Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(278)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_database_nss_unittest.cc

Issue 7466006: For PKCS#12 imports, only mark key as unextractable if the PKCS#12 file includes it (Closed) Base URL: http://git.chromium.org/git/chromium.git@trunk
Patch Set: Added a unit test Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/data/ssl/certificates/README » ('j') | net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> 5 #include <cert.h>
6 #include <pk11pub.h> 6 #include <pk11pub.h>
7 7
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/file_path.h" 10 #include "base/file_path.h"
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after
213 scoped_refptr<X509Certificate> cert(cert_list[0]); 213 scoped_refptr<X509Certificate> cert(cert_list[0]);
214 214
215 EXPECT_EQ("testusercert", 215 EXPECT_EQ("testusercert",
216 cert->subject().common_name); 216 cert->subject().common_name);
217 217
218 std::string exported_data; 218 std::string exported_data;
219 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), 219 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"),
220 &exported_data)); 220 &exported_data));
221 } 221 }
222 222
223 // Importing a Pkcs#12 file with a certificate but no corresponding
224 // private key should not mark an existing private key as unextractable.
225 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) {
226 std::string pkcs12_data = ReadTestFile("client.p12");
227 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_,
228 pkcs12_data,
229 ASCIIToUTF16("12345"),
230 true)); // is_extractable
231
232 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
233 ASSERT_EQ(1U, cert_list.size());
234
235 // Now import a Pkcs#12 file with just a certificate but no private key.
236 pkcs12_data = ReadTestFile("client-nokey.p12");
237 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_,
238 pkcs12_data,
239 ASCIIToUTF16("12345"),
240 false)); // is_extractable
241
242 cert_list = ListCertsInSlot(slot_->os_module_handle());
243 ASSERT_EQ(1U, cert_list.size());
244
245 // Make sure the imported private key is still extractable.
246 std::string exported_data;
247 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"),
248 &exported_data));
249 ASSERT_LT(0U, exported_data.size());
250 }
251
223 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) { 252 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) {
224 std::string pkcs12_data = "Foobarbaz"; 253 std::string pkcs12_data = "Foobarbaz";
225 254
226 EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE, 255 EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE,
227 cert_db_.ImportFromPKCS12(slot_, 256 cert_db_.ImportFromPKCS12(slot_,
228 pkcs12_data, 257 pkcs12_data,
229 ASCIIToUTF16(""), 258 ASCIIToUTF16(""),
230 true)); // is_extractable 259 true)); // is_extractable
231 260
232 // Test db should still be empty. 261 // Test db should still be empty.
(...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after
546 puny_cert.get(), CA_CERT, 575 puny_cert.get(), CA_CERT,
547 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); 576 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL));
548 577
549 verify_result.Reset(); 578 verify_result.Reset();
550 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); 579 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result);
551 EXPECT_EQ(OK, error); 580 EXPECT_EQ(OK, error);
552 EXPECT_EQ(0, verify_result.cert_status); 581 EXPECT_EQ(0, verify_result.cert_status);
553 } 582 }
554 583
555 } // namespace net 584 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/data/ssl/certificates/README » ('j') | net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp » ('J')

Powered by Google App Engine
This is Rietveld 408576698