Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(27)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_test_util.cc

Issue 12930: Third time's a charm?... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 12 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_test_util.h ('k') | net/build/net.vcproj » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <string>
6 #include <algorithm>
7
8 #include "build/build_config.h"
9
10 #if defined(OS_WIN)
11 #include <windows.h>
12 #include <wincrypt.h>
13 #elif defined(OS_LINUX)
14 #include <nspr.h>
15 #include <nss.h>
16 #include <secerr.h>
17 // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424
18 // until NSS 3.12.2 comes out and we update to it.
19 #define Lock FOO_NSS_Lock
20 #include <ssl.h>
21 #include <sslerr.h>
22 #include <pk11pub.h>
23 #undef Lock
24 #include "base/nss_init.h"
25 #endif
26
27 #include "base/file_util.h"
28 #include "base/logging.h"
29 #include "base/path_service.h"
30
31 #include "net/base/ssl_test_util.h"
32
33 // static
34 const char SSLTestUtil::kHostName[] = "127.0.0.1";
35 const int SSLTestUtil::kOKHTTPSPort = 9443;
36 const int SSLTestUtil::kBadHTTPSPort = 9666;
37
38 // The issuer name of the cert that should be trusted for the test to work.
39 const wchar_t SSLTestUtil::kCertIssuerName[] = L"Test CA";
40
41 #if defined(OS_LINUX)
42 static CERTCertificate* LoadTemporaryCert(const FilePath& filename) {
43 base::EnsureNSSInit();
44
45 std::string rawcert;
46 if (!file_util::ReadFileToString(filename.ToWStringHack(), &rawcert)) {
47 LOG(ERROR) << "Can't load certificate " << filename.ToWStringHack();
48 return NULL;
49 }
50
51 CERTCertificate *cert;
52 cert = CERT_DecodeCertFromPackage(const_cast<char *>(rawcert.c_str()),
53 rawcert.length());
54 if (!cert) {
55 LOG(ERROR) << "Can't convert certificate " << filename.ToWStringHack();
56 return NULL;
57 }
58
59 // TODO(port): remove this const_cast after NSS 3.12.3 is released
60 CERTCertTrust trust;
61 int rv = CERT_DecodeTrustString(&trust, const_cast<char *>("TCu,Cu,Tu"));
62 if (rv != SECSuccess) {
63 LOG(ERROR) << "Can't decode trust string";
64 CERT_DestroyCertificate(cert);
65 return NULL;
66 }
67
68 rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust);
69 if (rv != SECSuccess) {
70 LOG(ERROR) << "Can't change trust for certificate "
71 << filename.ToWStringHack();
72 CERT_DestroyCertificate(cert);
73 return NULL;
74 }
75
76 LOG(INFO) << "Loaded temporary certificate " << filename.ToWStringHack();
77 return cert;
78 }
79 #endif
80
81 SSLTestUtil::SSLTestUtil() {
82 PathService::Get(base::DIR_SOURCE_ROOT, &cert_dir_);
83 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("net"));
84 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("data"));
85 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("ssl"));
86 cert_dir_ = cert_dir_.Append(FILE_PATH_LITERAL("certificates"));
87
88 #if defined(OS_LINUX)
89 cert_ = reinterpret_cast<PrivateCERTCertificate*>(
90 LoadTemporaryCert(GetRootCertPath()));
91 DCHECK(cert_);
92 #endif
93 }
94
95 SSLTestUtil::~SSLTestUtil() {
96 #if defined(OS_LINUX)
97 if (cert_)
98 CERT_DestroyCertificate(reinterpret_cast<CERTCertificate*>(cert_));
99 #endif
100 }
101
102 FilePath SSLTestUtil::GetRootCertPath() {
103 FilePath path(cert_dir_);
104 path = path.Append(FILE_PATH_LITERAL("root_ca_cert.crt"));
105 return path;
106 }
107
108 FilePath SSLTestUtil::GetOKCertPath() {
109 FilePath path(cert_dir_);
110 path = path.Append(FILE_PATH_LITERAL("ok_cert.pem"));
111 return path;
112 }
113
114 FilePath SSLTestUtil::GetExpiredCertPath() {
115 FilePath path(cert_dir_);
116 path = path.Append(FILE_PATH_LITERAL("expired_cert.pem"));
117 return path;
118 }
119
120 bool SSLTestUtil::CheckCATrusted() {
121 // TODO(port): Port either this or LoadTemporaryCert to MacOSX.
122 #if defined(OS_WIN)
123 HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT");
124 if (!cert_store) {
125 LOG(ERROR) << " could not open trusted root CA store";
126 return false;
127 }
128 PCCERT_CONTEXT cert =
129 CertFindCertificateInStore(cert_store,
130 X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
131 0,
132 CERT_FIND_ISSUER_STR,
133 kCertIssuerName,
134 NULL);
135 if (cert)
136 CertFreeCertificateContext(cert);
137 CertCloseStore(cert_store, 0);
138
139 if (!cert) {
140 LOG(ERROR) << " TEST CONFIGURATION ERROR: you need to import the test ca "
141 "certificate to your trusted roots for this test to work. "
142 "For more info visit:\n"
143 "http://dev.chromium.org/developers/testing\n";
144 return false;
145 }
146 #endif
147 return true;
148 }
OLDNEW
« no previous file with comments | « net/base/ssl_test_util.h ('k') | net/build/net.vcproj » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698