This source file includes following definitions.
- TEST
- TEST
- TEST
- TEST
#include "base/files/file_path.h"
#include "build/build_config.h"
#include "net/base/net_errors.h"
#include "net/base/test_data_directory.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verify_proc.h"
#include "net/cert/cert_verify_result.h"
#include "net/cert/test_root_certs.h"
#include "net/cert/x509_certificate.h"
#include "net/test/cert_test_util.h"
#include "testing/gtest/include/gtest/gtest.h"
#if defined(USE_NSS) || defined(OS_IOS)
#include <nss.h>
#endif
namespace net {
namespace {
const char kRootCertificateFile[] = "root_ca_cert.pem";
const char kGoodCertificateFile[] = "ok_cert.pem";
}
TEST(TestRootCertsTest, AddFromPointer) {
scoped_refptr<X509Certificate> root_cert =
ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile);
ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert.get());
TestRootCerts* test_roots = TestRootCerts::GetInstance();
ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
EXPECT_TRUE(test_roots->IsEmpty());
EXPECT_TRUE(test_roots->Add(root_cert.get()));
EXPECT_FALSE(test_roots->IsEmpty());
test_roots->Clear();
EXPECT_TRUE(test_roots->IsEmpty());
}
TEST(TestRootCertsTest, AddFromFile) {
TestRootCerts* test_roots = TestRootCerts::GetInstance();
ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
EXPECT_TRUE(test_roots->IsEmpty());
base::FilePath cert_path =
GetTestCertsDirectory().AppendASCII(kRootCertificateFile);
EXPECT_TRUE(test_roots->AddFromFile(cert_path));
EXPECT_FALSE(test_roots->IsEmpty());
test_roots->Clear();
EXPECT_TRUE(test_roots->IsEmpty());
}
TEST(TestRootCertsTest, OverrideTrust) {
#if defined(USE_NSS) || defined(OS_IOS)
if (NSS_VersionCheck("3.14.2") && !NSS_VersionCheck("3.15")) {
LOG(INFO) << "Skipping test for NSS 3.14.2 - NSS 3.15";
return;
}
#endif
TestRootCerts* test_roots = TestRootCerts::GetInstance();
ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
EXPECT_TRUE(test_roots->IsEmpty());
scoped_refptr<X509Certificate> test_cert =
ImportCertFromFile(GetTestCertsDirectory(), kGoodCertificateFile);
ASSERT_NE(static_cast<X509Certificate*>(NULL), test_cert.get());
int flags = 0;
CertVerifyResult bad_verify_result;
scoped_refptr<CertVerifyProc> verify_proc(CertVerifyProc::CreateDefault());
int bad_status = verify_proc->Verify(test_cert.get(),
"127.0.0.1",
flags,
NULL,
CertificateList(),
&bad_verify_result);
EXPECT_NE(OK, bad_status);
EXPECT_NE(0u, bad_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
EXPECT_TRUE(test_roots->AddFromFile(
GetTestCertsDirectory().AppendASCII(kRootCertificateFile)));
EXPECT_FALSE(test_roots->IsEmpty());
CertVerifyResult good_verify_result;
int good_status = verify_proc->Verify(test_cert.get(),
"127.0.0.1",
flags,
NULL,
CertificateList(),
&good_verify_result);
EXPECT_EQ(OK, good_status);
EXPECT_EQ(0u, good_verify_result.cert_status);
test_roots->Clear();
EXPECT_TRUE(test_roots->IsEmpty());
CertVerifyResult restored_verify_result;
int restored_status = verify_proc->Verify(test_cert.get(),
"127.0.0.1",
flags,
NULL,
CertificateList(),
&restored_verify_result);
EXPECT_NE(OK, restored_status);
EXPECT_NE(0u,
restored_verify_result.cert_status & CERT_STATUS_AUTHORITY_INVALID);
EXPECT_EQ(bad_status, restored_status);
EXPECT_EQ(bad_verify_result.cert_status, restored_verify_result.cert_status);
}
#if defined(USE_NSS) || (defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID))
TEST(TestRootCertsTest, Contains) {
const char kRootCertificateFile2[] = "2048-rsa-root.pem";
TestRootCerts* test_roots = TestRootCerts::GetInstance();
ASSERT_NE(static_cast<TestRootCerts*>(NULL), test_roots);
scoped_refptr<X509Certificate> root_cert_1 =
ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile);
ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert_1.get());
scoped_refptr<X509Certificate> root_cert_2 =
ImportCertFromFile(GetTestCertsDirectory(), kRootCertificateFile2);
ASSERT_NE(static_cast<X509Certificate*>(NULL), root_cert_2.get());
EXPECT_FALSE(test_roots->Contains(root_cert_1->os_cert_handle()));
EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle()));
EXPECT_TRUE(test_roots->Add(root_cert_1.get()));
EXPECT_TRUE(test_roots->Contains(root_cert_1->os_cert_handle()));
EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle()));
EXPECT_TRUE(test_roots->Add(root_cert_2.get()));
EXPECT_TRUE(test_roots->Contains(root_cert_1->os_cert_handle()));
EXPECT_TRUE(test_roots->Contains(root_cert_2->os_cert_handle()));
test_roots->Clear();
EXPECT_FALSE(test_roots->Contains(root_cert_1->os_cert_handle()));
EXPECT_FALSE(test_roots->Contains(root_cert_2->os_cert_handle()));
}
#endif
}