| blob | 521904d4327457c2d6dbb3e27d9eb689f62a8cbb |
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
2 // Any copyright is dedicated to the Public Domain.
3 // http://creativecommons.org/publicdomain/zero/1.0/
4 "use strict";
6 // Tests import PKCS12 file by nsIX509CertDB.
8 do_get_profile();
10 const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
11 Ci.nsIX509CertDB
12 );
14 const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
15 const PKCS12_FILE_EMPTY_PASS =
16 "test_certDB_import/cert_from_windows_emptypass.pfx";
17 const PKCS12_FILE_NO_PASS = "test_certDB_import/cert_from_windows_nopass.pfx";
18 const CERT_COMMON_NAME = "test_cert_from_windows";
19 const TEST_CERT_PASSWORD = "黒い";
21 let gTestcases = [
22 // Test that importing a PKCS12 file with the wrong password fails.
23 {
24 name: "import using incorrect password",
25 filename: PKCS12_FILE,
26 passwordToUse: "this is the wrong password",
27 successExpected: false,
28 errorCode: Ci.nsIX509CertDB.ERROR_BAD_PASSWORD,
29 checkCertExist: true,
30 certCommonName: CERT_COMMON_NAME,
31 },
32 // Test that importing something that isn't a PKCS12 file fails.
33 {
34 name: "import non-PKCS12 file",
35 filename: "test_certDB_import_pkcs12.js",
36 passwordToUse: TEST_CERT_PASSWORD,
37 successExpected: false,
38 errorCode: Ci.nsIX509CertDB.ERROR_DECODE_ERROR,
39 checkCertExist: true,
40 certCommonName: CERT_COMMON_NAME,
41 },
42 // Test that importing a PKCS12 file with the correct password succeeds.
43 // This needs to be last because currently there isn't a way to delete the
44 // imported certificate (and thus reset the test state) that doesn't depend on
45 // the garbage collector running.
46 {
47 name: "import PKCS12 file",
48 filename: PKCS12_FILE,
49 passwordToUse: TEST_CERT_PASSWORD,
50 successExpected: true,
51 errorCode: Ci.nsIX509CertDB.Success,
52 checkCertExist: true,
53 certCommonName: CERT_COMMON_NAME,
54 },
55 // Same cert file protected with empty string password
56 {
57 name: "import PKCS12 file empty password",
58 filename: PKCS12_FILE_EMPTY_PASS,
59 passwordToUse: "",
60 successExpected: true,
61 errorCode: Ci.nsIX509CertDB.Success,
62 checkCertExist: false,
63 certCommonName: CERT_COMMON_NAME,
64 },
65 // Same cert file protected with no password
66 {
67 name: "import PKCS12 file no password",
68 filename: PKCS12_FILE_NO_PASS,
69 passwordToUse: null,
70 successExpected: true,
71 errorCode: Ci.nsIX509CertDB.Success,
72 checkCertExist: false,
73 certCommonName: CERT_COMMON_NAME,
74 },
75 // Test a PKCS12 file encrypted using AES
76 {
77 name: "import PKCS12 file using AES",
78 filename: "test_certDB_import/encrypted_with_aes.p12",
79 passwordToUse: "password",
80 successExpected: true,
81 errorCode: Ci.nsIX509CertDB.Success,
82 checkCertExist: true,
83 certCommonName: "John Doe",
84 },
85 ];
87 function doesCertExist(commonName) {
88 let allCerts = gCertDB.getCerts();
89 for (let cert of allCerts) {
90 if (cert.commonName == commonName) {
91 return true;
92 }
93 }
95 return false;
96 }
98 function runOneTestcase(testcase) {
99 info(`running ${testcase.name}`);
100 if (testcase.checkCertExist) {
101 ok(
102 !doesCertExist(testcase.certCommonName),
103 "cert should not be in the database before import"
104 );
105 }
107 // Import and check for failure.
108 let certFile = do_get_file(testcase.filename);
109 ok(certFile, `${testcase.filename} should exist`);
110 let errorCode = gCertDB.importPKCS12File(certFile, testcase.passwordToUse);
111 equal(errorCode, testcase.errorCode, `verifying error code`);
112 equal(
113 doesCertExist(testcase.certCommonName),
114 testcase.successExpected,
115 `cert should${testcase.successExpected ? "" : " not"} be found now`
116 );
117 }
119 function run_test() {
120 for (let testcase of gTestcases) {
121 runOneTestcase(testcase);
122 }
123 }