test_cert_expiration_canary.js (1619B)
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*- 2 // This Source Code Form is subject to the terms of the Mozilla Public 3 // License, v. 2.0. If a copy of the MPL was not distributed with this 4 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 5 "use strict"; 6 7 // Attempts to verify a certificate for a time a few weeks into the future in 8 // the hopes of avoiding mass test failures when the certificates all expire. 9 // If this test fails, the certificates probably need to be regenerated. 10 // See bug 1525191. 11 12 // If this test and only this test fails, do the following: 13 // 1. Create a bug for the issue in "Core :: Security: PSM". 14 // 2. Write a patch to temporarily disable the test. 15 // 3. Land the patch. 16 // 4. Write a patch to reenable the test but don't land it. 17 // 5. Needinfo the triage owner of Bugzilla's "Core :: Security: PSM" component 18 // in the bug. 19 // 6. Patches to update certificates get created. 20 // 7. Test the patches with a Try push. 21 // 8. Land the patches on all trees whose code will still be used when the 22 // certificates expire in 3 weeks. 23 add_task(async function () { 24 do_get_profile(); 25 let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService( 26 Ci.nsIX509CertDB 27 ); 28 addCertFromFile(certDB, "bad_certs/test-ca.pem", "CTu,,"); 29 let threeWeeksFromNowInSeconds = Date.now() / 1000 + 3 * 7 * 24 * 60 * 60; 30 let ee = constructCertFromFile("bad_certs/default-ee.pem"); 31 await checkCertErrorGenericAtTime( 32 certDB, 33 ee, 34 PRErrorCodeSuccess, 35 Ci.nsIX509CertDB.verifyUsageTLSServer, 36 threeWeeksFromNowInSeconds, 37 false, 38 "test.example.com" 39 ); 40 });