1 files changed, 57 insertions, 0 deletions

diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage.js b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
new file mode 100644
index 000000000..dd6fc4274
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
@@ -0,0 +1,57 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+var certdb = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+const caList = [ "ca-no-keyUsage-extension", "ca-missing-keyCertSign",
+                 "ca-all-usages" ];
+const eeList = [ "ee-no-keyUsage-extension", "ee-keyCertSign-only",
+                 "ee-keyEncipherment-only", "ee-keyCertSign-and-keyEncipherment" ];
+
+const caUsage = [ certificateUsageSSLCA, certificateUsageVerifyCA ];
+const allEEUsages = [ certificateUsageSSLClient, certificateUsageSSLServer,
+                      certificateUsageEmailSigner, certificateUsageEmailRecipient,
+                      certificateUsageObjectSigner ];
+const serverEEUsages = [ certificateUsageSSLServer,
+                         certificateUsageEmailRecipient ];
+
+const expectedUsagesMap = {
+  "ca-no-keyUsage-extension": caUsage,
+  "ca-missing-keyCertSign": [],
+  "ca-all-usages": caUsage,
+
+  "ee-no-keyUsage-extension-ca-no-keyUsage-extension": allEEUsages,
+  "ee-no-keyUsage-extension-ca-missing-keyCertSign": [],
+  "ee-no-keyUsage-extension-ca-all-usages": allEEUsages,
+
+  "ee-keyCertSign-only-ca-no-keyUsage-extension": [],
+  "ee-keyCertSign-only-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-only-ca-all-usages": [],
+
+  "ee-keyEncipherment-only-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyEncipherment-only-ca-missing-keyCertSign": [],
+  "ee-keyEncipherment-only-ca-all-usages": serverEEUsages,
+
+  "ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-and-keyEncipherment-ca-all-usages": serverEEUsages,
+};
+
+add_task(function* () {
+  for (let ca of caList) {
+    addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem", "CTu,CTu,CTu");
+    let caCert = constructCertFromFile("test_cert_keyUsage/" + ca + ".pem");
+    yield asyncTestCertificateUsages(certdb, caCert, expectedUsagesMap[ca]);
+    for (let ee of eeList) {
+      let eeFullName = ee + "-" + ca;
+      let eeCert = constructCertFromFile("test_cert_keyUsage/" + eeFullName + ".pem");
+      yield asyncTestCertificateUsages(certdb, eeCert, expectedUsagesMap[eeFullName]);
+    }
+  }
+});