Index: net/ssl/client_cert_store_nss_unittest.cc |
diff --git a/net/ssl/client_cert_store_nss_unittest.cc b/net/ssl/client_cert_store_nss_unittest.cc |
index 00d3a9c655d32c590565da87c5d1912a445197de..0fcd2b700988b6eaf0bfeb6d55dbe6aabb070f06 100644 |
--- a/net/ssl/client_cert_store_nss_unittest.cc |
+++ b/net/ssl/client_cert_store_nss_unittest.cc |
@@ -4,7 +4,21 @@ |
#include "net/ssl/client_cert_store_nss.h" |
+#include <cert.h> |
+#include <certt.h> |
+#include <pk11pub.h> |
+#include <stdint.h> |
+ |
+#include <string> |
+ |
+#include "base/memory/ref_counted.h" |
+#include "base/run_loop.h" |
+#include "crypto/scoped_test_nss_db.h" |
+#include "net/cert/x509_certificate.h" |
#include "net/ssl/client_cert_store_unittest-inl.h" |
+#include "net/ssl/ssl_cert_request_info.h" |
+#include "net/test/cert_test_util.h" |
+#include "testing/gtest/include/gtest/gtest.h" |
namespace net { |
@@ -18,7 +32,7 @@ class ClientCertStoreNSSTestDelegate { |
// Filters |input_certs| using the logic being used to filter the system |
// store when GetClientCerts() is called. |
ClientCertStoreNSS::FilterCertsOnWorkerThread( |
- input_certs, cert_request_info, false, selected_certs); |
+ input_certs, cert_request_info, selected_certs); |
return true; |
} |
}; |
@@ -27,4 +41,47 @@ INSTANTIATE_TYPED_TEST_CASE_P(NSS, |
ClientCertStoreTest, |
ClientCertStoreNSSTestDelegate); |
+// Tests that ClientCertStoreNSS attempts to build a certificate chain by |
+// querying NSS before return a certificate. |
+TEST(ClientCertStoreNSSTest, BuildsCertificateChain) { |
+ // Set up a test DB and import client_1.pem and client_1_ca.pem. |
+ scoped_refptr<X509Certificate> client_1( |
+ ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
+ ASSERT_TRUE(client_1.get()); |
+ scoped_refptr<X509Certificate> client_1_ca( |
+ ImportCertFromFile(GetTestCertsDirectory(), "client_1_ca.pem")); |
+ ASSERT_TRUE(client_1_ca.get()); |
+ |
+ crypto::ScopedTestNSSDB test_db; |
+ ASSERT_EQ(SECSuccess, |
+ PK11_ImportCert(test_db.slot(), client_1->os_cert_handle(), |
+ CK_INVALID_HANDLE, "client_1", |
+ PR_FALSE /* includeTrust (unused) */)); |
+ ASSERT_EQ(SECSuccess, |
+ PK11_ImportCert(test_db.slot(), client_1_ca->os_cert_handle(), |
+ CK_INVALID_HANDLE, "client_1_ca", |
+ PR_FALSE /* includeTrust (unused) */)); |
+ |
+ // Request certificates matching client_1_ca.pem. |
+ scoped_ptr<ClientCertStoreNSS> store( |
+ new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory())); |
+ scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo); |
+ request->cert_authorities.push_back(std::string( |
+ reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN))); |
+ |
+ CertificateList selected_certs; |
+ base::RunLoop loop; |
+ store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure()); |
+ loop.Run(); |
+ |
+ // The result should have include client_1_ca.pem. |
+ ASSERT_EQ(1u, selected_certs.size()); |
+ scoped_refptr<X509Certificate> selected_cert = selected_certs[0]; |
+ EXPECT_TRUE(selected_cert->Equals(client_1.get())); |
+ ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size()); |
+ EXPECT_TRUE(X509Certificate::IsSameOSCert( |
+ client_1_ca->os_cert_handle(), |
+ selected_cert->GetIntermediateCertificates()[0])); |
+} |
+ |
} // namespace net |