зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1130757 - tests for bug 1130757. r=dkeeler
--HG-- extra : rebase_source : 7b047f5bddf3544ca82d3b8875925acdbdb02ea5
This commit is contained in:
Родитель
3133a37202
Коммит
f4a1822554
|
@ -99,6 +99,10 @@ let blocklist_contents =
|
|||
"<serialNumber>oops! more nonsense.</serialNumber>" +
|
||||
"<serialNumber>X1o=</serialNumber></certItem>" +
|
||||
// ... and some good
|
||||
// In this case, the issuer name and the valid serialNumber correspond
|
||||
// to other-test-ca.der in tlsserver/ (for testing root revocation)
|
||||
"<certItem issuerName='MBgxFjAUBgNVBAMTDU90aGVyIHRlc3QgQ0E='>" +
|
||||
"<serialNumber>AKEIivg=</serialNumber></certItem>" +
|
||||
// This item corresponds to an entry in sample_revocations.txt where:
|
||||
// isser name is "another imaginary issuer" base-64 encoded, and
|
||||
// serialNumbers are:
|
||||
|
@ -154,6 +158,7 @@ function run_test() {
|
|||
// import the certificates we need
|
||||
load_cert("test-ca", "CTu,CTu,CTu");
|
||||
load_cert("test-int", ",,");
|
||||
load_cert("other-test-ca", "CTu,CTu,CTu");
|
||||
|
||||
let certList = Cc["@mozilla.org/security/certblocklist;1"]
|
||||
.getService(Ci.nsICertBlocklist);
|
||||
|
@ -186,6 +191,11 @@ function run_test() {
|
|||
let file = "tlsserver/test-int-ee.der";
|
||||
verify_cert(file, Cr.NS_OK);
|
||||
|
||||
// The blocklist also revokes other-test-ca.der, which issued other-ca-ee.der.
|
||||
// Check the cert validates before we load the blocklist
|
||||
file = "tlsserver/default-ee.der";
|
||||
verify_cert(file, Cr.NS_OK);
|
||||
|
||||
// blocklist load is async so we must use add_test from here
|
||||
add_test(function() {
|
||||
let certblockObserver = {
|
||||
|
@ -235,6 +245,8 @@ function run_test() {
|
|||
contents = contents + (contents.length == 0 ? "" : "\n") + line.value;
|
||||
} while (hasmore);
|
||||
let expected = "# Auto generated contents. Do not edit.\n" +
|
||||
"MBgxFjAUBgNVBAMTDU90aGVyIHRlc3QgQ0E=\n" +
|
||||
" AKEIivg=\n" +
|
||||
"MBIxEDAOBgNVBAMTB1Rlc3QgQ0E=\n" +
|
||||
" X1o=\n" +
|
||||
"YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" +
|
||||
|
@ -246,6 +258,10 @@ function run_test() {
|
|||
let file = "tlsserver/test-int-ee.der";
|
||||
verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
|
||||
|
||||
// Check the ee with the blocklisted root also causes a failure
|
||||
file = "tlsserver/other-issuer-ee.der";
|
||||
verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
|
||||
|
||||
// Check a non-blocklisted chain still validates OK
|
||||
file = "tlsserver/default-ee.der";
|
||||
verify_cert(file, Cr.NS_OK);
|
||||
|
|
Двоичные данные
security/manager/ssl/tests/unit/tlsserver/cert9.db
Двоичные данные
security/manager/ssl/tests/unit/tlsserver/cert9.db
Двоичный файл не отображается.
|
@ -260,6 +260,7 @@ make_EE localhostAndExampleCom 'CN=Test End-entity' testCA "localhost,*.example.
|
|||
make_EE otherIssuerEE 'CN=Wrong CA Pin Test End-Entity' otherCA "*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com,*.pinning.example.com"
|
||||
|
||||
export_cert localhostAndExampleCom default-ee.der
|
||||
export_cert otherIssuerEE other-issuer-ee.der
|
||||
|
||||
# A cert that is like localhostAndExampleCom, but with a different serial number for
|
||||
# testing the "OCSP response is from the right issuer, but it is for the wrong cert"
|
||||
|
|
Двоичные данные
security/manager/ssl/tests/unit/tlsserver/key4.db
Двоичные данные
security/manager/ssl/tests/unit/tlsserver/key4.db
Двоичный файл не отображается.
Двоичный файл не отображается.
Загрузка…
Ссылка в новой задаче