Bug 413909 - nsCertOverrideService IDN handling is broken; tests; r=kaie
--- a/build/pgo/certs/Makefile.in
+++ b/build/pgo/certs/Makefile.in
@@ -43,16 +43,17 @@ VPATH = @srcdir@
include $(DEPTH)/config/autoconf.mk
_PROFILE_DIR = $(DEPTH)/_profile/pgo
_CERTS_DIR = $(_PROFILE_DIR)/certs
# Extension of files must be '.server'
_SERVER_CERTS = \
+ bug413909cert.server \
$(NULL)
# Extension of files must be '.ca'
_CERT_AUTHORITIES = \
pgoca.ca \
$(NULL)
_SERV_FILES = \
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..87e4bf53c284809d43aabd971ac6b6fe719626a6
GIT binary patch
literal 1664
zc${sMeLT~P9>;%sFi+!*Gqo(Nc^H!#(nd*QjYv+r$HP?{BO*1TRB~Et84jXaj>ht|
zMj4v4LLG-wo*H?|qHL8($3i6>$63d{uX}slUiW-nug^c9&-eBH>+>eCz#s^L1=Gc+
z`=l=zfV4p+EGrh24Z{&we-lGc1U3Y@VgyY8KNVaL1TJBN#RN9EieL%T`)|DR)&z>c
z7@rA<#t6RmP}<FHJc7f6K_Dm_%-UOMlz*mR=o7SvN`2my+dNilKkuKqduB|Zl(~EF
z%=*-;h*#cPM;MTy8Z=uFn`&ygWl&+;aJUgl+vXlz*g^Ghv45}rhIubfgqD@1#~&k;
zj9hiC=hfi)X+EkUN+3zIVfRK;Gc1>$$flf)Xm%m!WaopEfcAQbXI6<SqTIfC%j$&I
zk%<kwE0i;m-hO$;i1At?o0?y0TQ1@>Jt+1>C(erfoPRaza+x3!xheJePR{J0o*yn1
zREW=5k;T{axd4K!UV1Sq3Hq=vicxX1Ea;XnT{Se?<kd?NUpX*wZ}RehlW^GPa7n<f
z&V9yB6T=lmwQa3pMz13~^DaQwy>O>)M-7~C*H<svgI9yhG!zAV-ZXrf-f^}&IKM{d
z$oyeID^k0d(d(nz#{9PQqSiJ4ehbY$naM|k+Ed$AuTVK5TlU00g~!jTZ$irlQwC$x
z7*>W28IV6Ealm>7_=PXKidjceq(@E_9LgjqiWqO+hF$6J)_c1XKJM;z@$iX=oiCda
z2!-^?C9N`e<9L0Th4;C%MMZzr*=Dn;8XO{mgTnXgo_4USoz!p98H#*ZDspqf+6#u`
z;KCmXC`gldU*of_S~p=eo`(z<2FP^2ksB^=mfNrBwQMk}9=J<XKUWTqV(4NFm-#`U
zt__~;-tjxOJnav?baX8C@{PGV!l?%>ZdsJUJ;|mG-$#LtsvKgmWfM1`Y`CT`Ojhn_
zev%*6O*?_DvU}u|`Z(<NpeUiKtUWvFM*Ja+u(G=C5&0x(wG?@$vq1b}xTSY&dXf})
z)m^#eL%ekret82J>UYw1C*jR}i+5&X0j|RxZ_;%Y>KI6{`!a4_q~lt1Q-A>+17d(p
zfFs}xxB`R~M*;_cqd@Y?s=u6?IIe;sD~_KweRcLR(qQvP-t$k~@luD_P~hMCUu0k<
zD+GZ-UuB@L2!Z{J5byEH$8uvqzV*7ol=^11e1(vb71F?Y=a+Vww^O$Ut#J|sE8a1?
zMtwa3*vNp&m<YPYroL3$TH`ks-WKP+ar;A!&$HhstG7!!t}`M~{|wL$YHi^aTQ3QJ
zUT&W~`jbIOoqj-Dj9Qfw;uYsKj}d;Z)+bJq;T^5#QU298W~9Hvm>UB*o+{)0@*e-7
zHcHWc(OX*Ucd(e4qoLTLZibw=FjH_$y1WX1AMhczrxmh?`uFn__DsP#u_Ky8r;q#b
zHE0|~naTSoz{|p|aEzMiD;gnlTceS3Jh4)RICyp3`chwIu14~b9KmZSX{L)i&KHYR
zRsJKMN!u)nPDr?==44Jd7@MB8D%{g|dJn5fEDF2b1G%)?>vb!?QQO-6oasbf4<spq
z#r(POo2P(`pB0iW4g?=ap(?yJpGX2?WDL1=)SsK}*7r`-pWn^Dzqomm-?FRJi8a4S
z9K#1vjgBQW??xrM+~TBWmyPc_uZe|oG;!0Pxstu_G0LvM(wDhdZOZaxRek6mCLYK;
zxvWx`v#$K|oHyib&=4)jY-AkQB_}Fzx3eSieFls(v^TEG0IWz!a<8(dF>5Zg`+RO0
zi8l^jYsP&tsuykXsQjRJ=t9Z--gmuKr#fYx(#<NF7i}hQ3G>T|a7tqFFTJ$3;}6%}
z<6J=8y5B;Xe9=c+@Sby+zAkV}pcMMQe)NGuN?y`Avcq8{8QpVtgMqKP+CwI+M^CK@
zUEHxoi?%@rG<DL2UJNem1FDp<v&gvjo!fZUI?uX7^75vu<$iTHbIKI1O(O@_W>_Y6
zdt#X9Z005^_tTL<`W1iHA}{7H%B1XNvD}Fh8CpxXx&O{$?o-0%2U`oFgA0P+Y^lHI
z6iJk`-cme{>|X)Zso*88H+@d_1^!P27s5J%E=<eb5CS&U0-(r{C?4c+WqrzPbyoRx
f6jGX8^p9{Tg0nL^(s1gWWoG!b@1#RAGywbsgeUF+
--- a/build/pgo/server-locations.txt
+++ b/build/pgo/server-locations.txt
@@ -124,16 +124,19 @@ https://xn--hxajbheg2az3al.xn--jxalpdlp:
https://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged
#
# These are subdomains of <παράδειγμα.δοκιμή>, the Greek IDN for example.test.
#
http://xn--hxajbheg2az3al.xn--jxalpdlp:80 privileged
http://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:80 privileged
+# Bug 413909 test host
+https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged,cert=bug413909cert
+
#
# These hosts are used in tests which exercise privilege-granting functionality;
# we could reuse some of the names above, but specific names make it easier to
# distinguish one from the other in tests (as well as what functionality is
# being tested).
#
http://sectest1.example.org:80 privileged
http://sub.sectest2.example.org:80 privileged
--- a/security/manager/ssl/Makefile.in
+++ b/security/manager/ssl/Makefile.in
@@ -37,13 +37,11 @@
# ***** END LICENSE BLOCK *****
DEPTH = ../../..
topsrcdir = @top_srcdir@
srcdir = @srcdir@
VPATH = @srcdir@
MODULE = pipnss
-DIRS = src public
-
-XPCSHELL_TESTS = tests
+DIRS = src public tests
include $(topsrcdir)/config/rules.mk
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/Makefile.in
@@ -0,0 +1,48 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+# Netscape Communications Corporation.
+# Portions created by the Initial Developer are Copyright (C) 1998
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+# Jan Bambas <honzab@firemni.cz>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either the GNU General Public License Version 2 or later (the "GPL"), or
+# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+DEPTH = ../../../..
+topsrcdir = @top_srcdir@
+srcdir = @srcdir@
+VPATH = @srcdir@
+
+MODULE = pipnss
+DIRS = mochitest
+XPCSHELL_TESTS = unit
+
+include $(topsrcdir)/config/rules.mk
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/Makefile.in
@@ -0,0 +1,53 @@
+#
+# ***** BEGIN LICENSE BLOCK *****
+# Version: MPL 1.1/GPL 2.0/LGPL 2.1
+#
+# The contents of this file are subject to the Mozilla Public License Version
+# 1.1 (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+# http://www.mozilla.org/MPL/
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+# for the specific language governing rights and limitations under the
+# License.
+#
+# The Original Code is mozilla.org code.
+#
+# The Initial Developer of the Original Code is
+# Mozilla Foundation.
+# Portions created by the Initial Developer are Copyright (C) 2007
+# the Initial Developer. All Rights Reserved.
+#
+# Contributor(s):
+# Jan Bambas <honzab@firemni.cz>
+#
+# Alternatively, the contents of this file may be used under the terms of
+# either of the GNU General Public License Version 2 or later (the "GPL"),
+# or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+# in which case the provisions of the GPL or the LGPL are applicable instead
+# of those above. If you wish to allow use of your version of this file only
+# under the terms of either the GPL or the LGPL, and not to allow others to
+# use your version of this file under the terms of the MPL, indicate your
+# decision by deleting the provisions above and replace them with the notice
+# and other provisions required by the GPL or the LGPL. If you do not delete
+# the provisions above, a recipient may use your version of this file under
+# the terms of any one of the MPL, the GPL or the LGPL.
+#
+# ***** END LICENSE BLOCK *****
+
+DEPTH = ../../../../..
+topsrcdir = @top_srcdir@
+srcdir = @srcdir@
+VPATH = @srcdir@
+relativesrcdir = security/ssl
+
+include $(DEPTH)/config/autoconf.mk
+include $(topsrcdir)/config/rules.mk
+
+_CHROME_FILES = \
+ test_bug413909.html \
+ $(NULL)
+
+libs:: $(_CHROME_FILES)
+ $(INSTALL) $(foreach f,$^,"$f") $(DEPTH)/_tests/testing/mochitest/chrome/$(relativesrcdir)
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/test_bug413909.html
@@ -0,0 +1,139 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Test bug 413909</title>
+ <script type="text/javascript" src="chrome://mochikit/content/MochiKit/packed.js"></script>
+ <script type="text/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css" />
+</head>
+<body onload="onWindowLoad()">
+
+<iframe name="frame1" src="https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp/" onload="onFrameLoad()"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+var certOverrideService = Components.classes["@mozilla.org/security/certoverride;1"]
+ .getService(Components.interfaces.nsICertOverrideService);
+var cert = null;
+var certListener = null;
+var frameLoadTimeout = null;
+
+SimpleTest.waitForExplicitFinish();
+
+function badCertListener()
+{
+}
+
+badCertListener.prototype = {
+ exceptionAdded: false,
+
+ getInterface: function (aIID) {
+ return this.QueryInterface(aIID);
+ },
+
+ QueryInterface: function(aIID) {
+ if (aIID.equals(Components.interfaces.nsIBadCertListener2) ||
+ aIID.equals(Components.interfaces.nsIInterfaceRequestor) ||
+ aIID.equals(Components.interfaces.nsISupports))
+ return this;
+
+ throw Components.results.NS_ERROR_NO_INTERFACE;
+ },
+
+ notifyCertProblem: function MSR_notifyCertProblem(socketInfo, sslStatus, targetHost) {
+ cert = sslStatus.QueryInterface(Components.interfaces.nsISSLStatus)
+ .serverCert;
+
+ certOverrideService.rememberValidityOverride(
+ "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+ -1,
+ cert,
+ certOverrideService.ERROR_UNTRUSTED,
+ false);
+
+ this.exceptionAdded = true;
+ return true;
+ }
+}
+
+function apiTest(expected)
+{
+ var has;
+ var bits = {}, temp = {};
+
+ has = certOverrideService.hasMatchingOverride(
+ "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+ -1, cert, bits, temp);
+ is(has, expected, "hasMatchingOverride "+expected+" for default port value");
+
+ has = certOverrideService.hasMatchingOverride(
+ "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+ 443, cert, bits, temp);
+ is(has, expected, "hasMatchingOverride "+expected+" for explicit port value");
+
+ has = certOverrideService.hasMatchingOverride(
+ "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+ 563, cert, bits, temp);
+ ok(!has, "hasMatchingOverride false for invalid port value");
+
+ has = certOverrideService.hasMatchingOverride(
+ window.frame1.location.hostname,
+ -1, cert, bits, temp);
+ ok(!has, "hasMatchingOverride false for default port value and non-ascii host");
+
+ has = certOverrideService.hasMatchingOverride(
+ window.frame1.location.hostname,
+ 443, cert, bits, temp);
+ ok(!has, "hasMatchingOverride false for explicit port value and non-ascii host");
+
+ has = certOverrideService.hasMatchingOverride(
+ window.frame1.location.hostname,
+ 563, cert, bits, temp);
+ ok(!has, "hasMatchingOverride false for invalid port value and non-ascii host");
+}
+
+function onFrameLoad()
+{
+ ok(certListener.exceptionAdded, "Secure page loaded after exception was added and not sooner");
+ if (!certListener.exceptionAdded)
+ return;
+
+ apiTest(true);
+ certOverrideService.clearValidityOverride(
+ "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", -1);
+ apiTest(false);
+
+ clearTimeout(frameLoadTimeout);
+ SimpleTest.finish();
+}
+
+function onWindowLoad()
+{
+ var req = new XMLHttpRequest();
+ try
+ {
+ certListener = new badCertListener();
+
+ req.open("GET", "https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp/", false);
+ req.channel.notificationCallbacks = certListener;
+ req.send(null);
+ }
+ catch(ex)
+ {
+ // ignore
+ }
+
+ // There is no error event indicating frame load error,
+ // simulate using timeout.
+ frameLoadTimeout = setTimeout(function()
+ {
+ ok(false, "Secure page did not load, adding exception failed?");
+ SimpleTest.finish();
+ }, 5000);
+
+ window.frame1.location.reload();
+}
+
+</script>
+</body>
+</html>
rename from security/manager/ssl/tests/test_datasignatureverifier.js
rename to security/manager/ssl/tests/unit/test_datasignatureverifier.js
rename from security/manager/ssl/tests/test_hash_algorithms.js
rename to security/manager/ssl/tests/unit/test_hash_algorithms.js
rename from security/manager/ssl/tests/test_hmac.js
rename to security/manager/ssl/tests/unit/test_hmac.js
