test_pkcs11_module.js (3855B)
1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ 2 // Any copyright is dedicated to the Public Domain. 3 // http://creativecommons.org/publicdomain/zero/1.0/ 4 "use strict"; 5 6 // Tests the methods and attributes for interfacing with a PKCS #11 module and 7 // the module database. 8 9 // Ensure that the appropriate initialization has happened. 10 do_get_profile(); 11 12 var gPrompt = { 13 QueryInterface: ChromeUtils.generateQI(["nsIPrompt"]), 14 15 // This intentionally does not use arrow function syntax to avoid an issue 16 // where in the context of the arrow function, |this != gPrompt| due to 17 // how objects get wrapped when going across xpcom boundaries. 18 alert(_title, text) { 19 const EXPECTED_PROMPT_TEXT = 20 "Please authenticate to the token “Test PKCS11 Tokeñ 2 Label”. How to do so depends on the token (for example, using a fingerprint reader or entering a code with a keypad)."; 21 equal(text, EXPECTED_PROMPT_TEXT, "expecting alert() to be called"); 22 }, 23 24 promptPassword() { 25 ok(false, "not expecting promptPassword() to be called"); 26 }, 27 }; 28 29 const gPromptFactory = { 30 QueryInterface: ChromeUtils.generateQI(["nsIPromptFactory"]), 31 getPrompt: () => gPrompt, 32 }; 33 34 const gModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService( 35 Ci.nsIPKCS11ModuleDB 36 ); 37 38 const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService( 39 Ci.nsIX509CertDB 40 ); 41 42 add_task(async function test_pkcs11_module() { 43 let promptFactoryCID = MockRegistrar.register( 44 "@mozilla.org/prompter;1", 45 gPromptFactory 46 ); 47 registerCleanupFunction(() => { 48 MockRegistrar.unregister(promptFactoryCID); 49 }); 50 51 Services.fog.initializeFOG(); 52 53 equal( 54 0, 55 await Glean.pkcs11.thirdPartyModulesLoaded.testGetValue(), 56 "should have no third-party modules to begin with" 57 ); 58 59 // Check that if we have never added the test module, that we don't find it 60 // in the module list. 61 checkPKCS11ModuleNotPresent("PKCS11 Test Module", "pkcs11testmodule"); 62 63 // Check that adding the test module makes it appear in the module list. 64 let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsIFile); 65 libraryFile.append("pkcs11testmodule"); 66 libraryFile.append(ctypes.libraryName("pkcs11testmodule")); 67 loadPKCS11Module(libraryFile, "PKCS11 Test Module", true); 68 equal( 69 1, 70 await Glean.pkcs11.thirdPartyModulesLoaded.testGetValue(), 71 "should have one third-party module after loading it" 72 ); 73 let testModule = checkPKCS11ModuleExists( 74 "PKCS11 Test Module", 75 "pkcs11testmodule" 76 ); 77 78 let testClientCertificate = null; 79 for (const cert of gCertDB.getCerts()) { 80 if (cert.subjectName == "CN=client cert rsa") { 81 testClientCertificate = cert; 82 } 83 } 84 ok(testClientCertificate, "test module should expose rsa client certificate"); 85 86 // Check that listing the slots for the test module works. 87 let testModuleSlotNames = Array.from( 88 testModule.listSlots(), 89 slot => slot.name 90 ); 91 testModuleSlotNames.sort(); 92 const expectedSlotNames = [ 93 "Empty PKCS11 Slot", 94 "Test PKCS11 Slot", 95 "Test PKCS11 Slot 二", 96 ]; 97 deepEqual( 98 testModuleSlotNames, 99 expectedSlotNames, 100 "Actual and expected slot names should be equal" 101 ); 102 103 // Check that deleting the test module makes it disappear from the module list. 104 let pkcs11ModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"].getService( 105 Ci.nsIPKCS11ModuleDB 106 ); 107 pkcs11ModuleDB.deleteModule("PKCS11 Test Module"); 108 equal( 109 0, 110 await Glean.pkcs11.thirdPartyModulesLoaded.testGetValue(), 111 "should have no third-party modules after unloading it" 112 ); 113 checkPKCS11ModuleNotPresent("PKCS11 Test Module", "pkcs11testmodule"); 114 115 // Check miscellaneous module DB methods and attributes. 116 ok(!gModuleDB.canToggleFIPS, "It should NOT be possible to toggle FIPS"); 117 ok(!gModuleDB.isFIPSEnabled, "FIPS should not be enabled"); 118 });