test_add_preexisting_cert.js (1692B)
1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ 2 /* This Source Code Form is subject to the terms of the Mozilla Public 3 * License, v. 2.0. If a copy of the MPL was not distributed with this 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 5 "use strict"; 6 7 // Tests that adding a certificate already present in the certificate database 8 // with different trust bits than those stored in the database does not result 9 // in the new trust bits being ignored. 10 11 do_get_profile(); 12 var certDB = Cc["@mozilla.org/security/x509certdb;1"].getService( 13 Ci.nsIX509CertDB 14 ); 15 16 function load_cert(cert, trust) { 17 let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem"; 18 return addCertFromFile(certDB, file, trust); 19 } 20 21 add_task(async function () { 22 load_cert("ca", "CTu,CTu,CTu"); 23 let int_cert = load_cert("int-limited-depth", "CTu,CTu,CTu"); 24 let file = 25 "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem"; 26 let cert_pem = readFile(do_get_file(file)); 27 let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem)); 28 await checkCertErrorGeneric( 29 certDB, 30 ee, 31 PRErrorCodeSuccess, 32 Ci.nsIX509CertDB.verifyUsageTLSServer 33 ); 34 // Change the already existing intermediate certificate's trust using 35 // addCertFromBase64(). 36 notEqual(int_cert, null, "Intermediate cert should be in the cert DB"); 37 let base64_cert = int_cert.getBase64DERString(); 38 let returnedEE = certDB.addCertFromBase64(base64_cert, "p,p,p"); 39 notEqual(returnedEE, null, "addCertFromBase64 should return a certificate"); 40 await checkCertErrorGeneric( 41 certDB, 42 ee, 43 SEC_ERROR_UNTRUSTED_ISSUER, 44 Ci.nsIX509CertDB.verifyUsageTLSServer 45 ); 46 });