Extract certificate policy application from NetworkLibrary.

chromeos/network/onc/onc_certificate_importer_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/onc/onc_certificate_importer.h"
 
 #include <cert.h>
 #include <certdb.h>
 #include <keyhi.h>
 #include <pk11pub.h>
@@ skipping 48 matching lines @@
  public:
   virtual void SetUp() {
     ASSERT_TRUE(test_nssdb_.is_open());
 
     slot_ = net::NSSCertDatabase::GetInstance()->GetPublicModule();
 
     // Don't run the test if the setup failed.
     ASSERT_TRUE(slot_->os_module_handle());
 
     // Test db should be empty at start of test.
-    EXPECT_EQ(0ul, ListCertsInSlot(slot_->os_module_handle()).size());
+    EXPECT_EQ(0ul, ListCertsInSlot().size());
   }
 
   virtual void TearDown() {
-    EXPECT_TRUE(CleanupSlotContents(slot_->os_module_handle()));
-    EXPECT_EQ(0ul, ListCertsInSlot(slot_->os_module_handle()).size());
+    EXPECT_TRUE(CleanupSlotContents());
+    EXPECT_EQ(0ul, ListCertsInSlot().size());
   }
 
   virtual ~ONCCertificateImporterTest() {}
 
  protected:
-  void AddCertificateFromFile(std::string filename,
-                              net::CertType expected_type,
-                              std::string* guid) {
+  void AddCertificatesFromFile(
+      std::string filename,
+      CertificateImporter::ParseResult expected_parse_result) {
     scoped_ptr<base::DictionaryValue> onc =
         test_utils::ReadTestDictionary(filename);
+    base::Value* certificates_value = NULL;
     base::ListValue* certificates = NULL;
-    onc->GetListWithoutPathExpansion(toplevel_config::kCertificates,
-                                     &certificates);
-
-    base::DictionaryValue* certificate = NULL;
-    certificates->GetDictionary(0, &certificate);
-    certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid);
+    onc->RemoveWithoutPathExpansion(toplevel_config::kCertificates,
+                                    &certificates_value);
+    certificates_value->GetAsList(&certificates);
+    onc_certificates_.reset(certificates);
 
     web_trust_certificates_.clear();
     CertificateImporter importer(true /* allow web trust */);
-    EXPECT_EQ(CertificateImporter::IMPORT_OK,
+    EXPECT_EQ(expected_parse_result,
               importer.ParseAndStoreCertificates(*certificates,
                                                  &web_trust_certificates_));
 
     result_list_.clear();
+    result_list_ = ListCertsInSlot();
+  }
+
+  void AddCertificateFromFile(std::string filename,
+                              net::CertType expected_type,
+                              std::string* guid) {
+    AddCertificatesFromFile(filename, CertificateImporter::IMPORT_OK);
+    EXPECT_EQ(1ul, result_list_.size());
+
+    base::DictionaryValue* certificate = NULL;
+    onc_certificates_->GetDictionary(0, &certificate);
+    certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid);
+
     CertificateImporter::ListCertsWithNickname(*guid, &result_list_);
     ASSERT_EQ(1ul, result_list_.size());
     EXPECT_EQ(expected_type, GetCertType(result_list_[0]->os_cert_handle()));
   }
 
+  scoped_ptr<base::ListValue> onc_certificates_;
   scoped_refptr<net::CryptoModule> slot_;
   net::CertificateList result_list_;
   net::CertificateList web_trust_certificates_;
 
  private:
-  net::CertificateList ListCertsInSlot(PK11SlotInfo* slot) {
+  net::CertificateList ListCertsInSlot() {
     net::CertificateList result;
-    CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
+    CERTCertList* cert_list = PK11_ListCertsInSlot(slot_->os_module_handle());
     for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
          !CERT_LIST_END(node, cert_list);
          node = CERT_LIST_NEXT(node)) {
       result.push_back(net::X509Certificate::CreateFromHandle(
           node->cert, net::X509Certificate::OSCertHandles()));
     }
     CERT_DestroyCertList(cert_list);
 
     // Sort the result so that test comparisons can be deterministic.
     std::sort(result.begin(), result.end(), net::X509Certificate::LessThan());
     return result;
   }
 
-  bool CleanupSlotContents(PK11SlotInfo* slot) {
+  bool CleanupSlotContents() {
     bool ok = true;
-    net::CertificateList certs = ListCertsInSlot(slot);
+    net::CertificateList certs = ListCertsInSlot();
     for (size_t i = 0; i < certs.size(); ++i) {
       if (!net::NSSCertDatabase::GetInstance()->DeleteCertAndKey(certs[i]))
         ok = false;
     }
     return ok;
   }
 
   crypto::ScopedTestNSSDB test_nssdb_;
 };
 
+TEST_F(ONCCertificateImporterTest, MultipleCertificates) {
+  AddCertificatesFromFile("managed_toplevel2.onc",
+                          CertificateImporter::IMPORT_OK);
+  EXPECT_EQ(onc_certificates_->GetSize(), result_list_.size());
+}
+
+TEST_F(ONCCertificateImporterTest, MultipleCertificatesWithFailures) {
+  AddCertificatesFromFile("toplevel_partially_invalid.onc",
+                          CertificateImporter::IMPORT_INCOMPLETE);
+  EXPECT_EQ(2ul, onc_certificates_->GetSize());
+  EXPECT_EQ(1ul, result_list_.size());
+}
+
 TEST_F(ONCCertificateImporterTest, AddClientCertificate) {
   std::string guid;
   AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid);
   EXPECT_TRUE(web_trust_certificates_.empty());
 
   SECKEYPrivateKeyList* privkey_list =
       PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
   EXPECT_TRUE(privkey_list);
   if (privkey_list) {
     SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list);
@@ skipping 131 matching lines @@
                   "certificate-client-update.onc"),
         CertParam(net::SERVER_CERT,
                   "certificate-server.onc",
                   "certificate-server-update.onc"),
         CertParam(net::CA_CERT,
                   "certificate-web-authority.onc",
                   "certificate-web-authority-update.onc")));
 
 }  // namespace onc
 }  // namespace chromeos