--- a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@@ -16,159 +16,124 @@ registerCleanupFunction(function() {
let certdb = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
certificates.forEach(cert => {
certdb.deleteCertificate(cert);
});
});
add_task(function* () {
- let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu");
+ let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu", certificates);
let win = yield displayCertificate(cert);
checkUsages(win, ["SSL Certificate Authority"]);
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("ssl-ee.pem", ",,");
+ let cert = yield readCertificate("ssl-ee.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkUsages(win, ["SSL Server Certificate", "SSL Client Certificate"]);
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("email-ee.pem", ",,");
+ let cert = yield readCertificate("email-ee.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate"]);
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("code-ee.pem", ",,");
+ let cert = yield readCertificate("code-ee.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkUsages(win, ["Object Signer"]);
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("expired-ca.pem", ",,");
+ let cert = yield readCertificate("expired-ca.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkError(win, "Could not verify this certificate because it has expired.");
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("ee-from-expired-ca.pem", ",,");
+ let cert = yield readCertificate("ee-from-expired-ca.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkError(win,
"Could not verify this certificate because the CA certificate " +
"is invalid.");
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("unknown-issuer.pem", ",,");
+ let cert = yield readCertificate("unknown-issuer.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkError(win,
"Could not verify this certificate because the issuer is " +
"unknown.");
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("md5-ee.pem", ",,");
+ let cert = yield readCertificate("md5-ee.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkError(win,
"Could not verify this certificate because it was signed using " +
"a signature algorithm that was disabled because that algorithm " +
"is not secure.");
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("untrusted-ca.pem", "p,p,p");
+ let cert = yield readCertificate("untrusted-ca.pem", "p,p,p", certificates);
let win = yield displayCertificate(cert);
checkError(win,
"Could not verify this certificate because it is not trusted.");
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
- let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,");
+ let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,",
+ certificates);
let win = yield displayCertificate(cert);
checkError(win,
"Could not verify this certificate because the issuer is not " +
"trusted.");
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
// Note that there's currently no way to un-do this. This should only be a
// problem if another test re-uses a certificate with this same key (perhaps
// likely) and subject (less likely).
let certBlocklist = Cc["@mozilla.org/security/certblocklist;1"]
.getService(Ci.nsICertBlocklist);
certBlocklist.revokeCertBySubjectAndPubKey(
"MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
"VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="); // hash of the shared key
- let cert = yield readCertificate("revoked.pem", ",,");
+ let cert = yield readCertificate("revoked.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkError(win,
"Could not verify this certificate because it has been revoked.");
yield BrowserTestUtils.closeWindow(win);
});
add_task(function* () {
// This certificate has a keyUsage extension asserting cRLSign and
// keyCertSign, but it doesn't have a basicConstraints extension. This
// shouldn't be valid for any usage. Sadly, we give a pretty lame error
// message in this case.
- let cert = yield readCertificate("invalid.pem", ",,");
+ let cert = yield readCertificate("invalid.pem", ",,", certificates);
let win = yield displayCertificate(cert);
checkError(win, "Could not verify this certificate for unknown reasons.");
yield BrowserTestUtils.closeWindow(win);
});
/**
- * Helper for readCertificate.
- */
-function pemToBase64(pem) {
- return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
- .replace(/-----END CERTIFICATE-----/, "")
- .replace(/[\r\n]/g, "");
-}
-
-/**
- * Given the filename of a certificate, returns a promise that will resolve with
- * a handle to the certificate when that certificate has been read and imported
- * with the given trust settings.
- *
- * @param {String} filename
- * The filename of the certificate (assumed to be in the same directory).
- * @param {String} trustString
- * A string describing how the certificate should be trusted (see
- * `certutil -A --help`).
- * @return {Promise}
- * A promise that will resolve with a handle to the certificate.
- */
-function readCertificate(filename, trustString) {
- return OS.File.read(getTestFilePath(filename)).then(data => {
- let decoder = new TextDecoder();
- let pem = decoder.decode(data);
- let certdb = Cc["@mozilla.org/security/x509certdb;1"]
- .getService(Ci.nsIX509CertDB);
- let base64 = pemToBase64(pem);
- certdb.addCertFromBase64(base64, trustString, "unused");
- let cert = certdb.constructX509FromBase64(base64);
- certificates.push(cert); // so we remember to delete this at the end
- return cert;
- }, error => { throw error; });
-}
-
-/**
* Given a certificate, returns a promise that will resolve when the certificate
* viewer has opened is displaying that certificate, and has finished
* determining its valid usages.
*
* @param {nsIX509Cert} certificate
* The certificate to view and determine usages for.
* @return {Promise}
* A promise that will resolve with a handle on the opened certificate--- a/security/manager/ssl/tests/mochitest/browser/head.js
+++ b/security/manager/ssl/tests/mochitest/browser/head.js
@@ -1,11 +1,42 @@
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
-function whenNewWindowLoaded(aOptions, aCallback) {
- let win = OpenBrowserWindow(aOptions);
- win.addEventListener("load", function onLoad() {
- win.removeEventListener("load", onLoad, false);
- aCallback(win);
- }, false);
+/**
+ * This function serves the same purpose as the one defined in head_psm.js.
+ */
+function pemToBase64(pem) {
+ return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
+ .replace(/-----END CERTIFICATE-----/, "")
+ .replace(/[\r\n]/g, "");
}
+
+/**
+ * Given the filename of a certificate, returns a promise that will resolve with
+ * a handle to the certificate when that certificate has been read and imported
+ * with the given trust settings.
+ *
+ * @param {String} filename
+ * The filename of the certificate (assumed to be in the same directory).
+ * @param {String} trustString
+ * A string describing how the certificate should be trusted (see
+ * `certutil -A --help`).
+ * @param {nsIX509Cert[]} certificates
+ * An array to append the imported cert to. Useful for making sure
+ * imported certs are cleaned up.
+ * @return {Promise}
+ * A promise that will resolve with a handle to the certificate.
+ */
+function readCertificate(filename, trustString, certificates) {
+ return OS.File.read(getTestFilePath(filename)).then(data => {
+ let decoder = new TextDecoder();
+ let pem = decoder.decode(data);
+ let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+ .getService(Ci.nsIX509CertDB);
+ let base64 = pemToBase64(pem);
+ certdb.addCertFromBase64(base64, trustString, "unused");
+ let cert = certdb.constructX509FromBase64(base64);
+ certificates.push(cert);
+ return cert;
+ }, error => { throw error; });
+}