summaryrefslogtreecommitdiffstats
path: root/modules/libmar/tests/unit
diff options
context:
space:
mode:
Diffstat (limited to 'modules/libmar/tests/unit')
-rw-r--r--modules/libmar/tests/unit/data/0_sized_file0
-rw-r--r--modules/libmar/tests/unit/data/0_sized_mar.marbin0 -> 157 bytes
-rw-r--r--modules/libmar/tests/unit/data/1_byte_file1
-rw-r--r--modules/libmar/tests/unit/data/1_byte_mar.marbin0 -> 157 bytes
-rw-r--r--modules/libmar/tests/unit/data/binary_data_filebin0 -> 512 bytes
-rw-r--r--modules/libmar/tests/unit/data/binary_data_mar.marbin0 -> 673 bytes
-rw-r--r--modules/libmar/tests/unit/data/cert8.dbbin0 -> 65536 bytes
-rw-r--r--modules/libmar/tests/unit/data/key3.dbbin0 -> 16384 bytes
-rw-r--r--modules/libmar/tests/unit/data/manipulated_signed_mar.marbin0 -> 938 bytes
-rw-r--r--modules/libmar/tests/unit/data/multiple_file_mar.marbin0 -> 723 bytes
-rw-r--r--modules/libmar/tests/unit/data/multiple_signed_no_pib_mar.marbin0 -> 1357 bytes
-rw-r--r--modules/libmar/tests/unit/data/multiple_signed_pib_mar.marbin0 -> 1465 bytes
-rw-r--r--modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.06
-rw-r--r--modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.16
-rw-r--r--modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.26
-rw-r--r--modules/libmar/tests/unit/data/multiple_signed_pib_mar_2.marbin0 -> 1465 bytes
-rw-r--r--modules/libmar/tests/unit/data/mycert.derbin0 -> 677 bytes
-rw-r--r--modules/libmar/tests/unit/data/mycert2.derbin0 -> 679 bytes
-rw-r--r--modules/libmar/tests/unit/data/mycert3.derbin0 -> 679 bytes
-rw-r--r--modules/libmar/tests/unit/data/no_pib_mar.marbin0 -> 553 bytes
-rw-r--r--modules/libmar/tests/unit/data/secmod.dbbin0 -> 16384 bytes
-rw-r--r--modules/libmar/tests/unit/data/signed_no_pib_mar.marbin0 -> 829 bytes
-rw-r--r--modules/libmar/tests/unit/data/signed_pib_mar.marbin0 -> 937 bytes
-rw-r--r--modules/libmar/tests/unit/data/signed_pib_mar.signature.06
-rw-r--r--modules/libmar/tests/unit/data/signed_pib_mar.signature.mycert26
-rw-r--r--modules/libmar/tests/unit/data/signed_pib_mar_with_mycert2.marbin0 -> 937 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_0_sized_mar.marbin0 -> 157 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_1_byte_mar.marbin0 -> 157 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_binary_data_mar.marbin0 -> 673 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_multiple_file_mar.marbin0 -> 723 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_multiple_signed_no_pib_mar.marbin0 -> 1357 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_multiple_signed_pib_mar.marbin0 -> 1465 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_signed_no_pib_mar.marbin0 -> 829 bytes
-rw-r--r--modules/libmar/tests/unit/data/win_signed_pib_mar.marbin0 -> 937 bytes
-rw-r--r--modules/libmar/tests/unit/head_libmar.js157
-rw-r--r--modules/libmar/tests/unit/test_create.js78
-rw-r--r--modules/libmar/tests/unit/test_extract.js93
-rw-r--r--modules/libmar/tests/unit/test_sign_verify.js575
-rw-r--r--modules/libmar/tests/unit/xpcshell.ini8
39 files changed, 942 insertions, 0 deletions
diff --git a/modules/libmar/tests/unit/data/0_sized_file b/modules/libmar/tests/unit/data/0_sized_file
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/modules/libmar/tests/unit/data/0_sized_file
diff --git a/modules/libmar/tests/unit/data/0_sized_mar.mar b/modules/libmar/tests/unit/data/0_sized_mar.mar
new file mode 100644
index 000000000..a7d039e53
--- /dev/null
+++ b/modules/libmar/tests/unit/data/0_sized_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/1_byte_file b/modules/libmar/tests/unit/data/1_byte_file
new file mode 100644
index 000000000..56a6051ca
--- /dev/null
+++ b/modules/libmar/tests/unit/data/1_byte_file
@@ -0,0 +1 @@
+1 \ No newline at end of file
diff --git a/modules/libmar/tests/unit/data/1_byte_mar.mar b/modules/libmar/tests/unit/data/1_byte_mar.mar
new file mode 100644
index 000000000..4df020099
--- /dev/null
+++ b/modules/libmar/tests/unit/data/1_byte_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/binary_data_file b/modules/libmar/tests/unit/data/binary_data_file
new file mode 100644
index 000000000..a0d7369e4
--- /dev/null
+++ b/modules/libmar/tests/unit/data/binary_data_file
Binary files differ
diff --git a/modules/libmar/tests/unit/data/binary_data_mar.mar b/modules/libmar/tests/unit/data/binary_data_mar.mar
new file mode 100644
index 000000000..7632c2295
--- /dev/null
+++ b/modules/libmar/tests/unit/data/binary_data_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/cert8.db b/modules/libmar/tests/unit/data/cert8.db
new file mode 100644
index 000000000..43551f129
--- /dev/null
+++ b/modules/libmar/tests/unit/data/cert8.db
Binary files differ
diff --git a/modules/libmar/tests/unit/data/key3.db b/modules/libmar/tests/unit/data/key3.db
new file mode 100644
index 000000000..7c7203bb4
--- /dev/null
+++ b/modules/libmar/tests/unit/data/key3.db
Binary files differ
diff --git a/modules/libmar/tests/unit/data/manipulated_signed_mar.mar b/modules/libmar/tests/unit/data/manipulated_signed_mar.mar
new file mode 100644
index 000000000..4ce15f122
--- /dev/null
+++ b/modules/libmar/tests/unit/data/manipulated_signed_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/multiple_file_mar.mar b/modules/libmar/tests/unit/data/multiple_file_mar.mar
new file mode 100644
index 000000000..fa64edca4
--- /dev/null
+++ b/modules/libmar/tests/unit/data/multiple_file_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/multiple_signed_no_pib_mar.mar b/modules/libmar/tests/unit/data/multiple_signed_no_pib_mar.mar
new file mode 100644
index 000000000..5832b526f
--- /dev/null
+++ b/modules/libmar/tests/unit/data/multiple_signed_no_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/multiple_signed_pib_mar.mar b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.mar
new file mode 100644
index 000000000..11c4cbedc
--- /dev/null
+++ b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.0 b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.0
new file mode 100644
index 000000000..412265537
--- /dev/null
+++ b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.0
@@ -0,0 +1,6 @@
+myuujl0MBwyLCrp8I84HrDbGLe+T5yfAR869QWvhcet/CglmuEsQEJczAoK8PtOR
+HcqczCRFtxNRKDPOUC0i+CS7RAQG4XJd9uprqHtB28s4SR/9nXKfWDnH2UYq9hkt
+X6qTab9M9ySrugOugomDb3ej/qYoNfJN9RnkLP4GP+cl96bWPU33rL0Uu7sUKizu
+QoYzxKeZ0r9hGMpOP2l/Jn+pydoEWGVB1mzvIFLPqD9cShUvV80xs8teV0G9IncC
+ZRuBwwNkfMTgJDCnxbrw3gIqNXMN1zjssztyJIpT2q8JGs+F6H0wz515xm32dCdQ
+b3Oo8a9Dx28NKKq83DJDQA== \ No newline at end of file
diff --git a/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.1 b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.1
new file mode 100644
index 000000000..36b917431
--- /dev/null
+++ b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.1
@@ -0,0 +1,6 @@
+xSnuhHyf8iEdPnRgNw9w0Tu6dJimNv+etdZagvbftkGuBlQArhPn7unCOEQ+jS0n
+ummJHp1yv64Q7Tte4te8OpRaR6eE333bHfFp++cKKJ2jWFeZ1SwRn59cWX0w4z9u
+I4VJmqzOKDUgZq24m6MfGr9iRKbrDjDgvfapzRkZNNU/I0jv20+G+vIUysQGLSN7
+fMAxxeurZNbinIiFQyudSpLU2n5PJDh/FIX2lt8H8nX5/yNyznbz0Gm+/hGMZj7+
+EfPxLxyOuSRVxI0ebAcRBQJLiyEh1iIluvjuBKohCxkWkEZG3weCz29JxdWOzobj
+3/6D+xJW5M1V8aE7EEjt4w== \ No newline at end of file
diff --git a/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.2 b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.2
new file mode 100644
index 000000000..a6561248f
--- /dev/null
+++ b/modules/libmar/tests/unit/data/multiple_signed_pib_mar.sig.2
@@ -0,0 +1,6 @@
+VQmSlk8q2tmSd+C/d3ADde0lQoJw611sWboc7GOnFTRRsO0D61fIl3tlXLn/N4vN
+fCHQxwrszCizC1ddt9Bf5ujBqcAx+ZrN+iT2NlK2j6TN6K1W8LENJgCE7IXN5h1G
+VVryo5OkJzWd50DLX/qL9EAg3wx+P3b2BWXkhMuCDGvtAL3C4Ffnm7dw0hjErsEV
+X0cB5O5ozM0dOih+GNNX++wxT8E1NqNJOGaJR1KYeY17agz+QlSvFt/fL/a64Fsw
+DtOeGZ79nQZ6qkbmUxLXDQ630y3AQ8ceMJFIlI+T3Tk1DUuAWUpMXOICaqzDCdh+
+QC5nuQ7OK8Ycbm5fkIFfNQ== \ No newline at end of file
diff --git a/modules/libmar/tests/unit/data/multiple_signed_pib_mar_2.mar b/modules/libmar/tests/unit/data/multiple_signed_pib_mar_2.mar
new file mode 100644
index 000000000..f31f1df20
--- /dev/null
+++ b/modules/libmar/tests/unit/data/multiple_signed_pib_mar_2.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/mycert.der b/modules/libmar/tests/unit/data/mycert.der
new file mode 100644
index 000000000..185b2dff4
--- /dev/null
+++ b/modules/libmar/tests/unit/data/mycert.der
Binary files differ
diff --git a/modules/libmar/tests/unit/data/mycert2.der b/modules/libmar/tests/unit/data/mycert2.der
new file mode 100644
index 000000000..625b80e68
--- /dev/null
+++ b/modules/libmar/tests/unit/data/mycert2.der
Binary files differ
diff --git a/modules/libmar/tests/unit/data/mycert3.der b/modules/libmar/tests/unit/data/mycert3.der
new file mode 100644
index 000000000..bff05a6cf
--- /dev/null
+++ b/modules/libmar/tests/unit/data/mycert3.der
Binary files differ
diff --git a/modules/libmar/tests/unit/data/no_pib_mar.mar b/modules/libmar/tests/unit/data/no_pib_mar.mar
new file mode 100644
index 000000000..8976e7d73
--- /dev/null
+++ b/modules/libmar/tests/unit/data/no_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/secmod.db b/modules/libmar/tests/unit/data/secmod.db
new file mode 100644
index 000000000..4c2e0cc78
--- /dev/null
+++ b/modules/libmar/tests/unit/data/secmod.db
Binary files differ
diff --git a/modules/libmar/tests/unit/data/signed_no_pib_mar.mar b/modules/libmar/tests/unit/data/signed_no_pib_mar.mar
new file mode 100644
index 000000000..f6e449e3e
--- /dev/null
+++ b/modules/libmar/tests/unit/data/signed_no_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/signed_pib_mar.mar b/modules/libmar/tests/unit/data/signed_pib_mar.mar
new file mode 100644
index 000000000..72f4c25ec
--- /dev/null
+++ b/modules/libmar/tests/unit/data/signed_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/signed_pib_mar.signature.0 b/modules/libmar/tests/unit/data/signed_pib_mar.signature.0
new file mode 100644
index 000000000..31cca345d
--- /dev/null
+++ b/modules/libmar/tests/unit/data/signed_pib_mar.signature.0
@@ -0,0 +1,6 @@
+VTw+yunNUglvAxNevIP1A+1aWNgD479tbZy4t8uDuC9AJ0nLeLXYBfklGxaKCzo4
+/UdWFfv1gJmqbnCAlZrZ9UJLUVZOUAwKb+V90bC7pBnGy7xplKBDm40SIs4fwWZl
+EGRt8GCPjYKgsYp+jScNMD8B4J3bPSR7m0c1TjXV4pZMhT7LJ+iLfHiy5+WiGBgZ
+9qor7plYxfZFgg4moAA3iIXIJbNORUEWfz9b7rsMmiwZO4XmMSDNUutkj9Jl+9gB
+XRwrwL0QLvAuYwIzB0HDdl/LPCC+UDEMKigcPhjwFnpN17qUks0fRxId8e4P8m2H
+rumgMHGhwx3uagGTTufQSw== \ No newline at end of file
diff --git a/modules/libmar/tests/unit/data/signed_pib_mar.signature.mycert2 b/modules/libmar/tests/unit/data/signed_pib_mar.signature.mycert2
new file mode 100644
index 000000000..8818ca3fc
--- /dev/null
+++ b/modules/libmar/tests/unit/data/signed_pib_mar.signature.mycert2
@@ -0,0 +1,6 @@
+wYPEMA2nfrMfkL5+//r9Of8JicdmG5KxAzYUhSR3d/vr075LhGkc6nQc5orDIRnz
+vuMBRIqoAsK3IdtCEbZ6rRKN9d+N7HfvmLdDXGpK3lr9NKKTnk1n/0o7ziRi3Fm8
+hOkJpdit7OHV0RH5GBSM8tQziXGN+qe51W2otMA4d8+oa4tp2D7W4SSUxxJwBPiu
+5CJAA68qaxzhWd5iVtU8mcjbYOKZAciIPgqBxhgmukqNrShQpnwcop/WHggL7lxI
+QWZYpuU6MMxVmLSiAAEAwLMwL2UqHxcGQjIuepu9ikbJ251SwxYiH3xRMkYpQNNv
+YFEb9pm2HJq9oNgZUGakDQ== \ No newline at end of file
diff --git a/modules/libmar/tests/unit/data/signed_pib_mar_with_mycert2.mar b/modules/libmar/tests/unit/data/signed_pib_mar_with_mycert2.mar
new file mode 100644
index 000000000..41ad2b3f9
--- /dev/null
+++ b/modules/libmar/tests/unit/data/signed_pib_mar_with_mycert2.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_0_sized_mar.mar b/modules/libmar/tests/unit/data/win_0_sized_mar.mar
new file mode 100644
index 000000000..357eeb9a8
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_0_sized_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_1_byte_mar.mar b/modules/libmar/tests/unit/data/win_1_byte_mar.mar
new file mode 100644
index 000000000..a137f11ad
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_1_byte_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_binary_data_mar.mar b/modules/libmar/tests/unit/data/win_binary_data_mar.mar
new file mode 100644
index 000000000..7fef46989
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_binary_data_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_multiple_file_mar.mar b/modules/libmar/tests/unit/data/win_multiple_file_mar.mar
new file mode 100644
index 000000000..183493a36
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_multiple_file_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_multiple_signed_no_pib_mar.mar b/modules/libmar/tests/unit/data/win_multiple_signed_no_pib_mar.mar
new file mode 100644
index 000000000..9c0c213c7
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_multiple_signed_no_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_multiple_signed_pib_mar.mar b/modules/libmar/tests/unit/data/win_multiple_signed_pib_mar.mar
new file mode 100644
index 000000000..3c765fd93
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_multiple_signed_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_signed_no_pib_mar.mar b/modules/libmar/tests/unit/data/win_signed_no_pib_mar.mar
new file mode 100644
index 000000000..f6e449e3e
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_signed_no_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/data/win_signed_pib_mar.mar b/modules/libmar/tests/unit/data/win_signed_pib_mar.mar
new file mode 100644
index 000000000..8d854a1ce
--- /dev/null
+++ b/modules/libmar/tests/unit/data/win_signed_pib_mar.mar
Binary files differ
diff --git a/modules/libmar/tests/unit/head_libmar.js b/modules/libmar/tests/unit/head_libmar.js
new file mode 100644
index 000000000..cd2da1414
--- /dev/null
+++ b/modules/libmar/tests/unit/head_libmar.js
@@ -0,0 +1,157 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+var Cc = Components.classes;
+var Ci = Components.interfaces;
+
+const refMARPrefix = (mozinfo.os == "win" ? "win_" : "");
+const BIN_SUFFIX = mozinfo.bin_suffix;
+
+var tempDir = do_get_tempdir();
+
+/**
+ * Compares binary data of 2 arrays and throws if they aren't the same.
+ * Throws on mismatch, does nothing on match.
+ *
+ * @param arr1 The first array to compare
+ * @param arr2 The second array to compare
+*/
+function compareBinaryData(arr1, arr2) {
+ do_check_eq(arr1.length, arr2.length);
+ for (let i = 0; i < arr1.length; i++) {
+ if (arr1[i] != arr2[i]) {
+ throw "Data differs at index " + i +
+ ", arr1: " + arr1[i] + ", arr2: " + arr2[i];
+ }
+ }
+}
+
+/**
+ * Reads a file's data and returns it
+ *
+ * @param file The file to read the data from
+ * @return a byte array for the data in the file.
+*/
+function getBinaryFileData(file) {
+ let fileStream = Cc["@mozilla.org/network/file-input-stream;1"].
+ createInstance(Ci.nsIFileInputStream);
+ // Open as RD_ONLY with default permissions.
+ fileStream.init(file, -1, -1, null);
+
+ // Check the returned size versus the expected size.
+ let stream = Cc["@mozilla.org/binaryinputstream;1"].
+ createInstance(Ci.nsIBinaryInputStream);
+ stream.setInputStream(fileStream);
+ let bytes = stream.readByteArray(stream.available());
+ fileStream.close();
+ return bytes;
+}
+
+/**
+ * Runs each method in the passed in object
+ * Every method of the passed in object that starts with test_ will be ran
+ * The cleanup_per_test method of the object will be run right away, it will be
+ * registered to be the cleanup function, and it will be run between each test.
+ *
+ * @return The number of tests ran
+*/
+function run_tests(obj) {
+ let cleanup_per_test = obj.cleanup_per_test;
+ if (cleanup_per_test === undefined) {
+ cleanup_per_test = function() {};
+ }
+
+ do_register_cleanup(cleanup_per_test);
+
+ // Make sure there's nothing left over from a preious failed test
+ cleanup_per_test();
+
+ let ranCount = 0;
+ // hasOwnProperty ensures we only see direct properties and not all
+ for (let f in obj) {
+ if (typeof obj[f] === "function" &&
+ obj.hasOwnProperty(f) &&
+ f.toString().indexOf("test_") === 0) {
+ obj[f]();
+ cleanup_per_test();
+ ranCount++;
+ }
+ }
+ return ranCount;
+}
+
+/**
+ * Creates a MAR file with the content of files.
+ *
+ * @param outMAR The file where the MAR should be created to
+ * @param dataDir The directory where the relative file paths exist
+ * @param files The relative file paths of the files to include in the MAR
+*/
+function createMAR(outMAR, dataDir, files) {
+ // You cannot create an empy MAR.
+ do_check_true(files.length > 0);
+
+ // Get an nsIProcess to the signmar binary.
+ let process = Cc["@mozilla.org/process/util;1"].
+ createInstance(Ci.nsIProcess);
+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX);
+
+ // Make sure the signmar binary exists and is an executable.
+ do_check_true(signmarBin.exists());
+ do_check_true(signmarBin.isExecutable());
+
+ // Ensure on non Windows platforms we encode the same permissions
+ // as the refernence MARs contain. On Windows this is also safe.
+ // The reference MAR files have permissions of 0o664, so in case
+ // someone is running these tests locally with another permission
+ // (perhaps 0o777), make sure that we encode them as 0o664.
+ for (filePath of files) {
+ let f = dataDir.clone();
+ f.append(filePath);
+ f.permissions = 0o664;
+ }
+
+ // Setup the command line arguments to create the MAR.
+ let args = ["-C", dataDir.path, "-H", "\@MAR_CHANNEL_ID\@",
+ "-V", "13.0a1", "-c", outMAR.path];
+ args = args.concat(files);
+
+ do_print('Running: ' + signmarBin.path);
+ process.init(signmarBin);
+ process.run(true, args, args.length);
+
+ // Verify signmar returned 0 for success.
+ do_check_eq(process.exitValue, 0);
+
+ // Verify the out MAR file actually exists.
+ do_check_true(outMAR.exists());
+}
+
+/**
+ * Extracts a MAR file to the specified output directory.
+ *
+ * @param mar The MAR file that should be matched
+ * @param dataDir The directory to extract to
+*/
+function extractMAR(mar, dataDir) {
+ // Get an nsIProcess to the signmar binary.
+ let process = Cc["@mozilla.org/process/util;1"].
+ createInstance(Ci.nsIProcess);
+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX);
+
+ // Make sure the signmar binary exists and is an executable.
+ do_check_true(signmarBin.exists());
+ do_check_true(signmarBin.isExecutable());
+
+ // Setup the command line arguments to create the MAR.
+ let args = ["-C", dataDir.path, "-x", mar.path];
+
+ do_print('Running: ' + signmarBin.path);
+ process.init(signmarBin);
+ process.run(true, args, args.length);
+
+ // Verify signmar returned 0 for success.
+ do_check_eq(process.exitValue, 0);
+}
+
+
diff --git a/modules/libmar/tests/unit/test_create.js b/modules/libmar/tests/unit/test_create.js
new file mode 100644
index 000000000..b6db280c9
--- /dev/null
+++ b/modules/libmar/tests/unit/test_create.js
@@ -0,0 +1,78 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+
+ /**
+ * Creates MAR from the passed files, compares it to the reference MAR.
+ *
+ * @param refMARFileName The name of the MAR file that should match
+ * @param files The files that should go in the created MAR
+ * @param checkNoMAR If true return an error if a file already exists
+ */
+ function run_one_test(refMARFileName, files, checkNoMAR) {
+ if (checkNoMAR === undefined) {
+ checkNoMAR = true;
+ }
+
+ // Ensure the MAR we will create doesn't already exist.
+ let outMAR = tempDir.clone();
+ outMAR.append("out.mar");
+ if (checkNoMAR) {
+ do_check_false(outMAR.exists());
+ }
+
+ // Create the actual MAR file.
+ createMAR(outMAR, do_get_file("data"), files);
+
+ // Get the reference MAR data.
+ let refMAR = do_get_file("data/" + refMARFileName);
+ let refMARData = getBinaryFileData(refMAR);
+
+ // Verify the data of the MAR is what it should be.
+ let outMARData = getBinaryFileData(outMAR);
+ compareBinaryData(outMARData, refMARData);
+ }
+
+ // Define the unit tests to run.
+ let tests = {
+ // Test creating a MAR file with a 0 byte file.
+ test_zero_sized: function() {
+ return run_one_test(refMARPrefix + "0_sized_mar.mar", ["0_sized_file"]);
+ },
+ // Test creating a MAR file with a 1 byte file.
+ test_one_byte: function() {
+ return run_one_test(refMARPrefix + "1_byte_mar.mar", ["1_byte_file"]);
+ },
+ // Test creating a MAR file with binary data.
+ test_binary_data: function() {
+ return run_one_test(refMARPrefix + "binary_data_mar.mar",
+ ["binary_data_file"]);
+ },
+ // Test creating a MAR file with multiple files inside of it.
+ test_multiple_file: function() {
+ return run_one_test(refMARPrefix + "multiple_file_mar.mar",
+ ["0_sized_file", "1_byte_file", "binary_data_file"]);
+ },
+ // Test creating a MAR file on top of a different one that already exists
+ // at the location the new one will be created at.
+ test_overwrite_already_exists: function() {
+ let differentFile = do_get_file("data/1_byte_mar.mar");
+ let outMARDir = tempDir.clone();
+ differentFile.copyTo(outMARDir, "out.mar");
+ return run_one_test(refMARPrefix + "binary_data_mar.mar",
+ ["binary_data_file"], false);
+ },
+ // Between each test make sure the out MAR does not exist.
+ cleanup_per_test: function() {
+ let outMAR = tempDir.clone();
+ outMAR.append("out.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+ }
+ };
+
+ // Run all the tests
+ do_check_eq(run_tests(tests), Object.keys(tests).length - 1);
+}
diff --git a/modules/libmar/tests/unit/test_extract.js b/modules/libmar/tests/unit/test_extract.js
new file mode 100644
index 000000000..49ba80e29
--- /dev/null
+++ b/modules/libmar/tests/unit/test_extract.js
@@ -0,0 +1,93 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+
+ /**
+ * Extracts a MAR and makes sure each file matches the reference files.
+ *
+ * @param marFileName The name of the MAR file to extract
+ * @param files The files that the extracted MAR should contain
+ */
+ function run_one_test(marFileName, files) {
+ // Get the MAR file that we will be extracting
+ let mar = do_get_file("data/" + marFileName);
+
+ // Get the path that we will extract to
+ let outDir = tempDir.clone();
+ outDir.append("out");
+ do_check_false(outDir.exists());
+ outDir.create(Ci.nsIFile.DIRECTORY_TYPE, 0o777);
+
+ // Get the ref files and the files that will be extracted.
+ let outFiles = [];
+ let refFiles = [];
+ for (let i = 0; i < files.length; i++) {
+ let outFile = outDir.clone();
+ outFile.append(files[i]);
+ do_check_false(outFile.exists());
+
+ outFiles.push(outFile);
+ refFiles.push(do_get_file("data/" + files[i]));
+ }
+
+ // Extract the MAR contents into the ./out dir.
+ extractMAR(mar, outDir);
+
+ // Compare to make sure the extracted files are the same.
+ for (let i = 0; i < files.length; i++) {
+ do_check_true(outFiles[i].exists());
+ let refFileData = getBinaryFileData(refFiles[i]);
+ let outFileData = getBinaryFileData(outFiles[i]);
+ compareBinaryData(refFileData, outFileData);
+ }
+ }
+
+ // Define the unit tests to run.
+ let tests = {
+ // Test extracting a MAR file with a 0 byte file.
+ test_zero_sized: function() {
+ return run_one_test("0_sized_mar.mar", ["0_sized_file"]);
+ },
+ // Test extracting a MAR file with a 1 byte file.
+ test_one_byte: function() {
+ return run_one_test("1_byte_mar.mar", ["1_byte_file"]);
+ },
+ // Test extracting a MAR file with binary data.
+ test_binary_data: function() {
+ return run_one_test("binary_data_mar.mar", ["binary_data_file"]);
+ },
+ // Test extracting a MAR without a product information block (PIB) which
+ // contains binary data.
+ test_no_pib: function() {
+ return run_one_test("no_pib_mar.mar", ["binary_data_file"]);
+ },
+ // Test extracting a MAR without a product information block (PIB) that is
+ // signed and which contains binary data.
+ test_no_pib_signed: function() {
+ return run_one_test("signed_no_pib_mar.mar", ["binary_data_file"]);
+ },
+ // Test extracting a MAR with a product information block (PIB) that is
+ // signed and which contains binary data.
+ test_pib_signed: function() {
+ return run_one_test("signed_pib_mar.mar", ["binary_data_file"]);
+ },
+ // Test extracting a MAR file with multiple files inside of it.
+ test_multiple_file: function() {
+ return run_one_test("multiple_file_mar.mar",
+ ["0_sized_file", "1_byte_file", "binary_data_file"]);
+ },
+ // Between each test make sure the out directory and its subfiles do
+ // not exist.
+ cleanup_per_test: function() {
+ let outDir = tempDir.clone();
+ outDir.append("out");
+ if (outDir.exists()) {
+ outDir.remove(true);
+ }
+ }
+ };
+
+ // Run all the tests
+ do_check_eq(run_tests(tests), Object.keys(tests).length - 1);
+}
diff --git a/modules/libmar/tests/unit/test_sign_verify.js b/modules/libmar/tests/unit/test_sign_verify.js
new file mode 100644
index 000000000..963e489c0
--- /dev/null
+++ b/modules/libmar/tests/unit/test_sign_verify.js
@@ -0,0 +1,575 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function run_test() {
+
+ /**
+ * Signs a MAR file.
+ *
+ * @param inMAR The MAR file that should be signed
+ * @param outMAR The MAR file to create
+ */
+ function signMAR(inMAR, outMAR, certs, wantSuccess, useShortHandCmdLine) {
+ // Get a process to the signmar binary from the dist/bin directory.
+ let process = Cc["@mozilla.org/process/util;1"].
+ createInstance(Ci.nsIProcess);
+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX);
+
+ // Make sure the signmar binary exists and is an executable.
+ do_check_true(signmarBin.exists());
+ do_check_true(signmarBin.isExecutable());
+
+ // Setup the command line arguments to sign the MAR.
+ let NSSConfigDir = do_get_file("data");
+ let args = ["-d", NSSConfigDir.path];
+ if (certs.length == 1 && useShortHandCmdLine) {
+ args.push("-n", certs[0]);
+ } else {
+ for (var i = 0; i < certs.length; i++) {
+ args.push("-n" + i, certs[i]);
+ }
+ }
+ args.push("-s", inMAR.path, outMAR.path);
+
+ process.init(signmarBin);
+ try {
+ process.run(true, args, args.length);
+ } catch(e) {
+ // On Windows negative return value throws an exception
+ process.exitValue = -1;
+ }
+
+ // Verify signmar returned 0 for success.
+ if (wantSuccess) {
+ do_check_eq(process.exitValue, 0);
+ } else {
+ do_check_neq(process.exitValue, 0);
+ }
+ }
+
+
+ /**
+ * Extract a MAR signature.
+ *
+ * @param inMAR The MAR file who's signature should be extracted
+ * @param sigIndex The index of the signature to extract
+ * @param extractedSig The file where the extracted signature will be stored
+ * @param wantSuccess True if a successful signmar return code is desired
+ */
+ function extractMARSignature(inMAR, sigIndex, extractedSig, wantSuccess) {
+ // Get a process to the signmar binary from the dist/bin directory.
+ let process = Cc["@mozilla.org/process/util;1"].
+ createInstance(Ci.nsIProcess);
+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX);
+
+ // Make sure the signmar binary exists and is an executable.
+ do_check_true(signmarBin.exists());
+ do_check_true(signmarBin.isExecutable());
+
+ // Setup the command line arguments to extract the signature in the MAR.
+ let args = ["-n" + sigIndex, "-X", inMAR.path, extractedSig.path];
+
+ process.init(signmarBin);
+ try {
+ process.run(true, args, args.length);
+ } catch(e) {
+ // On Windows negative return value throws an exception
+ process.exitValue = -1;
+ }
+
+ // Verify signmar returned 0 for success.
+ if (wantSuccess) {
+ do_check_eq(process.exitValue, 0);
+ } else {
+ do_check_neq(process.exitValue, 0);
+ }
+ }
+
+ /**
+ * Import a MAR signature.
+ *
+ * @param inMAR The MAR file who's signature should be imported to
+ * @param sigIndex The index of the signature to import to
+ * @param sigFile The file where the base64 signature exists
+ * @param outMAR The same as inMAR but with the specified signature
+ * swapped at the specified index.
+ * @param wantSuccess True if a successful signmar return code is desired
+ */
+ function importMARSignature(inMAR, sigIndex, sigFile, outMAR, wantSuccess) {
+ // Get a process to the signmar binary from the dist/bin directory.
+ let process = Cc["@mozilla.org/process/util;1"].
+ createInstance(Ci.nsIProcess);
+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX);
+
+ // Make sure the signmar binary exists and is an executable.
+ do_check_true(signmarBin.exists());
+ do_check_true(signmarBin.isExecutable());
+
+ // Setup the command line arguments to import the signature in the MAR.
+ let args = ["-n" + sigIndex, "-I", inMAR.path, sigFile.path, outMAR.path];
+
+ process.init(signmarBin);
+ try {
+ process.run(true, args, args.length);
+ } catch(e) {
+ // On Windows negative return value throws an exception
+ process.exitValue = -1;
+ }
+
+ // Verify signmar returned 0 for success.
+ if (wantSuccess) {
+ do_check_eq(process.exitValue, 0);
+ } else {
+ do_check_neq(process.exitValue, 0);
+ }
+ }
+
+ /**
+ * Verifies a MAR file.
+ *
+ * @param signedMAR Verifies a MAR file
+ */
+ function verifyMAR(signedMAR, wantSuccess, certs, useShortHandCmdLine) {
+ // Get a process to the signmar binary from the dist/bin directory.
+ let process = Cc["@mozilla.org/process/util;1"].
+ createInstance(Ci.nsIProcess);
+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX);
+
+ // Make sure the signmar binary exists and is an executable.
+ do_check_true(signmarBin.exists());
+ do_check_true(signmarBin.isExecutable());
+
+ // Will reference the arguments to use for verification in signmar
+ let args = [];
+
+ // Setup the command line arguments to create the MAR.
+ // Windows & Mac vs. Linux/... have different command line for verification
+ // since on Windows we verify with CryptoAPI, on Mac with Security
+ // Transforms or CDSA/CSSM and on all other platforms we verify with NSS. So
+ // on Windows and Mac we use an exported DER file and on other platforms we
+ // use the NSS config db.
+ if (mozinfo.os == "win" || mozinfo.os == "mac") {
+ if (certs.length == 1 && useShortHandCmdLine) {
+ args.push("-D", "data/" + certs[0] + ".der");
+ } else {
+ for (var i = 0; i < certs.length; i++) {
+ args.push("-D" + i, "data/" + certs[i] + ".der");
+ }
+ }
+ } else {
+ let NSSConfigDir = do_get_file("data");
+ args = ["-d", NSSConfigDir.path];
+ if (certs.length == 1 && useShortHandCmdLine) {
+ args.push("-n", certs[0]);
+ } else {
+ for (var i = 0; i < certs.length; i++) {
+ args.push("-n" + i, certs[i]);
+ }
+ }
+ }
+ args.push("-v", signedMAR.path);
+
+ process.init(signmarBin);
+ try {
+ // We put this in a try block because nsIProcess doesn't like -1 returns
+ process.run(true, args, args.length);
+ } catch (e) {
+ // On Windows negative return value throws an exception
+ process.exitValue = -1;
+ }
+
+ // Verify signmar returned 0 for success.
+ if (wantSuccess) {
+ do_check_eq(process.exitValue, 0);
+ } else {
+ do_check_neq(process.exitValue, 0);
+ }
+ }
+
+ /**
+ * Strips a MAR signature.
+ *
+ * @param signedMAR The MAR file that should be signed
+ * @param outMAR The MAR file to write to with signature stripped
+ */
+ function stripMARSignature(signedMAR, outMAR, wantSuccess) {
+ // Get a process to the signmar binary from the dist/bin directory.
+ let process = Cc["@mozilla.org/process/util;1"].
+ createInstance(Ci.nsIProcess);
+ let signmarBin = do_get_file("signmar" + BIN_SUFFIX);
+
+ // Make sure the signmar binary exists and is an executable.
+ do_check_true(signmarBin.exists());
+ do_check_true(signmarBin.isExecutable());
+
+ // Setup the command line arguments to create the MAR.
+ let args = ["-r", signedMAR.path, outMAR.path];
+
+ process.init(signmarBin);
+ try {
+ process.run(true, args, args.length);
+ } catch (e) {
+ // On Windows negative return value throws an exception
+ process.exitValue = -1;
+ }
+
+ // Verify signmar returned 0 for success.
+ if (wantSuccess) {
+ do_check_eq(process.exitValue, 0);
+ } else {
+ do_check_neq(process.exitValue, 0);
+ }
+ }
+
+
+ function cleanup() {
+ let outMAR = tempDir.clone();
+ outMAR.append("signed_out.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+ outMAR = tempDir.clone();
+ outMAR.append("multiple_signed_out.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+ outMAR = tempDir.clone();
+ outMAR.append("out.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+
+ let outDir = tempDir.clone();
+ outDir.append("out");
+ if (outDir.exists()) {
+ outDir.remove(true);
+ }
+ }
+
+ const wantFailure = false;
+ const wantSuccess = true;
+ // Define the unit tests to run.
+ let tests = {
+ // Test signing a MAR file with a single signature
+ test_sign_single: function() {
+ let inMAR = do_get_file("data/" + refMARPrefix + "binary_data_mar.mar");
+ let outMAR = tempDir.clone();
+ outMAR.append("signed_out.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+ signMAR(inMAR, outMAR, ["mycert"], wantSuccess, true);
+ do_check_true(outMAR.exists());
+ let outMARData = getBinaryFileData(outMAR);
+ let refMAR = do_get_file("data/" + refMARPrefix + "signed_pib_mar.mar");
+ let refMARData = getBinaryFileData(refMAR);
+ compareBinaryData(outMARData, refMARData);
+ },
+ // Test signing a MAR file with multiple signatures
+ test_sign_multiple: function() {
+ let inMAR = do_get_file("data/" + refMARPrefix + "binary_data_mar.mar");
+ let outMAR = tempDir.clone();
+ outMAR.append("multiple_signed_out.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+ do_check_false(outMAR.exists());
+ signMAR(inMAR, outMAR, ["mycert", "mycert2", "mycert3"],
+ wantSuccess, true);
+ do_check_true(outMAR.exists());
+ let outMARData = getBinaryFileData(outMAR);
+ let refMAR = do_get_file("data/" + refMARPrefix + "multiple_signed_pib_mar.mar");
+ let refMARData = getBinaryFileData(refMAR);
+ compareBinaryData(outMARData, refMARData);
+ },
+ // Test verifying a signed MAR file
+ test_verify_single: function() {
+ let signedMAR = do_get_file("data/signed_pib_mar.mar");
+ verifyMAR(signedMAR, wantSuccess, ["mycert"], true);
+ verifyMAR(signedMAR, wantSuccess, ["mycert"], false);
+ },
+ // Test verifying a signed MAR file with too many certs fails.
+ // Or if you want to look at it another way, One mycert signature
+ // is missing.
+ test_verify_single_too_many_certs: function() {
+ let signedMAR = do_get_file("data/signed_pib_mar.mar");
+ verifyMAR(signedMAR, wantFailure, ["mycert", "mycert"], true);
+ verifyMAR(signedMAR, wantFailure, ["mycert", "mycert"], false);
+ },
+ // Test verifying a signed MAR file fails when using a wrong cert
+ test_verify_single_wrong_cert: function() {
+ let signedMAR = do_get_file("data/signed_pib_mar.mar");
+ verifyMAR(signedMAR, wantFailure, ["mycert2"], true);
+ verifyMAR(signedMAR, wantFailure, ["mycert2"], false);
+ },
+ // Test verifying a signed MAR file with multiple signatures
+ test_verify_multiple: function() {
+ let signedMAR = do_get_file("data/multiple_signed_pib_mar.mar");
+ verifyMAR(signedMAR, wantSuccess, ["mycert", "mycert2", "mycert3"]);
+ },
+ // Test verifying an unsigned MAR file fails
+ test_verify_unsigned_mar_file_fails: function() {
+ let unsignedMAR = do_get_file("data/binary_data_mar.mar");
+ verifyMAR(unsignedMAR, wantFailure, ["mycert", "mycert2", "mycert3"]);
+ },
+ // Test verifying a signed MAR file with the same signature multiple
+ // times fails. The input MAR has: mycert, mycert2, mycert3.
+ // we're checking to make sure the number of verified signatures
+ // is only 1 and not 3. Each signature should be verified once.
+ test_verify_multiple_same_cert: function() {
+ let signedMAR = do_get_file("data/multiple_signed_pib_mar.mar");
+ verifyMAR(signedMAR, wantFailure, ["mycert", "mycert", "mycert"]);
+ },
+ // Test verifying a signed MAR file with the correct signatures but in
+ // a different order fails
+ test_verify_multiple_wrong_order: function() {
+ let signedMAR = do_get_file("data/multiple_signed_pib_mar.mar");
+ verifyMAR(signedMAR, wantSuccess, ["mycert", "mycert2", "mycert3"]);
+ verifyMAR(signedMAR, wantFailure, ["mycert", "mycert3", "mycert2"]);
+ verifyMAR(signedMAR, wantFailure, ["mycert2", "mycert", "mycert3"]);
+ verifyMAR(signedMAR, wantFailure, ["mycert2", "mycert3", "mycert"]);
+ verifyMAR(signedMAR, wantFailure, ["mycert3", "mycert", "mycert2"]);
+ verifyMAR(signedMAR, wantFailure, ["mycert3", "mycert2", "mycert"]);
+ },
+ // Test verifying a signed MAR file without a PIB
+ test_verify_no_pib: function() {
+ let signedMAR = do_get_file("data/signed_no_pib_mar.mar");
+ verifyMAR(signedMAR, wantSuccess, ["mycert"], true);
+ verifyMAR(signedMAR, wantSuccess, ["mycert"], false);
+ },
+ // Test verifying a signed MAR file with multiple signatures without a PIB
+ test_verify_no_pib_multiple: function() {
+ let signedMAR = do_get_file("data/multiple_signed_no_pib_mar.mar");
+ verifyMAR(signedMAR, wantSuccess, ["mycert", "mycert2", "mycert3"]);
+ },
+ // Test verifying a crafted MAR file where the attacker tried to adjust
+ // the version number manually.
+ test_crafted_mar: function() {
+ let signedBadMAR = do_get_file("data/manipulated_signed_mar.mar");
+ verifyMAR(signedBadMAR, wantFailure, ["mycert"], true);
+ verifyMAR(signedBadMAR, wantFailure, ["mycert"], false);
+ },
+ // Test verifying a file that doesn't exist fails
+ test_bad_path_verify_fails: function() {
+ let noMAR = do_get_file("data/does_not_exist_.mar", true);
+ do_check_false(noMAR.exists());
+ verifyMAR(noMAR, wantFailure, ["mycert"], true);
+ },
+ // Test to make sure a stripped MAR is the same as the original MAR
+ test_strip_signature: function() {
+ let originalMAR = do_get_file("data/" +
+ refMARPrefix +
+ "binary_data_mar.mar");
+ let signedMAR = tempDir.clone();
+ signedMAR.append("signed_out.mar");
+ let outMAR = tempDir.clone();
+ outMAR.append("out.mar", true);
+ stripMARSignature(signedMAR, outMAR, wantSuccess);
+
+ // Verify that the stripped MAR matches the original data MAR exactly
+ let outMARData = getBinaryFileData(outMAR);
+ let originalMARData = getBinaryFileData(originalMAR);
+ compareBinaryData(outMARData, originalMARData);
+ },
+ // Test to make sure a stripped multi-signature-MAR is the same as the original MAR
+ test_strip_multiple_signatures: function() {
+ let originalMAR = do_get_file("data/" +
+ refMARPrefix +
+ "binary_data_mar.mar");
+ let signedMAR = tempDir.clone();
+ signedMAR.append("multiple_signed_out.mar");
+ let outMAR = tempDir.clone();
+ outMAR.append("out.mar");
+ stripMARSignature(signedMAR, outMAR, wantSuccess);
+
+ // Verify that the stripped MAR matches the original data MAR exactly
+ let outMARData = getBinaryFileData(outMAR);
+ let originalMARData = getBinaryFileData(originalMAR);
+ compareBinaryData(outMARData, originalMARData);
+ },
+ // Test extracting the first signature in a MAR that has only a single signature
+ test_extract_sig_single: function() {
+ let inMAR = do_get_file("data/signed_pib_mar.mar");
+ let extractedSig = do_get_file("extracted_signature", true);
+ if (extractedSig.exists()) {
+ extractedSig.remove(false);
+ }
+ extractMARSignature(inMAR, 0, extractedSig, wantSuccess);
+ do_check_true(extractedSig.exists());
+
+ let referenceSig = do_get_file("data/signed_pib_mar.signature.0"); +
+ compareBinaryData(extractedSig, referenceSig);
+ },
+ // Test extracting the all signatures in a multi signature MAR
+ // The input MAR has 3 signatures.
+ test_extract_sig_multi: function() {
+ for (let i = 0; i < 3; i++) {
+ let inMAR = do_get_file("data/multiple_signed_pib_mar.mar");
+ let extractedSig = do_get_file("extracted_signature", true);
+ if (extractedSig.exists()) {
+ extractedSig.remove(false);
+ }
+ extractMARSignature(inMAR, i, extractedSig, wantSuccess);
+ do_check_true(extractedSig.exists());
+
+ let referenceSig = do_get_file("data/multiple_signed_pib_mar.sig." + i); +
+ compareBinaryData(extractedSig, referenceSig);
+ }
+ },
+ // Test extracting a signature that is out of range fails
+ test_extract_sig_out_of_range: function() {
+ let inMAR = do_get_file("data/signed_pib_mar.mar");
+ let extractedSig = do_get_file("extracted_signature", true);
+ if (extractedSig.exists()) {
+ extractedSig.remove(false);
+ }
+ const outOfBoundsIndex = 5;
+ extractMARSignature(inMAR, outOfBoundsIndex, extractedSig, wantFailure);
+ do_check_false(extractedSig.exists());
+ },
+ // Test signing a file that doesn't exist fails
+ test_bad_path_sign_fails: function() {
+ let inMAR = do_get_file("data/does_not_exist_.mar", true);
+ let outMAR = tempDir.clone();
+ outMAR.append("signed_out.mar");
+ do_check_false(inMAR.exists());
+ signMAR(inMAR, outMAR, ["mycert"], wantFailure, true);
+ do_check_false(outMAR.exists());
+ },
+ // Test verifying only a subset of the signatures fails.
+ // The input MAR has: mycert, mycert2, mycert3.
+ // We're only verifying 2 of the 3 signatures and that should fail.
+ test_verify_multiple_subset: function() {
+ let signedMAR = do_get_file("data/multiple_signed_pib_mar.mar");
+ verifyMAR(signedMAR, wantFailure, ["mycert", "mycert2"]);
+ },
+ // Test importing the first signature in a MAR that has only
+ // a single signature
+ test_import_sig_single: function() {
+ // Make sure the input MAR was signed with mycert only
+ let inMAR = do_get_file("data/signed_pib_mar.mar");
+ verifyMAR(inMAR, wantSuccess, ["mycert"], false);
+ verifyMAR(inMAR, wantFailure, ["mycert2"], false);
+ verifyMAR(inMAR, wantFailure, ["mycert3"], false);
+
+ // Get the signature file for this MAR signed with the key from mycert2
+ let sigFile = do_get_file("data/signed_pib_mar.signature.mycert2");
+ do_check_true(sigFile.exists());
+ let outMAR = tempDir.clone();
+ outMAR.append("sigchanged_signed_pib_mar.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+
+ //Run the import operation
+ importMARSignature(inMAR, 0, sigFile, outMAR, wantSuccess);
+
+ // Verify we have a new MAR file and that mycert no longer verifies
+ // and that mycert2 does verify
+ do_check_true(outMAR.exists());
+ verifyMAR(outMAR, wantFailure, ["mycert"], false);
+ verifyMAR(outMAR, wantSuccess, ["mycert2"], false);
+ verifyMAR(outMAR, wantFailure, ["mycert3"], false);
+
+ // Compare the binary data to something that was signed originally
+ // with the private key from mycert2
+ let refMAR = do_get_file("data/signed_pib_mar_with_mycert2.mar");
+ do_check_true(refMAR.exists());
+ let refMARData = getBinaryFileData(refMAR);
+ let outMARData = getBinaryFileData(outMAR);
+ compareBinaryData(outMARData, refMARData);
+ },
+ // Test importing a signature that doesn't belong to the file
+ // fails to verify.
+ test_import_wrong_sig: function() {
+ // Make sure the input MAR was signed with mycert only
+ let inMAR = do_get_file("data/signed_pib_mar.mar");
+ verifyMAR(inMAR, wantSuccess, ["mycert"], false);
+ verifyMAR(inMAR, wantFailure, ["mycert2"], false);
+ verifyMAR(inMAR, wantFailure, ["mycert3"], false);
+
+ // Get the signature file for this MAR signed with the key from mycert2
+ let sigFile = do_get_file("data/multiple_signed_pib_mar.sig.0");
+ do_check_true(sigFile.exists());
+ let outMAR = tempDir.clone();
+ outMAR.append("sigchanged_signed_pib_mar.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+
+ //Run the import operation
+ importMARSignature(inMAR, 0, sigFile, outMAR, wantSuccess);
+
+ // Verify we have a new MAR file and that mycert no longer verifies
+ // and that mycert2 does verify
+ do_check_true(outMAR.exists());
+ verifyMAR(outMAR, wantFailure, ["mycert"], false);
+ verifyMAR(outMAR, wantFailure, ["mycert2"], false);
+ verifyMAR(outMAR, wantFailure, ["mycert3"], false);
+ },
+ // Test importing to the second signature in a MAR that has multiple
+ // signature
+ test_import_sig_multiple: function() {
+ // Make sure the input MAR was signed with mycert only
+ let inMAR = do_get_file("data/multiple_signed_pib_mar.mar");
+ verifyMAR(inMAR, wantSuccess, ["mycert", "mycert2", "mycert3"], false);
+ verifyMAR(inMAR, wantFailure, ["mycert", "mycert", "mycert3"], false);
+
+ // Get the signature file for this MAR signed with the key from mycert
+ let sigFile = do_get_file("data/multiple_signed_pib_mar.sig.0");
+ do_check_true(sigFile.exists());
+ let outMAR = tempDir.clone();
+ outMAR.append("sigchanged_signed_pib_mar.mar");
+ if (outMAR.exists()) {
+ outMAR.remove(false);
+ }
+
+ //Run the import operation
+ const secondSigPos = 1;
+ importMARSignature(inMAR, secondSigPos, sigFile, outMAR, wantSuccess);
+
+ // Verify we have a new MAR file and that mycert no longer verifies
+ // and that mycert2 does verify
+ do_check_true(outMAR.exists());
+ verifyMAR(outMAR, wantSuccess, ["mycert", "mycert", "mycert3"], false);
+ verifyMAR(outMAR, wantFailure, ["mycert", "mycert2", "mycert3"], false);
+
+ // Compare the binary data to something that was signed originally
+ // with the private keys from mycert, mycert, mycert3
+ let refMAR = do_get_file("data/multiple_signed_pib_mar_2.mar");
+ do_check_true(refMAR.exists());
+ let refMARData = getBinaryFileData(refMAR);
+ let outMARData = getBinaryFileData(outMAR);
+ compareBinaryData(outMARData, refMARData);
+ },
+ // Test stripping a MAR that doesn't exist fails
+ test_bad_path_strip_fails: function() {
+ let noMAR = do_get_file("data/does_not_exist_mar", true);
+ do_check_false(noMAR.exists());
+ let outMAR = tempDir.clone();
+ outMAR.append("out.mar");
+ stripMARSignature(noMAR, outMAR, wantFailure);
+ },
+ // Test extracting from a bad path fails
+ test_extract_bad_path: function() {
+ let noMAR = do_get_file("data/does_not_exist.mar", true);
+ let extractedSig = do_get_file("extracted_signature", true);
+ do_check_false(noMAR.exists());
+ if (extractedSig.exists()) {
+ extractedSig.remove(false);
+ }
+ extractMARSignature(noMAR, 0, extractedSig, wantFailure);
+ do_check_false(extractedSig.exists());
+ },
+ // Between each test make sure the out MAR does not exist.
+ cleanup_per_test: function() {
+ }
+ };
+
+ cleanup();
+
+ // Run all the tests
+ do_check_eq(run_tests(tests), Object.keys(tests).length - 1);
+
+ do_register_cleanup(cleanup);
+}
diff --git a/modules/libmar/tests/unit/xpcshell.ini b/modules/libmar/tests/unit/xpcshell.ini
new file mode 100644
index 000000000..f8f9a700c
--- /dev/null
+++ b/modules/libmar/tests/unit/xpcshell.ini
@@ -0,0 +1,8 @@
+[DEFAULT]
+head = head_libmar.js
+tail =
+support-files = data/**
+
+[test_create.js]
+[test_extract.js]
+[test_sign_verify.js]