toolkit/modules/tests/chrome/test_bug544442_checkCert.xul
author Carsten "Tomcat" Book <cbook@mozilla.com>
Wed, 07 Oct 2015 12:13:45 +0200
changeset 299931 d70c7fe532c639fd74f36119fc6be1bf4669d7e1
parent 299841 cfc1820361f599c55128b29de4332f8d06511e07
child 299945 d6793bb3e45b2853d33c653b14f5a909ee46a9e4
permissions -rw-r--r--
Backed out 1 changesets (bug 1202902) for causing merge conflicts to mozilla-central Backed out changeset cfc1820361f5 (bug 1202902)

<?xml version="1.0"?>
<!--
/* Any copyright is dedicated to the Public Domain.
 * http://creativecommons.org/publicdomain/zero/1.0/
 */
-->

<?xml-stylesheet href="chrome://global/skin" type="text/css"?>
<?xml-stylesheet href="chrome://mochikit/content/tests/SimpleTest/test.css" type="text/css"?>

<window title="Test CertUtils.jsm checkCert - bug 340198 and bug 544442"
        xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
        onload="testStart();">
<script type="application/javascript"
        src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"/>

<script type="application/javascript">
<![CDATA[

const Cc = Components.classes;
const Ci = Components.interfaces;
const Cr = Components.results;

SimpleTest.waitForExplicitFinish();

Components.utils.import("resource://gre/modules/CertUtils.jsm");

function testStart() {
  ok(true, "Entering testStart");

  var request = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"].
                createInstance(Ci.nsIXMLHttpRequest);
  request.open("GET", "https://example.com/", true);
  request.channel.notificationCallbacks = new BadCertHandler(true);
  request.onerror = function(event) { testXHRError(event); };
  request.onload = function(event) { testXHRLoad(event); };
  request.send(null);
}

function testXHRError(aEvent) {
  ok(true, "Entering testXHRError - something went wrong");

  var request = aEvent.target;
  var status = 0;
  try {
    status = request.status;
  }
  catch (e) {
  }

  if (status == 0)
    status = request.channel.QueryInterface(Ci.nsIRequest).status;

  ok(false, "XHR onerror called: " + status);

  SimpleTest.finish();
}

function getCheckCertResult(aChannel, aAllowNonBuiltIn, aCerts) {
  try {
    checkCert(aChannel, aAllowNonBuiltIn, aCerts);
  }
  catch (e) {
    return e.result;
  }
  return Cr.NS_OK;
}

function testXHRLoad(aEvent) {
  ok(true, "Entering testXHRLoad");

  var channel = aEvent.target.channel;

  var certs = null;
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ABORT,
     "checkCert should throw NS_ERROR_ABORT when the certificate attributes " +
     "array passed to checkCert is null and the certificate is not builtin");

  is(getCheckCertResult(channel, true, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes array " +
     "passed to checkCert is null and builtin certificates aren't enforced");

  certs = [ { invalidAttribute: "Invalid attribute" } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ILLEGAL_VALUE,
     "checkCert should throw NS_ERROR_ILLEGAL_VALUE when the certificate " +
     "attributes array passed to checkCert has an element that has an " +
     "attribute that does not exist on the certificate");

  certs = [ { issuerName: "Incorrect issuerName" } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ILLEGAL_VALUE,
     "checkCert should throw NS_ERROR_ILLEGAL_VALUE when the certificate " +
     "attributes array passed to checkCert has an element that has an " +
     "issuerName that is not the same as the certificate's");

  var cert = channel.securityInfo.QueryInterface(Ci.nsISSLStatusProvider).
             SSLStatus.QueryInterface(Ci.nsISSLStatus).serverCert;

  certs = [ { issuerName: cert.issuerName,
              commonName: cert.commonName } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ABORT,
     "checkCert should throw NS_ERROR_ABORT when the certificate attributes " +
     "array passed to checkCert has a single element that has the same " +
     "issuerName and commonName as the certificate's and the certificate is " +
     "not builtin");

  is(getCheckCertResult(channel, true, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes array " +
     "passed to checkCert has a single element that has the same issuerName " +
     "and commonName as the certificate's and and builtin certificates " +
     "aren't enforced");

  certs = [ { issuerName: "Incorrect issuerName",
              invalidAttribute: "Invalid attribute" },
            { issuerName: cert.issuerName,
              commonName: "Invalid Common Name" },
            { issuerName: cert.issuerName,
              commonName: cert.commonName } ];
  is(getCheckCertResult(channel, false, certs), Cr.NS_ERROR_ABORT,
     "checkCert should throw NS_ERROR_ABORT when the certificate attributes " +
     "array passed to checkCert has an element that has the same issuerName " +
     "and commonName as the certificate's and the certificate is not builtin");

  is(getCheckCertResult(channel, true, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes array " +
     "passed to checkCert has an element that has the same issuerName and " +
     "commonName as the certificate's and builtin certificates aren't enforced");

  var mockChannel = { originalURI: Cc["@mozilla.org/network/io-service;1"].
                                   getService(Ci.nsIIOService).
                                   newURI("http://example.com/", null, null) };

  certs = [ ];
  is(getCheckCertResult(mockChannel, false, certs), Cr.NS_ERROR_UNEXPECTED,
     "checkCert should throw NS_ERROR_UNEXPECTED when the certificate " +
     "attributes array passed to checkCert is not null and the channel's " +
     "originalURI is not https");

  certs = null;
  is(getCheckCertResult(mockChannel, false, certs), Cr.NS_OK,
     "checkCert should not throw when the certificate attributes object " +
     "passed to checkCert is null and the the channel's originalURI is not " +
     "https");

  SimpleTest.finish();
}

]]>
</script>

<body xmlns="http://www.w3.org/1999/xhtml">
  <p id="display"></p>
  <div id="content" style="display: none"></div>
  <pre id="test"></pre>
</body>
</window>