OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/cert_loader.h" | 5 #include "chromeos/cert_loader.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <memory> | 9 #include <memory> |
10 #include <utility> | 10 #include <utility> |
(...skipping 20 matching lines...) Expand all Loading... |
31 it != cert_list.end(); | 31 it != cert_list.end(); |
32 ++it) { | 32 ++it) { |
33 if (net::X509Certificate::IsSameOSCert((*it)->os_cert_handle(), | 33 if (net::X509Certificate::IsSameOSCert((*it)->os_cert_handle(), |
34 cert->os_cert_handle())) { | 34 cert->os_cert_handle())) { |
35 return true; | 35 return true; |
36 } | 36 } |
37 } | 37 } |
38 return false; | 38 return false; |
39 } | 39 } |
40 | 40 |
| 41 size_t CountCertOccurencesInCertificateList( |
| 42 const net::X509Certificate* cert, |
| 43 const net::CertificateList& cert_list) { |
| 44 size_t count = 0; |
| 45 for (net::CertificateList::const_iterator it = cert_list.begin(); |
| 46 it != cert_list.end(); ++it) { |
| 47 if (net::X509Certificate::IsSameOSCert((*it)->os_cert_handle(), |
| 48 cert->os_cert_handle())) { |
| 49 ++count; |
| 50 } |
| 51 } |
| 52 return count; |
| 53 } |
| 54 |
41 class TestNSSCertDatabase : public net::NSSCertDatabaseChromeOS { | 55 class TestNSSCertDatabase : public net::NSSCertDatabaseChromeOS { |
42 public: | 56 public: |
43 TestNSSCertDatabase(crypto::ScopedPK11Slot public_slot, | 57 TestNSSCertDatabase(crypto::ScopedPK11Slot public_slot, |
44 crypto::ScopedPK11Slot private_slot) | 58 crypto::ScopedPK11Slot private_slot) |
45 : NSSCertDatabaseChromeOS(std::move(public_slot), | 59 : NSSCertDatabaseChromeOS(std::move(public_slot), |
46 std::move(private_slot)) {} | 60 std::move(private_slot)) {} |
47 ~TestNSSCertDatabase() override {} | 61 ~TestNSSCertDatabase() override {} |
48 | 62 |
49 // Make this method visible in the public interface. | 63 // Make this method visible in the public interface. |
50 void NotifyObserversCertDBChanged() { | 64 void NotifyObserversCertDBChanged() { |
51 NSSCertDatabaseChromeOS::NotifyObserversCertDBChanged(); | 65 NSSCertDatabaseChromeOS::NotifyObserversCertDBChanged(); |
52 } | 66 } |
53 }; | 67 }; |
54 | 68 |
| 69 // Describes a client certificate along with a key, stored in |
| 70 // net::GetTestCertsDirectory(). |
| 71 struct TestClientCertWithKey { |
| 72 const char* cert_pem_filename; |
| 73 const char* key_pk8_filename; |
| 74 }; |
| 75 |
| 76 const TestClientCertWithKey TEST_CLIENT_CERT_1 = {"client_1.pem", |
| 77 "client_1.pk8"}; |
| 78 const TestClientCertWithKey TEST_CLIENT_CERT_2 = {"client_2.pem", |
| 79 "client_2.pk8"}; |
| 80 |
55 class CertLoaderTest : public testing::Test, | 81 class CertLoaderTest : public testing::Test, |
56 public CertLoader::Observer { | 82 public CertLoader::Observer { |
57 public: | 83 public: |
58 CertLoaderTest() | 84 CertLoaderTest() |
59 : cert_loader_(nullptr), | 85 : cert_loader_(nullptr), |
60 scoped_task_scheduler_(&message_loop_), | 86 scoped_task_scheduler_(&message_loop_), |
61 certificates_loaded_events_count_(0U) {} | 87 certificates_loaded_events_count_(0U) {} |
62 | 88 |
63 ~CertLoaderTest() override {} | 89 ~CertLoaderTest() override {} |
64 | 90 |
65 void SetUp() override { | 91 void SetUp() override { |
66 ASSERT_TRUE(primary_db_.is_open()); | 92 ASSERT_TRUE(primary_db_.is_open()); |
67 | 93 |
68 CertLoader::Initialize(); | 94 CertLoader::Initialize(); |
69 cert_loader_ = CertLoader::Get(); | 95 cert_loader_ = CertLoader::Get(); |
70 cert_loader_->AddObserver(this); | 96 cert_loader_->AddObserver(this); |
71 } | 97 } |
72 | 98 |
73 void TearDown() override { | 99 void TearDown() override { |
74 cert_loader_->RemoveObserver(this); | 100 cert_loader_->RemoveObserver(this); |
75 CertLoader::Shutdown(); | 101 CertLoader::Shutdown(); |
76 } | 102 } |
77 | 103 |
78 protected: | 104 protected: |
79 void StartCertLoaderWithPrimaryDB() { | 105 void StartCertLoaderWithPrimaryDB() { |
80 CreateCertDatabase(&primary_db_, &primary_certdb_); | 106 CreateCertDatabase(&primary_db_, &primary_certdb_); |
81 cert_loader_->StartWithNSSDB(primary_certdb_.get()); | 107 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
82 | 108 |
83 base::RunLoop().RunUntilIdle(); | 109 base::RunLoop().RunUntilIdle(); |
84 GetAndResetCertificatesLoadedEventsCount(); | 110 GetAndResetCertificatesLoadedEventsCount(); |
85 } | 111 } |
86 | 112 |
87 // Starts the cert loader with a primary cert database which has access to the | 113 // Starts the cert loader with a primary cert database which has access to the |
88 // system token. | 114 // system token. |
89 void StartCertLoaderWithPrimaryDBAndSystemToken() { | 115 void StartCertLoaderWithPrimaryDBAndSystemToken() { |
90 CreateCertDatabase(&primary_db_, &primary_certdb_); | 116 CreateCertDatabase(&primary_db_, &primary_certdb_); |
91 AddSystemToken(primary_certdb_.get()); | 117 AddSystemToken(primary_certdb_.get()); |
92 cert_loader_->StartWithNSSDB(primary_certdb_.get()); | 118 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
93 | 119 |
94 base::RunLoop().RunUntilIdle(); | 120 base::RunLoop().RunUntilIdle(); |
95 GetAndResetCertificatesLoadedEventsCount(); | 121 GetAndResetCertificatesLoadedEventsCount(); |
96 } | 122 } |
97 | 123 |
98 // CertLoader::Observer: | 124 // CertLoader::Observer: |
99 // The test keeps count of times the observer method was called. | 125 // The test keeps count of times the observer method was called. |
100 void OnCertificatesLoaded(const net::CertificateList& cert_list, | 126 void OnCertificatesLoaded(const net::CertificateList& cert_list, |
101 bool initial_load) override { | 127 bool initial_load) override { |
102 EXPECT_TRUE(certificates_loaded_events_count_ == 0 || !initial_load); | 128 EXPECT_TRUE(certificates_loaded_events_count_ == 0 || !initial_load); |
(...skipping 30 matching lines...) Expand all Loading... |
133 net::X509Certificate::FORMAT_AUTO); | 159 net::X509Certificate::FORMAT_AUTO); |
134 ASSERT_EQ(1U, imported_certs->size()); | 160 ASSERT_EQ(1U, imported_certs->size()); |
135 | 161 |
136 net::NSSCertDatabase::ImportCertFailureList failed; | 162 net::NSSCertDatabase::ImportCertFailureList failed; |
137 ASSERT_TRUE(database->ImportCACerts(*imported_certs, | 163 ASSERT_TRUE(database->ImportCACerts(*imported_certs, |
138 net::NSSCertDatabase::TRUST_DEFAULT, | 164 net::NSSCertDatabase::TRUST_DEFAULT, |
139 &failed)); | 165 &failed)); |
140 ASSERT_TRUE(failed.empty()); | 166 ASSERT_TRUE(failed.empty()); |
141 } | 167 } |
142 | 168 |
143 // Import a client cert and key into a PKCS11 slot. Then notify | 169 // Import a client cert described by |test_cert| and key into a PKCS11 slot. |
| 170 // Then notify |database_to_notify| (which is presumably using that slot) that |
| 171 // new certificates are available. |
| 172 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( |
| 173 TestNSSCertDatabase* database_to_notify, |
| 174 PK11SlotInfo* slot_to_use, |
| 175 const TestClientCertWithKey& test_cert) { |
| 176 // Import a client cert signed by that CA. |
| 177 scoped_refptr<net::X509Certificate> client_cert( |
| 178 net::ImportClientCertAndKeyFromFile( |
| 179 net::GetTestCertsDirectory(), test_cert.cert_pem_filename, |
| 180 test_cert.key_pk8_filename, slot_to_use)); |
| 181 database_to_notify->NotifyObserversCertDBChanged(); |
| 182 return client_cert; |
| 183 } |
| 184 |
| 185 // Import |TEST_CLIENT_CERT_1| into a PKCS11 slot. Then notify |
144 // |database_to_notify| (which is presumably using that slot) that new | 186 // |database_to_notify| (which is presumably using that slot) that new |
145 // certificates are available. | 187 // certificates are avialable. |
146 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( | 188 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( |
147 TestNSSCertDatabase* database_to_notify, | 189 TestNSSCertDatabase* database_to_notify, |
148 PK11SlotInfo* slot_to_use) { | 190 PK11SlotInfo* slot_to_use) { |
149 // Import a client cert signed by that CA. | 191 return ImportClientCertAndKey(database_to_notify, slot_to_use, |
150 scoped_refptr<net::X509Certificate> client_cert( | 192 TEST_CLIENT_CERT_1); |
151 net::ImportClientCertAndKeyFromFile(net::GetTestCertsDirectory(), | |
152 "client_1.pem", "client_1.pk8", | |
153 slot_to_use)); | |
154 database_to_notify->NotifyObserversCertDBChanged(); | |
155 return client_cert; | |
156 } | 193 } |
157 | 194 |
158 // Import a client cert into |database|'s private slot. | 195 // Import a client cert into |database|'s private slot. |
159 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( | 196 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( |
160 TestNSSCertDatabase* database) { | 197 TestNSSCertDatabase* database) { |
161 return ImportClientCertAndKey(database, database->GetPrivateSlot().get()); | 198 return ImportClientCertAndKey(database, database->GetPrivateSlot().get()); |
162 } | 199 } |
163 | 200 |
| 201 // Adds the PKCS11 slot from |system_db_| to |certdb| as system slot. |
| 202 void AddSystemToken(TestNSSCertDatabase* certdb) { |
| 203 ASSERT_TRUE(system_db_.is_open()); |
| 204 certdb->SetSystemSlot( |
| 205 crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot()))); |
| 206 } |
| 207 |
164 CertLoader* cert_loader_; | 208 CertLoader* cert_loader_; |
165 | 209 |
166 // The user is primary as the one whose certificates CertLoader handles, it | 210 // The user is primary as the one whose certificates CertLoader handles, it |
167 // has nothing to do with crypto::InitializeNSSForChromeOSUser is_primary_user | 211 // has nothing to do with crypto::InitializeNSSForChromeOSUser is_primary_user |
168 // parameter (which is irrelevant for these tests). | 212 // parameter (which is irrelevant for these tests). |
169 crypto::ScopedTestNSSDB primary_db_; | 213 crypto::ScopedTestNSSDB primary_db_; |
170 std::unique_ptr<TestNSSCertDatabase> primary_certdb_; | 214 std::unique_ptr<TestNSSCertDatabase> primary_certdb_; |
171 | 215 |
172 // Additional NSS DB simulating the system token. | 216 // Additional NSS DB simulating the system token. |
173 crypto::ScopedTestNSSDB system_db_; | 217 crypto::ScopedTestNSSDB system_db_; |
174 | 218 |
| 219 // A NSSCertDatabase which only uses the system token (simulated by |
| 220 // system_db_). |
| 221 std::unique_ptr<TestNSSCertDatabase> system_certdb_; |
| 222 |
175 base::MessageLoop message_loop_; | 223 base::MessageLoop message_loop_; |
176 | 224 |
177 private: | 225 private: |
178 // Adds the PKCS11 slot from |system_db_| to |certdb| as system slot. | |
179 void AddSystemToken(TestNSSCertDatabase* certdb) { | |
180 ASSERT_TRUE(system_db_.is_open()); | |
181 certdb->SetSystemSlot( | |
182 crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot()))); | |
183 } | |
184 | |
185 base::test::ScopedTaskScheduler scoped_task_scheduler_; | 226 base::test::ScopedTaskScheduler scoped_task_scheduler_; |
186 size_t certificates_loaded_events_count_; | 227 size_t certificates_loaded_events_count_; |
187 }; | 228 }; |
188 | 229 |
189 } // namespace | 230 } // namespace |
190 | 231 |
191 TEST_F(CertLoaderTest, Basic) { | 232 TEST_F(CertLoaderTest, BasicOnlyUserDB) { |
192 EXPECT_FALSE(cert_loader_->CertificatesLoading()); | 233 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
193 EXPECT_FALSE(cert_loader_->certificates_loaded()); | 234 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
194 | 235 |
195 CreateCertDatabase(&primary_db_, &primary_certdb_); | 236 CreateCertDatabase(&primary_db_, &primary_certdb_); |
196 cert_loader_->StartWithNSSDB(primary_certdb_.get()); | 237 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
197 | 238 |
198 EXPECT_FALSE(cert_loader_->certificates_loaded()); | 239 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
199 EXPECT_TRUE(cert_loader_->CertificatesLoading()); | 240 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 241 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
| 242 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 243 |
| 244 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 245 base::RunLoop().RunUntilIdle(); |
| 246 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 247 |
| 248 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 249 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 250 |
| 251 // Default CA cert roots should get loaded. |
| 252 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
| 253 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 254 } |
| 255 |
| 256 TEST_F(CertLoaderTest, BasicOnlySystemDB) { |
| 257 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 258 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 259 |
| 260 CreateCertDatabase(&system_db_, &system_certdb_); |
| 261 cert_loader_->SetSystemNSSDB(system_certdb_.get()); |
| 262 |
| 263 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 264 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
200 EXPECT_TRUE(cert_loader_->all_certs().empty()); | 265 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
201 | 266 |
202 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 267 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
203 base::RunLoop().RunUntilIdle(); | 268 base::RunLoop().RunUntilIdle(); |
204 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 269 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
205 | 270 |
206 EXPECT_TRUE(cert_loader_->certificates_loaded()); | 271 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
207 EXPECT_FALSE(cert_loader_->CertificatesLoading()); | 272 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
208 | 273 |
209 // Default CA cert roots should get loaded. | 274 // Default CA cert roots should get loaded. |
210 EXPECT_FALSE(cert_loader_->all_certs().empty()); | 275 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
211 } | 276 } |
212 | 277 |
| 278 // Tests the CertLoader with a system DB and then with an additional user DB |
| 279 // which does not have access to the system token. |
| 280 TEST_F(CertLoaderTest, SystemAndUnaffiliatedUserDB) { |
| 281 CreateCertDatabase(&system_db_, &system_certdb_); |
| 282 scoped_refptr<net::X509Certificate> system_token_cert(ImportClientCertAndKey( |
| 283 system_certdb_.get(), system_db_.slot(), TEST_CLIENT_CERT_1)); |
| 284 |
| 285 CreateCertDatabase(&primary_db_, &primary_certdb_); |
| 286 scoped_refptr<net::X509Certificate> user_token_cert(ImportClientCertAndKey( |
| 287 primary_certdb_.get(), primary_db_.slot(), TEST_CLIENT_CERT_2)); |
| 288 |
| 289 base::RunLoop().RunUntilIdle(); |
| 290 |
| 291 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 292 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 293 |
| 294 cert_loader_->SetSystemNSSDB(system_certdb_.get()); |
| 295 |
| 296 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 297 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 298 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
| 299 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 300 |
| 301 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 302 base::RunLoop().RunUntilIdle(); |
| 303 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 304 |
| 305 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 306 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 307 |
| 308 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 309 cert_loader_->system_certs())); |
| 310 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 311 cert_loader_->all_certs())); |
| 312 |
| 313 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
| 314 |
| 315 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 316 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 317 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
| 318 EXPECT_FALSE(cert_loader_->system_certs().empty()); |
| 319 |
| 320 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 321 base::RunLoop().RunUntilIdle(); |
| 322 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 323 |
| 324 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 325 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 326 |
| 327 EXPECT_FALSE(IsCertInCertificateList(user_token_cert.get(), |
| 328 cert_loader_->system_certs())); |
| 329 EXPECT_TRUE(IsCertInCertificateList(user_token_cert.get(), |
| 330 cert_loader_->all_certs())); |
| 331 } |
| 332 |
| 333 // Tests the CertLoader with a system DB and then with an additional user DB |
| 334 // which has access to the system token. |
| 335 TEST_F(CertLoaderTest, SystemAndAffiliatedUserDB) { |
| 336 CreateCertDatabase(&system_db_, &system_certdb_); |
| 337 scoped_refptr<net::X509Certificate> system_token_cert(ImportClientCertAndKey( |
| 338 system_certdb_.get(), system_db_.slot(), TEST_CLIENT_CERT_1)); |
| 339 |
| 340 CreateCertDatabase(&primary_db_, &primary_certdb_); |
| 341 scoped_refptr<net::X509Certificate> user_token_cert(ImportClientCertAndKey( |
| 342 primary_certdb_.get(), primary_db_.slot(), TEST_CLIENT_CERT_2)); |
| 343 |
| 344 AddSystemToken(primary_certdb_.get()); |
| 345 base::RunLoop().RunUntilIdle(); |
| 346 |
| 347 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 348 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 349 |
| 350 cert_loader_->SetSystemNSSDB(system_certdb_.get()); |
| 351 |
| 352 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 353 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 354 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
| 355 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 356 |
| 357 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 358 base::RunLoop().RunUntilIdle(); |
| 359 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 360 |
| 361 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 362 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 363 |
| 364 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 365 cert_loader_->system_certs())); |
| 366 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 367 cert_loader_->all_certs())); |
| 368 |
| 369 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
| 370 |
| 371 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 372 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 373 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
| 374 EXPECT_FALSE(cert_loader_->system_certs().empty()); |
| 375 |
| 376 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 377 base::RunLoop().RunUntilIdle(); |
| 378 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 379 |
| 380 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 381 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 382 |
| 383 EXPECT_FALSE(IsCertInCertificateList(user_token_cert.get(), |
| 384 cert_loader_->system_certs())); |
| 385 EXPECT_EQ(1U, CountCertOccurencesInCertificateList( |
| 386 user_token_cert.get(), cert_loader_->all_certs())); |
| 387 } |
| 388 |
213 TEST_F(CertLoaderTest, CertLoaderUpdatesCertListOnNewCert) { | 389 TEST_F(CertLoaderTest, CertLoaderUpdatesCertListOnNewCert) { |
214 StartCertLoaderWithPrimaryDB(); | 390 StartCertLoaderWithPrimaryDB(); |
215 | 391 |
216 net::CertificateList certs; | 392 net::CertificateList certs; |
217 ImportCACert("root_ca_cert.pem", primary_certdb_.get(), &certs); | 393 ImportCACert("root_ca_cert.pem", primary_certdb_.get(), &certs); |
218 | 394 |
219 // Certs are loaded asynchronously, so the new cert should not yet be in the | 395 // Certs are loaded asynchronously, so the new cert should not yet be in the |
220 // cert list. | 396 // cert list. |
221 EXPECT_FALSE( | 397 EXPECT_FALSE( |
222 IsCertInCertificateList(certs[0].get(), cert_loader_->all_certs())); | 398 IsCertInCertificateList(certs[0].get(), cert_loader_->all_certs())); |
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
330 ASSERT_TRUE(primary_certdb_->SetCertTrust(certs[0].get(), net::CA_CERT, | 506 ASSERT_TRUE(primary_certdb_->SetCertTrust(certs[0].get(), net::CA_CERT, |
331 net::NSSCertDatabase::TRUSTED_SSL)); | 507 net::NSSCertDatabase::TRUSTED_SSL)); |
332 | 508 |
333 // Cert trust change should trigger certificate reload in cert_loader_. | 509 // Cert trust change should trigger certificate reload in cert_loader_. |
334 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 510 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
335 base::RunLoop().RunUntilIdle(); | 511 base::RunLoop().RunUntilIdle(); |
336 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 512 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
337 } | 513 } |
338 | 514 |
339 } // namespace chromeos | 515 } // namespace chromeos |
OLD | NEW |