nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/security/manager/ssl/tests/unit/test_enterprise_roots.js
Kris Maglione 3a5c05e76f Bug 1484496: Part 5e - Convert remaining nsISimpleEnumerator users to use JS iteration. r=mccr8 
Differential Revision: https://phabricator.services.mozilla.com/D3733

--HG--
extra : rebase_source : c0fac176d7b3d840c4dbb14f8d95ccfc7f83a5a8
extra : histedit_source : a92c40117d0808a3ad68c972f622a7a42c9ae8ba
2018-08-18 18:13:14 -07:00

56 lines
2.3 KiB
JavaScript
Raw Blame History

// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
"use strict";
// Tests enterprise root certificate support. When configured to do so, the
// platform will attempt to find and import enterprise root certificates. This
// feature is specific to Windows.
do_get_profile(); // must be called before getting nsIX509CertDB
function check_no_enterprise_roots_imported(certDB, dbKey = undefined) {
let enterpriseRoots = certDB.getEnterpriseRoots();
equal(enterpriseRoots, null, "should not have imported any enterprise roots");
if (dbKey) {
let cert = certDB.findCertByDBKey(dbKey);
// If the garbage-collector hasn't run, there may be reachable copies of
// imported enterprise root certificates. If so, they shouldn't be trusted
// to issue TLS server auth certificates.
if (cert) {
ok(!certDB.isCertTrusted(cert, Ci.nsIX509Cert.CA_CERT,
Ci.nsIX509CertDB.TRUSTED_SSL),
"previously-imported enterprise root shouldn't be trusted to issue " +
"TLS server auth certificates");
}
}
}
function check_some_enterprise_roots_imported(certDB) {
let enterpriseRoots = certDB.getEnterpriseRoots();
notEqual(enterpriseRoots, null, "should have imported some enterprise roots");
let foundNonBuiltIn = false;
let savedDBKey = null;
for (let cert of enterpriseRoots.getEnumerator()) {
if (!cert.isBuiltInRoot && !savedDBKey) {
foundNonBuiltIn = true;
savedDBKey = cert.dbKey;
info("saving dbKey from " + cert.commonName);
}
}
ok(foundNonBuiltIn, "should have found non-built-in root");
return savedDBKey;
}
function run_test() {
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB);
Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
check_no_enterprise_roots_imported(certDB);
Services.prefs.setBoolPref("security.enterprise_roots.enabled", true);
let savedDBKey = check_some_enterprise_roots_imported(certDB);
Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
check_no_enterprise_roots_imported(certDB, savedDBKey);
}
View git blame Copy permalink