chrome/common/net/x509_certificate_model_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/common/net/x509_certificate_model.h"
   6
   7 #include "base/files/file_path.h"
   8 #include "base/path_service.h"
   9 #include "net/base/test_data_directory.h"
  10 #include "net/test/cert_test_util.h"
  11 #include "testing/gtest/include/gtest/gtest.h"
  12
  13 #if defined(USE_NSS)
  14 #include "net/cert/nss_cert_database.h"
  15 #endif
  16
  17 TEST(X509CertificateModelTest, GetTypeCA) {
  18   scoped_refptr<net::X509Certificate> cert(
  19       net::ImportCertFromFile(net::GetTestCertsDirectory(),
  20                               "root_ca_cert.pem"));
  21   ASSERT_TRUE(cert.get());
  22
  23 #if defined(USE_OPENSSL)
  24   // Remove this when OpenSSL build implements the necessary functions.
  25   EXPECT_EQ(net::OTHER_CERT,
  26             x509_certificate_model::GetType(cert->os_cert_handle()));
  27 #else
  28   EXPECT_EQ(net::CA_CERT,
  29             x509_certificate_model::GetType(cert->os_cert_handle()));
  30
  31   // Test that explicitly distrusted CA certs are still returned as CA_CERT
  32   // type. See http://crbug.com/96654.
  33   EXPECT_TRUE(net::NSSCertDatabase::GetInstance()->SetCertTrust(
  34       cert.get(), net::CA_CERT, net::NSSCertDatabase::DISTRUSTED_SSL));
  35
  36   EXPECT_EQ(net::CA_CERT,
  37             x509_certificate_model::GetType(cert->os_cert_handle()));
  38 #endif
  39 }
  40
  41 TEST(X509CertificateModelTest, GetTypeServer) {
  42   scoped_refptr<net::X509Certificate> cert(
  43       net::ImportCertFromFile(net::GetTestCertsDirectory(),
  44                               "google.single.der"));
  45   ASSERT_TRUE(cert.get());
  46
  47 #if defined(USE_OPENSSL)
  48   // Remove this when OpenSSL build implements the necessary functions.
  49   EXPECT_EQ(net::OTHER_CERT,
  50             x509_certificate_model::GetType(cert->os_cert_handle()));
  51 #else
  52   // Test mozilla_security_manager::GetCertType with server certs and default
  53   // trust.  Currently this doesn't work.
  54   // TODO(mattm): make mozilla_security_manager::GetCertType smarter so we can
  55   // tell server certs even if they have no trust bits set.
  56   EXPECT_EQ(net::OTHER_CERT,
  57             x509_certificate_model::GetType(cert->os_cert_handle()));
  58
  59   net::NSSCertDatabase* cert_db = net::NSSCertDatabase::GetInstance();
  60   // Test GetCertType with server certs and explicit trust.
  61   EXPECT_TRUE(cert_db->SetCertTrust(
  62       cert.get(), net::SERVER_CERT, net::NSSCertDatabase::TRUSTED_SSL));
  63
  64   EXPECT_EQ(net::SERVER_CERT,
  65             x509_certificate_model::GetType(cert->os_cert_handle()));
  66
  67   // Test GetCertType with server certs and explicit distrust.
  68   EXPECT_TRUE(cert_db->SetCertTrust(
  69       cert.get(), net::SERVER_CERT, net::NSSCertDatabase::DISTRUSTED_SSL));
  70
  71   EXPECT_EQ(net::SERVER_CERT,
  72             x509_certificate_model::GetType(cert->os_cert_handle()));
  73 #endif
  74 }
  75
  76 // An X.509 v1 certificate with the version field omitted should get
  77 // the default value v1.
  78 TEST(X509CertificateModelTest, GetVersionOmitted) {
  79   scoped_refptr<net::X509Certificate> cert(
  80       net::ImportCertFromFile(net::GetTestCertsDirectory(),
  81                               "ndn.ca.crt"));
  82   ASSERT_TRUE(cert.get());
  83
  84   EXPECT_EQ("1", x509_certificate_model::GetVersion(cert->os_cert_handle()));
  85 }