test_certDB_import_pkcs12.js (3738B)
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*- 2 // Any copyright is dedicated to the Public Domain. 3 // http://creativecommons.org/publicdomain/zero/1.0/ 4 "use strict"; 5 6 // Tests import PKCS12 file by nsIX509CertDB. 7 8 do_get_profile(); 9 10 const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService( 11 Ci.nsIX509CertDB 12 ); 13 14 const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx"; 15 const PKCS12_FILE_EMPTY_PASS = 16 "test_certDB_import/cert_from_windows_emptypass.pfx"; 17 const PKCS12_FILE_NO_PASS = "test_certDB_import/cert_from_windows_nopass.pfx"; 18 const CERT_COMMON_NAME = "test_cert_from_windows"; 19 const TEST_CERT_PASSWORD = "黒い"; 20 21 let gTestcases = [ 22 // Test that importing a PKCS12 file with the wrong password fails. 23 { 24 name: "import using incorrect password", 25 filename: PKCS12_FILE, 26 passwordToUse: "this is the wrong password", 27 successExpected: false, 28 errorCode: Ci.nsIX509CertDB.ERROR_BAD_PASSWORD, 29 checkCertExist: true, 30 certCommonName: CERT_COMMON_NAME, 31 }, 32 // Test that importing something that isn't a PKCS12 file fails. 33 { 34 name: "import non-PKCS12 file", 35 filename: "test_certDB_import_pkcs12.js", 36 passwordToUse: TEST_CERT_PASSWORD, 37 successExpected: false, 38 errorCode: Ci.nsIX509CertDB.ERROR_DECODE_ERROR, 39 checkCertExist: true, 40 certCommonName: CERT_COMMON_NAME, 41 }, 42 // Test that importing a PKCS12 file with the correct password succeeds. 43 // This needs to be last because currently there isn't a way to delete the 44 // imported certificate (and thus reset the test state) that doesn't depend on 45 // the garbage collector running. 46 { 47 name: "import PKCS12 file", 48 filename: PKCS12_FILE, 49 passwordToUse: TEST_CERT_PASSWORD, 50 successExpected: true, 51 errorCode: Ci.nsIX509CertDB.Success, 52 checkCertExist: true, 53 certCommonName: CERT_COMMON_NAME, 54 }, 55 // Same cert file protected with empty string password 56 { 57 name: "import PKCS12 file empty password", 58 filename: PKCS12_FILE_EMPTY_PASS, 59 passwordToUse: "", 60 successExpected: true, 61 errorCode: Ci.nsIX509CertDB.Success, 62 checkCertExist: false, 63 certCommonName: CERT_COMMON_NAME, 64 }, 65 // Same cert file protected with no password 66 { 67 name: "import PKCS12 file no password", 68 filename: PKCS12_FILE_NO_PASS, 69 passwordToUse: null, 70 successExpected: true, 71 errorCode: Ci.nsIX509CertDB.Success, 72 checkCertExist: false, 73 certCommonName: CERT_COMMON_NAME, 74 }, 75 // Test a PKCS12 file encrypted using AES 76 { 77 name: "import PKCS12 file using AES", 78 filename: "test_certDB_import/encrypted_with_aes.p12", 79 passwordToUse: "password", 80 successExpected: true, 81 errorCode: Ci.nsIX509CertDB.Success, 82 checkCertExist: true, 83 certCommonName: "John Doe", 84 }, 85 ]; 86 87 function doesCertExist(commonName) { 88 let allCerts = gCertDB.getCerts(); 89 for (let cert of allCerts) { 90 if (cert.commonName == commonName) { 91 return true; 92 } 93 } 94 95 return false; 96 } 97 98 function runOneTestcase(testcase) { 99 info(`running ${testcase.name}`); 100 if (testcase.checkCertExist) { 101 ok( 102 !doesCertExist(testcase.certCommonName), 103 "cert should not be in the database before import" 104 ); 105 } 106 107 // Import and check for failure. 108 let certFile = do_get_file(testcase.filename); 109 ok(certFile, `${testcase.filename} should exist`); 110 let errorCode = gCertDB.importPKCS12File(certFile, testcase.passwordToUse); 111 equal(errorCode, testcase.errorCode, `verifying error code`); 112 equal( 113 doesCertExist(testcase.certCommonName), 114 testcase.successExpected, 115 `cert should${testcase.successExpected ? "" : " not"} be found now` 116 ); 117 } 118 119 function run_test() { 120 for (let testcase of gTestcases) { 121 runOneTestcase(testcase); 122 } 123 }