| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <cert.h> | 5 #include <cert.h> |
| 6 #include <pk11pub.h> | 6 #include <pk11pub.h> |
| 7 | 7 |
| 8 #include <algorithm> | 8 #include <algorithm> |
| 9 | 9 |
| 10 #include "base/file_path.h" | 10 #include "base/file_path.h" |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 178 cert->subject().common_name); | 178 cert->subject().common_name); |
| 179 | 179 |
| 180 // TODO(mattm): move export test to seperate test case? | 180 // TODO(mattm): move export test to seperate test case? |
| 181 std::string exported_data; | 181 std::string exported_data; |
| 182 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 182 EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 183 &exported_data)); | 183 &exported_data)); |
| 184 ASSERT_LT(0U, exported_data.size()); | 184 ASSERT_LT(0U, exported_data.size()); |
| 185 // TODO(mattm): further verification of exported data? | 185 // TODO(mattm): further verification of exported data? |
| 186 } | 186 } |
| 187 | 187 |
| 188 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) { |
| 189 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 190 |
| 191 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 192 pkcs12_data, |
| 193 ASCIIToUTF16("12345"), |
| 194 true)); // is_extractable |
| 195 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 196 |
| 197 // NSS has a SEC_ERROR_PKCS12_DUPLICATE_DATA error, but it doesn't look like |
| 198 // it's ever used. This test verifies that. |
| 199 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 200 pkcs12_data, |
| 201 ASCIIToUTF16("12345"), |
| 202 true)); // is_extractable |
| 203 EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 204 } |
| 205 |
| 188 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) { | 206 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) { |
| 189 std::string pkcs12_data = ReadTestFile("client.p12"); | 207 std::string pkcs12_data = ReadTestFile("client.p12"); |
| 190 | 208 |
| 191 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, | 209 EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(slot_, |
| 192 pkcs12_data, | 210 pkcs12_data, |
| 193 ASCIIToUTF16("12345"), | 211 ASCIIToUTF16("12345"), |
| 194 false)); // is_extractable | 212 false)); // is_extractable |
| 195 | 213 |
| 196 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); | 214 CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle()); |
| 197 ASSERT_EQ(1U, cert_list.size()); | 215 ASSERT_EQ(1U, cert_list.size()); |
| 198 scoped_refptr<X509Certificate> cert(cert_list[0]); | 216 scoped_refptr<X509Certificate> cert(cert_list[0]); |
| 199 | 217 |
| 200 EXPECT_EQ("testusercert", | 218 EXPECT_EQ("testusercert", |
| 201 cert->subject().common_name); | 219 cert->subject().common_name); |
| 202 | 220 |
| 203 std::string exported_data; | 221 std::string exported_data; |
| 204 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), | 222 EXPECT_EQ(0, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"), |
| 205 &exported_data)); | 223 &exported_data)); |
| 206 } | 224 } |
| 207 | 225 |
| 226 TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) { |
| 227 std::string pkcs12_data = "Foobarbaz"; |
| 228 |
| 229 EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE, |
| 230 cert_db_.ImportFromPKCS12(slot_, |
| 231 pkcs12_data, |
| 232 ASCIIToUTF16(""), |
| 233 true)); // is_extractable |
| 234 |
| 235 // Test db should still be empty. |
| 236 EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); |
| 237 } |
| 238 |
| 208 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { | 239 TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { |
| 209 std::string cert_data = ReadTestFile("root_ca_cert.crt"); | 240 std::string cert_data = ReadTestFile("root_ca_cert.crt"); |
| 210 | 241 |
| 211 CertificateList certs = | 242 CertificateList certs = |
| 212 X509Certificate::CreateCertificateListFromBytes( | 243 X509Certificate::CreateCertificateListFromBytes( |
| 213 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); | 244 cert_data.data(), cert_data.size(), X509Certificate::FORMAT_AUTO); |
| 214 ASSERT_EQ(1U, certs.size()); | 245 ASSERT_EQ(1U, certs.size()); |
| 215 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); | 246 EXPECT_FALSE(certs[0]->os_cert_handle()->isperm); |
| 216 | 247 |
| 217 // Import it. | 248 // Import it. |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 518 puny_cert.get(), CA_CERT, | 549 puny_cert.get(), CA_CERT, |
| 519 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); | 550 CertDatabase::TRUSTED_SSL | CertDatabase::TRUSTED_EMAIL)); |
| 520 | 551 |
| 521 verify_result.Reset(); | 552 verify_result.Reset(); |
| 522 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); | 553 error = puny_cert->Verify("xn--wgv71a119e.com", flags, &verify_result); |
| 523 EXPECT_EQ(OK, error); | 554 EXPECT_EQ(OK, error); |
| 524 EXPECT_EQ(0, verify_result.cert_status); | 555 EXPECT_EQ(0, verify_result.cert_status); |
| 525 } | 556 } |
| 526 | 557 |
| 527 } // namespace net | 558 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7338011:
Linux Cert manager: improve PKCS #12 import error messages. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src