OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" | 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
6 | 6 |
7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
145 | 145 |
146 // The profile is not tainted. | 146 // The profile is not tainted. |
147 base::RunLoop().RunUntilIdle(); | 147 base::RunLoop().RunUntilIdle(); |
148 EXPECT_FALSE( | 148 EXPECT_FALSE( |
149 profile_->GetPrefs()->GetBoolean(prefs::kUsedPolicyCertificatesOnce)); | 149 profile_->GetPrefs()->GetBoolean(prefs::kUsedPolicyCertificatesOnce)); |
150 } | 150 } |
151 | 151 |
152 TEST_F(PolicyCertVerifierTest, VerifyTrustedCert) { | 152 TEST_F(PolicyCertVerifierTest, VerifyTrustedCert) { |
153 // |ca_cert| is the issuer of |cert|. | 153 // |ca_cert| is the issuer of |cert|. |
154 scoped_refptr<net::X509Certificate> ca_cert = | 154 scoped_refptr<net::X509Certificate> ca_cert = |
155 LoadCertificate("root_ca_cert.crt", net::CA_CERT); | 155 LoadCertificate("root_ca_cert.pem", net::CA_CERT); |
156 ASSERT_TRUE(ca_cert.get()); | 156 ASSERT_TRUE(ca_cert.get()); |
157 scoped_refptr<net::X509Certificate> cert = | 157 scoped_refptr<net::X509Certificate> cert = |
158 LoadCertificate("ok_cert.pem", net::SERVER_CERT); | 158 LoadCertificate("ok_cert.pem", net::SERVER_CERT); |
159 ASSERT_TRUE(cert.get()); | 159 ASSERT_TRUE(cert.get()); |
160 | 160 |
161 // Make the database trust |ca_cert|. | 161 // Make the database trust |ca_cert|. |
162 net::CertificateList import_list; | 162 net::CertificateList import_list; |
163 import_list.push_back(ca_cert); | 163 import_list.push_back(ca_cert); |
164 net::NSSCertDatabase::ImportCertFailureList failure_list; | 164 net::NSSCertDatabase::ImportCertFailureList failure_list; |
165 ASSERT_TRUE(cert_db_->ImportCACerts( | 165 ASSERT_TRUE(cert_db_->ImportCACerts( |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
199 } | 199 } |
200 | 200 |
201 TEST_F(PolicyCertVerifierTest, VerifyUsingAdditionalTrustAnchor) { | 201 TEST_F(PolicyCertVerifierTest, VerifyUsingAdditionalTrustAnchor) { |
202 if (!SupportsAdditionalTrustAnchors()) { | 202 if (!SupportsAdditionalTrustAnchors()) { |
203 LOG(INFO) << "Test skipped on this platform. NSS >= 3.14.2 required."; | 203 LOG(INFO) << "Test skipped on this platform. NSS >= 3.14.2 required."; |
204 return; | 204 return; |
205 } | 205 } |
206 | 206 |
207 // |ca_cert| is the issuer of |cert|. | 207 // |ca_cert| is the issuer of |cert|. |
208 scoped_refptr<net::X509Certificate> ca_cert = | 208 scoped_refptr<net::X509Certificate> ca_cert = |
209 LoadCertificate("root_ca_cert.crt", net::CA_CERT); | 209 LoadCertificate("root_ca_cert.pem", net::CA_CERT); |
210 ASSERT_TRUE(ca_cert.get()); | 210 ASSERT_TRUE(ca_cert.get()); |
211 scoped_refptr<net::X509Certificate> cert = | 211 scoped_refptr<net::X509Certificate> cert = |
212 LoadCertificate("ok_cert.pem", net::SERVER_CERT); | 212 LoadCertificate("ok_cert.pem", net::SERVER_CERT); |
213 ASSERT_TRUE(cert.get()); | 213 ASSERT_TRUE(cert.get()); |
214 | 214 |
215 net::CertificateList additional_trust_anchors; | 215 net::CertificateList additional_trust_anchors; |
216 additional_trust_anchors.push_back(ca_cert); | 216 additional_trust_anchors.push_back(ca_cert); |
217 | 217 |
218 // Verify() successfully verifies |cert|, using |ca_cert| from the list of | 218 // Verify() successfully verifies |cert|, using |ca_cert| from the list of |
219 // |additional_trust_anchors|. | 219 // |additional_trust_anchors|. |
(...skipping 24 matching lines...) Expand all Loading... |
244 } | 244 } |
245 | 245 |
246 TEST_F(PolicyCertVerifierTest, ProfileRemainsTainted) { | 246 TEST_F(PolicyCertVerifierTest, ProfileRemainsTainted) { |
247 if (!SupportsAdditionalTrustAnchors()) { | 247 if (!SupportsAdditionalTrustAnchors()) { |
248 LOG(INFO) << "Test skipped on this platform. NSS >= 3.14.2 required."; | 248 LOG(INFO) << "Test skipped on this platform. NSS >= 3.14.2 required."; |
249 return; | 249 return; |
250 } | 250 } |
251 | 251 |
252 // |ca_cert| is the issuer of |cert|. | 252 // |ca_cert| is the issuer of |cert|. |
253 scoped_refptr<net::X509Certificate> ca_cert = | 253 scoped_refptr<net::X509Certificate> ca_cert = |
254 LoadCertificate("root_ca_cert.crt", net::CA_CERT); | 254 LoadCertificate("root_ca_cert.pem", net::CA_CERT); |
255 ASSERT_TRUE(ca_cert.get()); | 255 ASSERT_TRUE(ca_cert.get()); |
256 scoped_refptr<net::X509Certificate> cert = | 256 scoped_refptr<net::X509Certificate> cert = |
257 LoadCertificate("ok_cert.pem", net::SERVER_CERT); | 257 LoadCertificate("ok_cert.pem", net::SERVER_CERT); |
258 ASSERT_TRUE(cert.get()); | 258 ASSERT_TRUE(cert.get()); |
259 | 259 |
260 net::CertificateList additional_trust_anchors; | 260 net::CertificateList additional_trust_anchors; |
261 additional_trust_anchors.push_back(ca_cert); | 261 additional_trust_anchors.push_back(ca_cert); |
262 | 262 |
263 // |cert| is untrusted, so Verify() fails. | 263 // |cert| is untrusted, so Verify() fails. |
264 net::CertVerifyResult verify_result; | 264 net::CertVerifyResult verify_result; |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
323 // Note: this hits the cached result from the first Verify() in this test. | 323 // Note: this hits the cached result from the first Verify() in this test. |
324 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); | 324 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, error); |
325 | 325 |
326 // The profile is still tainted. | 326 // The profile is still tainted. |
327 base::RunLoop().RunUntilIdle(); | 327 base::RunLoop().RunUntilIdle(); |
328 EXPECT_TRUE( | 328 EXPECT_TRUE( |
329 profile_->GetPrefs()->GetBoolean(prefs::kUsedPolicyCertificatesOnce)); | 329 profile_->GetPrefs()->GetBoolean(prefs::kUsedPolicyCertificatesOnce)); |
330 } | 330 } |
331 | 331 |
332 } // namespace policy | 332 } // namespace policy |
OLD | NEW |