Test NSSCertDatabaseChromeOS in the presence of the system slot.

net/cert/nss_cert_database_chromeos_unittest.cc

Index: net/cert/nss_cert_database_chromeos_unittest.cc
diff --git a/net/cert/nss_cert_database_chromeos_unittest.cc b/net/cert/nss_cert_database_chromeos_unittest.cc
index 900edadd1f0a56fced26b9fc1efbfb4b54e3112e..13396b6ebd66fc5669d50950a2086be0d483cb5a 100644
--- a/net/cert/nss_cert_database_chromeos_unittest.cc
+++ b/net/cert/nss_cert_database_chromeos_unittest.cc
@@ -10,6 +10,7 @@
 #include "base/run_loop.h"
 #include "crypto/nss_util_internal.h"
 #include "crypto/scoped_test_nss_chromeos_user.h"
+#include "crypto/scoped_test_nss_db.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/cert_database.h"
 #include "net/test/cert_test_util.h"
@@ -61,6 +62,8 @@ class NSSCertDatabaseChromeOSTest : public testing::Test,
             user_1_.username_hash(),
             base::Callback<void(crypto::ScopedPK11Slot)>())));
     db_1_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current());
+    db_1_->SetSystemSlot(
+        crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot())));
     db_2_.reset(new NSSCertDatabaseChromeOS(
         crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()),
         crypto::GetPrivateSlotForChromeOSUser(
@@ -98,6 +101,7 @@ class NSSCertDatabaseChromeOSTest : public testing::Test,
 
   crypto::ScopedTestNSSChromeOSUser user_1_;
   crypto::ScopedTestNSSChromeOSUser user_2_;
+  crypto::ScopedTestNSSDB system_db_;
   scoped_ptr<NSSCertDatabaseChromeOS> db_1_;
   scoped_ptr<NSSCertDatabaseChromeOS> db_2_;
 };
@@ -276,4 +280,40 @@ TEST_F(NSSCertDatabaseChromeOSTest, NoCrashIfShutdownBeforeDoneOnWorkerPool) {
   EXPECT_LT(0U, certlist.size());
 }
 
+TEST_F(NSSCertDatabaseChromeOSTest, ListCertsReadsSystemSlot) {
+  scoped_refptr<X509Certificate> cert_1(
+      ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
+                                     "client_1.pem",
+                                     "client_1.pk8",
+                                     db_1_->GetPublicSlot().get()));
+
+  scoped_refptr<X509Certificate> cert_2(
+      ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
+                                     "client_2.pem",
+                                     "client_2.pk8",
+                                     db_1_->GetSystemSlot().get()));
+  CertificateList certs;
+  db_1_->ListCertsSync(&certs);
+  EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs));
+  EXPECT_TRUE(IsCertInCertificateList(cert_2.get(), certs));
+}
+
+TEST_F(NSSCertDatabaseChromeOSTest, ListCertsDoesNotCrossReadSystemSlot) {
+  scoped_refptr<X509Certificate> cert_1(
+      ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
+                                     "client_1.pem",
+                                     "client_1.pk8",
+                                     db_2_->GetPublicSlot().get()));
+
+  scoped_refptr<X509Certificate> cert_2(
+      ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
+                                     "client_2.pem",
+                                     "client_2.pk8",
+                                     system_db_.slot()));
+  CertificateList certs;
+  db_2_->ListCertsSync(&certs);
+  EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs));
+  EXPECT_FALSE(IsCertInCertificateList(cert_2.get(), certs));
+}
+
 }  // namespace net