Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(158)

Side by Side Diff: net/base/cert_database_nss_unittest.cc

Issue 5535006: Add unittests for net::TestRootCerts and regenerate test certificates (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address wtc feedback Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <cert.h> 5 #include <cert.h>
6 #include <pk11pub.h> 6 #include <pk11pub.h>
7 7
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/crypto/scoped_nss_types.h" 10 #include "base/crypto/scoped_nss_types.h"
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after
173 173
174 // TODO(mattm): move export test to seperate test case? 174 // TODO(mattm): move export test to seperate test case?
175 std::string exported_data; 175 std::string exported_data;
176 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), 176 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"),
177 &exported_data)); 177 &exported_data));
178 ASSERT_LT(0U, exported_data.size()); 178 ASSERT_LT(0U, exported_data.size());
179 // TODO(mattm): further verification of exported data? 179 // TODO(mattm): further verification of exported data?
180 } 180 }
181 181
182 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { 182 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) {
183 std::string cert_data = ReadTestFile("root_ca_cert.crt"); 183 std::string cert_data = ReadTestFile("root_ca_cert.pem");
184 184
185 CertificateList certs = 185 CertificateList certs =
186 X509Certificate::CreateCertificateListFromBytes( 186 X509Certificate::CreateCertificateListFromBytes(
187 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); 187 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
188 ASSERT_EQ(1U, certs.size()); 188 ASSERT_EQ(1U, certs.size());
189 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); 189 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
190 190
191 // Import it. 191 // Import it.
192 CertDatabase::ImportCertFailureList failed; 192 CertDatabase::ImportCertFailureList failed;
193 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, 193 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL,
194 &failed)); 194 &failed));
195 195
196 EXPECT_EQ(0U, failed.size()); 196 EXPECT_EQ(0U, failed.size());
197 197
198 CertificateList cert_list = ListCertsInSlot(slot_.get()); 198 CertificateList cert_list = ListCertsInSlot(slot_.get());
199 ASSERT_EQ(1U, cert_list.size()); 199 ASSERT_EQ(1U, cert_list.size());
200 scoped_refptr<X509Certificate> cert(cert_list[0]); 200 scoped_refptr<X509Certificate> cert(cert_list[0]);
201 EXPECT_EQ("Test CA", cert->subject().common_name); 201 EXPECT_EQ("Test Root CA", cert->subject().common_name);
202 202
203 EXPECT_EQ(CertDatabase::TRUSTED_SSL, 203 EXPECT_EQ(CertDatabase::TRUSTED_SSL,
204 cert_db_.GetCertTrust(cert.get(), CA_CERT)); 204 cert_db_.GetCertTrust(cert.get(), CA_CERT));
205 205
206 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); 206 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust);
207 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); 207 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE));
208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); 208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE));
209 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); 209 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE));
210 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); 210 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE));
211 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); 211 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE));
212 } 212 }
213 213
214 TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) { 214 TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) {
215 std::string cert_data = ReadTestFile("root_ca_cert.crt"); 215 std::string cert_data = ReadTestFile("root_ca_cert.pem");
216 216
217 CertificateList certs = 217 CertificateList certs =
218 X509Certificate::CreateCertificateListFromBytes( 218 X509Certificate::CreateCertificateListFromBytes(
219 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); 219 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
220 ASSERT_EQ(1U, certs.size()); 220 ASSERT_EQ(1U, certs.size());
221 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); 221 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
222 222
223 // Import it. 223 // Import it.
224 CertDatabase::ImportCertFailureList failed; 224 CertDatabase::ImportCertFailureList failed;
225 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, 225 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL,
226 &failed)); 226 &failed));
227 227
228 EXPECT_EQ(0U, failed.size()); 228 EXPECT_EQ(0U, failed.size());
229 229
230 CertificateList cert_list = ListCertsInSlot(slot_.get()); 230 CertificateList cert_list = ListCertsInSlot(slot_.get());
231 ASSERT_EQ(1U, cert_list.size()); 231 ASSERT_EQ(1U, cert_list.size());
232 scoped_refptr<X509Certificate> cert(cert_list[0]); 232 scoped_refptr<X509Certificate> cert(cert_list[0]);
233 EXPECT_EQ("Test CA", cert->subject().common_name); 233 EXPECT_EQ("Test Root CA", cert->subject().common_name);
234 234
235 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, 235 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL,
236 cert_db_.GetCertTrust(cert.get(), CA_CERT)); 236 cert_db_.GetCertTrust(cert.get(), CA_CERT));
237 237
238 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); 238 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust);
239 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); 239 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE));
240 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); 240 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE));
241 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); 241 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE));
242 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); 242 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE));
243 } 243 }
244 244
245 TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) { 245 TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) {
246 std::string cert_data = ReadTestFile("root_ca_cert.crt"); 246 std::string cert_data = ReadTestFile("root_ca_cert.pem");
247 247
248 CertificateList certs = 248 CertificateList certs =
249 X509Certificate::CreateCertificateListFromBytes( 249 X509Certificate::CreateCertificateListFromBytes(
250 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); 250 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
251 ASSERT_EQ(1U, certs.size()); 251 ASSERT_EQ(1U, certs.size());
252 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); 252 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm);
253 253
254 // Import it. 254 // Import it.
255 CertDatabase::ImportCertFailureList failed; 255 CertDatabase::ImportCertFailureList failed;
256 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, 256 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN,
257 &failed)); 257 &failed));
258 258
259 EXPECT_EQ(0U, failed.size()); 259 EXPECT_EQ(0U, failed.size());
260 260
261 CertificateList cert_list = ListCertsInSlot(slot_.get()); 261 CertificateList cert_list = ListCertsInSlot(slot_.get());
262 ASSERT_EQ(1U, cert_list.size()); 262 ASSERT_EQ(1U, cert_list.size());
263 scoped_refptr<X509Certificate> cert(cert_list[0]); 263 scoped_refptr<X509Certificate> cert(cert_list[0]);
264 EXPECT_EQ("Test CA", cert->subject().common_name); 264 EXPECT_EQ("Test Root CA", cert->subject().common_name);
265 265
266 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, 266 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN,
267 cert_db_.GetCertTrust(cert.get(), CA_CERT)); 267 cert_db_.GetCertTrust(cert.get(), CA_CERT));
268 268
269 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); 269 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust);
270 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); 270 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE));
271 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); 271 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE));
272 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); 272 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE));
273 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); 273 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE));
274 } 274 }
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after
395 EXPECT_EQ(0U, failed.size()); 395 EXPECT_EQ(0U, failed.size());
396 396
397 CertificateList cert_list = ListCertsInSlot(slot_.get()); 397 CertificateList cert_list = ListCertsInSlot(slot_.get());
398 ASSERT_EQ(3U, cert_list.size()); 398 ASSERT_EQ(3U, cert_list.size());
399 EXPECT_EQ("DOD CA-13", cert_list[0]->subject().common_name); 399 EXPECT_EQ("DOD CA-13", cert_list[0]->subject().common_name);
400 EXPECT_EQ("DoD Root CA 2", cert_list[1]->subject().common_name); 400 EXPECT_EQ("DoD Root CA 2", cert_list[1]->subject().common_name);
401 EXPECT_EQ("DOD CA-17", cert_list[2]->subject().common_name); 401 EXPECT_EQ("DOD CA-17", cert_list[2]->subject().common_name);
402 } 402 }
403 403
404 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) { 404 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) {
405 std::string cert_data = ReadTestFile("root_ca_cert.crt"); 405 std::string cert_data = ReadTestFile("root_ca_cert.pem");
406 CertificateList certs = 406 CertificateList certs =
407 X509Certificate::CreateCertificateListFromBytes( 407 X509Certificate::CreateCertificateListFromBytes(
408 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); 408 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
409 ASSERT_EQ(1U, certs.size()); 409 ASSERT_EQ(1U, certs.size());
410 ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs)); 410 ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs));
411 ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs)); 411 ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs));
412 412
413 // Import it. 413 // Import it.
414 CertDatabase::ImportCertFailureList failed; 414 CertDatabase::ImportCertFailureList failed;
415 EXPECT_EQ(true, cert_db_.ImportCACerts( 415 EXPECT_EQ(true, cert_db_.ImportCACerts(
416 certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL | 416 certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL |
417 CertDatabase::TRUSTED_OBJ_SIGN, &failed)); 417 CertDatabase::TRUSTED_OBJ_SIGN, &failed));
418 418
419 ASSERT_EQ(2U, failed.size()); 419 ASSERT_EQ(2U, failed.size());
420 // TODO(mattm): should check for net error equivalent of 420 // TODO(mattm): should check for net error equivalent of
421 // SEC_ERROR_UNKNOWN_ISSUER 421 // SEC_ERROR_UNKNOWN_ISSUER
422 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); 422 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name);
423 EXPECT_EQ(ERR_FAILED, failed[0].net_error); 423 EXPECT_EQ(ERR_FAILED, failed[0].net_error);
424 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); 424 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name);
425 EXPECT_EQ(ERR_FAILED, failed[1].net_error); 425 EXPECT_EQ(ERR_FAILED, failed[1].net_error);
426 426
427 CertificateList cert_list = ListCertsInSlot(slot_.get()); 427 CertificateList cert_list = ListCertsInSlot(slot_.get());
428 ASSERT_EQ(1U, cert_list.size()); 428 ASSERT_EQ(1U, cert_list.size());
429 EXPECT_EQ("Test CA", cert_list[0]->subject().common_name); 429 EXPECT_EQ("Test Root CA", cert_list[0]->subject().common_name);
430 } 430 }
431 431
432 TEST_F(CertDatabaseNSSTest, ImportServerCert) { 432 TEST_F(CertDatabaseNSSTest, ImportServerCert) {
433 // Need to import intermediate cert for the verify of google cert, otherwise 433 // Need to import intermediate cert for the verify of google cert, otherwise
434 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which 434 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which
435 // will cause OCSPCreateSession on the main thread, which is not allowed. 435 // will cause OCSPCreateSession on the main thread, which is not allowed.
436 std::string cert_data = ReadTestFile("google.chain.pem"); 436 std::string cert_data = ReadTestFile("google.chain.pem");
437 CertificateList certs = 437 CertificateList certs =
438 X509Certificate::CreateCertificateListFromBytes( 438 X509Certificate::CreateCertificateListFromBytes(
439 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); 439 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO);
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
493 puny_cert.get(), CA_CERT, 493 puny_cert.get(), CA_CERT,
494 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); 494 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL));
495 495
496 verify_result.Reset(); 496 verify_result.Reset();
497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); 497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result);
498 EXPECT_EQ(OK, error); 498 EXPECT_EQ(OK, error);
499 EXPECT_EQ(0, verify_result.cert_status); 499 EXPECT_EQ(0, verify_result.cert_status);
500 } 500 }
501 501
502 } // namespace net 502 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/base/test_root_certs_unittest.cc » ('j') | net/base/test_root_certs_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698