OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "base/file_path.h" | |
6 #include "build/build_config.h" | |
7 #include "net/base/cert_status_flags.h" | |
8 #include "net/base/cert_test_util.h" | |
9 #include "net/base/cert_verify_result.h" | |
10 #include "net/base/net_errors.h" | |
11 #include "net/base/test_root_certs.h" | |
12 #include "net/base/x509_certificate.h" | |
13 #include "testing/gtest/include/gtest/gtest.h" | |
14 | |
15 namespace net { | |
16 | |
17 namespace { | |
18 | |
19 // The local test root certificate. | |
20 const char kRootCertificateFile[] = "root_ca_cert.pem"; | |
21 // A certificate issued by the local test root for 127.0.0.1. | |
22 const char kGoodCertificateFile[] = "ok_cert.pem"; | |
23 | |
24 } // namespace | |
25 | |
26 // Test basic functionality when adding from an existing X509Certificate. | |
27 TEST(TestRootCertsTest, AddFromPointer) { | |
28 scoped_refptr<X509Certificate> root_cert = | |
29 ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile); | |
30 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | |
31 | |
32 TestRootCerts* test_roots = TestRootCerts::GetInstance(); | |
33 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); | |
34 EXPECT_TRUE(test_roots->IsEmpty()); | |
35 | |
36 EXPECT_TRUE(test_roots->Add(root_cert)); | |
37 EXPECT_FALSE(test_roots->IsEmpty()); | |
38 | |
39 test_roots->Clear(); | |
40 EXPECT_TRUE(test_roots->IsEmpty()); | |
41 } | |
42 | |
43 // Test basic functionality when adding directly from a file, which should | |
44 // behave the same as when adding from an existing certificate. | |
45 TEST(TestRootCertsTest, AddFromFile) { | |
46 TestRootCerts* test_roots = TestRootCerts::GetInstance(); | |
47 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); | |
48 EXPECT_TRUE(test_roots->IsEmpty()); | |
49 | |
50 FilePath cert_path = | |
51 GetTestCertsDirectory().AppendASCII(kRootCertificateFile); | |
52 EXPECT_TRUE(test_roots->AddFromFile(cert_path)); | |
53 EXPECT_FALSE(test_roots->IsEmpty()); | |
54 | |
55 test_roots->Clear(); | |
56 EXPECT_TRUE(test_roots->IsEmpty()); | |
57 } | |
58 | |
59 // Test that TestRootCerts actually adds the appropriate trust status flags | |
60 // when requested, and that the trusted status is cleared once the root is | |
61 // removed the TestRootCerts. This test acts as a canary/sanity check for | |
62 // the results of the rest of net_unittests, ensuring that the trust status | |
63 // is properly being set and cleared as appropriate. | |
64 TEST(TestRootCertsTest, OverridesTrust) { | |
wtc
2010/12/08 19:58:22
Nit: OverridesTrust => OverrideTrust
for consisten
| |
65 TestRootCerts* test_roots = TestRootCerts::GetInstance(); | |
66 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); | |
67 EXPECT_TRUE(test_roots->IsEmpty()); | |
68 | |
69 scoped_refptr<X509Certificate> test_cert = | |
70 ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile); | |
71 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | |
72 | |
73 // Test that the good certificate fails verification, because the root | |
74 // certificate should not yet be trusted. | |
75 int flags = 0; | |
76 CertVerifyResult bad_verify_result; | |
77 int bad_status = test_cert->Verify("127.0.0.1", flags, &bad_verify_result); | |
78 EXPECT_NE(OK, bad_status); | |
79 EXPECT_NE(0, bad_verify_result.cert_status & | |
80 CERT_STATUS_AUTHORITY_INVALID); | |
81 | |
82 // Add the root certificate and mark it as trusted. | |
83 EXPECT_TRUE(test_roots->AddFromFile( | |
84 GetTestCertsDirectory().AppendASCII(kRootCertificateFile))); | |
85 EXPECT_FALSE(test_roots->IsEmpty()); | |
86 | |
87 // Test that the certificate verification now succeeds, because the | |
88 // TestRootCerts is successfully imbuing trust. | |
89 CertVerifyResult good_verify_result; | |
90 int good_status = test_cert->Verify("127.0.0.1", flags, &good_verify_result); | |
91 EXPECT_EQ(OK, good_status); | |
92 EXPECT_EQ(0, good_verify_result.cert_status); | |
93 | |
94 test_roots->Clear(); | |
95 EXPECT_TRUE(test_roots->IsEmpty()); | |
96 | |
97 // Ensure that when the TestRootCerts is cleared, the trust settings | |
98 // revert to their original state, and don't linger. If trust status | |
99 // lingers, it will likely break other tests in net_unittests. | |
100 CertVerifyResult restored_verify_result; | |
101 int restored_status = test_cert->Verify("127.0.0.1", flags, | |
102 &restored_verify_result); | |
103 EXPECT_NE(OK, restored_status); | |
104 EXPECT_NE(0, restored_verify_result.cert_status & | |
105 CERT_STATUS_AUTHORITY_INVALID); | |
106 EXPECT_EQ(bad_status, restored_status); | |
107 EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status); | |
108 } | |
109 | |
110 // TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that | |
111 // TestRootCerts properly injects itself into the validation process. See | |
112 // http://crbug.com/63958 | |
113 | |
114 } // namespace net | |
OLD | NEW |