Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(80)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/certificate_helper_unittest.cc

Issue 2886913004: Copy some x509_certificate_model_nss functions to src/chromeos (reland) (Closed)
Patch Set: Rebase Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chromeos/network/certificate_helper.cc ('k') | chromeos/network/onc/onc_certificate_importer_impl_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/certificate_helper.h"
6
7 #include "crypto/scoped_test_nss_db.h"
8 #include "net/cert/nss_cert_database.h"
9 #include "net/test/cert_test_util.h"
10 #include "net/test/test_data_directory.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12
13 namespace chromeos {
14
15 TEST(CertificateHelperTest, GetCertNameOrNickname) {
16 scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
17 net::GetTestCertsDirectory(), "root_ca_cert.pem"));
18 ASSERT_TRUE(cert.get());
19 EXPECT_EQ("Test Root CA",
20 certificate::GetCertNameOrNickname(cert->os_cert_handle()));
21
22 scoped_refptr<net::X509Certificate> punycode_cert(net::ImportCertFromFile(
23 net::GetTestCertsDirectory(), "punycodetest.pem"));
24 ASSERT_TRUE(punycode_cert.get());
25 EXPECT_EQ("xn--wgv71a119e.com", certificate::GetCertAsciiNameOrNickname(
26 punycode_cert->os_cert_handle()));
27 EXPECT_EQ("日本語.com", certificate::GetCertNameOrNickname(
28 punycode_cert->os_cert_handle()));
29
30 scoped_refptr<net::X509Certificate> no_cn_cert(net::ImportCertFromFile(
31 net::GetTestCertsDirectory(), "no_subject_common_name_cert.pem"));
32 ASSERT_TRUE(no_cn_cert.get());
33 // Temp cert has no nickname.
34 EXPECT_EQ("",
35 certificate::GetCertNameOrNickname(no_cn_cert->os_cert_handle()));
36 }
37
38 TEST(CertificateHelperTest, GetTypeCA) {
39 scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
40 net::GetTestCertsDirectory(), "root_ca_cert.pem"));
41 ASSERT_TRUE(cert.get());
42
43 EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle()));
44
45 crypto::ScopedTestNSSDB test_nssdb;
46 net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot(
47 test_nssdb.slot())) /* public slot */,
48 crypto::ScopedPK11Slot(PK11_ReferenceSlot(
49 test_nssdb.slot())) /* private slot */);
50
51 // Test that explicitly distrusted CA certs are still returned as CA_CERT
52 // type. See http://crbug.com/96654.
53 EXPECT_TRUE(db.SetCertTrust(cert.get(), net::CA_CERT,
54 net::NSSCertDatabase::DISTRUSTED_SSL));
55
56 EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle()));
57 }
58
59 TEST(CertificateHelperTest, GetTypeServer) {
60 scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
61 net::GetTestCertsDirectory(), "google.single.der"));
62 ASSERT_TRUE(cert.get());
63
64 // Test mozilla_security_manager::GetCertType with server certs and default
65 // trust. Currently this doesn't work.
66 // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can
67 // tell server certs even if they have no trust bits set.
68 EXPECT_EQ(net::OTHER_CERT, certificate::GetCertType(cert->os_cert_handle()));
69
70 crypto::ScopedTestNSSDB test_nssdb;
71 net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot(
72 test_nssdb.slot())) /* public slot */,
73 crypto::ScopedPK11Slot(PK11_ReferenceSlot(
74 test_nssdb.slot())) /* private slot */);
75
76 // Test GetCertType with server certs and explicit trust.
77 EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT,
78 net::NSSCertDatabase::TRUSTED_SSL));
79
80 EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle()));
81
82 // Test GetCertType with server certs and explicit distrust.
83 EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT,
84 net::NSSCertDatabase::DISTRUSTED_SSL));
85
86 EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle()));
87 }
88
89 } // namespace chromeos
OLDNEW
« no previous file with comments | « chromeos/network/certificate_helper.cc ('k') | chromeos/network/onc/onc_certificate_importer_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698