tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_pkcs11_token.js (4616B)

      1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
      2 // Any copyright is dedicated to the Public Domain.
      3 // http://creativecommons.org/publicdomain/zero/1.0/
      4 "use strict";
      5 
      6 // Tests the methods and attributes for interfacing with a PKCS #11 token, using
      7 // the internal key token.
      8 // We don't use either of the test tokens in the test PKCS #11 module because:
      9 //   1. Test token 1 cyclically inserts and removes itself in a tight loop.
     10 //      Using token 1 would complicate the test and introduce intermittent
     11 //      failures.
     12 //   2. Neither test token implements login or password related functionality.
     13 //      We want to test such functionality.
     14 //   3. Using the internal token lets us actually test the internal token works
     15 //      as expected.
     16 
     17 // Ensure that the appropriate initialization has happened.
     18 do_get_profile();
     19 
     20 function checkBasicAttributes(token) {
     21  let bundle = Services.strings.createBundle(
     22    "chrome://pipnss/locale/pipnss.properties"
     23  );
     24 
     25  let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
     26  equal(
     27    token.tokenName,
     28    expectedTokenName,
     29    "Actual and expected name should match"
     30  );
     31  equal(
     32    token.tokenManID,
     33    bundle.GetStringFromName("ManufacturerID"),
     34    "Actual and expected manufacturer ID should match"
     35  );
     36  equal(
     37    token.tokenHWVersion,
     38    "0.0",
     39    "Actual and expected hardware version should match"
     40  );
     41  equal(
     42    token.tokenFWVersion,
     43    "0.0",
     44    "Actual and expected firmware version should match"
     45  );
     46  equal(
     47    token.tokenSerialNumber,
     48    "0000000000000000",
     49    "Actual and expected serial number should match"
     50  );
     51 }
     52 
     53 /**
     54 * Checks the various password related features of the given token.
     55 * The token should already have been init with a password and be logged into.
     56 * The password of the token will be reset after calling this function.
     57 *
     58 * @param {nsIPK11Token} token
     59 *        The token to test.
     60 * @param {string} initialPW
     61 *        The password that the token should have been init with.
     62 */
     63 function checkPasswordFeaturesAndResetPassword(token, initialPW) {
     64  ok(
     65    !token.needsUserInit,
     66    "Token should not need user init after setting a password"
     67  );
     68  ok(
     69    token.hasPassword,
     70    "Token should have a password after setting a password"
     71  );
     72 
     73  ok(
     74    token.checkPassword(initialPW),
     75    "checkPassword() should succeed if the correct initial password is given"
     76  );
     77  token.changePassword(initialPW, "newPW ÿ 一二三");
     78  ok(
     79    token.checkPassword("newPW ÿ 一二三"),
     80    "checkPassword() should succeed if the correct new password is given"
     81  );
     82 
     83  ok(
     84    !token.checkPassword("wrongPW"),
     85    "checkPassword() should fail if an incorrect password is given"
     86  );
     87  ok(
     88    !token.isLoggedIn(),
     89    "Token should be logged out after an incorrect password was given"
     90  );
     91  ok(
     92    !token.needsUserInit,
     93    "Token should still be init with a password even if an incorrect " +
     94      "password was given"
     95  );
     96 
     97  token.reset();
     98  ok(token.needsUserInit, "Token should need password init after reset");
     99  ok(!token.hasPassword, "Token should not have a password after reset");
    100  ok(!token.isLoggedIn(), "Token should be logged out of after reset");
    101 }
    102 
    103 function run_test() {
    104  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"].getService(
    105    Ci.nsIPK11TokenDB
    106  );
    107  let token = tokenDB.getInternalKeyToken();
    108  notEqual(token, null, "The internal token should be present");
    109  ok(
    110    token.isInternalKeyToken,
    111    "The internal token should be represented as such"
    112  );
    113 
    114  checkBasicAttributes(token);
    115 
    116  ok(!token.isLoggedIn(), "Token should not be logged into yet");
    117  // Test that attempting to log out even when the token was not logged into
    118  // does not result in an error.
    119  token.logoutSimple();
    120  ok(!token.isLoggedIn(), "Token should still not be logged into");
    121  ok(
    122    !token.hasPassword,
    123    "Token should not have a password before it has been set"
    124  );
    125 
    126  let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三";
    127  token.initPassword(initialPW);
    128  token.login(/* force */ false);
    129  ok(token.isLoggedIn(), "Token should now be logged into");
    130 
    131  checkPasswordFeaturesAndResetPassword(token, initialPW);
    132 
    133  // We reset the password previously, so we need to initialize again.
    134  token.initPassword("arbitrary");
    135  ok(
    136    token.isLoggedIn(),
    137    "Token should be logged into after initializing password again"
    138  );
    139  token.logoutSimple();
    140  ok(
    141    !token.isLoggedIn(),
    142    "Token should be logged out after calling logoutSimple()"
    143  );
    144 
    145  ok(
    146    token.needsLogin(),
    147    "The internal token should always need authentication"
    148  );
    149 }