Chromium Code Reviews Chromium Code Reviews
Issue 15315003:
Generate unique certificate nicknames on Linux/CrOS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> | 5 #include <cert.h> |
| 6 #include <certdb.h> | 6 #include <certdb.h> |
| 7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 920 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 931 intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT)); | 931 intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT)); |
| 932 | 932 |
| 933 // Server cert should verify. | 933 // Server cert should verify. |
| 934 CertVerifyResult verify_result2; | 934 CertVerifyResult verify_result2; |
| 935 error = verify_proc->Verify(certs[0], "127.0.0.1", flags, | 935 error = verify_proc->Verify(certs[0], "127.0.0.1", flags, |
| 936 NULL, empty_cert_list_, &verify_result2); | 936 NULL, empty_cert_list_, &verify_result2); |
| 937 EXPECT_EQ(OK, error); | 937 EXPECT_EQ(OK, error); |
| 938 EXPECT_EQ(0U, verify_result2.cert_status); | 938 EXPECT_EQ(0U, verify_result2.cert_status); |
| 939 } | 939 } |
| 940 | 940 |
| 941 // Importing two certificates with the same issuer and common name, but | |
|
wtc
2013/05/22 20:58:45
Could you clarify whether the "common name" is the
| |
| 942 // distinct subject names, should succeed and generate a unique nickname for | |
| 943 // the second certificate. | |
|
wtc
2013/05/22 20:58:45
The test doesn't check the nicknames are different
Ryan Sleevi
2013/05/22 23:20:19
Fixed.
| |
| 944 TEST_F(CertDatabaseNSSTest, ImportDuplicateCommonName) { | |
| 945 CertificateList certs = | |
| 946 CreateCertificateListFromFile(GetTestCertsDirectory(), | |
| 947 "duplicate_cn_1.pem", | |
| 948 X509Certificate::FORMAT_AUTO); | |
| 949 ASSERT_EQ(1U, certs.size()); | |
| 950 | |
| 951 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); | |
| 952 | |
| 953 // Import server cert with default trust. | |
| 954 NSSCertDatabase::ImportCertFailureList failed; | |
| 955 EXPECT_TRUE(cert_db_->ImportServerCert( | |
| 956 certs, NSSCertDatabase::TRUST_DEFAULT, &failed)); | |
| 957 EXPECT_EQ(0U, failed.size()); | |
| 958 EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT, | |
| 959 cert_db_->GetCertTrust(certs[0], SERVER_CERT)); | |
| 960 | |
| 961 CertificateList new_certs = ListCertsInSlot(slot_->os_module_handle()); | |
| 962 ASSERT_EQ(1U, new_certs.size()); | |
| 963 | |
| 964 // Now attempt to issue a different version with the same common name. | |
|
wtc
2013/05/22 20:58:45
What does "issue a different version" mean?
Ryan Sleevi
2013/05/22 23:20:19
typo
s/issue/import/
s/version/certificate/
| |
| 965 CertificateList certs2 = | |
| 966 CreateCertificateListFromFile(GetTestCertsDirectory(), | |
| 967 "duplicate_cn_2.pem", | |
| 968 X509Certificate::FORMAT_AUTO); | |
| 969 ASSERT_EQ(1U, certs2.size()); | |
| 970 | |
| 971 // Import server cert with default trust. | |
| 972 EXPECT_TRUE(cert_db_->ImportServerCert( | |
| 973 certs2, NSSCertDatabase::TRUST_DEFAULT, &failed)); | |
| 974 EXPECT_EQ(0U, failed.size()); | |
| 975 EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT, | |
| 976 cert_db_->GetCertTrust(certs2[0], SERVER_CERT)); | |
| 977 | |
| 978 EXPECT_EQ(2U, ListCertsInSlot(slot_->os_module_handle()).size()); | |
| 979 } | |
| 980 | |
| 941 } // namespace net | 981 } // namespace net |
| OLD | NEW |
