Refactor net tests to use GMock matchers for checking net::Error results

net/cert/nss_cert_database_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/nss_cert_database.h"
 
 #include <cert.h>
 #include <certdb.h>
 #include <pk11pub.h>
 
@@ skipping 12 matching lines @@
 #include "crypto/scoped_nss_types.h"
 #include "crypto/scoped_test_nss_db.h"
 #include "net/base/crypto_module.h"
 #include "net/base/hash_value.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/cert_verify_proc_nss.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/x509_certificate.h"
 #include "net/test/cert_test_util.h"
+#include "net/test/gtest_util.h"
 #include "net/test/test_data_directory.h"
 #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
+#include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+using net::test::IsError;
+using net::test::IsOk;
+
 // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use
 // the new name of the macro.
 #if !defined(CERTDB_TERMINAL_RECORD)
 #define CERTDB_TERMINAL_RECORD CERTDB_VALID_PEER
 #endif
 
 using base::ASCIIToUTF16;
 
 namespace net {
 
@@ skipping 336 matching lines @@
 
   // Import it.
   NSSCertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_->ImportCACerts(certs, NSSCertDatabase::TRUSTED_SSL,
                                       &failed));
   ASSERT_EQ(1U, failed.size());
   // Note: this compares pointers directly.  It's okay in this case because
   // ImportCACerts returns the same pointers that were passed in.  In the
   // general case IsSameOSCert should be used.
   EXPECT_EQ(certs[0], failed[0].certificate);
-  EXPECT_EQ(ERR_IMPORT_CA_CERT_NOT_CA, failed[0].net_error);
+  EXPECT_THAT(failed[0].net_error, IsError(ERR_IMPORT_CA_CERT_NOT_CA));
 
   EXPECT_EQ(0U, ListCerts().size());
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACertHierarchy) {
   CertificateList certs;
   ASSERT_TRUE(ReadCertIntoList("dod_root_ca_2_cert.der", &certs));
   ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
   ASSERT_TRUE(ReadCertIntoList("www_us_army_mil_cert.der", &certs));
 
   // Import it.
   NSSCertDatabase::ImportCertFailureList failed;
   // Have to specify email trust for the cert verification of the child cert to
   // work (see
   // http://mxr.mozilla.org/mozilla/source/security/nss/lib/certhigh/certvfy.c#752
   // "XXX This choice of trustType seems arbitrary.")
   EXPECT_TRUE(cert_db_->ImportCACerts(
       certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL,
       &failed));
 
   ASSERT_EQ(2U, failed.size());
   EXPECT_EQ("DOD CA-17", failed[0].certificate->subject().common_name);
-  EXPECT_EQ(ERR_FAILED, failed[0].net_error);  // The certificate expired.
+  EXPECT_THAT(failed[0].net_error,
+              IsError(ERR_FAILED));  // The certificate expired.
   EXPECT_EQ("www.us.army.mil", failed[1].certificate->subject().common_name);
-  EXPECT_EQ(ERR_IMPORT_CA_CERT_NOT_CA, failed[1].net_error);
+  EXPECT_THAT(failed[1].net_error, IsError(ERR_IMPORT_CA_CERT_NOT_CA));
 
   CertificateList cert_list = ListCerts();
   ASSERT_EQ(1U, cert_list.size());
   EXPECT_EQ("DoD Root CA 2", cert_list[0]->subject().common_name);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyDupeRoot) {
   CertificateList certs;
   ASSERT_TRUE(ReadCertIntoList("dod_root_ca_2_cert.der", &certs));
 
@@ skipping 13 matching lines @@
 
   // Now import with the other certs in the list too.  Even though the root is
   // already present, we should still import the rest.
   failed.clear();
   EXPECT_TRUE(cert_db_->ImportCACerts(
       certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL,
       &failed));
 
   ASSERT_EQ(3U, failed.size());
   EXPECT_EQ("DoD Root CA 2", failed[0].certificate->subject().common_name);
-  EXPECT_EQ(ERR_IMPORT_CERT_ALREADY_EXISTS, failed[0].net_error);
+  EXPECT_THAT(failed[0].net_error, IsError(ERR_IMPORT_CERT_ALREADY_EXISTS));
   EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
-  EXPECT_EQ(ERR_FAILED, failed[1].net_error);  // The certificate expired.
+  EXPECT_THAT(failed[1].net_error,
+              IsError(ERR_FAILED));  // The certificate expired.
   EXPECT_EQ("www.us.army.mil", failed[2].certificate->subject().common_name);
-  EXPECT_EQ(ERR_IMPORT_CA_CERT_NOT_CA, failed[2].net_error);
+  EXPECT_THAT(failed[2].net_error, IsError(ERR_IMPORT_CA_CERT_NOT_CA));
 
   cert_list = ListCerts();
   ASSERT_EQ(1U, cert_list.size());
   EXPECT_EQ("DoD Root CA 2", cert_list[0]->subject().common_name);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyUntrusted) {
   CertificateList certs;
   ASSERT_TRUE(ReadCertIntoList("dod_root_ca_2_cert.der", &certs));
   ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
 
   // Import it.
   NSSCertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_->ImportCACerts(certs, NSSCertDatabase::TRUST_DEFAULT,
                                       &failed));
 
   ASSERT_EQ(1U, failed.size());
   EXPECT_EQ("DOD CA-17", failed[0].certificate->subject().common_name);
   // TODO(mattm): should check for net error equivalent of
   // SEC_ERROR_UNTRUSTED_ISSUER
-  EXPECT_EQ(ERR_FAILED, failed[0].net_error);
+  EXPECT_THAT(failed[0].net_error, IsError(ERR_FAILED));
 
   CertificateList cert_list = ListCerts();
   ASSERT_EQ(1U, cert_list.size());
   EXPECT_EQ("DoD Root CA 2", cert_list[0]->subject().common_name);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyTree) {
   CertificateList certs;
   ASSERT_TRUE(ReadCertIntoList("dod_root_ca_2_cert.der", &certs));
   ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs));
   ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
 
   // Import it.
   NSSCertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_->ImportCACerts(
       certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL,
       &failed));
 
   EXPECT_EQ(2U, failed.size());
   EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name);
-  EXPECT_EQ(ERR_FAILED, failed[0].net_error);  // The certificate expired.
+  EXPECT_THAT(failed[0].net_error,
+              IsError(ERR_FAILED));  // The certificate expired.
   EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
-  EXPECT_EQ(ERR_FAILED, failed[1].net_error);  // The certificate expired.
+  EXPECT_THAT(failed[1].net_error,
+              IsError(ERR_FAILED));  // The certificate expired.
 
   CertificateList cert_list = ListCerts();
   ASSERT_EQ(1U, cert_list.size());
   EXPECT_EQ("DoD Root CA 2", cert_list[0]->subject().common_name);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) {
   CertificateList certs = CreateCertificateListFromFile(
       GetTestCertsDirectory(), "root_ca_cert.pem",
       X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, certs.size());
   ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs));
   ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
 
   // Import it.
   NSSCertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_->ImportCACerts(
       certs, NSSCertDatabase::TRUSTED_SSL | NSSCertDatabase::TRUSTED_EMAIL |
       NSSCertDatabase::TRUSTED_OBJ_SIGN, &failed));
 
   ASSERT_EQ(2U, failed.size());
   // TODO(mattm): should check for net error equivalent of
   // SEC_ERROR_UNKNOWN_ISSUER
   EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name);
-  EXPECT_EQ(ERR_FAILED, failed[0].net_error);
+  EXPECT_THAT(failed[0].net_error, IsError(ERR_FAILED));
   EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
-  EXPECT_EQ(ERR_FAILED, failed[1].net_error);
+  EXPECT_THAT(failed[1].net_error, IsError(ERR_FAILED));
 
   CertificateList cert_list = ListCerts();
   ASSERT_EQ(1U, cert_list.size());
   EXPECT_EQ("Test Root CA", cert_list[0]->subject().common_name);
 }
 
 // http://crbug.com/108009 - Disabled, as google.chain.pem is an expired
 // certificate.
 TEST_F(CertDatabaseNSSTest, DISABLED_ImportServerCert) {
   // Need to import intermediate cert for the verify of google cert, otherwise
@@ skipping 21 matching lines @@
             cert_db_->GetCertTrust(goog_cert.get(), SERVER_CERT));
 
   EXPECT_EQ(0U, goog_cert->os_cert_handle()->trust->sslFlags);
 
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(goog_cert.get(), "www.google.com", std::string(),
                           flags, NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(OK, error);
+  EXPECT_THAT(error, IsOk());
   EXPECT_EQ(0U, verify_result.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) {
   CertificateList certs;
   ASSERT_TRUE(ReadCertIntoList("punycodetest.pem", &certs));
 
   NSSCertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_->ImportServerCert(certs, NSSCertDatabase::TRUST_DEFAULT,
                                          &failed));
 
   EXPECT_EQ(0U, failed.size());
 
   CertificateList cert_list = ListCerts();
   ASSERT_EQ(1U, cert_list.size());
   scoped_refptr<X509Certificate> puny_cert(cert_list[0]);
 
   EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
             cert_db_->GetCertTrust(puny_cert.get(), SERVER_CERT));
   EXPECT_EQ(0U, puny_cert->os_cert_handle()->trust->sslFlags);
 
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(puny_cert.get(), "xn--wgv71a119e.com", std::string(),
                           flags, NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
+  EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));
   EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) {
   CertificateList certs;
   ASSERT_TRUE(ReadCertIntoList("punycodetest.pem", &certs));
 
   NSSCertDatabase::ImportCertFailureList failed;
   EXPECT_TRUE(cert_db_->ImportServerCert(certs, NSSCertDatabase::TRUSTED_SSL,
                                          &failed));
 
   EXPECT_EQ(0U, failed.size());
 
   CertificateList cert_list = ListCerts();
   ASSERT_EQ(1U, cert_list.size());
   scoped_refptr<X509Certificate> puny_cert(cert_list[0]);
 
   EXPECT_EQ(NSSCertDatabase::TRUSTED_SSL,
             cert_db_->GetCertTrust(puny_cert.get(), SERVER_CERT));
   EXPECT_EQ(unsigned(CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD),
             puny_cert->os_cert_handle()->trust->sslFlags);
 
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(puny_cert.get(), "xn--wgv71a119e.com", std::string(),
                           flags, NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(OK, error);
+  EXPECT_THAT(error, IsOk());
   EXPECT_EQ(0U, verify_result.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) {
   CertificateList ca_certs = CreateCertificateListFromFile(
       GetTestCertsDirectory(), "root_ca_cert.pem",
       X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, ca_certs.size());
 
   // Import CA cert and trust it.
@@ skipping 12 matching lines @@
                                          &failed));
   EXPECT_EQ(0U, failed.size());
 
   // Server cert should verify.
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                           NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(OK, error);
+  EXPECT_THAT(error, IsOk());
   EXPECT_EQ(0U, verify_result.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
   CertificateList ca_certs = CreateCertificateListFromFile(
       GetTestCertsDirectory(), "root_ca_cert.pem",
       X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, ca_certs.size());
 
   // Import CA cert and trust it.
@@ skipping 18 matching lines @@
   EXPECT_EQ(unsigned(CERTDB_TERMINAL_RECORD),
             certs[0]->os_cert_handle()->trust->sslFlags);
 
   // Server cert should fail to verify.
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                           NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(ERR_CERT_REVOKED, error);
+  EXPECT_THAT(error, IsError(ERR_CERT_REVOKED));
   EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
   CertificateList ca_certs = CreateCertificateListFromFile(
       GetTestCertsDirectory(), "2048-rsa-root.pem",
       X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, ca_certs.size());
 
   // Import Root CA cert and distrust it.
@@ skipping 24 matching lines @@
   EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
             cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
 
   // Server cert should verify.
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                           NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(OK, error);
+  EXPECT_THAT(error, IsOk());
   EXPECT_EQ(0U, verify_result.cert_status);
 
   // Trust the root cert and distrust the intermediate.
   EXPECT_TRUE(cert_db_->SetCertTrust(
       ca_certs[0].get(), CA_CERT, NSSCertDatabase::TRUSTED_SSL));
   EXPECT_TRUE(cert_db_->SetCertTrust(
       intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::DISTRUSTED_SSL));
   EXPECT_EQ(
       unsigned(CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA),
       ca_certs[0]->os_cert_handle()->trust->sslFlags);
   EXPECT_EQ(unsigned(CERTDB_VALID_CA),
             ca_certs[0]->os_cert_handle()->trust->emailFlags);
   EXPECT_EQ(unsigned(CERTDB_VALID_CA),
             ca_certs[0]->os_cert_handle()->trust->objectSigningFlags);
   EXPECT_EQ(unsigned(CERTDB_TERMINAL_RECORD),
             intermediate_certs[0]->os_cert_handle()->trust->sslFlags);
   EXPECT_EQ(unsigned(CERTDB_VALID_CA),
             intermediate_certs[0]->os_cert_handle()->trust->emailFlags);
   EXPECT_EQ(
       unsigned(CERTDB_VALID_CA),
       intermediate_certs[0]->os_cert_handle()->trust->objectSigningFlags);
 
   // Server cert should fail to verify.
   CertVerifyResult verify_result2;
   error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                               NULL, empty_cert_list_, &verify_result2);
-  EXPECT_EQ(ERR_CERT_REVOKED, error);
+  EXPECT_THAT(error, IsError(ERR_CERT_REVOKED));
   EXPECT_EQ(CERT_STATUS_REVOKED, verify_result2.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
   if (NSS_VersionCheck("3.14.2") && !NSS_VersionCheck("3.15")) {
     // See http://bugzil.la/863947 for details.
     LOG(INFO) << "Skipping test for NSS 3.14.2 - NSS 3.15";
     return;
   }
 
@@ skipping 21 matching lines @@
   EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
             cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
 
   // Server cert should verify.
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                           NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(OK, error);
+  EXPECT_THAT(error, IsOk());
   EXPECT_EQ(0U, verify_result.cert_status);
 
   // Without explicit trust of the intermediate, verification should fail.
   EXPECT_TRUE(cert_db_->SetCertTrust(
       intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
 
   // Server cert should fail to verify.
   CertVerifyResult verify_result2;
   error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                               NULL, empty_cert_list_, &verify_result2);
-  EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
+  EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));
   EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
   if (NSS_VersionCheck("3.14.2") && !NSS_VersionCheck("3.15")) {
     // See http://bugzil.la/863947 for details.
     LOG(INFO) << "Skipping test for NSS 3.14.2 - NSS 3.15";
     return;
   }
 
@@ skipping 31 matching lines @@
   EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
             cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
 
   // Server cert should verify.
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                           NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(OK, error);
+  EXPECT_THAT(error, IsOk());
   EXPECT_EQ(0U, verify_result.cert_status);
 
   // Without explicit trust of the intermediate, verification should fail.
   EXPECT_TRUE(cert_db_->SetCertTrust(
       intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
 
   // Server cert should fail to verify.
   CertVerifyResult verify_result2;
   error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                               NULL, empty_cert_list_, &verify_result2);
-  EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
+  EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));
   EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status);
 }
 
 TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
   NSSCertDatabase::ImportCertFailureList failed;
 
   CertificateList ca_certs = CreateCertificateListFromFile(
       GetTestCertsDirectory(), "2048-rsa-root.pem",
       X509Certificate::FORMAT_AUTO);
   ASSERT_EQ(1U, ca_certs.size());
@@ skipping 25 matching lines @@
   EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
             cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
 
   // Server cert should not verify.
   scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
   int flags = 0;
   CertVerifyResult verify_result;
   int error =
       verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                           NULL, empty_cert_list_, &verify_result);
-  EXPECT_EQ(ERR_CERT_REVOKED, error);
+  EXPECT_THAT(error, IsError(ERR_CERT_REVOKED));
   EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status);
 
   // Without explicit distrust of the intermediate, verification should succeed.
   EXPECT_TRUE(cert_db_->SetCertTrust(
       intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
 
   // Server cert should verify.
   CertVerifyResult verify_result2;
   error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
                               NULL, empty_cert_list_, &verify_result2);
-  EXPECT_EQ(OK, error);
+  EXPECT_THAT(error, IsOk());
   EXPECT_EQ(0U, verify_result2.cert_status);
 }
 
 // Importing two certificates with the same issuer and subject common name,
 // but overall distinct subject names, should succeed and generate a unique
 // nickname for the second certificate.
 TEST_F(CertDatabaseNSSTest, ImportDuplicateCommonName) {
   CertificateList certs =
       CreateCertificateListFromFile(GetTestCertsDirectory(),
                                     "duplicate_cn_1.pem",
@@ skipping 27 matching lines @@
   EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
             cert_db_->GetCertTrust(certs2[0].get(), SERVER_CERT));
 
   new_certs = ListCerts();
   ASSERT_EQ(2U, new_certs.size());
   EXPECT_STRNE(new_certs[0]->os_cert_handle()->nickname,
                new_certs[1]->os_cert_handle()->nickname);
 }
 
 }  // namespace net