diff options
Diffstat (limited to 'security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js')
| -rw-r--r-- | security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js new file mode 100644 index 000000000..2c244aad7 --- /dev/null +++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js @@ -0,0 +1,62 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. +"use strict"; + +// Checks that invalid OID encodings are detected in the Cert Viewer Details tab. + +do_get_profile(); // Must be called before getting nsIX509CertDB +const certDB = Cc["@mozilla.org/security/x509certdb;1"] + .getService(Ci.nsIX509CertDB); + +function certFromFile(filename) { + return constructCertFromFile(`test_certviewer_invalid_oids/${filename}.pem`); +} + +function test(certFilename, expectedOIDText) { + let cert = certFromFile(certFilename); + let certDumpTree = Cc["@mozilla.org/security/nsASN1Tree;1"] + .createInstance(Ci.nsIASN1Tree); + certDumpTree.loadASN1Structure(cert.ASN1Structure); + let actualOIDText = certDumpTree.getDisplayData(9); + + equal(actualOIDText, expectedOIDText, + "Actual and expected OID text should match"); +} + +function run_test() { + test("bug483440-attack2b", + "Object Identifier (2 5 4 Unknown) = www.bank.com\n" + + "OU = Hacking Division\n" + + "CN = www.badguy.com\nO = Badguy Inc\n"); + + test("bug483440-pk10oflo", + "Object Identifier (2 5 4 Unknown) = www.bank.com\n" + + "OU = Hacking Division\n" + + "CN = www.badguy.com\nO = Badguy Inc\n"); + + test("bug483440-attack7", + + // Check 88 80 80 80 01, not leading, have to pass + "Object Identifier (2 5 4 2147483649) = attack1\n" + + + // Check 90 80 80 80 01, not leading, have to fail + "Object Identifier (2 5 4 Unknown) = attack2\n" + + + // Check 80 80 80 80 80, not leading, have to fail + "Object Identifier (2 5 4 Unknown) = attack3\n" + + + // Check 81 81, trailing, have to fail + "Object Identifier (2 5 4 3 Unknown) = attack4\n" + + + // Check FF FF FF 7F, not leading, have to pass + "Object Identifier (2 5 4 268435455) = attack5\n" + + + // Check 80 leading, have to fail + "Object Identifier (Unknown 3) = attack6\n" + + + // Check 14757 = 2*40 + 14677 leading single byte encoded as F325, + // have to pass + "Object Identifier (2 14677 4 3) = attack7\n"); +} |