OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/files/file_path.h" | 5 #include "base/files/file_path.h" |
6 #include "build/build_config.h" | 6 #include "build/build_config.h" |
7 #include "net/base/net_errors.h" | 7 #include "net/base/net_errors.h" |
8 #include "net/base/test_data_directory.h" | 8 #include "net/base/test_data_directory.h" |
9 #include "net/cert/cert_status_flags.h" | 9 #include "net/cert/cert_status_flags.h" |
10 #include "net/cert/cert_verify_proc.h" | 10 #include "net/cert/cert_verify_proc.h" |
(...skipping 15 matching lines...) Expand all Loading... |
26 const char kRootCertificateFile[] = "root_ca_cert.pem"; | 26 const char kRootCertificateFile[] = "root_ca_cert.pem"; |
27 // A certificate issued by the local test root for 127.0.0.1. | 27 // A certificate issued by the local test root for 127.0.0.1. |
28 const char kGoodCertificateFile[] = "ok_cert.pem"; | 28 const char kGoodCertificateFile[] = "ok_cert.pem"; |
29 | 29 |
30 } // namespace | 30 } // namespace |
31 | 31 |
32 // Test basic functionality when adding from an existing X509Certificate. | 32 // Test basic functionality when adding from an existing X509Certificate. |
33 TEST(TestRootCertsTest, AddFromPointer) { | 33 TEST(TestRootCertsTest, AddFromPointer) { |
34 scoped_refptr<X509Certificate> root_cert = | 34 scoped_refptr<X509Certificate> root_cert = |
35 ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile); | 35 ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile); |
36 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert); | 36 ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get()); |
37 | 37 |
38 TestRootCerts* test_roots = TestRootCerts::GetInstance(); | 38 TestRootCerts* test_roots = TestRootCerts::GetInstance(); |
39 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); | 39 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); |
40 EXPECT_TRUE(test_roots->IsEmpty()); | 40 EXPECT_TRUE(test_roots->IsEmpty()); |
41 | 41 |
42 EXPECT_TRUE(test_roots->Add(root_cert)); | 42 EXPECT_TRUE(test_roots->Add(root_cert.get())); |
43 EXPECT_FALSE(test_roots->IsEmpty()); | 43 EXPECT_FALSE(test_roots->IsEmpty()); |
44 | 44 |
45 test_roots->Clear(); | 45 test_roots->Clear(); |
46 EXPECT_TRUE(test_roots->IsEmpty()); | 46 EXPECT_TRUE(test_roots->IsEmpty()); |
47 } | 47 } |
48 | 48 |
49 // Test basic functionality when adding directly from a file, which should | 49 // Test basic functionality when adding directly from a file, which should |
50 // behave the same as when adding from an existing certificate. | 50 // behave the same as when adding from an existing certificate. |
51 TEST(TestRootCertsTest, AddFromFile) { | 51 TEST(TestRootCertsTest, AddFromFile) { |
52 TestRootCerts* test_roots = TestRootCerts::GetInstance(); | 52 TestRootCerts* test_roots = TestRootCerts::GetInstance(); |
(...skipping 22 matching lines...) Expand all Loading... |
75 return; | 75 return; |
76 } | 76 } |
77 #endif | 77 #endif |
78 | 78 |
79 TestRootCerts* test_roots = TestRootCerts::GetInstance(); | 79 TestRootCerts* test_roots = TestRootCerts::GetInstance(); |
80 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); | 80 ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots); |
81 EXPECT_TRUE(test_roots->IsEmpty()); | 81 EXPECT_TRUE(test_roots->IsEmpty()); |
82 | 82 |
83 scoped_refptr<X509Certificate> test_cert = | 83 scoped_refptr<X509Certificate> test_cert = |
84 ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile); | 84 ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile); |
85 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert); | 85 ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get()); |
86 | 86 |
87 // Test that the good certificate fails verification, because the root | 87 // Test that the good certificate fails verification, because the root |
88 // certificate should not yet be trusted. | 88 // certificate should not yet be trusted. |
89 int flags = 0; | 89 int flags = 0; |
90 CertVerifyResult bad_verify_result; | 90 CertVerifyResult bad_verify_result; |
91 scoped_refptr<CertVerifyProc> verify_proc(CertVerifyProc::CreateDefault()); | 91 scoped_refptr<CertVerifyProc> verify_proc(CertVerifyProc::CreateDefault()); |
92 int bad_status = verify_proc->Verify(test_cert, | 92 int bad_status = verify_proc->Verify(test_cert.get(), |
93 "127.0.0.1", | 93 "127.0.0.1", |
94 flags, | 94 flags, |
95 NULL, | 95 NULL, |
96 CertificateList(), | 96 CertificateList(), |
97 &bad_verify_result); | 97 &bad_verify_result); |
98 EXPECT_NE(OK, bad_status); | 98 EXPECT_NE(OK, bad_status); |
99 EXPECT_NE(0u, bad_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 99 EXPECT_NE(0u, bad_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
100 | 100 |
101 // Add the root certificate and mark it as trusted. | 101 // Add the root certificate and mark it as trusted. |
102 EXPECT_TRUE(test_roots->AddFromFile( | 102 EXPECT_TRUE(test_roots->AddFromFile( |
103 GetTestCertsDirectory().AppendASCII(kRootCertificateFile))); | 103 GetTestCertsDirectory().AppendASCII(kRootCertificateFile))); |
104 EXPECT_FALSE(test_roots->IsEmpty()); | 104 EXPECT_FALSE(test_roots->IsEmpty()); |
105 | 105 |
106 // Test that the certificate verification now succeeds, because the | 106 // Test that the certificate verification now succeeds, because the |
107 // TestRootCerts is successfully imbuing trust. | 107 // TestRootCerts is successfully imbuing trust. |
108 CertVerifyResult good_verify_result; | 108 CertVerifyResult good_verify_result; |
109 int good_status = verify_proc->Verify(test_cert, | 109 int good_status = verify_proc->Verify(test_cert.get(), |
110 "127.0.0.1", | 110 "127.0.0.1", |
111 flags, | 111 flags, |
112 NULL, | 112 NULL, |
113 CertificateList(), | 113 CertificateList(), |
114 &good_verify_result); | 114 &good_verify_result); |
115 EXPECT_EQ(OK, good_status); | 115 EXPECT_EQ(OK, good_status); |
116 EXPECT_EQ(0u, good_verify_result.cert_status); | 116 EXPECT_EQ(0u, good_verify_result.cert_status); |
117 | 117 |
118 test_roots->Clear(); | 118 test_roots->Clear(); |
119 EXPECT_TRUE(test_roots->IsEmpty()); | 119 EXPECT_TRUE(test_roots->IsEmpty()); |
120 | 120 |
121 // Ensure that when the TestRootCerts is cleared, the trust settings | 121 // Ensure that when the TestRootCerts is cleared, the trust settings |
122 // revert to their original state, and don't linger. If trust status | 122 // revert to their original state, and don't linger. If trust status |
123 // lingers, it will likely break other tests in net_unittests. | 123 // lingers, it will likely break other tests in net_unittests. |
124 CertVerifyResult restored_verify_result; | 124 CertVerifyResult restored_verify_result; |
125 int restored_status = verify_proc->Verify(test_cert, | 125 int restored_status = verify_proc->Verify(test_cert.get(), |
126 "127.0.0.1", | 126 "127.0.0.1", |
127 flags, | 127 flags, |
128 NULL, | 128 NULL, |
129 CertificateList(), | 129 CertificateList(), |
130 &restored_verify_result); | 130 &restored_verify_result); |
131 EXPECT_NE(OK, restored_status); | 131 EXPECT_NE(OK, restored_status); |
132 EXPECT_NE(0u, | 132 EXPECT_NE(0u, |
133 restored_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); | 133 restored_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID); |
134 EXPECT_EQ(bad_status, restored_status); | 134 EXPECT_EQ(bad_status, restored_status); |
135 EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status); | 135 EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status); |
136 } | 136 } |
137 | 137 |
138 // TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that | 138 // TODO(rsleevi): Add tests for revocation checking via CRLs, ensuring that |
139 // TestRootCerts properly injects itself into the validation process. See | 139 // TestRootCerts properly injects itself into the validation process. See |
140 // http://crbug.com/63958 | 140 // http://crbug.com/63958 |
141 | 141 |
142 } // namespace net | 142 } // namespace net |
OLD | NEW |