| Index: net/cert/nss_cert_database_unittest.cc
|
| diff --git a/net/cert/nss_cert_database_unittest.cc b/net/cert/nss_cert_database_unittest.cc
|
| index db271257ac63126a34c405837a0e0fb9020d0dae..7a1b8c851bb06a8fc8d4191c49f9d5512d5c6e76 100644
|
| --- a/net/cert/nss_cert_database_unittest.cc
|
| +++ b/net/cert/nss_cert_database_unittest.cc
|
| @@ -116,7 +116,7 @@ class CertDatabaseNSSTest : public testing::Test {
|
| if (srv != SECSuccess)
|
| ok = false;
|
|
|
| - if (!cert_db_->DeleteCertAndKey(certs[i]))
|
| + if (!cert_db_->DeleteCertAndKey(certs[i].get()))
|
| ok = false;
|
| }
|
| return ok;
|
| @@ -139,7 +139,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) {
|
| std::string pkcs12_data = ReadTestFile("client.p12");
|
|
|
| EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD,
|
| - cert_db_->ImportFromPKCS12(slot_,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| pkcs12_data,
|
| base::string16(),
|
| true, // is_extractable
|
| @@ -152,11 +152,12 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) {
|
| TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) {
|
| std::string pkcs12_data = ReadTestFile("client.p12");
|
|
|
| - EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(slot_,
|
| - pkcs12_data,
|
| - ASCIIToUTF16("12345"),
|
| - true, // is_extractable
|
| - NULL));
|
| + EXPECT_EQ(OK,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| + pkcs12_data,
|
| + ASCIIToUTF16("12345"),
|
| + true, // is_extractable
|
| + NULL));
|
|
|
| CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -176,31 +177,34 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) {
|
| TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) {
|
| std::string pkcs12_data = ReadTestFile("client.p12");
|
|
|
| - EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(slot_,
|
| - pkcs12_data,
|
| - ASCIIToUTF16("12345"),
|
| - true, // is_extractable
|
| - NULL));
|
| + EXPECT_EQ(OK,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| + pkcs12_data,
|
| + ASCIIToUTF16("12345"),
|
| + true, // is_extractable
|
| + NULL));
|
| EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size());
|
|
|
| // NSS has a SEC_ERROR_PKCS12_DUPLICATE_DATA error, but it doesn't look like
|
| // it's ever used. This test verifies that.
|
| - EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(slot_,
|
| - pkcs12_data,
|
| - ASCIIToUTF16("12345"),
|
| - true, // is_extractable
|
| - NULL));
|
| + EXPECT_EQ(OK,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| + pkcs12_data,
|
| + ASCIIToUTF16("12345"),
|
| + true, // is_extractable
|
| + NULL));
|
| EXPECT_EQ(1U, ListCertsInSlot(slot_->os_module_handle()).size());
|
| }
|
|
|
| TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) {
|
| std::string pkcs12_data = ReadTestFile("client.p12");
|
|
|
| - EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(slot_,
|
| - pkcs12_data,
|
| - ASCIIToUTF16("12345"),
|
| - false, // is_extractable
|
| - NULL));
|
| + EXPECT_EQ(OK,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| + pkcs12_data,
|
| + ASCIIToUTF16("12345"),
|
| + false, // is_extractable
|
| + NULL));
|
|
|
| CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -218,22 +222,24 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) {
|
| // private key should not mark an existing private key as unextractable.
|
| TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) {
|
| std::string pkcs12_data = ReadTestFile("client.p12");
|
| - EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(slot_,
|
| - pkcs12_data,
|
| - ASCIIToUTF16("12345"),
|
| - true, // is_extractable
|
| - NULL));
|
| + EXPECT_EQ(OK,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| + pkcs12_data,
|
| + ASCIIToUTF16("12345"),
|
| + true, // is_extractable
|
| + NULL));
|
|
|
| CertificateList cert_list = ListCertsInSlot(slot_->os_module_handle());
|
| ASSERT_EQ(1U, cert_list.size());
|
|
|
| // Now import a PKCS#12 file with just a certificate but no private key.
|
| pkcs12_data = ReadTestFile("client-nokey.p12");
|
| - EXPECT_EQ(OK, cert_db_->ImportFromPKCS12(slot_,
|
| - pkcs12_data,
|
| - ASCIIToUTF16("12345"),
|
| - false, // is_extractable
|
| - NULL));
|
| + EXPECT_EQ(OK,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| + pkcs12_data,
|
| + ASCIIToUTF16("12345"),
|
| + false, // is_extractable
|
| + NULL));
|
|
|
| cert_list = ListCertsInSlot(slot_->os_module_handle());
|
| ASSERT_EQ(1U, cert_list.size());
|
| @@ -249,7 +255,7 @@ TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) {
|
| std::string pkcs12_data = "Foobarbaz";
|
|
|
| EXPECT_EQ(ERR_PKCS12_IMPORT_INVALID_FILE,
|
| - cert_db_->ImportFromPKCS12(slot_,
|
| + cert_db_->ImportFromPKCS12(slot_.get(),
|
| pkcs12_data,
|
| base::string16(),
|
| true, // is_extractable
|
| @@ -541,8 +547,12 @@ TEST_F(CertDatabaseNSSTest, DISABLED_ImportServerCert) {
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(goog_cert, "www.google.com", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(goog_cert.get(),
|
| + "www.google.com",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| }
|
| @@ -568,8 +578,12 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) {
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(puny_cert, "xn--wgv71a119e.com", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(puny_cert.get(),
|
| + "xn--wgv71a119e.com",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
|
| EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result.cert_status);
|
| }
|
| @@ -603,8 +617,12 @@ TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) {
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(puny_cert, "xn--wgv71a119e.com", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(puny_cert.get(),
|
| + "xn--wgv71a119e.com",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| }
|
| @@ -635,8 +653,12 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) {
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
| }
|
| @@ -670,7 +692,7 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
|
| certs, NSSCertDatabase::DISTRUSTED_SSL, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| EXPECT_EQ(NSSCertDatabase::DISTRUSTED_SSL,
|
| - cert_db_->GetCertTrust(certs[0], SERVER_CERT));
|
| + cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
|
|
|
| EXPECT_EQ(unsigned(CERTDB_TERMINAL_RECORD),
|
| certs[0]->os_cert_handle()->trust->sslFlags);
|
| @@ -679,8 +701,12 @@ TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) {
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status);
|
| }
|
| @@ -717,14 +743,18 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
| certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| - cert_db_->GetCertTrust(certs[0], SERVER_CERT));
|
| + cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
|
|
|
| // Server cert should verify.
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
|
|
| @@ -736,9 +766,9 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
|
|
| // Trust the root cert and distrust the intermediate.
|
| EXPECT_TRUE(cert_db_->SetCertTrust(
|
| - ca_certs[0], CA_CERT, NSSCertDatabase::TRUSTED_SSL));
|
| + ca_certs[0].get(), CA_CERT, NSSCertDatabase::TRUSTED_SSL));
|
| EXPECT_TRUE(cert_db_->SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, NSSCertDatabase::DISTRUSTED_SSL));
|
| + intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::DISTRUSTED_SSL));
|
| EXPECT_EQ(
|
| unsigned(CERTDB_VALID_CA | CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA),
|
| ca_certs[0]->os_cert_handle()->trust->sslFlags);
|
| @@ -756,8 +786,12 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) {
|
|
|
| // Server cert should fail to verify.
|
| CertVerifyResult verify_result2;
|
| - error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result2);
|
| + error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result2);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| EXPECT_EQ(CERT_STATUS_REVOKED, verify_result2.cert_status);
|
| }
|
| @@ -791,25 +825,33 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) {
|
| certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| - cert_db_->GetCertTrust(certs[0], SERVER_CERT));
|
| + cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
|
|
|
| // Server cert should verify.
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
|
|
| // Without explicit trust of the intermediate, verification should fail.
|
| EXPECT_TRUE(cert_db_->SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
| + intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
|
|
| // Server cert should fail to verify.
|
| CertVerifyResult verify_result2;
|
| - error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result2);
|
| + error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result2);
|
| EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
|
| EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status);
|
| }
|
| @@ -853,25 +895,33 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) {
|
| certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| - cert_db_->GetCertTrust(certs[0], SERVER_CERT));
|
| + cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
|
|
|
| // Server cert should verify.
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result.cert_status);
|
|
|
| // Without explicit trust of the intermediate, verification should fail.
|
| EXPECT_TRUE(cert_db_->SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
| + intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
|
|
| // Server cert should fail to verify.
|
| CertVerifyResult verify_result2;
|
| - error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result2);
|
| + error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result2);
|
| EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error);
|
| EXPECT_EQ(CERT_STATUS_AUTHORITY_INVALID, verify_result2.cert_status);
|
| }
|
| @@ -915,25 +965,33 @@ TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) {
|
| certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| - cert_db_->GetCertTrust(certs[0], SERVER_CERT));
|
| + cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
|
|
|
| // Server cert should not verify.
|
| scoped_refptr<CertVerifyProc> verify_proc(new CertVerifyProcNSS());
|
| int flags = 0;
|
| CertVerifyResult verify_result;
|
| - int error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result);
|
| + int error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result);
|
| EXPECT_EQ(ERR_CERT_REVOKED, error);
|
| EXPECT_EQ(CERT_STATUS_REVOKED, verify_result.cert_status);
|
|
|
| // Without explicit distrust of the intermediate, verification should succeed.
|
| EXPECT_TRUE(cert_db_->SetCertTrust(
|
| - intermediate_certs[0], CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
| + intermediate_certs[0].get(), CA_CERT, NSSCertDatabase::TRUST_DEFAULT));
|
|
|
| // Server cert should verify.
|
| CertVerifyResult verify_result2;
|
| - error = verify_proc->Verify(certs[0], "127.0.0.1", flags,
|
| - NULL, empty_cert_list_, &verify_result2);
|
| + error = verify_proc->Verify(certs[0].get(),
|
| + "127.0.0.1",
|
| + flags,
|
| + NULL,
|
| + empty_cert_list_,
|
| + &verify_result2);
|
| EXPECT_EQ(OK, error);
|
| EXPECT_EQ(0U, verify_result2.cert_status);
|
| }
|
| @@ -956,7 +1014,7 @@ TEST_F(CertDatabaseNSSTest, ImportDuplicateCommonName) {
|
| certs, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| - cert_db_->GetCertTrust(certs[0], SERVER_CERT));
|
| + cert_db_->GetCertTrust(certs[0].get(), SERVER_CERT));
|
|
|
| CertificateList new_certs = ListCertsInSlot(slot_->os_module_handle());
|
| ASSERT_EQ(1U, new_certs.size());
|
| @@ -973,7 +1031,7 @@ TEST_F(CertDatabaseNSSTest, ImportDuplicateCommonName) {
|
| certs2, NSSCertDatabase::TRUST_DEFAULT, &failed));
|
| EXPECT_EQ(0U, failed.size());
|
| EXPECT_EQ(NSSCertDatabase::TRUST_DEFAULT,
|
| - cert_db_->GetCertTrust(certs2[0], SERVER_CERT));
|
| + cert_db_->GetCertTrust(certs2[0].get(), SERVER_CERT));
|
|
|
| new_certs = ListCertsInSlot(slot_->os_module_handle());
|
| ASSERT_EQ(2U, new_certs.size());
|
|
|
Chromium Code Reviews
Issue 15829004:
Update net/ to use scoped_refptr<T>::get() rather than implicit "operator T*" (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src