Bug 1317657 - Test for multiple certificates. r=mt

Reviewers: mt Differential Revision: https://nss-review.dev.mozaws.net/D65
author: EKR <ekr@rtfm.com> 2016-11-15 15:23:54 +0900
committer: EKR <ekr@rtfm.com> 2016-11-15 15:23:54 +0900
commit: f2e85a519a8ccdaf3267c40dad5d96a737711959 (patch)
tree: 67b8b30fee6d03f3cd9e72b93a0923ba1abc4578 /gtests
parent: 9b1b9cbf7bc45a4a648bd807ebd5e10647a26975 (diff)
download: nss-hg-f2e85a519a8ccdaf3267c40dad5d96a737711959.tar.gz
4 files changed, 34 insertions, 0 deletions
diff --git a/gtests/common/scoped_ptrs.h b/gtests/common/scoped_ptrs.h
index a4272153d..81f23272d 100644
--- a/gtests/common/scoped_ptrs.h
+++ b/gtests/common/scoped_ptrs.h
@@ -16,6 +16,7 @@ namespace nss_test {
 
 struct ScopedDelete {
   void operator()(CERTCertificate* cert) { CERT_DestroyCertificate(cert); }
+  void operator()(CERTCertificateList* list) { CERT_DestroyCertificateList(list); }
   void operator()(CERTSubjectPublicKeyInfo* spki) {
     SECKEY_DestroySubjectPublicKeyInfo(spki);
   }
@@ -40,6 +41,7 @@ struct ScopedMaybeDelete {
 #define SCOPED(x) typedef std::unique_ptr<x, ScopedMaybeDelete<x> > Scoped##x
 
 SCOPED(CERTCertificate);
+SCOPED(CERTCertificateList);
 SCOPED(CERTSubjectPublicKeyInfo);
 SCOPED(PK11SlotInfo);
 SCOPED(PK11SymKey);
diff --git a/gtests/ssl_gtest/ssl_auth_unittest.cc b/gtests/ssl_gtest/ssl_auth_unittest.cc
index 5f3575307..e407d5550 100644
--- a/gtests/ssl_gtest/ssl_auth_unittest.cc
+++ b/gtests/ssl_gtest/ssl_auth_unittest.cc
@@ -28,6 +28,15 @@ TEST_P(TlsConnectGeneric, ServerAuthBigRsa) {
   CheckKeys();
 }
 
+TEST_P(TlsConnectGeneric, ServerAuthRsaChain) {
+  Reset(TlsAgent::kServerRsaChain);
+  Connect();
+  CheckKeys();
+  size_t chain_length;
+  EXPECT_TRUE(client_->GetPeerChainLength(&chain_length));
+  EXPECT_EQ(2UL, chain_length);
+}
+
 TEST_P(TlsConnectGeneric, ClientAuth) {
   client_->SetupClientAuth();
   server_->RequestClientAuth(true);
diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc
index 73e57d850..edcfd8daf 100644
--- a/gtests/ssl_gtest/tls_agent.cc
+++ b/gtests/ssl_gtest/tls_agent.cc
@@ -35,6 +35,7 @@ const std::string TlsAgent::kServerRsa = "rsa";    // both sign and encrypt
 const std::string TlsAgent::kServerRsaSign = "rsa_sign";
 const std::string TlsAgent::kServerRsaPss = "rsa_pss";
 const std::string TlsAgent::kServerRsaDecrypt = "rsa_decrypt";
+const std::string TlsAgent::kServerRsaChain = "rsa_chain";
 const std::string TlsAgent::kServerEcdsa256 = "ecdsa256";
 const std::string TlsAgent::kServerEcdsa384 = "ecdsa384";
 const std::string TlsAgent::kServerEcdsa521 = "ecdsa521";
@@ -201,6 +202,25 @@ SECStatus TlsAgent::GetClientAuthDataHook(void* self, PRFileDesc* fd,
   return SECFailure;
 }
 
+bool TlsAgent::GetPeerChainLength(size_t* count) {
+  CERTCertList *chain = SSL_PeerCertificateChain(ssl_fd_);
+  if (!chain)
+    return false;
+  *count = 0;
+
+  for (PRCList *cursor = PR_NEXT_LINK(&chain->list);
+       cursor != &chain->list;
+       cursor = PR_NEXT_LINK(cursor)) {
+    CERTCertListNode *node = (CERTCertListNode *)cursor;
+    std::cerr << node->cert->subjectName << std::endl;
+    ++(*count);
+  }
+
+  CERT_DestroyCertList(chain);
+
+  return true;
+}
+
 void TlsAgent::RequestClientAuth(bool requireAuth) {
   EXPECT_TRUE(EnsureTlsSetup());
   ASSERT_EQ(SERVER, role_);
diff --git a/gtests/ssl_gtest/tls_agent.h b/gtests/ssl_gtest/tls_agent.h
index e4d785bec..b245a9216 100644
--- a/gtests/ssl_gtest/tls_agent.h
+++ b/gtests/ssl_gtest/tls_agent.h
@@ -62,6 +62,7 @@ class TlsAgent : public PollTarget {
   static const std::string kServerRsaSign;
   static const std::string kServerRsaPss;
   static const std::string kServerRsaDecrypt;
+  static const std::string kServerRsaChain;  // A cert that requires a chain.
   static const std::string kServerEcdsa256;
   static const std::string kServerEcdsa384;
   static const std::string kServerEcdsa521;
@@ -108,6 +109,7 @@ class TlsAgent : public PollTarget {
   void StartRenegotiate();
   bool ConfigServerCert(const std::string& name, bool updateKeyBits = false,
                         const SSLExtraServerCertData* serverCertData = nullptr);
+  bool ConfigServerCertWithChain(const std::string& name);
   bool EnsureTlsSetup(PRFileDesc* modelSocket = nullptr);
 
   void SetupClientAuth();
@@ -151,6 +153,7 @@ class TlsAgent : public PollTarget {
   void CheckSecretsDestroyed();
   void ConfigNamedGroups(const std::vector<SSLNamedGroup>& groups);
   void DisableECDHEServerKeyReuse();
+  bool GetPeerChainLength(size_t* count);
 
   const std::string& name() const { return name_; }
author	EKR <ekr@rtfm.com>	2016-11-15 15:23:54 +0900
committer	EKR <ekr@rtfm.com>	2016-11-15 15:23:54 +0900
commit	f2e85a519a8ccdaf3267c40dad5d96a737711959 (patch)
tree	67b8b30fee6d03f3cd9e72b93a0923ba1abc4578 /gtests
parent	9b1b9cbf7bc45a4a648bd807ebd5e10647a26975 (diff)
download	nss-hg-f2e85a519a8ccdaf3267c40dad5d96a737711959.tar.gz