michael@0: "use strict";
michael@0: 
michael@0: const isB2G = ("@mozilla.org/b2g-process-global;1" in Cc);
michael@0: 
michael@0: 
michael@0: do_get_profile(); // must be called before getting nsIX509CertDB
michael@0: const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
michael@0: 
michael@0: function run_test() {
michael@0:   run_next_test();
michael@0: }
michael@0: 
michael@0: function check_open_result(name, expectedRv) {
michael@0:   return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
michael@0:     do_print("openSignedAppFileCallback called for " + name);
michael@0:     do_check_eq(rv, expectedRv);
michael@0:     do_check_eq(aZipReader != null,  Components.isSuccessCode(expectedRv));
michael@0:     do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
michael@0:     run_next_test();
michael@0:   };
michael@0: }
michael@0: 
michael@0: function original_app_path(test_name) {
michael@0:   return do_get_file("test_signed_apps/" + test_name + ".zip", false);
michael@0: }
michael@0: 
michael@0: // Test that we no longer trust the test root cert that was originally used
michael@0: // during development of B2G 1.0.
michael@0: add_test(function () {
michael@0:   certdb.openSignedAppFileAsync(
michael@0:     Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot,
michael@0:     original_app_path("test-privileged-app-test-1.0"),
michael@0:     check_open_result("test-privileged-app-test-1.0",
michael@0:                       getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)));
michael@0: });
michael@0: 
michael@0: // Test that we trust the root cert used by by the Firefox Marketplace.
michael@0: add_test(function () {
michael@0:   certdb.openSignedAppFileAsync(
michael@0:     Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot,
michael@0:     original_app_path("privileged-app-test-1.0"),
michael@0:     check_open_result("privileged-app-test-1.0", Cr.NS_OK));
michael@0: });