Bug 1194419 - Remove signature algorithm duplicate use in serial number determination in pycert. r=keeler

2024-09-13 09:24:08 -07:00 · 2015-10-23 05:13:00 -04:00 · 2015-10-23 05:13:00 -04:00 · 4cc692ee3a
commit 4cc692ee3a
parent e4628d0cc3
4 changed files with 15 additions and 19 deletions
--- a/security/certverifier/ExtendedValidation.cpp
+++ b/security/certverifier/ExtendedValidation.cpp
@ -118,11 +118,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
    "1.3.6.1.4.1.13769.666.666.666.1.500.9.1",
    "DEBUGtesting EV OID",
    SEC_OID_UNKNOWN,
-    { 0x85, 0x2A, 0x29, 0x38, 0x31, 0x09, 0x7D, 0x14, 0x0C, 0x83, 0xAB,
-      0x8D, 0x6D, 0x54, 0x32, 0x77, 0x37, 0xC8, 0xBF, 0xB2, 0xC2, 0xEC,
-      0xCC, 0x82, 0xC0, 0xA2, 0x5F, 0x24, 0x9D, 0xFD, 0xFB, 0xAB },
+    { 0xE4, 0xFB, 0x04, 0x16, 0x10, 0x32, 0x67, 0x08, 0x6C, 0x84, 0x2E,
+      0x91, 0xF3, 0xEF, 0x0E, 0x45, 0x99, 0xBC, 0xA8, 0x54, 0x73, 0xF5,
+      0x03, 0x2C, 0x7B, 0xDC, 0x09, 0x70, 0x76, 0x49, 0xBF, 0xAA },
    "MBExDzANBgNVBAMMBmV2cm9vdA==",
-    "GSsFG1fp8SGMxPjAQvdOBN26ij4=",
+    "W9j5PS8YoKgynZdYa9i2Kwexnp8=",
    nullptr
  },
  {
@ -143,11 +143,11 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
    "1.3.6.1.4.1.13769.666.666.666.1.500.9.1",
    "DEBUGtesting EV OID",
    SEC_OID_UNKNOWN,
-    { 0x28, 0x79, 0xB9, 0x6C, 0x08, 0x71, 0x6C, 0x7D, 0xCE, 0x38, 0x8C,
-      0xAB, 0x7E, 0xEB, 0x08, 0xA6, 0xF7, 0x2C, 0xCE, 0xE4, 0x47, 0xF5,
-      0x72, 0xA1, 0xEB, 0x16, 0x9B, 0xC3, 0x49, 0x49, 0x72, 0x5D },
+    { 0x49, 0x46, 0x10, 0xF4, 0xF5, 0xB1, 0x96, 0xE7, 0xFB, 0xFA, 0x4D,
+      0xA6, 0x34, 0x03, 0xD0, 0x99, 0x22, 0xD4, 0x77, 0x20, 0x3F, 0x84,
+      0xE0, 0xDF, 0x1C, 0xAD, 0xB4, 0xC2, 0x76, 0xBB, 0x63, 0x24 },
    "MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDA=",
-    "N2nWLMPfNebIktpezTGThHoXsDU=",
+    "P1iIBgxk6kH+x64EUBTV3qoHuas=",
    nullptr
  },
 #endif
--- a/security/manager/ssl/tests/unit/pycert.py
+++ b/security/manager/ssl/tests/unit/pycert.py
@ -329,10 +329,6 @@ class Certificate(object):
        hasher.update(str(self.notBefore))
        hasher.update(str(self.notAfter))
        hasher.update(self.subject)
-        # Bug 1194419: This is duplicated so as to not have to
-        # re-generate the EV testing root certificates. At some point
-        # we should clean this up and re-generate them.
-        hasher.update(self.signature)
        if self.extensions:
            for extension in self.extensions:
                hasher.update(str(extension))
--- a/security/manager/ssl/tests/unit/test_cert_blocklist.js
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@ -97,12 +97,12 @@ var blocklist_contents =
    // to test-int.pem in bad_certs/
    "<certItem issuerName='MBIxEDAOBgNVBAMMB1Rlc3QgQ0E='>" +
    "<serialNumber>oops! more nonsense.</serialNumber>" +
-    "<serialNumber>Y1HQqXGtw7ek2v/QAqBL8jf6rbA=</serialNumber></certItem>" +
+    "<serialNumber>BVio/iQ21GCi2iUven8oJ/gae74=</serialNumber></certItem>" +
    // ... and some good
    // In this case, the issuer name and the valid serialNumber correspond
    // to other-test-ca.pem in bad_certs/ (for testing root revocation)
    "<certItem issuerName='MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E='>" +
-    "<serialNumber>Szin5enUEn9TnVq29c4IMPNFuqE=</serialNumber></certItem>" +
+    "<serialNumber>exJUIJpq50jgqOwQluhVrAzTF74=</serialNumber></certItem>" +
    // This item corresponds to an entry in sample_revocations.txt where:
    // isser name is "another imaginary issuer" base-64 encoded, and
    // serialNumbers are:
@ -113,7 +113,7 @@ var blocklist_contents =
    "<certItem issuerName='YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy'>" +
    "<serialNumber>c2VyaWFsMi4=</serialNumber>" +
    "<serialNumber>YW5vdGhlciBzZXJpYWwu</serialNumber>" +
-    // This item revokes same-issuer-ee.pem by subject and serial number.
+    // This item revokes same-issuer-ee.pem by subject and pubKeyHash.
    "</certItem><certItem subject='MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5'"+
    " pubKeyHash='VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8='>" +
    "</certItem></certItems></blocklist>";
@ -274,9 +274,9 @@ function run_test() {
                  "MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5\n"+
                  "\tVCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=\n"+
                  "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=\n" +
-                  " Y1HQqXGtw7ek2v/QAqBL8jf6rbA=\n" +
+                  " BVio/iQ21GCi2iUven8oJ/gae74=\n" +
                  "MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E=\n" +
-                  " Szin5enUEn9TnVq29c4IMPNFuqE=\n" +
+                  " exJUIJpq50jgqOwQluhVrAzTF74=\n" +
                  "YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" +
                  " YW5vdGhlciBzZXJpYWwu\n" +
                  " c2VyaWFsMi4=";
--- a/security/manager/ssl/tests/unit/test_keysize_ev.js
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@ -135,8 +135,8 @@ function run_test() {
  let smallKeyEVRoot =
    constructCertFromFile("test_keysize_ev/ev_root_rsa_2040.pem");
  equal(smallKeyEVRoot.sha256Fingerprint,
-        "28:79:B9:6C:08:71:6C:7D:CE:38:8C:AB:7E:EB:08:A6:" +
-        "F7:2C:CE:E4:47:F5:72:A1:EB:16:9B:C3:49:49:72:5D",
+        "49:46:10:F4:F5:B1:96:E7:FB:FA:4D:A6:34:03:D0:99:" +
+        "22:D4:77:20:3F:84:E0:DF:1C:AD:B4:C2:76:BB:63:24",
        "test sanity check: the small-key EV root must have the same " +
        "fingerprint as the corresponding entry in ExtendedValidation.cpp");