net/base/cert_database_nss_unittest.cc - Issue 5686002: NSS: PKCS 11 password prompt.

Side by Side Diff: net/base/cert_database_nss_unittest.cc

Issue 5686002: NSS: PKCS 11 password prompt. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 10 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <cert.h>	5 #include <cert.h>

6 #include <pk11pub.h>	6 #include <pk11pub.h>

7	7

8 #include <algorithm>	8 #include <algorithm>

9	9

10 #include "base/crypto/scoped_nss_types.h"	10 #include "base/crypto/scoped_nss_types.h"

11 #include "base/file_path.h"	11 #include "base/file_path.h"

12 #include "base/file_util.h"	12 #include "base/file_util.h"

13 #include "base/nss_util.h"	13 #include "base/nss_util.h"

14 #include "base/nss_util_internal.h"	14 #include "base/nss_util_internal.h"

15 #include "base/path_service.h"	15 #include "base/path_service.h"

16 #include "base/scoped_temp_dir.h"	16 #include "base/scoped_temp_dir.h"

17 #include "base/singleton.h"	17 #include "base/singleton.h"

18 #include "base/string_util.h"	18 #include "base/string_util.h"

19 #include "base/utf_string_conversions.h"	19 #include "base/utf_string_conversions.h"

20 #include "net/base/cert_database.h"	20 #include "net/base/cert_database.h"

21 #include "net/base/cert_status_flags.h"	21 #include "net/base/cert_status_flags.h"

22 #include "net/base/cert_verify_result.h"	22 #include "net/base/cert_verify_result.h"

23 #include "net/base/net_errors.h"	23 #include "net/base/net_errors.h"

	24 #include "net/base/pk11_slot.h"

24 #include "net/base/x509_certificate.h"	25 #include "net/base/x509_certificate.h"

25 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"	26 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"

26 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"	27 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"

27 #include "testing/gtest/include/gtest/gtest.h"	28 #include "testing/gtest/include/gtest/gtest.h"

28	29

29 namespace psm = mozilla_security_manager;	30 namespace psm = mozilla_security_manager;

30	31

31 namespace net {	32 namespace net {

32	33

33 namespace {	34 namespace {

(...skipping 74 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
108 ScopedTempDir* temp_db_dir = Singleton<	109 ScopedTempDir* temp_db_dir = Singleton<

109 ScopedTempDir,	110 ScopedTempDir,

110 DefaultSingletonTraits<ScopedTempDir>,	111 DefaultSingletonTraits<ScopedTempDir>,

111 CertDatabaseNSSTest>::get();	112 CertDatabaseNSSTest>::get();

112 ASSERT_TRUE(temp_db_dir->CreateUniqueTempDir());	113 ASSERT_TRUE(temp_db_dir->CreateUniqueTempDir());

113 ASSERT_TRUE(	114 ASSERT_TRUE(

114 base::OpenTestNSSDB(temp_db_dir->path(), "CertDatabaseNSSTest db"));	115 base::OpenTestNSSDB(temp_db_dir->path(), "CertDatabaseNSSTest db"));

115 temp_db_initialized_ = true;	116 temp_db_initialized_ = true;

116 }	117 }

117 slot_.reset(base::GetDefaultNSSKeySlot());	118 slot_.reset(base::GetDefaultNSSKeySlot());

	119 slot_wrapper_ = PK11Slot::CreateFromHandle(slot_.get());

118	120

119 // Test db should be empty at start of test.	121 // Test db should be empty at start of test.

120 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());	122 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());

121 }	123 }

122 virtual void TearDown() {	124 virtual void TearDown() {

123 // Don't try to cleanup if the setup failed.	125 // Don't try to cleanup if the setup failed.

124 ASSERT_TRUE(temp_db_initialized_);	126 ASSERT_TRUE(temp_db_initialized_);

125 ASSERT_TRUE(slot_.get());	127 ASSERT_TRUE(slot_.get());

126	128

127 EXPECT_TRUE(CleanupSlotContents(slot_.get()));	129 EXPECT_TRUE(CleanupSlotContents(slot_.get()));

128 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());	130 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());

129 }	131 }

130	132

131 protected:	133 protected:

132 base::ScopedPK11Slot slot_;	134 base::ScopedPK11Slot slot_;

	135 scoped_refptr<PK11Slot> slot_wrapper_;
	wtc 2010/12/15 20:54:36 Nit: we only need one of slot_ and slot_wrapper_. Nit: we only need one of slot_ and slot_wrapper_. I suggest defining slot_ as scoped_refptr<PK11Slot> slot_; and replacing the original slot_.get() with slot_->os_slot_handle() At least consider adding a TODO comment for this. mattm 2011/01/12 01:22:07 Done. Show quoted text On 2010/12/15 20:54:36, wtc wrote: > Nit: we only need one of slot_ and slot_wrapper_. > I suggest defining slot_ as > scoped_refptr<PK11Slot> slot_; > and replacing the original slot_.get() with > slot_->os_slot_handle() > > At least consider adding a TODO comment for this. Done.
133 CertDatabase cert_db_;	136 CertDatabase cert_db_;

134	137

135 private:	138 private:

136 static bool temp_db_initialized_;	139 static bool temp_db_initialized_;

137 };	140 };

138	141

139 // static	142 // static

140 bool CertDatabaseNSSTest::temp_db_initialized_ = false;	143 bool CertDatabaseNSSTest::temp_db_initialized_ = false;

141	144

142 TEST_F(CertDatabaseNSSTest, ListCerts) {	145 TEST_F(CertDatabaseNSSTest, ListCerts) {

143 // This test isn't terribly useful, though it will at least let valgrind test	146 // This test isn't terribly useful, though it will at least let valgrind test

144 // for leaks.	147 // for leaks.

145 CertificateList certs;	148 CertificateList certs;

146 cert_db_.ListCerts(&certs);	149 cert_db_.ListCerts(&certs);

147 // The test DB is empty, but let's assume there will always be something in	150 // The test DB is empty, but let's assume there will always be something in

148 // the other slots.	151 // the other slots.

149 EXPECT_LT(0U, certs.size());	152 EXPECT_LT(0U, certs.size());

150 }	153 }

151	154

	155 TEST_F(CertDatabaseNSSTest, ListTokensForPKCS12) {

	156 // This test isn't terribly useful, though it will at least let valgrind test

	157 // for leaks.

	158 PK11SlotList slots;

	159 cert_db_.ListTokensForPKCS12(&slots);

	160 // Should have the main slot and the temp test slot.

	161 EXPECT_EQ(2U, slots.size());

	162 }

	163

152 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) {	164 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) {

153 std::string pkcs12_data = ReadTestFile("client.p12");	165 std::string pkcs12_data = ReadTestFile("client.p12");

154	166

155 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD,	167 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD,

156 cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16("")));	168 cert_db_.ImportFromPKCS12(slot_wrapper_,

	169 pkcs12_data,

	170 ASCIIToUTF16("")));

157	171

158 // Test db should still be empty.	172 // Test db should still be empty.

159 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());	173 EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());

160 }	174 }

161	175

162 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AndExportAgain) {	176 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AndExportAgain) {

163 std::string pkcs12_data = ReadTestFile("client.p12");	177 std::string pkcs12_data = ReadTestFile("client.p12");

164	178

165 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16("12345")));	179 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_wrapper_,

	180 pkcs12_data,

	181 ASCIIToUTF16("12345")));

166	182

167 CertificateList cert_list = ListCertsInSlot(slot_.get());	183 CertificateList cert_list = ListCertsInSlot(slot_.get());

168 ASSERT_EQ(1U, cert_list.size());	184 ASSERT_EQ(1U, cert_list.size());

169 scoped_refptr<X509Certificate> cert(cert_list[0]);	185 scoped_refptr<X509Certificate> cert(cert_list[0]);

170	186

171 EXPECT_EQ("testusercert",	187 EXPECT_EQ("testusercert",

172 cert->subject().common_name);	188 cert->subject().common_name);

173	189

174 // TODO(mattm): move export test to seperate test case?	190 // TODO(mattm): move export test to seperate test case?

175 std::string exported_data;	191 std::string exported_data;

(...skipping 317 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
493 puny_cert.get(), CA_CERT,	509 puny_cert.get(), CA_CERT,

494 CertDatabase::TRUSTED_SSL \| CertDatabase::TRUSTED_EMAIL));	510 CertDatabase::TRUSTED_SSL \| CertDatabase::TRUSTED_EMAIL));

495	511

496 verify_result.Reset();	512 verify_result.Reset();

497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result);	513 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result);

498 EXPECT_EQ(OK, error);	514 EXPECT_EQ(OK, error);

499 EXPECT_EQ(0, verify_result.cert_status);	515 EXPECT_EQ(0, verify_result.cert_status);

500 }	516 }

501	517

502 } // namespace net	518 } // namespace net

OLD	NEW

« net/base/cert_database_nss.cc ('K') | « net/base/cert_database_nss.cc ('k') | net/base/keygen_handler.h » ('j') | net/base/keygen_handler.h » ('J')