Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(291)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_database_nss_unittest.cc

Issue 9584041: Create stubs for system certificate validation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Move system stubs into patch 4 for svn history preservation Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/base/cert_verify_proc.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> 5 #include <cert.h>
6 #include <pk11pub.h> 6 #include <pk11pub.h>
7 7
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/file_path.h" 10 #include "base/file_path.h"
11 #include "base/file_util.h" 11 #include "base/file_util.h"
12 #include "base/lazy_instance.h" 12 #include "base/lazy_instance.h"
13 #include "base/message_loop.h" 13 #include "base/message_loop.h"
14 #include "base/path_service.h" 14 #include "base/path_service.h"
15 #include "base/string16.h" 15 #include "base/string16.h"
16 #include "base/string_util.h" 16 #include "base/string_util.h"
17 #include "base/utf_string_conversions.h" 17 #include "base/utf_string_conversions.h"
18 #include "crypto/nss_util.h" 18 #include "crypto/nss_util.h"
19 #include "crypto/nss_util_internal.h" 19 #include "crypto/nss_util_internal.h"
20 #include "crypto/scoped_nss_types.h" 20 #include "crypto/scoped_nss_types.h"
21 #include "net/base/cert_database.h" 21 #include "net/base/cert_database.h"
22 #include "net/base/cert_status_flags.h" 22 #include "net/base/cert_status_flags.h"
23 #include "net/base/cert_verify_proc.h"
23 #include "net/base/cert_verify_result.h" 24 #include "net/base/cert_verify_result.h"
24 #include "net/base/crypto_module.h" 25 #include "net/base/crypto_module.h"
25 #include "net/base/net_errors.h" 26 #include "net/base/net_errors.h"
26 #include "net/base/x509_certificate.h" 27 #include "net/base/x509_certificate.h"
27 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" 28 #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h"
28 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" 29 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
29 #include "testing/gtest/include/gtest/gtest.h" 30 #include "testing/gtest/include/gtest/gtest.h"
30 31
31 namespace psm = mozilla_security_manager; 32 namespace psm = mozilla_security_manager;
32 33
(...skipping 510 matching lines...) Expand 10 before | Expand all | Expand 10 after
543 scoped_refptr<X509Certificate> goog_cert(cert_list[0]); 544 scoped_refptr<X509Certificate> goog_cert(cert_list[0]);
544 scoped_refptr<X509Certificate> thawte_cert(cert_list[1]); 545 scoped_refptr<X509Certificate> thawte_cert(cert_list[1]);
545 EXPECT_EQ("www.google.com", goog_cert->subject().common_name); 546 EXPECT_EQ("www.google.com", goog_cert->subject().common_name);
546 EXPECT_EQ("Thawte SGC CA", thawte_cert->subject().common_name); 547 EXPECT_EQ("Thawte SGC CA", thawte_cert->subject().common_name);
547 548
548 EXPECT_EQ(CertDatabase::UNTRUSTED, 549 EXPECT_EQ(CertDatabase::UNTRUSTED,
549 cert_db_.GetCertTrust(goog_cert.get(), SERVER_CERT)); 550 cert_db_.GetCertTrust(goog_cert.get(), SERVER_CERT));
550 psm::nsNSSCertTrust goog_trust(goog_cert->os_cert_handle()->trust); 551 psm::nsNSSCertTrust goog_trust(goog_cert->os_cert_handle()->trust);
551 EXPECT_TRUE(goog_trust.HasPeer(PR_TRUE, PR_TRUE, PR_TRUE)); 552 EXPECT_TRUE(goog_trust.HasPeer(PR_TRUE, PR_TRUE, PR_TRUE));
552 553
554 scoped_refptr<CertVerifyProc> verify_proc(CertVerifyProc::CreateDefault());
553 int flags = 0; 555 int flags = 0;
554 CertVerifyResult verify_result; 556 CertVerifyResult verify_result;
555 int error = goog_cert->Verify("www.google.com", flags, NULL, &verify_result); 557 int error = verify_proc->Verify(goog_cert, "www.google.com", flags,
558 NULL, &verify_result);
556 EXPECT_EQ(OK, error); 559 EXPECT_EQ(OK, error);
557 EXPECT_EQ(0U, verify_result.cert_status); 560 EXPECT_EQ(0U, verify_result.cert_status);
558 } 561 }
559 562
560 TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) { 563 TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) {
561 CertificateList certs; 564 CertificateList certs;
562 ASSERT_TRUE(ReadCertIntoList("punycodetest.der", &certs)); 565 ASSERT_TRUE(ReadCertIntoList("punycodetest.der", &certs));
563 566
564 CertDatabase::ImportCertFailureList failed; 567 CertDatabase::ImportCertFailureList failed;
565 EXPECT_TRUE(cert_db_.ImportServerCert(certs, &failed)); 568 EXPECT_TRUE(cert_db_.ImportServerCert(certs, &failed));
566 569
567 EXPECT_EQ(0U, failed.size()); 570 EXPECT_EQ(0U, failed.size());
568 571
569 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); 572 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
570 ASSERT_EQ(1U, cert_list.size()); 573 ASSERT_EQ(1U, cert_list.size());
571 scoped_refptr<X509Certificate> puny_cert(cert_list[0]); 574 scoped_refptr<X509Certificate> puny_cert(cert_list[0]);
572 575
573 EXPECT_EQ(CertDatabase::UNTRUSTED, 576 EXPECT_EQ(CertDatabase::UNTRUSTED,
574 cert_db_.GetCertTrust(puny_cert.get(), SERVER_CERT)); 577 cert_db_.GetCertTrust(puny_cert.get(), SERVER_CERT));
575 psm::nsNSSCertTrust puny_trust(puny_cert->os_cert_handle()->trust); 578 psm::nsNSSCertTrust puny_trust(puny_cert->os_cert_handle()->trust);
576 EXPECT_TRUE(puny_trust.HasPeer(PR_TRUE, PR_TRUE, PR_TRUE)); 579 EXPECT_TRUE(puny_trust.HasPeer(PR_TRUE, PR_TRUE, PR_TRUE));
577 580
581 scoped_refptr<CertVerifyProc> verify_proc(CertVerifyProc::CreateDefault());
578 int flags = 0; 582 int flags = 0;
579 CertVerifyResult verify_result; 583 CertVerifyResult verify_result;
580 int error = puny_cert->Verify("xn--wgv71a119e.com", flags, NULL, 584 int error = verify_proc->Verify(puny_cert, "xn--wgv71a119e.com", flags,
581 &verify_result); 585 NULL, &verify_result);
582 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); 586 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
583 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status); 587 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status);
584 588
585 // TODO(mattm): this should be SERVER_CERT, not CA_CERT, but that does not 589 // TODO(mattm): this should be SERVER_CERT, not CA_CERT, but that does not
586 // work due to NSS bug: https://bugzilla.mozilla.org/show_bug.cgi?id=531160 590 // work due to NSS bug: https://bugzilla.mozilla.org/show_bug.cgi?id=531160
587 EXPECT_TRUE(cert_db_.SetCertTrust( 591 EXPECT_TRUE(cert_db_.SetCertTrust(
588 puny_cert.get(), CA_CERT, 592 puny_cert.get(), CA_CERT,
589 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); 593 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL));
590 594
591 verify_result.Reset(); 595 verify_result.Reset();
592 error = puny_cert->Verify("xn--wgv71a119e.com", flags, NULL, &verify_result); 596 error = verify_proc->Verify(puny_cert, "xn--wgv71a119e.com", flags,
597 NULL, &verify_result);
593 EXPECT_EQ(OK, error); 598 EXPECT_EQ(OK, error);
594 EXPECT_EQ(0U, verify_result.cert_status); 599 EXPECT_EQ(0U, verify_result.cert_status);
595 } 600 }
596 601
597 } // namespace net 602 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/base/cert_verify_proc.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698