security/manager/ssl/tests/unit/test_cert_sha1.js

   1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
   2 // This Source Code Form is subject to the terms of the Mozilla Public
   3 // License, v. 2.0. If a copy of the MPL was not distributed with this
   4 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
   5
   6 // Tests the rejection of SHA-1 certificates.
   7
   8 "use strict";
   9
  10 do_get_profile(); // must be called before getting nsIX509CertDB
  11 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
  12   Ci.nsIX509CertDB
  13 );
  14
  15 // (new Date("2016-03-01")).getTime() / 1000
  16 const VALIDATION_TIME = 1456790400;
  17
  18 function certFromFile(certName) {
  19   return constructCertFromFile("test_cert_sha1/" + certName + ".pem");
  20 }
  21
  22 function loadCertWithTrust(certName, trustString) {
  23   addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString);
  24 }
  25
  26 function checkEndEntity(cert, expectedResult) {
  27   return checkCertErrorGenericAtTime(
  28     certdb,
  29     cert,
  30     expectedResult,
  31     certificateUsageSSLServer,
  32     VALIDATION_TIME
  33   );
  34 }
  35
  36 add_task(async function () {
  37   loadCertWithTrust("ca", "CTu,,");
  38   loadCertWithTrust("int-pre", ",,");
  39   loadCertWithTrust("int-post", ",,");
  40
  41   await checkEndEntity(
  42     certFromFile("ee-pre_int-pre"),
  43     SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
  44   );
  45   await checkEndEntity(
  46     certFromFile("ee-post_int-pre"),
  47     SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
  48   );
  49   await checkEndEntity(
  50     certFromFile("ee-post_int-post"),
  51     SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
  52   );
  53 });