Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(338)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_test_util.cc

Issue 11249: Fix several cert problems on Linux (take 2) (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 12 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« base/nss_init.cc ('K') | « net/base/ssl_test_util.h ('k') | net/build/net_unittests.vcproj » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6 #include <algorithm>
7
8 #include "build/build_config.h"
9
10 #if defined(OS_WIN)
11 #include <windows.h>
12 #include <wincrypt.h>
13 #elif defined(OS_LINUX)
14
15 #include <nspr.h>
16 #include <nss.h>
17 #include <secerr.h>
18 // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424
19 // until NSS 3.12.2 comes out and we update to it.
20 #define Lock FOO_NSS_Lock
21 #include <ssl.h>
22 #include <sslerr.h>
23 #include <pk11pub.h>
24 #undef Lock
25 #include "base/nss_init.h"
26 #endif
27
28 #include "base/file_util.h"
29 #include "base/logging.h"
30 #include "base/path_service.h"
31
32 #include "net/base/ssl_test_util.h"
33
34 // static
35 const wchar_t SSLTestUtil::kDocRoot[] = L"chrome/test/data";
36 const char SSLTestUtil::kHostName[] = "127.0.0.1";
37 const int SSLTestUtil::kOKHTTPSPort = 9443;
38
39 // The issuer name of the cert that should be trusted for the test to work.
40 const wchar_t SSLTestUtil::kCertIssuerName[] = L"Test CA";
41
42 #if defined(OS_LINUX)
43 static CERTCertificate* LoadTemporaryCert(const FilePath& filename) {
44 base::EnsureNSSInit();
45
46 std::string rawcert;
47 if (!file_util::ReadFileToString(filename.ToWStringHack(), &rawcert)) {
48 LOG(ERROR) << "Can't load certificate " << filename.ToWStringHack();
49 return NULL;
50 }
51
52 CERTCertificate *cert;
53 cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
54 rawcert.length());
55 if (!cert) {
56 LOG(ERROR) << "Can't convert certificate " << filename.ToWStringHack();
57 return NULL;
58 }
59
60 // TODO(port): remove this const_cast after NSS 3.12.3 is released
61 CERTCertTrust trust;
62 int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
63 if (rv != SECSuccess) {
64 LOG(ERROR) << "Can't decode trust string";
65 CERT_DestroyCertificate(cert);
66 return NULL;
67 }
68
69 rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
70 if (rv != SECSuccess) {
71 LOG(ERROR) << "Can't change trust for certificate " << filename.ToWStringHac k();
72 CERT_DestroyCertificate(cert);
73 return NULL;
74 }
75
76 LOG(INFO) << "Loaded temporary certificate " << filename.ToWStringHack();
77 return cert;
78 }
79 #endif
80
81 SSLTestUtil::SSLTestUtil() {
82 PathService::Get(base::DIR_SOURCE_ROOT, &cert_dir_);
83 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("chrome"));
84 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("test"));
85 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("data"));
86 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("ssl"));
87 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("certificates"));
88
89 #if defined(OS_LINUX)
90 cert_ = reinterpret_cast<PrivateCERTCertificate*>(
91 LoadTemporaryCert(GetRootCertPath()));
92 if (!cert_)
93 NOTREACHED();
94 #endif
95 }
96
97 SSLTestUtil::~SSLTestUtil() {
98 #if defined(OS_LINUX)
99 if (cert_)
100 CERT_DestroyCertificate(reinterpret_cast<CERTCertificate*>(cert_));
101 #endif
102 }
103
104 FilePath SSLTestUtil::GetRootCertPath() {
105 FilePath path(cert_dir_);
106 path = path.Append(FILE_PATH_LITERAL("root_ca_cert.crt"));
107 return path;
108 }
109
110 FilePath SSLTestUtil::GetOKCertPath() {
111 FilePath path(cert_dir_);
112 path = path.Append(FILE_PATH_LITERAL("ok_cert.pem"));
113 return path;
114 }
115
116 bool SSLTestUtil::CheckCATrusted() {
117 // TODO(port): Port either this or LoadTemporaryCert to MacOSX.
118 #if defined(OS_WIN)
119 HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT");
120 if (!cert_store) {
121 LOG(ERROR) << " could not open trusted root CA store";
122 return false;
123 }
124 PCCERT_CONTEXT cert =
125 CertFindCertificateInStore(cert_store,
126 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
127 0,
128 CERT_FIND_ISSUER_STR,
129 kCertIssuerName,
130 NULL);
131 if (cert)
132 CertFreeCertificateContext(cert);
133 CertCloseStore(cert_store, 0);
134
135 if (!cert) {
136 LOG(ERROR) << " TEST CONFIGURATION ERROR: you need to import the test ca "
137 "certificate to your trusted roots for this test to work. For more "
138 "info visit:\n"
139 "http://dev.chromium.org/developers/testing\n";
140 return false;
141 }
142 #endif
143 return true;
144 }
OLDNEW
« base/nss_init.cc ('K') | « net/base/ssl_test_util.h ('k') | net/build/net_unittests.vcproj » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698