| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 #include <algorithm> | 6 #include <algorithm> |
| 7 | 7 |
| 8 #include "net/socket/ssl_test_util.h" | 8 #include "net/socket/ssl_test_util.h" |
| 9 | 9 |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| 11 | 11 |
| 12 #if defined(OS_WIN) | 12 #if defined(OS_WIN) |
| 13 #include <windows.h> | 13 #include <windows.h> |
| 14 #include <wincrypt.h> | 14 #include <wincrypt.h> |
| 15 #elif defined(OS_LINUX) | 15 #elif defined(OS_LINUX) |
| 16 #include <nspr.h> | 16 #include <nspr.h> |
| 17 #include <nss.h> | 17 #include <nss.h> |
| 18 #include <secerr.h> | 18 #include <secerr.h> |
| 19 // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424 | 19 // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424 |
| 20 // until NSS 3.12.2 comes out and we update to it. | 20 // until NSS 3.12.2 comes out and we update to it. |
| 21 #define Lock FOO_NSS_Lock | 21 #define Lock FOO_NSS_Lock |
| 22 #include <ssl.h> | 22 #include <ssl.h> |
| 23 #include <sslerr.h> | 23 #include <sslerr.h> |
| 24 #include <pk11pub.h> | 24 #include <pk11pub.h> |
| 25 #undef Lock | 25 #undef Lock |
| 26 #include "base/nss_init.h" | 26 #include "base/nss_init.h" |
| 27 #elif defined(OS_MACOSX) |
| 28 #include <Security/Security.h> |
| 29 #include "base/scoped_cftyperef.h" |
| 30 #include "net/base/x509_certificate.h" |
| 27 #endif | 31 #endif |
| 28 | 32 |
| 29 #include "base/file_util.h" | 33 #include "base/file_util.h" |
| 30 #include "base/logging.h" | 34 #include "base/logging.h" |
| 31 #include "base/path_service.h" | 35 #include "base/path_service.h" |
| 32 #include "base/string_util.h" | 36 #include "base/string_util.h" |
| 33 #include "net/base/host_resolver.h" | 37 #include "net/base/host_resolver.h" |
| 34 #include "net/base/test_completion_callback.h" | 38 #include "net/base/test_completion_callback.h" |
| 35 #include "net/socket/tcp_client_socket.h" | 39 #include "net/socket/tcp_client_socket.h" |
| 36 #include "net/socket/tcp_pinger.h" | 40 #include "net/socket/tcp_pinger.h" |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 LOG(ERROR) << "Can't change trust for certificate " | 78 LOG(ERROR) << "Can't change trust for certificate " |
| 75 << filename.ToWStringHack(); | 79 << filename.ToWStringHack(); |
| 76 CERT_DestroyCertificate(cert); | 80 CERT_DestroyCertificate(cert); |
| 77 return NULL; | 81 return NULL; |
| 78 } | 82 } |
| 79 | 83 |
| 80 return cert; | 84 return cert; |
| 81 } | 85 } |
| 82 #endif | 86 #endif |
| 83 | 87 |
| 88 #if defined(OS_MACOSX) |
| 89 static net::X509Certificate* LoadTemporaryCert(const FilePath& filename) { |
| 90 std::string rawcert; |
| 91 if (!file_util::ReadFileToString(filename.ToWStringHack(), &rawcert)) { |
| 92 LOG(ERROR) << "Can't load certificate " << filename.ToWStringHack(); |
| 93 return NULL; |
| 94 } |
| 95 |
| 96 CFDataRef pem = CFDataCreate(kCFAllocatorDefault, |
| 97 reinterpret_cast<const UInt8*>(rawcert.data()), |
| 98 static_cast<CFIndex>(rawcert.size())); |
| 99 if (!pem) |
| 100 return NULL; |
| 101 scoped_cftyperef<CFDataRef> scoped_pem(pem); |
| 102 |
| 103 SecExternalFormat input_format = kSecFormatUnknown; |
| 104 SecExternalItemType item_type = kSecItemTypeUnknown; |
| 105 CFArrayRef cert_array = NULL; |
| 106 if (SecKeychainItemImport(pem, NULL, &input_format, &item_type, 0, NULL, NULL, |
| 107 &cert_array)) |
| 108 return NULL; |
| 109 scoped_cftyperef<CFArrayRef> scoped_cert_array(cert_array); |
| 110 |
| 111 if (!CFArrayGetCount(cert_array)) |
| 112 return NULL; |
| 113 |
| 114 SecCertificateRef cert_ref = static_cast<SecCertificateRef>( |
| 115 const_cast<void*>(CFArrayGetValueAtIndex(cert_array, 0))); |
| 116 CFRetain(cert_ref); |
| 117 return net::X509Certificate::CreateFromHandle(cert_ref, |
| 118 net::X509Certificate::SOURCE_FROM_NETWORK); |
| 119 } |
| 120 #endif |
| 121 |
| 84 } // namespace | 122 } // namespace |
| 85 | 123 |
| 86 namespace net { | 124 namespace net { |
| 87 | 125 |
| 126 #if defined(OS_MACOSX) |
| 127 void SetMacTestCertificate(X509Certificate* cert); |
| 128 #endif |
| 129 |
| 88 // static | 130 // static |
| 89 const char TestServerLauncher::kHostName[] = "127.0.0.1"; | 131 const char TestServerLauncher::kHostName[] = "127.0.0.1"; |
| 90 const char TestServerLauncher::kMismatchedHostName[] = "localhost"; | 132 const char TestServerLauncher::kMismatchedHostName[] = "localhost"; |
| 91 const int TestServerLauncher::kOKHTTPSPort = 9443; | 133 const int TestServerLauncher::kOKHTTPSPort = 9443; |
| 92 const int TestServerLauncher::kBadHTTPSPort = 9666; | 134 const int TestServerLauncher::kBadHTTPSPort = 9666; |
| 93 | 135 |
| 94 // The issuer name of the cert that should be trusted for the test to work. | 136 // The issuer name of the cert that should be trusted for the test to work. |
| 95 const wchar_t TestServerLauncher::kCertIssuerName[] = L"Test CA"; | 137 const wchar_t TestServerLauncher::kCertIssuerName[] = L"Test CA"; |
| 96 | 138 |
| 97 TestServerLauncher::TestServerLauncher() : process_handle_(NULL), | 139 TestServerLauncher::TestServerLauncher() : process_handle_(NULL), |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 310 LOG(INFO) << "Kill failed?"; | 352 LOG(INFO) << "Kill failed?"; |
| 311 } | 353 } |
| 312 | 354 |
| 313 return ret; | 355 return ret; |
| 314 } | 356 } |
| 315 | 357 |
| 316 TestServerLauncher::~TestServerLauncher() { | 358 TestServerLauncher::~TestServerLauncher() { |
| 317 #if defined(OS_LINUX) | 359 #if defined(OS_LINUX) |
| 318 if (cert_) | 360 if (cert_) |
| 319 CERT_DestroyCertificate(reinterpret_cast<CERTCertificate*>(cert_)); | 361 CERT_DestroyCertificate(reinterpret_cast<CERTCertificate*>(cert_)); |
| 362 #elif defined(OS_MACOSX) |
| 363 SetMacTestCertificate(NULL); |
| 320 #endif | 364 #endif |
| 321 Stop(); | 365 Stop(); |
| 322 } | 366 } |
| 323 | 367 |
| 324 FilePath TestServerLauncher::GetRootCertPath() { | 368 FilePath TestServerLauncher::GetRootCertPath() { |
| 325 FilePath path(cert_dir_); | 369 FilePath path(cert_dir_); |
| 326 path = path.AppendASCII("root_ca_cert.crt"); | 370 path = path.AppendASCII("root_ca_cert.crt"); |
| 327 return path; | 371 return path; |
| 328 } | 372 } |
| 329 | 373 |
| (...skipping 16 matching lines...) Expand all Loading... |
| 346 | 390 |
| 347 // TODO(dkegel): figure out how to get this to only happen once? | 391 // TODO(dkegel): figure out how to get this to only happen once? |
| 348 | 392 |
| 349 // This currently leaks a little memory. | 393 // This currently leaks a little memory. |
| 350 // TODO(dkegel): fix the leak and remove the entry in | 394 // TODO(dkegel): fix the leak and remove the entry in |
| 351 // tools/valgrind/suppressions.txt | 395 // tools/valgrind/suppressions.txt |
| 352 cert_ = reinterpret_cast<PrivateCERTCertificate*>( | 396 cert_ = reinterpret_cast<PrivateCERTCertificate*>( |
| 353 LoadTemporaryCert(GetRootCertPath())); | 397 LoadTemporaryCert(GetRootCertPath())); |
| 354 DCHECK(cert_); | 398 DCHECK(cert_); |
| 355 return (cert_ != NULL); | 399 return (cert_ != NULL); |
| 400 #elif defined(OS_MACOSX) |
| 401 X509Certificate* cert = LoadTemporaryCert(GetRootCertPath()); |
| 402 if (!cert) |
| 403 return false; |
| 404 SetMacTestCertificate(cert); |
| 405 return true; |
| 356 #else | 406 #else |
| 357 return true; | 407 return true; |
| 358 #endif | 408 #endif |
| 359 } | 409 } |
| 360 | 410 |
| 361 bool TestServerLauncher::CheckCATrusted() { | 411 bool TestServerLauncher::CheckCATrusted() { |
| 362 // TODO(port): Port either this or LoadTemporaryCert to MacOSX. | 412 // TODO(port): Port either this or LoadTemporaryCert to MacOSX. |
| 363 #if defined(OS_WIN) | 413 #if defined(OS_WIN) |
| 364 HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT"); | 414 HCERTSTORE cert_store = CertOpenSystemStore(NULL, L"ROOT"); |
| 365 if (!cert_store) { | 415 if (!cert_store) { |
| (...skipping 16 matching lines...) Expand all Loading... |
| 382 "certificate to your trusted roots for this test to work. " | 432 "certificate to your trusted roots for this test to work. " |
| 383 "For more info visit:\n" | 433 "For more info visit:\n" |
| 384 "http://dev.chromium.org/developers/testing\n"; | 434 "http://dev.chromium.org/developers/testing\n"; |
| 385 return false; | 435 return false; |
| 386 } | 436 } |
| 387 #endif | 437 #endif |
| 388 return true; | 438 return true; |
| 389 } | 439 } |
| 390 | 440 |
| 391 } // namespace net | 441 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 174102:
Enable SSLClientSocketTest unit tests on Mac OS X by implementing our own cer... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/