зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1036080 - Fix addCertFromBase64() to update trust bits of existing permanent certificates. r=keeler
This commit is contained in:
Harsh Pathak
Родитель
d3ecd20c07
Коммит
1716725017
|
|
@ -1629,8 +1629,10 @@ NS_IMETHODIMP nsNSSCertificateDB::AddCertFromBase64(const char* aBase64,
|
|||
return MapSECStatus(SECFailure);
|
||||
}
|
||||
|
||||
// If there's already a certificate that matches this one in the database,
|
||||
// we still want to set its trust to the given value.
|
||||
if (tmpCert->isperm) {
|
||||
return NS_OK;
|
||||
return SetCertTrustFromString(newCert, aTrust);
|
||||
}
|
||||
|
||||
nsXPIDLCString nickname;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,46 @@
|
|||
/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
do_get_profile();
|
||||
let certDB = Cc["@mozilla.org/security/x509certdb;1"]
|
||||
.getService(Ci.nsIX509CertDB);
|
||||
|
||||
function load_cert(cert, trust) {
|
||||
let file = "test_intermediate_basic_usage_constraints/" + cert + ".der";
|
||||
addCertFromFile(certDB, file, trust);
|
||||
}
|
||||
|
||||
function getDERString(cert)
|
||||
{
|
||||
var length = {};
|
||||
var cert_der = cert.getRawDER(length);
|
||||
var cert_der_string = '';
|
||||
for (var i = 0; i < cert_der.length; i++) {
|
||||
cert_der_string += String.fromCharCode(cert_der[i]);
|
||||
}
|
||||
return cert_der_string;
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
load_cert("ca", "CTu,CTu,CTu");
|
||||
load_cert("int-limited-depth", "CTu,CTu,CTu");
|
||||
let file = "test_intermediate_basic_usage_constraints/ee-int-limited-depth.der";
|
||||
let cert_der = readFile(do_get_file(file));
|
||||
let ee = certDB.constructX509(cert_der, cert_der.length);
|
||||
let hasEVPolicy = {};
|
||||
let verifiedChain = {};
|
||||
equal(Cr.NS_OK, certDB.verifyCertNow(ee, certificateUsageSSLServer,
|
||||
NO_FLAGS, verifiedChain, hasEVPolicy));
|
||||
// Change the already existing intermediate certificate's trust using
|
||||
// addCertFromBase64(). We use findCertByNickname first to ensure that the
|
||||
// certificate already exists.
|
||||
let int_cert = certDB.findCertByNickname(null, "int-limited-depth");
|
||||
ok(int_cert);
|
||||
let base64_cert = btoa(getDERString(int_cert));
|
||||
certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
|
||||
equal(SEC_ERROR_UNTRUSTED_ISSUER, certDB.verifyCertNow(ee,
|
||||
certificateUsageSSLServer,
|
||||
NO_FLAGS, verifiedChain,
|
||||
hasEVPolicy));
|
||||
}
|
||||
|
|
@ -91,3 +91,4 @@ skip-if = os == "android"
|
|||
run-sequentially = hardcoded ports
|
||||
# Bug 1009158: this test times out on Android
|
||||
skip-if = os == "android"
|
||||
[test_add_preexisting_cert.js]
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче