Chromium Code Reviews Chromium Code Reviews
Issue 137553004:
NSS Cros multiprofile: trust roots added by a profile shouldn't apply to other profiles. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback.h" | 9 #include "base/callback.h" |
| 10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 37 PolicyCertVerifierTest() : cert_db_(NULL), trust_anchor_used_(false) {} | 37 PolicyCertVerifierTest() : cert_db_(NULL), trust_anchor_used_(false) {} |
| 38 | 38 |
| 39 virtual ~PolicyCertVerifierTest() {} | 39 virtual ~PolicyCertVerifierTest() {} |
| 40 | 40 |
| 41 virtual void SetUp() OVERRIDE { | 41 virtual void SetUp() OVERRIDE { |
| 42 ASSERT_TRUE(test_nssdb_.is_open()); | 42 ASSERT_TRUE(test_nssdb_.is_open()); |
| 43 cert_db_ = net::NSSCertDatabase::GetInstance(); | 43 cert_db_ = net::NSSCertDatabase::GetInstance(); |
| 44 | 44 |
| 45 cert_verifier_.reset(new PolicyCertVerifier(base::Bind( | 45 cert_verifier_.reset(new PolicyCertVerifier(base::Bind( |
| 46 &PolicyCertVerifierTest::OnTrustAnchorUsed, base::Unretained(this)))); | 46 &PolicyCertVerifierTest::OnTrustAnchorUsed, base::Unretained(this)))); |
| 47 cert_verifier_->InitializeOnIOThread(); | 47 cert_verifier_->InitializeOnIOThread(net::CertVerifyProc::CreateDefault()); |
|
Ryan Sleevi
2014/01/22 00:43:48
This is potentially dangerous as written, since if
mattm
2014/01/24 04:47:31
Done.
(Also had to change it to specify a slot fo
| |
| 48 | 48 |
| 49 test_ca_cert_ = LoadCertificate("root_ca_cert.pem", net::CA_CERT); | 49 test_ca_cert_ = LoadCertificate("root_ca_cert.pem", net::CA_CERT); |
| 50 ASSERT_TRUE(test_ca_cert_); | 50 ASSERT_TRUE(test_ca_cert_); |
| 51 test_server_cert_ = LoadCertificate("ok_cert.pem", net::SERVER_CERT); | 51 test_server_cert_ = LoadCertificate("ok_cert.pem", net::SERVER_CERT); |
| 52 ASSERT_TRUE(test_server_cert_); | 52 ASSERT_TRUE(test_server_cert_); |
| 53 test_ca_cert_list_.push_back(test_ca_cert_); | 53 test_ca_cert_list_.push_back(test_ca_cert_); |
| 54 } | 54 } |
| 55 | 55 |
| 56 virtual void TearDown() OVERRIDE { | 56 virtual void TearDown() OVERRIDE { |
| 57 // Destroy |cert_verifier_| before destroying the ThreadBundle, otherwise | 57 // Destroy |cert_verifier_| before destroying the ThreadBundle, otherwise |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 222 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); | 222 int error = VerifyTestServerCert(callback, &verify_result, &request_handle); |
| 223 // Note: this hits the cached result from the first Verify() in this test. | 223 // Note: this hits the cached result from the first Verify() in this test. |
| 224 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); | 224 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); |
| 225 } | 225 } |
| 226 // The additional trust anchors were reset, thus |cert_verifier_| should not | 226 // The additional trust anchors were reset, thus |cert_verifier_| should not |
| 227 // signal it's usage anymore. | 227 // signal it's usage anymore. |
| 228 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); | 228 EXPECT_FALSE(WasTrustAnchorUsedAndReset()); |
| 229 } | 229 } |
| 230 | 230 |
| 231 } // namespace policy | 231 } // namespace policy |
| OLD | NEW |
