test_signed_inject.js

mozilla-central/toolkit/mozapps/extensions/test/xpcshell/test_signed_inject.js (file symbol)

Enable keyboard shortcuts

Source code

File a bug in Toolkit :: Add-ons Manager

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

This test gets skipped with pattern: os == 'android' OR true
Manifest: toolkit/mozapps/extensions/test/xpcshell/xpcshell.toml

// Enable signature checks for these tests

gUseRealCertChecks = true;

// Disable update security

Services.prefs.setBoolPref(PREF_EM_CHECK_UPDATE_SECURITY, false);

const DATA = "data/signing_checks/";

const ADDONS = {

  bootstrap: {

    unsigned: "unsigned_bootstrap_2.xpi",

    badid: "signed_bootstrap_badid_2.xpi",

    signed: "signed_bootstrap_2.xpi",

    preliminary: "preliminary_bootstrap_2.xpi",

},

  nonbootstrap: {

    unsigned: "unsigned_nonbootstrap_2.xpi",

    badid: "signed_nonbootstrap_badid_2.xpi",

    signed: "signed_nonbootstrap_2.xpi",

},

};

const ID = "test@tests.mozilla.org";

const profileDir = gProfD.clone();

profileDir.append("extensions");

// Deletes a file from the test add-on in the profile

function breakAddon(file) {

  if (TEST_UNPACKED) {

    let f = file.clone();

    f.append("test.txt");

    f.remove(true);

    f = file.clone();

    f.append("install.rdf");

    f.lastModifiedTime = Date.now();

  } else {

    var zipW = Cc["@mozilla.org/zipwriter;1"].createInstance(Ci.nsIZipWriter);

    zipW.open(file, FileUtils.MODE_RDWR | FileUtils.MODE_APPEND);

    zipW.removeEntry("test.txt", false);

    zipW.close();

function resetPrefs() {

  Services.prefs.setIntPref("bootstraptest.active_version", -1);

  Services.prefs.setIntPref("bootstraptest.installed_version", -1);

  Services.prefs.setIntPref("bootstraptest.startup_reason", -1);

  Services.prefs.setIntPref("bootstraptest.shutdown_reason", -1);

  Services.prefs.setIntPref("bootstraptest.install_reason", -1);

  Services.prefs.setIntPref("bootstraptest.uninstall_reason", -1);

  Services.prefs.setIntPref("bootstraptest.startup_oldversion", -1);

  Services.prefs.setIntPref("bootstraptest.shutdown_newversion", -1);

  Services.prefs.setIntPref("bootstraptest.install_oldversion", -1);

  Services.prefs.setIntPref("bootstraptest.uninstall_newversion", -1);

function clearCache(file) {

  if (TEST_UNPACKED) {

    return;

  Services.obs.notifyObservers(file, "flush-cache-entry");

function getActiveVersion() {

  return Services.prefs.getIntPref("bootstraptest.active_version");

add_task(async function setup() {

  createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "4", "4");

  // Start and stop the manager to initialise everything in the profile before

  // actual testing

  await promiseStartupManager();

  await promiseShutdownManager();

  resetPrefs();

});

// Injecting into profile (bootstrap)

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.bootstrap.unsigned),

    profileDir,

ID

);

  await promiseStartupManager();

  // Currently we leave the sideloaded add-on there but just don't run it

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_MISSING);

  Assert.equal(getActiveVersion(), -1);

  await addon.uninstall();

  await promiseShutdownManager();

  resetPrefs();

  Assert.ok(!file.exists());

  clearCache(file);

});

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.bootstrap.signed),

    profileDir,

ID

);

  breakAddon(file);

  await promiseStartupManager();

  // Currently we leave the sideloaded add-on there but just don't run it

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);

  Assert.equal(getActiveVersion(), -1);

  await addon.uninstall();

  await promiseShutdownManager();

  resetPrefs();

  Assert.ok(!file.exists());

  clearCache(file);

});

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.bootstrap.badid),

    profileDir,

ID

);

  await promiseStartupManager();

  // Currently we leave the sideloaded add-on there but just don't run it

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);

  Assert.equal(getActiveVersion(), -1);

  await addon.uninstall();

  await promiseShutdownManager();

  resetPrefs();

  Assert.ok(!file.exists());

  clearCache(file);

});

// Installs a signed add-on then modifies it in place breaking its signing

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.bootstrap.signed),

    profileDir,

ID

);

  // Make it appear to come from the past so when we modify it later it is

  // detected during startup. Obviously malware can bypass this method of

  // detection but the periodic scan will catch that

  await promiseSetExtensionModifiedTime(file.path, Date.now() - 600000);

  await promiseStartupManager();

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(!addon.appDisabled);

  Assert.ok(addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_SIGNED);

  Assert.equal(getActiveVersion(), 2);

  await promiseShutdownManager();

  Assert.equal(getActiveVersion(), 0);

  clearCache(file);

  breakAddon(file);

  resetPrefs();

  await promiseStartupManager();

  addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);

  Assert.equal(getActiveVersion(), -1);

  let ids = AddonManager.getStartupChanges(

    AddonManager.STARTUP_CHANGE_DISABLED

);

  Assert.equal(ids.length, 1);

  Assert.equal(ids[0], ID);

  await addon.uninstall();

  await promiseShutdownManager();

  resetPrefs();

  Assert.ok(!file.exists());

  clearCache(file);

});

// Injecting into profile (non-bootstrap)

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.nonbootstrap.unsigned),

    profileDir,

ID

);

  await promiseStartupManager();

  // Currently we leave the sideloaded add-on there but just don't run it

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_MISSING);

  await addon.uninstall();

  await promiseRestartManager();

  await promiseShutdownManager();

  Assert.ok(!file.exists());

  clearCache(file);

});

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.nonbootstrap.signed),

    profileDir,

ID

);

  breakAddon(file);

  await promiseStartupManager();

  // Currently we leave the sideloaded add-on there but just don't run it

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);

  await addon.uninstall();

  await promiseRestartManager();

  await promiseShutdownManager();

  Assert.ok(!file.exists());

  clearCache(file);

});

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.nonbootstrap.badid),

    profileDir,

ID

);

  await promiseStartupManager();

  // Currently we leave the sideloaded add-on there but just don't run it

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);

  await addon.uninstall();

  await promiseRestartManager();

  await promiseShutdownManager();

  Assert.ok(!file.exists());

  clearCache(file);

});

// Installs a signed add-on then modifies it in place breaking its signing

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.nonbootstrap.signed),

    profileDir,

ID

);

  // Make it appear to come from the past so when we modify it later it is

  // detected during startup. Obviously malware can bypass this method of

  // detection but the periodic scan will catch that

  await promiseSetExtensionModifiedTime(file.path, Date.now() - 60000);

  await promiseStartupManager();

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(!addon.appDisabled);

  Assert.ok(addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_SIGNED);

  await promiseShutdownManager();

  clearCache(file);

  breakAddon(file);

  await promiseStartupManager();

  addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(addon.appDisabled);

  Assert.ok(!addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);

  let ids = AddonManager.getStartupChanges(

    AddonManager.STARTUP_CHANGE_DISABLED

);

  Assert.equal(ids.length, 1);

  Assert.equal(ids[0], ID);

  await addon.uninstall();

  await promiseRestartManager();

  await promiseShutdownManager();

  Assert.ok(!file.exists());

  clearCache(file);

});

// Stage install then modify before startup (non-bootstrap)

add_task(async function () {

  await promiseStartupManager();

  await promiseInstallAllFiles([

    do_get_file(DATA + ADDONS.nonbootstrap.signed),

]);

  await promiseShutdownManager();

  let staged = profileDir.clone();

  staged.append("staged");

  staged.append(do_get_expected_addon_name(ID));

  Assert.ok(staged.exists());

  breakAddon(staged);

  await promiseStartupManager();

  // Should have refused to install the broken staged version

  let addon = await promiseAddonByID(ID);

  Assert.equal(addon, null);

  clearCache(staged);

  await promiseShutdownManager();

});

// Manufacture staged install (bootstrap)

add_task(async function () {

  let stage = profileDir.clone();

  stage.append("staged");

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.bootstrap.signed),

    stage,

ID

);

  breakAddon(file);

  await promiseStartupManager();

  // Should have refused to install the broken staged version

  let addon = await promiseAddonByID(ID);

  Assert.equal(addon, null);

  Assert.equal(getActiveVersion(), -1);

  Assert.ok(!file.exists());

  clearCache(file);

  await promiseShutdownManager();

  resetPrefs();

});

// Preliminarily-signed sideloaded add-ons should work

add_task(async function () {

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.bootstrap.preliminary),

    profileDir,

ID

);

  await promiseStartupManager();

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(!addon.appDisabled);

  Assert.ok(addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_PRELIMINARY);

  Assert.equal(getActiveVersion(), 2);

  await addon.uninstall();

  await promiseShutdownManager();

  resetPrefs();

  Assert.ok(!file.exists());

  clearCache(file);

});

// Preliminarily-signed sideloaded add-ons should work via staged install

add_task(async function () {

  let stage = profileDir.clone();

  stage.append("staged");

  let file = await manuallyInstall(

    do_get_file(DATA + ADDONS.bootstrap.preliminary),

    stage,

ID

);

  await promiseStartupManager();

  let addon = await promiseAddonByID(ID);

  Assert.notEqual(addon, null);

  Assert.ok(!addon.appDisabled);

  Assert.ok(addon.isActive);

  Assert.equal(addon.signedState, AddonManager.SIGNEDSTATE_PRELIMINARY);

  Assert.equal(getActiveVersion(), 2);

  await addon.uninstall();

  await promiseShutdownManager();

  resetPrefs();

  Assert.ok(!file.exists());

  clearCache(file);

});