Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test gets skipped with pattern: os == 'win' && msix
- Manifest: security/manager/ssl/tests/unit/xpcshell.toml
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// Any copyright is dedicated to the Public Domain.
"use strict";
// Tests import PKCS12 file by nsIX509CertDB.
do_get_profile();
const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
Ci.nsIX509CertDB
);
const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
const PKCS12_FILE_EMPTY_PASS =
"test_certDB_import/cert_from_windows_emptypass.pfx";
const PKCS12_FILE_NO_PASS = "test_certDB_import/cert_from_windows_nopass.pfx";
const CERT_COMMON_NAME = "test_cert_from_windows";
const TEST_CERT_PASSWORD = "黒い";
let gTestcases = [
// Test that importing a PKCS12 file with the wrong password fails.
{
name: "import using incorrect password",
filename: PKCS12_FILE,
passwordToUse: "this is the wrong password",
successExpected: false,
errorCode: Ci.nsIX509CertDB.ERROR_BAD_PASSWORD,
checkCertExist: true,
certCommonName: CERT_COMMON_NAME,
},
// Test that importing something that isn't a PKCS12 file fails.
{
name: "import non-PKCS12 file",
filename: "test_certDB_import_pkcs12.js",
passwordToUse: TEST_CERT_PASSWORD,
successExpected: false,
errorCode: Ci.nsIX509CertDB.ERROR_DECODE_ERROR,
checkCertExist: true,
certCommonName: CERT_COMMON_NAME,
},
// Test that importing a PKCS12 file with the correct password succeeds.
// This needs to be last because currently there isn't a way to delete the
// imported certificate (and thus reset the test state) that doesn't depend on
// the garbage collector running.
{
name: "import PKCS12 file",
filename: PKCS12_FILE,
passwordToUse: TEST_CERT_PASSWORD,
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: true,
certCommonName: CERT_COMMON_NAME,
},
// Same cert file protected with empty string password
{
name: "import PKCS12 file empty password",
filename: PKCS12_FILE_EMPTY_PASS,
passwordToUse: "",
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: false,
certCommonName: CERT_COMMON_NAME,
},
// Same cert file protected with no password
{
name: "import PKCS12 file no password",
filename: PKCS12_FILE_NO_PASS,
passwordToUse: null,
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: false,
certCommonName: CERT_COMMON_NAME,
},
// Test a PKCS12 file encrypted using AES
{
name: "import PKCS12 file using AES",
filename: "test_certDB_import/encrypted_with_aes.p12",
passwordToUse: "password",
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: true,
certCommonName: "John Doe",
},
];
function doesCertExist(commonName) {
let allCerts = gCertDB.getCerts();
for (let cert of allCerts) {
if (cert.commonName == commonName) {
return true;
}
}
return false;
}
function runOneTestcase(testcase) {
info(`running ${testcase.name}`);
if (testcase.checkCertExist) {
ok(
!doesCertExist(testcase.certCommonName),
"cert should not be in the database before import"
);
}
// Import and check for failure.
let certFile = do_get_file(testcase.filename);
ok(certFile, `${testcase.filename} should exist`);
let errorCode = gCertDB.importPKCS12File(certFile, testcase.passwordToUse);
equal(errorCode, testcase.errorCode, `verifying error code`);
equal(
doesCertExist(testcase.certCommonName),
testcase.successExpected,
`cert should${testcase.successExpected ? "" : " not"} be found now`
);
}
function run_test() {
for (let testcase of gTestcases) {
runOneTestcase(testcase);
}
}