| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/trust_store_nss.h" | 5 #include "net/cert/internal/trust_store_nss.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 | 9 |
| 10 #include "base/memory/ptr_util.h" | 10 #include "base/memory/ptr_util.h" |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 99 CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA | CERTDB_VALID_CA; | 99 CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA | CERTDB_VALID_CA; |
| 100 SECStatus srv = | 100 SECStatus srv = |
| 101 CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nss_cert.get(), &trust); | 101 CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nss_cert.get(), &trust); |
| 102 ASSERT_EQ(SECSuccess, srv); | 102 ASSERT_EQ(SECSuccess, srv); |
| 103 } | 103 } |
| 104 | 104 |
| 105 protected: | 105 protected: |
| 106 bool TrustStoreContains(scoped_refptr<ParsedCertificate> cert, | 106 bool TrustStoreContains(scoped_refptr<ParsedCertificate> cert, |
| 107 TrustAnchors expected_matches) { | 107 TrustAnchors expected_matches) { |
| 108 TrustAnchors matches; | 108 TrustAnchors matches; |
| 109 trust_store_nss_->FindTrustAnchorsForCert(cert, &matches); | 109 ParsedCertificateList intermediates; |
| 110 trust_store_nss_->FindIssuers(cert, &matches, &intermediates); |
| 110 | 111 |
| 111 std::vector<der::Input> der_result_matches; | 112 std::vector<der::Input> der_result_matches; |
| 112 for (const auto& it : matches) | 113 for (const auto& it : matches) |
| 113 der_result_matches.push_back(it->cert()->der_cert()); | 114 der_result_matches.push_back(it->cert()->der_cert()); |
| 114 std::sort(der_result_matches.begin(), der_result_matches.end()); | 115 std::sort(der_result_matches.begin(), der_result_matches.end()); |
| 115 | 116 |
| 116 std::vector<der::Input> der_expected_matches; | 117 std::vector<der::Input> der_expected_matches; |
| 117 for (const auto& it : expected_matches) | 118 for (const auto& it : expected_matches) |
| 118 der_expected_matches.push_back(it->cert()->der_cert()); | 119 der_expected_matches.push_back(it->cert()->der_cert()); |
| 119 std::sort(der_expected_matches.begin(), der_expected_matches.end()); | 120 std::sort(der_expected_matches.begin(), der_expected_matches.end()); |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 192 TEST_F(TrustStoreNSSTest, MultipleTrustedCAWithSameSubject) { | 193 TEST_F(TrustStoreNSSTest, MultipleTrustedCAWithSameSubject) { |
| 193 AddCertsToNSS(); | 194 AddCertsToNSS(); |
| 194 TrustCert(oldroot_.get()); | 195 TrustCert(oldroot_.get()); |
| 195 TrustCert(newroot_.get()); | 196 TrustCert(newroot_.get()); |
| 196 EXPECT_TRUE(TrustStoreContains(target_, TrustAnchors())); | 197 EXPECT_TRUE(TrustStoreContains(target_, TrustAnchors())); |
| 197 EXPECT_TRUE(TrustStoreContains(newintermediate_, {newroot_, oldroot_})); | 198 EXPECT_TRUE(TrustStoreContains(newintermediate_, {newroot_, oldroot_})); |
| 198 EXPECT_TRUE(TrustStoreContains(oldintermediate_, {newroot_, oldroot_})); | 199 EXPECT_TRUE(TrustStoreContains(oldintermediate_, {newroot_, oldroot_})); |
| 199 EXPECT_TRUE(TrustStoreContains(oldroot_->cert(), {newroot_, oldroot_})); | 200 EXPECT_TRUE(TrustStoreContains(oldroot_->cert(), {newroot_, oldroot_})); |
| 200 } | 201 } |
| 201 | 202 |
| 203 // TODO(eroman): Adapt these tests before landing CL. |
| 204 #if 0 |
| 205 class CertIssuerSourceNSSTestDelegate { |
| 206 public: |
| 207 void AddCert(scoped_refptr<ParsedCertificate> cert) { |
| 208 ASSERT_TRUE(test_nssdb_.is_open()); |
| 209 std::string nickname = GetUniqueNickname(); |
| 210 ScopedCERTCertificate nss_cert( |
| 211 X509Certificate::CreateOSCertHandleFromBytesWithNickname( |
| 212 cert->der_cert().AsStringPiece().data(), cert->der_cert().Length(), |
| 213 nickname.c_str())); |
| 214 ASSERT_TRUE(nss_cert); |
| 215 SECStatus srv = |
| 216 PK11_ImportCert(test_nssdb_.slot(), nss_cert.get(), CK_INVALID_HANDLE, |
| 217 nickname.c_str(), PR_FALSE /* includeTrust (unused) */); |
| 218 ASSERT_EQ(SECSuccess, srv); |
| 219 } |
| 220 |
| 221 CertIssuerSource& source() { return cert_issuer_source_nss_; } |
| 222 |
| 223 protected: |
| 224 std::string GetUniqueNickname() { |
| 225 return "cert_issuer_source_nss_unittest" + |
| 226 base::UintToString(nickname_counter_++); |
| 227 } |
| 228 |
| 229 crypto::ScopedTestNSSDB test_nssdb_; |
| 230 CertIssuerSourceNSS cert_issuer_source_nss_; |
| 231 unsigned int nickname_counter_ = 0; |
| 232 }; |
| 233 |
| 234 INSTANTIATE_TYPED_TEST_CASE_P(CertIssuerSourceNSSTest, |
| 235 CertIssuerSourceSyncTest, |
| 236 CertIssuerSourceNSSTestDelegate); |
| 237 |
| 238 // NSS doesn't normalize UTF8String values, so use the not-normalized version of |
| 239 // those tests. |
| 240 INSTANTIATE_TYPED_TEST_CASE_P(CertIssuerSourceNSSNotNormalizedTest, |
| 241 CertIssuerSourceSyncNotNormalizedTest, |
| 242 CertIssuerSourceNSSTestDelegate); |
| 243 #endif |
| 244 |
| 202 } // namespace | 245 } // namespace |
| 203 | 246 |
| 204 } // namespace net | 247 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2832703002:
Allow the TrustStore interface to return matching intermediates, and identify distrusted certs. (Closed)
