diff options
| author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
|---|---|---|
| committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
| commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
| tree | 10027f336435511475e392454359edea8e25895d /security/manager/ssl/tests/unit/test_startcom_wosign.js | |
| parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
| download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip | |
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/manager/ssl/tests/unit/test_startcom_wosign.js')
| -rw-r--r-- | security/manager/ssl/tests/unit/test_startcom_wosign.js | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign.js b/security/manager/ssl/tests/unit/test_startcom_wosign.js new file mode 100644 index 000000000..4ba89ca73 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_startcom_wosign.js @@ -0,0 +1,43 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// Any copyright is dedicated to the Public Domain. +// http://creativecommons.org/publicdomain/zero/1.0/ +"use strict"; + +// Tests handling of certificates issued by StartCom and WoSign. If such +// certificates have a notBefore before 21 October 2016, they are handled +// normally. Otherwise, they are treated as revoked. + +do_get_profile(); // must be called before getting nsIX509CertDB +const certdb = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function loadCertWithTrust(certName, trustString) { + addCertFromFile(certdb, "test_startcom_wosign/" + certName + ".pem", trustString); +} + +function certFromFile(certName) { + return constructCertFromFile("test_startcom_wosign/" + certName + ".pem"); +} + +function checkEndEntity(cert, expectedResult) { + // (new Date("2016-11-01")).getTime() / 1000 + const VALIDATION_TIME = 1477958400; + checkCertErrorGenericAtTime(certdb, cert, expectedResult, + certificateUsageSSLServer, VALIDATION_TIME); +} + +loadCertWithTrust("ca", "CTu,,"); +// This is not a real StartCom CA - it merely has the same distinguished name as +// one (namely "/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2", +// encoded with PrintableStrings). By checking for specific DNs, we can enforce +// the date-based policy in a way that is testable. +loadCertWithTrust("StartComCA", ",,"); +checkEndEntity(certFromFile("StartCom-before-cutoff"), PRErrorCodeSuccess); +checkEndEntity(certFromFile("StartCom-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE); + +// Similarly, this is not a real WoSign CA. It has the same distinguished name +// as "/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign", encoded +// with PrintableStrings). +loadCertWithTrust("WoSignCA", ",,"); +checkEndEntity(certFromFile("WoSign-before-cutoff"), PRErrorCodeSuccess); +checkEndEntity(certFromFile("WoSign-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE); |