mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-02 10:00:54 +00:00
bug 1189427
- convert test_ocsp_fetch_method.js to generate certificates at build time r=mgoodwin
This commit is contained in:
parent
2ab56744ea
commit
948094db6e
@ -15,6 +15,7 @@ TEST_DIRS += [
|
||||
'test_intermediate_basic_usage_constraints',
|
||||
'test_keysize_ev',
|
||||
'test_pinning_dynamic',
|
||||
'test_ocsp_fetch_method',
|
||||
'test_ocsp_url',
|
||||
'test_validity',
|
||||
]
|
||||
|
@ -23,14 +23,14 @@ function start_ocsp_responder(expectedCertNames, expectedPaths,
|
||||
}
|
||||
|
||||
function check_cert_err(cert_name, expected_error) {
|
||||
let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".der");
|
||||
let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
|
||||
return checkCertErrorGeneric(certdb, cert, expected_error,
|
||||
certificateUsageSSLServer);
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
addCertFromFile(certdb, "test_ocsp_fetch_method/ca.der", 'CTu,CTu,CTu');
|
||||
addCertFromFile(certdb, "test_ocsp_fetch_method/int.der", ',,');
|
||||
addCertFromFile(certdb, "test_ocsp_fetch_method/ca.pem", 'CTu,CTu,CTu');
|
||||
addCertFromFile(certdb, "test_ocsp_fetch_method/int.pem", ',,');
|
||||
|
||||
// Enabled so that we can force ocsp failure responses.
|
||||
Services.prefs.setBoolPref("security.OCSP.require", true);
|
||||
@ -55,16 +55,5 @@ function run_test() {
|
||||
ocspResponder.stop(run_next_test);
|
||||
});
|
||||
|
||||
// GET does fallback on bad entry
|
||||
add_test(function() {
|
||||
clearOCSPCache();
|
||||
Services.prefs.setBoolPref("security.OCSP.GET.enabled", true);
|
||||
// Bug 1016681 mozilla::pkix does not support fallback yet.
|
||||
// let ocspResponder = start_ocsp_responder(["b", "a"], [], ["GET", "POST"]);
|
||||
// check_cert_err("a", PRErrorCodeSuccess);
|
||||
// ocspResponder.stop(run_next_test);
|
||||
run_next_test();
|
||||
});
|
||||
|
||||
run_next_test();
|
||||
}
|
||||
|
Binary file not shown.
@ -0,0 +1,3 @@
|
||||
issuer:int
|
||||
subject:a
|
||||
extension:authorityInformationAccess:http://www.example.com:8888/
|
Binary file not shown.
Binary file not shown.
@ -0,0 +1,4 @@
|
||||
issuer:ca
|
||||
subject:ca
|
||||
extension:basicConstraints:cA,
|
||||
extension:keyUsage:cRLSign,keyCertSign
|
Binary file not shown.
@ -1,29 +0,0 @@
|
||||
#!/usr/bin/python
|
||||
|
||||
import tempfile, os, sys
|
||||
|
||||
libpath = os.path.abspath('../psm_common_py')
|
||||
sys.path.append(libpath)
|
||||
import CertUtils
|
||||
|
||||
srcdir = os.getcwd()
|
||||
db = tempfile.mkdtemp()
|
||||
|
||||
def generate_ca_cert(db_dir, dest_dir, noise_file, name):
|
||||
return CertUtils.generate_ca_cert(db_dir, dest_dir, noise_file, name,
|
||||
3, True)
|
||||
|
||||
def generate_child_cert(db_dir, dest_dir, noise_file, name, ca_nick, is_ee,
|
||||
ocsp_url):
|
||||
return CertUtils.generate_child_cert(db_dir, dest_dir, noise_file, name,
|
||||
ca_nick, 3, True, is_ee, ocsp_url)
|
||||
|
||||
def generate_certs():
|
||||
[noise_file, pwd_file] = CertUtils.init_nss_db(srcdir)
|
||||
generate_ca_cert(srcdir, srcdir, noise_file, 'ca')
|
||||
generate_child_cert(srcdir, srcdir, noise_file, 'int', 'ca', False, '')
|
||||
ocsp_url = "http://www.example.com:8888/"
|
||||
generate_child_cert(srcdir, srcdir, noise_file, "a", 'int', True, ocsp_url)
|
||||
generate_child_cert(srcdir, srcdir, noise_file, "b", 'int', True, ocsp_url)
|
||||
|
||||
generate_certs()
|
Binary file not shown.
@ -0,0 +1,4 @@
|
||||
issuer:ca
|
||||
subject:int
|
||||
extension:basicConstraints:cA,
|
||||
extension:keyUsage:cRLSign,keyCertSign
|
Binary file not shown.
@ -0,0 +1,31 @@
|
||||
# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
|
||||
# vim: set filetype=python:
|
||||
# This Source Code Form is subject to the terms of the Mozilla Public
|
||||
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
test_certificates = (
|
||||
'a.pem',
|
||||
'ca.pem',
|
||||
'int.pem',
|
||||
)
|
||||
|
||||
for test_certificate in test_certificates:
|
||||
input_file = test_certificate + '.certspec'
|
||||
GENERATED_FILES += [test_certificate]
|
||||
props = GENERATED_FILES[test_certificate]
|
||||
props.script = '../pycert.py'
|
||||
props.inputs = [input_file]
|
||||
TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_ocsp_fetch_method += ['!%s' % test_certificate]
|
||||
|
||||
test_keys = (
|
||||
'int.key',
|
||||
)
|
||||
|
||||
for test_key in test_keys:
|
||||
input_file = test_key + '.keyspec'
|
||||
GENERATED_FILES += [test_key]
|
||||
props = GENERATED_FILES[test_key]
|
||||
props.script = '../pykey.py'
|
||||
props.inputs = [input_file]
|
||||
TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_ocsp_fetch_method += ['!%s' % test_key]
|
@ -1,5 +0,0 @@
|
||||
library=
|
||||
name=NSS Internal PKCS #11 Module
|
||||
parameters=configdir='sql:/home/cviecco/hg/mozilla-central-unified/security/manager/ssl/tests/unit/test_ocsp_fetch_method' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
|
||||
NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
|
||||
|
Loading…
Reference in New Issue
Block a user