diff options
Diffstat (limited to 'security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js')
-rw-r--r-- | security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js new file mode 100644 index 000000000..bc87732a5 --- /dev/null +++ b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js @@ -0,0 +1,119 @@ +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests that the UI for editing the trust of a CA certificate correctly +// reflects trust in the cert DB, and correctly updates trust in the cert DB +// when requested. + +var gCertDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +/** + * The cert we're editing the trust of. + * @type nsIX509Cert + */ +var gCert; + +/** + * Opens the cert trust editing dialog. + * + * @returns {Promise} + * A promise that resolves when the dialog has finished loading with + * the window of the opened dialog. + */ +function openEditCertTrustDialog() { + let win = window.openDialog("chrome://pippki/content/editcacert.xul", "", "", + gCert); + return new Promise((resolve, reject) => { + win.addEventListener("load", function onLoad() { + win.removeEventListener("load", onLoad); + resolve(win); + }); + }); +} + +add_task(function* setup() { + // Initially trust ca.pem for SSL, but not e-mail or object signing. + gCert = yield readCertificate("ca.pem", "CT,,"); + Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "Sanity check: ca.pem should be trusted for SSL"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL), + "Sanity check: ca.pem should not be trusted for e-mail"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_OBJSIGN), + "Sanity check: ca.pem should not be trusted for object signing"); +}); + +// Tests the following: +// 1. The checkboxes correctly reflect the trust set in setup(). +// 2. Accepting the dialog after flipping some of the checkboxes results in the +// correct trust being set in the cert DB. +add_task(function* testAcceptDialog() { + let win = yield openEditCertTrustDialog(); + + let sslCheckbox = win.document.getElementById("trustSSL"); + let emailCheckbox = win.document.getElementById("trustEmail"); + let objSignCheckbox = win.document.getElementById("trustObjSign"); + Assert.ok(sslCheckbox.checked, + "Cert should be trusted for SSL in UI"); + Assert.ok(!emailCheckbox.checked, + "Cert should not be trusted for e-mail in UI"); + Assert.ok(!objSignCheckbox.checked, + "Cert should not be trusted for object signing in UI"); + + sslCheckbox.checked = false; + emailCheckbox.checked = true; + + info("Accepting dialog"); + win.document.getElementById("editCaCert").acceptDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "Cert should no longer be trusted for SSL"); + Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL), + "Cert should now be trusted for e-mail"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_OBJSIGN), + "Cert should still not be trusted for object signing"); +}); + +// Tests the following: +// 1. The checkboxes correctly reflect the trust set in testAcceptDialog(). +// 2. Canceling the dialog even after flipping the checkboxes doesn't result in +// a change of trust in the cert DB. +add_task(function* testCancelDialog() { + let win = yield openEditCertTrustDialog(); + + let sslCheckbox = win.document.getElementById("trustSSL"); + let emailCheckbox = win.document.getElementById("trustEmail"); + let objSignCheckbox = win.document.getElementById("trustObjSign"); + Assert.ok(!sslCheckbox.checked, + "Cert should not be trusted for SSL in UI"); + Assert.ok(emailCheckbox.checked, + "Cert should be trusted for e-mail in UI"); + Assert.ok(!objSignCheckbox.checked, + "Cert should not be trusted for object signing in UI"); + + sslCheckbox.checked = true; + emailCheckbox.checked = false; + objSignCheckbox.checked = true; + + info("Canceling dialog"); + win.document.getElementById("editCaCert").cancelDialog(); + yield BrowserTestUtils.windowClosed(win); + + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "Cert should still not be trusted for SSL"); + Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_EMAIL), + "Cert should still be trusted for e-mail"); + Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_OBJSIGN), + "Cert should still not be trusted for object signing"); +}); |