1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// Any copyright is dedicated to the Public Domain.
// http://creativecommons.org/publicdomain/zero/1.0/
"use strict";
// Tests import PKCS12 file by nsIX509CertDB.
do_get_profile();
const gCertDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
Ci.nsIX509CertDB
);
const PKCS12_FILE = "test_certDB_import/cert_from_windows.pfx";
const PKCS12_FILE_EMPTY_PASS =
"test_certDB_import/cert_from_windows_emptypass.pfx";
const PKCS12_FILE_NO_PASS = "test_certDB_import/cert_from_windows_nopass.pfx";
const CERT_COMMON_NAME = "test_cert_from_windows";
const TEST_CERT_PASSWORD = "黒い";
let gTestcases = [
// Test that importing a PKCS12 file with the wrong password fails.
{
name: "import using incorrect password",
filename: PKCS12_FILE,
passwordToUse: "this is the wrong password",
successExpected: false,
errorCode: Ci.nsIX509CertDB.ERROR_BAD_PASSWORD,
checkCertExist: true,
certCommonName: CERT_COMMON_NAME,
},
// Test that importing something that isn't a PKCS12 file fails.
{
name: "import non-PKCS12 file",
filename: "test_certDB_import_pkcs12.js",
passwordToUse: TEST_CERT_PASSWORD,
successExpected: false,
errorCode: Ci.nsIX509CertDB.ERROR_DECODE_ERROR,
checkCertExist: true,
certCommonName: CERT_COMMON_NAME,
},
// Test that importing a PKCS12 file with the correct password succeeds.
// This needs to be last because currently there isn't a way to delete the
// imported certificate (and thus reset the test state) that doesn't depend on
// the garbage collector running.
{
name: "import PKCS12 file",
filename: PKCS12_FILE,
passwordToUse: TEST_CERT_PASSWORD,
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: true,
certCommonName: CERT_COMMON_NAME,
},
// Same cert file protected with empty string password
{
name: "import PKCS12 file empty password",
filename: PKCS12_FILE_EMPTY_PASS,
passwordToUse: "",
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: false,
certCommonName: CERT_COMMON_NAME,
},
// Same cert file protected with no password
{
name: "import PKCS12 file no password",
filename: PKCS12_FILE_NO_PASS,
passwordToUse: null,
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: false,
certCommonName: CERT_COMMON_NAME,
},
// Test a PKCS12 file encrypted using AES
{
name: "import PKCS12 file using AES",
filename: "test_certDB_import/encrypted_with_aes.p12",
passwordToUse: "password",
successExpected: true,
errorCode: Ci.nsIX509CertDB.Success,
checkCertExist: true,
certCommonName: "John Doe",
},
];
function doesCertExist(commonName) {
let allCerts = gCertDB.getCerts();
for (let cert of allCerts) {
if (cert.isBuiltInRoot) {
continue;
}
if (cert.commonName == commonName) {
return true;
}
}
return false;
}
function runOneTestcase(testcase) {
info(`running ${testcase.name}`);
if (testcase.checkCertExist) {
ok(
!doesCertExist(testcase.certCommonName),
"cert should not be in the database before import"
);
}
// Import and check for failure.
let certFile = do_get_file(testcase.filename);
ok(certFile, `${testcase.filename} should exist`);
let errorCode = gCertDB.importPKCS12File(certFile, testcase.passwordToUse);
equal(errorCode, testcase.errorCode, `verifying error code`);
equal(
doesCertExist(testcase.certCommonName),
testcase.successExpected,
`cert should${testcase.successExpected ? "" : " not"} be found now`
);
}
function run_test() {
for (let testcase of gTestcases) {
runOneTestcase(testcase);
}
}
|
