test_qwacs.js - mozsearch

Enable keyboard shortcuts

// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.

"use strict";

do_get_profile(); // must be called before getting nsIX509CertDB

const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(

  Ci.nsIX509CertDB

);

async function verify_1_qwacs(filename, expectSuccess, extraCertNames = []) {

  let cert = constructCertFromFile(filename);

  let result = await certdb.asyncVerifyQWAC(

    Ci.nsIX509CertDB.OneQWAC,

    cert,

    "example.com",

    extraCertNames.map(filename => constructCertFromFile(filename))

);

  equal(

    result,

    expectSuccess,

    `${filename} ${expectSuccess ? "should" : "should not"} verify as 1-QWAC`

);

add_task(async function test_verify_1_qwacs() {

  Services.prefs.clearUserPref("security.qwacs.enable_test_trust_anchors");

  // By default, the QWACs test trust anchors are not used.

  await verify_1_qwacs("test_qwacs/1-qwac.pem", false);

  await verify_1_qwacs("test_qwacs/1-qwac-qevcpw.pem", false);

  Services.prefs.setBoolPref("security.qwacs.enable_test_trust_anchors", true);

  await verify_1_qwacs("test_qwacs/1-qwac.pem", true);

  await verify_1_qwacs("test_qwacs/1-qwac-qevcpw.pem", true);

  await verify_1_qwacs("test_qwacs/1-qwac-other-optional-qcs.pem", true);

  // One or more intermediates may be necessary for path building.

  await verify_1_qwacs("test_qwacs/1-qwac-via-intermediate.pem", false);

  await verify_1_qwacs("test_qwacs/1-qwac-via-intermediate.pem", true, [

    "test_qwacs/test-int.pem",

]);

  await verify_1_qwacs("test_qwacs/empty-qc-type-statement.pem", false);

  await verify_1_qwacs("test_qwacs/missing-qc-type-statement.pem", false);

  await verify_1_qwacs("test_qwacs/missing-qcs-compliance.pem", false);

  await verify_1_qwacs("test_qwacs/wrong-qc-type.pem", false);

  await verify_1_qwacs("test_qwacs/no-1-qwac-policies.pem", false);

  await verify_1_qwacs("test_qwacs/no-policies.pem", false);

  await verify_1_qwacs("test_qwacs/2-qwac.pem", false);

});

async function verify_2_qwacs(

  filename,

  expectSuccess,

  hostname = "example.com"

) {

  let cert = constructCertFromFile(filename);

  let result = await certdb.asyncVerifyQWAC(

    Ci.nsIX509CertDB.TwoQWAC,

    cert,

    hostname,

[]

);

  equal(

    result,

    expectSuccess,

    `${filename} ${expectSuccess ? "should" : "should not"} verify as 2-QWAC`

);

add_task(async function test_verify_2_qwacs() {

  Services.prefs.clearUserPref("security.qwacs.enable_test_trust_anchors");

  // By default, the QWACs test trust anchors are not used.

  await verify_2_qwacs("test_qwacs/2-qwac.pem", false);

  Services.prefs.setBoolPref("security.qwacs.enable_test_trust_anchors", true);

  await verify_2_qwacs("test_qwacs/2-qwac.pem", true);

  await verify_2_qwacs("test_qwacs/1-qwac.pem", false);

  await verify_2_qwacs("test_qwacs/2-qwac-no-eku.pem", false);

  await verify_2_qwacs("test_qwacs/2-qwac-tls-server-eku.pem", false);

  await verify_2_qwacs("test_qwacs/2-qwac-multiple-key-purpose-eku.pem", false);

  await verify_2_qwacs("test_qwacs/2-qwac.pem", false, "example.org");

});