Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(372)

Side by Side Diff: net/base/test_root_certs_unittest.cc

Issue 5535006: Add unittests for net::TestRootCerts and regenerate test certificates (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Address wtc feedback Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/file_path.h"
6 #include "build/build_config.h"
7 #include "net/base/cert_status_flags.h"
8 #include "net/base/cert_test_util.h"
9 #include "net/base/cert_verify_result.h"
10 #include "net/base/net_errors.h"
11 #include "net/base/test_root_certs.h"
12 #include "net/base/x509_certificate.h"
13 #include "testing/gtest/include/gtest/gtest.h"
14
15 namespace net {
16
17 namespace {
18
19 // The local test root certificate.
20 const char kRootCertificateFile[] = "root_ca_cert.pem";
21 // A certificate issued by the local test root for 127.0.0.1.
22 const char kGoodCertificateFile[] = "ok_cert.pem";
23
24 } // namespace
25
26 // Test basic functionality when adding from an existing X509Certificate.
27 TEST(TestRootCertsTest, AddFromPointer) {
28 scoped_refptr<X509Certificate> root_cert =
29 ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile);
30 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert);
31
32 TestRootCerts* test_roots = TestRootCerts::GetInstance();
33 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
34 EXPECT_TRUE(test_roots->IsEmpty());
35
36 EXPECT_TRUE(test_roots->Add(root_cert));
37 EXPECT_FALSE(test_roots->IsEmpty());
38
39 test_roots->Clear();
40 EXPECT_TRUE(test_roots->IsEmpty());
41 }
42
43 // Test basic functionality when adding directly from a file, which should
44 // behave the same as when adding from an existing certificate.
45 TEST(TestRootCertsTest, AddFromFile) {
46 TestRootCerts* test_roots = TestRootCerts::GetInstance();
47 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
48 EXPECT_TRUE(test_roots->IsEmpty());
49
50 FilePath cert_path =
51 GetTestCertsDirectory().AppendASCII(kRootCertificateFile);
52 EXPECT_TRUE(test_roots->AddFromFile(cert_path));
53 EXPECT_FALSE(test_roots->IsEmpty());
54
55 test_roots->Clear();
56 EXPECT_TRUE(test_roots->IsEmpty());
57 }
58
59 // Test that TestRootCerts actually adds the appropriate trust status flags
60 // when requested, and that the trusted status is cleared once the root is
61 // removed the TestRootCerts. This test acts as a canary/sanity check for
62 // the results of the rest of net_unittests, ensuring that the trust status
63 // is properly being set and cleared as appropriate.
64 TEST(TestRootCertsTest, OverridesTrust) {
wtc 2010/12/08 19:58:22 Nit: OverridesTrust => OverrideTrust for consisten
65 TestRootCerts* test_roots = TestRootCerts::GetInstance();
66 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
67 EXPECT_TRUE(test_roots->IsEmpty());
68
69 scoped_refptr<X509Certificate> test_cert =
70 ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile);
71 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert);
72
73 // Test that the good certificate fails verification, because the root
74 // certificate should not yet be trusted.
75 int flags = 0;
76 CertVerifyResult bad_verify_result;
77 int bad_status = test_cert->Verify("127.0.0.1", flags, &bad_verify_result);
78 EXPECT_NE(OK, bad_status);
79 EXPECT_NE(0, bad_verify_result.cert_status &
80 CERT_STATUS_AUTHORITY_INVALID);
81
82 // Add the root certificate and mark it as trusted.
83 EXPECT_TRUE(test_roots->AddFromFile(
84 GetTestCertsDirectory().AppendASCII(kRootCertificateFile)));
85 EXPECT_FALSE(test_roots->IsEmpty());
86
87 // Test that the certificate verification now succeeds, because the
88 // TestRootCerts is successfully imbuing trust.
89 CertVerifyResult good_verify_result;
90 int good_status = test_cert->Verify("127.0.0.1", flags, &good_verify_result);
91 EXPECT_EQ(OK, good_status);
92 EXPECT_EQ(0, good_verify_result.cert_status);
93
94 test_roots->Clear();
95 EXPECT_TRUE(test_roots->IsEmpty());
96
97 // Ensure that when the TestRootCerts is cleared, the trust settings
98 // revert to their original state, and don't linger. If trust status
99 // lingers, it will likely break other tests in net_unittests.
100 CertVerifyResult restored_verify_result;
101 int restored_status = test_cert->Verify("127.0.0.1", flags,
102 &restored_verify_result);
103 EXPECT_NE(OK, restored_status);
104 EXPECT_NE(0, restored_verify_result.cert_status &
105 CERT_STATUS_AUTHORITY_INVALID);
106 EXPECT_EQ(bad_status, restored_status);
107 EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status);
108 }
109
110 // TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that
111 // TestRootCerts properly injects itself into the validation process. See
112 // http://crbug.com/63958
113
114 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698