test_cert_embedded_null.js (1804B)
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*- 2 // This Source Code Form is subject to the terms of the Mozilla Public 3 // License, v. 2.0. If a copy of the MPL was not distributed with this 4 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 5 6 // Tests that a certificate with a clever subject common name like 7 // 'www.bank1.com[NUL]www.bad-guy.com' (where [NUL] is a single byte with 8 // value 0) will not be treated as valid for www.bank1.com. 9 // Includes a similar test case but for the subject alternative name extension. 10 11 "use strict"; 12 13 do_get_profile(); // must be called before getting nsIX509CertDB 14 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( 15 Ci.nsIX509CertDB 16 ); 17 18 async function do_testcase(certname, checkCommonName) { 19 let cert = constructCertFromFile(`test_cert_embedded_null/${certname}.pem`); 20 // Where applicable, check that the testcase is meaningful (i.e. that the 21 // certificate's subject common name has an embedded NUL in it). 22 if (checkCommonName) { 23 equal( 24 cert.commonName, 25 "www.bank1.com\\00www.bad-guy.com", 26 "certificate subject common name should have an embedded NUL byte" 27 ); 28 } 29 await checkCertErrorGeneric( 30 certdb, 31 cert, 32 SSL_ERROR_BAD_CERT_DOMAIN, 33 Ci.nsIX509CertDB.verifyUsageTLSServer, 34 undefined, 35 "www.bank1.com" 36 ); 37 await checkCertErrorGeneric( 38 certdb, 39 cert, 40 SSL_ERROR_BAD_CERT_DOMAIN, 41 Ci.nsIX509CertDB.verifyUsageTLSServer, 42 undefined, 43 "www.bad-guy.com" 44 ); 45 } 46 47 add_task(async function () { 48 addCertFromFile(certdb, "test_cert_embedded_null/ca.pem", "CTu,,"); 49 50 await do_testcase("embeddedNull", true); 51 await do_testcase("embeddedNullSAN", false); 52 await do_testcase("embeddedNullCNAndSAN", true); 53 await do_testcase("embeddedNullSAN2", false); 54 });