chrome/common/net/x509_certificate_model_unittest.cc - Issue 9940001: Fix imported server certs being distrusted in NSS 3.13.

Side by Side Diff: chrome/common/net/x509_certificate_model_unittest.cc

Issue 9940001: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: review fixes Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/chrome_browser.gypi ('K') | « chrome/chrome_browser.gypi ('k') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('j') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/common/net/x509_certificate_model.h"	5 #include "chrome/common/net/x509_certificate_model.h"

6	6

7 #include "base/file_path.h"	7 #include "base/file_path.h"

8 #include "base/file_util.h"	8 #include "base/file_util.h"

9 #include "base/path_service.h"	9 #include "base/path_service.h"

10 #include "net/base/cert_database.h"	10 #include "net/base/cert_database.h"

(...skipping 14 matching lines...) Expand all Loading...
25 EXPECT_EQ(net::CA_CERT,	25 EXPECT_EQ(net::CA_CERT,

26 x509_certificate_model::GetType(cert->os_cert_handle()));	26 x509_certificate_model::GetType(cert->os_cert_handle()));

27	27

28 // Test that explicitly distrusted CA certs are still returned as CA_CERT	28 // Test that explicitly distrusted CA certs are still returned as CA_CERT

29 // type. See http://crbug.com/96654.	29 // type. See http://crbug.com/96654.

30 net::CertDatabase cert_db;	30 net::CertDatabase cert_db;

31 // TODO(mattm): This depends on the implementation details of SetCertTrust	31 // TODO(mattm): This depends on the implementation details of SetCertTrust

32 // where calling with SERVER_CERT and UNTRUSTED causes a cert to be explicitly	32 // where calling with SERVER_CERT and UNTRUSTED causes a cert to be explicitly

33 // distrusted (trust set to CERTDB_TERMINAL_RECORD). See	33 // distrusted (trust set to CERTDB_TERMINAL_RECORD). See

34 // http://crbug.com/116411. When I fix that bug I'll also add a way to set	34 // http://crbug.com/116411. When I fix that bug I'll also add a way to set

35 // this directly.	35 // this directly.
	wtc 2012/05/16 23:37:12 Should this comment be updated? Should this comment be updated? mattm 2012/05/18 03:40:54 Oops, updated this test too. Show quoted text On 2012/05/16 23:37:12, wtc wrote: > > Should this comment be updated? Oops, updated this test too.
36 EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,	36 EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,

37 net::CertDatabase::UNTRUSTED));	37 net::CertDatabase::UNTRUSTED));

38	38

39 EXPECT_EQ(net::CA_CERT,	39 EXPECT_EQ(net::CA_CERT,

40 x509_certificate_model::GetType(cert->os_cert_handle()));	40 x509_certificate_model::GetType(cert->os_cert_handle()));

41 #endif	41 #endif

42 }	42 }

43	43

44 TEST(X509CertificateModelTest, GetTypeServer) {	44 TEST(X509CertificateModelTest, GetTypeServer) {

45 scoped_refptr<net::X509Certificate> cert(	45 scoped_refptr<net::X509Certificate> cert(

(...skipping 12 matching lines...) Expand all Loading...
58 x509_certificate_model::GetType(cert->os_cert_handle()));	58 x509_certificate_model::GetType(cert->os_cert_handle()));

59	59

60 net::CertDatabase cert_db;	60 net::CertDatabase cert_db;

61 EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,	61 EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,

62 net::CertDatabase::TRUSTED_SSL));	62 net::CertDatabase::TRUSTED_SSL));

63	63

64 EXPECT_EQ(net::SERVER_CERT,	64 EXPECT_EQ(net::SERVER_CERT,

65 x509_certificate_model::GetType(cert->os_cert_handle()));	65 x509_certificate_model::GetType(cert->os_cert_handle()));

66	66

67 EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,	67 EXPECT_TRUE(cert_db.SetCertTrust(cert, net::SERVER_CERT,

68 net::CertDatabase::UNTRUSTED));	68 net::CertDatabase::EXPLICIT_DISTRUST));
	wtc 2012/05/16 23:37:12 Does it matter whether we pass UNTRUSTED or EXPLIC Does it matter whether we pass UNTRUSTED or EXPLICIT_DISTRUST to this SetCertTrust call? I suspect you had to change this to EXPLICIT_DISTRUST because the GetCertType() is determining server certs incorrectly. mattm 2012/05/18 03:40:54 Yeah, the first test after the #else is already te Show quoted text On 2012/05/16 23:37:12, wtc wrote: > > Does it matter whether we pass UNTRUSTED or EXPLICIT_DISTRUST > to this SetCertTrust call? > > I suspect you had to change this to EXPLICIT_DISTRUST > because the GetCertType() is determining server certs > incorrectly. Yeah, the first test after the #else is already testing the UNTRUSTED case.
69	69

70 EXPECT_EQ(net::SERVER_CERT,	70 EXPECT_EQ(net::SERVER_CERT,

71 x509_certificate_model::GetType(cert->os_cert_handle()));	71 x509_certificate_model::GetType(cert->os_cert_handle()));

72 #endif	72 #endif

73 }	73 }

OLD	NEW