// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.

// Tests the rejection of SHA-1 certificates.

"use strict";

do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
  Ci.nsIX509CertDB
);

// (new Date("2016-03-01")).getTime() / 1000
const VALIDATION_TIME = 1456790400;

function certFromFile(certName) {
  return constructCertFromFile("test_cert_sha1/" + certName + ".pem");
}

function loadCertWithTrust(certName, trustString) {
  addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString);
}

function checkEndEntity(cert, expectedResult) {
  return checkCertErrorGenericAtTime(
    certdb,
    cert,
    expectedResult,
    certificateUsageSSLServer,
    VALIDATION_TIME
  );
}

add_task(async function () {
  loadCertWithTrust("ca", "CTu,,");
  loadCertWithTrust("int-pre", ",,");
  loadCertWithTrust("int-post", ",,");

  await checkEndEntity(
    certFromFile("ee-pre_int-pre"),
    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
  );
  await checkEndEntity(
    certFromFile("ee-post_int-pre"),
    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
  );
  await checkEndEntity(
    certFromFile("ee-post_int-post"),
    SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED
  );
});