OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" | 5 #include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h" |
6 | 6 |
7 #include "crypto/nss_util_internal.h" | 7 #include "crypto/nss_util_internal.h" |
8 #include "crypto/scoped_test_nss_chromeos_user.h" | 8 #include "crypto/scoped_test_nss_chromeos_user.h" |
9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
10 #include "net/base/test_data_directory.h" | 10 #include "net/base/test_data_directory.h" |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
53 | 53 |
54 certs_2_ = | 54 certs_2_ = |
55 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), | 55 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
56 "multi-root-chain2.pem", | 56 "multi-root-chain2.pem", |
57 net::X509Certificate::FORMAT_AUTO); | 57 net::X509Certificate::FORMAT_AUTO); |
58 ASSERT_EQ(4U, certs_2_.size()); | 58 ASSERT_EQ(4U, certs_2_.size()); |
59 | 59 |
60 // The chains: | 60 // The chains: |
61 // 1. A (end-entity) -> B -> C -> D (self-signed root) | 61 // 1. A (end-entity) -> B -> C -> D (self-signed root) |
62 // 2. A (end-entity) -> B -> C2 -> E (self-signed root) | 62 // 2. A (end-entity) -> B -> C2 -> E (self-signed root) |
63 ASSERT_TRUE(certs_1_[0]->Equals(certs_2_[0])); | 63 ASSERT_TRUE(certs_1_[0]->Equals(certs_2_[0].get())); |
64 ASSERT_TRUE(certs_1_[1]->Equals(certs_2_[1])); | 64 ASSERT_TRUE(certs_1_[1]->Equals(certs_2_[1].get())); |
65 ASSERT_FALSE(certs_1_[2]->Equals(certs_2_[2])); | 65 ASSERT_FALSE(certs_1_[2]->Equals(certs_2_[2].get())); |
66 ASSERT_EQ("C CA", certs_1_[2]->subject().common_name); | 66 ASSERT_EQ("C CA", certs_1_[2]->subject().common_name); |
67 ASSERT_EQ("C CA", certs_2_[2]->subject().common_name); | 67 ASSERT_EQ("C CA", certs_2_[2]->subject().common_name); |
68 | 68 |
69 root_1_.push_back(certs_1_.back()); | 69 root_1_.push_back(certs_1_.back()); |
70 root_2_.push_back(certs_2_.back()); | 70 root_2_.push_back(certs_2_.back()); |
71 | 71 |
72 ASSERT_EQ("D Root CA", root_1_[0]->subject().common_name); | 72 ASSERT_EQ("D Root CA", root_1_[0]->subject().common_name); |
73 ASSERT_EQ("E Root CA", root_2_[0]->subject().common_name); | 73 ASSERT_EQ("E Root CA", root_2_[0]->subject().common_name); |
74 } | 74 } |
75 | 75 |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, | 160 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, |
161 Verify(verify_proc_default_.get(), server.get(), &verify_root)); | 161 Verify(verify_proc_default_.get(), server.get(), &verify_root)); |
162 // User 1 should still verify successfully through the D root. | 162 // User 1 should still verify successfully through the D root. |
163 EXPECT_EQ(net::OK, Verify(verify_proc_1_.get(), server.get(), &verify_root)); | 163 EXPECT_EQ(net::OK, Verify(verify_proc_1_.get(), server.get(), &verify_root)); |
164 EXPECT_EQ("CN=D Root CA", verify_root); | 164 EXPECT_EQ("CN=D Root CA", verify_root); |
165 // User 2 should now verify successfully through the E root. | 165 // User 2 should now verify successfully through the E root. |
166 EXPECT_EQ(net::OK, Verify(verify_proc_2_.get(), server.get(), &verify_root)); | 166 EXPECT_EQ(net::OK, Verify(verify_proc_2_.get(), server.get(), &verify_root)); |
167 EXPECT_EQ("CN=E Root CA", verify_root); | 167 EXPECT_EQ("CN=E Root CA", verify_root); |
168 | 168 |
169 // Delete D root. | 169 // Delete D root. |
170 EXPECT_TRUE(db_1_->DeleteCertAndKey(root_1_[0])); | 170 EXPECT_TRUE(db_1_->DeleteCertAndKey(root_1_[0].get())); |
171 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, | 171 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, |
172 Verify(verify_proc_default_.get(), server.get(), &verify_root)); | 172 Verify(verify_proc_default_.get(), server.get(), &verify_root)); |
173 // User 1 should now fail to verify. | 173 // User 1 should now fail to verify. |
174 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, | 174 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, |
175 Verify(verify_proc_1_.get(), server.get(), &verify_root)); | 175 Verify(verify_proc_1_.get(), server.get(), &verify_root)); |
176 // User 2 should still verify successfully through the E root. | 176 // User 2 should still verify successfully through the E root. |
177 EXPECT_EQ(net::OK, Verify(verify_proc_2_.get(), server.get(), &verify_root)); | 177 EXPECT_EQ(net::OK, Verify(verify_proc_2_.get(), server.get(), &verify_root)); |
178 EXPECT_EQ("CN=E Root CA", verify_root); | 178 EXPECT_EQ("CN=E Root CA", verify_root); |
179 | 179 |
180 // Delete E root. | 180 // Delete E root. |
181 EXPECT_TRUE(db_2_->DeleteCertAndKey(root_2_[0])); | 181 EXPECT_TRUE(db_2_->DeleteCertAndKey(root_2_[0].get())); |
182 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, | 182 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, |
183 Verify(verify_proc_default_.get(), server.get(), &verify_root)); | 183 Verify(verify_proc_default_.get(), server.get(), &verify_root)); |
184 // User 1 should still fail to verify. | 184 // User 1 should still fail to verify. |
185 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, | 185 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, |
186 Verify(verify_proc_1_.get(), server.get(), &verify_root)); | 186 Verify(verify_proc_1_.get(), server.get(), &verify_root)); |
187 // User 2 should now fail to verify. | 187 // User 2 should now fail to verify. |
188 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, | 188 EXPECT_EQ(net::ERR_CERT_AUTHORITY_INVALID, |
189 Verify(verify_proc_2_.get(), server.get(), &verify_root)); | 189 Verify(verify_proc_2_.get(), server.get(), &verify_root)); |
190 } | 190 } |
191 | 191 |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
373 | 373 |
374 INSTANTIATE_TEST_CASE_P( | 374 INSTANTIATE_TEST_CASE_P( |
375 Variations, | 375 Variations, |
376 CertVerifyProcChromeOSOrderingTest, | 376 CertVerifyProcChromeOSOrderingTest, |
377 ::testing::Combine( | 377 ::testing::Combine( |
378 ::testing::Bool(), | 378 ::testing::Bool(), |
379 ::testing::Range(0, 1 << 2), | 379 ::testing::Range(0, 1 << 2), |
380 ::testing::Values("d12", "d21", "1d2", "12d", "2d1", "21d"))); | 380 ::testing::Values("d12", "d21", "1d2", "12d", "2d1", "21d"))); |
381 | 381 |
382 } // namespace chromeos | 382 } // namespace chromeos |
OLD | NEW |