new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/.eslintrc.json
@@ -0,0 +1,6 @@
+{
+ "rules": {
+ // Disallow non-top level |var| declarations.
+ "mozilla/var-only-at-top-level": 2
+ }
+}
--- a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -140,39 +140,36 @@ function is(a, b, message)
}
function isSecurityState(expectedState, message, test)
{
if (!test) {
test = ok;
}
- // Quit nasty but working :)
- var ui = SpecialPowers.wrap(window)
+ let ui = SpecialPowers.wrap(window)
.QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor)
.getInterface(SpecialPowers.Ci.nsIWebNavigation)
.QueryInterface(SpecialPowers.Ci.nsIDocShell)
.securityUI;
- var isInsecure = !ui ||
+ let isInsecure = !ui ||
(ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE);
- var isBroken = ui &&
+ let isBroken = ui &&
(ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN);
- var isEV = ui &&
+ let isEV = ui &&
(ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
- var gotState;
+ let gotState = "secure";
if (isInsecure) {
gotState = "insecure";
} else if (isBroken) {
gotState = "broken";
} else if (isEV) {
gotState = "EV";
- } else {
- gotState = "secure";
}
test(gotState == expectedState, (message || "") + ", " + "expected " + expectedState + " got " + gotState);
switch (expectedState) {
case "insecure":
test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || ""));
break;
@@ -187,19 +184,18 @@ function isSecurityState(expectedState,
break;
default:
throw new Error("Invalid isSecurityState state");
}
}
function waitForSecurityState(expectedState, callback)
{
- var roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
- var interval =
- window.setInterval(function() {
+ let roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
+ let interval = window.setInterval(() => {
isSecurityState(expectedState, "", isok => {
if (isok) {
roundsLeft = 0;
}
});
if (!roundsLeft--) {
window.clearInterval(interval);
callback();
--- a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
@@ -11,17 +11,17 @@
"use strict";
hasMixedActiveContent = true;
function runTest()
{
isSecurityState("secure");
window.setTimeout(function () {
- var newElement = document.createElement("script");
+ let newElement = document.createElement("script");
newElement.src = "http://example.org/tests/security/manager/ssl/tests/" +
"mochitest/mixedcontent/bug329869.js";
document.body.appendChild(newElement);
}, 0);
}
function afterNavigationTest()
{
--- a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
@@ -13,45 +13,47 @@
"use strict";
// We want to start this test from an insecure context
loadAsInsecure = true;
// We don't want to go through the navigation back/forward test
bypassNavigationTest = true;
function runTest() {
- var script = SpecialPowers.loadChromeScript(function() {
+ let script = SpecialPowers.loadChromeScript(function() {
const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
// Force download to be w/o user assistance for our testing mime type
const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
- var handlerInfo = mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+ let handlerInfo =
+ mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
handlerInfo.preferredAction = Ci.nsIHandlerInfo.saveToDisk;
handlerInfo.alwaysAskBeforeHandling = false;
handlerInfo.preferredApplicationHandler = null;
const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
.getService(Ci.nsIHandlerService);
handlerSvc.store(handlerInfo);
- var dirProvider = Cc["@mozilla.org/file/directory_service;1"]
+ let dirProvider = Cc["@mozilla.org/file/directory_service;1"]
.getService(Ci.nsIProperties);
- var profileDir = dirProvider.get("ProfDS", Ci.nsIFile);
+ let profileDir = dirProvider.get("ProfDS", Ci.nsIFile);
profileDir.append("downloads");
- var prefs = Cc["@mozilla.org/preferences-service;1"]
+ let prefs = Cc["@mozilla.org/preferences-service;1"]
.getService(Ci.nsIPrefService);
- prefs = prefs.getBranch("browser.download.");
+ let prefBranch = prefs.getBranch("browser.download.");
- prefs.setCharPref("dir", profileDir.path);
- prefs.setBoolPref("useDownloadDir", true);
- prefs.setIntPref("folderList", 2);
- prefs.setBoolPref("manager.closeWhenDone", true);
- prefs.setBoolPref("manager.showWhenStarting", false);
+ prefBranch.setCharPref("dir", profileDir.path);
+ prefBranch.setBoolPref("useDownloadDir", true);
+ prefBranch.setIntPref("folderList", 2);
+ prefBranch.setBoolPref("manager.closeWhenDone", true);
+ prefBranch.setBoolPref("manager.showWhenStarting", false);
- var Downloads = Cu.import("resource://gre/modules/Downloads.jsm").Downloads;
+ const { Downloads } =
+ Cu.import("resource://gre/modules/Downloads.jsm", {});
Downloads.getList(Downloads.PUBLIC).then(list => {
list.addView({
onDownloadAdded: function (aDownload) {
list.removeView(this);
aDownload.whenSucceeded().then(() => {
list.removeFinished();
sendAsyncMessage("navigate", "bug383369step2.html");
});
@@ -66,31 +68,32 @@
}
function afterNavigationTest() {}
testCleanUp = function cleanup() {
SpecialPowers.loadChromeScript(function() {
const { classes: Cc, interfaces: Ci } = Components;
const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
- var handlerInfo = mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+ let handlerInfo =
+ mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
.getService(Ci.nsIHandlerService);
handlerSvc.remove(handlerInfo);
- var prefs = Cc["@mozilla.org/preferences-service;1"]
+ let prefs = Cc["@mozilla.org/preferences-service;1"]
.getService(Ci.nsIPrefService);
- prefs = prefs.getBranch("browser.download.");
+ let prefBranch = prefs.getBranch("browser.download.");
- var prefKeys = ["dir", "useDownloadDir", "folderList",
- "manager.closeWhenDone", "manager.showWhenStarting"];
+ const prefKeys = ["dir", "useDownloadDir", "folderList",
+ "manager.closeWhenDone", "manager.showWhenStarting"];
for (let prefKey of prefKeys) {
- if (prefs.prefHasUserValue(prefKey)) {
- prefs.clearUserPref(prefKey);
+ if (prefBranch.prefHasUserValue(prefKey)) {
+ prefBranch.clearUserPref(prefKey);
}
}
});
};
</script>
</head>
--- a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
@@ -16,17 +16,17 @@
SimpleTest.expectAssertions(0, 4);
// Clear the default onload assigned to test start because we must
// wait for replaced image to load and only after that test the security state
var onLoadFunction = window.onload;
window.onload = function()
{
- var img1 = document.getElementById("img1");
+ let img1 = document.getElementById("img1");
img1.addEventListener("load", onLoadFunction, false);
img1.src = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
};
function runTest()
{
isSecurityState("secure", "secure");
finish();
--- a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -16,17 +16,17 @@
hasMixedActiveContent = true;
function runTest()
{
isSecurityState("secure");
window.setTimeout(() => {
try {
- var req = new XMLHttpRequest();
+ let req = new XMLHttpRequest();
req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
req.send(null);
// Change should be immediate, the request was sent synchronously
isSecurityState("broken", "security broken after insecure XHR");
} catch (ex) {
ok(false, ex);
}
--- a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
@@ -14,18 +14,18 @@
/* import-globals-from mixedContentTest.js */
"use strict";
hasMixedActiveContent = true;
function runTest()
{
isSecurityState("secure");
- var self = window;
- var iframe = document.getElementById("iframe1");
+ let self = window;
+ let iframe = document.getElementById("iframe1");
iframe.onload = function() {
self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
self.finish();
};
iframe.src =
"https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs";
}
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
@@ -31,17 +31,17 @@
{'url': "http://example.org" + STSPATH + "/verify.sjs",
'expected': {'plain': 'INSECURE', 'subdom': 'INSECURE'}},
'alreadysecure':
{'url': "https://test2.example.com" + STSPATH + "/verify.sjs",
'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
};
function startRound(round) {
- var frame = document.createElement("iframe");
+ let frame = document.createElement("iframe");
frame.setAttribute('id', 'ifr_bootstrap');
frame.setAttribute('src', "https://example.com" + STSPATH + "/" + round + "_bootstrap.html");
document.body.appendChild(frame);
}
function endRound(round) {
// remove all the iframes in the document
document.body.removeChild(document.getElementById('ifr_bootstrap'));
@@ -49,40 +49,38 @@
document.body.removeChild(document.getElementById('ifr_' + test));
}
// clean up the STS state
SpecialPowers.cleanUpSTSData("http://example.com");
}
function loadVerifyFrames(round) {
- for (var test in testframes) {
- var frame = document.createElement("iframe");
+ for (let test in testframes) {
+ let frame = document.createElement("iframe");
frame.setAttribute('id', 'ifr_' + test);
frame.setAttribute('src', testframes[test].url + '?id=' + test);
document.body.appendChild(frame);
}
}
/* Messages received are in this format:
* (BOOTSTRAP|SECURE|INSECURE) testid
* For example: "BOOTSTRAP plain"
* or: "INSECURE otherdom"
*/
function onMessageReceived(event) {
-
- // otherwise, it's a test result
- var result = event.data.split(/\s+/);
+ let result = event.data.split(/\s+/);
if (result.length != 2) {
SimpleTest.ok(false, event.data);
return;
}
// figure out which round of tests we're in
- var round = (roundsLeft == 2) ? 'plain' : 'subdom';
+ let round = (roundsLeft == 2) ? "plain" : "subdom";
if (result[0] === "BOOTSTRAP") {
loadVerifyFrames(round);
return;
}
// check if the result (SECURE/INSECURE) is expected for this round/test combo
SimpleTest.is(result[0], testframes[result[1]].expected[round],
--- a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
@@ -8,16 +8,18 @@
<title>opens additional content that should be converted to https</title>
<script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css"
href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
<script class="testbody" type="text/javascript">
"use strict";
+ // We define |content| as a global as a hack to prevent use of |content|
+ // inside a ContentTask tripping ESLint no-undef checks.
/* global content */
SimpleTest.waitForExplicitFinish();
const Cc = Components.classes;
const Ci = Components.interfaces;
const Cu = Components.utils;
const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
@@ -69,17 +71,17 @@
if (aWindow == aSubject) {
SpecialPowers.Services.obs.removeObserver(observer, aTopic);
SimpleTest.executeSoon(aCallback);
}
}, "browser-delayed-startup-finished", false);
}
function testOnWindow(aIsPrivate, aCallback) {
- var win = mainWindow.OpenBrowserWindow({private: aIsPrivate});
+ let win = mainWindow.OpenBrowserWindow({private: aIsPrivate});
Task.spawn(function* () {
yield new Promise(resolve => whenDelayedStartupFinished(win, resolve));
let browser = win.gBrowser.selectedBrowser;
yield BrowserTestUtils.loadURI(browser, CONTENT_PAGE);
yield BrowserTestUtils.browserLoaded(browser);
@@ -151,18 +153,17 @@
/**
* Messages received are in this format:
* (BOOTSTRAP|SECURE|INSECURE) testid
* For example: "BOOTSTRAP subdom"
* or: "INSECURE otherdom"
*/
function onMessageReceived(win, isPrivate, data) {
- // otherwise, it's a test result
- var result = data.split(/\s+/);
+ let result = data.split(/\s+/);
if (result.length != 2) {
SimpleTest.ok(false, data);
return;
}
if (result[0] === "BOOTSTRAP") {
loadVerifyFrames(win, isPrivate, currentround);
return;
@@ -231,19 +232,18 @@
// erase all signs that this test ran.
SimpleTest.info("Cleaning up STS data");
let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
SpecialPowers.cleanUpSTSData("http://example.com", flags);
dump_STSState(isPrivate);
}
function dump_STSState(isPrivate) {
- var sss =
- Cc["@mozilla.org/ssservice;1"].
- getService(Ci.nsISiteSecurityService);
+ let sss = Cc["@mozilla.org/ssservice;1"]
+ .getService(Ci.nsISiteSecurityService);
let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
SimpleTest.info("State of example.com: " + sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "example.com", flags));
}
// These are executed in the order presented.
// 0. test that STS works before entering private browsing mode.
// (load sts-bootstrapped "plain" tests)
// ... clear any STS data ...
--- a/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
+++ b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
@@ -1,13 +1,13 @@
/* import-globals-from head_psm.js */
"use strict";
function run_test() {
- var SSService = Cc["@mozilla.org/ssservice;1"]
+ let SSService = Cc["@mozilla.org/ssservice;1"]
.getService(Ci.nsISiteSecurityService);
ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"expired.example.com", 0));
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"notexpired.example.com", 0));
ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"bugzilla.mozilla.org", 0));
--- a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
+++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
@@ -12,25 +12,22 @@ do_get_profile();
var certDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
function load_cert(cert, trust) {
let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem";
addCertFromFile(certDB, file, trust);
}
-function getDERString(cert)
-{
- var length = {};
- var cert_der = cert.getRawDER(length);
- var cert_der_string = '';
- for (var i = 0; i < cert_der.length; i++) {
- cert_der_string += String.fromCharCode(cert_der[i]);
+function getDERString(cert) {
+ let derString = "";
+ for (let rawByte of cert.getRawDER({})) {
+ derString += String.fromCharCode(rawByte);
}
- return cert_der_string;
+ return derString;
}
function run_test() {
load_cert("ca", "CTu,CTu,CTu");
load_cert("int-limited-depth", "CTu,CTu,CTu");
let file = "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem";
let cert_pem = readFile(do_get_file(file));
let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem));
--- a/security/manager/ssl/tests/unit/test_cert_blocklist.js
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@@ -192,19 +192,19 @@ function check_revocations_txt_contents(
ok(revocations.exists(), "the revocations file should exist");
let inputStream = Cc["@mozilla.org/network/file-input-stream;1"]
.createInstance(Ci.nsIFileInputStream);
inputStream.init(revocations, -1, -1, 0);
inputStream.QueryInterface(Ci.nsILineInputStream);
let contents = "";
let hasmore = false;
do {
- var line = {};
+ let line = {};
hasmore = inputStream.readLine(line);
- contents = contents + (contents.length == 0 ? "" : "\n") + line.value;
+ contents += (contents.length == 0 ? "" : "\n") + line.value;
} while (hasmore);
equal(contents, expected, "revocations.txt should be as expected");
}
function run_test() {
// import the certificates we need
load_cert("test-ca", "CTu,CTu,CTu");
load_cert("test-int", ",,");
--- a/security/manager/ssl/tests/unit/test_datasignatureverifier.js
+++ b/security/manager/ssl/tests/unit/test_datasignatureverifier.js
@@ -1,33 +1,33 @@
"use strict";
-var keys = [
+const keys = [
// RSA key
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK426erD/H3XtsjvaB5+PJqbhj" +
"Zc9EDI5OCJS8R3FIObJ9ZHJK1TXeaE7JWqt9WUmBWTEFvwS+FI9vWu8058N9CHhD" +
"NyeP6i4LuUYjTURnn7Yw/IgzyIJ2oKsYa32RuxAyteqAWqPT/J63wBixIeCxmysf" +
"awB/zH4KaPiY3vnrzQIDAQAB",
// RSA key
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHe69VsjNCwnGF9YGZLgnobp3D" +
"c1KgWzpbT+f12vVKkV3YBpA9KMVMy6wpxlDjvLJjfp/0HvaH7aaz/7kgxZw70Y60" +
"LaJtkAcl1ZVAxS2lQKRTAzZ0RhoTSI1xVqGTjiQakgVdUeghtnqqwp5o1inZv3Qh" +
"nUOMNPyAV8zGt+ZQHQIDAQAB",
// Invalid key data ("foobar" base 64 encoded)
"Zm9vYmFy"
];
-var data = [
+const data = [
"Test data for data signature verifier",
"The quick brown fox jumps over the lazy dog..."
];
-var signatures = [
+const signatures = [
// Key 0, Data 0, MD2 hash algorithm
"MIGTMA0GCSqGSIb3DQEBAgUAA4GBALe3hO76UCpI8b1/oJUCIPmC6AbnMAMlAqo7" +
"pc3TaWmU9wISWmXSrwNmr/QQNjWDn4nzQn8/K/Ac+tszaXib6fVLKA1a6e+/E0qE" +
"OIKFwUiDWCkGDgxM8aYiTgoSZub/5rokgse+ivuCRSVTv9mSxRzKwj+Cvp1EjKCT" +
"iIl3nnTh",
// Key 0, Data 0, MD5 hash algorithm
"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAGGb2QkA8LcA+QZj1SoVFmMpVTd9P5Ac0Rjb" +
@@ -118,17 +118,17 @@ var signatures = [
"OMM7P2d/jgOP+ICKIpxqaSE0CbkLiegUiidIOWvFqDxQJWlAAukDUWISGFfJMFxX" +
"3jzJ0bBfeNY/1Qo8jMQopcNco/NlNgoSKAUOBtk31aFgNoVC3kWUk6pO97KEiJ+e" +
"bQp9Z2/M",
// Invalid signature data ("foobar" base 64 encoded)
"Zm9vYmFy"
];
-var tests = [
+const tests = [
// Data Signature Key Expected Throws
// Pass cases
[0, 0, 0, true, false], //0
[0, 1, 0, true, false], //1
[0, 2, 0, true, false], //2
[0, 3, 0, true, false], //3
[0, 4, 0, true, false], //4
[0, 5, 0, true, false], //5
@@ -167,27 +167,27 @@ var tests = [
// Invalid data cases
[0, 0, 2, false, true], //36
[0, 1, 2, false, true], //37
[0, 16, 0, false, true], //38
[1, 16, 0, false, true], //39
];
function run_test() {
- var verifier = Cc["@mozilla.org/security/datasignatureverifier;1"].
- createInstance(Ci.nsIDataSignatureVerifier);
+ let verifier = Cc["@mozilla.org/security/datasignatureverifier;1"]
+ .createInstance(Ci.nsIDataSignatureVerifier);
- for (var t = 0; t < tests.length; t++) {
- let testShouldThrow = tests[t][4];
- try {
- var result = verifier.verifyData(data[tests[t][0]],
- signatures[tests[t][1]],
- keys[tests[t][2]]);
- ok(!testShouldThrow,
- `Test ${t} should reach here only if not expected to throw`);
- equal(result, tests[t][3],
- `Actual and expected result should match for test ${t}`);
- }
- catch (e) {
- ok(testShouldThrow, `Test ${t} should throw only if expected to: ${e}`);
+ for (let testCase of tests) {
+ let testShouldThrow = testCase[4];
+ if (testShouldThrow) {
+ throws(() => {
+ verifier.verifyData(data[testCase[0]], signatures[testCase[1]],
+ keys[testCase[2]]);
+ }, /NS_ERROR_FAILURE/, `Test "${testCase}" should throw`);
+ } else {
+ let result = verifier.verifyData(data[testCase[0]],
+ signatures[testCase[1]],
+ keys[testCase[2]]);
+ equal(result, testCase[3],
+ `Actual and expected result should match for test "${testCase}"`);
}
}
}
--- a/security/manager/ssl/tests/unit/test_ev_certs.js
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -23,18 +23,17 @@ var certList = [
// but that contains a valid CRLDP.
// Testing a root that looks like EV but is not EV enabled
'int-non-ev-root',
'non-ev-root',
];
function load_ca(ca_name) {
- var ca_filename = ca_name + ".pem";
- addCertFromFile(certdb, "test_ev_certs/" + ca_filename, 'CTu,CTu,CTu');
+ addCertFromFile(certdb, `test_ev_certs/${ca_name}.pem`, "CTu,CTu,CTu");
}
const SERVER_PORT = 8888;
function failingOCSPResponder() {
return getFailingHttpServer(SERVER_PORT,
["www.example.com", "crl.example.com"]);
}
--- a/security/manager/ssl/tests/unit/test_hash_algorithms.js
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms.js
@@ -1,23 +1,15 @@
"use strict";
-var ScriptableUnicodeConverter =
- Components.Constructor("@mozilla.org/intl/scriptableunicodeconverter",
- "nsIScriptableUnicodeConverter");
-var CryptoHash =
- Components.Constructor("@mozilla.org/security/hash;1",
- "nsICryptoHash",
- "initWithString");
-
-var messages = [
+const messages = [
"The quick brown fox jumps over the lazy dog",
""
];
-var hashes = {
+const hashes = {
md2: [
"03d85a0d629d2c442e987525319fc471",
"8350e5a3e24c153df2275c9f80692773"
],
md5: [
"9e107d9d372bb6826bd81d3542a419d6",
"d41d8cd98f00b204e9800998ecf8427e"
],
@@ -44,42 +36,43 @@ function hexdigest(data) {
//
// Therefore, if the Unicode value is < 10, we have a single-character hex
// string when we want one that's two characters, and unconditionally
// prepending a "0" solves the problem.
return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join("");
}
function doHash(algo, value, cmp) {
- var converter = new ScriptableUnicodeConverter();
- var hash = new CryptoHash(algo);
+ let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+ hash.initWithString(algo);
+ let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+ .createInstance(Ci.nsIScriptableUnicodeConverter);
converter.charset = 'utf8';
value = converter.convertToByteArray(value);
hash.update(value, value.length);
- var hash1 = hexdigest(hash.finish(false));
- equal(hash1, cmp,
+ equal(hexdigest(hash.finish(false)), cmp,
`Actual and expected hash for ${algo} should match`);
hash.initWithString(algo);
hash.update(value, value.length);
- var hash2 = hexdigest(hash.finish(false));
- equal(hash2, cmp,
+ equal(hexdigest(hash.finish(false)), cmp,
`Actual and expected hash for ${algo} should match after re-init`);
}
function doHashStream(algo, value, cmp) {
- var converter = new ScriptableUnicodeConverter();
- var hash = new CryptoHash(algo);
+ let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+ hash.initWithString(algo);
+ let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+ .createInstance(Ci.nsIScriptableUnicodeConverter);
converter.charset = 'utf8';
- var stream = converter.convertToInputStream(value);
+ let stream = converter.convertToInputStream(value);
hash.updateFromStream(stream, stream.available());
- hash = hexdigest(hash.finish(false));
- equal(hash, cmp,
+ equal(hexdigest(hash.finish(false)), cmp,
`Actual and expected hash for ${algo} should match updating from stream`);
}
function run_test() {
for (let algo in hashes) {
hashes[algo].forEach(
function(e, i) {
doHash(algo, messages[i], e);
--- a/security/manager/ssl/tests/unit/test_signed_apps.js
+++ b/security/manager/ssl/tests/unit/test_signed_apps.js
@@ -22,30 +22,31 @@ const PR_TRUNCATE = 0x20;
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
// Creates a new app package based in the inFilePath package, with a set of
// modifications (including possibly deletions) applied to the existing entries,
// and/or a set of new entries to be included.
function tamper(inFilePath, outFilePath, modifications, newEntries) {
- var writer = Cc["@mozilla.org/zipwriter;1"].createInstance(Ci.nsIZipWriter);
+ let writer = Cc["@mozilla.org/zipwriter;1"].createInstance(Ci.nsIZipWriter);
writer.open(outFilePath, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE);
try {
- var reader = Cc["@mozilla.org/libjar/zip-reader;1"].createInstance(Ci.nsIZipReader);
+ let reader = Cc["@mozilla.org/libjar/zip-reader;1"]
+ .createInstance(Ci.nsIZipReader);
reader.open(inFilePath);
try {
- var entries = reader.findEntries("");
+ let entries = reader.findEntries("");
while (entries.hasMore()) {
- var entryName = entries.getNext();
- var inEntry = reader.getEntry(entryName);
- var entryInput = reader.getInputStream(entryName);
+ let entryName = entries.getNext();
+ let inEntry = reader.getEntry(entryName);
+ let entryInput = reader.getInputStream(entryName);
try {
- var f = modifications[entryName];
- var outEntry, outEntryInput;
+ let f = modifications[entryName];
+ let outEntry, outEntryInput;
if (f) {
[outEntry, outEntryInput] = f(inEntry, entryInput);
delete modifications[entryName];
} else {
[outEntry, outEntryInput] = [inEntry, entryInput];
}
// if f does not want the input entry to be copied to the output entry
// at all (i.e. it wants it to be deleted), it will return null.
@@ -75,17 +76,17 @@ function tamper(inFilePath, outFilePath,
for (let name in modifications) {
if (modifications.hasOwnProperty(name)) {
throw new Error("input file was missing expected entries: " + name);
}
}
// Now, append any new entries to the end
newEntries.forEach(function(newEntry) {
- var sis = Cc["@mozilla.org/io/string-input-stream;1"]
+ let sis = Cc["@mozilla.org/io/string-input-stream;1"]
.createInstance(Ci.nsIStringInputStream);
try {
sis.setData(newEntry.content, newEntry.content.length);
writer.addEntryStream(newEntry.name,
new Date(),
Ci.nsIZipWriter.COMPRESSION_BEST,
sis,
false);
@@ -101,17 +102,17 @@ function tamper(inFilePath, outFilePath,
function removeEntry(entry, entryInput) { return [null, null]; }
function truncateEntry(entry, entryInput) {
if (entryInput.available() == 0) {
throw new Error("Truncating already-zero length entry will result in " +
"identical entry.");
}
- var content = Cc["@mozilla.org/io/string-input-stream;1"]
+ let content = Cc["@mozilla.org/io/string-input-stream;1"]
.createInstance(Ci.nsIStringInputStream);
content.data = "";
return [entry, content];
}
function run_test() {
run_next_test();
@@ -153,75 +154,75 @@ add_test(function () {
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unknown_issuer_app_1"),
check_open_result("unknown_issuer",
getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)));
});
// Sanity check to ensure a no-op tampering gives a valid result
add_test(function () {
- var tampered = tampered_app_path("identity_tampering");
+ let tampered = tampered_app_path("identity_tampering");
tamper(original_app_path("valid_app_1"), tampered, { }, []);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("valid_app_1"),
check_open_result("identity_tampering", Cr.NS_OK));
});
add_test(function () {
- var tampered = tampered_app_path("missing_rsa");
+ let tampered = tampered_app_path("missing_rsa");
tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.RSA": removeEntry }, []);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
check_open_result("missing_rsa", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED));
});
add_test(function () {
- var tampered = tampered_app_path("missing_sf");
+ let tampered = tampered_app_path("missing_sf");
tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.SF": removeEntry }, []);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
check_open_result("missing_sf", Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID));
});
add_test(function () {
- var tampered = tampered_app_path("missing_manifest_mf");
+ let tampered = tampered_app_path("missing_manifest_mf");
tamper(original_app_path("valid_app_1"), tampered, { "META-INF/MANIFEST.MF": removeEntry }, []);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
check_open_result("missing_manifest_mf",
Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID));
});
add_test(function () {
- var tampered = tampered_app_path("missing_entry");
+ let tampered = tampered_app_path("missing_entry");
tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": removeEntry }, []);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
check_open_result("missing_entry", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING));
});
add_test(function () {
- var tampered = tampered_app_path("truncated_entry");
+ let tampered = tampered_app_path("truncated_entry");
tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": truncateEntry }, []);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
check_open_result("truncated_entry", Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY));
});
add_test(function () {
- var tampered = tampered_app_path("unsigned_entry");
+ let tampered = tampered_app_path("unsigned_entry");
tamper(original_app_path("valid_app_1"), tampered, {},
[ { "name": "unsigned.txt", "content": "unsigned content!" } ]);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
check_open_result("unsigned_entry", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY));
});
add_test(function () {
- var tampered = tampered_app_path("unsigned_metainf_entry");
+ let tampered = tampered_app_path("unsigned_metainf_entry");
tamper(original_app_path("valid_app_1"), tampered, {},
[ { name: "META-INF/unsigned.txt", content: "unsigned content!" } ]);
certdb.openSignedAppFileAsync(
Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
check_open_result("unsigned_metainf_entry",
Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY));
});
--- a/security/manager/ssl/tests/unit/test_sss_readstate_child.js
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_child.js
@@ -30,12 +30,12 @@ function run_test() {
// This overrides an entry on the preload list.
writeLine("bugzilla.mozilla.org:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
writeLine("incsubdomain.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,1\n", outputStream);
// This overrides an entry on the preload list.
writeLine("login.persona.org:HSTS\t0\t0\t0,2,0\n", outputStream);
outputStream.close();
Services.obs.addObserver(start_test_in_child, "data-storage-ready", false);
do_test_pending();
- var SSService = Cc["@mozilla.org/ssservice;1"]
+ let SSService = Cc["@mozilla.org/ssservice;1"]
.getService(Ci.nsISiteSecurityService);
notEqual(SSService, null);
}
--- a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
@@ -65,17 +65,17 @@ function test_part1() {
"subdomain.www.torproject.org", 0));
// check that a host with a dot on the end won't break anything
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"notsts.nonexistent.mozilla.com.", 0));
// check that processing a header with max-age: 0 will remove a preloaded
// site from the list
- var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
+ let uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
"max-age=0", sslStatus, 0);
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"bugzilla.mozilla.org", 0));
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"subdomain.bugzilla.mozilla.org", 0));
// check that processing another header (with max-age non-zero) will
// re-enable a site's sts status
@@ -156,17 +156,17 @@ const IS_PRIVATE = Ci.nsISocketProvider.
function test_private_browsing1() {
gSSService.clearAll();
// sanity - bugzilla.mozilla.org is preloaded, includeSubdomains set
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"bugzilla.mozilla.org", IS_PRIVATE));
ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"a.b.c.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
- var uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
+ let uri = Services.io.newURI("http://bugzilla.mozilla.org", null, null);
gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
"max-age=0", sslStatus, IS_PRIVATE);
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"bugzilla.mozilla.org", IS_PRIVATE));
ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
"a.b.subdomain.bugzilla.mozilla.org", IS_PRIVATE));
// check adding it back in