Copy some x509_certificate_model_nss functions to src/chromeos

chromeos/network/certificate_helper_unittest.cc

Index: chromeos/network/certificate_helper_unittest.cc
diff --git a/chromeos/network/certificate_helper_unittest.cc b/chromeos/network/certificate_helper_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..27bd2974d9269bc2c1f322fd4998a13027fba8eb
--- /dev/null
+++ b/chromeos/network/certificate_helper_unittest.cc
@@ -0,0 +1,92 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/network/certificate_helper.h"
+
+#include <stddef.h>

[tbarzic, 2017/05/11 19:48:31]

cstddef?

btw. why do you need this?

[stevenjb, 2017/05/12 19:27:50]

Done.

+
+#include "base/files/file_path.h"

[tbarzic, 2017/05/11 19:48:31]

this also seems unused

[stevenjb, 2017/05/12 19:27:50]

Done.

+#include "crypto/scoped_test_nss_db.h"
+#include "net/cert/nss_cert_database.h"
+#include "net/test/cert_test_util.h"
+#include "net/test/test_data_directory.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace chromeos {
+
+TEST(CertificateHelperTest, GetCertNameOrNickname) {
+  scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "root_ca_cert.pem"));
+  ASSERT_TRUE(cert.get());
+  EXPECT_EQ("Test Root CA",
+            certificate::GetCertNameOrNickname(cert->os_cert_handle()));
+
+  scoped_refptr<net::X509Certificate> punycode_cert(net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "punycodetest.pem"));
+  ASSERT_TRUE(punycode_cert.get());
+  EXPECT_EQ("xn--wgv71a119e.com", certificate::GetCertAsciiNameOrNickname(
+                                      punycode_cert->os_cert_handle()));
+  EXPECT_EQ("日本語.com", certificate::GetCertNameOrNickname(
+                              punycode_cert->os_cert_handle()));
+
+  scoped_refptr<net::X509Certificate> no_cn_cert(net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "no_subject_common_name_cert.pem"));
+  ASSERT_TRUE(no_cn_cert.get());
+  // Temp cert has no nickname.
+  EXPECT_EQ("",
+            certificate::GetCertNameOrNickname(no_cn_cert->os_cert_handle()));
+}
+
+TEST(CertificateHelperTest, GetTypeCA) {
+  scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "root_ca_cert.pem"));
+  ASSERT_TRUE(cert.get());
+
+  EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle()));
+
+  crypto::ScopedTestNSSDB test_nssdb;
+  net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+                              test_nssdb.slot())) /* public slot */,
+                          crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+                              test_nssdb.slot())) /* private slot */);
+
+  // Test that explicitly distrusted CA certs are still returned as CA_CERT
+  // type. See http://crbug.com/96654.
+  EXPECT_TRUE(db.SetCertTrust(cert.get(), net::CA_CERT,
+                              net::NSSCertDatabase::DISTRUSTED_SSL));
+
+  EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle()));
+}
+
+TEST(CertificateHelperTest, GetTypeServer) {
+  scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
+      net::GetTestCertsDirectory(), "google.single.der"));
+  ASSERT_TRUE(cert.get());
+
+  // Test mozilla_security_manager::GetCertType with server certs and default
+  // trust.  Currently this doesn't work.
+  // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can
+  // tell server certs even if they have no trust bits set.
+  EXPECT_EQ(net::OTHER_CERT, certificate::GetCertType(cert->os_cert_handle()));
+
+  crypto::ScopedTestNSSDB test_nssdb;
+  net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+                              test_nssdb.slot())) /* public slot */,
+                          crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+                              test_nssdb.slot())) /* private slot */);
+
+  // Test GetCertType with server certs and explicit trust.
+  EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT,
+                              net::NSSCertDatabase::TRUSTED_SSL));
+
+  EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle()));
+
+  // Test GetCertType with server certs and explicit distrust.
+  EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT,
+                              net::NSSCertDatabase::DISTRUSTED_SSL));
+
+  EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle()));
+}
+
+}  // namespace chromeos