Home | History | Annotate | Download | only in net 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/common/net/x509_certificate_model.h"
      6 
      7 #include "base/files/file_path.h"
      8 #include "base/path_service.h"
      9 #include "net/base/test_data_directory.h"
     10 #include "net/test/cert_test_util.h"
     11 #include "testing/gtest/include/gtest/gtest.h"
     12 
     13 #if defined(USE_NSS)
     14 #include "net/cert/nss_cert_database.h"
     15 #endif
     16 
     17 TEST(X509CertificateModelTest, GetTypeCA) {
     18   scoped_refptr<net::X509Certificate> cert(
     19       net::ImportCertFromFile(net::GetTestCertsDirectory(),
     20                               "root_ca_cert.pem"));
     21   ASSERT_TRUE(cert.get());
     22 
     23 #if defined(USE_OPENSSL)
     24   // Remove this when OpenSSL build implements the necessary functions.
     25   EXPECT_EQ(net::OTHER_CERT,
     26             x509_certificate_model::GetType(cert->os_cert_handle()));
     27 #else
     28   EXPECT_EQ(net::CA_CERT,
     29             x509_certificate_model::GetType(cert->os_cert_handle()));
     30 
     31   // Test that explicitly distrusted CA certs are still returned as CA_CERT
     32   // type. See http://crbug.com/96654.
     33   EXPECT_TRUE(net::NSSCertDatabase::GetInstance()->SetCertTrust(
     34       cert.get(), net::CA_CERT, net::NSSCertDatabase::DISTRUSTED_SSL));
     35 
     36   EXPECT_EQ(net::CA_CERT,
     37             x509_certificate_model::GetType(cert->os_cert_handle()));
     38 #endif
     39 }
     40 
     41 TEST(X509CertificateModelTest, GetTypeServer) {
     42   scoped_refptr<net::X509Certificate> cert(
     43       net::ImportCertFromFile(net::GetTestCertsDirectory(),
     44                               "google.single.der"));
     45   ASSERT_TRUE(cert.get());
     46 
     47 #if defined(USE_OPENSSL)
     48   // Remove this when OpenSSL build implements the necessary functions.
     49   EXPECT_EQ(net::OTHER_CERT,
     50             x509_certificate_model::GetType(cert->os_cert_handle()));
     51 #else
     52   // Test mozilla_security_manager::GetCertType with server certs and default
     53   // trust.  Currently this doesn't work.
     54   // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can
     55   // tell server certs even if they have no trust bits set.
     56   EXPECT_EQ(net::OTHER_CERT,
     57             x509_certificate_model::GetType(cert->os_cert_handle()));
     58 
     59   net::NSSCertDatabase* cert_db = net::NSSCertDatabase::GetInstance();
     60   // Test GetCertType with server certs and explicit trust.
     61   EXPECT_TRUE(cert_db->SetCertTrust(
     62       cert.get(), net::SERVER_CERT, net::NSSCertDatabase::TRUSTED_SSL));
     63 
     64   EXPECT_EQ(net::SERVER_CERT,
     65             x509_certificate_model::GetType(cert->os_cert_handle()));
     66 
     67   // Test GetCertType with server certs and explicit distrust.
     68   EXPECT_TRUE(cert_db->SetCertTrust(
     69       cert.get(), net::SERVER_CERT, net::NSSCertDatabase::DISTRUSTED_SSL));
     70 
     71   EXPECT_EQ(net::SERVER_CERT,
     72             x509_certificate_model::GetType(cert->os_cert_handle()));
     73 #endif
     74 }
     75 
     76 // An X.509 v1 certificate with the version field omitted should get
     77 // the default value v1.
     78 TEST(X509CertificateModelTest, GetVersionOmitted) {
     79   scoped_refptr<net::X509Certificate> cert(
     80       net::ImportCertFromFile(net::GetTestCertsDirectory(),
     81                               "ndn.ca.crt"));
     82   ASSERT_TRUE(cert.get());
     83 
     84   EXPECT_EQ("1", x509_certificate_model::GetVersion(cert->os_cert_handle()));
     85 }
     86