net/ssl/client_cert_store_nss_unittest.cc - Issue 2411023002: *WIP* Mac Unittest for client cert selection with intermediate certs

Unified Diff: net/ssl/client_cert_store_nss_unittest.cc

Issue 2411023002: *WIP* Mac Unittest for client cert selection with intermediate certs

Patch Set: rebase Created 4 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: net/ssl/client_cert_store_nss_unittest.cc

diff --git a/net/ssl/client_cert_store_nss_unittest.cc b/net/ssl/client_cert_store_nss_unittest.cc

index bc222e87696cb7ae3cfacb263a31af9e3d711a4f..36f86d6aa339484ee3563ab4d5ea5dc1c946d40b 100644

--- a/net/ssl/client_cert_store_nss_unittest.cc

+++ b/net/ssl/client_cert_store_nss_unittest.cc

@@ -41,66 +41,49 @@ INSTANTIATE_TYPED_TEST_CASE_P(NSS,

ClientCertStoreTest,

ClientCertStoreNSSTestDelegate);

-// Tests that ClientCertStoreNSS attempts to build a certificate chain by

-// querying NSS before return a certificate.

-TEST(ClientCertStoreNSSTest, BuildsCertificateChain) {

- // Set up a test DB and import client_1.pem and client_1_ca.pem.

- crypto::ScopedTestNSSDB test_db;

- scoped_refptr<X509Certificate> client_1(ImportClientCertAndKeyFromFile(

- GetTestCertsDirectory(), "client_1.pem", "client_1.pk8", test_db.slot()));

- ASSERT_TRUE(client_1.get());

- scoped_refptr<X509Certificate> client_1_ca(

- ImportCertFromFile(GetTestCertsDirectory(), "client_1_ca.pem"));

- ASSERT_TRUE(client_1_ca.get());

- ASSERT_EQ(SECSuccess,

- PK11_ImportCert(test_db.slot(), client_1_ca->os_cert_handle(),

- CK_INVALID_HANDLE, "client_1_ca",

- PR_FALSE /* includeTrust (unused) */));

- std::unique_ptr<ClientCertStoreNSS> store(

- new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory()));

- {

- // Request certificates matching B CA, |client_1|'s issuer.

- scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);

- request->cert_authorities.push_back(std::string(

- reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN)));

- CertificateList selected_certs;

- base::RunLoop loop;

- store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure());

- loop.Run();

+class ClientCertStoreChainNSSTestDelegate {

+ public:

+ ClientCertStoreChainNSSTestDelegate() {}

+ scoped_refptr<X509Certificate> ImportClientCert(const std::string& name) {

+ return ImportClientCertAndKeyFromFile(

+ GetTestCertsDirectory(), name + ".pem", name + ".pk8", test_db.slot());

+ }

- // The result be |client_1| with no intermediates.

- ASSERT_EQ(1u, selected_certs.size());

- scoped_refptr<X509Certificate> selected_cert = selected_certs[0];

- EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),

- selected_cert->os_cert_handle()));

- ASSERT_EQ(0u, selected_cert->GetIntermediateCertificates().size());

+ scoped_refptr<X509Certificate> ImportClientIntermediate(

+ const std::string& name) {

+ scoped_refptr<X509Certificate> client_ca(

+ ImportCertFromFile(GetTestCertsDirectory(), name + ".pem"));

+ if (!client_ca)

+ return nullptr;

+ SECStatus rv = PK11_ImportCert(test_db.slot(), client_ca->os_cert_handle(),

+ CK_INVALID_HANDLE, name.c_str(),

+ PR_FALSE /* includeTrust (unused) */);

+ EXPECT_EQ(SECSuccess, rv);

+ if (rv != SECSuccess)

+ return nullptr;

+ return client_ca;

}

- {

- // Request certificates matching C Root CA, |client_1_ca|'s issuer.

- scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);

- request->cert_authorities.push_back(

- std::string(reinterpret_cast<const char*>(kAuthorityRootDN),

- sizeof(kAuthorityRootDN)));

+ void GetClientCerts(const SSLCertRequestInfo& cert_request_info,

+ CertificateList* selected_certs) {

+ std::unique_ptr<ClientCertStoreNSS> store(

+ new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory()));

- CertificateList selected_certs;

base::RunLoop loop;

- store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure());

+ store->GetClientCerts(cert_request_info, selected_certs,

+ loop.QuitClosure());

loop.Run();

- // The result be |client_1| with |client_1_ca| as an intermediate.

- ASSERT_EQ(1u, selected_certs.size());

- scoped_refptr<X509Certificate> selected_cert = selected_certs[0];

- EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),

- selected_cert->os_cert_handle()));

- ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size());

- EXPECT_TRUE(X509Certificate::IsSameOSCert(

- client_1_ca->os_cert_handle(),

- selected_cert->GetIntermediateCertificates()[0]));

+ // return true;

}

+ protected:

+ crypto::ScopedTestNSSDB test_db;

+};

+INSTANTIATE_TYPED_TEST_CASE_P(NSS,

+ ClientCertStoreChainTest,

+ ClientCertStoreChainNSSTestDelegate);

} // namespace net

« no previous file with comments | « net/ssl/client_cert_store_mac_unittest.cc ('k') | net/ssl/client_cert_store_unittest-inl.h » ('j') | no next file with comments »