| Index: net/cert/nss_profile_filter_chromeos_unittest.cc
|
| diff --git a/net/cert/nss_profile_filter_chromeos_unittest.cc b/net/cert/nss_profile_filter_chromeos_unittest.cc
|
| index 60ceeb1d24f9ec29d3c66c6088c52162a676eeb4..e15324624c0b1855ebf4da4cc4bc49be8b7771fe 100644
|
| --- a/net/cert/nss_profile_filter_chromeos_unittest.cc
|
| +++ b/net/cert/nss_profile_filter_chromeos_unittest.cc
|
| @@ -55,12 +55,15 @@ CertificateList ListCertsInSlot(PK11SlotInfo* slot) {
|
|
|
| class NSSProfileFilterChromeOSTest : public testing::Test {
|
| public:
|
| - NSSProfileFilterChromeOSTest() : user_1_("user1"), user_2_("user2") {}
|
| + NSSProfileFilterChromeOSTest()
|
| + : system_slot_user_("sys"), user_1_("user1"), user_2_("user2") {}
|
|
|
| virtual void SetUp() OVERRIDE {
|
| // Initialize nss_util slots.
|
| + ASSERT_TRUE(system_slot_user_.constructed_successfully());
|
| ASSERT_TRUE(user_1_.constructed_successfully());
|
| ASSERT_TRUE(user_2_.constructed_successfully());
|
| + system_slot_user_.FinishInit();
|
| user_1_.FinishInit();
|
| user_2_.FinishInit();
|
|
|
| @@ -74,7 +77,8 @@ class NSSProfileFilterChromeOSTest : public testing::Test {
|
| ASSERT_TRUE(private_slot_1.get());
|
| profile_filter_1_.Init(
|
| crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()),
|
| - private_slot_1.Pass());
|
| + private_slot_1.Pass(),
|
| + get_system_slot());
|
|
|
| profile_filter_1_copy_ = profile_filter_1_;
|
|
|
| @@ -84,7 +88,8 @@ class NSSProfileFilterChromeOSTest : public testing::Test {
|
| ASSERT_TRUE(private_slot_2.get());
|
| profile_filter_2_.Init(
|
| crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()),
|
| - private_slot_2.Pass());
|
| + private_slot_2.Pass(),
|
| + get_system_slot());
|
|
|
| certs_ = CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| "root_ca_cert.pem",
|
| @@ -92,8 +97,17 @@ class NSSProfileFilterChromeOSTest : public testing::Test {
|
| ASSERT_EQ(1U, certs_.size());
|
| }
|
|
|
| + crypto::ScopedPK11Slot get_system_slot() {
|
| + return crypto::GetPublicSlotForChromeOSUser(
|
| + system_slot_user_.username_hash());
|
| + }
|
| +
|
| protected:
|
| CertificateList certs_;
|
| + // Using ScopedTestNSSChromeOSUser for the system slot is a bit of a hack.
|
| + // Can't use ScopedTestNSSDB because it changes the result of
|
| + // GetPublicSlotForChromeOSUser for the other slots too.
|
| + crypto::ScopedTestNSSChromeOSUser system_slot_user_;
|
| crypto::ScopedTestNSSChromeOSUser user_1_;
|
| crypto::ScopedTestNSSChromeOSUser user_2_;
|
| NSSProfileFilterChromeOS no_slots_profile_filter_;
|
| @@ -148,6 +162,7 @@ TEST_F(NSSProfileFilterChromeOSTest, RootCertsAllowed) {
|
| }
|
|
|
| TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) {
|
| + crypto::ScopedPK11Slot system_slot(get_system_slot());
|
| crypto::ScopedPK11Slot slot_1(
|
| crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()));
|
| ASSERT_TRUE(slot_1);
|
| @@ -160,6 +175,12 @@ TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) {
|
| GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO);
|
| ASSERT_EQ(1U, certs_2.size());
|
| scoped_refptr<X509Certificate> cert_2 = certs_2[0];
|
| + CertificateList system_certs =
|
| + CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| + "mit.davidben.der",
|
| + X509Certificate::FORMAT_AUTO);
|
| + ASSERT_EQ(1U, system_certs.size());
|
| + scoped_refptr<X509Certificate> system_cert = system_certs[0];
|
|
|
| ASSERT_EQ(SECSuccess,
|
| PK11_ImportCert(slot_1.get(),
|
| @@ -174,19 +195,31 @@ TEST_F(NSSProfileFilterChromeOSTest, SoftwareSlots) {
|
| CK_INVALID_HANDLE,
|
| "cert2",
|
| PR_FALSE /* includeTrust (unused) */));
|
| + ASSERT_EQ(SECSuccess,
|
| + PK11_ImportCert(system_slot.get(),
|
| + system_cert->os_cert_handle(),
|
| + CK_INVALID_HANDLE,
|
| + "systemcert",
|
| + PR_FALSE /* includeTrust (unused) */));
|
|
|
| EXPECT_FALSE(
|
| no_slots_profile_filter_.IsCertAllowed(cert_1->os_cert_handle()));
|
| EXPECT_FALSE(
|
| no_slots_profile_filter_.IsCertAllowed(cert_2->os_cert_handle()));
|
| + EXPECT_FALSE(
|
| + no_slots_profile_filter_.IsCertAllowed(system_cert->os_cert_handle()));
|
|
|
| EXPECT_TRUE(profile_filter_1_.IsCertAllowed(cert_1->os_cert_handle()));
|
| EXPECT_TRUE(profile_filter_1_copy_.IsCertAllowed(cert_1->os_cert_handle()));
|
| EXPECT_FALSE(profile_filter_1_.IsCertAllowed(cert_2->os_cert_handle()));
|
| EXPECT_FALSE(profile_filter_1_copy_.IsCertAllowed(cert_2->os_cert_handle()));
|
| + EXPECT_TRUE(profile_filter_1_.IsCertAllowed(system_cert->os_cert_handle()));
|
| + EXPECT_TRUE(
|
| + profile_filter_1_copy_.IsCertAllowed(system_cert->os_cert_handle()));
|
|
|
| EXPECT_FALSE(profile_filter_2_.IsCertAllowed(cert_1->os_cert_handle()));
|
| EXPECT_TRUE(profile_filter_2_.IsCertAllowed(cert_2->os_cert_handle()));
|
| + EXPECT_TRUE(profile_filter_2_.IsCertAllowed(system_cert->os_cert_handle()));
|
| }
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 330213002:
*wip* NSS: handle chromeos system slot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src