Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(241)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/nss_cert_database_unittest.cc

Issue 141503002: Remove obsolete NSS version checks. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/cert/cert_verify_proc_nss.cc ('K') | « net/cert/cert_verify_proc_nss.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> 5 #include <cert.h>
6 #include <certdb.h> 6 #include <certdb.h>
7 #include <pk11pub.h> 7 #include <pk11pub.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 10
(...skipping 573 matching lines...) Expand 10 before | Expand all | Expand 10 after
584 "xn--wgv71a119e.com", 584 "xn--wgv71a119e.com",
585 flags, 585 flags,
586 NULL, 586 NULL,
587 empty_cert_list_, 587 empty_cert_list_,
588 &verify_result); 588 &verify_result);
589 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); 589 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
590 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status); 590 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status);
591 } 591 }
592 592
593 TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) { 593 TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) {
594 // When using CERT_PKIXVerifyCert (which we do), server trust only works from
595 // 3.13.4 onwards. See https://bugzilla.mozilla.org/show_bug.cgi?id=647364.
596 if (!NSS_VersionCheck("3.13.4")) {
597 LOG(INFO) << "test skipped on NSS < 3.13.4";
598 return;
599 }
600
601 CertificateList certs; 594 CertificateList certs;
602 ASSERT_TRUE(ReadCertIntoList("punycodetest.der", &certs)); 595 ASSERT_TRUE(ReadCertIntoList("punycodetest.der", &certs));
603 596
604 NSSCertDatabase::ImportCertFailureList failed; 597 NSSCertDatabase::ImportCertFailureList failed;
605 EXPECT_TRUE(cert_db_->ImportServerCert(certs, NSSCertDatabase::TRUSTED_SSL, 598 EXPECT_TRUE(cert_db_->ImportServerCert(certs, NSSCertDatabase::TRUSTED_SSL,
606 &failed)); 599 &failed));
607 600
608 EXPECT_EQ(0U, failed.size()); 601 EXPECT_EQ(0U, failed.size());
609 602
610 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); 603 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
659 "127.0.0.1", 652 "127.0.0.1",
660 flags, 653 flags,
661 NULL, 654 NULL,
662 empty_cert_list_, 655 empty_cert_list_,
663 &verify_result); 656 &verify_result);
664 EXPECT_EQ(OK, error); 657 EXPECT_EQ(OK, error);
665 EXPECT_EQ(0U, verify_result.cert_status); 658 EXPECT_EQ(0U, verify_result.cert_status);
666 } 659 }
667 660
668 TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) { 661 TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
669 // Explicit distrust only works starting in NSS 3.13.
670 if (!NSS_VersionCheck("3.13")) {
671 LOG(INFO) << "test skipped on NSS < 3.13";
672 return;
673 }
674
675 CertificateList ca_certs = CreateCertificateListFromFile( 662 CertificateList ca_certs = CreateCertificateListFromFile(
676 GetTestCertsDirectory(), "root_ca_cert.pem", 663 GetTestCertsDirectory(), "root_ca_cert.pem",
677 X509Certificate::FORMAT_AUTO); 664 X509Certificate::FORMAT_AUTO);
678 ASSERT_EQ(1U, ca_certs.size()); 665 ASSERT_EQ(1U, ca_certs.size());
679 666
680 // Import CA cert and trust it. 667 // Import CA cert and trust it.
681 NSSCertDatabase::ImportCertFailureList failed; 668 NSSCertDatabase::ImportCertFailureList failed;
682 EXPECT_TRUE(cert_db_->ImportCACerts(ca_certs, NSSCertDatabase::TRUSTED_SSL, 669 EXPECT_TRUE(cert_db_->ImportCACerts(ca_certs, NSSCertDatabase::TRUSTED_SSL,
683 &failed)); 670 &failed));
684 EXPECT_EQ(0U, failed.size()); 671 EXPECT_EQ(0U, failed.size());
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
753 CertVerifyResult verify_result; 740 CertVerifyResult verify_result;
754 int error = verify_proc->Verify(certs[0].get(), 741 int error = verify_proc->Verify(certs[0].get(),
755 "127.0.0.1", 742 "127.0.0.1",
756 flags, 743 flags,
757 NULL, 744 NULL,
758 empty_cert_list_, 745 empty_cert_list_,
759 &verify_result); 746 &verify_result);
760 EXPECT_EQ(OK, error); 747 EXPECT_EQ(OK, error);
761 EXPECT_EQ(0U, verify_result.cert_status); 748 EXPECT_EQ(0U, verify_result.cert_status);
762 749
763 // Explicit distrust only works starting in NSS 3.13.
764 if (!NSS_VersionCheck("3.13")) {
765 LOG(INFO) << "test partially skipped on NSS < 3.13";
766 return;
767 }
768
769 // Trust the root cert and distrust the intermediate. 750 // Trust the root cert and distrust the intermediate.
770 EXPECT_TRUE(cert_db_->SetCertTrust( 751 EXPECT_TRUE(cert_db_->SetCertTrust(
771 ca_certs[0].get(), CA_CERT, NSSCertDatabase::TRUSTED_SSL)); 752 ca_certs[0].get(), CA_CERT, NSSCertDatabase::TRUSTED_SSL));
772 EXPECT_TRUE(cert_db_->SetCertTrust( 753 EXPECT_TRUE(cert_db_->SetCertTrust(
773 intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::DISTRUSTED_SSL)); 754 intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::DISTRUSTED_SSL));
774 EXPECT_EQ( 755 EXPECT_EQ(
775 unsigned(CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA), 756 unsigned(CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA),
776 ca_certs[0]->os_cert_handle()->trust->sslFlags); 757 ca_certs[0]->os_cert_handle()->trust->sslFlags);
777 EXPECT_EQ(unsigned(CERTDB_VALID_CA), 758 EXPECT_EQ(unsigned(CERTDB_VALID_CA),
778 ca_certs[0]->os_cert_handle()->trust->emailFlags); 759 ca_certs[0]->os_cert_handle()->trust->emailFlags);
(...skipping 143 matching lines...) Expand 10 before | Expand all | Expand 10 after
922 "127.0.0.1", 903 "127.0.0.1",
923 flags, 904 flags,
924 NULL, 905 NULL,
925 empty_cert_list_, 906 empty_cert_list_,
926 &verify_result2); 907 &verify_result2);
927 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); 908 EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
928 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status); 909 EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status);
929 } 910 }
930 911
931 TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) { 912 TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
932 // Explicit distrust only works starting in NSS 3.13.
933 if (!NSS_VersionCheck("3.13")) {
934 LOG(INFO) << "test skipped on NSS < 3.13";
935 return;
936 }
937
938 NSSCertDatabase::ImportCertFailureList failed; 913 NSSCertDatabase::ImportCertFailureList failed;
939 914
940 CertificateList ca_certs = CreateCertificateListFromFile( 915 CertificateList ca_certs = CreateCertificateListFromFile(
941 GetTestCertsDirectory(), "2048-rsa-root.pem", 916 GetTestCertsDirectory(), "2048-rsa-root.pem",
942 X509Certificate::FORMAT_AUTO); 917 X509Certificate::FORMAT_AUTO);
943 ASSERT_EQ(1U, ca_certs.size()); 918 ASSERT_EQ(1U, ca_certs.size());
944 919
945 // Import Root CA cert and trust it. 920 // Import Root CA cert and trust it.
946 EXPECT_TRUE(cert_db_->ImportCACerts(ca_certs, NSSCertDatabase::TRUSTED_SSL, 921 EXPECT_TRUE(cert_db_->ImportCACerts(ca_certs, NSSCertDatabase::TRUSTED_SSL,
947 &failed)); 922 &failed));
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
1035 EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT, 1010 EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
1036 cert_db_->GetCertTrust(certs2[0].get(), SERVER_CERT)); 1011 cert_db_->GetCertTrust(certs2[0].get(), SERVER_CERT));
1037 1012
1038 new_certs = ListCertsInSlot(slot_->os_module_handle()); 1013 new_certs = ListCertsInSlot(slot_->os_module_handle());
1039 ASSERT_EQ(2U, new_certs.size()); 1014 ASSERT_EQ(2U, new_certs.size());
1040 EXPECT_STRNE(new_certs[0]->os_cert_handle()->nickname, 1015 EXPECT_STRNE(new_certs[0]->os_cert_handle()->nickname,
1041 new_certs[1]->os_cert_handle()->nickname); 1016 new_certs[1]->os_cert_handle()->nickname);
1042 } 1017 }
1043 1018
1044 } // namespace net 1019 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_nss.cc ('K') | « net/cert/cert_verify_proc_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698