| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" | 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| 11 #include <string> | 11 #include <string> |
| 12 | 12 |
| 13 #include "base/bind.h" | 13 #include "base/bind.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
| 16 #include "base/test/test_simple_task_runner.h" | |
| 17 #include "base/thread_task_runner_handle.h" | |
| 18 #include "base/values.h" | 16 #include "base/values.h" |
| 19 #include "chromeos/network/onc/onc_test_utils.h" | 17 #include "chromeos/network/onc/onc_test_utils.h" |
| 20 #include "components/onc/onc_constants.h" | 18 #include "components/onc/onc_constants.h" |
| 21 #include "crypto/scoped_test_nss_db.h" | 19 #include "crypto/nss_util_internal.h" |
| 20 #include "crypto/scoped_test_nss_chromeos_user.h" |
| 22 #include "net/base/crypto_module.h" | 21 #include "net/base/crypto_module.h" |
| 23 #include "net/cert/cert_type.h" | 22 #include "net/cert/cert_type.h" |
| 24 #include "net/cert/nss_cert_database_chromeos.h" | 23 #include "net/cert/nss_cert_database_chromeos.h" |
| 25 #include "net/cert/x509_certificate.h" | 24 #include "net/cert/x509_certificate.h" |
| 26 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 27 | 26 |
| 28 namespace chromeos { | 27 namespace chromeos { |
| 29 namespace onc { | 28 namespace onc { |
| 30 | 29 |
| 31 namespace { | 30 namespace { |
| (...skipping 25 matching lines...) Expand all Loading... |
| 57 net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) { | 56 net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) { |
| 58 NOTIMPLEMENTED(); | 57 NOTIMPLEMENTED(); |
| 59 return net::OTHER_CERT; | 58 return net::OTHER_CERT; |
| 60 } | 59 } |
| 61 #endif // USE_NSS | 60 #endif // USE_NSS |
| 62 | 61 |
| 63 } // namespace | 62 } // namespace |
| 64 | 63 |
| 65 class ONCCertificateImporterImplTest : public testing::Test { | 64 class ONCCertificateImporterImplTest : public testing::Test { |
| 66 public: | 65 public: |
| 67 ONCCertificateImporterImplTest() {} | 66 ONCCertificateImporterImplTest() : user_("username_hash"), |
| 68 virtual ~ONCCertificateImporterImplTest() {} | 67 private_user_("private_user_hash") {} |
| 69 | 68 |
| 70 virtual void SetUp() OVERRIDE { | 69 virtual void SetUp() { |
| 71 ASSERT_TRUE(public_nssdb_.is_open()); | 70 ASSERT_TRUE(user_.constructed_successfully()); |
| 72 ASSERT_TRUE(private_nssdb_.is_open()); | 71 ASSERT_TRUE(private_user_.constructed_successfully()); |
| 73 | 72 |
| 74 task_runner_ = new base::TestSimpleTaskRunner(); | 73 // By default test user will have the same public and private slot. |
| 75 thread_task_runner_handle_.reset( | 74 // Unfortunatelly, ONC importer should care about which slot certificates |
| 76 new base::ThreadTaskRunnerHandle(task_runner_)); | 75 // get imported to. To work around this, we create another NSS user whose |
| 77 | 76 // public slot will act as the private slot. |
| 77 // TODO(tbarzic): See if there's a better way to achieve this. |
| 78 test_nssdb_.reset(new net::NSSCertDatabaseChromeOS( | 78 test_nssdb_.reset(new net::NSSCertDatabaseChromeOS( |
| 79 crypto::ScopedPK11Slot(public_nssdb_.slot()), | 79 crypto::GetPublicSlotForChromeOSUser(user_.username_hash()), |
| 80 crypto::ScopedPK11Slot(private_nssdb_.slot()))); | 80 crypto::GetPublicSlotForChromeOSUser(private_user_.username_hash()))); |
| 81 | 81 |
| 82 // Test db should be empty at start of test. | 82 // Test db should be empty at start of test. |
| 83 EXPECT_TRUE(ListCertsInPublicSlot().empty()); | 83 EXPECT_TRUE(ListCertsInPublicSlot().empty()); |
| 84 EXPECT_TRUE(ListCertsInPrivateSlot().empty()); | 84 EXPECT_TRUE(ListCertsInPrivateSlot().empty()); |
| 85 } | 85 } |
| 86 | 86 |
| 87 virtual void TearDown() OVERRIDE { | 87 virtual ~ONCCertificateImporterImplTest() {} |
| 88 thread_task_runner_handle_.reset(); | |
| 89 task_runner_ = NULL; | |
| 90 } | |
| 91 | 88 |
| 92 protected: | 89 protected: |
| 93 void OnImportCompleted(bool expected_success, | |
| 94 bool success, | |
| 95 const net::CertificateList& onc_trusted_certificates) { | |
| 96 EXPECT_EQ(expected_success, success); | |
| 97 web_trust_certificates_ = onc_trusted_certificates; | |
| 98 } | |
| 99 | |
| 100 void AddCertificatesFromFile(std::string filename, bool expected_success) { | 90 void AddCertificatesFromFile(std::string filename, bool expected_success) { |
| 101 scoped_ptr<base::DictionaryValue> onc = | 91 scoped_ptr<base::DictionaryValue> onc = |
| 102 test_utils::ReadTestDictionary(filename); | 92 test_utils::ReadTestDictionary(filename); |
| 103 scoped_ptr<base::Value> certificates_value; | 93 scoped_ptr<base::Value> certificates_value; |
| 104 base::ListValue* certificates = NULL; | 94 base::ListValue* certificates = NULL; |
| 105 onc->RemoveWithoutPathExpansion(::onc::toplevel_config::kCertificates, | 95 onc->RemoveWithoutPathExpansion(::onc::toplevel_config::kCertificates, |
| 106 &certificates_value); | 96 &certificates_value); |
| 107 certificates_value.release()->GetAsList(&certificates); | 97 certificates_value.release()->GetAsList(&certificates); |
| 108 onc_certificates_.reset(certificates); | 98 onc_certificates_.reset(certificates); |
| 109 | 99 |
| 110 web_trust_certificates_.clear(); | 100 web_trust_certificates_.clear(); |
| 111 CertificateImporterImpl importer(task_runner_, test_nssdb_.get()); | 101 imported_server_and_ca_certs_.clear(); |
| 112 importer.ImportCertificates( | 102 CertificateImporterImpl importer(test_nssdb_.get()); |
| 113 *certificates, | 103 EXPECT_EQ( |
| 114 ::onc::ONC_SOURCE_USER_IMPORT, // allow web trust | 104 expected_success, |
| 115 base::Bind(&ONCCertificateImporterImplTest::OnImportCompleted, | 105 importer.ParseAndStoreCertificates(true, // allow web trust |
| 116 base::Unretained(this), | 106 *certificates, |
| 117 expected_success)); | 107 &web_trust_certificates_, |
| 118 | 108 &imported_server_and_ca_certs_)); |
| 119 task_runner_->RunUntilIdle(); | |
| 120 | 109 |
| 121 public_list_ = ListCertsInPublicSlot(); | 110 public_list_ = ListCertsInPublicSlot(); |
| 122 private_list_ = ListCertsInPrivateSlot(); | 111 private_list_ = ListCertsInPrivateSlot(); |
| 123 } | 112 } |
| 124 | 113 |
| 125 void AddCertificateFromFile(std::string filename, | 114 void AddCertificateFromFile(std::string filename, |
| 126 net::CertType expected_type, | 115 net::CertType expected_type, |
| 127 std::string* guid) { | 116 std::string* guid) { |
| 128 std::string guid_temporary; | 117 std::string guid_temporary; |
| 129 if (!guid) | 118 if (!guid) |
| 130 guid = &guid_temporary; | 119 guid = &guid_temporary; |
| 131 | 120 |
| 132 AddCertificatesFromFile(filename, true); | 121 AddCertificatesFromFile(filename, true); |
| 133 | 122 ASSERT_EQ(1ul, public_list_.size() + private_list_.size()); |
| 134 if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) { | 123 if (!public_list_.empty()) |
| 135 ASSERT_EQ(1u, public_list_.size()); | |
| 136 EXPECT_EQ(expected_type, GetCertType(public_list_[0]->os_cert_handle())); | 124 EXPECT_EQ(expected_type, GetCertType(public_list_[0]->os_cert_handle())); |
| 137 EXPECT_TRUE(private_list_.empty()); | 125 if (!private_list_.empty()) |
| 138 } else { // net::USER_CERT | |
| 139 EXPECT_TRUE(public_list_.empty()); | |
| 140 ASSERT_EQ(1u, private_list_.size()); | |
| 141 EXPECT_EQ(expected_type, GetCertType(private_list_[0]->os_cert_handle())); | 126 EXPECT_EQ(expected_type, GetCertType(private_list_[0]->os_cert_handle())); |
| 142 } | |
| 143 | 127 |
| 144 base::DictionaryValue* certificate = NULL; | 128 base::DictionaryValue* certificate = NULL; |
| 145 onc_certificates_->GetDictionary(0, &certificate); | 129 onc_certificates_->GetDictionary(0, &certificate); |
| 146 certificate->GetStringWithoutPathExpansion(::onc::certificate::kGUID, guid); | 130 certificate->GetStringWithoutPathExpansion(::onc::certificate::kGUID, guid); |
| 131 |
| 132 if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) { |
| 133 EXPECT_EQ(1u, imported_server_and_ca_certs_.size()); |
| 134 EXPECT_TRUE( |
| 135 imported_server_and_ca_certs_[*guid]->Equals(public_list_[0].get())); |
| 136 } else { // net::USER_CERT |
| 137 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); |
| 138 } |
| 147 } | 139 } |
| 148 | 140 |
| 149 // Certificates and the NSSCertDatabase depend on these test DBs. Destroy them | |
| 150 // last. | |
| 151 crypto::ScopedTestNSSDB public_nssdb_; | |
| 152 crypto::ScopedTestNSSDB private_nssdb_; | |
| 153 | |
| 154 scoped_refptr<base::TestSimpleTaskRunner> task_runner_; | |
| 155 scoped_ptr<base::ThreadTaskRunnerHandle> thread_task_runner_handle_; | |
| 156 scoped_ptr<net::NSSCertDatabaseChromeOS> test_nssdb_; | 141 scoped_ptr<net::NSSCertDatabaseChromeOS> test_nssdb_; |
| 157 scoped_ptr<base::ListValue> onc_certificates_; | 142 scoped_ptr<base::ListValue> onc_certificates_; |
| 158 // List of certs in the nssdb's public slot. | 143 // List of certs in the nssdb's public slot. |
| 159 net::CertificateList public_list_; | 144 net::CertificateList public_list_; |
| 160 // List of certs in the nssdb's "private" slot. | 145 // List of certs in the nssdb's "private" slot. |
| 161 net::CertificateList private_list_; | 146 net::CertificateList private_list_; |
| 162 net::CertificateList web_trust_certificates_; | 147 net::CertificateList web_trust_certificates_; |
| 148 CertificateImporterImpl::CertsByGUID imported_server_and_ca_certs_; |
| 163 | 149 |
| 164 private: | 150 private: |
| 165 net::CertificateList ListCertsInPublicSlot() { | 151 net::CertificateList ListCertsInPublicSlot() { |
| 166 return ListCertsInSlot(public_nssdb_.slot()); | 152 return ListCertsInSlot(test_nssdb_->GetPublicSlot().get()); |
| 167 } | 153 } |
| 168 | 154 |
| 169 net::CertificateList ListCertsInPrivateSlot() { | 155 net::CertificateList ListCertsInPrivateSlot() { |
| 170 return ListCertsInSlot(private_nssdb_.slot()); | 156 return ListCertsInSlot(test_nssdb_->GetPrivateSlot().get()); |
| 171 } | 157 } |
| 172 | 158 |
| 173 net::CertificateList ListCertsInSlot(PK11SlotInfo* slot) { | 159 net::CertificateList ListCertsInSlot(PK11SlotInfo* slot) { |
| 174 net::CertificateList result; | 160 net::CertificateList result; |
| 175 CERTCertList* cert_list = PK11_ListCertsInSlot(slot); | 161 CERTCertList* cert_list = PK11_ListCertsInSlot(slot); |
| 176 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); | 162 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
| 177 !CERT_LIST_END(node, cert_list); | 163 !CERT_LIST_END(node, cert_list); |
| 178 node = CERT_LIST_NEXT(node)) { | 164 node = CERT_LIST_NEXT(node)) { |
| 179 result.push_back(net::X509Certificate::CreateFromHandle( | 165 result.push_back(net::X509Certificate::CreateFromHandle( |
| 180 node->cert, net::X509Certificate::OSCertHandles())); | 166 node->cert, net::X509Certificate::OSCertHandles())); |
| 181 } | 167 } |
| 182 CERT_DestroyCertList(cert_list); | 168 CERT_DestroyCertList(cert_list); |
| 183 | 169 |
| 184 // Sort the result so that test comparisons can be deterministic. | 170 // Sort the result so that test comparisons can be deterministic. |
| 185 std::sort(result.begin(), result.end(), net::X509Certificate::LessThan()); | 171 std::sort(result.begin(), result.end(), net::X509Certificate::LessThan()); |
| 186 return result; | 172 return result; |
| 187 } | 173 } |
| 174 |
| 175 crypto::ScopedTestNSSChromeOSUser user_; |
| 176 crypto::ScopedTestNSSChromeOSUser private_user_; |
| 188 }; | 177 }; |
| 189 | 178 |
| 190 TEST_F(ONCCertificateImporterImplTest, MultipleCertificates) { | 179 TEST_F(ONCCertificateImporterImplTest, MultipleCertificates) { |
| 191 AddCertificatesFromFile("managed_toplevel2.onc", true); | 180 AddCertificatesFromFile("managed_toplevel2.onc", true); |
| 192 EXPECT_EQ(onc_certificates_->GetSize(), public_list_.size()); | 181 EXPECT_EQ(onc_certificates_->GetSize(), public_list_.size()); |
| 193 EXPECT_TRUE(private_list_.empty()); | 182 EXPECT_TRUE(private_list_.empty()); |
| 194 EXPECT_EQ(2ul, public_list_.size()); | 183 EXPECT_EQ(2ul, imported_server_and_ca_certs_.size()); |
| 195 } | 184 } |
| 196 | 185 |
| 197 TEST_F(ONCCertificateImporterImplTest, MultipleCertificatesWithFailures) { | 186 TEST_F(ONCCertificateImporterImplTest, MultipleCertificatesWithFailures) { |
| 198 AddCertificatesFromFile("toplevel_partially_invalid.onc", false); | 187 AddCertificatesFromFile("toplevel_partially_invalid.onc", false); |
| 199 EXPECT_EQ(3ul, onc_certificates_->GetSize()); | 188 EXPECT_EQ(3ul, onc_certificates_->GetSize()); |
| 200 EXPECT_EQ(1ul, private_list_.size()); | 189 EXPECT_EQ(1ul, private_list_.size()); |
| 201 EXPECT_TRUE(public_list_.empty()); | 190 EXPECT_TRUE(public_list_.empty()); |
| 191 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); |
| 202 } | 192 } |
| 203 | 193 |
| 204 TEST_F(ONCCertificateImporterImplTest, AddClientCertificate) { | 194 TEST_F(ONCCertificateImporterImplTest, AddClientCertificate) { |
| 205 std::string guid; | 195 std::string guid; |
| 206 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid); | 196 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid); |
| 207 EXPECT_TRUE(web_trust_certificates_.empty()); | 197 EXPECT_TRUE(web_trust_certificates_.empty()); |
| 208 EXPECT_EQ(1ul, private_list_.size()); | 198 EXPECT_EQ(1ul, private_list_.size()); |
| 209 EXPECT_TRUE(public_list_.empty()); | 199 EXPECT_TRUE(public_list_.empty()); |
| 210 | 200 |
| 211 SECKEYPrivateKeyList* privkey_list = | 201 SECKEYPrivateKeyList* privkey_list = |
| 212 PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL); | 202 PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL); |
| 213 EXPECT_TRUE(privkey_list); | 203 EXPECT_TRUE(privkey_list); |
| 214 if (privkey_list) { | 204 if (privkey_list) { |
| 215 SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list); | 205 SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list); |
| 216 int count = 0; | 206 int count = 0; |
| 217 while (!PRIVKEY_LIST_END(node, privkey_list)) { | 207 while (!PRIVKEY_LIST_END(node, privkey_list)) { |
| 218 char* name = PK11_GetPrivateKeyNickname(node->key); | 208 char* name = PK11_GetPrivateKeyNickname(node->key); |
| 219 EXPECT_STREQ(guid.c_str(), name); | 209 EXPECT_STREQ(guid.c_str(), name); |
| 220 PORT_Free(name); | 210 PORT_Free(name); |
| 221 count++; | 211 count++; |
| 222 node = PRIVKEY_LIST_NEXT(node); | 212 node = PRIVKEY_LIST_NEXT(node); |
| 223 } | 213 } |
| 224 EXPECT_EQ(1, count); | 214 EXPECT_EQ(1, count); |
| 225 SECKEY_DestroyPrivateKeyList(privkey_list); | 215 SECKEY_DestroyPrivateKeyList(privkey_list); |
| 226 } | 216 } |
| 227 | 217 |
| 228 SECKEYPublicKeyList* pubkey_list = | 218 SECKEYPublicKeyList* pubkey_list = |
| 229 PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL); | 219 PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL); |
| 230 EXPECT_TRUE(pubkey_list); | 220 EXPECT_TRUE(pubkey_list); |
| 231 if (pubkey_list) { | 221 if (pubkey_list) { |
| 232 SECKEYPublicKeyListNode* node = PUBKEY_LIST_HEAD(pubkey_list); | 222 SECKEYPublicKeyListNode* node = PUBKEY_LIST_HEAD(pubkey_list); |
| 233 int count = 0; | 223 int count = 0; |
| 234 while (!PUBKEY_LIST_END(node, pubkey_list)) { | 224 while (!PUBKEY_LIST_END(node, pubkey_list)) { |
| 235 count++; | 225 count++; |
| 236 node = PUBKEY_LIST_NEXT(node); | 226 node = PUBKEY_LIST_NEXT(node); |
| 237 } | 227 } |
| 238 EXPECT_EQ(1, count); | 228 EXPECT_EQ(1, count); |
| 239 SECKEY_DestroyPublicKeyList(pubkey_list); | 229 SECKEY_DestroyPublicKeyList(pubkey_list); |
| 240 } | 230 } |
| 241 } | 231 } |
| 242 | 232 |
| 243 TEST_F(ONCCertificateImporterImplTest, AddServerCertificateWithWebTrust) { | 233 TEST_F(ONCCertificateImporterImplTest, AddServerCertificateWithWebTrust) { |
| 244 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, NULL); | 234 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, NULL); |
| 245 | 235 |
| 246 SECKEYPrivateKeyList* privkey_list = | 236 SECKEYPrivateKeyList* privkey_list = |
| 247 PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL); | 237 PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL); |
| 248 EXPECT_FALSE(privkey_list); | 238 EXPECT_FALSE(privkey_list); |
| 249 | 239 |
| 250 SECKEYPublicKeyList* pubkey_list = | 240 SECKEYPublicKeyList* pubkey_list = |
| 251 PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL); | 241 PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL); |
| 252 EXPECT_FALSE(pubkey_list); | 242 EXPECT_FALSE(pubkey_list); |
| 253 | 243 |
| 254 ASSERT_EQ(1u, web_trust_certificates_.size()); | 244 ASSERT_EQ(1u, web_trust_certificates_.size()); |
| 255 ASSERT_EQ(1u, public_list_.size()); | 245 ASSERT_EQ(1u, public_list_.size()); |
| 256 EXPECT_TRUE(private_list_.empty()); | 246 EXPECT_TRUE(private_list_.empty()); |
| 257 EXPECT_TRUE(CERT_CompareCerts(public_list_[0]->os_cert_handle(), | 247 EXPECT_TRUE(CERT_CompareCerts(public_list_[0]->os_cert_handle(), |
| 258 web_trust_certificates_[0]->os_cert_handle())); | 248 web_trust_certificates_[0]->os_cert_handle())); |
| 259 } | 249 } |
| 260 | 250 |
| 261 TEST_F(ONCCertificateImporterImplTest, AddWebAuthorityCertificateWithWebTrust) { | 251 TEST_F(ONCCertificateImporterImplTest, AddWebAuthorityCertificateWithWebTrust) { |
| 262 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, NULL); | 252 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, NULL); |
| 263 | 253 |
| 264 SECKEYPrivateKeyList* privkey_list = | 254 SECKEYPrivateKeyList* privkey_list = |
| 265 PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL); | 255 PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL); |
| 266 EXPECT_FALSE(privkey_list); | 256 EXPECT_FALSE(privkey_list); |
| 267 | 257 |
| 268 SECKEYPublicKeyList* pubkey_list = | 258 SECKEYPublicKeyList* pubkey_list = |
| 269 PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL); | 259 PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL); |
| 270 EXPECT_FALSE(pubkey_list); | 260 EXPECT_FALSE(pubkey_list); |
| 271 | 261 |
| 272 ASSERT_EQ(1u, web_trust_certificates_.size()); | 262 ASSERT_EQ(1u, web_trust_certificates_.size()); |
| 273 ASSERT_EQ(1u, public_list_.size()); | 263 ASSERT_EQ(1u, public_list_.size()); |
| 274 EXPECT_TRUE(private_list_.empty()); | 264 EXPECT_TRUE(private_list_.empty()); |
| 275 EXPECT_TRUE(CERT_CompareCerts(public_list_[0]->os_cert_handle(), | 265 EXPECT_TRUE(CERT_CompareCerts(public_list_[0]->os_cert_handle(), |
| 276 web_trust_certificates_[0]->os_cert_handle())); | 266 web_trust_certificates_[0]->os_cert_handle())); |
| 277 } | 267 } |
| 278 | 268 |
| 279 TEST_F(ONCCertificateImporterImplTest, AddAuthorityCertificateWithoutWebTrust) { | 269 TEST_F(ONCCertificateImporterImplTest, AddAuthorityCertificateWithoutWebTrust) { |
| 280 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, NULL); | 270 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, NULL); |
| 281 EXPECT_TRUE(web_trust_certificates_.empty()); | 271 EXPECT_TRUE(web_trust_certificates_.empty()); |
| 282 | 272 |
| 283 SECKEYPrivateKeyList* privkey_list = | 273 SECKEYPrivateKeyList* privkey_list = |
| 284 PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL); | 274 PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL); |
| 285 EXPECT_FALSE(privkey_list); | 275 EXPECT_FALSE(privkey_list); |
| 286 | 276 |
| 287 SECKEYPublicKeyList* pubkey_list = | 277 SECKEYPublicKeyList* pubkey_list = |
| 288 PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL); | 278 PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL); |
| 289 EXPECT_FALSE(pubkey_list); | 279 EXPECT_FALSE(pubkey_list); |
| 290 } | 280 } |
| 291 | 281 |
| 292 struct CertParam { | 282 struct CertParam { |
| 293 CertParam(net::CertType certificate_type, | 283 CertParam(net::CertType certificate_type, |
| 294 const char* original_filename, | 284 const char* original_filename, |
| 295 const char* update_filename) | 285 const char* update_filename) |
| 296 : cert_type(certificate_type), | 286 : cert_type(certificate_type), |
| 297 original_file(original_filename), | 287 original_file(original_filename), |
| 298 update_file(update_filename) {} | 288 update_file(update_filename) {} |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 "certificate-client-update.onc"), | 331 "certificate-client-update.onc"), |
| 342 CertParam(net::SERVER_CERT, | 332 CertParam(net::SERVER_CERT, |
| 343 "certificate-server.onc", | 333 "certificate-server.onc", |
| 344 "certificate-server-update.onc"), | 334 "certificate-server-update.onc"), |
| 345 CertParam(net::CA_CERT, | 335 CertParam(net::CA_CERT, |
| 346 "certificate-web-authority.onc", | 336 "certificate-web-authority.onc", |
| 347 "certificate-web-authority-update.onc"))); | 337 "certificate-web-authority-update.onc"))); |
| 348 | 338 |
| 349 } // namespace onc | 339 } // namespace onc |
| 350 } // namespace chromeos | 340 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 584923002:
Revert of Make ONCCertificateImporter async. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master