OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cert.h> | 5 #include <cert.h> |
6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
7 | 7 |
8 #include <algorithm> | 8 #include <algorithm> |
9 | 9 |
10 #include "base/crypto/scoped_nss_types.h" | 10 #include "base/crypto/scoped_nss_types.h" |
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
190 // Import it. | 190 // Import it. |
191 CertDatabase::ImportCertFailureList failed; | 191 CertDatabase::ImportCertFailureList failed; |
192 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, | 192 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, |
193 &failed)); | 193 &failed)); |
194 | 194 |
195 EXPECT_EQ(0U, failed.size()); | 195 EXPECT_EQ(0U, failed.size()); |
196 | 196 |
197 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 197 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
198 ASSERT_EQ(1U, cert_list.size()); | 198 ASSERT_EQ(1U, cert_list.size()); |
199 scoped_refptr<X509Certificate> cert(cert_list[0]); | 199 scoped_refptr<X509Certificate> cert(cert_list[0]); |
200 EXPECT_EQ("Test CA", cert->subject().common_name); | 200 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
201 | 201 |
202 EXPECT_EQ(CertDatabase::TRUSTED_SSL, | 202 EXPECT_EQ(CertDatabase::TRUSTED_SSL, |
203 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 203 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
204 | 204 |
205 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 205 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
206 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 206 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
207 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 207 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
209 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 209 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
210 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 210 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
(...skipping 11 matching lines...) Expand all Loading... |
222 // Import it. | 222 // Import it. |
223 CertDatabase::ImportCertFailureList failed; | 223 CertDatabase::ImportCertFailureList failed; |
224 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, | 224 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, |
225 &failed)); | 225 &failed)); |
226 | 226 |
227 EXPECT_EQ(0U, failed.size()); | 227 EXPECT_EQ(0U, failed.size()); |
228 | 228 |
229 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 229 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
230 ASSERT_EQ(1U, cert_list.size()); | 230 ASSERT_EQ(1U, cert_list.size()); |
231 scoped_refptr<X509Certificate> cert(cert_list[0]); | 231 scoped_refptr<X509Certificate> cert(cert_list[0]); |
232 EXPECT_EQ("Test CA", cert->subject().common_name); | 232 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
233 | 233 |
234 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, | 234 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, |
235 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 235 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
236 | 236 |
237 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 237 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
238 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 238 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
239 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 239 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
240 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 240 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
241 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 241 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
242 } | 242 } |
(...skipping 10 matching lines...) Expand all Loading... |
253 // Import it. | 253 // Import it. |
254 CertDatabase::ImportCertFailureList failed; | 254 CertDatabase::ImportCertFailureList failed; |
255 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, | 255 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, |
256 &failed)); | 256 &failed)); |
257 | 257 |
258 EXPECT_EQ(0U, failed.size()); | 258 EXPECT_EQ(0U, failed.size()); |
259 | 259 |
260 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 260 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
261 ASSERT_EQ(1U, cert_list.size()); | 261 ASSERT_EQ(1U, cert_list.size()); |
262 scoped_refptr<X509Certificate> cert(cert_list[0]); | 262 scoped_refptr<X509Certificate> cert(cert_list[0]); |
263 EXPECT_EQ("Test CA", cert->subject().common_name); | 263 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
264 | 264 |
265 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, | 265 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, |
266 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 266 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
267 | 267 |
268 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 268 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
269 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 269 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
270 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 270 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
271 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 271 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
272 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 272 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
273 } | 273 } |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
418 ASSERT_EQ(2U, failed.size()); | 418 ASSERT_EQ(2U, failed.size()); |
419 // TODO(mattm): should check for net error equivalent of | 419 // TODO(mattm): should check for net error equivalent of |
420 // SEC_ERROR_UNKNOWN_ISSUER | 420 // SEC_ERROR_UNKNOWN_ISSUER |
421 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); | 421 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); |
422 EXPECT_EQ(ERR_FAILED, failed[0].net_error); | 422 EXPECT_EQ(ERR_FAILED, failed[0].net_error); |
423 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); | 423 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); |
424 EXPECT_EQ(ERR_FAILED, failed[1].net_error); | 424 EXPECT_EQ(ERR_FAILED, failed[1].net_error); |
425 | 425 |
426 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 426 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
427 ASSERT_EQ(1U, cert_list.size()); | 427 ASSERT_EQ(1U, cert_list.size()); |
428 EXPECT_EQ("Test CA", cert_list[0]->subject().common_name); | 428 EXPECT_EQ("Test Root CA", cert_list[0]->subject().common_name); |
429 } | 429 } |
430 | 430 |
431 TEST_F(CertDatabaseNSSTest, ImportServerCert) { | 431 TEST_F(CertDatabaseNSSTest, ImportServerCert) { |
432 // Need to import intermediate cert for the verify of google cert, otherwise | 432 // Need to import intermediate cert for the verify of google cert, otherwise |
433 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which | 433 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which |
434 // will cause OCSPCreateSession on the main thread, which is not allowed. | 434 // will cause OCSPCreateSession on the main thread, which is not allowed. |
435 std::string cert_data = ReadTestFile("google.chain.pem"); | 435 std::string cert_data = ReadTestFile("google.chain.pem"); |
436 CertificateList certs = | 436 CertificateList certs = |
437 X509Certificate::CreateCertificateListFromBytes( | 437 X509Certificate::CreateCertificateListFromBytes( |
438 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 438 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
492 puny_cert.get(), CA_CERT, | 492 puny_cert.get(), CA_CERT, |
493 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 493 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
494 | 494 |
495 verify_result.Reset(); | 495 verify_result.Reset(); |
496 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); | 496 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); |
497 EXPECT_EQ(OK, error); | 497 EXPECT_EQ(OK, error); |
498 EXPECT_EQ(0, verify_result.cert_status); | 498 EXPECT_EQ(0, verify_result.cert_status); |
499 } | 499 } |
500 | 500 |
501 } // namespace net | 501 } // namespace net |
OLD | NEW |