OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cert.h> | 5 #include <cert.h> |
6 #include <certdb.h> | 6 #include <certdb.h> |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 | 10 |
(...skipping 20 matching lines...) Expand all Loading... |
31 #include "testing/gtest/include/gtest/gtest.h" | 31 #include "testing/gtest/include/gtest/gtest.h" |
32 | 32 |
33 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use | 33 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use |
34 // the new name of the macro. | 34 // the new name of the macro. |
35 #if !defined(CERTDB_TERMINAL_RECORD) | 35 #if !defined(CERTDB_TERMINAL_RECORD) |
36 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER | 36 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER |
37 #endif | 37 #endif |
38 | 38 |
39 namespace net { | 39 namespace net { |
40 | 40 |
| 41 // TODO(mattm): when https://bugzilla.mozilla.org/show_bug.cgi?id=588269 is |
| 42 // fixed, switch back to using a separate userdb for each test. |
| 43 // (When doing so, remember to add some standalone tests of DeleteCert since it |
| 44 // won't be tested by TearDown anymore.) |
41 class CertDatabaseNSSTest : public testing::Test { | 45 class CertDatabaseNSSTest : public testing::Test { |
42 public: | 46 public: |
| 47 static void SetUpTestCase() { |
| 48 ASSERT_TRUE(crypto::OpenTestNSSDB()); |
| 49 // There is no matching TearDownTestCase call to close the test NSS DB |
| 50 // because that would leave NSS in a potentially broken state for further |
| 51 // tests, due to https://bugzilla.mozilla.org/show_bug.cgi?id=588269 |
| 52 } |
| 53 |
43 virtual void SetUp() { | 54 virtual void SetUp() { |
44 ASSERT_TRUE(test_nssdb_.is_open()); | |
45 cert_db_ = NSSCertDatabase::GetInstance(); | 55 cert_db_ = NSSCertDatabase::GetInstance(); |
46 slot_ = cert_db_->GetPublicModule(); | 56 slot_ = cert_db_->GetPublicModule(); |
47 | 57 |
48 // Test db should be empty at start of test. | 58 // Test db should be empty at start of test. |
49 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); | 59 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); |
50 } | 60 } |
51 | 61 |
52 virtual void TearDown() { | 62 virtual void TearDown() { |
53 // Don't try to cleanup if the setup failed. | 63 // Don't try to cleanup if the setup failed. |
54 ASSERT_TRUE(slot_->os_module_handle()); | 64 ASSERT_TRUE(slot_->os_module_handle()); |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
112 SECStatus srv = CERT_ChangeCertTrust( | 122 SECStatus srv = CERT_ChangeCertTrust( |
113 CERT_GetDefaultCertDB(), certs[i]->os_cert_handle(), &default_trust); | 123 CERT_GetDefaultCertDB(), certs[i]->os_cert_handle(), &default_trust); |
114 if (srv != SECSuccess) | 124 if (srv != SECSuccess) |
115 ok = false; | 125 ok = false; |
116 | 126 |
117 if (!cert_db_->DeleteCertAndKey(certs[i])) | 127 if (!cert_db_->DeleteCertAndKey(certs[i])) |
118 ok = false; | 128 ok = false; |
119 } | 129 } |
120 return ok; | 130 return ok; |
121 } | 131 } |
122 | |
123 crypto::ScopedTestNSSDB test_nssdb_; | |
124 }; | 132 }; |
125 | 133 |
126 TEST_F(CertDatabaseNSSTest, ListCerts) { | 134 TEST_F(CertDatabaseNSSTest, ListCerts) { |
127 // This test isn't terribly useful, though it will at least let valgrind test | 135 // This test isn't terribly useful, though it will at least let valgrind test |
128 // for leaks. | 136 // for leaks. |
129 CertificateList certs; | 137 CertificateList certs; |
130 cert_db_->ListCerts(&certs); | 138 cert_db_->ListCerts(&certs); |
131 // The test DB is empty, but let's assume there will always be something in | 139 // The test DB is empty, but let's assume there will always be something in |
132 // the other slots. | 140 // the other slots. |
133 EXPECT_LT(0U, certs.size()); | 141 EXPECT_LT(0U, certs.size()); |
(...skipping 784 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
918 | 926 |
919 // Server cert should verify. | 927 // Server cert should verify. |
920 CertVerifyResult verify_result2; | 928 CertVerifyResult verify_result2; |
921 error = verify_proc->Verify(certs[0], "127.0.0.1", flags, | 929 error = verify_proc->Verify(certs[0], "127.0.0.1", flags, |
922 NULL, &verify_result2); | 930 NULL, &verify_result2); |
923 EXPECT_EQ(OK, error); | 931 EXPECT_EQ(OK, error); |
924 EXPECT_EQ(0U, verify_result2.cert_status); | 932 EXPECT_EQ(0U, verify_result2.cert_status); |
925 } | 933 } |
926 | 934 |
927 } // namespace net | 935 } // namespace net |
OLD | NEW |