Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(138)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/nss_profile_filter_chromeos_unittest.cc

Issue 330213002: *wip* NSS: handle chromeos system slot. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/nss_profile_filter_chromeos.cc ('K') | « net/cert/nss_profile_filter_chromeos.cc ('k') | net/ssl/client_cert_store_chromeos.cc » ('j') | net/ssl/client_cert_store_chromeos.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/nss_profile_filter_chromeos_unittest.cc
diff --git a/net/cert/nss_profile_filter_chromeos_unittest.cc b/net/cert/nss_profile_filter_chromeos_unittest.cc
index 60ceeb1d24f9ec29d3c66c6088c52162a676eeb4..be7ba2c445d21b0447ea2be36763ffb54eade37d 100644
--- a/net/cert/nss_profile_filter_chromeos_unittest.cc
+++ b/net/cert/nss_profile_filter_chromeos_unittest.cc
@@ -55,12 +55,15 @@ CertificateList ListCertsInSlot(PK11SlotInfo* slot) {
class NSSProfileFilterChromeOSTest : public testing::Test {
public:
- NSSProfileFilterChromeOSTest() : user_1_("user1"), user_2_("user2") {}
+ NSSProfileFilterChromeOSTest()
+ : system_slot_user_("sys"), user_1_("user1"), user_2_("user2") {}
virtual void SetUp() OVERRIDE {
// Initialize nss_util slots.
+ ASSERT_TRUE(system_slot_user_.constructed_successfully());
ASSERT_TRUE(user_1_.constructed_successfully());
ASSERT_TRUE(user_2_.constructed_successfully());
+ system_slot_user_.FinishInit();
user_1_.FinishInit();
user_2_.FinishInit();
@@ -74,7 +77,8 @@ class NSSProfileFilterChromeOSTest : public testing::Test {
ASSERT_TRUE(private_slot_1.get());
profile_filter_1_.Init(
crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()),
- private_slot_1.Pass());
+ private_slot_1.Pass(),
+ get_system_slot());
profile_filter_1_copy_ = profile_filter_1_;
@@ -84,7 +88,8 @@ class NSSProfileFilterChromeOSTest : public testing::Test {
ASSERT_TRUE(private_slot_2.get());
profile_filter_2_.Init(
crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()),
- private_slot_2.Pass());
+ private_slot_2.Pass(),
+ get_system_slot());
certs_ = CreateCertificateListFromFile(GetTestCertsDirectory(),
"root_ca_cert.pem",
@@ -92,8 +97,17 @@ class NSSProfileFilterChromeOSTest : public testing::Test {
ASSERT_EQ(1U, certs_.size());
}
+ crypto::ScopedPK11Slot get_system_slot() {
+ return crypto::GetPublicSlotForChromeOSUser(
+ system_slot_user_.username_hash());
+ }
+
protected:
CertificateList certs_;
+ // Using ScopedTestNSSChromeOSUser for the system slot is a bit of a hack.
+ // Can't use ScopedTestNSS because it changes the result of
pneubeck (no reviews) 2014/06/13 12:40:42 ScopedTestNSS -> ScopedTestNSSDB
mattm 2014/06/24 03:16:46 Done.
+ // GetPublicSlotForChromeOSUser for the other slots too.
+ crypto::ScopedTestNSSChromeOSUser system_slot_user_;
crypto::ScopedTestNSSChromeOSUser user_1_;
crypto::ScopedTestNSSChromeOSUser user_2_;
NSSProfileFilterChromeOS no_slots_profile_filter_;
@@ -148,6 +162,7 @@ TEST_F(NSSProfileFilterChromeOSTest, RootCertsAllowed) {
}
TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) {
+ crypto::ScopedPK11Slot system_slot(get_system_slot());
crypto::ScopedPK11Slot slot_1(
crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()));
ASSERT_TRUE(slot_1);
@@ -160,6 +175,12 @@ TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) {
GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO);
ASSERT_EQ(1U, certs_2.size());
scoped_refptr<X509Certificate> cert_2 = certs_2[0];
+ CertificateList system_certs =
+ CreateCertificateListFromFile(GetTestCertsDirectory(),
+ "mit.davidben.der",
+ X509Certificate::FORMAT_AUTO);
+ ASSERT_EQ(1U, system_certs.size());
+ scoped_refptr<X509Certificate> system_cert = system_certs[0];
ASSERT_EQ(SECSuccess,
PK11_ImportCert(slot_1.get(),
@@ -174,19 +195,31 @@ TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) {
CK_INVALID_HANDLE,
"cert2",
PR_FALSE /* includeTrust (unused) */));
+ ASSERT_EQ(SECSuccess,
+ PK11_ImportCert(system_slot.get(),
+ system_cert->os_cert_handle(),
+ CK_INVALID_HANDLE,
+ "systemcert",
+ PR_FALSE /* includeTrust (unused) */));
EXPECT_FALSE(
no_slots_profile_filter_.IsCertAllowed(cert_1->os_cert_handle()));
EXPECT_FALSE(
no_slots_profile_filter_.IsCertAllowed(cert_2->os_cert_handle()));
+ EXPECT_FALSE(
+ no_slots_profile_filter_.IsCertAllowed(system_cert->os_cert_handle()));
EXPECT_TRUE(profile_filter_1_.IsCertAllowed(cert_1->os_cert_handle()));
EXPECT_TRUE(profile_filter_1_copy_.IsCertAllowed(cert_1->os_cert_handle()));
EXPECT_FALSE(profile_filter_1_.IsCertAllowed(cert_2->os_cert_handle()));
EXPECT_FALSE(profile_filter_1_copy_.IsCertAllowed(cert_2->os_cert_handle()));
+ EXPECT_TRUE(profile_filter_1_.IsCertAllowed(system_cert->os_cert_handle()));
+ EXPECT_TRUE(
+ profile_filter_1_copy_.IsCertAllowed(system_cert->os_cert_handle()));
EXPECT_FALSE(profile_filter_2_.IsCertAllowed(cert_1->os_cert_handle()));
EXPECT_TRUE(profile_filter_2_.IsCertAllowed(cert_2->os_cert_handle()));
+ EXPECT_TRUE(profile_filter_2_.IsCertAllowed(system_cert->os_cert_handle()));
}
} // namespace net
« net/cert/nss_profile_filter_chromeos.cc ('K') | « net/cert/nss_profile_filter_chromeos.cc ('k') | net/ssl/client_cert_store_chromeos.cc » ('j') | net/ssl/client_cert_store_chromeos.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698