test_peerConnection_certificates.html

Enable keyboard shortcuts

<!DOCTYPE HTML>

<html>

<head>

  <script type="application/javascript" src="pc.js"></script>

</head>

<body>

<pre id="test">

<script type="application/javascript">

  createHTML({

    bug: "1172785",

    title: "Certificate management"

});

  function badCertificate(config, expectedError, message) {

    return RTCPeerConnection.generateCertificate(config)

      .then(() => ok(false, message),

            e => is(e.name, expectedError, message));

  // Checks a handful of obviously bad options to RTCCertificate.create().  Most

  // of the checking is done by the WebCrypto code underpinning this, hence the

  // baffling error codes, but a sanity check is still in order.

  function checkBadParameters() {

    return Promise.all([

      badCertificate({

        name: "RSASSA-PKCS1-v1_5",

        hash: "SHA-256",

        modulusLength: 1023,

        publicExponent: new Uint8Array([1, 0, 1])

      }, "NotSupportedError", "1023-bit is too small to succeed"),

      badCertificate({

        name: "RSASSA-PKCS1-v1_5",

          hash: "SHA-384",

          modulusLength: 2048,

          publicExponent: new Uint8Array([1, 0, 1])

      }, "NotSupportedError", "SHA-384 isn't supported yet"),

      // A SyntaxError happens in the "generate key operation" step, but

      // webrtc-pc does not say to reject the promise if this step fails.

      // It does say to throw NotSupportedError if we have passed "an

      // algorithm that the user agent cannot or will not use to generate a

      // certificate".

      badCertificate({

        name: "ECDH",

        namedCurve: "P-256"

      }, "NotSupportedError", "ECDH is rejected because the usage is neither \"deriveKey\" or \"deriveBits\""),

      badCertificate({

        name: "not a valid algorithm"

      }, "NotSupportedError", "not a valid algorithm"),

      badCertificate("ECDSA", "NotSupportedError", "a bare name is not enough"),

      badCertificate({

        name: "ECDSA",

        namedCurve: "not a curve"

      }, "NotSupportedError", "ECDSA with an unknown curve")

]);

  function createDB() {

    var openDB = indexedDB.open("genericstore");

    openDB.onupgradeneeded = e => {

      var db = e.target.result;

      db.createObjectStore("data");

};

    return new Promise(resolve => {

      openDB.onsuccess = e => resolve(e.target.result);

});

  function resultPromise(tx, op) {

    return new Promise((resolve, reject) => {

      op.onsuccess = e => resolve(e.target.result);

      op.onerror = () => reject(op.error);

      tx.onabort = () => reject(tx.error);

});

  function store(db, value) {

    var tx = db.transaction("data", "readwrite");

    var store = tx.objectStore("data");

    return resultPromise(tx, store.put(value, "value"));

  function retrieve(db) {

    var tx = db.transaction("data", "readonly");

    var store = tx.objectStore("data");

    return resultPromise(tx, store.get("value"));

  // Creates a database, stores a value, retrieves it.

  function storeAndRetrieve(value) {

    return createDB().then(db => {

      return store(db, value)

        .then(() => retrieve(db))

        .then(retrieved => {

          db.close();

          return retrieved;

});

});

  var test;

  runNetworkTest(function (options) {

    var expiredCert;

    return Promise.resolve()

      .then(() => RTCPeerConnection.generateCertificate({

        name: "ECDSA",

        namedCurve: "P-256",

        expires: 1 // smallest possible expiration window

}))

      .then(cert => {

        ok(!isNaN(cert.expires), 'cert has expiration time');

        info('Expires at ' + new Date(cert.expires));

        expiredCert = cert;

})

      .then(() => checkBadParameters())

      .then(() => {

        var delay = expiredCert.expires - Date.now();

        // Hopefully this delay is never needed.

        if (delay > 0) {

          return new Promise(r => setTimeout(r, delay));

        return Promise.resolve();

})

      .then(() => {

        ok(expiredCert.expires <= Date.now(), 'Cert should be at or past expiration');

        try {

          new RTCPeerConnection({ certificates: [expiredCert] });

          ok(false, 'Constructing peer connection with an expired cert is not allowed');

        } catch(e) {

          is(e.name, 'InvalidAccessError',

             'Constructing peer connection with an expired certs is not allowed');

})

      .then(() => Promise.all([

        RTCPeerConnection.generateCertificate({

          name: "ECDSA",

          namedCurve: "P-256"

}),

        RTCPeerConnection.generateCertificate({

          name: "RSASSA-PKCS1-v1_5",

          hash: "SHA-256",

          modulusLength: 2048,

          publicExponent: new Uint8Array([1, 0, 1])

})

]))

    // A round trip through indexedDB should not do anything.

      .then(storeAndRetrieve)

      .then(certs => {

        try {

          new RTCPeerConnection({ certificates: certs });

          ok(false, 'Constructing peer connection with multiple certs is not allowed');

        } catch(e) {

          is(e.name, 'NotSupportedError',

             'Constructing peer connection with multiple certs is not allowed');

        return certs;

})

      .then(certs => {

        test = new PeerConnectionTest({

          config_local: {

            certificates: [certs[0]]

},

          config_remote: {

            certificates: [certs[1]]

});

        test.setMediaConstraints([{audio: true}], [{audio: true}]);

        return test.run();

})

      .catch(e => {

        console.log('test failure', e);

        ok(false, 'test failed: ' + e);

});

});

</script>

</pre>

</body>

</html>