Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(85)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromeos/network/certificate_helper_unittest.cc

Issue 2886913004: Copy some x509_certificate_model_nss functions to src/chromeos (reland) (Closed)
Patch Set: Rebase Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chromeos/network/certificate_helper.cc ('k') | chromeos/network/onc/onc_certificate_importer_impl_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/network/certificate_helper_unittest.cc
diff --git a/chromeos/network/certificate_helper_unittest.cc b/chromeos/network/certificate_helper_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a34bbd74b96b04363571b7ff9b74aacc4466a133
--- /dev/null
+++ b/chromeos/network/certificate_helper_unittest.cc
@@ -0,0 +1,89 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chromeos/network/certificate_helper.h"
+
+#include "crypto/scoped_test_nss_db.h"
+#include "net/cert/nss_cert_database.h"
+#include "net/test/cert_test_util.h"
+#include "net/test/test_data_directory.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace chromeos {
+
+TEST(CertificateHelperTest, GetCertNameOrNickname) {
+ scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
+ net::GetTestCertsDirectory(), "root_ca_cert.pem"));
+ ASSERT_TRUE(cert.get());
+ EXPECT_EQ("Test Root CA",
+ certificate::GetCertNameOrNickname(cert->os_cert_handle()));
+
+ scoped_refptr<net::X509Certificate> punycode_cert(net::ImportCertFromFile(
+ net::GetTestCertsDirectory(), "punycodetest.pem"));
+ ASSERT_TRUE(punycode_cert.get());
+ EXPECT_EQ("xn--wgv71a119e.com", certificate::GetCertAsciiNameOrNickname(
+ punycode_cert->os_cert_handle()));
+ EXPECT_EQ("日本語.com", certificate::GetCertNameOrNickname(
+ punycode_cert->os_cert_handle()));
+
+ scoped_refptr<net::X509Certificate> no_cn_cert(net::ImportCertFromFile(
+ net::GetTestCertsDirectory(), "no_subject_common_name_cert.pem"));
+ ASSERT_TRUE(no_cn_cert.get());
+ // Temp cert has no nickname.
+ EXPECT_EQ("",
+ certificate::GetCertNameOrNickname(no_cn_cert->os_cert_handle()));
+}
+
+TEST(CertificateHelperTest, GetTypeCA) {
+ scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
+ net::GetTestCertsDirectory(), "root_ca_cert.pem"));
+ ASSERT_TRUE(cert.get());
+
+ EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle()));
+
+ crypto::ScopedTestNSSDB test_nssdb;
+ net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+ test_nssdb.slot())) /* public slot */,
+ crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+ test_nssdb.slot())) /* private slot */);
+
+ // Test that explicitly distrusted CA certs are still returned as CA_CERT
+ // type. See http://crbug.com/96654.
+ EXPECT_TRUE(db.SetCertTrust(cert.get(), net::CA_CERT,
+ net::NSSCertDatabase::DISTRUSTED_SSL));
+
+ EXPECT_EQ(net::CA_CERT, certificate::GetCertType(cert->os_cert_handle()));
+}
+
+TEST(CertificateHelperTest, GetTypeServer) {
+ scoped_refptr<net::X509Certificate> cert(net::ImportCertFromFile(
+ net::GetTestCertsDirectory(), "google.single.der"));
+ ASSERT_TRUE(cert.get());
+
+ // Test mozilla_security_manager::GetCertType with server certs and default
+ // trust. Currently this doesn't work.
+ // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can
+ // tell server certs even if they have no trust bits set.
+ EXPECT_EQ(net::OTHER_CERT, certificate::GetCertType(cert->os_cert_handle()));
+
+ crypto::ScopedTestNSSDB test_nssdb;
+ net::NSSCertDatabase db(crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+ test_nssdb.slot())) /* public slot */,
+ crypto::ScopedPK11Slot(PK11_ReferenceSlot(
+ test_nssdb.slot())) /* private slot */);
+
+ // Test GetCertType with server certs and explicit trust.
+ EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT,
+ net::NSSCertDatabase::TRUSTED_SSL));
+
+ EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle()));
+
+ // Test GetCertType with server certs and explicit distrust.
+ EXPECT_TRUE(db.SetCertTrust(cert.get(), net::SERVER_CERT,
+ net::NSSCertDatabase::DISTRUSTED_SSL));
+
+ EXPECT_EQ(net::SERVER_CERT, certificate::GetCertType(cert->os_cert_handle()));
+}
+
+} // namespace chromeos
« no previous file with comments | « chromeos/network/certificate_helper.cc ('k') | chromeos/network/onc/onc_certificate_importer_impl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698