OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chromeos/network/certificate_helper.h" | |
6 | |
7 #include <stddef.h> | |
tbarzic
2017/05/11 19:48:31
cstddef?
btw. why do you need this?
stevenjb
2017/05/12 19:27:50
Done.
| |
8 | |
9 #include "base/files/file_path.h" | |
tbarzic
2017/05/11 19:48:31
this also seems unused
stevenjb
2017/05/12 19:27:50
Done.
| |
10 #include "crypto/scoped_test_nss_db.h" | |
11 #include "net/cert/nss_cert_database.h" | |
12 #include "net/test/cert_test_util.h" | |
13 #include "net/test/test_data_directory.h" | |
14 #include "testing/gtest/include/gtest/gtest.h" | |
15 | |
16 namespace chromeos { | |
17 | |
18 TEST(CertificateHelperTest, GetCertNameOrNickname) { | |
19 scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile( | |
20 net::GetTestCertsDirectory(), "root_ca_cert.pem")); | |
21 ASSERT_TRUE(cert.get()); | |
22 EXPECT_EQ("Test Root CA", | |
23 certificate::GetCertNameOrNickname(cert->os_cert_handle())); | |
24 | |
25 scoped_refptr<net::X509Certificate> punycode_cert(net::ImportCertFromFile( | |
26 net::GetTestCertsDirectory(), "punycodetest.pem")); | |
27 ASSERT_TRUE(punycode_cert.get()); | |
28 EXPECT_EQ("xn--wgv71a119e.com", certificate::GetCertAsciiNameOrNickname( | |
29 punycode_cert->os_cert_handle())); | |
30 EXPECT_EQ("日本語.com", certificate::GetCertNameOrNickname( | |
31 punycode_cert->os_cert_handle())); | |
32 | |
33 scoped_refptr<net::X509Certificate> no_cn_cert(net::ImportCertFromFile( | |
34 net::GetTestCertsDirectory(), "no_subject_common_name_cert.pem")); | |
35 ASSERT_TRUE(no_cn_cert.get()); | |
36 // Temp cert has no nickname. | |
37 EXPECT_EQ("", | |
38 certificate::GetCertNameOrNickname(no_cn_cert->os_cert_handle())); | |
39 } | |
40 | |
41 TEST(CertificateHelperTest, GetTypeCA) { | |
42 scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile( | |
43 net::GetTestCertsDirectory(), "root_ca_cert.pem")); | |
44 ASSERT_TRUE(cert.get()); | |
45 | |
46 EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle())); | |
47 | |
48 crypto::ScopedTestNSSDB test_nssdb; | |
49 net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot( | |
50 test_nssdb.slot())) /* public slot */, | |
51 crypto::ScopedPK11Slot(PK11_ReferenceSlot( | |
52 test_nssdb.slot())) /* private slot */); | |
53 | |
54 // Test that explicitly distrusted CA certs are still returned as CA_CERT | |
55 // type. See http://crbug.com/96654. | |
56 EXPECT_TRUE(db.SetCertTrust(cert.get(), net::CA_CERT, | |
57 net::NSSCertDatabase::DISTRUSTED_SSL)); | |
58 | |
59 EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle())); | |
60 } | |
61 | |
62 TEST(CertificateHelperTest, GetTypeServer) { | |
63 scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile( | |
64 net::GetTestCertsDirectory(), "google.single.der")); | |
65 ASSERT_TRUE(cert.get()); | |
66 | |
67 // Test mozilla_security_manager::GetCertType with server certs and default | |
68 // trust. Currently this doesn't work. | |
69 // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can | |
70 // tell server certs even if they have no trust bits set. | |
71 EXPECT_EQ(net::OTHER_CERT, certificate::GetCertType(cert->os_cert_handle())); | |
72 | |
73 crypto::ScopedTestNSSDB test_nssdb; | |
74 net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot( | |
75 test_nssdb.slot())) /* public slot */, | |
76 crypto::ScopedPK11Slot(PK11_ReferenceSlot( | |
77 test_nssdb.slot())) /* private slot */); | |
78 | |
79 // Test GetCertType with server certs and explicit trust. | |
80 EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT, | |
81 net::NSSCertDatabase::TRUSTED_SSL)); | |
82 | |
83 EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle())); | |
84 | |
85 // Test GetCertType with server certs and explicit distrust. | |
86 EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT, | |
87 net::NSSCertDatabase::DISTRUSTED_SSL)); | |
88 | |
89 EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle())); | |
90 } | |
91 | |
92 } // namespace chromeos | |
OLD | NEW |