tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_certDB_export_pkcs12.js (2245B)

      1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
      2 // Any copyright is dedicated to the Public Domain.
      3 // http://creativecommons.org/publicdomain/zero/1.0/
      4 "use strict";
      5 
      6 // Tests exporting a certificate and key as a PKCS#12 blob and importing it
      7 // again with a new password set.
      8 
      9 do_get_profile();
     10 
     11 const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
     12  Ci.nsIX509CertDB
     13 );
     14 
     15 const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
     16 const CERT_COMMON_NAME = "test_cert_from_windows";
     17 const TEST_CERT_PASSWORD = "黒い";
     18 
     19 function findCertByCommonName(commonName) {
     20  for (let cert of gCertDB.getCerts()) {
     21    if (cert.commonName == commonName) {
     22      return cert;
     23    }
     24  }
     25  return null;
     26 }
     27 
     28 function run_test() {
     29  // Import the certificate and key so we have something to export.
     30  let cert = findCertByCommonName(CERT_COMMON_NAME);
     31  equal(cert, null, "cert should not be found before import");
     32  let certFile = do_get_file(PKCS12_FILE);
     33  ok(certFile, `${PKCS12_FILE} should exist`);
     34  let errorCode = gCertDB.importPKCS12File(certFile, TEST_CERT_PASSWORD);
     35  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should be imported");
     36  cert = findCertByCommonName(CERT_COMMON_NAME);
     37  notEqual(cert, null, "cert should be found now");
     38 
     39  // Export the certificate and key.
     40  let output = do_get_tempdir();
     41  output.append("output.p12");
     42  ok(!output.exists(), "output shouldn't exist before exporting PKCS12 file");
     43  errorCode = gCertDB.exportPKCS12File(output, [cert], TEST_CERT_PASSWORD);
     44  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should be exported");
     45  ok(output.exists(), "output should exist after exporting PKCS12 file");
     46 
     47  // We should be able to import the exported blob again using the new password.
     48  errorCode = gCertDB.importPKCS12File(output, TEST_CERT_PASSWORD);
     49  equal(errorCode, Ci.nsIX509CertDB.Success, "cert should be imported");
     50  output.remove(false /* not a directory; recursive doesn't apply */);
     51 
     52  // Ideally there would be some way to confirm that this actually did anything.
     53  // Unfortunately, since deleting a certificate currently doesn't actually do
     54  // anything until the platform is restarted, we can't confirm that we
     55  // successfully re-imported the certificate.
     56 }