diff options
author | Dana Keeler <dkeeler@mozilla.com> | 2020-07-06 22:58:25 +0000 |
---|---|---|
committer | Dana Keeler <dkeeler@mozilla.com> | 2020-07-06 22:58:25 +0000 |
commit | 6d465a872226c8241942ab5d0be7b71e718398c2 (patch) | |
tree | fab1f5d298197a2397fa44f8e63c328402eaf650 /gtests/pk11_gtest | |
parent | 05bb49902e5c2d18eb3dcf761ffb759737ef00ed (diff) | |
download | nss-hg-6d465a872226c8241942ab5d0be7b71e718398c2.tar.gz |
Bug 1649633 - add PK11_FindEncodedCertInSlot r=kjacobs,jcj
PK11_FindEncodedCertInSlot can be used to determine the PKCS#11 object handle
of an encoded certificate in a given slot. If the given certificate does not
exist in that slot, CK_INVALID_HANDLE is returned.
Differential Revision: https://phabricator.services.mozilla.com/D81924
Diffstat (limited to 'gtests/pk11_gtest')
-rw-r--r-- | gtests/pk11_gtest/pk11_find_certs_unittest.cc | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/gtests/pk11_gtest/pk11_find_certs_unittest.cc b/gtests/pk11_gtest/pk11_find_certs_unittest.cc index 5958b2367..40ed17c98 100644 --- a/gtests/pk11_gtest/pk11_find_certs_unittest.cc +++ b/gtests/pk11_gtest/pk11_find_certs_unittest.cc @@ -544,4 +544,53 @@ TEST_F(PK11GetCertsMatchingPrivateKeyTest, TestTwoCertsForKey) { CheckCertListForSubjects(certs, {"CN=test cert", "CN=unrelated subject DN"}); } +class PK11FindEncodedCertInSlotTest : public PK11FindCertsTestBase {}; + +TEST_F(PK11FindEncodedCertInSlotTest, TestFindEncodedCert) { + char cert_nickname[] = "Test Cert"; + SECItem cert_item = {siBuffer, + const_cast<unsigned char*>(kTestCert1DER.data()), + (unsigned int)kTestCert1DER.size()}; + ASSERT_EQ(PK11_ImportDERCert(m_slot, &cert_item, CK_INVALID_HANDLE, + cert_nickname, false), + SECSuccess); + + // This certificate was just imported, so finding it by its encoded value + // should succeed. + CK_OBJECT_HANDLE cert_handle_in_slot = + PK11_FindEncodedCertInSlot(m_slot, &cert_item, nullptr); + // CK_INVALID_HANDLE is #defined to be the literal 0, which the compiler + // interprets as a signed value, which then causes a warning-as-an-error + // about comparing values of different signs. + ASSERT_NE(cert_handle_in_slot, static_cast<CK_ULONG>(CK_INVALID_HANDLE)); + + // The certificate should not exist on the internal slot, so this should + // return CK_INVALID_HANDLE. + ScopedPK11SlotInfo internal_slot(PK11_GetInternalSlot()); + ASSERT_NE(internal_slot, nullptr); + CK_OBJECT_HANDLE cert_handle_in_internal_slot = + PK11_FindEncodedCertInSlot(internal_slot.get(), &cert_item, nullptr); + ASSERT_EQ(cert_handle_in_internal_slot, + static_cast<CK_ULONG>(CK_INVALID_HANDLE)); + + // The certificate should not exist on the internal key slot, so this should + // return CK_INVALID_HANDLE. + ScopedPK11SlotInfo internal_key_slot(PK11_GetInternalKeySlot()); + ASSERT_NE(internal_key_slot, nullptr); + CK_OBJECT_HANDLE cert_handle_in_internal_key_slot = + PK11_FindEncodedCertInSlot(internal_key_slot.get(), &cert_item, nullptr); + ASSERT_EQ(cert_handle_in_internal_key_slot, + static_cast<CK_ULONG>(CK_INVALID_HANDLE)); + + // This certificate hasn't been imported to any token, so looking for it + // should return CK_INVALID_HANDLE. + SECItem unknown_cert_item = {siBuffer, + const_cast<unsigned char*>(kTestCert2DER.data()), + (unsigned int)kTestCert2DER.size()}; + CK_OBJECT_HANDLE unknown_cert_handle_in_slot = + PK11_FindEncodedCertInSlot(m_slot, &unknown_cert_item, nullptr); + ASSERT_EQ(unknown_cert_handle_in_slot, + static_cast<CK_ULONG>(CK_INVALID_HANDLE)); +} + } // namespace nss_test |