OLD | NEW |
---|---|
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cert.h> | 5 #include <cert.h> |
6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
7 | 7 |
8 #include <algorithm> | 8 #include <algorithm> |
9 | 9 |
10 #include "base/crypto/scoped_nss_types.h" | 10 #include "base/crypto/scoped_nss_types.h" |
11 #include "base/file_path.h" | 11 #include "base/file_path.h" |
12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
13 #include "base/nss_util.h" | 13 #include "base/nss_util.h" |
14 #include "base/nss_util_internal.h" | 14 #include "base/nss_util_internal.h" |
15 #include "base/path_service.h" | 15 #include "base/path_service.h" |
16 #include "base/scoped_temp_dir.h" | 16 #include "base/scoped_temp_dir.h" |
17 #include "base/singleton.h" | 17 #include "base/singleton.h" |
18 #include "base/string_util.h" | 18 #include "base/string_util.h" |
19 #include "base/utf_string_conversions.h" | 19 #include "base/utf_string_conversions.h" |
20 #include "net/base/cert_database.h" | 20 #include "net/base/cert_database.h" |
21 #include "net/base/cert_status_flags.h" | 21 #include "net/base/cert_status_flags.h" |
22 #include "net/base/cert_verify_result.h" | 22 #include "net/base/cert_verify_result.h" |
23 #include "net/base/net_errors.h" | 23 #include "net/base/net_errors.h" |
24 #include "net/base/pk11_slot.h" | |
24 #include "net/base/x509_certificate.h" | 25 #include "net/base/x509_certificate.h" |
25 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" | 26 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" |
26 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" | 27 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" |
27 #include "testing/gtest/include/gtest/gtest.h" | 28 #include "testing/gtest/include/gtest/gtest.h" |
28 | 29 |
29 namespace psm = mozilla_security_manager; | 30 namespace psm = mozilla_security_manager; |
30 | 31 |
31 namespace net { | 32 namespace net { |
32 | 33 |
33 namespace { | 34 namespace { |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
108 ScopedTempDir* temp_db_dir = Singleton< | 109 ScopedTempDir* temp_db_dir = Singleton< |
109 ScopedTempDir, | 110 ScopedTempDir, |
110 DefaultSingletonTraits<ScopedTempDir>, | 111 DefaultSingletonTraits<ScopedTempDir>, |
111 CertDatabaseNSSTest>::get(); | 112 CertDatabaseNSSTest>::get(); |
112 ASSERT_TRUE(temp_db_dir->CreateUniqueTempDir()); | 113 ASSERT_TRUE(temp_db_dir->CreateUniqueTempDir()); |
113 ASSERT_TRUE( | 114 ASSERT_TRUE( |
114 base::OpenTestNSSDB(temp_db_dir->path(), "CertDatabaseNSSTest db")); | 115 base::OpenTestNSSDB(temp_db_dir->path(), "CertDatabaseNSSTest db")); |
115 temp_db_initialized_ = true; | 116 temp_db_initialized_ = true; |
116 } | 117 } |
117 slot_.reset(base::GetDefaultNSSKeySlot()); | 118 slot_.reset(base::GetDefaultNSSKeySlot()); |
119 slot_wrapper_ = PK11Slot::CreateFromHandle(slot_.get()); | |
118 | 120 |
119 // Test db should be empty at start of test. | 121 // Test db should be empty at start of test. |
120 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size()); | 122 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size()); |
121 } | 123 } |
122 virtual void TearDown() { | 124 virtual void TearDown() { |
123 // Don't try to cleanup if the setup failed. | 125 // Don't try to cleanup if the setup failed. |
124 ASSERT_TRUE(temp_db_initialized_); | 126 ASSERT_TRUE(temp_db_initialized_); |
125 ASSERT_TRUE(slot_.get()); | 127 ASSERT_TRUE(slot_.get()); |
126 | 128 |
127 EXPECT_TRUE(CleanupSlotContents(slot_.get())); | 129 EXPECT_TRUE(CleanupSlotContents(slot_.get())); |
128 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size()); | 130 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size()); |
129 } | 131 } |
130 | 132 |
131 protected: | 133 protected: |
132 base::ScopedPK11Slot slot_; | 134 base::ScopedPK11Slot slot_; |
135 scoped_refptr<PK11Slot> slot_wrapper_; | |
wtc
2010/12/15 20:54:36
Nit: we only need one of slot_ and slot_wrapper_.
mattm
2011/01/12 01:22:07
Done.
| |
133 CertDatabase cert_db_; | 136 CertDatabase cert_db_; |
134 | 137 |
135 private: | 138 private: |
136 static bool temp_db_initialized_; | 139 static bool temp_db_initialized_; |
137 }; | 140 }; |
138 | 141 |
139 // static | 142 // static |
140 bool CertDatabaseNSSTest::temp_db_initialized_ = false; | 143 bool CertDatabaseNSSTest::temp_db_initialized_ = false; |
141 | 144 |
142 TEST_F(CertDatabaseNSSTest, ListCerts) { | 145 TEST_F(CertDatabaseNSSTest, ListCerts) { |
143 // This test isn't terribly useful, though it will at least let valgrind test | 146 // This test isn't terribly useful, though it will at least let valgrind test |
144 // for leaks. | 147 // for leaks. |
145 CertificateList certs; | 148 CertificateList certs; |
146 cert_db_.ListCerts(&certs); | 149 cert_db_.ListCerts(&certs); |
147 // The test DB is empty, but let's assume there will always be something in | 150 // The test DB is empty, but let's assume there will always be something in |
148 // the other slots. | 151 // the other slots. |
149 EXPECT_LT(0U, certs.size()); | 152 EXPECT_LT(0U, certs.size()); |
150 } | 153 } |
151 | 154 |
155 TEST_F(CertDatabaseNSSTest, ListTokensForPKCS12) { | |
156 // This test isn't terribly useful, though it will at least let valgrind test | |
157 // for leaks. | |
158 PK11SlotList slots; | |
159 cert_db_.ListTokensForPKCS12(&slots); | |
160 // Should have the main slot and the temp test slot. | |
161 EXPECT_EQ(2U, slots.size()); | |
162 } | |
163 | |
152 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { | 164 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { |
153 std::string pkcs12_data = ReadTestFile("client.p12"); | 165 std::string pkcs12_data = ReadTestFile("client.p12"); |
154 | 166 |
155 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD, | 167 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD, |
156 cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16(""))); | 168 cert_db_.ImportFromPKCS12(slot_wrapper_, |
169 pkcs12_data, | |
170 ASCIIToUTF16(""))); | |
157 | 171 |
158 // Test db should still be empty. | 172 // Test db should still be empty. |
159 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size()); | 173 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size()); |
160 } | 174 } |
161 | 175 |
162 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AndExportAgain) { | 176 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AndExportAgain) { |
163 std::string pkcs12_data = ReadTestFile("client.p12"); | 177 std::string pkcs12_data = ReadTestFile("client.p12"); |
164 | 178 |
165 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16("12345"))); | 179 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_wrapper_, |
180 pkcs12_data, | |
181 ASCIIToUTF16("12345"))); | |
166 | 182 |
167 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 183 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
168 ASSERT_EQ(1U, cert_list.size()); | 184 ASSERT_EQ(1U, cert_list.size()); |
169 scoped_refptr<X509Certificate> cert(cert_list[0]); | 185 scoped_refptr<X509Certificate> cert(cert_list[0]); |
170 | 186 |
171 EXPECT_EQ("testusercert", | 187 EXPECT_EQ("testusercert", |
172 cert->subject().common_name); | 188 cert->subject().common_name); |
173 | 189 |
174 // TODO(mattm): move export test to seperate test case? | 190 // TODO(mattm): move export test to seperate test case? |
175 std::string exported_data; | 191 std::string exported_data; |
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
493 puny_cert.get(), CA_CERT, | 509 puny_cert.get(), CA_CERT, |
494 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 510 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
495 | 511 |
496 verify_result.Reset(); | 512 verify_result.Reset(); |
497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); | 513 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); |
498 EXPECT_EQ(OK, error); | 514 EXPECT_EQ(OK, error); |
499 EXPECT_EQ(0, verify_result.cert_status); | 515 EXPECT_EQ(0, verify_result.cert_status); |
500 } | 516 } |
501 | 517 |
502 } // namespace net | 518 } // namespace net |
OLD | NEW |