browser_editCACertTrust.js (3816B)
1 // Any copyright is dedicated to the Public Domain. 2 // http://creativecommons.org/publicdomain/zero/1.0/ 3 "use strict"; 4 5 // Tests that the UI for editing the trust of a CA certificate correctly 6 // reflects trust in the cert DB, and correctly updates trust in the cert DB 7 // when requested. 8 9 var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService( 10 Ci.nsIX509CertDB 11 ); 12 13 /** 14 * The cert we're editing the trust of. 15 * 16 * @type {nsIX509Cert} 17 */ 18 var gCert; 19 20 /** 21 * Opens the cert trust editing dialog. 22 * 23 * @returns {Promise} 24 * A promise that resolves when the dialog has finished loading with 25 * the window of the opened dialog. 26 */ 27 function openEditCertTrustDialog() { 28 let win = window.openDialog( 29 "chrome://pippki/content/editcacert.xhtml", 30 "", 31 "", 32 gCert 33 ); 34 return new Promise(resolve => { 35 win.addEventListener( 36 "load", 37 function () { 38 executeSoon(() => resolve(win)); 39 }, 40 { once: true } 41 ); 42 }); 43 } 44 45 add_setup(async function () { 46 // Initially trust ca.pem for SSL but not e-mail. 47 gCert = await readCertificate("ca.pem", "CT,,"); 48 Assert.ok( 49 gCertDB.isCertTrusted( 50 gCert, 51 Ci.nsIX509Cert.CA_CERT, 52 Ci.nsIX509CertDB.TRUSTED_SSL 53 ), 54 "Sanity check: ca.pem should be trusted for SSL" 55 ); 56 Assert.ok( 57 !gCertDB.isCertTrusted( 58 gCert, 59 Ci.nsIX509Cert.CA_CERT, 60 Ci.nsIX509CertDB.TRUSTED_EMAIL 61 ), 62 "Sanity check: ca.pem should not be trusted for e-mail" 63 ); 64 }); 65 66 // Tests the following: 67 // 1. The checkboxes correctly reflect the trust set in setup(). 68 // 2. Accepting the dialog after flipping some of the checkboxes results in the 69 // correct trust being set in the cert DB. 70 add_task(async function testAcceptDialog() { 71 let win = await openEditCertTrustDialog(); 72 73 let sslCheckbox = win.document.getElementById("trustSSL"); 74 let emailCheckbox = win.document.getElementById("trustEmail"); 75 Assert.ok(sslCheckbox.checked, "Cert should be trusted for SSL in UI"); 76 Assert.ok( 77 !emailCheckbox.checked, 78 "Cert should not be trusted for e-mail in UI" 79 ); 80 81 sslCheckbox.checked = false; 82 emailCheckbox.checked = true; 83 84 info("Accepting dialog"); 85 win.document.getElementById("editCaCert").acceptDialog(); 86 await BrowserTestUtils.windowClosed(win); 87 88 Assert.ok( 89 !gCertDB.isCertTrusted( 90 gCert, 91 Ci.nsIX509Cert.CA_CERT, 92 Ci.nsIX509CertDB.TRUSTED_SSL 93 ), 94 "Cert should no longer be trusted for SSL" 95 ); 96 Assert.ok( 97 gCertDB.isCertTrusted( 98 gCert, 99 Ci.nsIX509Cert.CA_CERT, 100 Ci.nsIX509CertDB.TRUSTED_EMAIL 101 ), 102 "Cert should now be trusted for e-mail" 103 ); 104 }); 105 106 // Tests the following: 107 // 1. The checkboxes correctly reflect the trust set in testAcceptDialog(). 108 // 2. Canceling the dialog even after flipping the checkboxes doesn't result in 109 // a change of trust in the cert DB. 110 add_task(async function testCancelDialog() { 111 let win = await openEditCertTrustDialog(); 112 113 let sslCheckbox = win.document.getElementById("trustSSL"); 114 let emailCheckbox = win.document.getElementById("trustEmail"); 115 Assert.ok(!sslCheckbox.checked, "Cert should not be trusted for SSL in UI"); 116 Assert.ok(emailCheckbox.checked, "Cert should be trusted for e-mail in UI"); 117 118 sslCheckbox.checked = true; 119 emailCheckbox.checked = false; 120 121 info("Canceling dialog"); 122 win.document.getElementById("editCaCert").cancelDialog(); 123 await BrowserTestUtils.windowClosed(win); 124 125 Assert.ok( 126 !gCertDB.isCertTrusted( 127 gCert, 128 Ci.nsIX509Cert.CA_CERT, 129 Ci.nsIX509CertDB.TRUSTED_SSL 130 ), 131 "Cert should still not be trusted for SSL" 132 ); 133 Assert.ok( 134 gCertDB.isCertTrusted( 135 gCert, 136 Ci.nsIX509Cert.CA_CERT, 137 Ci.nsIX509CertDB.TRUSTED_EMAIL 138 ), 139 "Cert should still be trusted for e-mail" 140 ); 141 });