summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/tests/unit/test_add_preexisting_cert.js')
-rw-r--r--security/manager/ssl/tests/unit/test_add_preexisting_cert.js45
1 files changed, 45 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
new file mode 100644
index 000000000..2b07828c8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
@@ -0,0 +1,45 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests that adding a certificate already present in the certificate database
+// with different trust bits than those stored in the database does not result
+// in the new trust bits being ignored.
+
+do_get_profile();
+var certDB = Cc["@mozilla.org/security/x509certdb;1"]
+ .getService(Ci.nsIX509CertDB);
+
+function load_cert(cert, trust) {
+ let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem";
+ addCertFromFile(certDB, file, trust);
+}
+
+function getDERString(cert) {
+ let derString = "";
+ for (let rawByte of cert.getRawDER({})) {
+ derString += String.fromCharCode(rawByte);
+ }
+ return derString;
+}
+
+function run_test() {
+ load_cert("ca", "CTu,CTu,CTu");
+ load_cert("int-limited-depth", "CTu,CTu,CTu");
+ let file = "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem";
+ let cert_pem = readFile(do_get_file(file));
+ let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem));
+ checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+ certificateUsageSSLServer);
+ // Change the already existing intermediate certificate's trust using
+ // addCertFromBase64(). We use findCertByNickname first to ensure that the
+ // certificate already exists.
+ let int_cert = certDB.findCertByNickname("int-limited-depth");
+ notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
+ let base64_cert = btoa(getDERString(int_cert));
+ certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
+ checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER,
+ certificateUsageSSLServer);
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 21:10:52 +0000