net/ssl/client_cert_store_chromeos_unittest.cc - Issue 394013005: Remove NSSCertDatabase from ClientCertStoreChromeOS unittest.

Side by Side Diff: net/ssl/client_cert_store_chromeos_unittest.cc

Issue 394013005: Remove NSSCertDatabase from ClientCertStoreChromeOS unittest. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/client_cert_store_chromeos.h"	5 #include "net/ssl/client_cert_store_chromeos.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/callback.h"	8 #include "base/callback.h"

9 #include "base/file_util.h"	9 #include "base/file_util.h"

10 #include "base/run_loop.h"	10 #include "base/run_loop.h"

11 #include "base/strings/utf_string_conversions.h"	11 #include "base/strings/utf_string_conversions.h"

12 #include "crypto/nss_util.h"	12 #include "crypto/nss_util.h"

13 #include "crypto/nss_util_internal.h"	13 #include "crypto/nss_util_internal.h"

14 #include "net/cert/nss_cert_database.h"

15 #include "net/ssl/client_cert_store_unittest-inl.h"	14 #include "net/ssl/client_cert_store_unittest-inl.h"

	15 #include "net/test/cert_test_util.h"

16	16

17 namespace net {	17 namespace net {

18	18

19 class ClientCertStoreChromeOSTest : public ::testing::Test {	19 class ClientCertStoreChromeOSTest : public ::testing::Test {

20 public:	20 public:

21 scoped_refptr<X509Certificate> ImportCertForUser(	21 scoped_refptr<X509Certificate> ImportCertForUser(

22 const std::string& username_hash,	22 const std::string& username_hash,

23 const std::string& filename,	23 const std::string& cert_filename,

24 const std::string& password) {	24 const std::string& key_filename) {

25 crypto::ScopedPK11Slot slot(	25 crypto::ScopedPK11Slot slot(

26 crypto::GetPublicSlotForChromeOSUser(username_hash));	26 crypto::GetPublicSlotForChromeOSUser(username_hash));

27 EXPECT_TRUE(slot.get());	27 EXPECT_TRUE(slot.get());

28 if (!slot.get())	28 if (!slot.get())

29 return NULL;	29 return NULL;

30	30

31 net::CertificateList cert_list;	31 ImportSensitiveKeyFromFile(

	32 GetTestCertsDirectory(), key_filename, slot.get());

32	33

33 base::FilePath p12_path = GetTestCertsDirectory().AppendASCII(filename);	34 scoped_refptr<X509Certificate> cert(

34 std::string p12_data;	35 ImportCertFromFile(GetTestCertsDirectory(), cert_filename));

35 if (!base::ReadFileToString(p12_path, &p12_data)) {	36

36 EXPECT_TRUE(false);	37 EXPECT_TRUE(cert) << "Failed to parse cert from file " << cert_filename;

	38 if (!cert)

37 return NULL;	39 return NULL;

	40

	41 CK_OBJECT_HANDLE key;

	42 crypto::ScopedPK11Slot key_slot(

	43 PK11_KeyForCertExists(cert->os_cert_handle(), &key, NULL));

	44 EXPECT_EQ(slot.get(), key_slot.get())

	45 << "Did not find key in the right slot, for cert file "

	46 << cert_filename;
	Ryan Sleevi 2014/07/16 19:32:18 Note: This is generally a dangerous pattern to put Note: This is generally a dangerous pattern to put EXPECT clauses within a sub-routine, since they can lead to subtle error when someone makes them ASSERT clauses (e.g. https://code.google.com/p/googletest/wiki/AdvancedGuide#Propagating_Fatal_Fai... ) pneubeck (no reviews) 2014/07/16 19:49:44 I followed the existing style. I'd actually would Show quoted text On 2014/07/16 19:32:18, Ryan Sleevi wrote: > Note: This is generally a dangerous pattern to put EXPECT clauses within a > sub-routine, since they can lead to subtle error when someone makes them ASSERT > clauses (e.g. > https://code.google.com/p/googletest/wiki/AdvancedGuide#Propagating_Fatal_Fai... > ) I followed the existing style. I'd actually would prefer CHECKs, but these are also controversial in tests. So, I'll just remove the EXPECTs and ASSERT at the call site. Ryan Sleevi 2014/07/16 19:59:00 I think it's fine, but it means that you need to w Show quoted text On 2014/07/16 19:49:44, pneubeck wrote: > On 2014/07/16 19:32:18, Ryan Sleevi wrote: > > Note: This is generally a dangerous pattern to put EXPECT clauses within a > > sub-routine, since they can lead to subtle error when someone makes them > ASSERT > > clauses (e.g. > > > https://code.google.com/p/googletest/wiki/AdvancedGuide#Propagating_Fatal_Fai... > > ) > I followed the existing style. > I'd actually would prefer CHECKs, but these are also controversial in tests. > > So, I'll just remove the EXPECTs and ASSERT at the call site. I think it's fine, but it means that you need to wrap these calls in the ASSERT_NO_FATAL_FAILURES macro, in order to prevent surprises. pneubeck (no reviews) 2014/07/17 13:26:43 Yeah, but that would still mean that there are red Show quoted text On 2014/07/16 19:59:00, Ryan Sleevi wrote: > On 2014/07/16 19:49:44, pneubeck wrote: > > On 2014/07/16 19:32:18, Ryan Sleevi wrote: > > > Note: This is generally a dangerous pattern to put EXPECT clauses within a > > > sub-routine, since they can lead to subtle error when someone makes them > > ASSERT > > > clauses (e.g. > > > > > > https://code.google.com/p/googletest/wiki/AdvancedGuide#Propagating_Fatal_Fai... > > > ) > > I followed the existing style. > > I'd actually would prefer CHECKs, but these are also controversial in tests. > > > > So, I'll just remove the EXPECTs and ASSERT at the call site. > > I think it's fine, but it means that you need to wrap these calls in the > ASSERT_NO_FATAL_FAILURES macro, in order to prevent surprises. Yeah, but that would still mean that there are redundant checks of the failure conditions (one in the EXPECT statement and one to return). I went ahead with the simpler and still safe variant to LOG(ERROR) and return. ASSERTion is done at the call-site.
	47 if (slot.get() != key_slot.get())

	48 return NULL;

	49

	50 // Use some nickname that is unique within this test.

	51 std::string nickname = cert_filename;

	52 {

	53 crypto::AutoNSSWriteLock lock;

	54 SECStatus rv = PK11_ImportCert(

	55 slot.get(), cert->os_cert_handle(), key, nickname.c_str(), PR_FALSE);

	56 EXPECT_EQ(SECSuccess, rv) << "Could not import cert from file "

	57 << cert_filename;

	58 if (rv != SECSuccess)

	59 return NULL;

38 }	60 }

39	61

40 scoped_refptr<net::CryptoModule> module(	62 return cert;

41 net::CryptoModule::CreateFromHandle(slot.get()));

42 int rv = NSSCertDatabase::GetInstance()->ImportFromPKCS12(

43 module.get(), p12_data, base::UTF8ToUTF16(password), false, &cert_list);

44

45 EXPECT_EQ(0, rv);

46 EXPECT_EQ(1U, cert_list.size());

47 if (rv \|\| cert_list.size() != 1)

48 return NULL;

49

50 return cert_list[0];

51 }	63 }

52 };	64 };

53	65

54 // TODO(mattm): Do better testing of cert_authorities matching below. Update	66 // TODO(mattm): Do better testing of cert_authorities matching below.

55 // net/data/ssl/scripts/generate-client-certificates.sh so that it actually

56 // saves the .p12 files, and regenerate them.

57	67

58 TEST_F(ClientCertStoreChromeOSTest, WaitForNSSInit) {	68 TEST_F(ClientCertStoreChromeOSTest, WaitForNSSInit) {

59 crypto::ScopedTestNSSChromeOSUser user("scopeduser");	69 crypto::ScopedTestNSSChromeOSUser user("scopeduser");

60 ASSERT_TRUE(user.constructed_successfully());	70 ASSERT_TRUE(user.constructed_successfully());

61 ClientCertStoreChromeOS store(	71 ClientCertStoreChromeOS store(

62 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());	72 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());

63 scoped_refptr<X509Certificate> cert_1(	73 scoped_refptr<X509Certificate> cert_1(

64 ImportCertForUser(user.username_hash(), "client.p12", "12345"));	74 ImportCertForUser(user.username_hash(), "client_1.pem", "client_1.pk8"));

	75 ASSERT_TRUE(cert_1);

65 scoped_refptr<X509Certificate> cert_2(	76 scoped_refptr<X509Certificate> cert_2(

66 ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", ""));	77 ImportCertForUser(user.username_hash(), "client_2.pem", "client_2.pk8"));

	78 ASSERT_TRUE(cert_2);

67	79

68 std::vector<std::string> authority_1(	80 std::vector<std::string> authority_1;

69 1,	81 authority_1.push_back(std::string(

70 std::string(reinterpret_cast<const char*>(kAuthority1DN),	82 reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN)));

71 sizeof(kAuthority1DN)));

72 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());	83 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());

73 request_1->cert_authorities = authority_1;	84 request_1->cert_authorities = authority_1;

74	85

75 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());	86 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());

76	87

77 base::RunLoop run_loop_1;	88 base::RunLoop run_loop_1;

78 base::RunLoop run_loop_all;	89 base::RunLoop run_loop_all;

79 store.GetClientCerts(	90 store.GetClientCerts(

80 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());	91 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());

81 store.GetClientCerts(	92 store.GetClientCerts(

82 *request_all, &request_all->client_certs, run_loop_all.QuitClosure());	93 *request_all, &request_all->client_certs, run_loop_all.QuitClosure());

83	94

84 // Callbacks won't be run until nss_util init finishes for the user.	95 // Callbacks won't be run until nss_util init finishes for the user.

85 user.FinishInit();	96 user.FinishInit();

86	97

87 run_loop_1.Run();	98 run_loop_1.Run();

88 run_loop_all.Run();	99 run_loop_all.Run();

89	100

90 ASSERT_EQ(0u, request_1->client_certs.size());	101 ASSERT_EQ(1u, request_1->client_certs.size());
	Ryan Sleevi 2014/07/16 19:32:18 Why... is this? Seems wrong to update the test exp Why... is this? Seems wrong to update the test expectation here. pneubeck (no reviews) 2014/07/16 19:49:44 Because they were wrong? :-) See Matt's comment ab Show quoted text On 2014/07/16 19:32:18, Ryan Sleevi wrote: > Why... is this? Seems wrong to update the test expectation here. Because they were wrong? :-) See Matt's comment above. Note that I didn't change it to 2, i.e. one of the certs is not matched. Previously no cert or both certs were matched which is not proving that the matching is actually working. Ryan Sleevi 2014/07/16 19:59:00 I don't know what comment you're referring to. Show quoted text On 2014/07/16 19:49:44, pneubeck wrote: > On 2014/07/16 19:32:18, Ryan Sleevi wrote: > > Why... is this? Seems wrong to update the test expectation here. > > Because they were wrong? :-) > See Matt's comment above. > > Note that I didn't change it to 2, i.e. one of the certs is not matched. > Previously no cert or both certs were matched which is not proving that the > matching is actually working. I don't know what comment you're referring to. pneubeck (no reviews) 2014/07/16 20:01:39 Line 54 of the old file: // TODO(mattm): Do bett Show quoted text On 2014/07/16 19:59:00, Ryan Sleevi wrote: > On 2014/07/16 19:49:44, pneubeck wrote: > > On 2014/07/16 19:32:18, Ryan Sleevi wrote: > > > Why... is this? Seems wrong to update the test expectation here. > > > > Because they were wrong? :-) > > See Matt's comment above. > > > > Note that I didn't change it to 2, i.e. one of the certs is not matched. > > Previously no cert or both certs were matched which is not proving that the > > matching is actually working. > > I don't know what comment you're referring to. Line 54 of the old file: // TODO(mattm): Do better testing of cert_authorities matching below. [...] pneubeck (no reviews) 2014/07/16 20:15:23 That's fair. My reasoning was: Matt commented tha That's fair. My reasoning was: Matt commented that something about the CA matching is imperfect. The naming of the variable is following the patter _1, _2 and _all where is either a client cert, an authority, or a request. This indicates that Matt's original intention was that request_all should match both client certs and request_1 should match only cert_1. Independent from the author's intent, the question is what this unit test should test. IMO, it should verify that ClientCertStoreChromeOS is correctly delegating the CA matching to the base class ClientCertStoreNSS. One 'heuristic' could be to ensure that neither simply all certs are accepted or rejected. This can be ensured by testing a request that matches exactly 1 out of 2 client certs. And that would actually match the intent that I read from the existing test. The only thing that doesn't match is the old test assertion in line 90: ASSERT_EQ(0u, request_1->client_certs.size()); Ryan Sleevi 2014/07/16 20:46:07 I guess this highlights poor documentation. I don I guess this highlights poor documentation. I don't reach your same conclusions, though I understand how you got them. That is, I agree that kAuthority1DN is meant to correlate to the authority requested in cert_1. What's not clear to me is that the cert is intended to be returned. In particular, the only difference I see between the two tests is user.FinishInit() (line 108) The better explanation (it seems) from this is that it's an artifact of you changing the certs being tested themselves. In the old code, neither client.p12 nor websocket_client_cert.p12 matched the request. Is this true? pneubeck (no reviews) 2014/07/16 21:29:58 Ok. Let me explain that part then too. Another thi Show quoted text On 2014/07/16 20:46:07, Ryan Sleevi wrote: > I guess this highlights poor documentation. > > I don't reach your same conclusions, though I understand how you got them. That > is, I agree that kAuthority1DN is meant to correlate to the authority requested > in cert_1. > > What's not clear to me is that the cert is intended to be returned. > > In particular, the only difference I see between the two tests is > user.FinishInit() (line 108) Ok. Let me explain that part then too. Another thing that should be tested in this unit test is the asynchronous loading of the private slot (using crypto::GetPrivateSlotForChromeOSUser). Two possible control flows can occur: a) the slot is obtained synchronously b) the slot is obtained asynchronously via callback (note: this difference wouldn't have to be tested here, if GetPrivateSlotForChromeOSUser would only expose one way of returning the result) The first test seems to test b), as indicated by the test name WaitForNSSInit, the call order GetClientCerts() then user.FinishInit(), and the comment in line 95: // Callbacks won't be run until nss_util init finishes for the user. The second test seems to test a), as indicate by the test name NSSAlreadyInitialized and the call order user.FinishInit() then GetClientCerts(). If this were the only purpose of the these two tests (i.e. assuming my previous reasoning would be wrong), then it would be sufficient to have a single request per test. But there are two requests, which again support my previous reasoning that it was intended to test the delegation to ClientCertStoreNSS. Show quoted text > The better explanation (it seems) from this is that it's an artifact of you > changing the certs being tested themselves. My explanation was not about why the value of request_1->client_certs.size() changed, but about the reason why I changed the expectation and the used certificates. Show quoted text > In the old code, neither client.p12 nor websocket_client_cert.p12 matched the request. Is this true? Yes, neither matched. The changed result of request_1->client_certs.size() is because of the change from client.p12 to client_1.pem . The former does not have the same issuer CA as client_1.pem. The documentation of kAuthority1DN explicitly says that this DN is the issuer of the client_1 cert. Looking at the second sentence from Matt's comment (old line 55-56): // TODO(mattm): [...] Update net/data/ssl/scripts/generate-client-certificates.sh so that it actually // saves the .p12 files, and regenerate them. That script currently generates client_1.* and client_2.* with different CAs. I thus assumed, that Matt had planned to generate the client.p12 with the same client_1 or client_2 cert. From our previous discussion, we came to the conclusion that PKCS12 is unnecessarily complex and PKCS8 + a single X509 cert in PEM format are preferable. I updated the script accordingly. And yet another argument to support the change to the new ASSERT_EQ(1u, ....client_certs.size()): Other CertStore implementations are tested according to the tests defined in client_cert_store_unittest-inl.h . There client_1 and client_2 certs are used and it's verified that requesting for Authority1DN only returns client_1 (similary for client_2/Authority2DN). I just checked the original commit of this test, but there was no discussion or additional documentation of this test. https://codereview.chromium.org/112533002
91 ASSERT_EQ(2u, request_all->client_certs.size());	102 ASSERT_EQ(2u, request_all->client_certs.size());

92 }	103 }

93	104

94 TEST_F(ClientCertStoreChromeOSTest, NSSAlreadyInitialized) {	105 TEST_F(ClientCertStoreChromeOSTest, NSSAlreadyInitialized) {

95 crypto::ScopedTestNSSChromeOSUser user("scopeduser");	106 crypto::ScopedTestNSSChromeOSUser user("scopeduser");

96 ASSERT_TRUE(user.constructed_successfully());	107 ASSERT_TRUE(user.constructed_successfully());

97 user.FinishInit();	108 user.FinishInit();

98	109

99 ClientCertStoreChromeOS store(	110 ClientCertStoreChromeOS store(

100 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());	111 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());

101 scoped_refptr<X509Certificate> cert_1(	112 scoped_refptr<X509Certificate> cert_1(

102 ImportCertForUser(user.username_hash(), "client.p12", "12345"));	113 ImportCertForUser(user.username_hash(), "client_1.pem", "client_1.pk8"));

	114 ASSERT_TRUE(cert_1);

103 scoped_refptr<X509Certificate> cert_2(	115 scoped_refptr<X509Certificate> cert_2(

104 ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", ""));	116 ImportCertForUser(user.username_hash(), "client_2.pem", "client_2.pk8"));

	117 ASSERT_TRUE(cert_2);

105	118

106 std::vector<std::string> authority_1(	119 std::vector<std::string> authority_1(

107 1,	120 1,

108 std::string(reinterpret_cast<const char*>(kAuthority1DN),	121 std::string(reinterpret_cast<const char*>(kAuthority1DN),

109 sizeof(kAuthority1DN)));	122 sizeof(kAuthority1DN)));
	Ryan Sleevi 2014/07/16 20:46:07 Why not update this to match what you did above? Why not update this to match what you did above?
110 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());	123 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());

111 request_1->cert_authorities = authority_1;	124 request_1->cert_authorities = authority_1;

112	125

113 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());	126 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());

114	127

115 base::RunLoop run_loop_1;	128 base::RunLoop run_loop_1;

116 base::RunLoop run_loop_all;	129 base::RunLoop run_loop_all;

117 store.GetClientCerts(	130 store.GetClientCerts(

118 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());	131 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());

119 store.GetClientCerts(	132 store.GetClientCerts(

120 *request_all, &request_all->client_certs, run_loop_all.QuitClosure());	133 *request_all, &request_all->client_certs, run_loop_all.QuitClosure());

121	134

122 run_loop_1.Run();	135 run_loop_1.Run();

123 run_loop_all.Run();	136 run_loop_all.Run();

124	137

125 ASSERT_EQ(0u, request_1->client_certs.size());	138 ASSERT_EQ(1u, request_1->client_certs.size());

126 ASSERT_EQ(2u, request_all->client_certs.size());	139 ASSERT_EQ(2u, request_all->client_certs.size());

127 }	140 }

128	141

129 TEST_F(ClientCertStoreChromeOSTest, TwoUsers) {	142 TEST_F(ClientCertStoreChromeOSTest, TwoUsers) {

130 crypto::ScopedTestNSSChromeOSUser user1("scopeduser1");	143 crypto::ScopedTestNSSChromeOSUser user1("scopeduser1");

131 ASSERT_TRUE(user1.constructed_successfully());	144 ASSERT_TRUE(user1.constructed_successfully());

132 crypto::ScopedTestNSSChromeOSUser user2("scopeduser2");	145 crypto::ScopedTestNSSChromeOSUser user2("scopeduser2");

133 ASSERT_TRUE(user2.constructed_successfully());	146 ASSERT_TRUE(user2.constructed_successfully());

134 ClientCertStoreChromeOS store1(	147 ClientCertStoreChromeOS store1(

135 user1.username_hash(),	148 user1.username_hash(),

136 ClientCertStoreChromeOS::PasswordDelegateFactory());	149 ClientCertStoreChromeOS::PasswordDelegateFactory());

137 ClientCertStoreChromeOS store2(	150 ClientCertStoreChromeOS store2(

138 user2.username_hash(),	151 user2.username_hash(),

139 ClientCertStoreChromeOS::PasswordDelegateFactory());	152 ClientCertStoreChromeOS::PasswordDelegateFactory());

140 scoped_refptr<X509Certificate> cert_1(	153 scoped_refptr<X509Certificate> cert_1(

141 ImportCertForUser(user1.username_hash(), "client.p12", "12345"));	154 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8"));

142 scoped_refptr<X509Certificate> cert_2(ImportCertForUser(	155 ASSERT_TRUE(cert_1);

143 user2.username_hash(), "websocket_client_cert.p12", ""));	156 scoped_refptr<X509Certificate> cert_2(

	157 ImportCertForUser(user2.username_hash(), "client_2.pem", "client_2.pk8"));

	158 ASSERT_TRUE(cert_2);

144	159

145 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());	160 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());

146 scoped_refptr<SSLCertRequestInfo> request_2(new SSLCertRequestInfo());	161 scoped_refptr<SSLCertRequestInfo> request_2(new SSLCertRequestInfo());

147	162

148 base::RunLoop run_loop_1;	163 base::RunLoop run_loop_1;

149 base::RunLoop run_loop_2;	164 base::RunLoop run_loop_2;

	165

150 store1.GetClientCerts(	166 store1.GetClientCerts(

151 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());	167 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());

152 store2.GetClientCerts(	168 store2.GetClientCerts(

153 *request_2, &request_2->client_certs, run_loop_2.QuitClosure());	169 *request_2, &request_2->client_certs, run_loop_2.QuitClosure());

154	170

155 // Callbacks won't be run until nss_util init finishes for the user.	171 // Callbacks won't be run until nss_util init finishes for the user.

156 user1.FinishInit();	172 user1.FinishInit();

157 user2.FinishInit();	173 user2.FinishInit();

158	174

159 run_loop_1.Run();	175 run_loop_1.Run();

160 run_loop_2.Run();	176 run_loop_2.Run();

161	177

162 ASSERT_EQ(1u, request_1->client_certs.size());	178 ASSERT_EQ(1u, request_1->client_certs.size());

163 EXPECT_TRUE(cert_1->Equals(request_1->client_certs[0]));	179 EXPECT_TRUE(cert_1->Equals(request_1->client_certs[0]));

164 // TODO(mattm): Request for second user will have zero results due to	180 ASSERT_EQ(1u, request_2->client_certs.size());

165 // crbug.com/315285. Update the test once that is fixed.	181 EXPECT_TRUE(cert_2->Equals(request_2->client_certs[0]));

166 }	182 }

167	183

168 } // namespace net	184 } // namespace net

OLD	NEW

« crypto/nss_util.cc ('K') | « net/net.gyp ('k') | net/test/cert_test_util.h » ('j') | net/test/cert_test_util.h » ('J')