| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/test_root_certs.h" | 5 #include "net/cert/test_root_certs.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 25 matching lines...) Expand all Loading... |
| 36 | 36 |
| 37 // The original trust settings, before |certificate_| was manipulated to | 37 // The original trust settings, before |certificate_| was manipulated to |
| 38 // be a temporarily trusted root. | 38 // be a temporarily trusted root. |
| 39 CERTCertTrust trust_; | 39 CERTCertTrust trust_; |
| 40 | 40 |
| 41 DISALLOW_COPY_AND_ASSIGN(TrustEntry); | 41 DISALLOW_COPY_AND_ASSIGN(TrustEntry); |
| 42 }; | 42 }; |
| 43 | 43 |
| 44 TestRootCerts::TrustEntry::TrustEntry(CERTCertificate* certificate, | 44 TestRootCerts::TrustEntry::TrustEntry(CERTCertificate* certificate, |
| 45 const CERTCertTrust& trust) | 45 const CERTCertTrust& trust) |
| 46 : certificate_(CERT_DupCertificate(certificate)), | 46 : certificate_(CERT_DupCertificate(certificate)), trust_(trust) { |
| 47 trust_(trust) { | |
| 48 } | 47 } |
| 49 | 48 |
| 50 TestRootCerts::TrustEntry::~TrustEntry() { | 49 TestRootCerts::TrustEntry::~TrustEntry() { |
| 51 CERT_DestroyCertificate(certificate_); | 50 CERT_DestroyCertificate(certificate_); |
| 52 } | 51 } |
| 53 | 52 |
| 54 bool TestRootCerts::Add(X509Certificate* certificate) { | 53 bool TestRootCerts::Add(X509Certificate* certificate) { |
| 55 #if defined(OS_IOS) | 54 #if defined(OS_IOS) |
| 56 x509_util_ios::NSSCertificate nss_certificate(certificate->os_cert_handle()); | 55 x509_util_ios::NSSCertificate nss_certificate(certificate->os_cert_handle()); |
| 57 CERTCertificate* cert_handle = nss_certificate.cert_handle(); | 56 CERTCertificate* cert_handle = nss_certificate.cert_handle(); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 90 return true; | 89 return true; |
| 91 } | 90 } |
| 92 | 91 |
| 93 void TestRootCerts::Clear() { | 92 void TestRootCerts::Clear() { |
| 94 // Restore the certificate trusts to what they were originally, before | 93 // Restore the certificate trusts to what they were originally, before |
| 95 // Add() was called. Work from the rear first, since if a certificate was | 94 // Add() was called. Work from the rear first, since if a certificate was |
| 96 // added twice, the second entry's original trust status will be that of | 95 // added twice, the second entry's original trust status will be that of |
| 97 // the first entry, while the first entry contains the desired resultant | 96 // the first entry, while the first entry contains the desired resultant |
| 98 // status. | 97 // status. |
| 99 for (std::list<TrustEntry*>::reverse_iterator it = trust_cache_.rbegin(); | 98 for (std::list<TrustEntry*>::reverse_iterator it = trust_cache_.rbegin(); |
| 100 it != trust_cache_.rend(); ++it) { | 99 it != trust_cache_.rend(); |
| 100 ++it) { |
| 101 CERTCertTrust original_trust = (*it)->trust(); | 101 CERTCertTrust original_trust = (*it)->trust(); |
| 102 SECStatus rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), | 102 SECStatus rv = CERT_ChangeCertTrust( |
| 103 (*it)->certificate(), | 103 CERT_GetDefaultCertDB(), (*it)->certificate(), &original_trust); |
| 104 &original_trust); | |
| 105 // DCHECK(), rather than LOG(), as a failure to restore the original | 104 // DCHECK(), rather than LOG(), as a failure to restore the original |
| 106 // trust can cause flake or hard-to-trace errors in any unit tests that | 105 // trust can cause flake or hard-to-trace errors in any unit tests that |
| 107 // occur after Clear() has been called. | 106 // occur after Clear() has been called. |
| 108 DCHECK_EQ(SECSuccess, rv) << "Cannot restore certificate trust."; | 107 DCHECK_EQ(SECSuccess, rv) << "Cannot restore certificate trust."; |
| 109 } | 108 } |
| 110 STLDeleteElements(&trust_cache_); | 109 STLDeleteElements(&trust_cache_); |
| 111 } | 110 } |
| 112 | 111 |
| 113 bool TestRootCerts::IsEmpty() const { | 112 bool TestRootCerts::IsEmpty() const { |
| 114 return trust_cache_.empty(); | 113 return trust_cache_.empty(); |
| 115 } | 114 } |
| 116 | 115 |
| 117 #if defined(USE_NSS) | 116 #if defined(USE_NSS) |
| 118 bool TestRootCerts::Contains(CERTCertificate* cert) const { | 117 bool TestRootCerts::Contains(CERTCertificate* cert) const { |
| 119 for (std::list<TrustEntry*>::const_iterator it = trust_cache_.begin(); | 118 for (std::list<TrustEntry*>::const_iterator it = trust_cache_.begin(); |
| 120 it != trust_cache_.end(); ++it) { | 119 it != trust_cache_.end(); |
| 120 ++it) { |
| 121 if (X509Certificate::IsSameOSCert(cert, (*it)->certificate())) | 121 if (X509Certificate::IsSameOSCert(cert, (*it)->certificate())) |
| 122 return true; | 122 return true; |
| 123 } | 123 } |
| 124 return false; | 124 return false; |
| 125 } | 125 } |
| 126 #endif | 126 #endif |
| 127 | 127 |
| 128 TestRootCerts::~TestRootCerts() { | 128 TestRootCerts::~TestRootCerts() { |
| 129 Clear(); | 129 Clear(); |
| 130 } | 130 } |
| 131 | 131 |
| 132 void TestRootCerts::Init() { | 132 void TestRootCerts::Init() { |
| 133 crypto::EnsureNSSInit(); | 133 crypto::EnsureNSSInit(); |
| 134 } | 134 } |
| 135 | 135 |
| 136 } // namespace net | 136 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
