Commit 1ec8ea93 authored Mar 15, 2024 by Rob Wu

Bug 1885349 - Replace addons-stage.crt with cas-cur r=jschanck a=RyanVM

addons-stage.crt is the DER-encoded version of the
cas-cur-root-2024-03-12.crt file from bug 1882192, generated with:

openssl x509 -inform PEM -in /tmp/cas-cur-root-2024-03-12.crt -outform DER -out security/manager/ssl/addons-stage.crt

The four zip files are from bug 1885457, and are the same file, but
signed with the new certificate.

Differential Revision: https://phabricator.services.mozilla.com/D204706

parent 84bc32c3

security/manager/ssl/addons-stage.crt

−289 B (1.57 KiB)

File changed.

No diff preview for this file type.

View original file

View changed file

security/manager/ssl/tests/unit/test_signed_apps.js

+14 −5

Original line number	Diff line number	Diff line
		@@ -642,25 +642,32 @@ var cosePolicies = [
		COSERequiredAndPKCS7WithSHA1OrSHA256,
		];

		// PS256 is not yet supported.
		// NOTE: The zip files referenced in coseTestcasesStage and coseTestcasesProd
		// were originally generated with
		// https://github.com/mozilla-services/autograph/blob/c890e14de5b04dcff9be0d07fdea4ae6bbb58557/tools/autograph-client/build_test_xpis.sh
		// Since then, the mechanism to sign these packages have changed, see
		// https://bugzilla.mozilla.org/show_bug.cgi?id=1885457 for details.

		var coseTestcasesStage = [
		{
		name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384",
		name: "addons-stage-tomato-clock-sha1-es256-es384",
		expectedResult: Cr.NS_OK,
		root: Ci.nsIX509CertDB.AddonsStageRoot,
		},
		{
		name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-PS256",
		name: "addons-stage-tomato-clock-sha1-es256-ps256",
		// PS256 is not yet supported.
		expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
		root: Ci.nsIX509CertDB.AddonsStageRoot,
		},
		{
		name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256",
		name: "addons-stage-tomato-clock-sha1-es256",
		expectedResult: Cr.NS_OK,
		root: Ci.nsIX509CertDB.AddonsStageRoot,
		},
		{
		name: "autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256",
		name: "addons-stage-tomato-clock-sha1-ps256",
		// PS256 is not yet supported.
		expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
		root: Ci.nsIX509CertDB.AddonsStageRoot,
		},
		@@ -674,6 +681,7 @@ var coseTestcasesProd = [
		},
		{
		name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-ES256-PS256",
		// PS256 is not yet supported.
		expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
		root: Ci.nsIX509CertDB.AddonsPublicRoot,
		},
		@@ -684,6 +692,7 @@ var coseTestcasesProd = [
		},
		{
		name: "autograph-714ba248-prod-tomato-clock-PKCS7-SHA1-PS256",
		// PS256 is not yet supported.
		expectedResult: Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
		root: Ci.nsIX509CertDB.AddonsPublicRoot,
		},

security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256.zip→security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-es384.zip

−794 B (447 KiB)

File changed and moved.

No diff preview for this file type.

View original file

View changed file

security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-ES256-ES384.zip→security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256-ps256.zip

−725 B (448 KiB)

File changed and moved.

No diff preview for this file type.

View original file

View changed file

security/manager/ssl/tests/unit/test_signed_apps/autograph-714ba248-stage-tomato-clock-PKCS7-SHA1-PS256.zip→security/manager/ssl/tests/unit/test_signed_apps/addons-stage-tomato-clock-sha1-es256.zip

−2.39 KiB (446 KiB)

File changed and moved.

No diff preview for this file type.

View original file

View changed file