| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> | 5 #include <cert.h> |
| 6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 146 EXPECT_LT(0U, certs.size()); | 146 EXPECT_LT(0U, certs.size()); |
| 147 } | 147 } |
| 148 | 148 |
| 149 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { | 149 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { |
| 150 std::string pkcs12_data = ReadTestFile("client.p12"); | 150 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 151 | 151 |
| 152 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD, | 152 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD, |
| 153 cert_db_.ImportFromPKCS12(slot_, | 153 cert_db_.ImportFromPKCS12(slot_, |
| 154 pkcs12_data, | 154 pkcs12_data, |
| 155 ASCIIToUTF16(""), | 155 ASCIIToUTF16(""), |
| 156 true)); // is_extractable | 156 true, // is_extractable |
| 157 NULL)); |
| 157 | 158 |
| 158 // Test db should still be empty. | 159 // Test db should still be empty. |
| 159 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); | 160 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 160 } | 161 } |
| 161 | 162 |
| 162 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) { | 163 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) { |
| 163 std::string pkcs12_data = ReadTestFile("client.p12"); | 164 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 164 | 165 |
| 165 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 166 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 166 pkcs12_data, | 167 pkcs12_data, |
| 167 ASCIIToUTF16("12345"), | 168 ASCIIToUTF16("12345"), |
| 168 true)); // is_extractable | 169 true, // is_extractable |
| 170 NULL)); |
| 169 | 171 |
| 170 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); | 172 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 171 ASSERT_EQ(1U, cert_list.size()); | 173 ASSERT_EQ(1U, cert_list.size()); |
| 172 scoped_refptr<X509Certificate> cert(cert_list[0]); | 174 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 173 | 175 |
| 174 EXPECT_EQ("testusercert", | 176 EXPECT_EQ("testusercert", |
| 175 cert->subject().common_name); | 177 cert->subject().common_name); |
| 176 | 178 |
| 177 // TODO(mattm): move export test to separate test case? | 179 // TODO(mattm): move export test to separate test case? |
| 178 std::string exported_data; | 180 std::string exported_data; |
| 179 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 181 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 180 &exported_data)); | 182 &exported_data)); |
| 181 ASSERT_LT(0U, exported_data.size()); | 183 ASSERT_LT(0U, exported_data.size()); |
| 182 // TODO(mattm): further verification of exported data? | 184 // TODO(mattm): further verification of exported data? |
| 183 } | 185 } |
| 184 | 186 |
| 185 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) { | 187 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) { |
| 186 std::string pkcs12_data = ReadTestFile("client.p12"); | 188 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 187 | 189 |
| 188 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 190 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 189 pkcs12_data, | 191 pkcs12_data, |
| 190 ASCIIToUTF16("12345"), | 192 ASCIIToUTF16("12345"), |
| 191 true)); // is_extractable | 193 true, // is_extractable |
| 194 NULL)); |
| 192 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); | 195 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 193 | 196 |
| 194 // NSS has a SEC_ERROR_PKCS12_DUPLICATE_DATA error, but it doesn't look like | 197 // NSS has a SEC_ERROR_PKCS12_DUPLICATE_DATA error, but it doesn't look like |
| 195 // it's ever used. This test verifies that. | 198 // it's ever used. This test verifies that. |
| 196 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 199 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 197 pkcs12_data, | 200 pkcs12_data, |
| 198 ASCIIToUTF16("12345"), | 201 ASCIIToUTF16("12345"), |
| 199 true)); // is_extractable | 202 true, // is_extractable |
| 203 NULL)); |
| 200 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); | 204 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 201 } | 205 } |
| 202 | 206 |
| 203 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) { | 207 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) { |
| 204 std::string pkcs12_data = ReadTestFile("client.p12"); | 208 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 205 | 209 |
| 206 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 210 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 207 pkcs12_data, | 211 pkcs12_data, |
| 208 ASCIIToUTF16("12345"), | 212 ASCIIToUTF16("12345"), |
| 209 false)); // is_extractable | 213 false, // is_extractable |
| 214 NULL)); |
| 210 | 215 |
| 211 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); | 216 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 212 ASSERT_EQ(1U, cert_list.size()); | 217 ASSERT_EQ(1U, cert_list.size()); |
| 213 scoped_refptr<X509Certificate> cert(cert_list[0]); | 218 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 214 | 219 |
| 215 EXPECT_EQ("testusercert", | 220 EXPECT_EQ("testusercert", |
| 216 cert->subject().common_name); | 221 cert->subject().common_name); |
| 217 | 222 |
| 218 std::string exported_data; | 223 std::string exported_data; |
| 219 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 224 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 220 &exported_data)); | 225 &exported_data)); |
| 221 } | 226 } |
| 222 | 227 |
| 223 // Importing a PKCS#12 file with a certificate but no corresponding | 228 // Importing a PKCS#12 file with a certificate but no corresponding |
| 224 // private key should not mark an existing private key as unextractable. | 229 // private key should not mark an existing private key as unextractable. |
| 225 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) { | 230 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) { |
| 226 std::string pkcs12_data = ReadTestFile("client.p12"); | 231 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 227 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 232 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 228 pkcs12_data, | 233 pkcs12_data, |
| 229 ASCIIToUTF16("12345"), | 234 ASCIIToUTF16("12345"), |
| 230 true)); // is_extractable | 235 true, // is_extractable |
| 236 NULL)); |
| 231 | 237 |
| 232 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); | 238 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 233 ASSERT_EQ(1U, cert_list.size()); | 239 ASSERT_EQ(1U, cert_list.size()); |
| 234 | 240 |
| 235 // Now import a PKCS#12 file with just a certificate but no private key. | 241 // Now import a PKCS#12 file with just a certificate but no private key. |
| 236 pkcs12_data = ReadTestFile("client-nokey.p12"); | 242 pkcs12_data = ReadTestFile("client-nokey.p12"); |
| 237 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 243 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 238 pkcs12_data, | 244 pkcs12_data, |
| 239 ASCIIToUTF16("12345"), | 245 ASCIIToUTF16("12345"), |
| 240 false)); // is_extractable | 246 false, // is_extractable |
| 247 NULL)); |
| 241 | 248 |
| 242 cert_list = ListCertsInSlot(slot_->os_module_handle()); | 249 cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 243 ASSERT_EQ(1U, cert_list.size()); | 250 ASSERT_EQ(1U, cert_list.size()); |
| 244 | 251 |
| 245 // Make sure the imported private key is still extractable. | 252 // Make sure the imported private key is still extractable. |
| 246 std::string exported_data; | 253 std::string exported_data; |
| 247 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 254 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 248 &exported_data)); | 255 &exported_data)); |
| 249 ASSERT_LT(0U, exported_data.size()); | 256 ASSERT_LT(0U, exported_data.size()); |
| 250 } | 257 } |
| 251 | 258 |
| 252 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) { | 259 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) { |
| 253 std::string pkcs12_data = "Foobarbaz"; | 260 std::string pkcs12_data = "Foobarbaz"; |
| 254 | 261 |
| 255 EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE, | 262 EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE, |
| 256 cert_db_.ImportFromPKCS12(slot_, | 263 cert_db_.ImportFromPKCS12(slot_, |
| 257 pkcs12_data, | 264 pkcs12_data, |
| 258 ASCIIToUTF16(""), | 265 ASCIIToUTF16(""), |
| 259 true)); // is_extractable | 266 true, // is_extractable |
| 267 NULL)); |
| 260 | 268 |
| 261 // Test db should still be empty. | 269 // Test db should still be empty. |
| 262 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); | 270 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 263 } | 271 } |
| 264 | 272 |
| 265 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { | 273 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { |
| 266 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 274 std::string cert_data = ReadTestFile("root_ca_cert.crt"); |
| 267 | 275 |
| 268 CertificateList certs = | 276 CertificateList certs = |
| 269 X509Certificate::CreateCertificateListFromBytes( | 277 X509Certificate::CreateCertificateListFromBytes( |
| (...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 576 puny_cert.get(), CA_CERT, | 584 puny_cert.get(), CA_CERT, |
| 577 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 585 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
| 578 | 586 |
| 579 verify_result.Reset(); | 587 verify_result.Reset(); |
| 580 error = puny_cert->Verify("xn--wgv71a119e.com", flags, NULL, &verify_result); | 588 error = puny_cert->Verify("xn--wgv71a119e.com", flags, NULL, &verify_result); |
| 581 EXPECT_EQ(OK, error); | 589 EXPECT_EQ(OK, error); |
| 582 EXPECT_EQ(0U, verify_result.cert_status); | 590 EXPECT_EQ(0U, verify_result.cert_status); |
| 583 } | 591 } |
| 584 | 592 |
| 585 } // namespace net | 593 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src