security/manager/ssl/tests/unit/test_cert_keyUsage.js

   1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
   2 /* This Source Code Form is subject to the terms of the Mozilla Public
   3  * License, v. 2.0. If a copy of the MPL was not distributed with this
   4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   5
   6 "use strict";
   7
   8 do_get_profile(); // must be called before getting nsIX509CertDB
   9 var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
  10   Ci.nsIX509CertDB
  11 );
  12
  13 const caList = [
  14   "ca-no-keyUsage-extension",
  15   "ca-missing-keyCertSign",
  16   "ca-all-usages",
  17 ];
  18 const eeList = [
  19   "ee-no-keyUsage-extension",
  20   "ee-keyCertSign-only",
  21   "ee-keyEncipherment-only",
  22   "ee-keyCertSign-and-keyEncipherment",
  23 ];
  24
  25 const caUsage = [certificateUsageSSLCA];
  26 const allEEUsages = [
  27   certificateUsageSSLClient,
  28   certificateUsageSSLServer,
  29   certificateUsageEmailSigner,
  30   certificateUsageEmailRecipient,
  31 ];
  32 const serverEEUsages = [
  33   certificateUsageSSLServer,
  34   certificateUsageEmailRecipient,
  35 ];
  36
  37 const expectedUsagesMap = {
  38   "ca-no-keyUsage-extension": caUsage,
  39   "ca-missing-keyCertSign": [],
  40   "ca-all-usages": caUsage,
  41
  42   "ee-no-keyUsage-extension-ca-no-keyUsage-extension": allEEUsages,
  43   "ee-no-keyUsage-extension-ca-missing-keyCertSign": [],
  44   "ee-no-keyUsage-extension-ca-all-usages": allEEUsages,
  45
  46   "ee-keyCertSign-only-ca-no-keyUsage-extension": [],
  47   "ee-keyCertSign-only-ca-missing-keyCertSign": [],
  48   "ee-keyCertSign-only-ca-all-usages": [],
  49
  50   "ee-keyEncipherment-only-ca-no-keyUsage-extension": serverEEUsages,
  51   "ee-keyEncipherment-only-ca-missing-keyCertSign": [],
  52   "ee-keyEncipherment-only-ca-all-usages": serverEEUsages,
  53
  54   "ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension": serverEEUsages,
  55   "ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign": [],
  56   "ee-keyCertSign-and-keyEncipherment-ca-all-usages": serverEEUsages,
  57 };
  58
  59 add_task(async function () {
  60   for (let ca of caList) {
  61     addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem", "CTu,CTu,CTu");
  62     let caCert = constructCertFromFile("test_cert_keyUsage/" + ca + ".pem");
  63     await asyncTestCertificateUsages(certdb, caCert, expectedUsagesMap[ca]);
  64     for (let ee of eeList) {
  65       let eeFullName = ee + "-" + ca;
  66       let eeCert = constructCertFromFile(
  67         "test_cert_keyUsage/" + eeFullName + ".pem"
  68       );
  69       await asyncTestCertificateUsages(
  70         certdb,
  71         eeCert,
  72         expectedUsagesMap[eeFullName]
  73       );
  74     }
  75   }
  76 });