| Index: net/cert/nss_cert_database_unittest.cc
|
| diff --git a/net/cert/nss_cert_database_unittest.cc b/net/cert/nss_cert_database_unittest.cc
|
| index 3f66b565301acc79dfb498b85c875d34b98a136d..9e20f886defc41cb992eb509dd9921b3c271b97d 100644
|
| --- a/net/cert/nss_cert_database_unittest.cc
|
| +++ b/net/cert/nss_cert_database_unittest.cc
|
| @@ -30,10 +30,15 @@
|
| #include "net/cert/cert_verify_result.h"
|
| #include "net/cert/x509_certificate.h"
|
| #include "net/test/cert_test_util.h"
|
| +#include "net/test/gtest_util.h"
|
| #include "net/test/test_data_directory.h"
|
| #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h"
|
| +#include "testing/gmock/include/gmock/gmock.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
|
|
| +using net::test::IsError;
|
| +using net::test::IsOk;
|
| +
|
| // In NSS 3.13, CERTDB_VALID_PEER was renamed CERTDB_TERMINAL_RECORD. So we use
|
| // the new name of the macro.
|
| #if !defined(CERTDB_TERMINAL_RECORD)
|
| @@ -390,7 +395,7 @@ TEST_F(CertDatabaseNSSTest, ImportCA_NotCACert) {
|
| // ImportCACerts returns the same pointers that were passed in. In the
|
| // general case IsSameOSCert should be used.
|
| EXPECT_EQ(certs[0], failed[0].certificate);
|
| - EXPECT_EQ(ERR_IMPORT_CA_CERT_NOT_CA, failed[0].net_error);
|
| + EXPECT_THAT(failed[0].net_error, IsError(ERR_IMPORT_CA_CERT_NOT_CA));
|
|
|
| EXPECT_EQ(0U, ListCerts().size());
|
| }
|
| @@ -413,9 +418,10 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchy) {
|
|
|
| ASSERT_EQ(2U, failed.size());
|
| EXPECT_EQ("DOD CA-17", failed[0].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_FAILED, failed[0].net_error); // The certificate expired.
|
| + EXPECT_THAT(failed[0].net_error,
|
| + IsError(ERR_FAILED)); // The certificate expired.
|
| EXPECT_EQ("www.us.army.mil", failed[1].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_IMPORT_CA_CERT_NOT_CA, failed[1].net_error);
|
| + EXPECT_THAT(failed[1].net_error, IsError(ERR_IMPORT_CA_CERT_NOT_CA));
|
|
|
| CertificateList cert_list = ListCerts();
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -449,11 +455,12 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyDupeRoot) {
|
|
|
| ASSERT_EQ(3U, failed.size());
|
| EXPECT_EQ("DoD Root CA 2", failed[0].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_IMPORT_CERT_ALREADY_EXISTS, failed[0].net_error);
|
| + EXPECT_THAT(failed[0].net_error, IsError(ERR_IMPORT_CERT_ALREADY_EXISTS));
|
| EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_FAILED, failed[1].net_error); // The certificate expired.
|
| + EXPECT_THAT(failed[1].net_error,
|
| + IsError(ERR_FAILED)); // The certificate expired.
|
| EXPECT_EQ("www.us.army.mil", failed[2].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_IMPORT_CA_CERT_NOT_CA, failed[2].net_error);
|
| + EXPECT_THAT(failed[2].net_error, IsError(ERR_IMPORT_CA_CERT_NOT_CA));
|
|
|
| cert_list = ListCerts();
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -474,7 +481,7 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyUntrusted) {
|
| EXPECT_EQ("DOD CA-17", failed[0].certificate->subject().common_name);
|
| // TODO(mattm): should check for net error equivalent of
|
| // SEC_ERROR_UNTRUSTED_ISSUER
|
| - EXPECT_EQ(ERR_FAILED, failed[0].net_error);
|
| + EXPECT_THAT(failed[0].net_error, IsError(ERR_FAILED));
|
|
|
| CertificateList cert_list = ListCerts();
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -495,9 +502,11 @@ TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyTree) {
|
|
|
| EXPECT_EQ(2U, failed.size());
|
| EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_FAILED, failed[0].net_error); // The certificate expired.
|
| + EXPECT_THAT(failed[0].net_error,
|
| + IsError(ERR_FAILED)); // The certificate expired.
|
| EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_FAILED, failed[1].net_error); // The certificate expired.
|
| + EXPECT_THAT(failed[1].net_error,
|
| + IsError(ERR_FAILED)); // The certificate expired.
|
|
|
| CertificateList cert_list = ListCerts();
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -522,9 +531,9 @@ TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) {
|
| // TODO(mattm): should check for net error equivalent of
|
| // SEC_ERROR_UNKNOWN_ISSUER
|
| EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_FAILED, failed[0].net_error);
|
| + EXPECT_THAT(failed[0].net_error, IsError(ERR_FAILED));
|
| EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
|
| - EXPECT_EQ(ERR_FAILED, failed[1].net_error);
|
| + EXPECT_THAT(failed[1].net_error, IsError(ERR_FAILED));
|
|
|
| CertificateList cert_list = ListCerts();
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -566,7 +575,7 @@ TEST_F(CertDatabaseNSSTest, DISABLED_ImportServerCert) {
|
| int error =
|
| verify_proc->Verify(goog_cert.get(), "www.google.com", std::string(),
|
| flags, NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| + EXPECT_THAT(error, IsOk());
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| }
|
|
|
| @@ -594,7 +603,7 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) {
|
| int error =
|
| verify_proc->Verify(puny_cert.get(), "xn--wgv71a119e.com", std::string(),
|
| flags, NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
|
| + EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));
|
| EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status);
|
| }
|
|
|
| @@ -623,7 +632,7 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) {
|
| int error =
|
| verify_proc->Verify(puny_cert.get(), "xn--wgv71a119e.com", std::string(),
|
| flags, NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| + EXPECT_THAT(error, IsOk());
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| }
|
|
|
| @@ -656,7 +665,7 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) {
|
| int error =
|
| verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| + EXPECT_THAT(error, IsOk());
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| }
|
|
|
| @@ -695,7 +704,7 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
|
| int error =
|
| verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED));
|
| EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status);
|
| }
|
|
|
| @@ -740,7 +749,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
| int error =
|
| verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| + EXPECT_THAT(error, IsOk());
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
|
|
| // Trust the root cert and distrust the intermediate.
|
| @@ -767,7 +776,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
| CertVerifyResult verify_result2;
|
| error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result2);
|
| - EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED));
|
| EXPECT_EQ(CERT_STATUS_REVOKED, verify_result2.cert_status);
|
| }
|
|
|
| @@ -809,7 +818,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
| int error =
|
| verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| + EXPECT_THAT(error, IsOk());
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
|
|
| // Without explicit trust of the intermediate, verification should fail.
|
| @@ -820,7 +829,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
| CertVerifyResult verify_result2;
|
| error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result2);
|
| - EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
|
| + EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));
|
| EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status);
|
| }
|
|
|
| @@ -872,7 +881,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
| int error =
|
| verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(OK, error);
|
| + EXPECT_THAT(error, IsOk());
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
|
|
| // Without explicit trust of the intermediate, verification should fail.
|
| @@ -883,7 +892,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
| CertVerifyResult verify_result2;
|
| error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result2);
|
| - EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
|
| + EXPECT_THAT(error, IsError(ERR_CERT_AUTHORITY_INVALID));
|
| EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status);
|
| }
|
|
|
| @@ -929,7 +938,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
| int error =
|
| verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result);
|
| - EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| + EXPECT_THAT(error, IsError(ERR_CERT_REVOKED));
|
| EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status);
|
|
|
| // Without explicit distrust of the intermediate, verification should succeed.
|
| @@ -940,7 +949,7 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
| CertVerifyResult verify_result2;
|
| error = verify_proc->Verify(certs[0].get(), "127.0.0.1", std::string(), flags,
|
| NULL, empty_cert_list_, &verify_result2);
|
| - EXPECT_EQ(OK, error);
|
| + EXPECT_THAT(error, IsOk());
|
| EXPECT_EQ(0U, verify_result2.cert_status);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 2109503009:
Refactor net tests to use GMock matchers for checking net::Error results (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master