--- a/security/manager/.eslintrc
+++ b/security/manager/.eslintrc
@@ -1,22 +1,28 @@
{
"rules": {
// Braces only needed for multi-line arrow function blocks
"arrow-body-style": [2, "as-needed"],
// Require spacing around =>
"arrow-spacing": 2,
+ // Always require spacing around a single line block
+ "block-spacing": 2,
+
// No space before always a space after a comma
"comma-spacing": [2, {"before": false, "after": true}],
// Commas at the end of the line not the start
"comma-style": 2,
+ // Don't require spaces around computed properties
+ "computed-property-spacing": [2, "never"],
+
// Functions must always return something or nothing
"consistent-return": 2,
// Require braces around blocks that start a new line
"curly": [2, "multi-line"],
// Always require a trailing EOL
"eol-last": 2,
@@ -28,28 +34,37 @@
"key-spacing": [2, { "beforeColon": false, "afterColon": true, "mode": "minimum" }],
// Unix linebreaks
"linebreak-style": [2, "unix"],
// Always require parenthesis for new calls
"new-parens": 2,
+ // Use [] instead of Array()
+ "no-array-constructor": 2,
+
+ // Disallow use of debugger
+ "no-debugger": 2,
+
// No duplicate arguments in function declarations
"no-dupe-args": 2,
// No duplicate keys in object declarations
"no-dupe-keys": 2,
// No duplicate cases in switch statements
"no-duplicate-case": 2,
// No labels
"no-labels": 2,
+ // If an if block ends with a return no need for an else block
+ "no-else-return": 2,
+
// No empty character classes in regex
"no-empty-character-class": 2,
// Disallow empty destructuring
"no-empty-pattern": 2,
// No assigning to exception variable
"no-ex-assign": 2,
@@ -64,31 +79,51 @@
"no-func-assign": 2,
// No invalid regular expressions
"no-invalid-regexp": 2,
// No odd whitespace characters
"no-irregular-whitespace": 2,
+ // No single if block inside an else block
+ "no-lonely-if": 2,
+
// No mixing spaces and tabs in indent
"no-mixed-spaces-and-tabs": [2, "smart-tabs"],
+ // No unnecessary spacing
+ "no-multi-spaces": [2, { "exceptions": {
+ "AssignmentExpression": true,
+ "VariableDeclarator": true,
+ "ArrayExpression": true,
+ "ObjectExpression": true
+ }}],
+
// No reassigning native JS objects
"no-native-reassign": 2,
// No (!foo in bar)
"no-negated-in-lhs": 2,
+ // Nested ternary statements are confusing
+ "no-nested-ternary": 2,
+
// Use {} instead of new Object()
"no-new-object": 2,
// No Math() or JSON()
"no-obj-calls": 2,
+ // No octal literals
+ "no-octal": 2,
+
+ // No redeclaring variables
+ "no-redeclare": 2,
+
// No unnecessary comparisons
"no-self-compare": 2,
// No declaring variables that hide things like arguments
"no-shadow-restricted-names": 2,
// No spaces between function name and parentheses
"no-spaced-func": 2,
@@ -106,29 +141,35 @@
"no-unused-expressions": 2,
// No using with
"no-with": 2,
// Always require semicolon at end of statement
"semi": [2, "always"],
+ // Require space after keywords
+ // Note: Replaced by keyword-spacing in ESLint v2.0.
+ "space-after-keywords": 2,
+
// Require space before blocks
"space-before-blocks": 2,
// Require spaces before finally, catch, etc.
+ // Note: Replaced by keyword-spacing in ESLint v2.0.
"space-before-keywords": [2, "always"],
// No space padding in parentheses
"space-in-parens": [2, "never"],
// Require spaces around operators
"space-infix-ops": 2,
// Require spaces after return, throw and case
+ // Note: Replaced by keyword-spacing in ESLint v2.0.
"space-return-throw-case": 2,
// ++ and -- should not need spacing
"space-unary-ops": [2, { "words": true, "nonwords": false }],
// No comparisons to NaN
"use-isnan": 2,
--- a/security/manager/pki/resources/content/clientauthask.js
+++ b/security/manager/pki/resources/content/clientauthask.js
@@ -23,17 +23,17 @@ function onLoad()
issuer = dialogParams.GetString(2);
// added with bug 431819. reuse string from caps in order to avoid string changes
var capsBundle = document.getElementById("caps_bundle");
var rememberString = capsBundle.getString("CheckMessage");
var rememberSetting = true;
var pref = Components.classes['@mozilla.org/preferences-service;1']
- .getService(Components.interfaces.nsIPrefService);
+ .getService(Components.interfaces.nsIPrefService);
if (pref) {
pref = pref.getBranch(null);
try {
rememberSetting =
pref.getBoolPref("security.remember_cert_checkbox_default_setting");
} catch (e) {
// pref is missing
}
--- a/security/manager/pki/resources/content/deletecert.js
+++ b/security/manager/pki/resources/content/deletecert.js
@@ -17,50 +17,46 @@ function setWindowName()
var typeFlag = gParams.GetString(0);
var numberOfCerts = gParams.GetInt(0);
var bundle = document.getElementById("pippki_bundle");
var title;
var confirm;
var impact;
- if(typeFlag == "mine_tab")
- {
- title = bundle.getString("deleteUserCertTitle");
- confirm = bundle.getString("deleteUserCertConfirm");
- impact = bundle.getString("deleteUserCertImpact");
- }
- else if(typeFlag == "websites_tab")
- {
- title = bundle.getString("deleteSslCertTitle3");
- confirm = bundle.getString("deleteSslCertConfirm3");
- impact = bundle.getString("deleteSslCertImpact3");
+ switch (typeFlag) {
+ case "mine_tab":
+ title = bundle.getString("deleteUserCertTitle");
+ confirm = bundle.getString("deleteUserCertConfirm");
+ impact = bundle.getString("deleteUserCertImpact");
+ break;
+ case "websites_tab":
+ title = bundle.getString("deleteSslCertTitle3");
+ confirm = bundle.getString("deleteSslCertConfirm3");
+ impact = bundle.getString("deleteSslCertImpact3");
+ break;
+ case "ca_tab":
+ title = bundle.getString("deleteCaCertTitle2");
+ confirm = bundle.getString("deleteCaCertConfirm2");
+ impact = bundle.getString("deleteCaCertImpactX2");
+ break;
+ case "others_tab":
+ title = bundle.getString("deleteEmailCertTitle");
+ confirm = bundle.getString("deleteEmailCertConfirm");
+ impact = bundle.getString("deleteEmailCertImpactDesc");
+ break;
+ case "orphan_tab":
+ title = bundle.getString("deleteOrphanCertTitle");
+ confirm = bundle.getString("deleteOrphanCertConfirm");
+ impact = "";
+ break;
+ default:
+ return;
}
- else if(typeFlag == "ca_tab")
- {
- title = bundle.getString("deleteCaCertTitle2");
- confirm = bundle.getString("deleteCaCertConfirm2");
- impact = bundle.getString("deleteCaCertImpactX2");
- }
- else if(typeFlag == "others_tab")
- {
- title = bundle.getString("deleteEmailCertTitle");
- confirm = bundle.getString("deleteEmailCertConfirm");
- impact = bundle.getString("deleteEmailCertImpactDesc");
- }
- else if(typeFlag == "orphan_tab")
- {
- title = bundle.getString("deleteOrphanCertTitle");
- confirm = bundle.getString("deleteOrphanCertConfirm");
- impact = "";
- }
- else
- {
- return;
- }
+
var confirReference = document.getElementById('confirm');
var impactReference = document.getElementById('impact');
document.title = title;
setText("confirm", confirm);
let box = document.getElementById("certlist");
for (let x = 0; x < numberOfCerts; x++) {
--- a/security/manager/pki/resources/content/device_manager.js
+++ b/security/manager/pki/resources/content/device_manager.js
@@ -185,17 +185,17 @@ function enableButtons()
showModuleInfo();
} else if (selected_slot) {
// here's the workaround - login functions are all with token,
// so grab the token type
var selected_token = selected_slot.getToken();
if (selected_token != null) {
if (selected_token.needsLogin() || !(selected_token.needsUserInit)) {
pw_toggle = "false";
- if(selected_token.needsLogin()) {
+ if (selected_token.needsLogin()) {
if (selected_token.isLoggedIn()) {
logout_toggle = "false";
} else {
login_toggle = "false";
}
}
}
}
--- a/security/manager/pki/resources/content/exceptionDialog.js
+++ b/security/manager/pki/resources/content/exceptionDialog.js
@@ -99,17 +99,17 @@ function checkCert() {
gChecking = true;
gBroken = false;
updateCertStatus();
var uri = getURI();
var req = new XMLHttpRequest();
try {
- if(uri) {
+ if (uri) {
req.open('GET', uri.prePath, false);
req.channel.notificationCallbacks = new badCertListener();
req.send(null);
}
} catch (e) {
// We *expect* exceptions if there are problems with the certificate
// presented by the site. Log it, just in case, but we can proceed here,
// with appropriate sanity checks
--- a/security/manager/pki/resources/content/password.js
+++ b/security/manager/pki/resources/content/password.js
@@ -23,17 +23,17 @@ function doPrompt(msg)
function onLoad()
{
document.documentElement.getButton("accept").disabled = true;
pw1 = document.getElementById("pw1");
try {
params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
tokenName = params.GetString(1);
- } catch(exception) {
+ } catch (e) {
// this should not happen.
// previously we had self.name, but self.name was a bad idea
// as window name must be a subset of ascii, and the code was
// previously trying to assign unicode to the window's name.
// I checked all the places where we get a password prompt and
// all of them pass an argument as part of this patch.
tokenName = "";
}
--- a/security/manager/pki/resources/content/pippki.js
+++ b/security/manager/pki/resources/content/pippki.js
@@ -136,18 +136,17 @@ function exportToFile(parent, cert)
createInstance(Components.interfaces.nsILocalFile);
file.initWithPath(fp.file.path);
var fos = Components.classes["@mozilla.org/network/file-output-stream;1"].
createInstance(Components.interfaces.nsIFileOutputStream);
// flags: PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE
fos.init(file, 0x02 | 0x08 | 0x20, 0o0644, 0);
written = fos.write(content, content.length);
fos.close();
- }
- catch(e) {
+ } catch (e) {
switch (e.result) {
case Components.results.NS_ERROR_FILE_ACCESS_DENIED:
msg = bundle.getString("writeFileAccessDenied");
break;
case Components.results.NS_ERROR_FILE_IS_LOCKED:
msg = bundle.getString("writeFileIsLocked");
break;
case Components.results.NS_ERROR_FILE_NO_DEVICE_SPACE:
--- a/security/manager/pki/resources/content/resetpassword.js
+++ b/security/manager/pki/resources/content/resetpassword.js
@@ -38,18 +38,17 @@ function resetPassword()
if (pref.getBoolPref("wallet.crypto")) {
// data in wallet is encrypted, clear it
var wallet = Components.classes['@mozilla.org/wallet/wallet-service;1'];
if (wallet) {
wallet = wallet.getService(Components.interfaces.nsIWalletService);
wallet.WALLET_DeleteAll();
}
}
- }
- catch(e) {
+ } catch (e) {
// wallet.crypto pref is missing
}
}
var bundle = document.getElementById("pippki_bundle");
var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService();
promptService = promptService.QueryInterface(Components.interfaces.nsIPromptService);
if (promptService && bundle) {
--- a/security/manager/pki/resources/content/viewCertDetails.js
+++ b/security/manager/pki/resources/content/viewCertDetails.js
@@ -72,28 +72,20 @@ function setWindowName()
var certdb = Components.classes[nsX509CertDB].getService(nsIX509CertDB);
var myName = self.name;
bundle = document.getElementById("pippki_bundle");
var cert;
var certDetails = bundle.getString('certDetails');
if (myName != "") {
document.title = certDetails + '"' + myName + '"'; // XXX l10n?
- // Get the token
- // XXX ignore this for now. NSS will find the cert on a token
- // by "tokenname:certname", which is what we have.
- //var tokenName = "";
- //var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
- //var token = pk11db.findTokenByName(tokenName);
-
- //var cert = certdb.findCertByNickname(token, myName);
cert = certdb.findCertByNickname(myName);
} else {
var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
- var cert = params.objects.queryElementAt(0, nsIX509Cert);
+ cert = params.objects.queryElementAt(0, nsIX509Cert);
document.title = certDetails + '"' + cert.windowTitle + '"'; // XXX l10n?
}
//
// Set the cert attributes for viewing
//
// The chain of trust
--- a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -98,27 +98,23 @@ function onMessageReceived(event)
function postMsg(message)
{
opener.postMessage(message, "http://mochi.test:8888");
}
function finish()
{
- if (history.length == 1 && !bypassNavigationTest)
- {
- window.setTimeout(function()
- {
+ if (history.length == 1 && !bypassNavigationTest) {
+ window.setTimeout(() => {
window.location.assign(navigateToInsecure ?
"http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html" :
"https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html");
}, 0);
- }
- else
- {
+ } else {
postMsg("done");
window.close();
}
}
function ok(a, message)
{
if (!a) {
@@ -188,15 +184,19 @@ function isSecurityState(expectedState,
}
}
function waitForSecurityState(expectedState, callback)
{
var roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
var interval =
window.setInterval(function() {
- isSecurityState(expectedState, "", function(isok) {if (isok) {roundsLeft = 0;}});
+ isSecurityState(expectedState, "", isok => {
+ if (isok) {
+ roundsLeft = 0;
+ }
+ });
if (!roundsLeft--) {
window.clearInterval(interval);
callback();
}
}, 100);
}
--- a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -12,29 +12,25 @@
<script class="testbody" type="text/javascript">
hasMixedActiveContent = true;
function runTest()
{
isSecurityState("secure");
- window.setTimeout(function()
- {
- try
- {
+ window.setTimeout(() => {
+ try {
var req = new XMLHttpRequest();
req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
req.send(null);
// Change should be immediate, the request was sent synchronously
isSecurityState("broken", "security broken after insecure XHR");
- }
- catch (ex)
- {
+ } catch (ex) {
ok(false, ex);
}
finish();
}, 0);
}
function afterNavigationTest()
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
@@ -104,17 +104,17 @@
if (roundsLeft < 1) {
SimpleTest.finish();
}
}
// listen for calls back from the sts-setting iframe and then
// the verification frames.
window.addEventListener("message", onMessageReceived, false);
- window.addEventListener('load', function() {startRound('plain');}, false);
+ window.addEventListener("load", () => { startRound("plain"); }, false);
</script>
</head>
<body>
This test will load some iframes and do some tests.
</body>
</html>
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -28,59 +28,59 @@ const SEC_ERROR_BASE = Ci.nsINSSErrorsSe
const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
// This isn't really a valid PRErrorCode, but is useful for signalling that
// a test is expected to succeed.
const PRErrorCodeSuccess = 0;
// Sort in numerical order
-const SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8;
-const SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9;
-const SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10;
-const SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11;
-const SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12; // -8180
-const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13;
-const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20; // -8172
-const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21; // -8171
-const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30; // -8162
-const SEC_ERROR_CA_CERT_INVALID = SEC_ERROR_BASE + 36;
-const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = SEC_ERROR_BASE + 41;
-const SEC_ERROR_INADEQUATE_KEY_USAGE = SEC_ERROR_BASE + 90; // -8102
-const SEC_ERROR_INADEQUATE_CERT_TYPE = SEC_ERROR_BASE + 91; // -8101
-const SEC_ERROR_CERT_NOT_IN_NAME_SPACE = SEC_ERROR_BASE + 112; // -8080
-const SEC_ERROR_CERT_BAD_ACCESS_LOCATION = SEC_ERROR_BASE + 117; // -8075
+const SEC_ERROR_INVALID_TIME = SEC_ERROR_BASE + 8;
+const SEC_ERROR_BAD_DER = SEC_ERROR_BASE + 9;
+const SEC_ERROR_BAD_SIGNATURE = SEC_ERROR_BASE + 10;
+const SEC_ERROR_EXPIRED_CERTIFICATE = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CA_CERT_INVALID = SEC_ERROR_BASE + 36;
+const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION = SEC_ERROR_BASE + 41;
+const SEC_ERROR_INADEQUATE_KEY_USAGE = SEC_ERROR_BASE + 90;
+const SEC_ERROR_INADEQUATE_CERT_TYPE = SEC_ERROR_BASE + 91;
+const SEC_ERROR_CERT_NOT_IN_NAME_SPACE = SEC_ERROR_BASE + 112;
+const SEC_ERROR_CERT_BAD_ACCESS_LOCATION = SEC_ERROR_BASE + 117;
const SEC_ERROR_OCSP_MALFORMED_REQUEST = SEC_ERROR_BASE + 120;
-const SEC_ERROR_OCSP_SERVER_ERROR = SEC_ERROR_BASE + 121; // -8071
+const SEC_ERROR_OCSP_SERVER_ERROR = SEC_ERROR_BASE + 121;
const SEC_ERROR_OCSP_TRY_SERVER_LATER = SEC_ERROR_BASE + 122;
const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG = SEC_ERROR_BASE + 123;
const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST = SEC_ERROR_BASE + 124;
-const SEC_ERROR_OCSP_UNKNOWN_CERT = SEC_ERROR_BASE + 126; // -8066
+const SEC_ERROR_OCSP_UNKNOWN_CERT = SEC_ERROR_BASE + 126;
const SEC_ERROR_OCSP_MALFORMED_RESPONSE = SEC_ERROR_BASE + 129;
const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE = SEC_ERROR_BASE + 130;
const SEC_ERROR_OCSP_OLD_RESPONSE = SEC_ERROR_BASE + 132;
-const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = SEC_ERROR_BASE + 141; // -8051
+const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE = SEC_ERROR_BASE + 141;
const SEC_ERROR_OCSP_INVALID_SIGNING_CERT = SEC_ERROR_BASE + 144;
-const SEC_ERROR_POLICY_VALIDATION_FAILED = SEC_ERROR_BASE + 160; // -8032
+const SEC_ERROR_POLICY_VALIDATION_FAILED = SEC_ERROR_BASE + 160;
const SEC_ERROR_OCSP_BAD_SIGNATURE = SEC_ERROR_BASE + 157;
const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED = SEC_ERROR_BASE + 176;
-const SSL_ERROR_NO_CYPHER_OVERLAP = SSL_ERROR_BASE + 2;
-const SSL_ERROR_BAD_CERT_DOMAIN = SSL_ERROR_BASE + 12;
-const SSL_ERROR_BAD_CERT_ALERT = SSL_ERROR_BASE + 17;
+const SSL_ERROR_NO_CYPHER_OVERLAP = SSL_ERROR_BASE + 2;
+const SSL_ERROR_BAD_CERT_DOMAIN = SSL_ERROR_BASE + 12;
+const SSL_ERROR_BAD_CERT_ALERT = SSL_ERROR_BASE + 17;
const SSL_ERROR_WEAK_SERVER_CERT_KEY = SSL_ERROR_BASE + 132;
-const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE = MOZILLA_PKIX_ERROR_BASE + 0;
-const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY = MOZILLA_PKIX_ERROR_BASE + 1;
-const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE = MOZILLA_PKIX_ERROR_BASE + 2; // -16382
-const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA = MOZILLA_PKIX_ERROR_BASE + 3;
-const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 5;
+const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE = MOZILLA_PKIX_ERROR_BASE + 0;
+const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY = MOZILLA_PKIX_ERROR_BASE + 1;
+const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE = MOZILLA_PKIX_ERROR_BASE + 2;
+const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA = MOZILLA_PKIX_ERROR_BASE + 3;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 5;
const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 6;
-const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE + 8;
-const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING = MOZILLA_PKIX_ERROR_BASE + 10;
+const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE + 8;
+const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING = MOZILLA_PKIX_ERROR_BASE + 10;
// Supported Certificate Usages
const certificateUsageSSLClient = 0x0001;
const certificateUsageSSLServer = 0x0002;
const certificateUsageSSLCA = 0x0008;
const certificateUsageEmailSigner = 0x0010;
const certificateUsageEmailRecipient = 0x0020;
const certificateUsageObjectSigner = 0x0040;
@@ -191,17 +191,17 @@ function checkEVStatus(certDB, cert, usa
function _getLibraryFunctionWithNoArguments(functionName, libraryName) {
// Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js
let path = ctypes.libraryName(libraryName);
// XXX really want to be able to pass specific dlopen flags here.
let nsslib;
try {
nsslib = ctypes.open(path);
- } catch(e) {
+ } catch (e) {
// In case opening the library without a full path fails,
// try again with a full path.
let file = Services.dirsvc.get("GreBinD", Ci.nsILocalFile);
file.append(path);
nsslib = ctypes.open(file.path);
}
let SECStatus = ctypes.int;
@@ -477,22 +477,22 @@ function _setupTLSServerTest(serverBinNa
}
// Returns an Array of OCSP responses for a given ocspRespArray and a location
// for a nssDB where the certs and public keys are prepopulated.
// ocspRespArray is an array of arrays like:
// [ [typeOfResponse, certnick, extracertnick]...]
function generateOCSPResponses(ocspRespArray, nssDBlocation)
{
- let utilBinName = "GenerateOCSPResponse";
+ let utilBinName = "GenerateOCSPResponse";
let ocspGenBin = _getBinaryUtil(utilBinName);
- let retArray = new Array();
+ let retArray = [];
for (let i = 0; i < ocspRespArray.length; i++) {
- let argArray = new Array();
+ let argArray = [];
let ocspFilepre = do_get_file(i.toString() + ".ocsp", true);
let filename = ocspFilepre.path;
// Using "sql:" causes the SQL DB to be used so we can run tests on Android.
argArray.push("sql:" + nssDBlocation);
argArray.push(ocspRespArray[i][0]); // ocsRespType;
argArray.push(ocspRespArray[i][1]); // nick;
argArray.push(ocspRespArray[i][2]); // extranickname
argArray.push(filename);
--- a/security/manager/ssl/tests/unit/test_cert_overrides.js
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -13,32 +13,32 @@
do_get_profile();
function check_telemetry() {
let histogram = Cc["@mozilla.org/base/telemetry;1"]
.getService(Ci.nsITelemetry)
.getHistogramById("SSL_CERT_ERROR_OVERRIDES")
.snapshot();
- equal(histogram.counts[ 0], 0, "Should have 0 unclassified counts");
- equal(histogram.counts[ 2], 8,
+ equal(histogram.counts[0], 0, "Should have 0 unclassified counts");
+ equal(histogram.counts[2], 8,
"Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
- equal(histogram.counts[ 3], 1,
+ equal(histogram.counts[3], 1,
"Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match");
- equal(histogram.counts[ 4], 0,
+ equal(histogram.counts[4], 0,
"Actual and expected SEC_ERROR_UNTRUSTED_ISSUER counts should match");
- equal(histogram.counts[ 5], 1,
+ equal(histogram.counts[5], 1,
"Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE counts should match");
- equal(histogram.counts[ 6], 0,
+ equal(histogram.counts[6], 0,
"Actual and expected SEC_ERROR_UNTRUSTED_CERT counts should match");
- equal(histogram.counts[ 7], 0,
+ equal(histogram.counts[7], 0,
"Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE counts should match");
- equal(histogram.counts[ 8], 2,
+ equal(histogram.counts[8], 2,
"Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED counts should match");
- equal(histogram.counts[ 9], 10,
+ equal(histogram.counts[9], 10,
"Actual and expected SSL_ERROR_BAD_CERT_DOMAIN counts should match");
equal(histogram.counts[10], 5,
"Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE counts should match");
equal(histogram.counts[11], 2,
"Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY counts should match");
equal(histogram.counts[12], 1,
"Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA counts should match");
equal(histogram.counts[13], 0,
--- a/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
+++ b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
@@ -13,19 +13,19 @@ const certDB = Cc["@mozilla.org/security
function excMessage(e) {
if (e.message) {
let msg = e.message;
if (e.data) {
msg = msg + ": " + e.data;
}
return msg;
- } else {
- return e.toString();
}
+
+ return e.toString();
}
function testGood(data) {
try {
let cert = certDB.constructX509FromBase64(data.cert);
equal(cert.commonName, data.cn,
"Actual and expected commonName should match");
} catch (e) {
--- a/security/manager/ssl/tests/unit/test_getchain.js
+++ b/security/manager/ssl/tests/unit/test_getchain.js
@@ -14,17 +14,17 @@ var certList = [
'ca-1',
'ca-2',
];
// Since all the ca's are identical expect for the serial number
// I have to grab them by enumerating all the certs and then finding
// the ones that I am interested in.
function get_ca_array() {
- let ret_array = new Array();
+ let ret_array = [];
let allCerts = certdb.getCerts();
let enumerator = allCerts.getEnumerator();
while (enumerator.hasMoreElements()) {
let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
if (cert.commonName == 'ca') {
ret_array[parseInt(cert.serialNumber, 16)] = cert;
}
}
--- a/security/manager/ssl/tests/unit/test_pinning_dynamic.js
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic.js
@@ -15,17 +15,17 @@ var profileDir = do_get_profile();
var certdb;
function certFromFile(cert_name) {
return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
}
function loadCert(cert_name, trust_string) {
let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
- addCertFromFile(certdb, cert_filename, trust_string);
+ addCertFromFile(certdb, cert_filename, trust_string);
return constructCertFromFile(cert_filename);
}
function checkOK(cert, hostname) {
return checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
certificateUsageSSLServer, {}, hostname);
}
--- a/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
+++ b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
@@ -12,17 +12,17 @@ var gSSService = Cc["@mozilla.org/ssserv
.getService(Ci.nsISiteSecurityService);
function certFromFile(cert_name) {
return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
}
function loadCert(cert_name, trust_string) {
let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
- addCertFromFile(certdb, cert_filename, trust_string);
+ addCertFromFile(certdb, cert_filename, trust_string);
return constructCertFromFile(cert_filename);
}
function checkFailParseInvalidPin(pinValue) {
let sslStatus = new FakeSSLStatus(
certFromFile('cn-a.pinning2.example.com-pinningroot'));
let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
throws(() => {
--- a/security/manager/ssl/tests/unit/test_signed_apps.js
+++ b/security/manager/ssl/tests/unit/test_signed_apps.js
@@ -67,17 +67,17 @@ function tamper(inFilePath, outFilePath,
}
}
} finally {
reader.close();
}
// Any leftover modification means that we were expecting to modify an entry
// in the input file that wasn't there.
- for(var name in modifications) {
+ for (let name in modifications) {
if (modifications.hasOwnProperty(name)) {
throw "input file was missing expected entries: " + name;
}
}
// Now, append any new entries to the end
newEntries.forEach(function(newEntry) {
var sis = Cc["@mozilla.org/io/string-input-stream;1"]
--- a/security/manager/ssl/tests/unit/test_signed_dir.js
+++ b/security/manager/ssl/tests/unit/test_signed_dir.js
@@ -18,35 +18,35 @@ gTarget.createUnique(Ci.nsIFile.DIRECTOR
function prepare(tamper) {
ZipUtils.extractFiles(gSignedXPI, gTarget);
// copy files
if (tamper.copy) {
tamper.copy.forEach(i => {
let f = gTarget.clone();
- i[0].split('/').forEach(seg => {f.append(seg);});
+ i[0].split("/").forEach(seg => { f.append(seg); });
f.copyTo(null, i[1]);
});
}
// delete files
if (tamper.delete) {
tamper.delete.forEach(i => {
let f = gTarget.clone();
- i.split('/').forEach(seg => {f.append(seg);});
+ i.split("/").forEach(seg => { f.append(seg); });
f.remove(true);
});
}
// corrupt files
if (tamper.corrupt) {
tamper.corrupt.forEach(i => {
let f = gTarget.clone();
- i.split('/').forEach(seg => {f.append(seg);});
+ i.split("/").forEach(seg => { f.append(seg); });
let s = FileUtils.openFileOutputStream(f, FileUtils.MODE_WRONLY);
const str = "Kilroy was here";
s.write(str, str.length);
s.close();
});
}
return gTarget;
--- a/security/manager/tools/genHPKPStaticPins.js
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -233,17 +233,17 @@ function downloadAndParseChromeCerts(fil
let chromeNameToHash = {};
let chromeNameToMozName = {};
let chromeName;
for (let line of lines) {
// Skip comments and newlines.
if (line.length == 0 || line[0] == '#') {
continue;
}
- switch(state) {
+ switch (state) {
case PRE_NAME:
chromeName = line;
state = POST_NAME;
break;
case POST_NAME:
if (line.startsWith(SHA256_PREFIX)) {
hash = line.substring(SHA256_PREFIX.length);
chromeNameToHash[chromeName] = hash;
--- a/security/manager/tools/getHSTSPreloadList.js
+++ b/security/manager/tools/getHSTSPreloadList.js
@@ -3,16 +3,18 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
// How to run this file:
// 1. [obtain firefox source code]
// 2. [build/obtain firefox binaries]
// 3. run `[path to]/run-mozilla.sh [path to]/xpcshell \
// [path to]/getHSTSPreloadlist.js \
// [absolute path to]/nsSTSPreloadlist.inc'
+// Note: Running this file outputs a new nsSTSPreloadlist.inc in the current
+// working directory.
var Cc = Components.classes;
var Ci = Components.interfaces;
var Cu = Components.utils;
var Cr = Components.results;
Cu.import("resource://gre/modules/Services.jsm");
Cu.import("resource://gre/modules/FileUtils.jsm");
@@ -123,23 +125,20 @@ function processStsHeader(host, header,
uri, header, sslStatus, 0, maxAge,
includeSubdomains);
}
catch (e) {
dump("ERROR: could not process header '" + header + "' from " +
host.name + ": " + e + "\n");
error = e;
}
- }
- else {
- if (status == 0) {
- error = ERROR_CONNECTING_TO_HOST;
- } else {
- error = ERROR_NO_HSTS_HEADER;
- }
+ } else if (status == 0) {
+ error = ERROR_CONNECTING_TO_HOST;
+ } else {
+ error = ERROR_NO_HSTS_HEADER;
}
let forceInclude = (host.forceInclude || host.pins == "google");
if (error == ERROR_NONE && maxAge.value < MINIMUM_REQUIRED_MAX_AGE) {
error = ERROR_MAX_AGE_TOO_LOW;
}
@@ -199,17 +198,23 @@ function getHSTSStatus(host, resultList)
req.send();
}
catch (e) {
dump("ERROR: exception making request to " + host.name + ": " + e + "\n");
}
}
function compareHSTSStatus(a, b) {
- return (a.name > b.name ? 1 : (a.name < b.name ? -1 : 0));
+ if (a.name > b.name) {
+ return 1;
+ }
+ if (a.name < b.name) {
+ return -1;
+ }
+ return 0;
}
function writeTo(string, fos) {
fos.write(string, string.length);
}
// Determines and returns a string representing a declaration of when this
// preload list should no longer be used.
@@ -289,34 +294,34 @@ function shouldRetry(response) {
response.error != ERROR_MAX_AGE_TOO_LOW &&
response.error != ERROR_NONE && response.retries > 0);
}
function getHSTSStatuses(inHosts, outStatuses) {
var expectedOutputLength = inHosts.length;
var tmpOutput = [];
for (var i = 0; i < MAX_CONCURRENT_REQUESTS && inHosts.length > 0; i++) {
- var host = inHosts.shift();
+ let host = inHosts.shift();
dump("spinning off request to '" + host.name + "' (remaining retries: " +
host.retries + ")\n");
getHSTSStatus(host, tmpOutput);
}
while (outStatuses.length != expectedOutputLength) {
waitForAResponse(tmpOutput);
var response = tmpOutput.shift();
dump("request to '" + response.name + "' finished\n");
if (shouldRetry(response)) {
inHosts.push(response);
} else {
outStatuses.push(response);
}
if (inHosts.length > 0) {
- var host = inHosts.shift();
+ let host = inHosts.shift();
dump("spinning off request to '" + host.name + "' (remaining retries: " +
host.retries + ")\n");
getHSTSStatus(host, tmpOutput);
}
}
}
// Since all events are processed on the main thread, and since event