| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/net/x509_certificate_model.h" | 5 #include "chrome/common/net/x509_certificate_model.h" |
| 6 | 6 |
| 7 #include "base/files/file_path.h" | 7 #include "base/files/file_path.h" |
| 8 #include "base/path_service.h" | 8 #include "base/path_service.h" |
| 9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/test/cert_test_util.h" | 10 #include "net/test/cert_test_util.h" |
| 11 #include "testing/gtest/include/gtest/gtest.h" | 11 #include "testing/gtest/include/gtest/gtest.h" |
| 12 | 12 |
| 13 #if defined(USE_NSS) | 13 #if defined(USE_NSS) |
| 14 #include "crypto/nss_util_internal.h" |
| 14 #include "net/cert/nss_cert_database.h" | 15 #include "net/cert/nss_cert_database.h" |
| 15 #endif | 16 #endif |
| 16 | 17 |
| 17 TEST(X509CertificateModelTest, GetCertNameOrNicknameAndGetTitle) { | 18 TEST(X509CertificateModelTest, GetCertNameOrNicknameAndGetTitle) { |
| 18 scoped_refptr<net::X509Certificate> cert( | 19 scoped_refptr<net::X509Certificate> cert( |
| 19 net::ImportCertFromFile(net::GetTestCertsDirectory(), | 20 net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 20 "root_ca_cert.pem")); | 21 "root_ca_cert.pem")); |
| 21 ASSERT_TRUE(cert.get()); | 22 ASSERT_TRUE(cert.get()); |
| 22 EXPECT_EQ( | 23 EXPECT_EQ( |
| 23 "Test Root CA", | 24 "Test Root CA", |
| (...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 216 ASSERT_TRUE(cert.get()); | 217 ASSERT_TRUE(cert.get()); |
| 217 | 218 |
| 218 #if defined(USE_OPENSSL) | 219 #if defined(USE_OPENSSL) |
| 219 // Remove this when OpenSSL build implements the necessary functions. | 220 // Remove this when OpenSSL build implements the necessary functions. |
| 220 EXPECT_EQ(net::OTHER_CERT, | 221 EXPECT_EQ(net::OTHER_CERT, |
| 221 x509_certificate_model::GetType(cert->os_cert_handle())); | 222 x509_certificate_model::GetType(cert->os_cert_handle())); |
| 222 #else | 223 #else |
| 223 EXPECT_EQ(net::CA_CERT, | 224 EXPECT_EQ(net::CA_CERT, |
| 224 x509_certificate_model::GetType(cert->os_cert_handle())); | 225 x509_certificate_model::GetType(cert->os_cert_handle())); |
| 225 | 226 |
| 227 // Additional parantheses required to disambiguate from function declaration. |
| 228 net::NSSCertDatabase db( |
| 229 (crypto::ScopedPK11Slot( |
| 230 crypto::GetPersistentNSSKeySlot())) /* public slot */, |
| 231 crypto::ScopedPK11Slot( |
| 232 crypto::GetPersistentNSSKeySlot()) /* private lot */); |
| 233 |
| 226 // Test that explicitly distrusted CA certs are still returned as CA_CERT | 234 // Test that explicitly distrusted CA certs are still returned as CA_CERT |
| 227 // type. See http://crbug.com/96654. | 235 // type. See http://crbug.com/96654. |
| 228 EXPECT_TRUE(net::NSSCertDatabase::GetInstance()->SetCertTrust( | 236 EXPECT_TRUE(db.SetCertTrust( |
| 229 cert.get(), net::CA_CERT, net::NSSCertDatabase::DISTRUSTED_SSL)); | 237 cert.get(), net::CA_CERT, net::NSSCertDatabase::DISTRUSTED_SSL)); |
| 230 | 238 |
| 231 EXPECT_EQ(net::CA_CERT, | 239 EXPECT_EQ(net::CA_CERT, |
| 232 x509_certificate_model::GetType(cert->os_cert_handle())); | 240 x509_certificate_model::GetType(cert->os_cert_handle())); |
| 233 #endif | 241 #endif |
| 234 } | 242 } |
| 235 | 243 |
| 236 TEST(X509CertificateModelTest, GetTypeServer) { | 244 TEST(X509CertificateModelTest, GetTypeServer) { |
| 237 scoped_refptr<net::X509Certificate> cert( | 245 scoped_refptr<net::X509Certificate> cert( |
| 238 net::ImportCertFromFile(net::GetTestCertsDirectory(), | 246 net::ImportCertFromFile(net::GetTestCertsDirectory(), |
| 239 "google.single.der")); | 247 "google.single.der")); |
| 240 ASSERT_TRUE(cert.get()); | 248 ASSERT_TRUE(cert.get()); |
| 241 | 249 |
| 242 #if defined(USE_OPENSSL) | 250 #if defined(USE_OPENSSL) |
| 243 // Remove this when OpenSSL build implements the necessary functions. | 251 // Remove this when OpenSSL build implements the necessary functions. |
| 244 EXPECT_EQ(net::OTHER_CERT, | 252 EXPECT_EQ(net::OTHER_CERT, |
| 245 x509_certificate_model::GetType(cert->os_cert_handle())); | 253 x509_certificate_model::GetType(cert->os_cert_handle())); |
| 246 #else | 254 #else |
| 247 // Test mozilla_security_manager::GetCertType with server certs and default | 255 // Test mozilla_security_manager::GetCertType with server certs and default |
| 248 // trust. Currently this doesn't work. | 256 // trust. Currently this doesn't work. |
| 249 // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can | 257 // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can |
| 250 // tell server certs even if they have no trust bits set. | 258 // tell server certs even if they have no trust bits set. |
| 251 EXPECT_EQ(net::OTHER_CERT, | 259 EXPECT_EQ(net::OTHER_CERT, |
| 252 x509_certificate_model::GetType(cert->os_cert_handle())); | 260 x509_certificate_model::GetType(cert->os_cert_handle())); |
| 253 | 261 |
| 254 net::NSSCertDatabase* cert_db = net::NSSCertDatabase::GetInstance(); | 262 // Additional parantheses required to disambiguate from function declaration. |
| 263 net::NSSCertDatabase db( |
| 264 (crypto::ScopedPK11Slot( |
| 265 crypto::GetPersistentNSSKeySlot())) /* public slot */, |
| 266 crypto::ScopedPK11Slot( |
| 267 crypto::GetPersistentNSSKeySlot()) /* private lot */); |
| 268 |
| 255 // Test GetCertType with server certs and explicit trust. | 269 // Test GetCertType with server certs and explicit trust. |
| 256 EXPECT_TRUE(cert_db->SetCertTrust( | 270 EXPECT_TRUE(db.SetCertTrust( |
| 257 cert.get(), net::SERVER_CERT, net::NSSCertDatabase::TRUSTED_SSL)); | 271 cert.get(), net::SERVER_CERT, net::NSSCertDatabase::TRUSTED_SSL)); |
| 258 | 272 |
| 259 EXPECT_EQ(net::SERVER_CERT, | 273 EXPECT_EQ(net::SERVER_CERT, |
| 260 x509_certificate_model::GetType(cert->os_cert_handle())); | 274 x509_certificate_model::GetType(cert->os_cert_handle())); |
| 261 | 275 |
| 262 // Test GetCertType with server certs and explicit distrust. | 276 // Test GetCertType with server certs and explicit distrust. |
| 263 EXPECT_TRUE(cert_db->SetCertTrust( | 277 EXPECT_TRUE(db.SetCertTrust( |
| 264 cert.get(), net::SERVER_CERT, net::NSSCertDatabase::DISTRUSTED_SSL)); | 278 cert.get(), net::SERVER_CERT, net::NSSCertDatabase::DISTRUSTED_SSL)); |
| 265 | 279 |
| 266 EXPECT_EQ(net::SERVER_CERT, | 280 EXPECT_EQ(net::SERVER_CERT, |
| 267 x509_certificate_model::GetType(cert->os_cert_handle())); | 281 x509_certificate_model::GetType(cert->os_cert_handle())); |
| 268 #endif | 282 #endif |
| 269 } | 283 } |
| 270 | 284 |
| 271 // An X.509 v1 certificate with the version field omitted should get | 285 // An X.509 v1 certificate with the version field omitted should get |
| 272 // the default value v1. | 286 // the default value v1. |
| 273 TEST(X509CertificateModelTest, GetVersionOmitted) { | 287 TEST(X509CertificateModelTest, GetVersionOmitted) { |
| (...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 427 "09 6B 5A 6B F1 95 D3 9D 3F E0 42 63 FC B7 32 90\n" | 441 "09 6B 5A 6B F1 95 D3 9D 3F E0 42 63 FC B7 32 90\n" |
| 428 "55 56 F2 76 1B 71 38 BD BD FB 3B 23 50 46 4C 2C\n" | 442 "55 56 F2 76 1B 71 38 BD BD FB 3B 23 50 46 4C 2C\n" |
| 429 "4E 49 48 52 EA 05 5F 16 F2 98 51 AF 2F 79 36 2A\n" | 443 "4E 49 48 52 EA 05 5F 16 F2 98 51 AF 2F 79 36 2A\n" |
| 430 "A0 BA 36 68 1B 29 8B 7B E8 8C EA 73 31 E5 86 D7\n" | 444 "A0 BA 36 68 1B 29 8B 7B E8 8C EA 73 31 E5 86 D7\n" |
| 431 "2C D8 56 06 43 D7 72 D2 F0 27 4E 64 0A 2B 27 38\n" | 445 "2C D8 56 06 43 D7 72 D2 F0 27 4E 64 0A 2B 27 38\n" |
| 432 "36 CD BE C1 33 DB 74 4B 4E 74 BE 21 BD F6 81 66\n" | 446 "36 CD BE C1 33 DB 74 4B 4E 74 BE 21 BD F6 81 66\n" |
| 433 "D2 FD 2B 7F F4 55 36 C0 ED A7 44 CA B1 78 1D 0F", | 447 "D2 FD 2B 7F F4 55 36 C0 ED A7 44 CA B1 78 1D 0F", |
| 434 x509_certificate_model::ProcessRawBitsSignatureWrap( | 448 x509_certificate_model::ProcessRawBitsSignatureWrap( |
| 435 cert->os_cert_handle())); | 449 cert->os_cert_handle())); |
| 436 } | 450 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 405973003:
Remove the deprecated NSSCertDatabase::GetInstance() . (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src