summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_pkcs11_token.js
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests/unit/test_pkcs11_token.js')
-rw-r--r--security/manager/ssl/tests/unit/test_pkcs11_token.js119
1 files changed, 119 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_token.js b/security/manager/ssl/tests/unit/test_pkcs11_token.js
new file mode 100644
index 000000000..69b2cb384
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_token.js
@@ -0,0 +1,119 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 token, using
+// the internal key token.
+// We don't use either of the test tokens in the test PKCS #11 module because:
+// 1. Test token 1 cyclically inserts and removes itself in a tight loop.
+// Using token 1 would complicate the test and introduce intermittent
+// failures.
+// 2. Neither test token implements login or password related functionality.
+// We want to test such functionality.
+// 3. Using the internal token lets us actually test the internal token works
+// as expected.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function checkBasicAttributes(token) {
+ let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"]
+ .getService(Ci.nsIStringBundleService);
+ let bundle =
+ strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties");
+
+ let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
+ equal(token.tokenName, expectedTokenName,
+ "Actual and expected name should match");
+ equal(token.tokenLabel, expectedTokenName,
+ "Actual and expected label should match");
+ equal(token.tokenManID, bundle.GetStringFromName("ManufacturerID"),
+ "Actual and expected manufacturer ID should match");
+ equal(token.tokenHWVersion, "0.0",
+ "Actual and expected hardware version should match");
+ equal(token.tokenFWVersion, "0.0",
+ "Actual and expected firmware version should match");
+ equal(token.tokenSerialNumber, "0000000000000000",
+ "Actual and expected serial number should match");
+}
+
+/**
+ * Checks the various password related features of the given token.
+ * The token should already have been init with a password and be logged into.
+ * The password of the token will be reset after calling this function.
+ *
+ * @param {nsIPK11Token} token
+ * The token to test.
+ * @param {String} initialPW
+ * The password that the token should have been init with.
+ */
+function checkPasswordFeaturesAndResetPassword(token, initialPW) {
+ ok(!token.needsUserInit,
+ "Token should not need user init after setting a password");
+
+ equal(token.minimumPasswordLength, 0,
+ "Actual and expected min password length should match");
+
+ token.setAskPasswordDefaults(10, 20);
+ equal(token.getAskPasswordTimes(), 10,
+ "Actual and expected ask password times should match");
+ equal(token.getAskPasswordTimeout(), 20,
+ "Actual and expected ask password timeout should match");
+
+ ok(token.checkPassword(initialPW),
+ "checkPassword() should succeed if the correct initial password is given");
+ token.changePassword(initialPW, "newPW ÿ 一二三");
+ ok(token.checkPassword("newPW ÿ 一二三"),
+ "checkPassword() should succeed if the correct new password is given");
+
+ ok(!token.checkPassword("wrongPW"),
+ "checkPassword() should fail if an incorrect password is given");
+ ok(!token.isLoggedIn(),
+ "Token should be logged out after an incorrect password was given");
+ ok(!token.needsUserInit,
+ "Token should still be init with a password even if an incorrect " +
+ "password was given");
+
+ token.reset();
+ ok(token.needsUserInit,
+ "Token should need password init after reset");
+ ok(!token.isLoggedIn(), "Token should be logged out of after reset");
+}
+
+function run_test() {
+ let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+ .getService(Ci.nsIPK11TokenDB);
+ let token = tokenDB.getInternalKeyToken();
+ notEqual(token, null, "The internal token should be present");
+
+ checkBasicAttributes(token);
+
+ ok(!token.isLoggedIn(), "Token should not be logged into yet");
+ // Test that attempting to log out even when the token was not logged into
+ // does not result in an error.
+ token.logoutSimple();
+ ok(!token.isLoggedIn(), "Token should still not be logged into");
+
+ let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三";
+ token.initPassword(initialPW);
+ token.login(/*force*/ false);
+ ok(token.isLoggedIn(), "Token should now be logged into");
+
+ checkPasswordFeaturesAndResetPassword(token, initialPW);
+
+ // We reset the password previously, so we need to initialize again.
+ token.initPassword("arbitrary");
+ ok(token.isLoggedIn(),
+ "Token should be logged into after initializing password again");
+ token.logoutSimple();
+ ok(!token.isLoggedIn(),
+ "Token should be logged out after calling logoutSimple()");
+
+ ok(!token.isHardwareToken(),
+ "The internal token should not be considered a hardware token");
+ ok(token.isFriendly(),
+ "The internal token should always be considered friendly");
+ ok(token.needsLogin(),
+ "The internal token should always need authentication");
+}