CertVerifierWithTrustAnchorsTest: test both CertVerifyProcChromeOS and...

CertVerifierWithTrustAnchorsTest: test both CertVerifyProcChromeOS and CertVerifyProcBuiltin(with SystemTrustStoreProviderChromeOS) Bug: 410574 Change-Id: I8f1eaa03c0c5497ab51b72dda4d96f75a53c5a78 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1836383 Commit-Queue: Matt Mueller <mattm@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Maks Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/master@{#703084}

CertVerifierWithTrustAnchorsTest: test both CertVerifyProcChromeOS and...
CertVerifierWithTrustAnchorsTest: test both CertVerifyProcChromeOS and CertVerifyProcBuiltin(with SystemTrustStoreProviderChromeOS) Bug: 410574 Change-Id: I8f1eaa03c0c5497ab51b72dda4d96f75a53c5a78 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1836383 Commit-Queue: Matt Mueller <mattm@chromium.org> Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Maks Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/master@{#703084}
954c9b69 · Matt Mueller · Commit Bot · 6bab015b · 954c9b69 · 954c9b69
Commit 954c9b69 authored Oct 04, 2019 by Matt Mueller Committed by Commit Bot Oct 04, 2019
2 changed files
--- a/services/network/cert_verifier_with_trust_anchors_unittest.cc
+++ b/services/network/cert_verifier_with_trust_anchors_unittest.cc
@@ -18,6 +18,7 @@
 #include "crypto/scoped_test_nss_chromeos_user.h"
 #include "net/base/test_completion_callback.h"
 #include "net/cert/cert_net_fetcher.h"
+#include "net/cert/cert_verify_proc_builtin.h"
 #include "net/cert/cert_verify_result.h"
 #include "net/cert/nss_cert_database_chromeos.h"
 #include "net/cert/x509_certificate.h"
@@ -26,11 +27,12 @@
 #include "net/test/cert_test_util.h"
 #include "net/test/test_data_directory.h"
 #include "services/network/cert_verify_proc_chromeos.h"
+#include "services/network/system_trust_store_provider_chromeos.h"
 #include "testing/gtest/include/gtest/gtest.h"
 namespace network {
-class CertVerifierWithTrustAnchorsTest : public testing::Test {
+class CertVerifierWithTrustAnchorsTest : public testing::TestWithParam<bool> {
 public:
  CertVerifierWithTrustAnchorsTest()
      : trust_anchor_used_(false),
@@ -53,8 +55,16 @@ class CertVerifierWithTrustAnchorsTest : public testing::Test {
        std::make_unique<CertVerifierWithTrustAnchors>(base::BindRepeating(
            &CertVerifierWithTrustAnchorsTest::OnTrustAnchorUsed,
            base::Unretained(this)));
-    cert_verify_proc_ = base::MakeRefCounted<network::CertVerifyProcChromeOS>(
+    if (GetParam()) {
-        crypto::GetPublicSlotForChromeOSUser(test_nss_user_.username_hash()));
+      cert_verify_proc_ = net::CreateCertVerifyProcBuiltin(
+          /*net_fetcher=*/nullptr,
+          std::make_unique<SystemTrustStoreProviderChromeOS>(
+              crypto::GetPublicSlotForChromeOSUser(
+                  test_nss_user_.username_hash())));
+    } else {
+      cert_verify_proc_ = base::MakeRefCounted<network::CertVerifyProcChromeOS>(
+          crypto::GetPublicSlotForChromeOSUser(test_nss_user_.username_hash()));
+    }
    cert_verifier_->InitializeOnIOThread(cert_verify_proc_);
    test_ca_cert_ = LoadCertificate("root_ca_cert.pem", net::CA_CERT);
@@ -135,7 +145,9 @@ class CertVerifierWithTrustAnchorsTest : public testing::Test {
  base::test::TaskEnvironment task_environment_;
 };
-TEST_F(CertVerifierWithTrustAnchorsTest, VerifyUntrustedCert) {
+INSTANTIATE_TEST_SUITE_P(, CertVerifierWithTrustAnchorsTest, testing::Bool());
+TEST_P(CertVerifierWithTrustAnchorsTest, VerifyUntrustedCert) {
  // |test_server_cert_| is untrusted, so Verify() fails.
  {
    net::CertVerifyResult verify_result;
@@ -163,7 +175,7 @@ TEST_F(CertVerifierWithTrustAnchorsTest, VerifyUntrustedCert) {
  EXPECT_FALSE(WasTrustAnchorUsedAndReset());
 }
-TEST_F(CertVerifierWithTrustAnchorsTest, VerifyTrustedCert) {
+TEST_P(CertVerifierWithTrustAnchorsTest, VerifyTrustedCert) {
  // Make the database trust |test_ca_cert_|.
  net::NSSCertDatabase::ImportCertFailureList failure_list;
  ASSERT_TRUE(test_cert_db_->ImportCACerts(
@@ -191,7 +203,7 @@ TEST_F(CertVerifierWithTrustAnchorsTest, VerifyTrustedCert) {
  EXPECT_FALSE(WasTrustAnchorUsedAndReset());
 }
-TEST_F(CertVerifierWithTrustAnchorsTest, VerifyUsingAdditionalTrustAnchor) {
+TEST_P(CertVerifierWithTrustAnchorsTest, VerifyUsingAdditionalTrustAnchor) {
  ASSERT_TRUE(SupportsAdditionalTrustAnchors());
  // |test_server_cert_| is untrusted, so Verify() fails.
@@ -259,7 +271,7 @@ TEST_F(CertVerifierWithTrustAnchorsTest, VerifyUsingAdditionalTrustAnchor) {
  EXPECT_FALSE(WasTrustAnchorUsedAndReset());
 }
-TEST_F(CertVerifierWithTrustAnchorsTest,
+TEST_P(CertVerifierWithTrustAnchorsTest,
       VerifyUsesAdditionalTrustAnchorsAfterConfigChange) {
  ASSERT_TRUE(SupportsAdditionalTrustAnchors());

--- a/services/network/system_trust_store_provider_chromeos.h
+++ b/services/network/system_trust_store_provider_chromeos.h
@@ -8,6 +8,7 @@
 #include <certt.h>
 #include <memory>
+#include "base/component_export.h"
 #include "base/macros.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/cert/cert_verify_proc_builtin.h"
@@ -22,7 +23,8 @@ namespace network {
 // A SystemTrustStoreProvider that supports creating SystemTrustStore instances
 // which will only consider user-imported certificates trusted if they are on a
 // specific NSS slot.
-class SystemTrustStoreProviderChromeOS : public net::SystemTrustStoreProvider {
+class COMPONENT_EXPORT(NETWORK_SERVICE) SystemTrustStoreProviderChromeOS
+    : public net::SystemTrustStoreProvider {
 public:
  // Creates a SystemTrustStoreProvider that will provide SystemTrustStore
  // instances which will not allow trusting user-imported certififcates.