1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
// Tests that a certificate with a clever subject common name like
// 'www.bank1.com[NUL]www.bad-guy.com' (where [NUL] is a single byte with
// value 0) will not be treated as valid for www.bank1.com.
// Includes a similar test case but for the subject alternative name extension.
"use strict";
do_get_profile(); // must be called before getting nsIX509CertDB
const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
Ci.nsIX509CertDB
);
async function do_testcase(certname, checkCommonName) {
let cert = constructCertFromFile(`test_cert_embedded_null/${certname}.pem`);
// Where applicable, check that the testcase is meaningful (i.e. that the
// certificate's subject common name has an embedded NUL in it).
if (checkCommonName) {
equal(
cert.commonName,
"www.bank1.com\\00www.bad-guy.com",
"certificate subject common name should have an embedded NUL byte"
);
}
await checkCertErrorGeneric(
certdb,
cert,
SSL_ERROR_BAD_CERT_DOMAIN,
certificateUsageSSLServer,
undefined,
"www.bank1.com"
);
await checkCertErrorGeneric(
certdb,
cert,
SSL_ERROR_BAD_CERT_DOMAIN,
certificateUsageSSLServer,
undefined,
"www.bad-guy.com"
);
}
add_task(async function () {
addCertFromFile(certdb, "test_cert_embedded_null/ca.pem", "CTu,,");
await do_testcase("embeddedNull", true);
await do_testcase("embeddedNullSAN", false);
await do_testcase("embeddedNullCNAndSAN", true);
await do_testcase("embeddedNullSAN2", false);
});
|
