test_x509.js (3567B)
1 /* Any copyright is dedicated to the Public Domain. 2 * http://creativecommons.org/publicdomain/zero/1.0/ */ 3 4 "use strict"; 5 6 // Tests X509.sys.mjs functionality. 7 8 function stringToArray(s) { 9 let b = []; 10 for (let i = 0; i < s.length; i++) { 11 b.push(s.charCodeAt(i)); 12 } 13 return b; 14 } 15 16 function readPEMToBytes(filename) { 17 return stringToArray(atob(pemToBase64(readFile(do_get_file(filename))))); 18 } 19 20 function run_test() { 21 let certificate = new X509.Certificate(); 22 // We use this certificate because it has a set validity period, which means that when 23 // the test certificates get regenerated each year, the values in this test won't change. 24 certificate.parse(readPEMToBytes("bad_certs/expired-ee.pem")); 25 26 equal( 27 certificate.tbsCertificate.version, 28 3, 29 "expired-ee.pem should be x509v3" 30 ); 31 32 // serialNumber 33 deepEqual( 34 certificate.tbsCertificate.serialNumber, 35 [ 36 0x63, 0xd1, 0x11, 0x00, 0x82, 0xa3, 0xd2, 0x3b, 0x3f, 0x61, 0xb8, 0x49, 37 0xa0, 0xca, 0xdc, 0x2e, 0x78, 0xfe, 0xfa, 0xea, 38 ], 39 "expired-ee.pem should have expected serialNumber" 40 ); 41 42 deepEqual( 43 certificate.tbsCertificate.signature.algorithm._values, 44 [1, 2, 840, 113549, 1, 1, 11], // sha256WithRSAEncryption 45 "expired-ee.pem should have sha256WithRSAEncryption signature" 46 ); 47 deepEqual( 48 certificate.tbsCertificate.signature.parameters._contents, 49 [], 50 "expired-ee.pem should have NULL parameters for signature" 51 ); 52 53 equal( 54 certificate.tbsCertificate.issuer.rdns.length, 55 1, 56 "expired-ee.pem should have one RDN in issuer" 57 ); 58 equal( 59 certificate.tbsCertificate.issuer.rdns[0].avas.length, 60 1, 61 "expired-ee.pem should have one AVA in RDN in issuer" 62 ); 63 deepEqual( 64 certificate.tbsCertificate.issuer.rdns[0].avas[0].value.value, 65 stringToArray("Test CA"), 66 "expired-ee.pem should have issuer 'Test CA'" 67 ); 68 69 equal( 70 certificate.tbsCertificate.validity.notBefore.time.getTime(), 71 Date.parse("2013-01-01T00:00:00.000Z"), 72 "expired-ee.pem should have the correct value for notBefore" 73 ); 74 equal( 75 certificate.tbsCertificate.validity.notAfter.time.getTime(), 76 Date.parse("2014-01-01T00:00:00.000Z"), 77 "expired-ee.pem should have the correct value for notAfter" 78 ); 79 80 equal( 81 certificate.tbsCertificate.subject.rdns.length, 82 1, 83 "expired-ee.pem should have one RDN in subject" 84 ); 85 equal( 86 certificate.tbsCertificate.subject.rdns[0].avas.length, 87 1, 88 "expired-ee.pem should have one AVA in RDN in subject" 89 ); 90 deepEqual( 91 certificate.tbsCertificate.subject.rdns[0].avas[0].value.value, 92 stringToArray("Expired Test End-entity"), 93 "expired-ee.pem should have subject 'Expired Test End-entity'" 94 ); 95 96 deepEqual( 97 certificate.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm._values, 98 [1, 2, 840, 113549, 1, 1, 1], // rsaEncryption 99 "expired-ee.pem should have a spki algorithm of rsaEncryption" 100 ); 101 102 equal( 103 certificate.tbsCertificate.extensions.length, 104 2, 105 "expired-ee.pem should have two extensions" 106 ); 107 108 deepEqual( 109 certificate.signatureAlgorithm.algorithm._values, 110 [1, 2, 840, 113549, 1, 1, 11], // sha256WithRSAEncryption 111 "expired-ee.pem should have sha256WithRSAEncryption signatureAlgorithm" 112 ); 113 deepEqual( 114 certificate.signatureAlgorithm.parameters._contents, 115 [], 116 "expired-ee.pem should have NULL parameters for signatureAlgorithm" 117 ); 118 119 equal( 120 certificate.signatureValue.length, 121 2048 / 8, 122 "length of signature on expired-ee.pem should be 2048 bits" 123 ); 124 }