test_cert_sha1.js (1486B)
1 // -*- indent-tabs-mode: nil; js-indent-level: 2 -*- 2 // This Source Code Form is subject to the terms of the Mozilla Public 3 // License, v. 2.0. If a copy of the MPL was not distributed with this 4 // file, You can obtain one at http://mozilla.org/MPL/2.0/. 5 6 // Tests the rejection of SHA-1 certificates. 7 8 "use strict"; 9 10 do_get_profile(); // must be called before getting nsIX509CertDB 11 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService( 12 Ci.nsIX509CertDB 13 ); 14 15 // (new Date("2016-03-01")).getTime() / 1000 16 const VALIDATION_TIME = 1456790400; 17 18 function certFromFile(certName) { 19 return constructCertFromFile("test_cert_sha1/" + certName + ".pem"); 20 } 21 22 function loadCertWithTrust(certName, trustString) { 23 addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString); 24 } 25 26 function checkEndEntity(cert, expectedResult) { 27 return checkCertErrorGenericAtTime( 28 certdb, 29 cert, 30 expectedResult, 31 Ci.nsIX509CertDB.verifyUsageTLSServer, 32 VALIDATION_TIME 33 ); 34 } 35 36 add_task(async function () { 37 loadCertWithTrust("ca", "CTu,,"); 38 loadCertWithTrust("int-pre", ",,"); 39 loadCertWithTrust("int-post", ",,"); 40 41 await checkEndEntity( 42 certFromFile("ee-pre_int-pre"), 43 SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED 44 ); 45 await checkEndEntity( 46 certFromFile("ee-post_int-pre"), 47 SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED 48 ); 49 await checkEndEntity( 50 certFromFile("ee-post_int-post"), 51 SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED 52 ); 53 });