chrome/common/net/x509_certificate_model_unittest.cc - Issue 9875010: nss: Fix GetCertType returning SERVER_CERT for explicitly distrusted CA certs.

Side by Side Diff: chrome/common/net/x509_certificate_model_unittest.cc

Issue 9875010: nss: Fix GetCertType returning SERVER_CERT for explicitly distrusted CA certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« chrome/chrome_tests.gypi ('K') | « chrome/chrome_tests.gypi ('k') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('j') | chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/common/net/x509_certificate_model.h"

	6

	7 #include "base/file_path.h"

	8 #include "base/file_util.h"

	9 #include "base/path_service.h"

	10 #include "net/base/cert_database.h"

	11 #include "testing/gtest/include/gtest/gtest.h"

	12

	13 class X509CertificateModelTest : public testing::Test {

	14 protected:

	15 static std::string ReadTestFile(const std::string& name) {

	16 std::string result;

	17 FilePath cert_path = GetTestCertsDirectory().AppendASCII(name);

	18 EXPECT_TRUE(file_util::ReadFileToString(cert_path, &result));

	19 return result;

	20 }

	21

	22 private:

	23 // Returns a FilePath object representing the src/net/data/ssl/certificates

	24 // directory in the source tree.

	25 static FilePath GetTestCertsDirectory() {

	26 FilePath certs_dir;

	27 PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir);

	28 certs_dir = certs_dir.AppendASCII("net");

	29 certs_dir = certs_dir.AppendASCII("data");

	30 certs_dir = certs_dir.AppendASCII("ssl");

	31 certs_dir = certs_dir.AppendASCII("certificates");

	32 return certs_dir;

	33 }

	34 };

	35

	36 TEST_F(X509CertificateModelTest, GetTypeCA) {

	37 std::string cert_data = ReadTestFile("root_ca_cert.crt");

	38

	39 net::CertificateList certs =

	40 net::X509Certificate::CreateCertificateListFromBytes(

	41 cert_data.data(), cert_data.size(),

	42 net::X509Certificate::FORMAT_AUTO);

	43 ASSERT_EQ(1U, certs.size());

	44

	45 #if defined(USE_OPENSSL)

	46 // Remove this when OpenSSL build implements the necessary functions.

	47 EXPECT_EQ(net::UNKNOWN_CERT,

	48 x509_certificate_model::GetType(certs[0]->os_cert_handle()));

	49 #else

	50 EXPECT_EQ(net::CA_CERT,

	51 x509_certificate_model::GetType(certs[0]->os_cert_handle()));

	52

	53 // Test that explicitly distrusted CA certs are still returned as CA_CERT

	54 // type. See http://crbug.com/96654.

	55 net::CertDatabase cert_db_;
	wtc 2012/03/28 19:36:05 Nit: cert_db_ => cert_db This is a local variable Nit: cert_db_ => cert_db This is a local variable. Now I see why you asked that question. It does look strange to involve the net::CertDatabase class when we set the trust on a temporary certificate. It implies net::CertDatabase::SetCertTrust can be a static method, at least for the NSS-based implementation. mattm 2012/03/29 00:24:45 done Show quoted text On 2012/03/28 19:36:05, wtc wrote: > > Nit: cert_db_ => cert_db > > This is a local variable. done
	56 // TODO(mattm): This depends on the implementation details of SetCertTrust

	57 // where calling with SERVER_CERT and UNTRUSTED causes a cert to be explicitly

	58 // distrusted (trust set to CERTDB_TERMINAL_RECORD). See

	59 // http://crbug.com/116411. When I fix that bug I'll also add a way to set

	60 // this directly.

	61 EXPECT_TRUE(cert_db_.SetCertTrust(certs[0], net::SERVER_CERT,

	62 net::CertDatabase::UNTRUSTED));

	63

	64 EXPECT_EQ(net::CA_CERT,

	65 x509_certificate_model::GetType(certs[0]->os_cert_handle()));

	66 #endif

	67 }

OLD	NEW