1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=386153
-->
<head>
<title>Test for Bug 386153</title>
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
<script type="application/javascript" src="chrome://mochikit/content/chrome-harness.js"></script>
<link rel="stylesheet" type="text/css" href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=386153">Mozilla Bug 386153</a>
<p id="display"></p>
<div id="content" style="display: none">
</div>
<pre id="test">
<script type="application/javascript">
/** Test for Bug 386153 **/
const Cc = Components.classes;
const Ci = Components.interfaces;
// Opens a zip file from the test directory.
function openZip(path) {
var location = window.location.href;
location = getRootDirectory(location);
var jar = getJar(location);
if (jar != null) {
var resolved = extractJarToTmp(jar);
} else {
var resolvedURI = getResolvedURI(window.location.href);
var resolved = getChromeDir(resolvedURI);
}
resolved.append(path);
var zip = Cc["@mozilla.org/libjar/zip-reader;1"].
createInstance(Ci.nsIZipReader);
zip.open(resolved);
return zip;
}
// Gets the pretty name from the signing cert or null if the zip is unsigned.
function getSigner(zip) {
var signingCert = zip.getSigningCert(null);
if (signingCert) {
return signingCert.organization;
}
return null;
}
function verifySigning(zip) {
var signingCert = zip.getSigningCert(null);
var count = 0;
var entries = zip.findEntries(null);
while (entries.hasMore()) {
var entry = entries.getNext();
// Nothing in META-INF is in the manifest.
if (entry.substr(0, 9) == "META-INF/")
continue;
// Directory entries aren't in the manifest.
if (entry.substr(-1) == "/")
continue;
count++;
var entryCert = zip.getSigningCert(entry);
if (!entryCert || !signingCert.equals(entryCert)) {
return false;
}
}
return zip.manifestEntriesCount == count;
}
var zip = openZip("unsigned.zip");
is(getSigner(zip), null, "Should not be signed");
zip = openZip("signed.zip");
is(getSigner(zip), "Mozilla Testing", "Should be signed by the right cert");
ok(verifySigning(zip), "Should be correctly signed");
zip = openZip("signed-added.zip");
is(getSigner(zip), "Mozilla Testing", "Should be signed by the right cert");
ok(!verifySigning(zip), "Should be incorrectly signed");
zip = openZip("signed-tampered.zip");
is(getSigner(zip), "Mozilla Testing", "Should be signed by the right cert");
ok(!verifySigning(zip), "Should be incorrectly signed");
zip = openZip("signed-badca.zip");
is(getSigner(zip), null, "Should not appear to be signed");
</script>
</pre>
</body>
</html>
|