978117 - test_signed_apps.js and test_signed_apps-marketplace.js fail on Android and B2G

Status: RESOLVED FIXED

(Core :: Security: PSM, defect, P3)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

+++ This bug was initially created as a clone of Bug #676972 +++

Test cases "valid" and "unsigned" actually pass, but the "unknown_issuer" test case fails because the error returned is SEC_ERROR_EXTENSION_NOT_FOUND instead of the expected error SEC_ERROR_UNKNOWN_ISSUER:

add_test(function () {
  certdb.openSignedAppFileAsync(
    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unknown_issuer"),
    check_open_result("unknown_issuer",
                      getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)));
});

This indicates that the problem is probably in NSS, AppTrustDomain, and/or insanity::pkix. It is mildly concerning that there is this difference for Android and B2G only.

Comment 1

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Attachment: Part 1: Make nsIX509Cert.setCerttrust, and nsIX509CertDB.addCert, and nsIX509CertDB2.addCertFromBase64 work on Android and B2G

Comment 2

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Attachment: Enable test_signed_apps.js and test_signed_apps-marketplace.js on Android and B2G

Comment 3

[Camilo Viecco (:cviecco)]

Comment on attachment 8384340 [details] [diff] [review]
Enable test_signed_apps.js and test_signed_apps-marketplace.js on Android and B2G

Review of attachment 8384340 [details] [diff] [review]:
-----------------------------------------------------------------

Looks good to me.

Comment 4

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

https://hg.mozilla.org/integration/mozilla-inbound/rev/165ebc711387

Thanks for the quick reviews. (Note that I did use r=cviecco in the final commit message, even though I had r?keeler in the patch's commit message.)

Comment 5

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/165ebc711387