Index: net/cert/nss_profile_filter_chromeos_unittest.cc |
diff --git a/net/cert/nss_profile_filter_chromeos_unittest.cc b/net/cert/nss_profile_filter_chromeos_unittest.cc |
index 60ceeb1d24f9ec29d3c66c6088c52162a676eeb4..e15324624c0b1855ebf4da4cc4bc49be8b7771fe 100644 |
--- a/net/cert/nss_profile_filter_chromeos_unittest.cc |
+++ b/net/cert/nss_profile_filter_chromeos_unittest.cc |
@@ -55,12 +55,15 @@ CertificateList ListCertsInSlot(PK11SlotInfo* slot) { |
class NSSProfileFilterChromeOSTest : public testing::Test { |
public: |
- NSSProfileFilterChromeOSTest() : user_1_("user1"), user_2_("user2") {} |
+ NSSProfileFilterChromeOSTest() |
+ : system_slot_user_("sys"), user_1_("user1"), user_2_("user2") {} |
virtual void SetUp() OVERRIDE { |
// Initialize nss_util slots. |
+ ASSERT_TRUE(system_slot_user_.constructed_successfully()); |
ASSERT_TRUE(user_1_.constructed_successfully()); |
ASSERT_TRUE(user_2_.constructed_successfully()); |
+ system_slot_user_.FinishInit(); |
user_1_.FinishInit(); |
user_2_.FinishInit(); |
@@ -74,7 +77,8 @@ class NSSProfileFilterChromeOSTest : public testing::Test { |
ASSERT_TRUE(private_slot_1.get()); |
profile_filter_1_.Init( |
crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()), |
- private_slot_1.Pass()); |
+ private_slot_1.Pass(), |
+ get_system_slot()); |
profile_filter_1_copy_ = profile_filter_1_; |
@@ -84,7 +88,8 @@ class NSSProfileFilterChromeOSTest : public testing::Test { |
ASSERT_TRUE(private_slot_2.get()); |
profile_filter_2_.Init( |
crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()), |
- private_slot_2.Pass()); |
+ private_slot_2.Pass(), |
+ get_system_slot()); |
certs_ = CreateCertificateListFromFile(GetTestCertsDirectory(), |
"root_ca_cert.pem", |
@@ -92,8 +97,17 @@ class NSSProfileFilterChromeOSTest : public testing::Test { |
ASSERT_EQ(1U, certs_.size()); |
} |
+ crypto::ScopedPK11Slot get_system_slot() { |
+ return crypto::GetPublicSlotForChromeOSUser( |
+ system_slot_user_.username_hash()); |
+ } |
+ |
protected: |
CertificateList certs_; |
+ // Using ScopedTestNSSChromeOSUser for the system slot is a bit of a hack. |
+ // Can't use ScopedTestNSSDB because it changes the result of |
+ // GetPublicSlotForChromeOSUser for the other slots too. |
+ crypto::ScopedTestNSSChromeOSUser system_slot_user_; |
crypto::ScopedTestNSSChromeOSUser user_1_; |
crypto::ScopedTestNSSChromeOSUser user_2_; |
NSSProfileFilterChromeOS no_slots_profile_filter_; |
@@ -148,6 +162,7 @@ TEST_F(NSSProfileFilterChromeOSTest, RootCertsAllowed) { |
} |
TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) { |
+ crypto::ScopedPK11Slot system_slot(get_system_slot()); |
crypto::ScopedPK11Slot slot_1( |
crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash())); |
ASSERT_TRUE(slot_1); |
@@ -160,6 +175,12 @@ TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) { |
GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO); |
ASSERT_EQ(1U, certs_2.size()); |
scoped_refptr<X509Certificate> cert_2 = certs_2[0]; |
+ CertificateList system_certs = |
+ CreateCertificateListFromFile(GetTestCertsDirectory(), |
+ "mit.davidben.der", |
+ X509Certificate::FORMAT_AUTO); |
+ ASSERT_EQ(1U, system_certs.size()); |
+ scoped_refptr<X509Certificate> system_cert = system_certs[0]; |
ASSERT_EQ(SECSuccess, |
PK11_ImportCert(slot_1.get(), |
@@ -174,19 +195,31 @@ TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) { |
CK_INVALID_HANDLE, |
"cert2", |
PR_FALSE /* includeTrust (unused) */)); |
+ ASSERT_EQ(SECSuccess, |
+ PK11_ImportCert(system_slot.get(), |
+ system_cert->os_cert_handle(), |
+ CK_INVALID_HANDLE, |
+ "systemcert", |
+ PR_FALSE /* includeTrust (unused) */)); |
EXPECT_FALSE( |
no_slots_profile_filter_.IsCertAllowed(cert_1->os_cert_handle())); |
EXPECT_FALSE( |
no_slots_profile_filter_.IsCertAllowed(cert_2->os_cert_handle())); |
+ EXPECT_FALSE( |
+ no_slots_profile_filter_.IsCertAllowed(system_cert->os_cert_handle())); |
EXPECT_TRUE(profile_filter_1_.IsCertAllowed(cert_1->os_cert_handle())); |
EXPECT_TRUE(profile_filter_1_copy_.IsCertAllowed(cert_1->os_cert_handle())); |
EXPECT_FALSE(profile_filter_1_.IsCertAllowed(cert_2->os_cert_handle())); |
EXPECT_FALSE(profile_filter_1_copy_.IsCertAllowed(cert_2->os_cert_handle())); |
+ EXPECT_TRUE(profile_filter_1_.IsCertAllowed(system_cert->os_cert_handle())); |
+ EXPECT_TRUE( |
+ profile_filter_1_copy_.IsCertAllowed(system_cert->os_cert_handle())); |
EXPECT_FALSE(profile_filter_2_.IsCertAllowed(cert_1->os_cert_handle())); |
EXPECT_TRUE(profile_filter_2_.IsCertAllowed(cert_2->os_cert_handle())); |
+ EXPECT_TRUE(profile_filter_2_.IsCertAllowed(system_cert->os_cert_handle())); |
} |
} // namespace net |