Skip to content

GitLab

T
tangled
Commit eee2c0f9 authored by mattm@chromium.org's avatar mattm@chromium.org
Browse files
Options

NSS cert database cleanups 

Use ScopedPK11Slot.
Move common test functionality into functions.
Move common test conditions into SetUp/TearDown.
Move common test variables into attributes of the test class.

BUG=19991
TEST=tests still pass

Review URL: http://codereview.chromium.org/3189014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56801 0039d316-1c4b-4281-b951-d872f2087c98
parent 6d2be86f
Hide whitespace changes
Inline Side-by-side
Showing with 48 additions and 50 deletions
net/base/cert_database_nss_unittest.cc
View file @ eee2c0f9
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
#include <cert.h> #include <cert.h>
#include <pk11pub.h> #include <pk11pub.h>
#include "base/crypto/scoped_nss_types.h"
#include "base/file_path.h" #include "base/file_path.h"
#include "base/file_util.h" #include "base/file_util.h"
#include "base/nss_util.h" #include "base/nss_util.h"
...@@ -34,8 +35,30 @@ FilePath GetTestCertsDirectory() { ...@@ -34,8 +35,30 @@ FilePath GetTestCertsDirectory() {
return certs_dir; return certs_dir;
} }
} // namespace CertificateList ListCertsInSlot(PK11SlotInfo* slot) {
CertificateList result;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
!CERT_LIST_END(node, cert_list);
node = CERT_LIST_NEXT(node)) {
result.push_back(
X509Certificate::CreateFromHandle(
node->cert,
X509Certificate::SOURCE_LONE_CERT_IMPORT,
X509Certificate::OSCertHandles()));
}
CERT_DestroyCertList(cert_list);
return result;
}
std::string ReadTestFile(const std::string& name) {
std::string result;
FilePath cert_path = GetTestCertsDirectory().AppendASCII(name);
EXPECT_TRUE(file_util::ReadFileToString(cert_path, &result));
return result;
}
} // namespace
class CertDatabaseNSSTest : public testing::Test { class CertDatabaseNSSTest : public testing::Test {
public: public:
...@@ -43,75 +66,51 @@ class CertDatabaseNSSTest : public testing::Test { ...@@ -43,75 +66,51 @@ class CertDatabaseNSSTest : public testing::Test {
ASSERT_TRUE(temp_db_dir_.CreateUniqueTempDir()); ASSERT_TRUE(temp_db_dir_.CreateUniqueTempDir());
ASSERT_TRUE( ASSERT_TRUE(
base::OpenTestNSSDB(temp_db_dir_.path(), "CertDatabaseNSSTest db")); base::OpenTestNSSDB(temp_db_dir_.path(), "CertDatabaseNSSTest db"));
slot_.reset(base::GetDefaultNSSKeySlot());
// Test db should be empty at start of test.
EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());
} }
virtual void TearDown() { virtual void TearDown() {
base::CloseTestNSSDB(); base::CloseTestNSSDB();
} }
protected:
base::ScopedPK11Slot slot_;
CertDatabase cert_db_;
private: private:
ScopedTempDir temp_db_dir_; ScopedTempDir temp_db_dir_;
}; };
TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) { TEST_F(CertDatabaseNSSTest, ImportFromPKCS12WrongPassword) {
PK11SlotInfo* slot = base::GetDefaultNSSKeySlot(); std::string pkcs12_data = ReadTestFile("client.p12");
CertDatabase cert_db;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
// Test db should be empty at start of test.
EXPECT_TRUE(CERT_LIST_END(CERT_LIST_HEAD(cert_list), cert_list));
CERT_DestroyCertList(cert_list);
FilePath cert_path = GetTestCertsDirectory().AppendASCII("client.p12");
std::string cert_data;
ASSERT_TRUE(file_util::ReadFileToString(cert_path, &cert_data));
EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD, EXPECT_EQ(ERR_PKCS12_IMPORT_BAD_PASSWORD,
cert_db.ImportFromPKCS12(cert_data, ASCIIToUTF16(""))); cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16("")));
cert_list = PK11_ListCertsInSlot(slot);
// Test db should still be empty. // Test db should still be empty.
EXPECT_TRUE(CERT_LIST_END(CERT_LIST_HEAD(cert_list), cert_list)); EXPECT_EQ(0U, ListCertsInSlot(slot_.get()).size());
CERT_DestroyCertList(cert_list);
PK11_FreeSlot(slot);
} }
TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AndExportAgain) { TEST_F(CertDatabaseNSSTest, ImportFromPKCS12AndExportAgain) {
PK11SlotInfo* slot = base::GetDefaultNSSKeySlot(); std::string pkcs12_data = ReadTestFile("client.p12");
CertDatabase cert_db;
CERTCertList* cert_list = PK11_ListCertsInSlot(slot); EXPECT_EQ(OK, cert_db_.ImportFromPKCS12(pkcs12_data, ASCIIToUTF16("12345")));
// Test db should be empty at start of test.
EXPECT_TRUE(CERT_LIST_END(CERT_LIST_HEAD(cert_list), cert_list));
CERT_DestroyCertList(cert_list);
FilePath cert_path = GetTestCertsDirectory().AppendASCII("client.p12"); CertificateList cert_list = ListCertsInSlot(slot_.get());
std::string cert_data; ASSERT_EQ(1U, cert_list.size());
ASSERT_TRUE(file_util::ReadFileToString(cert_path, &cert_data)); scoped_refptr<X509Certificate> cert(cert_list[0]);
EXPECT_EQ(OK, cert_db.ImportFromPKCS12(cert_data, ASCIIToUTF16("12345")));
cert_list = PK11_ListCertsInSlot(slot);
// Test db should be empty at start of test.
ASSERT_FALSE(CERT_LIST_END(CERT_LIST_HEAD(cert_list), cert_list));
scoped_refptr<X509Certificate> cert(
X509Certificate::CreateFromHandle(
CERT_LIST_HEAD(cert_list)->cert,
X509Certificate::SOURCE_LONE_CERT_IMPORT,
X509Certificate::OSCertHandles()));
CERT_DestroyCertList(cert_list);
EXPECT_EQ("testusercert", EXPECT_EQ("testusercert",
cert->subject().common_name); cert->subject().common_name);
// TODO(mattm): move export test to seperate test case? // TODO(mattm): move export test to seperate test case?
CertificateList certs;
certs.push_back(cert);
std::string exported_data; std::string exported_data;
EXPECT_EQ(1, cert_db.ExportToPKCS12(certs, ASCIIToUTF16("exportpw"), EXPECT_EQ(1, cert_db_.ExportToPKCS12(cert_list, ASCIIToUTF16("exportpw"),
&exported_data)); &exported_data));
ASSERT_LT(0U, exported_data.size()); ASSERT_LT(0U, exported_data.size());
// TODO(mattm): further verification of exported data? // TODO(mattm): further verification of exported data?
PK11_FreeSlot(slot);
} }
} // namespace net } // namespace net
net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp
View file @ eee2c0f9
...@@ -42,6 +42,7 @@ ...@@ -42,6 +42,7 @@
#include <p12plcy.h> #include <p12plcy.h>
#include <secerr.h> #include <secerr.h>
#include "base/crypto/scoped_nss_types.h"
#include "base/logging.h" #include "base/logging.h"
#include "base/nss_util_internal.h" #include "base/nss_util_internal.h"
#include "base/string_util.h" #include "base/string_util.h"
...@@ -260,14 +261,14 @@ void EnsurePKCS12Init() { ...@@ -260,14 +261,14 @@ void EnsurePKCS12Init() {
int nsPKCS12Blob_Import(const char* pkcs12_data, int nsPKCS12Blob_Import(const char* pkcs12_data,
size_t pkcs12_len, size_t pkcs12_len,
const string16& password) { const string16& password) {
PK11SlotInfo *slot = base::GetDefaultNSSKeySlot(); base::ScopedPK11Slot slot(base::GetDefaultNSSKeySlot());
if (!slot) { if (!slot.get()) {
LOG(ERROR) << "Couldn't get Internal key slot!"; LOG(ERROR) << "Couldn't get Internal key slot!";
return net::ERR_PKCS12_IMPORT_FAILED; return net::ERR_PKCS12_IMPORT_FAILED;
} }
int rv = nsPKCS12Blob_ImportHelper(pkcs12_data, pkcs12_len, password, false, int rv = nsPKCS12Blob_ImportHelper(pkcs12_data, pkcs12_len, password, false,
slot); slot.get());
// When the user entered a zero length password: // When the user entered a zero length password:
// An empty password should be represented as an empty // An empty password should be represented as an empty
...@@ -278,10 +279,8 @@ int nsPKCS12Blob_Import(const char* pkcs12_data, ...@@ -278,10 +279,8 @@ int nsPKCS12Blob_Import(const char* pkcs12_data,
// without giving a user prompt when trying the different empty password flavors. // without giving a user prompt when trying the different empty password flavors.
if (rv == net::ERR_PKCS12_IMPORT_BAD_PASSWORD && password.size() == 0) { if (rv == net::ERR_PKCS12_IMPORT_BAD_PASSWORD && password.size() == 0) {
rv = nsPKCS12Blob_ImportHelper(pkcs12_data, pkcs12_len, password, true, rv = nsPKCS12Blob_ImportHelper(pkcs12_data, pkcs12_len, password, true,
slot); slot.get());
} }
PK11_FreeSlot(slot);
return rv; return rv;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment