tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_cert_keyUsage.js (2507B)

      1 /* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
      2 /* This Source Code Form is subject to the terms of the Mozilla Public
      3 * License, v. 2.0. If a copy of the MPL was not distributed with this
      4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      5 
      6 "use strict";
      7 
      8 do_get_profile(); // must be called before getting nsIX509CertDB
      9 var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
     10  Ci.nsIX509CertDB
     11 );
     12 
     13 const caList = [
     14  "ca-no-keyUsage-extension",
     15  "ca-missing-keyCertSign",
     16  "ca-all-usages",
     17 ];
     18 const eeList = [
     19  "ee-no-keyUsage-extension",
     20  "ee-keyCertSign-only",
     21  "ee-keyEncipherment-only",
     22  "ee-keyCertSign-and-keyEncipherment",
     23 ];
     24 
     25 const caUsage = [Ci.nsIX509CertDB.verifyUsageTLSServerCA];
     26 const allEEUsages = [
     27  Ci.nsIX509CertDB.verifyUsageTLSClient,
     28  Ci.nsIX509CertDB.verifyUsageTLSServer,
     29  Ci.nsIX509CertDB.verifyUsageEmailSigner,
     30  Ci.nsIX509CertDB.verifyUsageEmailRecipient,
     31 ];
     32 const serverEEUsages = [
     33  Ci.nsIX509CertDB.verifyUsageTLSServer,
     34  Ci.nsIX509CertDB.verifyUsageEmailRecipient,
     35 ];
     36 
     37 const expectedUsagesMap = {
     38  "ca-no-keyUsage-extension": caUsage,
     39  "ca-missing-keyCertSign": [],
     40  "ca-all-usages": caUsage,
     41 
     42  "ee-no-keyUsage-extension-ca-no-keyUsage-extension": allEEUsages,
     43  "ee-no-keyUsage-extension-ca-missing-keyCertSign": [],
     44  "ee-no-keyUsage-extension-ca-all-usages": allEEUsages,
     45 
     46  "ee-keyCertSign-only-ca-no-keyUsage-extension": [],
     47  "ee-keyCertSign-only-ca-missing-keyCertSign": [],
     48  "ee-keyCertSign-only-ca-all-usages": [],
     49 
     50  "ee-keyEncipherment-only-ca-no-keyUsage-extension": serverEEUsages,
     51  "ee-keyEncipherment-only-ca-missing-keyCertSign": [],
     52  "ee-keyEncipherment-only-ca-all-usages": serverEEUsages,
     53 
     54  "ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension": serverEEUsages,
     55  "ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign": [],
     56  "ee-keyCertSign-and-keyEncipherment-ca-all-usages": serverEEUsages,
     57 };
     58 
     59 add_task(async function () {
     60  for (let ca of caList) {
     61    addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem", "CTu,CTu,CTu");
     62    let caCert = constructCertFromFile("test_cert_keyUsage/" + ca + ".pem");
     63    await asyncTestCertificateUsages(certdb, caCert, expectedUsagesMap[ca]);
     64    for (let ee of eeList) {
     65      let eeFullName = ee + "-" + ca;
     66      let eeCert = constructCertFromFile(
     67        "test_cert_keyUsage/" + eeFullName + ".pem"
     68      );
     69      await asyncTestCertificateUsages(
     70        certdb,
     71        eeCert,
     72        expectedUsagesMap[eeFullName]
     73      );
     74    }
     75  }
     76 });