• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2021 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "net/cert/internal/trust_store_chrome.h"
6 
7 #include "base/containers/span.h"
8 #include "net/cert/x509_certificate.h"
9 #include "net/cert/x509_util.h"
10 #include "net/test/cert_test_util.h"
11 #include "net/test/test_data_directory.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13 #include "third_party/boringssl/src/pki/cert_errors.h"
14 #include "third_party/boringssl/src/pki/parsed_certificate.h"
15 
16 namespace net {
17 namespace {
18 
19 #include "net/data/ssl/chrome_root_store/chrome-root-store-test-data-inc.cc"
20 
ToParsedCertificate(const X509Certificate & cert)21 std::shared_ptr<const bssl::ParsedCertificate> ToParsedCertificate(
22     const X509Certificate& cert) {
23   bssl::CertErrors errors;
24   std::shared_ptr<const bssl::ParsedCertificate> parsed =
25       bssl::ParsedCertificate::Create(
26           bssl::UpRef(cert.cert_buffer()),
27           x509_util::DefaultParseCertificateOptions(), &errors);
28   EXPECT_TRUE(parsed) << errors.ToDebugString();
29   return parsed;
30 }
31 
TEST(TrustStoreChromeTestNoFixture,ContainsCert)32 TEST(TrustStoreChromeTestNoFixture, ContainsCert) {
33   std::unique_ptr<TrustStoreChrome> trust_store_chrome =
34       TrustStoreChrome::CreateTrustStoreForTesting(
35           base::span<const ChromeRootCertInfo>(kChromeRootCertList),
36           /*version=*/1);
37 
38   // Check every certificate in test_store.certs is included.
39   CertificateList certs = CreateCertificateListFromFile(
40       GetTestNetDataDirectory().AppendASCII("ssl/chrome_root_store"),
41       "test_store.certs", X509Certificate::FORMAT_PEM_CERT_SEQUENCE);
42   ASSERT_EQ(certs.size(), 2u);
43 
44   for (const auto& cert : certs) {
45     std::shared_ptr<const bssl::ParsedCertificate> parsed =
46         ToParsedCertificate(*cert);
47     ASSERT_TRUE(trust_store_chrome->Contains(parsed.get()));
48     bssl::CertificateTrust trust = trust_store_chrome->GetTrust(parsed.get());
49     EXPECT_EQ(bssl::CertificateTrust::ForTrustAnchor().ToDebugString(),
50               trust.ToDebugString());
51   }
52 
53   // Other certificates should not be included. Which test cert used here isn't
54   // important as long as it isn't one of the certificates in the
55   // chrome_root_store/test_store.certs.
56   scoped_refptr<X509Certificate> other_cert =
57       ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
58   ASSERT_TRUE(other_cert);
59   std::shared_ptr<const bssl::ParsedCertificate> other_parsed =
60       ToParsedCertificate(*other_cert);
61   ASSERT_FALSE(trust_store_chrome->Contains(other_parsed.get()));
62   bssl::CertificateTrust trust =
63       trust_store_chrome->GetTrust(other_parsed.get());
64   EXPECT_EQ(bssl::CertificateTrust::ForUnspecified().ToDebugString(),
65             trust.ToDebugString());
66 }
67 
68 }  // namespace
69 }  // namespace net
70