// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cert/nss_cert_database.h" #include <cert.h> #include <certdb.h> #include <pk11pub.h> #include <seccomon.h> #include <algorithm> #include <memory> #include <string> #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/functional/bind.h" #include "base/lazy_instance.h" #include "base/run_loop.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "base/test/test_future.h" #include "crypto/scoped_nss_types.h" #include "crypto/scoped_test_nss_db.h" #include "net/base/features.h" #include "net/base/hash_value.h" #include "net/base/net_errors.h" #include "net/cert/cert_database.h" #include "net/cert/cert_net_fetcher.h" #include "net/cert/cert_status_flags.h" #include "net/cert/cert_verify_proc.h" #include "net/cert/cert_verify_result.h" #include "net/cert/crl_set.h" #include "net/cert/ct_verifier.h" #include "net/cert/do_nothing_ct_verifier.h" #include "net/cert/mock_cert_verifier.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util_nss.h" #include "net/log/net_log_with_source.h" #include "net/test/cert_builder.h" #include "net/test/cert_test_util.h" #include "net/test/gtest_util.h" #include "net/test/test_data_directory.h" #include "net/test/test_with_task_environment.h" #include "net/third_party/mozilla_security_manager/nsNSSCertificateDB.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" ASCIIToUTF16; IsError; IsOk; namespace net { namespace { std::string GetSubjectCN(CERTCertificate* cert) { … } bool GetCertIsPerm(const CERTCertificate* cert) { … } const NSSCertDatabase::CertInfo* FindCertInfoForCert( const NSSCertDatabase::CertInfoList& cert_info_list, CERTCertificate* target_cert) { … } class MockCertDatabaseObserver : public CertDatabase::Observer { … }; class MockNSSCertDatabaseObserver : public NSSCertDatabase::Observer { … }; } // namespace class CertDatabaseNSSTest : public TestWithTaskEnvironment { … }; TEST_F(CertDatabaseNSSTest, ListCerts) { … } TEST_F(CertDatabaseNSSTest, ListCertsInfo) { … } TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { … } TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsExtractableAndExportAgain) { … } TEST_F(CertDatabaseNSSTest, ImportFromPKCS12Twice) { … } TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AsUnextractableAndExportAgain) { … } // Importing a PKCS#12 file with a certificate but no corresponding // private key should not mark an existing private key as unextractable. TEST_F(CertDatabaseNSSTest, ImportFromPKCS12OnlyMarkIncludedKey) { … } TEST_F(CertDatabaseNSSTest, ImportFromPKCS12InvalidFile) { … } TEST_F(CertDatabaseNSSTest, ImportFromPKCS12EmptyPassword) { … } TEST_F(CertDatabaseNSSTest, ImportFromPKCS12NullPassword) { … } TEST_F(CertDatabaseNSSTest, ImportCACert_SSLTrust) { … } TEST_F(CertDatabaseNSSTest, ImportCACert_EmailTrust) { … } TEST_F(CertDatabaseNSSTest, ImportCACert_ObjSignTrust) { … } TEST_F(CertDatabaseNSSTest, ImportCA_NotCACert) { … } TEST_F(CertDatabaseNSSTest, ImportCACertHierarchy) { … } TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyDupeRoot) { … } TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyUntrusted) { … } TEST_F(CertDatabaseNSSTest, ImportCACertHierarchyTree) { … } TEST_F(CertDatabaseNSSTest, ImportCACertNotHierarchy) { … } // Test importing a server cert + chain to the NSS DB with default trust. After // importing, all the certs should be found in the DB and should have default // trust flags. TEST_F(CertDatabaseNSSTest, ImportServerCert) { … } TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned) { … } TEST_F(CertDatabaseNSSTest, ImportServerCert_SelfSigned_Trusted) { … } TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert) { … } TEST_F(CertDatabaseNSSTest, ImportCaAndServerCert_DistrustServer) { … } TEST_F(CertDatabaseNSSTest, TrustIntermediateCa) { … } TEST_F(CertDatabaseNSSTest, TrustIntermediateCa2) { … } TEST_F(CertDatabaseNSSTest, TrustIntermediateCa3) { … } TEST_F(CertDatabaseNSSTest, TrustIntermediateCa4) { … } // Importing two certificates with the same issuer and subject common name, // but overall distinct subject names, should succeed and generate a unique // nickname for the second certificate. TEST_F(CertDatabaseNSSTest, ImportDuplicateCommonName) { … } } // namespace net
Codebase Browser
chromium