| Index: net/ssl/client_cert_store_nss_unittest.cc
|
| diff --git a/net/ssl/client_cert_store_nss_unittest.cc b/net/ssl/client_cert_store_nss_unittest.cc
|
| index 00d3a9c655d32c590565da87c5d1912a445197de..0fcd2b700988b6eaf0bfeb6d55dbe6aabb070f06 100644
|
| --- a/net/ssl/client_cert_store_nss_unittest.cc
|
| +++ b/net/ssl/client_cert_store_nss_unittest.cc
|
| @@ -4,7 +4,21 @@
|
|
|
| #include "net/ssl/client_cert_store_nss.h"
|
|
|
| +#include <cert.h>
|
| +#include <certt.h>
|
| +#include <pk11pub.h>
|
| +#include <stdint.h>
|
| +
|
| +#include <string>
|
| +
|
| +#include "base/memory/ref_counted.h"
|
| +#include "base/run_loop.h"
|
| +#include "crypto/scoped_test_nss_db.h"
|
| +#include "net/cert/x509_certificate.h"
|
| #include "net/ssl/client_cert_store_unittest-inl.h"
|
| +#include "net/ssl/ssl_cert_request_info.h"
|
| +#include "net/test/cert_test_util.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
|
|
| namespace net {
|
|
|
| @@ -18,7 +32,7 @@ class ClientCertStoreNSSTestDelegate {
|
| // Filters |input_certs| using the logic being used to filter the system
|
| // store when GetClientCerts() is called.
|
| ClientCertStoreNSS::FilterCertsOnWorkerThread(
|
| - input_certs, cert_request_info, false, selected_certs);
|
| + input_certs, cert_request_info, selected_certs);
|
| return true;
|
| }
|
| };
|
| @@ -27,4 +41,47 @@ INSTANTIATE_TYPED_TEST_CASE_P(NSS,
|
| ClientCertStoreTest,
|
| ClientCertStoreNSSTestDelegate);
|
|
|
| +// Tests that ClientCertStoreNSS attempts to build a certificate chain by
|
| +// querying NSS before return a certificate.
|
| +TEST(ClientCertStoreNSSTest, BuildsCertificateChain) {
|
| + // Set up a test DB and import client_1.pem and client_1_ca.pem.
|
| + scoped_refptr<X509Certificate> client_1(
|
| + ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
|
| + ASSERT_TRUE(client_1.get());
|
| + scoped_refptr<X509Certificate> client_1_ca(
|
| + ImportCertFromFile(GetTestCertsDirectory(), "client_1_ca.pem"));
|
| + ASSERT_TRUE(client_1_ca.get());
|
| +
|
| + crypto::ScopedTestNSSDB test_db;
|
| + ASSERT_EQ(SECSuccess,
|
| + PK11_ImportCert(test_db.slot(), client_1->os_cert_handle(),
|
| + CK_INVALID_HANDLE, "client_1",
|
| + PR_FALSE /* includeTrust (unused) */));
|
| + ASSERT_EQ(SECSuccess,
|
| + PK11_ImportCert(test_db.slot(), client_1_ca->os_cert_handle(),
|
| + CK_INVALID_HANDLE, "client_1_ca",
|
| + PR_FALSE /* includeTrust (unused) */));
|
| +
|
| + // Request certificates matching client_1_ca.pem.
|
| + scoped_ptr<ClientCertStoreNSS> store(
|
| + new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory()));
|
| + scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
|
| + request->cert_authorities.push_back(std::string(
|
| + reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN)));
|
| +
|
| + CertificateList selected_certs;
|
| + base::RunLoop loop;
|
| + store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure());
|
| + loop.Run();
|
| +
|
| + // The result should have include client_1_ca.pem.
|
| + ASSERT_EQ(1u, selected_certs.size());
|
| + scoped_refptr<X509Certificate> selected_cert = selected_certs[0];
|
| + EXPECT_TRUE(selected_cert->Equals(client_1.get()));
|
| + ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size());
|
| + EXPECT_TRUE(X509Certificate::IsSameOSCert(
|
| + client_1_ca->os_cert_handle(),
|
| + selected_cert->GetIntermediateCertificates()[0]));
|
| +}
|
| +
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 1526783002:
Build a chain in ClientCertStoreNSS to send intermediates to the server. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master