+ equal(keySizeHistogram.counts[2], 4,
+ "Actual and expected successful verifications of 1024-bit keys should match");
+ equal(keySizeHistogram.counts[3], 48,
+ "Actual and expected key size verification failures should match");
run_next_test();
}
function run_test() {
add_tls_server_setup("BadCertServer");
let fakeOCSPResponder = new HttpServer();
--- a/security/manager/ssl/tests/unit/test_cert_signatures.js
+++ b/security/manager/ssl/tests/unit/test_cert_signatures.js
@@ -31,17 +31,17 @@ function load_ca(ca_name) {
function check_ca(ca_name) {
do_print("ca_name=" + ca_name);
let cert = certdb.findCertByNickname(null, ca_name);
let verified = {};
let usages = {};
cert.getUsagesString(true, verified, usages);
- do_check_eq('SSL CA', usages.value);
+ equal("SSL CA", usages.value, "Usages string for a CA cert should be 'SSL CA'");
}
function run_test() {
// Load the ca into mem
load_ca("ca-rsa");
load_ca("ca-p384");
clearOCSPCache();
@@ -83,11 +83,12 @@ function run_test() {
for (let cert_name in cert2usage) {
do_print("cert_name=" + cert_name);
let cert = certdb.findCertByNickname(null, cert_name);
let verified = {};
let usages = {};
cert.getUsagesString(true, verified, usages);
- do_check_eq(cert2usage[cert_name], usages.value);
+ equal(cert2usage[cert_name], usages.value,
+ "Expected and actual usages string should match");
}
}
--- a/security/manager/ssl/tests/unit/test_cert_trust.js
+++ b/security/manager/ssl/tests/unit/test_cert_trust.js
@@ -189,20 +189,20 @@ function test_ca_distrust(ee_cert, cert_
function run_test() {
for (let i = 0 ; i < certList.length; i++) {
load_cert(certList[i], ',,');
}
let ca_cert = certdb.findCertByNickname(null, 'ca');
- do_check_false(!ca_cert)
+ notEqual(ca_cert, null, "CA cert should be in the cert DB");
let int_cert = certdb.findCertByNickname(null, 'int');
- do_check_false(!int_cert)
+ notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
let ee_cert = certdb.findCertByNickname(null, 'ee');
- do_check_false(!ee_cert);
+ notEqual(ee_cert, null, "EE cert should be in the cert DB");
setup_basic_trusts(ca_cert, int_cert);
test_ca_distrust(ee_cert, ca_cert, true);
setup_basic_trusts(ca_cert, int_cert);
test_ca_distrust(ee_cert, int_cert, false);
}
--- a/security/manager/ssl/tests/unit/test_certificate_usages.js
+++ b/security/manager/ssl/tests/unit/test_certificate_usages.js
@@ -34,17 +34,16 @@ function run_test() {
// EKU.
var ca_usages = ['SSL CA',
'SSL CA',
'SSL CA',
''];
// mozilla::pkix doesn't implement the Netscape Object Signer restriction.
var basicEndEntityUsages = 'Client,Server,Sign,Encrypt,Object Signer';
- var basicEndEntityUsagesWithObjectSigner = basicEndEntityUsages + ",Object Signer"
// mozilla::pkix won't let a certificate with the 'Status Responder' EKU get
// validated for any other usage.
var ee_usages = [
[ basicEndEntityUsages,
basicEndEntityUsages,
basicEndEntityUsages,
basicEndEntityUsages,
@@ -90,35 +89,38 @@ function run_test() {
'',
'',
'',
'',
''
]
];
- do_check_eq(gNumCAs, ca_usages.length);
+ equal(gNumCAs, ca_usages.length,
+ "Number of CAs and length of ca_usages array should match");
for (var i = 0; i < gNumCAs; i++) {
var ca_name = "ca-" + (i + 1);
var verified = {};
var usages = {};
var cert = certdb.findCertByNickname(null, ca_name);
cert.getUsagesString(true, verified, usages);
- do_check_eq(ca_usages[i], usages.value);
+ equal(ca_usages[i], usages.value,
+ "Expected and actual CA usages string should match");
if (ca_usages[i].indexOf('SSL CA') != -1) {
checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
certificateUsageVerifyCA);
}
//now the ee, names also one based
for (var j = 0; j < ee_usages[i].length; j++) {
var ee_name = "ee-" + (j + 1) + "-" + ca_name;
var ee_filename = ee_name + ".der";
addCertFromFile(certdb, "test_certificate_usages/" + ee_filename, ",,");
var ee_cert;
ee_cert = certdb.findCertByNickname(null, ee_name);
var verified = {};
var usages = {};
ee_cert.getUsagesString(true, verified, usages);
- do_check_eq(ee_usages[i][j], usages.value);
+ equal(ee_usages[i][j], usages.value,
+ "Expected and actual EE usages string should match");
}
}
}