| Index: net/cert/nss_cert_database_chromeos_unittest.cc
|
| diff --git a/net/cert/nss_cert_database_chromeos_unittest.cc b/net/cert/nss_cert_database_chromeos_unittest.cc
|
| deleted file mode 100644
|
| index cf41185f1b0cf56cbcd3d28d3f5b95945c9a3c50..0000000000000000000000000000000000000000
|
| --- a/net/cert/nss_cert_database_chromeos_unittest.cc
|
| +++ /dev/null
|
| @@ -1,323 +0,0 @@
|
| -// Copyright 2013 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "net/cert/nss_cert_database_chromeos.h"
|
| -
|
| -#include "base/bind.h"
|
| -#include "base/callback.h"
|
| -#include "base/message_loop/message_loop_proxy.h"
|
| -#include "base/run_loop.h"
|
| -#include "crypto/nss_util_internal.h"
|
| -#include "crypto/scoped_test_nss_chromeos_user.h"
|
| -#include "crypto/scoped_test_nss_db.h"
|
| -#include "net/base/test_data_directory.h"
|
| -#include "net/cert/cert_database.h"
|
| -#include "net/test/cert_test_util.h"
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| -
|
| -namespace net {
|
| -
|
| -namespace {
|
| -
|
| -bool IsCertInCertificateList(const X509Certificate* cert,
|
| - const CertificateList& cert_list) {
|
| - for (CertificateList::const_iterator it = cert_list.begin();
|
| - it != cert_list.end();
|
| - ++it) {
|
| - if (X509Certificate::IsSameOSCert((*it)->os_cert_handle(),
|
| - cert->os_cert_handle()))
|
| - return true;
|
| - }
|
| - return false;
|
| -}
|
| -
|
| -void SwapCertLists(CertificateList* destination,
|
| - scoped_ptr<CertificateList> source) {
|
| - ASSERT_TRUE(destination);
|
| - ASSERT_TRUE(source);
|
| -
|
| - destination->swap(*source);
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -class NSSCertDatabaseChromeOSTest : public testing::Test,
|
| - public CertDatabase::Observer {
|
| - public:
|
| - NSSCertDatabaseChromeOSTest()
|
| - : observer_added_(false), user_1_("user1"), user_2_("user2") {}
|
| -
|
| - void SetUp() override {
|
| - // Initialize nss_util slots.
|
| - ASSERT_TRUE(user_1_.constructed_successfully());
|
| - ASSERT_TRUE(user_2_.constructed_successfully());
|
| - user_1_.FinishInit();
|
| - user_2_.FinishInit();
|
| -
|
| - // Create NSSCertDatabaseChromeOS for each user.
|
| - db_1_.reset(new NSSCertDatabaseChromeOS(
|
| - crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()),
|
| - crypto::GetPrivateSlotForChromeOSUser(
|
| - user_1_.username_hash(),
|
| - base::Callback<void(crypto::ScopedPK11Slot)>())));
|
| - db_1_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current());
|
| - db_1_->SetSystemSlot(
|
| - crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot())));
|
| - db_2_.reset(new NSSCertDatabaseChromeOS(
|
| - crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()),
|
| - crypto::GetPrivateSlotForChromeOSUser(
|
| - user_2_.username_hash(),
|
| - base::Callback<void(crypto::ScopedPK11Slot)>())));
|
| - db_2_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current());
|
| -
|
| - // Add observer to CertDatabase for checking that notifications from
|
| - // NSSCertDatabaseChromeOS are proxied to the CertDatabase.
|
| - CertDatabase::GetInstance()->AddObserver(this);
|
| - observer_added_ = true;
|
| - }
|
| -
|
| - void TearDown() override {
|
| - if (observer_added_)
|
| - CertDatabase::GetInstance()->RemoveObserver(this);
|
| - }
|
| -
|
| - // CertDatabase::Observer:
|
| - void OnCertAdded(const X509Certificate* cert) override {
|
| - added_.push_back(cert ? cert->os_cert_handle() : NULL);
|
| - }
|
| -
|
| - void OnCertRemoved(const X509Certificate* cert) override {}
|
| -
|
| - void OnCACertChanged(const X509Certificate* cert) override {
|
| - added_ca_.push_back(cert ? cert->os_cert_handle() : NULL);
|
| - }
|
| -
|
| - protected:
|
| - bool observer_added_;
|
| - // Certificates that were passed to the CertDatabase observers.
|
| - std::vector<CERTCertificate*> added_ca_;
|
| - std::vector<CERTCertificate*> added_;
|
| -
|
| - crypto::ScopedTestNSSChromeOSUser user_1_;
|
| - crypto::ScopedTestNSSChromeOSUser user_2_;
|
| - crypto::ScopedTestNSSDB system_db_;
|
| - scoped_ptr<NSSCertDatabaseChromeOS> db_1_;
|
| - scoped_ptr<NSSCertDatabaseChromeOS> db_2_;
|
| -};
|
| -
|
| -// Test that ListModules() on each user includes that user's NSS software slot,
|
| -// and does not include the software slot of the other user. (Does not check the
|
| -// private slot, since it is the same as the public slot in tests.)
|
| -TEST_F(NSSCertDatabaseChromeOSTest, ListModules) {
|
| - CryptoModuleList modules_1;
|
| - CryptoModuleList modules_2;
|
| -
|
| - db_1_->ListModules(&modules_1, false /* need_rw */);
|
| - db_2_->ListModules(&modules_2, false /* need_rw */);
|
| -
|
| - bool found_1 = false;
|
| - for (CryptoModuleList::iterator it = modules_1.begin(); it != modules_1.end();
|
| - ++it) {
|
| - EXPECT_NE(db_2_->GetPublicSlot().get(), (*it)->os_module_handle());
|
| - if ((*it)->os_module_handle() == db_1_->GetPublicSlot().get())
|
| - found_1 = true;
|
| - }
|
| - EXPECT_TRUE(found_1);
|
| -
|
| - bool found_2 = false;
|
| - for (CryptoModuleList::iterator it = modules_2.begin(); it != modules_2.end();
|
| - ++it) {
|
| - EXPECT_NE(db_1_->GetPublicSlot().get(), (*it)->os_module_handle());
|
| - if ((*it)->os_module_handle() == db_2_->GetPublicSlot().get())
|
| - found_2 = true;
|
| - }
|
| - EXPECT_TRUE(found_2);
|
| -}
|
| -
|
| -// Test that ImportCACerts imports the cert to the correct slot, and that
|
| -// ListCerts includes the added cert for the correct user, and does not include
|
| -// it for the other user.
|
| -TEST_F(NSSCertDatabaseChromeOSTest, ImportCACerts) {
|
| - // Load test certs from disk.
|
| - CertificateList certs_1 =
|
| - CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| - "root_ca_cert.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| - ASSERT_EQ(1U, certs_1.size());
|
| -
|
| - CertificateList certs_2 =
|
| - CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| - "2048-rsa-root.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| - ASSERT_EQ(1U, certs_2.size());
|
| -
|
| - // Import one cert for each user.
|
| - NSSCertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(
|
| - db_1_->ImportCACerts(certs_1, NSSCertDatabase::TRUSTED_SSL, &failed));
|
| - EXPECT_EQ(0U, failed.size());
|
| - failed.clear();
|
| - EXPECT_TRUE(
|
| - db_2_->ImportCACerts(certs_2, NSSCertDatabase::TRUSTED_SSL, &failed));
|
| - EXPECT_EQ(0U, failed.size());
|
| -
|
| - // Get cert list for each user.
|
| - CertificateList user_1_certlist;
|
| - CertificateList user_2_certlist;
|
| - db_1_->ListCertsSync(&user_1_certlist);
|
| - db_2_->ListCertsSync(&user_2_certlist);
|
| -
|
| - // Check that the imported certs only shows up in the list for the user that
|
| - // imported them.
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_1[0].get(), user_1_certlist));
|
| - EXPECT_FALSE(IsCertInCertificateList(certs_1[0].get(), user_2_certlist));
|
| -
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_2[0].get(), user_2_certlist));
|
| - EXPECT_FALSE(IsCertInCertificateList(certs_2[0].get(), user_1_certlist));
|
| -
|
| - // Run the message loop so the observer notifications get processed.
|
| - base::RunLoop().RunUntilIdle();
|
| - // Should have gotten two OnCACertChanged notifications.
|
| - ASSERT_EQ(2U, added_ca_.size());
|
| - // TODO(mattm): make NSSCertDatabase actually pass the cert to the callback,
|
| - // and enable these checks:
|
| - // EXPECT_EQ(certs_1[0]->os_cert_handle(), added_ca_[0]);
|
| - // EXPECT_EQ(certs_2[0]->os_cert_handle(), added_ca_[1]);
|
| - EXPECT_EQ(0U, added_.size());
|
| -
|
| - // Tests that the new certs are loaded by async ListCerts method.
|
| - CertificateList user_1_certlist_async;
|
| - CertificateList user_2_certlist_async;
|
| - db_1_->ListCerts(
|
| - base::Bind(&SwapCertLists, base::Unretained(&user_1_certlist_async)));
|
| - db_2_->ListCerts(
|
| - base::Bind(&SwapCertLists, base::Unretained(&user_2_certlist_async)));
|
| -
|
| - base::RunLoop().RunUntilIdle();
|
| -
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_1[0].get(), user_1_certlist_async));
|
| - EXPECT_FALSE(
|
| - IsCertInCertificateList(certs_1[0].get(), user_2_certlist_async));
|
| -
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_2[0].get(), user_2_certlist_async));
|
| - EXPECT_FALSE(
|
| - IsCertInCertificateList(certs_2[0].get(), user_1_certlist_async));
|
| -}
|
| -
|
| -// Test that ImportServerCerts imports the cert to the correct slot, and that
|
| -// ListCerts includes the added cert for the correct user, and does not include
|
| -// it for the other user.
|
| -TEST_F(NSSCertDatabaseChromeOSTest, ImportServerCert) {
|
| - // Load test certs from disk.
|
| - CertificateList certs_1 = CreateCertificateListFromFile(
|
| - GetTestCertsDirectory(), "ok_cert.pem", X509Certificate::FORMAT_AUTO);
|
| - ASSERT_EQ(1U, certs_1.size());
|
| -
|
| - CertificateList certs_2 =
|
| - CreateCertificateListFromFile(GetTestCertsDirectory(),
|
| - "2048-rsa-ee-by-2048-rsa-intermediate.pem",
|
| - X509Certificate::FORMAT_AUTO);
|
| - ASSERT_EQ(1U, certs_2.size());
|
| -
|
| - // Import one cert for each user.
|
| - NSSCertDatabase::ImportCertFailureList failed;
|
| - EXPECT_TRUE(
|
| - db_1_->ImportServerCert(certs_1, NSSCertDatabase::TRUSTED_SSL, &failed));
|
| - EXPECT_EQ(0U, failed.size());
|
| - failed.clear();
|
| - EXPECT_TRUE(
|
| - db_2_->ImportServerCert(certs_2, NSSCertDatabase::TRUSTED_SSL, &failed));
|
| - EXPECT_EQ(0U, failed.size());
|
| -
|
| - // Get cert list for each user.
|
| - CertificateList user_1_certlist;
|
| - CertificateList user_2_certlist;
|
| - db_1_->ListCertsSync(&user_1_certlist);
|
| - db_2_->ListCertsSync(&user_2_certlist);
|
| -
|
| - // Check that the imported certs only shows up in the list for the user that
|
| - // imported them.
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_1[0].get(), user_1_certlist));
|
| - EXPECT_FALSE(IsCertInCertificateList(certs_1[0].get(), user_2_certlist));
|
| -
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_2[0].get(), user_2_certlist));
|
| - EXPECT_FALSE(IsCertInCertificateList(certs_2[0].get(), user_1_certlist));
|
| -
|
| - // Run the message loop so the observer notifications get processed.
|
| - base::RunLoop().RunUntilIdle();
|
| - // TODO(mattm): ImportServerCert doesn't actually cause any observers to
|
| - // fire. Is that correct?
|
| - EXPECT_EQ(0U, added_ca_.size());
|
| - EXPECT_EQ(0U, added_.size());
|
| -
|
| - // Tests that the new certs are loaded by async ListCerts method.
|
| - CertificateList user_1_certlist_async;
|
| - CertificateList user_2_certlist_async;
|
| - db_1_->ListCerts(
|
| - base::Bind(&SwapCertLists, base::Unretained(&user_1_certlist_async)));
|
| - db_2_->ListCerts(
|
| - base::Bind(&SwapCertLists, base::Unretained(&user_2_certlist_async)));
|
| -
|
| - base::RunLoop().RunUntilIdle();
|
| -
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_1[0].get(), user_1_certlist_async));
|
| - EXPECT_FALSE(
|
| - IsCertInCertificateList(certs_1[0].get(), user_2_certlist_async));
|
| -
|
| - EXPECT_TRUE(IsCertInCertificateList(certs_2[0].get(), user_2_certlist_async));
|
| - EXPECT_FALSE(
|
| - IsCertInCertificateList(certs_2[0].get(), user_1_certlist_async));
|
| -}
|
| -
|
| -// Tests that There is no crash if the database is deleted while ListCerts
|
| -// is being processed on the worker pool.
|
| -TEST_F(NSSCertDatabaseChromeOSTest, NoCrashIfShutdownBeforeDoneOnWorkerPool) {
|
| - CertificateList certlist;
|
| - db_1_->ListCerts(base::Bind(&SwapCertLists, base::Unretained(&certlist)));
|
| - EXPECT_EQ(0U, certlist.size());
|
| -
|
| - db_1_.reset();
|
| -
|
| - base::RunLoop().RunUntilIdle();
|
| -
|
| - EXPECT_LT(0U, certlist.size());
|
| -}
|
| -
|
| -TEST_F(NSSCertDatabaseChromeOSTest, ListCertsReadsSystemSlot) {
|
| - scoped_refptr<X509Certificate> cert_1(
|
| - ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
|
| - "client_1.pem",
|
| - "client_1.pk8",
|
| - db_1_->GetPublicSlot().get()));
|
| -
|
| - scoped_refptr<X509Certificate> cert_2(
|
| - ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
|
| - "client_2.pem",
|
| - "client_2.pk8",
|
| - db_1_->GetSystemSlot().get()));
|
| - CertificateList certs;
|
| - db_1_->ListCertsSync(&certs);
|
| - EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs));
|
| - EXPECT_TRUE(IsCertInCertificateList(cert_2.get(), certs));
|
| -}
|
| -
|
| -TEST_F(NSSCertDatabaseChromeOSTest, ListCertsDoesNotCrossReadSystemSlot) {
|
| - scoped_refptr<X509Certificate> cert_1(
|
| - ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
|
| - "client_1.pem",
|
| - "client_1.pk8",
|
| - db_2_->GetPublicSlot().get()));
|
| -
|
| - scoped_refptr<X509Certificate> cert_2(
|
| - ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
|
| - "client_2.pem",
|
| - "client_2.pk8",
|
| - system_db_.slot()));
|
| - CertificateList certs;
|
| - db_2_->ListCertsSync(&certs);
|
| - EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs));
|
| - EXPECT_FALSE(IsCertInCertificateList(cert_2.get(), certs));
|
| -}
|
| -
|
| -} // namespace net
|
|
|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master