NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles.

net/cert/test_root_certs_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/files/file_path.h"
 #include "build/build_config.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/cert_verify_proc.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/test_root_certs.h"
 #include "net/cert/x509_certificate.h"
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 #if defined(USE_NSS) || defined(OS_IOS)
 #include <nss.h>
 #endif
 
+#if defined(OS_IOS)
+#include "net/cert/x509_util_ios.h"
+#endif
+
 namespace net {
 
 namespace {
 
 // The local test root certificate.
 const char kRootCertificateFile[] = "root_ca_cert.pem";
 // A certificate issued by the local test root for 127.0.0.1.
 const char kGoodCertificateFile[] = "ok_cert.pem";
 
 }  // namespace
@@ skipping 97 matching lines @@
                                             NULL,
                                             CertificateList(),
                                             &restored_verify_result);
   EXPECT_NE(OK, restored_status);
   EXPECT_NE(0u,
             restored_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
   EXPECT_EQ(bad_status, restored_status);
   EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status);
 }
 
+#if defined(USE_NSS) || defined(OS_IOS) || \
+    (defined(USE_OPENSSL) && !defined(OS_ANDROID))
+TEST(TestRootCertsTest, Contains) {
+  // Another test root certificate.
+  const char kRootCertificateFile2[] = "2048-rsa-root.pem";
+
+  TestRootCerts* test_roots = TestRootCerts::GetInstance();
+  ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
+
+  scoped_refptr<X509Certificate> root_cert_1 =
+      ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile);
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert_1.get());
+
+  scoped_refptr<X509Certificate> root_cert_2 =
+      ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile2);
+  ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert_2.get());
+
+#if defined(OS_IOS)
+  x509_util_ios::NSSCertificate nss_certificate_1(
+      root_cert_1->os_cert_handle());
+  x509_util_ios::NSSCertificate nss_certificate_2(
+      root_cert_2->os_cert_handle());
+  CERTCertificate* handle_1 = nss_certificate_1.cert_handle();
+  CERTCertificate* handle_2 = nss_certificate_2.cert_handle();
+#else
+  X509Certificate::OSCertHandle handle_1 = root_cert_1->os_cert_handle();
+  X509Certificate::OSCertHandle handle_2 = root_cert_2->os_cert_handle();
+#endif
+
+  EXPECT_FALSE(test_roots->Contains(handle_1));
+  EXPECT_FALSE(test_roots->Contains(handle_2));
+
+  EXPECT_TRUE(test_roots->Add(root_cert_1.get()));
+  EXPECT_TRUE(test_roots->Contains(handle_1));
+  EXPECT_FALSE(test_roots->Contains(handle_2));
+
+  EXPECT_TRUE(test_roots->Add(root_cert_2.get()));
+  EXPECT_TRUE(test_roots->Contains(handle_1));
+  EXPECT_TRUE(test_roots->Contains(handle_2));
+
+  test_roots->Clear();
+  EXPECT_FALSE(test_roots->Contains(handle_1));
+  EXPECT_FALSE(test_roots->Contains(handle_2));
+}
+#endif
+
 // TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that
 // TestRootCerts properly injects itself into the validation process. See
 // http://crbug.com/63958
 
 }  // namespace net