| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> | 5 #include <cert.h> |
| 6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 EXPECT_LT(0U, certs.size()); | 147 EXPECT_LT(0U, certs.size()); |
| 148 } | 148 } |
| 149 | 149 |
| 150 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { | 150 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { |
| 151 std::string pkcs12_data = ReadTestFile("client.p12"); | 151 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 152 | 152 |
| 153 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD, | 153 EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD, |
| 154 cert_db_.ImportFromPKCS12(slot_, | 154 cert_db_.ImportFromPKCS12(slot_, |
| 155 pkcs12_data, | 155 pkcs12_data, |
| 156 string16(), | 156 string16(), |
| 157 true)); // is_extractable | 157 true, // is_extractable |
| 158 NULL)); |
| 158 | 159 |
| 159 // Test db should still be empty. | 160 // Test db should still be empty. |
| 160 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); | 161 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 161 } | 162 } |
| 162 | 163 |
| 163 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) { | 164 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) { |
| 164 std::string pkcs12_data = ReadTestFile("client.p12"); | 165 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 165 | 166 |
| 166 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 167 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 167 pkcs12_data, | 168 pkcs12_data, |
| 168 ASCIIToUTF16("12345"), | 169 ASCIIToUTF16("12345"), |
| 169 true)); // is_extractable | 170 true, // is_extractable |
| 171 NULL)); |
| 170 | 172 |
| 171 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); | 173 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 172 ASSERT_EQ(1U, cert_list.size()); | 174 ASSERT_EQ(1U, cert_list.size()); |
| 173 scoped_refptr<X509Certificate> cert(cert_list[0]); | 175 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 174 | 176 |
| 175 EXPECT_EQ("testusercert", | 177 EXPECT_EQ("testusercert", |
| 176 cert->subject().common_name); | 178 cert->subject().common_name); |
| 177 | 179 |
| 178 // TODO(mattm): move export test to separate test case? | 180 // TODO(mattm): move export test to separate test case? |
| 179 std::string exported_data; | 181 std::string exported_data; |
| 180 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 182 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 181 &exported_data)); | 183 &exported_data)); |
| 182 ASSERT_LT(0U, exported_data.size()); | 184 ASSERT_LT(0U, exported_data.size()); |
| 183 // TODO(mattm): further verification of exported data? | 185 // TODO(mattm): further verification of exported data? |
| 184 } | 186 } |
| 185 | 187 |
| 186 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) { | 188 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) { |
| 187 std::string pkcs12_data = ReadTestFile("client.p12"); | 189 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 188 | 190 |
| 189 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 191 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 190 pkcs12_data, | 192 pkcs12_data, |
| 191 ASCIIToUTF16("12345"), | 193 ASCIIToUTF16("12345"), |
| 192 true)); // is_extractable | 194 true, // is_extractable |
| 195 NULL)); |
| 193 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); | 196 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 194 | 197 |
| 195 // NSS has a SEC_ERROR_PKCS12_DUPLICATE_DATA error, but it doesn't look like | 198 // NSS has a SEC_ERROR_PKCS12_DUPLICATE_DATA error, but it doesn't look like |
| 196 // it's ever used. This test verifies that. | 199 // it's ever used. This test verifies that. |
| 197 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 200 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 198 pkcs12_data, | 201 pkcs12_data, |
| 199 ASCIIToUTF16("12345"), | 202 ASCIIToUTF16("12345"), |
| 200 true)); // is_extractable | 203 true, // is_extractable |
| 204 NULL)); |
| 201 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); | 205 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 202 } | 206 } |
| 203 | 207 |
| 204 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) { | 208 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) { |
| 205 std::string pkcs12_data = ReadTestFile("client.p12"); | 209 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 206 | 210 |
| 207 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 211 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 208 pkcs12_data, | 212 pkcs12_data, |
| 209 ASCIIToUTF16("12345"), | 213 ASCIIToUTF16("12345"), |
| 210 false)); // is_extractable | 214 false, // is_extractable |
| 215 NULL)); |
| 211 | 216 |
| 212 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); | 217 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 213 ASSERT_EQ(1U, cert_list.size()); | 218 ASSERT_EQ(1U, cert_list.size()); |
| 214 scoped_refptr<X509Certificate> cert(cert_list[0]); | 219 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 215 | 220 |
| 216 EXPECT_EQ("testusercert", | 221 EXPECT_EQ("testusercert", |
| 217 cert->subject().common_name); | 222 cert->subject().common_name); |
| 218 | 223 |
| 219 std::string exported_data; | 224 std::string exported_data; |
| 220 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 225 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 221 &exported_data)); | 226 &exported_data)); |
| 222 } | 227 } |
| 223 | 228 |
| 224 // Importing a PKCS#12 file with a certificate but no corresponding | 229 // Importing a PKCS#12 file with a certificate but no corresponding |
| 225 // private key should not mark an existing private key as unextractable. | 230 // private key should not mark an existing private key as unextractable. |
| 226 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) { | 231 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) { |
| 227 std::string pkcs12_data = ReadTestFile("client.p12"); | 232 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 228 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 233 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 229 pkcs12_data, | 234 pkcs12_data, |
| 230 ASCIIToUTF16("12345"), | 235 ASCIIToUTF16("12345"), |
| 231 true)); // is_extractable | 236 true, // is_extractable |
| 237 NULL)); |
| 232 | 238 |
| 233 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); | 239 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 234 ASSERT_EQ(1U, cert_list.size()); | 240 ASSERT_EQ(1U, cert_list.size()); |
| 235 | 241 |
| 236 // Now import a PKCS#12 file with just a certificate but no private key. | 242 // Now import a PKCS#12 file with just a certificate but no private key. |
| 237 pkcs12_data = ReadTestFile("client-nokey.p12"); | 243 pkcs12_data = ReadTestFile("client-nokey.p12"); |
| 238 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 244 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 239 pkcs12_data, | 245 pkcs12_data, |
| 240 ASCIIToUTF16("12345"), | 246 ASCIIToUTF16("12345"), |
| 241 false)); // is_extractable | 247 false, // is_extractable |
| 248 NULL)); |
| 242 | 249 |
| 243 cert_list = ListCertsInSlot(slot_->os_module_handle()); | 250 cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 244 ASSERT_EQ(1U, cert_list.size()); | 251 ASSERT_EQ(1U, cert_list.size()); |
| 245 | 252 |
| 246 // Make sure the imported private key is still extractable. | 253 // Make sure the imported private key is still extractable. |
| 247 std::string exported_data; | 254 std::string exported_data; |
| 248 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 255 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 249 &exported_data)); | 256 &exported_data)); |
| 250 ASSERT_LT(0U, exported_data.size()); | 257 ASSERT_LT(0U, exported_data.size()); |
| 251 } | 258 } |
| 252 | 259 |
| 253 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) { | 260 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) { |
| 254 std::string pkcs12_data = "Foobarbaz"; | 261 std::string pkcs12_data = "Foobarbaz"; |
| 255 | 262 |
| 256 EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE, | 263 EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE, |
| 257 cert_db_.ImportFromPKCS12(slot_, | 264 cert_db_.ImportFromPKCS12(slot_, |
| 258 pkcs12_data, | 265 pkcs12_data, |
| 259 string16(), | 266 string16(), |
| 260 true)); // is_extractable | 267 true, // is_extractable |
| 268 NULL)); |
| 261 | 269 |
| 262 // Test db should still be empty. | 270 // Test db should still be empty. |
| 263 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); | 271 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 264 } | 272 } |
| 265 | 273 |
| 266 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { | 274 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { |
| 267 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 275 std::string cert_data = ReadTestFile("root_ca_cert.crt"); |
| 268 | 276 |
| 269 CertificateList certs = | 277 CertificateList certs = |
| 270 X509Certificate::CreateCertificateListFromBytes( | 278 X509Certificate::CreateCertificateListFromBytes( |
| (...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 577 puny_cert.get(), CA_CERT, | 585 puny_cert.get(), CA_CERT, |
| 578 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 586 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
| 579 | 587 |
| 580 verify_result.Reset(); | 588 verify_result.Reset(); |
| 581 error = puny_cert->Verify("xn--wgv71a119e.com", flags, NULL, &verify_result); | 589 error = puny_cert->Verify("xn--wgv71a119e.com", flags, NULL, &verify_result); |
| 582 EXPECT_EQ(OK, error); | 590 EXPECT_EQ(OK, error); |
| 583 EXPECT_EQ(0U, verify_result.cert_status); | 591 EXPECT_EQ(0U, verify_result.cert_status); |
| 584 } | 592 } |
| 585 | 593 |
| 586 } // namespace net | 594 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src