Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2082)

Unified Diff: net/cert/test_root_certs_unittest.cc

Issue 992733002: Remove //net (except for Android test stuff) and sdch (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/test_root_certs_openssl.cc ('k') | net/cert/test_root_certs_win.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/test_root_certs_unittest.cc
diff --git a/net/cert/test_root_certs_unittest.cc b/net/cert/test_root_certs_unittest.cc
deleted file mode 100644
index a2cf695f95fe9bf1da1b23f7c9c83589bb53fb7c..0000000000000000000000000000000000000000
--- a/net/cert/test_root_certs_unittest.cc
+++ /dev/null
@@ -1,175 +0,0 @@
-// Copyright 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/files/file_path.h"
-#include "build/build_config.h"
-#include "net/base/net_errors.h"
-#include "net/base/test_data_directory.h"
-#include "net/cert/cert_status_flags.h"
-#include "net/cert/cert_verify_proc.h"
-#include "net/cert/cert_verify_result.h"
-#include "net/cert/test_root_certs.h"
-#include "net/cert/x509_certificate.h"
-#include "net/test/cert_test_util.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-#if defined(USE_NSS) || defined(OS_IOS)
-#include <nss.h>
-#endif
-
-namespace net {
-
-namespace {
-
-// The local test root certificate.
-const char kRootCertificateFile[] = "root_ca_cert.pem";
-// A certificate issued by the local test root for 127.0.0.1.
-const char kGoodCertificateFile[] = "ok_cert.pem";
-
-} // namespace
-
-// Test basic functionality when adding from an existing X509Certificate.
-TEST(TestRootCertsTest, AddFromPointer) {
- scoped_refptr<X509Certificate> root_cert =
- ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile);
- ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
-
- TestRootCerts* test_roots = TestRootCerts::GetInstance();
- ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
- EXPECT_TRUE(test_roots->IsEmpty());
-
- EXPECT_TRUE(test_roots->Add(root_cert.get()));
- EXPECT_FALSE(test_roots->IsEmpty());
-
- test_roots->Clear();
- EXPECT_TRUE(test_roots->IsEmpty());
-}
-
-// Test basic functionality when adding directly from a file, which should
-// behave the same as when adding from an existing certificate.
-TEST(TestRootCertsTest, AddFromFile) {
- TestRootCerts* test_roots = TestRootCerts::GetInstance();
- ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
- EXPECT_TRUE(test_roots->IsEmpty());
-
- base::FilePath cert_path =
- GetTestCertsDirectory().AppendASCII(kRootCertificateFile);
- EXPECT_TRUE(test_roots->AddFromFile(cert_path));
- EXPECT_FALSE(test_roots->IsEmpty());
-
- test_roots->Clear();
- EXPECT_TRUE(test_roots->IsEmpty());
-}
-
-// Test that TestRootCerts actually adds the appropriate trust status flags
-// when requested, and that the trusted status is cleared once the root is
-// removed the TestRootCerts. This test acts as a canary/sanity check for
-// the results of the rest of net_unittests, ensuring that the trust status
-// is properly being set and cleared.
-TEST(TestRootCertsTest, OverrideTrust) {
-#if defined(USE_NSS) || defined(OS_IOS)
- if (NSS_VersionCheck("3.14.2") && !NSS_VersionCheck("3.15")) {
- // See http://bugzil.la/863947 for details
- LOG(INFO) << "Skipping test for NSS 3.14.2 - NSS 3.15";
- return;
- }
-#endif
-
- TestRootCerts* test_roots = TestRootCerts::GetInstance();
- ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
- EXPECT_TRUE(test_roots->IsEmpty());
-
- scoped_refptr<X509Certificate> test_cert =
- ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile);
- ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get());
-
- // Test that the good certificate fails verification, because the root
- // certificate should not yet be trusted.
- int flags = 0;
- CertVerifyResult bad_verify_result;
- scoped_refptr<CertVerifyProc> verify_proc(CertVerifyProc::CreateDefault());
- int bad_status = verify_proc->Verify(test_cert.get(),
- "127.0.0.1",
- flags,
- NULL,
- CertificateList(),
- &bad_verify_result);
- EXPECT_NE(OK, bad_status);
- EXPECT_NE(0u, bad_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
-
- // Add the root certificate and mark it as trusted.
- EXPECT_TRUE(test_roots->AddFromFile(
- GetTestCertsDirectory().AppendASCII(kRootCertificateFile)));
- EXPECT_FALSE(test_roots->IsEmpty());
-
- // Test that the certificate verification now succeeds, because the
- // TestRootCerts is successfully imbuing trust.
- CertVerifyResult good_verify_result;
- int good_status = verify_proc->Verify(test_cert.get(),
- "127.0.0.1",
- flags,
- NULL,
- CertificateList(),
- &good_verify_result);
- EXPECT_EQ(OK, good_status);
- EXPECT_EQ(0u, good_verify_result.cert_status);
-
- test_roots->Clear();
- EXPECT_TRUE(test_roots->IsEmpty());
-
- // Ensure that when the TestRootCerts is cleared, the trust settings
- // revert to their original state, and don't linger. If trust status
- // lingers, it will likely break other tests in net_unittests.
- CertVerifyResult restored_verify_result;
- int restored_status = verify_proc->Verify(test_cert.get(),
- "127.0.0.1",
- flags,
- NULL,
- CertificateList(),
- &restored_verify_result);
- EXPECT_NE(OK, restored_status);
- EXPECT_NE(0u,
- restored_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
- EXPECT_EQ(bad_status, restored_status);
- EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status);
-}
-
-#if defined(USE_NSS) || (defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID))
-TEST(TestRootCertsTest, Contains) {
- // Another test root certificate.
- const char kRootCertificateFile2[] = "2048-rsa-root.pem";
-
- TestRootCerts* test_roots = TestRootCerts::GetInstance();
- ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
-
- scoped_refptr<X509Certificate> root_cert_1 =
- ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile);
- ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert_1.get());
-
- scoped_refptr<X509Certificate> root_cert_2 =
- ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile2);
- ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert_2.get());
-
- EXPECT_FALSE(test_roots->Contains(root_cert_1->os_cert_handle()));
- EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle()));
-
- EXPECT_TRUE(test_roots->Add(root_cert_1.get()));
- EXPECT_TRUE(test_roots->Contains(root_cert_1->os_cert_handle()));
- EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle()));
-
- EXPECT_TRUE(test_roots->Add(root_cert_2.get()));
- EXPECT_TRUE(test_roots->Contains(root_cert_1->os_cert_handle()));
- EXPECT_TRUE(test_roots->Contains(root_cert_2->os_cert_handle()));
-
- test_roots->Clear();
- EXPECT_FALSE(test_roots->Contains(root_cert_1->os_cert_handle()));
- EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle()));
-}
-#endif
-
-// TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that
-// TestRootCerts properly injects itself into the validation process. See
-// http://crbug.com/63958
-
-} // namespace net
« no previous file with comments | « net/cert/test_root_certs_openssl.cc ('k') | net/cert/test_root_certs_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698