Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/net/x509_certificate_model_unittest.cc

Issue 9875010: nss: Fix GetCertType returning SERVER_CERT for explicitly distrusted CA certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: review changes, add server testcase Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/chrome_tests.gypi ('k') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/common/net/x509_certificate_model.h"
6
7 #include "base/file_path.h"
8 #include "base/file_util.h"
9 #include "base/path_service.h"
10 #include "net/base/cert_database.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12
13 class X509CertificateModelTest : public testing::Test {
14 protected:
15 static std::string ReadTestFile(const std::string& name) {
16 std::string result;
17 FilePath cert_path = GetTestCertsDirectory().AppendASCII(name);
18 EXPECT_TRUE(file_util::ReadFileToString(cert_path, &result));
19 return result;
20 }
21
22 private:
23 // Returns a FilePath object representing the src/net/data/ssl/certificates
24 // directory in the source tree.
25 static FilePath GetTestCertsDirectory() {
26 FilePath certs_dir;
27 PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir);
28 certs_dir = certs_dir.AppendASCII("net");
29 certs_dir = certs_dir.AppendASCII("data");
30 certs_dir = certs_dir.AppendASCII("ssl");
31 certs_dir = certs_dir.AppendASCII("certificates");
32 return certs_dir;
33 }
Ryan Sleevi 2012/03/29 19:26:50 use net/base/cert_test_util.h to get this path.
34 };
35
36 TEST_F(X509CertificateModelTest, GetTypeCA) {
37 std::string cert_data = ReadTestFile("root_ca_cert.crt");
38
39 net::CertificateList certs =
40 net::X509Certificate::CreateCertificateListFromBytes(
41 cert_data.data(), cert_data.size(),
42 net::X509Certificate::FORMAT_AUTO);
Ryan Sleevi 2012/03/29 19:26:50 use net/base/cert_test_util.h to load these files
43 ASSERT_EQ(1U, certs.size());
44
45 #if defined(USE_OPENSSL)
46 // Remove this when OpenSSL build implements the necessary functions.
Ryan Sleevi 2012/03/29 19:26:50 Is there a bug filed explaining what needs to be i
47 EXPECT_EQ(net::UNKNOWN_CERT,
48 x509_certificate_model::GetType(certs[0]->os_cert_handle()));
49 #else
50 EXPECT_EQ(net::CA_CERT,
51 x509_certificate_model::GetType(certs[0]->os_cert_handle()));
52
53 // Test that explicitly distrusted CA certs are still returned as CA_CERT
54 // type. See http://crbug.com/96654.
55 net::CertDatabase cert_db;
56 // TODO(mattm): This depends on the implementation details of SetCertTrust
57 // where calling with SERVER_CERT and UNTRUSTED causes a cert to be explicitly
58 // distrusted (trust set to CERTDB_TERMINAL_RECORD). See
59 // http://crbug.com/116411. When I fix that bug I'll also add a way to set
60 // this directly.
61 EXPECT_TRUE(cert_db.SetCertTrust(certs[0], net::SERVER_CERT,
62 net::CertDatabase::UNTRUSTED));
63
64 EXPECT_EQ(net::CA_CERT,
65 x509_certificate_model::GetType(certs[0]->os_cert_handle()));
66 #endif
67 }
68
69 TEST_F(X509CertificateModelTest, GetTypeServer) {
70 std::string cert_data = ReadTestFile("google.single.der");
71
72 net::CertificateList certs =
73 net::X509Certificate::CreateCertificateListFromBytes(
74 cert_data.data(), cert_data.size(),
75 net::X509Certificate::FORMAT_AUTO);
76 ASSERT_EQ(1U, certs.size());
77
78 #if defined(USE_OPENSSL)
79 // Remove this when OpenSSL build implements the necessary functions.
80 EXPECT_EQ(net::UNKNOWN_CERT,
81 x509_certificate_model::GetType(certs[0]->os_cert_handle()));
82 #else
83 // TODO(mattm): make GetCertType smarter so we can tell server certs even if
84 // they have no trust bits set.
85 EXPECT_EQ(net::UNKNOWN_CERT,
86 x509_certificate_model::GetType(certs[0]->os_cert_handle()));
87
88 net::CertDatabase cert_db;
89 EXPECT_TRUE(cert_db.SetCertTrust(certs[0], net::SERVER_CERT,
90 net::CertDatabase::TRUSTED_SSL));
91
92 EXPECT_EQ(net::SERVER_CERT,
93 x509_certificate_model::GetType(certs[0]->os_cert_handle()));
94
95 EXPECT_TRUE(cert_db.SetCertTrust(certs[0], net::SERVER_CERT,
96 net::CertDatabase::UNTRUSTED));
97
98 EXPECT_EQ(net::SERVER_CERT,
99 x509_certificate_model::GetType(certs[0]->os_cert_handle()));
100 #endif
101 }
OLDNEW
« no previous file with comments | « chrome/chrome_tests.gypi ('k') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698