OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <cert.h> | 5 #include <cert.h> |
6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
7 | 7 |
8 #include <algorithm> | 8 #include <algorithm> |
9 | 9 |
10 #include "base/crypto/scoped_nss_types.h" | 10 #include "base/crypto/scoped_nss_types.h" |
(...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
173 | 173 |
174 // TODO(mattm): move export test to seperate test case? | 174 // TODO(mattm): move export test to seperate test case? |
175 std::string exported_data; | 175 std::string exported_data; |
176 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 176 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
177 &exported_data)); | 177 &exported_data)); |
178 ASSERT_LT(0U, exported_data.size()); | 178 ASSERT_LT(0U, exported_data.size()); |
179 // TODO(mattm): further verification of exported data? | 179 // TODO(mattm): further verification of exported data? |
180 } | 180 } |
181 | 181 |
182 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { | 182 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { |
183 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 183 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
184 | 184 |
185 CertificateList certs = | 185 CertificateList certs = |
186 X509Certificate::CreateCertificateListFromBytes( | 186 X509Certificate::CreateCertificateListFromBytes( |
187 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 187 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
188 ASSERT_EQ(1U, certs.size()); | 188 ASSERT_EQ(1U, certs.size()); |
189 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); | 189 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); |
190 | 190 |
191 // Import it. | 191 // Import it. |
192 CertDatabase::ImportCertFailureList failed; | 192 CertDatabase::ImportCertFailureList failed; |
193 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, | 193 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_SSL, |
194 &failed)); | 194 &failed)); |
195 | 195 |
196 EXPECT_EQ(0U, failed.size()); | 196 EXPECT_EQ(0U, failed.size()); |
197 | 197 |
198 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 198 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
199 ASSERT_EQ(1U, cert_list.size()); | 199 ASSERT_EQ(1U, cert_list.size()); |
200 scoped_refptr<X509Certificate> cert(cert_list[0]); | 200 scoped_refptr<X509Certificate> cert(cert_list[0]); |
201 EXPECT_EQ("Test CA", cert->subject().common_name); | 201 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
202 | 202 |
203 EXPECT_EQ(CertDatabase::TRUSTED_SSL, | 203 EXPECT_EQ(CertDatabase::TRUSTED_SSL, |
204 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 204 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
205 | 205 |
206 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 206 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
207 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 207 EXPECT_TRUE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 208 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
209 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 209 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
210 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 210 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
211 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 211 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
212 } | 212 } |
213 | 213 |
214 TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) { | 214 TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) { |
215 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 215 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
216 | 216 |
217 CertificateList certs = | 217 CertificateList certs = |
218 X509Certificate::CreateCertificateListFromBytes( | 218 X509Certificate::CreateCertificateListFromBytes( |
219 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 219 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
220 ASSERT_EQ(1U, certs.size()); | 220 ASSERT_EQ(1U, certs.size()); |
221 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); | 221 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); |
222 | 222 |
223 // Import it. | 223 // Import it. |
224 CertDatabase::ImportCertFailureList failed; | 224 CertDatabase::ImportCertFailureList failed; |
225 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, | 225 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_EMAIL, |
226 &failed)); | 226 &failed)); |
227 | 227 |
228 EXPECT_EQ(0U, failed.size()); | 228 EXPECT_EQ(0U, failed.size()); |
229 | 229 |
230 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 230 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
231 ASSERT_EQ(1U, cert_list.size()); | 231 ASSERT_EQ(1U, cert_list.size()); |
232 scoped_refptr<X509Certificate> cert(cert_list[0]); | 232 scoped_refptr<X509Certificate> cert(cert_list[0]); |
233 EXPECT_EQ("Test CA", cert->subject().common_name); | 233 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
234 | 234 |
235 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, | 235 EXPECT_EQ(CertDatabase::TRUSTED_EMAIL, |
236 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 236 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
237 | 237 |
238 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 238 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
239 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 239 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
240 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 240 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
241 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 241 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
242 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 242 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
243 } | 243 } |
244 | 244 |
245 TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) { | 245 TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) { |
246 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 246 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
247 | 247 |
248 CertificateList certs = | 248 CertificateList certs = |
249 X509Certificate::CreateCertificateListFromBytes( | 249 X509Certificate::CreateCertificateListFromBytes( |
250 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 250 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
251 ASSERT_EQ(1U, certs.size()); | 251 ASSERT_EQ(1U, certs.size()); |
252 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); | 252 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); |
253 | 253 |
254 // Import it. | 254 // Import it. |
255 CertDatabase::ImportCertFailureList failed; | 255 CertDatabase::ImportCertFailureList failed; |
256 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, | 256 EXPECT_EQ(true, cert_db_.ImportCACerts(certs, CertDatabase::TRUSTED_OBJ_SIGN, |
257 &failed)); | 257 &failed)); |
258 | 258 |
259 EXPECT_EQ(0U, failed.size()); | 259 EXPECT_EQ(0U, failed.size()); |
260 | 260 |
261 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 261 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
262 ASSERT_EQ(1U, cert_list.size()); | 262 ASSERT_EQ(1U, cert_list.size()); |
263 scoped_refptr<X509Certificate> cert(cert_list[0]); | 263 scoped_refptr<X509Certificate> cert(cert_list[0]); |
264 EXPECT_EQ("Test CA", cert->subject().common_name); | 264 EXPECT_EQ("Test Root CA", cert->subject().common_name); |
265 | 265 |
266 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, | 266 EXPECT_EQ(CertDatabase::TRUSTED_OBJ_SIGN, |
267 cert_db_.GetCertTrust(cert.get(), CA_CERT)); | 267 cert_db_.GetCertTrust(cert.get(), CA_CERT)); |
268 | 268 |
269 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); | 269 psm::nsNSSCertTrust trust(cert->os_cert_handle()->trust); |
270 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); | 270 EXPECT_FALSE(trust.HasTrustedCA(PR_TRUE, PR_FALSE, PR_FALSE)); |
271 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); | 271 EXPECT_FALSE(trust.HasTrustedCA(PR_FALSE, PR_TRUE, PR_FALSE)); |
272 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); | 272 EXPECT_TRUE(trust.HasTrustedCA(PR_FALSE, PR_FALSE, PR_TRUE)); |
273 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); | 273 EXPECT_TRUE(trust.HasCA(PR_TRUE, PR_TRUE, PR_TRUE)); |
274 } | 274 } |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
395 EXPECT_EQ(0U, failed.size()); | 395 EXPECT_EQ(0U, failed.size()); |
396 | 396 |
397 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 397 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
398 ASSERT_EQ(3U, cert_list.size()); | 398 ASSERT_EQ(3U, cert_list.size()); |
399 EXPECT_EQ("DOD CA-13", cert_list[0]->subject().common_name); | 399 EXPECT_EQ("DOD CA-13", cert_list[0]->subject().common_name); |
400 EXPECT_EQ("DoD Root CA 2", cert_list[1]->subject().common_name); | 400 EXPECT_EQ("DoD Root CA 2", cert_list[1]->subject().common_name); |
401 EXPECT_EQ("DOD CA-17", cert_list[2]->subject().common_name); | 401 EXPECT_EQ("DOD CA-17", cert_list[2]->subject().common_name); |
402 } | 402 } |
403 | 403 |
404 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) { | 404 TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) { |
405 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 405 std::string cert_data = ReadTestFile("root_ca_cert.pem"); |
406 CertificateList certs = | 406 CertificateList certs = |
407 X509Certificate::CreateCertificateListFromBytes( | 407 X509Certificate::CreateCertificateListFromBytes( |
408 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 408 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
409 ASSERT_EQ(1U, certs.size()); | 409 ASSERT_EQ(1U, certs.size()); |
410 ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs)); | 410 ASSERT_TRUE(ReadCertIntoList("dod_ca_13_cert.der", &certs)); |
411 ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs)); | 411 ASSERT_TRUE(ReadCertIntoList("dod_ca_17_cert.der", &certs)); |
412 | 412 |
413 // Import it. | 413 // Import it. |
414 CertDatabase::ImportCertFailureList failed; | 414 CertDatabase::ImportCertFailureList failed; |
415 EXPECT_EQ(true, cert_db_.ImportCACerts( | 415 EXPECT_EQ(true, cert_db_.ImportCACerts( |
416 certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL | | 416 certs, CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL | |
417 CertDatabase::TRUSTED_OBJ_SIGN, &failed)); | 417 CertDatabase::TRUSTED_OBJ_SIGN, &failed)); |
418 | 418 |
419 ASSERT_EQ(2U, failed.size()); | 419 ASSERT_EQ(2U, failed.size()); |
420 // TODO(mattm): should check for net error equivalent of | 420 // TODO(mattm): should check for net error equivalent of |
421 // SEC_ERROR_UNKNOWN_ISSUER | 421 // SEC_ERROR_UNKNOWN_ISSUER |
422 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); | 422 EXPECT_EQ("DOD CA-13", failed[0].certificate->subject().common_name); |
423 EXPECT_EQ(ERR_FAILED, failed[0].net_error); | 423 EXPECT_EQ(ERR_FAILED, failed[0].net_error); |
424 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); | 424 EXPECT_EQ("DOD CA-17", failed[1].certificate->subject().common_name); |
425 EXPECT_EQ(ERR_FAILED, failed[1].net_error); | 425 EXPECT_EQ(ERR_FAILED, failed[1].net_error); |
426 | 426 |
427 CertificateList cert_list = ListCertsInSlot(slot_.get()); | 427 CertificateList cert_list = ListCertsInSlot(slot_.get()); |
428 ASSERT_EQ(1U, cert_list.size()); | 428 ASSERT_EQ(1U, cert_list.size()); |
429 EXPECT_EQ("Test CA", cert_list[0]->subject().common_name); | 429 EXPECT_EQ("Test Root CA", cert_list[0]->subject().common_name); |
430 } | 430 } |
431 | 431 |
432 TEST_F(CertDatabaseNSSTest, ImportServerCert) { | 432 TEST_F(CertDatabaseNSSTest, ImportServerCert) { |
433 // Need to import intermediate cert for the verify of google cert, otherwise | 433 // Need to import intermediate cert for the verify of google cert, otherwise |
434 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which | 434 // it will try to fetch it automatically with cert_pi_useAIACertFetch, which |
435 // will cause OCSPCreateSession on the main thread, which is not allowed. | 435 // will cause OCSPCreateSession on the main thread, which is not allowed. |
436 std::string cert_data = ReadTestFile("google.chain.pem"); | 436 std::string cert_data = ReadTestFile("google.chain.pem"); |
437 CertificateList certs = | 437 CertificateList certs = |
438 X509Certificate::CreateCertificateListFromBytes( | 438 X509Certificate::CreateCertificateListFromBytes( |
439 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 439 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
493 puny_cert.get(), CA_CERT, | 493 puny_cert.get(), CA_CERT, |
494 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 494 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
495 | 495 |
496 verify_result.Reset(); | 496 verify_result.Reset(); |
497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); | 497 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); |
498 EXPECT_EQ(OK, error); | 498 EXPECT_EQ(OK, error); |
499 EXPECT_EQ(0, verify_result.cert_status); | 499 EXPECT_EQ(0, verify_result.cert_status); |
500 } | 500 } |
501 | 501 |
502 } // namespace net | 502 } // namespace net |
OLD | NEW |