| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> | 5 #include <cert.h> |
| 6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/crypto/scoped_nss_types.h" | 10 #include "base/crypto/scoped_nss_types.h" |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 190 // Import it. | 190 // Import it. |
| 191 CertDatabase::ImportCertFailureList failed; | 191 CertDatabase::ImportCertFailureList failed; |
| 192 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, | 192 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, |
| 193 &failed)); | 193 &failed)); |
| 194 | 194 |
| 195 EXPECT_EQ(0U, failed.size()); | 195 EXPECT_EQ(0U, failed.size()); |
| 196 | 196 |
| 197 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 197 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 198 ASSERT_EQ(1U, cert_list.size()); | 198 ASSERT_EQ(1U, cert_list.size()); |
| 199 scoped_refptr<X509Certificate> cert(cert_list[0]); | 199 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 200 EXPECT_EQ("Test CA", cert->subject().common_name); | 200 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
| 201 | 201 |
| 202 EXPECT_EQ(CertDatabase::TRUSTED_SSL, | 202 EXPECT_EQ(CertDatabase::TRUSTED_SSL, |
| 203 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 203 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
| 204 | 204 |
| 205 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 205 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
| 206 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 206 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
| 207 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 207 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
| 208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
| 209 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 209 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| 210 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 210 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 222 // Import it. | 222 // Import it. |
| 223 CertDatabase::ImportCertFailureList failed; | 223 CertDatabase::ImportCertFailureList failed; |
| 224 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, | 224 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, |
| 225 &failed)); | 225 &failed)); |
| 226 | 226 |
| 227 EXPECT_EQ(0U, failed.size()); | 227 EXPECT_EQ(0U, failed.size()); |
| 228 | 228 |
| 229 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 229 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 230 ASSERT_EQ(1U, cert_list.size()); | 230 ASSERT_EQ(1U, cert_list.size()); |
| 231 scoped_refptr<X509Certificate> cert(cert_list[0]); | 231 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 232 EXPECT_EQ("Test CA", cert->subject().common_name); | 232 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
| 233 | 233 |
| 234 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, | 234 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, |
| 235 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 235 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
| 236 | 236 |
| 237 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 237 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
| 238 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 238 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
| 239 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 239 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
| 240 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 240 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
| 241 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 241 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| 242 } | 242 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 253 // Import it. | 253 // Import it. |
| 254 CertDatabase::ImportCertFailureList failed; | 254 CertDatabase::ImportCertFailureList failed; |
| 255 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, | 255 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, |
| 256 &failed)); | 256 &failed)); |
| 257 | 257 |
| 258 EXPECT_EQ(0U, failed.size()); | 258 EXPECT_EQ(0U, failed.size()); |
| 259 | 259 |
| 260 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 260 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 261 ASSERT_EQ(1U, cert_list.size()); | 261 ASSERT_EQ(1U, cert_list.size()); |
| 262 scoped_refptr<X509Certificate> cert(cert_list[0]); | 262 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 263 EXPECT_EQ("Test CA", cert->subject().common_name); | 263 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
| 264 | 264 |
| 265 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, | 265 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, |
| 266 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 266 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
| 267 | 267 |
| 268 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 268 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
| 269 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 269 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
| 270 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 270 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
| 271 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 271 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
| 272 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 272 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| 273 } | 273 } |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 ASSERT_EQ(2U, failed.size()); | 418 ASSERT_EQ(2U, failed.size()); |
| 419 // TODO(mattm): should check for net error equivalent of | 419 // TODO(mattm): should check for net error equivalent of |
| 420 // SEC_ERROR_UNKNOWN_ISSUER | 420 // SEC_ERROR_UNKNOWN_ISSUER |
| 421 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); | 421 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); |
| 422 EXPECT_EQ(ERR_FAILED, failed[0].net_error); | 422 EXPECT_EQ(ERR_FAILED, failed[0].net_error); |
| 423 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); | 423 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); |
| 424 EXPECT_EQ(ERR_FAILED, failed[1].net_error); | 424 EXPECT_EQ(ERR_FAILED, failed[1].net_error); |
| 425 | 425 |
| 426 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 426 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 427 ASSERT_EQ(1U, cert_list.size()); | 427 ASSERT_EQ(1U, cert_list.size()); |
| 428 EXPECT_EQ("Test CA", cert_list[0]->subject().common_name); | 428 EXPECT_EQ("Test Root CA", cert_list[0]->subject().common_name); |
| 429 } | 429 } |
| 430 | 430 |
| 431 TEST_F(CertDatabaseNSSTest, ImportServerCert) { | 431 TEST_F(CertDatabaseNSSTest, ImportServerCert) { |
| 432 // Need to import intermediate cert for the verify of google cert, otherwise | 432 // Need to import intermediate cert for the verify of google cert, otherwise |
| 433 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which | 433 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which |
| 434 // will cause OCSPCreateSession on the main thread, which is not allowed. | 434 // will cause OCSPCreateSession on the main thread, which is not allowed. |
| 435 std::string cert_data = ReadTestFile("google.chain.pem"); | 435 std::string cert_data = ReadTestFile("google.chain.pem"); |
| 436 CertificateList certs = | 436 CertificateList certs = |
| 437 X509Certificate::CreateCertificateListFromBytes( | 437 X509Certificate::CreateCertificateListFromBytes( |
| 438 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 438 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 492 puny_cert.get(), CA_CERT, | 492 puny_cert.get(), CA_CERT, |
| 493 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 493 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
| 494 | 494 |
| 495 verify_result.Reset(); | 495 verify_result.Reset(); |
| 496 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); | 496 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); |
| 497 EXPECT_EQ(OK, error); | 497 EXPECT_EQ(OK, error); |
| 498 EXPECT_EQ(0, verify_result.cert_status); | 498 EXPECT_EQ(0, verify_result.cert_status); |
| 499 } | 499 } |
| 500 | 500 |
| 501 } // namespace net | 501 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4646001:
Implement LoadTemporaryRoot for Windows (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/net/base