| blob | c23717252fdad82cba15bed5c0bddce29a1c113a |
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
2 // This Source Code Form is subject to the terms of the Mozilla Public
3 // License, v. 2.0. If a copy of the MPL was not distributed with this
4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 // Tests that a certificate with a clever subject common name like
7 // 'www.bank1.com[NUL]www.bad-guy.com' (where [NUL] is a single byte with
8 // value 0) will not be treated as valid for www.bank1.com.
9 // Includes a similar test case but for the subject alternative name extension.
11 "use strict";
13 do_get_profile(); // must be called before getting nsIX509CertDB
14 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
15 Ci.nsIX509CertDB
16 );
18 async function do_testcase(certname, checkCommonName) {
19 let cert = constructCertFromFile(`test_cert_embedded_null/${certname}.pem`);
20 // Where applicable, check that the testcase is meaningful (i.e. that the
21 // certificate's subject common name has an embedded NUL in it).
22 if (checkCommonName) {
23 equal(
24 cert.commonName,
25 "www.bank1.com\\00www.bad-guy.com",
26 "certificate subject common name should have an embedded NUL byte"
27 );
28 }
29 await checkCertErrorGeneric(
30 certdb,
31 cert,
32 SSL_ERROR_BAD_CERT_DOMAIN,
33 certificateUsageSSLServer,
34 undefined,
35 "www.bank1.com"
36 );
37 await checkCertErrorGeneric(
38 certdb,
39 cert,
40 SSL_ERROR_BAD_CERT_DOMAIN,
41 certificateUsageSSLServer,
42 undefined,
43 "www.bad-guy.com"
44 );
45 }
47 add_task(async function () {
48 addCertFromFile(certdb, "test_cert_embedded_null/ca.pem", "CTu,,");
50 await do_testcase("embeddedNull", true);
51 await do_testcase("embeddedNullSAN", false);
52 await do_testcase("embeddedNullCNAndSAN", true);
53 await do_testcase("embeddedNullSAN2", false);
54 });