1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <cert.h>
#include <pk11pub.h>
#include "base/crypto/scoped_nss_types.h"
#include "base/file_path.h"
#include "base/file_util.h"
#include "base/nss_util.h"
#include "base/nss_util_internal.h"
#include "base/path_service.h"
#include "base/scoped_temp_dir.h"
#include "base/string_util.h"
#include "base/utf_string_conversions.h"
#include "net/base/cert_database.h"
#include "net/base/net_errors.h"
#include "net/base/x509_certificate.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace net {
namespace {
// Returns a FilePath object representing the src/net/data/ssl/certificates
// directory in the source tree.
FilePath GetTestCertsDirectory() {
FilePath certs_dir;
PathService::Get(base::DIR_SOURCE_ROOT, &certs_dir);
certs_dir = certs_dir.AppendASCII("net");
certs_dir = certs_dir.AppendASCII("data");
certs_dir = certs_dir.AppendASCII("ssl");
certs_dir = certs_dir.AppendASCII("certificates");
return certs_dir;
}
CertificateList ListCertsInSlot(PK11SlotInfo* slot) {
CertificateList result;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
!CERT_LIST_END(node, cert_list);
node = CERT_LIST_NEXT(node)) {
result.push_back(
X509Certificate::CreateFromHandle(
node->cert,
X509Certificate::SOURCE_LONE_CERT_IMPORT,
X509Certificate::OSCertHandles()));
}
CERT_DestroyCertList(cert_list);
return result;
}
std::string ReadTestFile(const std::string& name) {
std::string result;
FilePath cert_path = GetTestCertsDirectory().AppendASCII(name);
EXPECT_TRUE(file_util::ReadFileToString(cert_path, &result));
return result;
}
} // namespace
class CertDatabaseNSSTest : public testing::Test {
public:
virtual void SetUp() {
ASSERT_TRUE(temp_db_dir_.CreateUniqueTempDir());
ASSERT_TRUE(
base::OpenTestNSSDB(temp_db_dir_.path(), "CertDatabaseNSSTest db"));
slot_.reset(base::GetDefaultNSSKeySlot());
// Test db should be empty at start of test.
EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());
}
virtual void TearDown() {
base::CloseTestNSSDB();
}
protected:
base::ScopedPK11Slot slot_;
CertDatabase cert_db_;
private:
ScopedTempDir temp_db_dir_;
};
TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) {
std::string pkcs12_data = ReadTestFile("client.p12");
EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD,
cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16("")));
// Test db should still be empty.
EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());
}
TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AndExportAgain) {
std::string pkcs12_data = ReadTestFile("client.p12");
EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16("12345")));
CertificateList cert_list = ListCertsInSlot(slot_.get());
ASSERT_EQ(1U, cert_list.size());
scoped_refptr<X509Certificate> cert(cert_list[0]);
EXPECT_EQ("testusercert",
cert->subject().common_name);
// TODO(mattm): move export test to seperate test case?
std::string exported_data;
EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"),
&exported_data));
ASSERT_LT(0U, exported_data.size());
// TODO(mattm): further verification of exported data?
}
} // namespace net
|
