diff options
Diffstat (limited to 'security/manager/ssl/tests/unit/test_enterprise_roots.js')
-rw-r--r-- | security/manager/ssl/tests/unit/test_enterprise_roots.js | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_enterprise_roots.js b/security/manager/ssl/tests/unit/test_enterprise_roots.js new file mode 100644 index 000000000..de1b3a529 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_enterprise_roots.js @@ -0,0 +1,58 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +"use strict"; + +// Tests enterprise root certificate support. When configured to do so, the +// platform will attempt to find and import enterprise root certificates. This +// feature is specific to Windows. + +do_get_profile(); // must be called before getting nsIX509CertDB + +function check_no_enterprise_roots_imported(certDB, dbKey = undefined) { + let enterpriseRoots = certDB.getEnterpriseRoots(); + equal(enterpriseRoots, null, "should not have imported any enterprise roots"); + if (dbKey) { + let cert = certDB.findCertByDBKey(dbKey); + // If the garbage-collector hasn't run, there may be reachable copies of + // imported enterprise root certificates. If so, they shouldn't be trusted + // to issue TLS server auth certificates. + if (cert) { + ok(!certDB.isCertTrusted(cert, Ci.nsIX509Cert.CA_CERT, + Ci.nsIX509CertDB.TRUSTED_SSL), + "previously-imported enterprise root shouldn't be trusted to issue " + + "TLS server auth certificates"); + } + } +} + +function check_some_enterprise_roots_imported(certDB) { + let enterpriseRoots = certDB.getEnterpriseRoots(); + notEqual(enterpriseRoots, null, "should have imported some enterprise roots"); + let enumerator = enterpriseRoots.getEnumerator(); + let foundNonBuiltIn = false; + let savedDBKey = null; + while (enumerator.hasMoreElements()) { + let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert); + if (!cert.isBuiltInRoot && !savedDBKey) { + foundNonBuiltIn = true; + savedDBKey = cert.dbKey; + do_print("saving dbKey from " + cert.commonName); + } + } + ok(foundNonBuiltIn, "should have found non-built-in root"); + return savedDBKey; +} + +function run_test() { + let certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + Services.prefs.setBoolPref("security.enterprise_roots.enabled", false); + check_no_enterprise_roots_imported(certDB); + Services.prefs.setBoolPref("security.enterprise_roots.enabled", true); + let savedDBKey = check_some_enterprise_roots_imported(certDB); + Services.prefs.setBoolPref("security.enterprise_roots.enabled", false); + check_no_enterprise_roots_imported(certDB, savedDBKey); +} |