mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 986156 - Test anypolicyoid (no inhibit policy) for EV . r=dkeeler
--HG-- extra : rebase_source : 004dbe5fc1b168c43f62c5bed8e71d4d67b04754
This commit is contained in:
parent
402a7a9293
commit
02ccbcd3d6
@ -21,6 +21,8 @@ let certList = [
|
||||
// Test for successful EV validation
|
||||
'int-ev-valid',
|
||||
'ev-valid',
|
||||
'ev-valid-anypolicy-int',
|
||||
'int-ev-valid-anypolicy-int',
|
||||
'no-ocsp-url-cert', // a cert signed by the EV auth that has no OCSP url
|
||||
// but that contains a valid CRLDP.
|
||||
|
||||
@ -136,6 +138,17 @@ function add_tests_in_mode(useMozillaPKIX)
|
||||
ocspResponder.stop(run_next_test);
|
||||
});
|
||||
|
||||
|
||||
add_test(function () {
|
||||
clearOCSPCache();
|
||||
|
||||
let ocspResponder = start_ocsp_responder(
|
||||
isDebugBuild ? ["int-ev-valid-anypolicy-int", "ev-valid-anypolicy-int"]
|
||||
: ["ev-valid-anypolicy-int"]);
|
||||
check_ee_for_ev("ev-valid-anypolicy-int", isDebugBuild);
|
||||
ocspResponder.stop(run_next_test);
|
||||
});
|
||||
|
||||
add_test(function() {
|
||||
clearOCSPCache();
|
||||
let ocspResponder = start_ocsp_responder(["non-ev-root"]);
|
||||
@ -205,6 +218,7 @@ function add_tests_in_mode(useMozillaPKIX)
|
||||
: SEC_ERROR_EXTENSION_NOT_FOUND));
|
||||
});
|
||||
|
||||
|
||||
// Test the EV continues to work with flags after successful EV verification
|
||||
add_test(function () {
|
||||
clearOCSPCache();
|
||||
@ -231,6 +245,7 @@ function add_tests_in_mode(useMozillaPKIX)
|
||||
failingOcspResponder.stop(run_next_test);
|
||||
});
|
||||
});
|
||||
|
||||
}
|
||||
|
||||
// bug 950240: add FLAG_MUST_BE_EV to CertVerifier::VerifyCert
|
||||
@ -258,3 +273,4 @@ function check_no_ocsp_requests(cert_name, expected_error) {
|
||||
do_check_eq(identityInfo.isExtendedValidation, false);
|
||||
ocspResponder.stop(run_next_test);
|
||||
}
|
||||
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -40,6 +40,13 @@ mozilla_testing_ev_policy = ("certificatePolicies = @v3_ca_ev_cp\n\n" +
|
||||
"1.3.6.1.4.1.13769.666.666.666.1.500.9.1\n\n" +
|
||||
"CPS.1 = \"http://mytestdomain.local/cps\"")
|
||||
|
||||
anypolicy_policy = ("certificatePolicies = @v3_ca_ev_cp\n\n" +
|
||||
"[ v3_ca_ev_cp ]\n" +
|
||||
"policyIdentifier = " +
|
||||
"2.5.29.32.0\n\n" +
|
||||
"CPS.1 = \"http://mytestdomain.local/cps\"")
|
||||
|
||||
|
||||
def import_untrusted_cert(certfile, nickname):
|
||||
os.system("certutil -A -d . -n " + nickname + " -i " + certfile +
|
||||
" -t ',,'")
|
||||
@ -108,6 +115,30 @@ def generate_certs():
|
||||
int_key, int_cert);
|
||||
import_untrusted_cert(no_ocsp_cert, 'no-ocsp-url-cert');
|
||||
|
||||
# add an ev cert whose intermediate has a anypolicy oid
|
||||
prefix = "ev-valid-anypolicy-int"
|
||||
ee_ext_text = (EE_basic_constraints + EE_full_ku + Server_eku +
|
||||
authority_key_ident + aia_prefix + prefix + aia_suffix +
|
||||
endentity_crl + mozilla_testing_ev_policy)
|
||||
int_ext_text = (CA_basic_constraints + EE_full_ku + CA_eku +
|
||||
authority_key_ident + subject_key_ident +
|
||||
aia_prefix + "int-" + prefix + aia_suffix +
|
||||
intermediate_crl + anypolicy_policy)
|
||||
|
||||
[int_key, int_cert, ee_key, ee_cert] = CertUtils.generate_int_and_ee(db,
|
||||
srcdir,
|
||||
ca_key,
|
||||
ca_cert,
|
||||
prefix,
|
||||
int_ext_text,
|
||||
ee_ext_text,
|
||||
key_type)
|
||||
pk12file = CertUtils.generate_pkcs12(db, srcdir, int_cert, int_key,
|
||||
"int-" + prefix)
|
||||
import_cert_and_pkcs12(int_cert, pk12file, "int-" + prefix, ",,")
|
||||
import_untrusted_cert(ee_cert, prefix)
|
||||
|
||||
|
||||
[bad_ca_key, bad_ca_cert] = CertUtils.generate_cert_generic( db,
|
||||
srcdir,
|
||||
1,
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user