Bug 841135: Remove the marketplace test root cert, r=honzab
authorBrian Smith <bsmith@mozilla.com>
Mon, 18 Mar 2013 19:50:18 -0700
changeset 125363 34ca09eff02dbb9a4587c2ee8c2f4a70974e7cfd
parent 125362 dd27b00a412c2b48445083ea86c25bdf6173cbad
child 125364 cdc2b811d0e268e7d7b19e581e8d6f12d305aee5
push id24892
push userbsmith@mozilla.com
push dateTue, 19 Mar 2013 03:56:15 +0000
treeherdermozilla-inbound@34ca09eff02d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershonzab
bugs841135
milestone22.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 841135: Remove the marketplace test root cert, r=honzab
security/build/b2g-certdata.txt
security/build/test-b2g-app-root-cert.der
security/manager/ssl/tests/unit/test_signed_apps-marketplace.js
--- a/security/build/b2g-certdata.txt
+++ b/security/build/b2g-certdata.txt
@@ -1,158 +1,8 @@
-
-#
-# Certificate "test-b2g-app-root-cert"
-#
-# Issuer: C=US,ST=CA,L=Mountain View,O=MarketplaceTest Corporation,OU=MarketplaceTest CA,CN=MarketplaceTest Root CA 1
-# Serial Number: 1 (0x1)
-# Subject: C=US,ST=CA,L=Mountain View,O=MarketplaceTest Corporation,OU=MarketplaceTest CA,CN=MarketplaceTest Root CA 1
-# Not Valid Before: Thu Dec 13 20:14:18 2012
-# Not Valid After : Sun Dec 11 20:14:18 2022
-# Fingerprint (MD5): 16:FA:62:5A:EB:A6:E0:35:72:EB:95:B0:7D:58:EE:79
-# Fingerprint (SHA1): 36:C7:33:40:5E:5C:53:8E:BD:31:B9:0F:4A:6C:30:86:64:F2:D2:E1
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "test-b2g-app-root-cert"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\231\061\042\060\040\006\003\125\004\003\023\031\115\141
-\162\153\145\164\160\154\141\143\145\124\145\163\164\040\122\157
-\157\164\040\103\101\040\061\061\033\060\031\006\003\125\004\013
-\023\022\115\141\162\153\145\164\160\154\141\143\145\124\145\163
-\164\040\103\101\061\044\060\042\006\003\125\004\012\023\033\115
-\141\162\153\145\164\160\154\141\143\145\124\145\163\164\040\103
-\157\162\160\157\162\141\164\151\157\156\061\026\060\024\006\003
-\125\004\007\023\015\115\157\165\156\164\141\151\156\040\126\151
-\145\167\061\013\060\011\006\003\125\004\010\023\002\103\101\061
-\013\060\011\006\003\125\004\006\023\002\125\123
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\231\061\042\060\040\006\003\125\004\003\023\031\115\141
-\162\153\145\164\160\154\141\143\145\124\145\163\164\040\122\157
-\157\164\040\103\101\040\061\061\033\060\031\006\003\125\004\013
-\023\022\115\141\162\153\145\164\160\154\141\143\145\124\145\163
-\164\040\103\101\061\044\060\042\006\003\125\004\012\023\033\115
-\141\162\153\145\164\160\154\141\143\145\124\145\163\164\040\103
-\157\162\160\157\162\141\164\151\157\156\061\026\060\024\006\003
-\125\004\007\023\015\115\157\165\156\164\141\151\156\040\126\151
-\145\167\061\013\060\011\006\003\125\004\010\023\002\103\101\061
-\013\060\011\006\003\125\004\006\023\002\125\123
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\352\060\202\002\322\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\231\061\042\060\040\006\003\125\004\003\023\031\115\141\162
-\153\145\164\160\154\141\143\145\124\145\163\164\040\122\157\157
-\164\040\103\101\040\061\061\033\060\031\006\003\125\004\013\023
-\022\115\141\162\153\145\164\160\154\141\143\145\124\145\163\164
-\040\103\101\061\044\060\042\006\003\125\004\012\023\033\115\141
-\162\153\145\164\160\154\141\143\145\124\145\163\164\040\103\157
-\162\160\157\162\141\164\151\157\156\061\026\060\024\006\003\125
-\004\007\023\015\115\157\165\156\164\141\151\156\040\126\151\145
-\167\061\013\060\011\006\003\125\004\010\023\002\103\101\061\013
-\060\011\006\003\125\004\006\023\002\125\123\060\036\027\015\061
-\062\061\062\061\063\062\060\061\064\061\070\132\027\015\062\062
-\061\062\061\061\062\060\061\064\061\070\132\060\201\231\061\042
-\060\040\006\003\125\004\003\023\031\115\141\162\153\145\164\160
-\154\141\143\145\124\145\163\164\040\122\157\157\164\040\103\101
-\040\061\061\033\060\031\006\003\125\004\013\023\022\115\141\162
-\153\145\164\160\154\141\143\145\124\145\163\164\040\103\101\061
-\044\060\042\006\003\125\004\012\023\033\115\141\162\153\145\164
-\160\154\141\143\145\124\145\163\164\040\103\157\162\160\157\162
-\141\164\151\157\156\061\026\060\024\006\003\125\004\007\023\015
-\115\157\165\156\164\141\151\156\040\126\151\145\167\061\013\060
-\011\006\003\125\004\010\023\002\103\101\061\013\060\011\006\003
-\125\004\006\023\002\125\123\060\202\001\042\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060
-\202\001\012\002\202\001\001\000\274\203\257\274\062\142\054\152
-\063\120\342\237\046\350\213\024\052\144\011\127\322\132\151\033
-\346\154\213\124\062\111\265\217\032\077\207\305\147\365\256\372
-\041\212\170\064\145\372\245\010\226\224\355\200\170\341\172\213
-\237\240\324\261\263\230\040\044\173\201\146\126\062\335\124\334
-\170\013\101\150\057\225\047\154\254\127\047\100\154\121\262\216
-\071\346\055\363\125\263\222\321\127\003\334\347\102\352\053\317
-\176\366\343\114\355\001\241\321\374\152\344\144\075\244\324\317
-\200\064\321\034\000\167\036\251\316\330\317\073\370\262\170\157
-\217\106\067\300\200\100\022\053\265\076\373\104\163\107\313\215
-\223\262\325\024\120\050\111\352\201\174\315\051\222\320\367\224
-\363\233\217\301\324\353\050\077\314\217\262\327\163\142\345\065
-\100\063\144\000\107\213\240\220\203\037\257\054\245\040\213\225
-\313\321\156\174\342\236\332\300\301\016\377\355\233\216\207\066
-\023\256\062\275\250\035\250\143\365\041\271\025\277\156\273\330
-\330\151\257\105\122\272\220\234\015\216\375\335\302\354\042\132
-\076\204\122\004\222\141\022\367\002\003\001\000\001\243\073\060
-\071\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
-\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002
-\002\004\060\026\006\003\125\035\045\001\001\377\004\014\060\012
-\006\010\053\006\001\005\005\007\003\003\060\015\006\011\052\206
-\110\206\367\015\001\001\005\005\000\003\202\001\001\000\164\037
-\012\101\256\130\023\311\005\143\361\352\336\021\173\017\251\137
-\304\134\323\311\031\260\214\364\346\161\364\162\363\236\106\347
-\146\301\371\352\373\167\174\323\065\106\141\306\131\200\024\152
-\116\114\267\040\036\047\244\007\066\205\022\250\172\177\250\103
-\120\325\214\013\131\342\052\117\364\057\344\071\371\003\337\204
-\207\065\032\261\206\245\323\050\222\061\063\026\035\217\124\360
-\054\234\045\357\356\107\011\165\071\253\327\040\174\341\353\137
-\206\352\044\315\373\173\322\121\041\112\215\305\205\003\300\012
-\102\326\257\322\351\232\243\370\053\304\063\173\203\173\174\255
-\376\251\161\362\233\261\361\343\327\005\357\011\161\060\332\107
-\004\222\324\267\334\341\155\226\104\104\173\050\333\262\305\021
-\327\053\146\213\335\204\312\275\177\344\045\236\147\176\367\301
-\004\061\107\346\220\347\054\156\333\071\210\010\275\336\133\160
-\051\173\225\027\307\260\103\371\354\322\075\232\242\335\372\041
-\375\250\267\052\203\015\226\151\315\100\257\353\235\351\214\165
-\306\351\144\072\025\076\343\163\320\131\344\331\332\203
-END
-
-# Trust for "test-b2g-app-root-cert"
-# Issuer: C=US,ST=CA,L=Mountain View,O=MarketplaceTest Corporation,OU=MarketplaceTest CA,CN=MarketplaceTest Root CA 1
-# Serial Number: 1 (0x1)
-# Subject: C=US,ST=CA,L=Mountain View,O=MarketplaceTest Corporation,OU=MarketplaceTest CA,CN=MarketplaceTest Root CA 1
-# Not Valid Before: Thu Dec 13 20:14:18 2012
-# Not Valid After : Sun Dec 11 20:14:18 2022
-# Fingerprint (MD5): 16:FA:62:5A:EB:A6:E0:35:72:EB:95:B0:7D:58:EE:79
-# Fingerprint (SHA1): 36:C7:33:40:5E:5C:53:8E:BD:31:B9:0F:4A:6C:30:86:64:F2:D2:E1
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "test-b2g-app-root-cert"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\066\307\063\100\136\134\123\216\275\061\271\017\112\154\060\206
-\144\362\322\341
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\026\372\142\132\353\246\340\065\162\353\225\260\175\130\356\171
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\231\061\042\060\040\006\003\125\004\003\023\031\115\141
-\162\153\145\164\160\154\141\143\145\124\145\163\164\040\122\157
-\157\164\040\103\101\040\061\061\033\060\031\006\003\125\004\013
-\023\022\115\141\162\153\145\164\160\154\141\143\145\124\145\163
-\164\040\103\101\061\044\060\042\006\003\125\004\012\023\033\115
-\141\162\153\145\164\160\154\141\143\145\124\145\163\164\040\103
-\157\162\160\157\162\141\164\151\157\156\061\026\060\024\006\003
-\125\004\007\023\015\115\157\165\156\164\141\151\156\040\126\151
-\145\167\061\013\060\011\006\003\125\004\010\023\002\103\101\061
-\013\060\011\006\003\125\004\006\023\002\125\123
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "b2g-app-root-cert"
 #
 # Issuer: CN=root-ca-production-marketplace,OU=Mozilla Marketplace Production Signing Service,O=Mozilla Corporation,C=US
 # Serial Number: 1 (0x1)
 # Subject: CN=root-ca-production-marketplace,OU=Mozilla Marketplace Production Signing Service,O=Mozilla Corporation,C=US
 # Not Valid Before: Wed Feb 27 00:14:56 2013
deleted file mode 100644
index 9a7247c7e056a73801e09598dbdef0661d1c996b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
Hc$@<O00001
--- a/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js
+++ b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js
@@ -11,52 +11,56 @@ Cu.import("resource://gre/modules/Servic
 
 do_get_profile(); // must be called before getting nsIX509CertDB
 const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
 
 function run_test() {
   run_next_test();
 }
 
+// XXX: NSS has many possible error codes for this, e.g.
+// SEC_ERROR_UNTRUSTED_ISSUER and others are also reasonable. Future
+// versions of NSS may return one of these alternate errors; in that case
+// we need to update this test.
+//
+// XXX (bug 812089): Cr.NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER is undefined.
+//
+// XXX: Cannot use operator| instead of operator+ to combine bits because
+// bit 31 trigger's JavaScript's crazy interpretation of the numbers as
+// two's complement negative integers.
+const NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER = 0x80000000 /*unsigned (1 << 31)*/
+				        + (    (0x45 + 21) << 16)
+				        + (-(-0x2000 + 13)      );
+
 function check_open_result(name, expectedRv) {
   if (expectedRv == Cr.NS_OK && !isB2G) {
     // We do not trust the marketplace trust anchor on non-B2G builds
-
-    // XXX: NSS has many possible error codes for this, e.g.
-    // SEC_ERROR_UNTRUSTED_ISSUER and others are also reasonable. Future
-    // versions of NSS may return one of these alternate errors; in that case
-    // we need to update this test.
-    //
-    // XXX (bug 812089): Cr.NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER is undefined.
-    //
-    // XXX: Cannot use operator| instead of operator+ to combine bits because
-    // bit 31 trigger's JavaScript's crazy interpretation of the numbers as
-    // two's complement negative integers.
-    const NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER = 0x80000000 /*unsigned (1 << 31)*/
-                                            + (    (0x45 + 21) << 16)
-                                            + (-(-0x2000 + 13)      );
     expectedRv = NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER;
   }
 
   return function openSignedJARFileCallback(rv, aZipReader, aSignerCert) {
     do_print("openSignedJARFileCallback called for " + name);
     do_check_eq(rv, expectedRv);
     do_check_eq(aZipReader != null,  Components.isSuccessCode(expectedRv));
     do_check_eq(aSignerCert != null, Components.isSuccessCode(expectedRv));
     run_next_test();
   };
 }
 
 function original_app_path(test_name) {
   return do_get_file("test_signed_apps/" + test_name + ".zip", false);
 }
 
+// Test that we no longer trust the test root cert that was originally used
+// during development of B2G 1.0.
 add_test(function () {
   certdb.openSignedJARFileAsync(
     original_app_path("test-privileged-app-test-1.0"),
-    check_open_result("test-privileged-app-test-1.0", Cr.NS_OK));
+    check_open_result("test-privileged-app-test-1.0",
+                      NS_ERROR_SEC_ERROR_UNKNOWN_ISSUER));
 });
 
+// Test that we trust the root cert used by by the Firefox Marketplace.
 add_test(function () {
   certdb.openSignedJARFileAsync(
     original_app_path("privileged-app-test-1.0"),
     check_open_result("privileged-app-test-1.0", Cr.NS_OK));
 });