53 lines
1.5 KiB
JavaScript
53 lines
1.5 KiB
JavaScript
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
// Tests the rejection of SHA-1 certificates.
|
|
|
|
"use strict";
|
|
|
|
do_get_profile(); // must be called before getting nsIX509CertDB
|
|
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
|
|
Ci.nsIX509CertDB
|
|
);
|
|
|
|
// (new Date("2016-03-01")).getTime() / 1000
|
|
const VALIDATION_TIME = 1456790400;
|
|
|
|
function certFromFile(certName) {
|
|
return constructCertFromFile("test_cert_sha1/" + certName + ".pem");
|
|
}
|
|
|
|
function loadCertWithTrust(certName, trustString) {
|
|
addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString);
|
|
}
|
|
|
|
function checkEndEntity(cert, expectedResult) {
|
|
return checkCertErrorGenericAtTime(
|
|
certdb,
|
|
cert,
|
|
expectedResult,
|
|
Ci.nsIX509CertDB.verifyUsageTLSServer,
|
|
VALIDATION_TIME
|
|
);
|
|
}
|
|
|
|
add_task(async function () {
|
|
loadCertWithTrust("ca", "CTu,,");
|
|
loadCertWithTrust("int-pre", ",,");
|
|
loadCertWithTrust("int-post", ",,");
|
|
|
|
await checkEndEntity(
|
|
certFromFile("ee-pre_int-pre"),
|
|
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
|
|
);
|
|
await checkEndEntity(
|
|
certFromFile("ee-post_int-pre"),
|
|
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
|
|
);
|
|
await checkEndEntity(
|
|
certFromFile("ee-post_int-post"),
|
|
SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
|
|
);
|
|
});
|