| blob | 5743e01f6f9cea6dccd58c71abd8d3b59e11c188 |
1 // Any copyright is dedicated to the Public Domain.
2 // http://creativecommons.org/publicdomain/zero/1.0/
3 "use strict";
5 // Tests that the UI for editing the trust of a CA certificate correctly
6 // reflects trust in the cert DB, and correctly updates trust in the cert DB
7 // when requested.
9 var gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
10 Ci.nsIX509CertDB
11 );
13 /**
14 * The cert we're editing the trust of.
15 *
16 * @type {nsIX509Cert}
17 */
18 var gCert;
20 /**
21 * Opens the cert trust editing dialog.
22 *
23 * @returns {Promise}
24 * A promise that resolves when the dialog has finished loading with
25 * the window of the opened dialog.
26 */
27 function openEditCertTrustDialog() {
28 let win = window.openDialog(
29 "chrome://pippki/content/editcacert.xhtml",
30 "",
31 "",
32 gCert
33 );
34 return new Promise(resolve => {
35 win.addEventListener(
36 "load",
37 function () {
38 executeSoon(() => resolve(win));
39 },
40 { once: true }
41 );
42 });
43 }
45 add_setup(async function () {
46 // Initially trust ca.pem for SSL but not e-mail.
47 gCert = await readCertificate("ca.pem", "CT,,");
48 Assert.ok(
49 gCertDB.isCertTrusted(
50 gCert,
51 Ci.nsIX509Cert.CA_CERT,
52 Ci.nsIX509CertDB.TRUSTED_SSL
53 ),
54 "Sanity check: ca.pem should be trusted for SSL"
55 );
56 Assert.ok(
57 !gCertDB.isCertTrusted(
58 gCert,
59 Ci.nsIX509Cert.CA_CERT,
60 Ci.nsIX509CertDB.TRUSTED_EMAIL
61 ),
62 "Sanity check: ca.pem should not be trusted for e-mail"
63 );
64 });
66 // Tests the following:
67 // 1. The checkboxes correctly reflect the trust set in setup().
68 // 2. Accepting the dialog after flipping some of the checkboxes results in the
69 // correct trust being set in the cert DB.
70 add_task(async function testAcceptDialog() {
71 let win = await openEditCertTrustDialog();
73 let sslCheckbox = win.document.getElementById("trustSSL");
74 let emailCheckbox = win.document.getElementById("trustEmail");
75 Assert.ok(sslCheckbox.checked, "Cert should be trusted for SSL in UI");
76 Assert.ok(
77 !emailCheckbox.checked,
78 "Cert should not be trusted for e-mail in UI"
79 );
81 sslCheckbox.checked = false;
82 emailCheckbox.checked = true;
84 info("Accepting dialog");
85 win.document.getElementById("editCaCert").acceptDialog();
86 await BrowserTestUtils.windowClosed(win);
88 Assert.ok(
89 !gCertDB.isCertTrusted(
90 gCert,
91 Ci.nsIX509Cert.CA_CERT,
92 Ci.nsIX509CertDB.TRUSTED_SSL
93 ),
94 "Cert should no longer be trusted for SSL"
95 );
96 Assert.ok(
97 gCertDB.isCertTrusted(
98 gCert,
99 Ci.nsIX509Cert.CA_CERT,
100 Ci.nsIX509CertDB.TRUSTED_EMAIL
101 ),
102 "Cert should now be trusted for e-mail"
103 );
104 });
106 // Tests the following:
107 // 1. The checkboxes correctly reflect the trust set in testAcceptDialog().
108 // 2. Canceling the dialog even after flipping the checkboxes doesn't result in
109 // a change of trust in the cert DB.
110 add_task(async function testCancelDialog() {
111 let win = await openEditCertTrustDialog();
113 let sslCheckbox = win.document.getElementById("trustSSL");
114 let emailCheckbox = win.document.getElementById("trustEmail");
115 Assert.ok(!sslCheckbox.checked, "Cert should not be trusted for SSL in UI");
116 Assert.ok(emailCheckbox.checked, "Cert should be trusted for e-mail in UI");
118 sslCheckbox.checked = true;
119 emailCheckbox.checked = false;
121 info("Canceling dialog");
122 win.document.getElementById("editCaCert").cancelDialog();
123 await BrowserTestUtils.windowClosed(win);
125 Assert.ok(
126 !gCertDB.isCertTrusted(
127 gCert,
128 Ci.nsIX509Cert.CA_CERT,
129 Ci.nsIX509CertDB.TRUSTED_SSL
130 ),
131 "Cert should still not be trusted for SSL"
132 );
133 Assert.ok(
134 gCertDB.isCertTrusted(
135 gCert,
136 Ci.nsIX509Cert.CA_CERT,
137 Ci.nsIX509CertDB.TRUSTED_EMAIL
138 ),
139 "Cert should still be trusted for e-mail"
140 );
141 });