| Index: net/base/nss_cert_database_unittest.cc
|
| diff --git a/net/base/cert_database_nss_unittest.cc b/net/base/nss_cert_database_unittest.cc
|
| similarity index 89%
|
| rename from net/base/cert_database_nss_unittest.cc
|
| rename to net/base/nss_cert_database_unittest.cc
|
| index c4e3b9b55bad6fc54b1ae525858658f909e8d390..dcee5c601e9aa0b0491f30f278b88cde942cd71b 100644
|
| --- a/net/base/cert_database_nss_unittest.cc
|
| +++ b/net/base/nss_cert_database_unittest.cc
|
| @@ -19,13 +19,13 @@
|
| #include "crypto/nss_util.h"
|
| #include "crypto/nss_util_internal.h"
|
| #include "crypto/scoped_nss_types.h"
|
| -#include "net/base/cert_database.h"
|
| #include "net/base/cert_status_flags.h"
|
| #include "net/base/cert_test_util.h"
|
| #include "net/base/cert_verify_proc.h"
|
| #include "net/base/cert_verify_result.h"
|
| #include "net/base/crypto_module.h"
|
| #include "net/base/net_errors.h"
|
| +#include "net/base/nss_cert_database.h"
|
| #include "net/base/x509_certificate.h"
|
| #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
| @@ -66,7 +66,7 @@ class CertDatabaseNSSTest : public testing::Test {
|
|
|
| // Run the message loop to process any observer callbacks (e.g. for the
|
| // ClientSocketFactory singleton) so that the scoped ref ptrs created in
|
| - // CertDatabase::NotifyObservers* get released.
|
| + // NSSCertDatabase::NotifyObservers* get released.
|
| MessageLoop::current()->RunAllPending();
|
|
|
| EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size());
|
| @@ -108,11 +108,11 @@ class CertDatabaseNSSTest : public testing::Test {
|
| }
|
|
|
| scoped_refptr<CryptoModule> slot_;
|
| - CertDatabase cert_db_;
|
| + NSSCertDatabase cert_db_;
|
|
|
| private:
|
| static bool CleanupSlotContents(PK11SlotInfo* slot) {
|
| - CertDatabase cert_db;
|
| + NSSCertDatabase cert_db;
|
| bool ok = true;
|
| CertificateList certs = ListCertsInSlot(slot);
|
| CERTCertTrust default_trust = {0};
|
| @@ -273,8 +273,8 @@ TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) {
|
| EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(certs, NSSCertDatabase::TRUSTED_SSL,
|
| &failed));
|
|
|
| EXPECT_EQ(0U, failed.size());
|
| @@ -284,7 +284,7 @@ TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) {
|
| scoped_refptr<X509Certificate> cert(cert_list[0]);
|
| EXPECT_EQ("Test CA", cert->subject().common_name);
|
|
|
| - EXPECT_EQ(CertDatabase::TRUSTED_SSL,
|
| + EXPECT_EQ(NSSCertDatabase::TRUSTED_SSL,
|
| cert_db_.GetCertTrust(cert.get(), CA_CERT));
|
|
|
| EXPECT_EQ(unsigned(CERTDB_VALID_CA | CERTDB_TRUSTED_CA |
|
| @@ -304,8 +304,8 @@ TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) {
|
| EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(certs, NSSCertDatabase::TRUSTED_EMAIL,
|
| &failed));
|
|
|
| EXPECT_EQ(0U, failed.size());
|
| @@ -315,7 +315,7 @@ TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) {
|
| scoped_refptr<X509Certificate> cert(cert_list[0]);
|
| EXPECT_EQ("Test CA", cert->subject().common_name);
|
|
|
| - EXPECT_EQ(CertDatabase::TRUSTED_EMAIL,
|
| + EXPECT_EQ(NSSCertDatabase::TRUSTED_EMAIL,
|
| cert_db_.GetCertTrust(cert.get(), CA_CERT));
|
|
|
| EXPECT_EQ(unsigned(CERTDB_VALID_CA),
|
| @@ -335,8 +335,8 @@ TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) {
|
| EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(certs, NSSCertDatabase::TRUSTED_OBJ_SIGN,
|
| &failed));
|
|
|
| EXPECT_EQ(0U, failed.size());
|
| @@ -346,7 +346,7 @@ TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) {
|
| scoped_refptr<X509Certificate> cert(cert_list[0]);
|
| EXPECT_EQ("Test CA", cert->subject().common_name);
|
|
|
| - EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN,
|
| + EXPECT_EQ(NSSCertDatabase::TRUSTED_OBJ_SIGN,
|
| cert_db_.GetCertTrust(cert.get(), CA_CERT));
|
|
|
| EXPECT_EQ(unsigned(CERTDB_VALID_CA),
|
| @@ -366,8 +366,8 @@ TEST_F(CertDatabaseNSSTest, ImportCA_NotCACert) {
|
| EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(certs, NSSCertDatabase::TRUSTED_SSL,
|
| &failed));
|
| ASSERT_EQ(1U, failed.size());
|
| // Note: this compares pointers directly. It's okay in this case because
|
| @@ -386,13 +386,13 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchy) {
|
| ASSERT_TRUE(ReadCertIntoList("www_us_army_mil_cert.der", &certs));
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| // Have to specify email trust for the cert verification of the child cert to
|
| // work (see
|
| // http://mxr.mozilla.org/mozilla/source/security/nss/lib/certhigh/certvfy.c#752
|
| // "XXX This choice of trustType seems arbitrary.")
|
| EXPECT_TRUE(cert_db_.ImportCACerts(
|
| - certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL,
|
| + certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL,
|
| &failed));
|
|
|
| ASSERT_EQ(2U, failed.size());
|
| @@ -411,9 +411,9 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyDupeRoot) {
|
| ASSERT_TRUE(ReadCertIntoList("dod_root_ca_2_cert.der", &certs));
|
|
|
| // First import just the root.
|
| - CertDatabase::ImportCertFailureList failed;
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| EXPECT_TRUE(cert_db_.ImportCACerts(
|
| - certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL,
|
| + certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL,
|
| &failed));
|
|
|
| EXPECT_EQ(0U, failed.size());
|
| @@ -428,7 +428,7 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyDupeRoot) {
|
| // already present, we should still import the rest.
|
| failed.clear();
|
| EXPECT_TRUE(cert_db_.ImportCACerts(
|
| - certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL,
|
| + certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL,
|
| &failed));
|
|
|
| ASSERT_EQ(3U, failed.size());
|
| @@ -450,8 +450,8 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyUntrusted) {
|
| ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(certs, CertDatabase::TRUST_DEFAULT,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(certs, NSSCertDatabase::TRUST_DEFAULT,
|
| &failed));
|
|
|
| ASSERT_EQ(1U, failed.size());
|
| @@ -472,9 +472,9 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyTree) {
|
| ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| EXPECT_TRUE(cert_db_.ImportCACerts(
|
| - certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL,
|
| + certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL,
|
| &failed));
|
|
|
| EXPECT_EQ(2U, failed.size());
|
| @@ -497,10 +497,10 @@ TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) {
|
| ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
|
|
|
| // Import it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| EXPECT_TRUE(cert_db_.ImportCACerts(
|
| - certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL |
|
| - CertDatabase::TRUSTED_OBJ_SIGN, &failed));
|
| + certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL |
|
| + NSSCertDatabase::TRUSTED_OBJ_SIGN, &failed));
|
|
|
| ASSERT_EQ(2U, failed.size());
|
| // TODO(mattm): should check for net error equivalent of
|
| @@ -526,8 +526,8 @@ TEST_F(CertDatabaseNSSTest, DISABLED_ImportServerCert) {
|
| X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(2U, certs.size());
|
|
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportServerCert(certs, CertDatabase::TRUST_DEFAULT,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportServerCert(certs, NSSCertDatabase::TRUST_DEFAULT,
|
| &failed));
|
|
|
| EXPECT_EQ(0U, failed.size());
|
| @@ -539,7 +539,7 @@ TEST_F(CertDatabaseNSSTest, DISABLED_ImportServerCert) {
|
| EXPECT_EQ("www.google.com", goog_cert->subject().common_name);
|
| EXPECT_EQ("Thawte SGC CA", thawte_cert->subject().common_name);
|
|
|
| - EXPECT_EQ(CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| cert_db_.GetCertTrust(goog_cert.get(), SERVER_CERT));
|
|
|
| EXPECT_EQ(0U, goog_cert->os_cert_handle()->trust->sslFlags);
|
| @@ -557,8 +557,8 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) {
|
| CertificateList certs;
|
| ASSERT_TRUE(ReadCertIntoList("punycodetest.der", &certs));
|
|
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportServerCert(certs, CertDatabase::TRUST_DEFAULT,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportServerCert(certs, NSSCertDatabase::TRUST_DEFAULT,
|
| &failed));
|
|
|
| EXPECT_EQ(0U, failed.size());
|
| @@ -567,7 +567,7 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) {
|
| ASSERT_EQ(1U, cert_list.size());
|
| scoped_refptr<X509Certificate> puny_cert(cert_list[0]);
|
|
|
| - EXPECT_EQ(CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| cert_db_.GetCertTrust(puny_cert.get(), SERVER_CERT));
|
| EXPECT_EQ(0U, puny_cert->os_cert_handle()->trust->sslFlags);
|
|
|
| @@ -591,8 +591,8 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) {
|
| CertificateList certs;
|
| ASSERT_TRUE(ReadCertIntoList("punycodetest.der", &certs));
|
|
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportServerCert(certs, CertDatabase::TRUSTED_SSL,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportServerCert(certs, NSSCertDatabase::TRUSTED_SSL,
|
| &failed));
|
|
|
| EXPECT_EQ(0U, failed.size());
|
| @@ -601,7 +601,7 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) {
|
| ASSERT_EQ(1U, cert_list.size());
|
| scoped_refptr<X509Certificate> puny_cert(cert_list[0]);
|
|
|
| - EXPECT_EQ(CertDatabase::TRUSTED_SSL,
|
| + EXPECT_EQ(NSSCertDatabase::TRUSTED_SSL,
|
| cert_db_.GetCertTrust(puny_cert.get(), SERVER_CERT));
|
| EXPECT_EQ(unsigned(CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD),
|
| puny_cert->os_cert_handle()->trust->sslFlags);
|
| @@ -622,8 +622,8 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) {
|
| ASSERT_EQ(1U, ca_certs.size());
|
|
|
| // Import CA cert and trust it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, CertDatabase::TRUSTED_SSL,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, NSSCertDatabase::TRUSTED_SSL,
|
| &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| @@ -633,7 +633,7 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) {
|
| ASSERT_EQ(1U, certs.size());
|
|
|
| // Import server cert with default trust.
|
| - EXPECT_TRUE(cert_db_.ImportServerCert(certs, CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_TRUE(cert_db_.ImportServerCert(certs, NSSCertDatabase::TRUST_DEFAULT,
|
| &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| @@ -660,8 +660,8 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
|
| ASSERT_EQ(1U, ca_certs.size());
|
|
|
| // Import CA cert and trust it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, CertDatabase::TRUSTED_SSL,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, NSSCertDatabase::TRUSTED_SSL,
|
| &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| @@ -673,9 +673,9 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
|
| // Import server cert without inheriting trust from issuer (explicit
|
| // distrust).
|
| EXPECT_TRUE(cert_db_.ImportServerCert(
|
| - certs, CertDatabase::DISTRUSTED_SSL, &failed));
|
| + certs, NSSCertDatabase::DISTRUSTED_SSL, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| - EXPECT_EQ(CertDatabase::DISTRUSTED_SSL,
|
| + EXPECT_EQ(NSSCertDatabase::DISTRUSTED_SSL,
|
| cert_db_.GetCertTrust(certs[0], SERVER_CERT));
|
|
|
| EXPECT_EQ(unsigned(CERTDB_TERMINAL_RECORD),
|
| @@ -698,8 +698,8 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
| ASSERT_EQ(1U, ca_certs.size());
|
|
|
| // Import Root CA cert and distrust it.
|
| - CertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, CertDatabase::DISTRUSTED_SSL,
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, NSSCertDatabase::DISTRUSTED_SSL,
|
| &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| @@ -710,7 +710,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
|
|
| // Import Intermediate CA cert and trust it.
|
| EXPECT_TRUE(cert_db_.ImportCACerts(intermediate_certs,
|
| - CertDatabase::TRUSTED_SSL, &failed));
|
| + NSSCertDatabase::TRUSTED_SSL, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| CertificateList certs = CreateCertificateListFromFile(
|
| @@ -720,9 +720,9 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
|
|
| // Import server cert with default trust.
|
| EXPECT_TRUE(cert_db_.ImportServerCert(
|
| - certs, CertDatabase::TRUST_DEFAULT, &failed));
|
| + certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| - EXPECT_EQ(CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| cert_db_.GetCertTrust(certs[0], SERVER_CERT));
|
|
|
| // Server cert should verify.
|
| @@ -742,9 +742,9 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
|
|
| // Trust the root cert and distrust the intermediate.
|
| EXPECT_TRUE(cert_db_.SetCertTrust(
|
| - ca_certs[0], CA_CERT, CertDatabase::TRUSTED_SSL));
|
| + ca_certs[0], CA_CERT, NSSCertDatabase::TRUSTED_SSL));
|
| EXPECT_TRUE(cert_db_.SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, CertDatabase::DISTRUSTED_SSL));
|
| + intermediate_certs[0], CA_CERT, NSSCertDatabase::DISTRUSTED_SSL));
|
| EXPECT_EQ(
|
| unsigned(CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA),
|
| ca_certs[0]->os_cert_handle()->trust->sslFlags);
|
| @@ -769,7 +769,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
| }
|
|
|
| TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
| - CertDatabase::ImportCertFailureList failed;
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
|
|
| CertificateList intermediate_certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(), "2048-rsa-intermediate.pem",
|
| @@ -778,7 +778,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
|
|
| // Import Intermediate CA cert and trust it.
|
| EXPECT_TRUE(cert_db_.ImportCACerts(intermediate_certs,
|
| - CertDatabase::TRUSTED_SSL, &failed));
|
| + NSSCertDatabase::TRUSTED_SSL, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| CertificateList certs = CreateCertificateListFromFile(
|
| @@ -788,9 +788,9 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
|
|
| // Import server cert with default trust.
|
| EXPECT_TRUE(cert_db_.ImportServerCert(
|
| - certs, CertDatabase::TRUST_DEFAULT, &failed));
|
| + certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| - EXPECT_EQ(CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| cert_db_.GetCertTrust(certs[0], SERVER_CERT));
|
|
|
| // Server cert should verify.
|
| @@ -804,7 +804,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
|
|
| // Without explicit trust of the intermediate, verification should fail.
|
| EXPECT_TRUE(cert_db_.SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, CertDatabase::TRUST_DEFAULT));
|
| + intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
|
|
| // Server cert should fail to verify.
|
| CertVerifyResult verify_result2;
|
| @@ -815,7 +815,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
| }
|
|
|
| TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
| - CertDatabase::ImportCertFailureList failed;
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
|
|
| CertificateList ca_certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(), "2048-rsa-root.pem",
|
| @@ -823,7 +823,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
| ASSERT_EQ(1U, ca_certs.size());
|
|
|
| // Import Root CA cert and default trust it.
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, NSSCertDatabase::TRUST_DEFAULT,
|
| &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| @@ -834,7 +834,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
|
|
| // Import Intermediate CA cert and trust it.
|
| EXPECT_TRUE(cert_db_.ImportCACerts(intermediate_certs,
|
| - CertDatabase::TRUSTED_SSL, &failed));
|
| + NSSCertDatabase::TRUSTED_SSL, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| CertificateList certs = CreateCertificateListFromFile(
|
| @@ -844,9 +844,9 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
|
|
| // Import server cert with default trust.
|
| EXPECT_TRUE(cert_db_.ImportServerCert(
|
| - certs, CertDatabase::TRUST_DEFAULT, &failed));
|
| + certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| - EXPECT_EQ(CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| cert_db_.GetCertTrust(certs[0], SERVER_CERT));
|
|
|
| // Server cert should verify.
|
| @@ -860,7 +860,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
|
|
| // Without explicit trust of the intermediate, verification should fail.
|
| EXPECT_TRUE(cert_db_.SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, CertDatabase::TRUST_DEFAULT));
|
| + intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
|
|
| // Server cert should fail to verify.
|
| CertVerifyResult verify_result2;
|
| @@ -877,7 +877,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
| return;
|
| }
|
|
|
| - CertDatabase::ImportCertFailureList failed;
|
| + NSSCertDatabase::ImportCertFailureList failed;
|
|
|
| CertificateList ca_certs = CreateCertificateListFromFile(
|
| GetTestCertsDirectory(), "2048-rsa-root.pem",
|
| @@ -885,7 +885,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
| ASSERT_EQ(1U, ca_certs.size());
|
|
|
| // Import Root CA cert and trust it.
|
| - EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, CertDatabase::TRUSTED_SSL,
|
| + EXPECT_TRUE(cert_db_.ImportCACerts(ca_certs, NSSCertDatabase::TRUSTED_SSL,
|
| &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| @@ -896,7 +896,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
|
|
| // Import Intermediate CA cert and distrust it.
|
| EXPECT_TRUE(cert_db_.ImportCACerts(intermediate_certs,
|
| - CertDatabase::DISTRUSTED_SSL, &failed));
|
| + NSSCertDatabase::DISTRUSTED_SSL, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
|
|
| CertificateList certs = CreateCertificateListFromFile(
|
| @@ -906,9 +906,9 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
|
|
| // Import server cert with default trust.
|
| EXPECT_TRUE(cert_db_.ImportServerCert(
|
| - certs, CertDatabase::TRUST_DEFAULT, &failed));
|
| + certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| - EXPECT_EQ(CertDatabase::TRUST_DEFAULT,
|
| + EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| cert_db_.GetCertTrust(certs[0], SERVER_CERT));
|
|
|
| // Server cert should not verify.
|
| @@ -922,7 +922,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
|
|
| // Without explicit distrust of the intermediate, verification should succeed.
|
| EXPECT_TRUE(cert_db_.SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, CertDatabase::TRUST_DEFAULT));
|
| + intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
|
|
| // Server cert should verify.
|
| CertVerifyResult verify_result2;
|
|
|
Chromium Code Reviews
Issue 10916094:
Move the NSS functions out of CertDatabase into a new NSSCertDatabase class. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src