| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> | 5 #include <cert.h> |
| 6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/crypto/scoped_nss_types.h" | 10 #include "base/crypto/scoped_nss_types.h" |
| (...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 173 | 173 |
| 174 // TODO(mattm): move export test to seperate test case? | 174 // TODO(mattm): move export test to seperate test case? |
| 175 std::string exported_data; | 175 std::string exported_data; |
| 176 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 176 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 177 &exported_data)); | 177 &exported_data)); |
| 178 ASSERT_LT(0U, exported_data.size()); | 178 ASSERT_LT(0U, exported_data.size()); |
| 179 // TODO(mattm): further verification of exported data? | 179 // TODO(mattm): further verification of exported data? |
| 180 } | 180 } |
| 181 | 181 |
| 182 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { | 182 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { |
| 183 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 183 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
| 184 | 184 |
| 185 CertificateList certs = | 185 CertificateList certs = |
| 186 X509Certificate::CreateCertificateListFromBytes( | 186 X509Certificate::CreateCertificateListFromBytes( |
| 187 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 187 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| 188 ASSERT_EQ(1U, certs.size()); | 188 ASSERT_EQ(1U, certs.size()); |
| 189 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); | 189 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); |
| 190 | 190 |
| 191 // Import it. | 191 // Import it. |
| 192 CertDatabase::ImportCertFailureList failed; | 192 CertDatabase::ImportCertFailureList failed; |
| 193 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, | 193 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, |
| 194 &failed)); | 194 &failed)); |
| 195 | 195 |
| 196 EXPECT_EQ(0U, failed.size()); | 196 EXPECT_EQ(0U, failed.size()); |
| 197 | 197 |
| 198 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 198 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 199 ASSERT_EQ(1U, cert_list.size()); | 199 ASSERT_EQ(1U, cert_list.size()); |
| 200 scoped_refptr<X509Certificate> cert(cert_list[0]); | 200 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 201 EXPECT_EQ("Test CA", cert->subject().common_name); | 201 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
| 202 | 202 |
| 203 EXPECT_EQ(CertDatabase::TRUSTED_SSL, | 203 EXPECT_EQ(CertDatabase::TRUSTED_SSL, |
| 204 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 204 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
| 205 | 205 |
| 206 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 206 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
| 207 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 207 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
| 208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
| 209 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 209 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
| 210 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 210 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| 211 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 211 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| 212 } | 212 } |
| 213 | 213 |
| 214 TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) { | 214 TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) { |
| 215 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 215 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
| 216 | 216 |
| 217 CertificateList certs = | 217 CertificateList certs = |
| 218 X509Certificate::CreateCertificateListFromBytes( | 218 X509Certificate::CreateCertificateListFromBytes( |
| 219 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 219 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| 220 ASSERT_EQ(1U, certs.size()); | 220 ASSERT_EQ(1U, certs.size()); |
| 221 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); | 221 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); |
| 222 | 222 |
| 223 // Import it. | 223 // Import it. |
| 224 CertDatabase::ImportCertFailureList failed; | 224 CertDatabase::ImportCertFailureList failed; |
| 225 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, | 225 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, |
| 226 &failed)); | 226 &failed)); |
| 227 | 227 |
| 228 EXPECT_EQ(0U, failed.size()); | 228 EXPECT_EQ(0U, failed.size()); |
| 229 | 229 |
| 230 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 230 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 231 ASSERT_EQ(1U, cert_list.size()); | 231 ASSERT_EQ(1U, cert_list.size()); |
| 232 scoped_refptr<X509Certificate> cert(cert_list[0]); | 232 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 233 EXPECT_EQ("Test CA", cert->subject().common_name); | 233 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
| 234 | 234 |
| 235 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, | 235 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, |
| 236 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 236 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
| 237 | 237 |
| 238 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 238 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
| 239 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 239 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
| 240 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 240 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
| 241 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 241 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
| 242 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 242 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| 243 } | 243 } |
| 244 | 244 |
| 245 TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) { | 245 TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) { |
| 246 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 246 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
| 247 | 247 |
| 248 CertificateList certs = | 248 CertificateList certs = |
| 249 X509Certificate::CreateCertificateListFromBytes( | 249 X509Certificate::CreateCertificateListFromBytes( |
| 250 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 250 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| 251 ASSERT_EQ(1U, certs.size()); | 251 ASSERT_EQ(1U, certs.size()); |
| 252 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); | 252 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); |
| 253 | 253 |
| 254 // Import it. | 254 // Import it. |
| 255 CertDatabase::ImportCertFailureList failed; | 255 CertDatabase::ImportCertFailureList failed; |
| 256 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, | 256 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, |
| 257 &failed)); | 257 &failed)); |
| 258 | 258 |
| 259 EXPECT_EQ(0U, failed.size()); | 259 EXPECT_EQ(0U, failed.size()); |
| 260 | 260 |
| 261 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 261 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 262 ASSERT_EQ(1U, cert_list.size()); | 262 ASSERT_EQ(1U, cert_list.size()); |
| 263 scoped_refptr<X509Certificate> cert(cert_list[0]); | 263 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 264 EXPECT_EQ("Test CA", cert->subject().common_name); | 264 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
| 265 | 265 |
| 266 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, | 266 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, |
| 267 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 267 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
| 268 | 268 |
| 269 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 269 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
| 270 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 270 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
| 271 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 271 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
| 272 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 272 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
| 273 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 273 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
| 274 } | 274 } |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 395 EXPECT_EQ(0U, failed.size()); | 395 EXPECT_EQ(0U, failed.size()); |
| 396 | 396 |
| 397 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 397 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 398 ASSERT_EQ(3U, cert_list.size()); | 398 ASSERT_EQ(3U, cert_list.size()); |
| 399 EXPECT_EQ("DOD CA-13", cert_list[0]->subject().common_name); | 399 EXPECT_EQ("DOD CA-13", cert_list[0]->subject().common_name); |
| 400 EXPECT_EQ("DoD Root CA 2", cert_list[1]->subject().common_name); | 400 EXPECT_EQ("DoD Root CA 2", cert_list[1]->subject().common_name); |
| 401 EXPECT_EQ("DOD CA-17", cert_list[2]->subject().common_name); | 401 EXPECT_EQ("DOD CA-17", cert_list[2]->subject().common_name); |
| 402 } | 402 } |
| 403 | 403 |
| 404 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) { | 404 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) { |
| 405 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 405 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
| 406 CertificateList certs = | 406 CertificateList certs = |
| 407 X509Certificate::CreateCertificateListFromBytes( | 407 X509Certificate::CreateCertificateListFromBytes( |
| 408 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 408 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| 409 ASSERT_EQ(1U, certs.size()); | 409 ASSERT_EQ(1U, certs.size()); |
| 410 ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs)); | 410 ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs)); |
| 411 ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs)); | 411 ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs)); |
| 412 | 412 |
| 413 // Import it. | 413 // Import it. |
| 414 CertDatabase::ImportCertFailureList failed; | 414 CertDatabase::ImportCertFailureList failed; |
| 415 EXPECT_EQ(true, cert_db_.ImportCACerts( | 415 EXPECT_EQ(true, cert_db_.ImportCACerts( |
| 416 certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL | | 416 certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL | |
| 417 CertDatabase::TRUSTED_OBJ_SIGN, &failed)); | 417 CertDatabase::TRUSTED_OBJ_SIGN, &failed)); |
| 418 | 418 |
| 419 ASSERT_EQ(2U, failed.size()); | 419 ASSERT_EQ(2U, failed.size()); |
| 420 // TODO(mattm): should check for net error equivalent of | 420 // TODO(mattm): should check for net error equivalent of |
| 421 // SEC_ERROR_UNKNOWN_ISSUER | 421 // SEC_ERROR_UNKNOWN_ISSUER |
| 422 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); | 422 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); |
| 423 EXPECT_EQ(ERR_FAILED, failed[0].net_error); | 423 EXPECT_EQ(ERR_FAILED, failed[0].net_error); |
| 424 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); | 424 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); |
| 425 EXPECT_EQ(ERR_FAILED, failed[1].net_error); | 425 EXPECT_EQ(ERR_FAILED, failed[1].net_error); |
| 426 | 426 |
| 427 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 427 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
| 428 ASSERT_EQ(1U, cert_list.size()); | 428 ASSERT_EQ(1U, cert_list.size()); |
| 429 EXPECT_EQ("Test CA", cert_list[0]->subject().common_name); | 429 EXPECT_EQ("Test Root CA", cert_list[0]->subject().common_name); |
| 430 } | 430 } |
| 431 | 431 |
| 432 TEST_F(CertDatabaseNSSTest, ImportServerCert) { | 432 TEST_F(CertDatabaseNSSTest, ImportServerCert) { |
| 433 // Need to import intermediate cert for the verify of google cert, otherwise | 433 // Need to import intermediate cert for the verify of google cert, otherwise |
| 434 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which | 434 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which |
| 435 // will cause OCSPCreateSession on the main thread, which is not allowed. | 435 // will cause OCSPCreateSession on the main thread, which is not allowed. |
| 436 std::string cert_data = ReadTestFile("google.chain.pem"); | 436 std::string cert_data = ReadTestFile("google.chain.pem"); |
| 437 CertificateList certs = | 437 CertificateList certs = |
| 438 X509Certificate::CreateCertificateListFromBytes( | 438 X509Certificate::CreateCertificateListFromBytes( |
| 439 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 439 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 493 puny_cert.get(), CA_CERT, | 493 puny_cert.get(), CA_CERT, |
| 494 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 494 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
| 495 | 495 |
| 496 verify_result.Reset(); | 496 verify_result.Reset(); |
| 497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); | 497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); |
| 498 EXPECT_EQ(OK, error); | 498 EXPECT_EQ(OK, error); |
| 499 EXPECT_EQ(0, verify_result.cert_status); | 499 EXPECT_EQ(0, verify_result.cert_status); |
| 500 } | 500 } |
| 501 | 501 |
| 502 } // namespace net | 502 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5535006:
Add unittests for net::TestRootCerts and regenerate test certificates (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src