| blob | d82a493f16820774bed8fd316d6692331f9c411c |
1 "use strict";
3 do_get_profile();
5 const { Utils } = ChromeUtils.importESModule(
6 "resource://services-settings/Utils.sys.mjs"
7 );
8 const { RemoteSettings } = ChromeUtils.importESModule(
9 "resource://services-settings/remote-settings.sys.mjs"
10 );
11 const { RemoteSecuritySettings } = ChromeUtils.importESModule(
12 "resource://gre/modules/psm/RemoteSecuritySettings.sys.mjs"
13 );
14 const { OneCRLBlocklistClient } = RemoteSecuritySettings.init();
16 add_task(async function test_uses_a_custom_signer() {
17 Assert.notEqual(
18 OneCRLBlocklistClient.signerName,
19 RemoteSettings("not-specified").signerName
20 );
21 });
23 add_task(async function test_has_initial_dump() {
24 Assert.ok(
25 await Utils.hasLocalDump(
26 OneCRLBlocklistClient.bucketName,
27 OneCRLBlocklistClient.collectionName
28 )
29 );
30 });
32 add_task(async function test_default_jexl_filter_is_used() {
33 Assert.deepEqual(
34 OneCRLBlocklistClient.filterFunc,
35 RemoteSettings("not-specified").filterFunc
36 );
37 });
39 add_task(
40 async function test_revocations_are_updated_on_sync_with_cert_storage() {
41 const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
42 Ci.nsICertStorage
43 );
44 const has_revocations = () =>
45 new Promise(resolve => {
46 certStorage.hasPriorData(
47 Ci.nsICertStorage.DATA_TYPE_REVOCATION,
48 (rv, hasPriorData) => {
49 if (rv == Cr.NS_OK) {
50 return resolve(hasPriorData);
51 }
52 return resolve(false);
53 }
54 );
55 });
57 Assert.ok(!(await has_revocations()));
59 await OneCRLBlocklistClient.emit("sync", {
60 data: {
61 current: [],
62 created: [
63 {
64 issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
65 serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
66 },
67 ],
68 updated: [],
69 deleted: [],
70 },
71 });
73 Assert.ok(await has_revocations());
74 }
75 );
77 add_task(async function test_updated_entry() {
78 // Revoke a particular issuer/serial number.
79 await OneCRLBlocklistClient.emit("sync", {
80 data: {
81 current: [],
82 created: [
83 {
84 issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
85 serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
86 },
87 ],
88 updated: [],
89 deleted: [],
90 },
91 });
92 const certStorage = Cc["@mozilla.org/security/certstorage;1"].getService(
93 Ci.nsICertStorage
94 );
95 let issuerArray = [
96 0x30, 0x12, 0x31, 0x10, 0x30, 0xe, 0x6, 0x3, 0x55, 0x4, 0x3, 0xc, 0x7, 0x54,
97 0x65, 0x73, 0x74, 0x20, 0x43, 0x41,
98 ];
99 let serialArray = [
100 0x6b, 0x45, 0xfb, 0xff, 0xb0, 0xe5, 0x4d, 0xa7, 0x9d, 0xa6, 0xa, 0xc8, 0x26,
101 0xd, 0xb9, 0x88, 0x13, 0xce, 0x90, 0x83,
102 ];
103 let revocationState = certStorage.getRevocationState(
104 issuerArray,
105 serialArray,
106 [],
107 []
108 );
109 Assert.equal(revocationState, Ci.nsICertStorage.STATE_ENFORCE);
111 // Update the revocation to be a different serial number; the original
112 // (issuer, serial) pair should now not be revoked.
113 await OneCRLBlocklistClient.emit("sync", {
114 data: {
115 current: [],
116 created: [],
117 updated: [
118 {
119 old: {
120 issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
121 serialNumber: "a0X7/7DlTaedpgrIJg25iBPOkIM=",
122 },
123 new: {
124 issuerName: "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=",
125 serialNumber: "ALtF+/+w5U0=",
126 },
127 },
128 ],
129 deleted: [],
130 },
131 });
132 let oldRevocationState = certStorage.getRevocationState(
133 issuerArray,
134 serialArray,
135 [],
136 []
137 );
138 Assert.equal(oldRevocationState, Ci.nsICertStorage.STATE_UNSET);
140 let newSerialArray = [0x00, 0xbb, 0x45, 0xfb, 0xff, 0xb0, 0xe5, 0x4d];
141 let newRevocationState = certStorage.getRevocationState(
142 issuerArray,
143 newSerialArray,
144 [],
145 []
146 );
147 Assert.equal(newRevocationState, Ci.nsICertStorage.STATE_ENFORCE);
148 });