Test NSSCertDatabaseChromeOS in the presence of the system slot.

net/ssl/client_cert_store_chromeos_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/ssl/client_cert_store_chromeos.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/callback.h"
 #include "base/file_util.h"
 #include "base/run_loop.h"
-#include "crypto/nss_util.h"
 #include "crypto/nss_util_internal.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/scoped_test_nss_chromeos_user.h"
 #include "crypto/scoped_test_system_nss_key_slot.h"
 #include "net/base/test_data_directory.h"
-#include "net/cert/cert_type.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/client_cert_store_unittest-inl.h"
 #include "net/test/cert_test_util.h"
 
 namespace net {
 
 namespace {
 
-bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert,
-                            PK11SlotInfo* slot) {
-  std::string nickname = cert->GetDefaultNickname(USER_CERT);
-  {
-    crypto::AutoNSSWriteLock lock;
-    SECStatus rv = PK11_ImportCert(slot,
-                                   cert->os_cert_handle(),
-                                   CK_INVALID_HANDLE,
-                                   nickname.c_str(),
-                                   PR_FALSE);
-    if (rv != SECSuccess) {
-      LOG(ERROR) << "Could not import cert";
-      return false;
-    }
-  }
-  return true;
-}
-
 enum ReadFromSlot {
   READ_FROM_SLOT_USER,
   READ_FROM_SLOT_SYSTEM
 };
 
 enum SystemSlotAvailability {
   SYSTEM_SLOT_AVAILABILITY_ENABLED,
   SYSTEM_SLOT_AVAILABILITY_DISABLED
 };
 
@@ skipping 103 matching lines @@
 // the system slot is enabled in the store.
 typedef ClientCertStoreChromeOSTestDelegate<READ_FROM_SLOT_SYSTEM,
                                             SYSTEM_SLOT_AVAILABILITY_ENABLED>
     DelegateReadSystem;
 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS_ReadSystem,
                               ClientCertStoreTest,
                               DelegateReadSystem);
 
 class ClientCertStoreChromeOSTest : public ::testing::Test {
  public:
-  scoped_refptr<X509Certificate> ImportCertToSlot(
-      const std::string& cert_filename,
-      const std::string& key_filename,
-      PK11SlotInfo* slot) {
-    if (!ImportSensitiveKeyFromFile(
-            GetTestCertsDirectory(), key_filename, slot)) {
-      LOG(ERROR) << "Could not import private key from file " << key_filename;
-      return NULL;
-    }
-
-    scoped_refptr<X509Certificate> cert(
-        ImportCertFromFile(GetTestCertsDirectory(), cert_filename));
-
-    if (!cert) {
-      LOG(ERROR) << "Failed to parse cert from file " << cert_filename;
-      return NULL;
-    }
-
-    if (!ImportClientCertToSlot(cert, slot))
-      return NULL;
-
-    // |cert| continues to point to the original X509Certificate before the
-    // import to |slot|. However this should not make a difference for this
-    // test.
-    return cert;
-  }
-
   scoped_refptr<X509Certificate> ImportCertForUser(
       const std::string& username_hash,
       const std::string& cert_filename,
       const std::string& key_filename) {
     crypto::ScopedPK11Slot slot(
         crypto::GetPublicSlotForChromeOSUser(username_hash));
     if (!slot) {
       LOG(ERROR) << "No slot for user " << username_hash;
       return NULL;
     }
 
-    return ImportCertToSlot(cert_filename, key_filename, slot.get());
+    return ImportClientCertAndKeyFromFile(
+        GetTestCertsDirectory(), cert_filename, key_filename, slot.get());
   }
 
 };
 
 // Ensure that cert requests, that are started before the user's NSS DB is
 // initialized, will wait for the initialization and succeed afterwards.
 TEST_F(ClientCertStoreChromeOSTest, RequestWaitsForNSSInitAndSucceeds) {
   crypto::ScopedTestNSSChromeOSUser user("scopeduser");
   ASSERT_TRUE(user.constructed_successfully());
 
@@ skipping 122 matching lines @@
 
   ClientCertStoreChromeOS store(
       false /* do not use system slot */,
       user1.username_hash(),
       ClientCertStoreChromeOS::PasswordDelegateFactory());
 
   scoped_refptr<X509Certificate> cert_1(
       ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8"));
   ASSERT_TRUE(cert_1);
   scoped_refptr<X509Certificate> cert_2(
-      ImportCertToSlot("client_2.pem", "client_2.pk8", system_slot.slot()));
+      ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
+                                     "client_2.pem",
+                                     "client_2.pk8",
+                                     system_slot.slot()));
   ASSERT_TRUE(cert_2);
 
   scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());
 
   base::RunLoop run_loop;
 
   CertificateList selected_certs;
   store.GetClientCerts(*request_all, &selected_certs, run_loop.QuitClosure());
 
   run_loop.Run();
 
   // store should only return certs of the user, namely cert_1.
   ASSERT_EQ(1u, selected_certs.size());
   EXPECT_TRUE(cert_1->Equals(selected_certs[0]));
 }
 
 }  // namespace net