DEV-34822 - merge with 1.23

certificate notification code -r 118191 ignore-dead-branch
author: Roxanne Skelly <roxie@lindenlab.com> 2009-07-08 00:45:17 +0000
committer: Roxanne Skelly <roxie@lindenlab.com> 2009-07-08 00:45:17 +0000
commit: 9e89819d55a3b6ee7fc56f3efb36f273e4e05c83 (patch)
tree: 1585010af9cafd82202c22ef9cb0db4967c74394 /indra/newview/tests
parent: fe71dd340ab396b93bde45df438041af5d85fd47 (diff)
3 files changed, 884 insertions, 153 deletions
diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp
new file mode 100644
index 0000000000..22bc47b6d3
--- /dev/null
+++ b/indra/newview/tests/llsecapi_test.cpp
@@ -0,0 +1,188 @@
+/** 
+ * @file llsecapi_test.cpp
+ * @author Roxie
+ * @date 2009-02-10
+ * @brief Test the sec api functionality
+ *
+ * $LicenseInfo:firstyear=2009&license=viewergpl$
+ * 
+ * Copyright (c) 2009, Linden Research, Inc.
+ * 
+ * Second Life Viewer Source Code
+ * The source code in this file ("Source Code") is provided by Linden LregisterSecAPIab
+ * to you under the terms of the GNU General Public License, version 2.0
+ * ("GPL"), unless you have obtained a separate licensing agreement
+ * ("Other License"), formally executed by you and Linden Lab.  Terms of
+ * the GPL can be found in doc/GPL-license.txt in this distribution, or
+ * online at http://secondlifegrid.net/programs/open_source/licensing/gplv2
+ * 
+ * There are special exceptions to the terms and conditions of the GPL as
+ * it is applied to this Source Code. View the full text of the exception
+ * in the file doc/FLOSS-exception.txt in this software distribution, or
+ * online at
+ * http://secondlifegrid.net/programs/open_source/licensing/flossexception
+ * 
+ * By copying, modifying or distributing this software, you acknowledge
+ * that you have read and understood your obligations described above,
+ * and agree to abide by those obligations.
+ * 
+ * ALL LINDEN LAB SOURCE CODE IS PROVIDED "AS IS." LINDEN LAB MAKES NO
+ * WARRANTIES, EXPRESS, IMPLIED OR OTHERWISE, REGARDING ITS ACCURACY,
+ * COMPLETENESS OR PERFORMANCE.
+ * $/LicenseInfo$
+ */
+#include "../llviewerprecompiledheaders.h"
+#include "../llviewernetwork.h"
+#include "../test/lltut.h"
+#include "../llsecapi.h"
+#include "../../llxml/llcontrol.h"
+
+
+//----------------------------------------------------------------------------               
+// Mock objects for the dependencies of the code we're testing                               
+
+LLControlGroup::LLControlGroup(const std::string& name)
+: LLInstanceTracker<LLControlGroup, std::string>(name) {}
+LLControlGroup::~LLControlGroup() {}
+BOOL LLControlGroup::declareString(const std::string& name,
+                                   const std::string& initial_val,
+                                   const std::string& comment,
+                                   BOOL persist) {return TRUE;}
+void LLControlGroup::setString(const std::string& name, const std::string& val){}
+std::string LLControlGroup::getString(const std::string& name)
+{
+	return "";
+}
+
+
+LLControlGroup gSavedSettings("test");
+class LLSecAPIBasicHandler : public LLSecAPIHandler
+{
+protected:
+	LLPointer<LLCertificateChain> mCertChain;
+	LLPointer<LLCertificate> mCert;
+	LLPointer<LLCertificateStore> mCertStore;
+	LLSD mLLSD;
+	
+public:
+	LLSecAPIBasicHandler() {}
+	
+	virtual ~LLSecAPIBasicHandler() {}
+	
+	// instantiate a certificate from a pem string
+	virtual LLPointer<LLCertificate> getCertificate(const std::string& pem_cert) 
+	{ 
+		return mCert; 
+	}
+	
+	
+	// instiate a certificate from an openssl X509 structure
+	virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert) 
+	{	
+		return mCert; 
+	}
+	
+	
+	// instantiate a chain from an X509_STORE_CTX
+	virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain) 
+	{ 
+		return mCertChain; 
+	}
+	
+	// instantiate a cert store given it's id.  if a persisted version
+	// exists, it'll be loaded.  If not, one will be created (but not
+	// persisted)
+	virtual LLPointer<LLCertificateStore> getCertificateStore(const std::string& store_id) 
+	{ 
+		return mCertStore; 
+	}
+	
+	// persist data in a protected store
+	virtual void setProtectedData(const std::string& data_type,
+								  const std::string& data_id,
+								  const LLSD& data) {}
+	
+	// retrieve protected data
+	virtual LLSD getProtectedData(const std::string& data_type,
+								  const std::string& data_id) 
+	{ 
+		return mLLSD;
+	}
+	
+	virtual void deleteProtectedData(const std::string& data_type,
+									 const std::string& data_id)
+	{
+	}
+	
+	virtual LLPointer<LLCredential> createCredential(const std::string& grid,
+													 const LLSD& identifier, 
+													 const LLSD& authenticator)
+	{
+		LLPointer<LLCredential> cred = NULL;
+		return cred;
+	}
+	
+	virtual LLPointer<LLCredential> loadCredential(const std::string& grid)
+	{
+		LLPointer<LLCredential> cred = NULL;
+		return cred;
+	}
+	
+	virtual void saveCredential(LLPointer<LLCredential> cred, bool save_authenticator) {}
+	
+	virtual void deleteCredential(LLPointer<LLCredential> cred) {}
+};
+
+// -------------------------------------------------------------------------------------------
+// TUT
+// -------------------------------------------------------------------------------------------
+namespace tut
+{
+	// Test wrapper declaration : wrapping nothing for the moment
+	struct secapiTest
+	{
+		
+		secapiTest()
+		{
+		}
+		~secapiTest()
+		{
+		}
+	};
+	
+	// Tut templating thingamagic: test group, object and test instance
+	typedef test_group<secapiTest> secapiTestFactory;
+	typedef secapiTestFactory::object secapiTestObject;
+	tut::secapiTestFactory tut_test("llsecapi");
+	
+	// ---------------------------------------------------------------------------------------
+	// Test functions 
+	// ---------------------------------------------------------------------------------------
+	// registration
+	template<> template<>
+	void secapiTestObject::test<1>()
+	{
+		// retrieve an unknown handler
+
+		ensure("'Unknown' handler should be NULL", !(BOOL)getSecHandler("unknown"));
+		LLPointer<LLSecAPIHandler> test1_handler =  new LLSecAPIBasicHandler();
+		registerSecHandler("sectest1", test1_handler);
+		ensure("'Unknown' handler should be NULL", !(BOOL)getSecHandler("unknown"));
+		LLPointer<LLSecAPIHandler> retrieved_test1_handler = getSecHandler("sectest1");
+		ensure("Retrieved sectest1 handler should be the same", 
+			   retrieved_test1_handler == test1_handler);
+		
+		// insert a second handler
+		LLPointer<LLSecAPIHandler> test2_handler =  new LLSecAPIBasicHandler();
+		registerSecHandler("sectest2", test2_handler);
+		ensure("'Unknown' handler should be NULL", !(BOOL)getSecHandler("unknown"));
+		retrieved_test1_handler = getSecHandler("sectest1");
+		ensure("Retrieved sectest1 handler should be the same", 
+			   retrieved_test1_handler == test1_handler);
+
+		LLPointer<LLSecAPIHandler> retrieved_test2_handler = getSecHandler("sectest2");
+		ensure("Retrieved sectest1 handler should be the same", 
+			   retrieved_test2_handler == test2_handler);
+		
+	}
+}
+\ No newline at end of file
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index a5554d55a5..f52ebc198d 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -44,9 +44,60 @@
 #include <ios>
 #include <llsdserialize.h>
 #include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
 #include "llxorcipher.h"
 
-LLControlGroup gSavedSettings;
+#define ensure_throws(str, exc_type, cert, func, ...) \
+try \
+{ \
+func(__VA_ARGS__); \
+fail("throws, " str); \
+} \
+catch(exc_type& except) \
+{ \
+ensure("Exception cert is incorrect for " str, except.getCert() == cert); \
+}
+
+extern bool _cert_hostname_wildcard_match(const std::string& hostname, const std::string& wildcard_string);
+
+//----------------------------------------------------------------------------               
+// Mock objects for the dependencies of the code we're testing                               
+
+std::string gFirstName;
+std::string gLastName;
+LLControlGroup::LLControlGroup(const std::string& name)
+: LLInstanceTracker<LLControlGroup, std::string>(name) {}
+LLControlGroup::~LLControlGroup() {}
+BOOL LLControlGroup::declareString(const std::string& name,
+                                   const std::string& initial_val,
+                                   const std::string& comment,
+                                   BOOL persist) {return TRUE;}
+void LLControlGroup::setString(const std::string& name, const std::string& val){}
+std::string LLControlGroup::getString(const std::string& name)
+{
+
+	if (name == "FirstName")
+		return gFirstName;
+	else if (name == "LastName")
+		return gLastName;
+	return "";
+}
+
+LLSD LLCredential::getLoginParams()
+{
+	LLSD result = LLSD::emptyMap();
+	
+	// legacy credential
+	result["passwd"] = "$1$testpasssd";
+	result["first"] = "myfirst";
+	result["last"] ="mylast";
+	return result;
+}
+
+
+
+LLControlGroup gSavedSettings("test");
 unsigned char gMACAddress[MAC_ADDRESS_BYTES] = {77,21,46,31,89,2};
 
 // -------------------------------------------------------------------------------------------
@@ -57,44 +108,91 @@ namespace tut
 	// Test wrapper declaration : wrapping nothing for the moment
 	struct sechandler_basic_test
 	{
-		std::string mPemTestCert;
+		std::string mPemTestCert, mPemRootCert, mPemIntermediateCert, mPemChildCert;
 		std::string mDerFormat;
-		X509 *mX509TestCert;
-		LLBasicCertificate* mTestCert;
+		X509 *mX509TestCert, *mX509RootCert, *mX509IntermediateCert, *mX509ChildCert;
 
 		sechandler_basic_test()
 		{
+			OpenSSL_add_all_algorithms();
+			OpenSSL_add_all_ciphers();
+			OpenSSL_add_all_digests();	
+			ERR_load_crypto_strings();
+			gFirstName = "";
+			gLastName = "";
 			LLFile::remove("test_password.dat");
 			LLFile::remove("sechandler_settings.tmp");			
 			mPemTestCert = "-----BEGIN CERTIFICATE-----\n"
-"MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx\n"
-"EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h\n"
-"bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJy\n"
-"YXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UEAxMoQXV0b3JpZGFkZSBDZXJ0aWZp\n"
-"Y2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4MDBaFw0xMTExMzAy\n"
-"MzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9MDsG\n"
-"A1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3Jt\n"
-"YWNhbyAtIElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYD\n"
-"VQQDEyhBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIB\n"
-"IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVA\n"
-"isamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma/3pUpgcfNAj0vYm5gsyj\n"
-"Qo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt4CyNrY50\n"
-"QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYt\n"
-"bRhFboUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbUR\n"
-"yEeNvZneVRKAAU6ouwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwID\n"
-"AQABo4HSMIHPME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0\n"
-"cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYwPQYDVR0f\n"
-"BDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0xDUmFj\n"
-"cmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB\n"
-"/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1\n"
-"U/hgIh6OcgLAfiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGl\n"
-"YjJe+9zd+izPRbBqXPVQA34EXcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75Fos\n"
-"SzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQfS//JYeIc7Fue2JNLd00UOSMMaiK/\n"
-"t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr1ME7a55lFEnSeT0u\n"
-"mlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5nmPb\n"
-"K+9A46sd33oqK8n8\n"
-"-----END CERTIFICATE-----\n"
-"";
+				"MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx\n"
+				"EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h\n"
+				"bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJy\n"
+				"YXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UEAxMoQXV0b3JpZGFkZSBDZXJ0aWZp\n"
+				"Y2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4MDBaFw0xMTExMzAy\n"
+				"MzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9MDsG\n"
+				"A1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3Jt\n"
+				"YWNhbyAtIElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYD\n"
+				"VQQDEyhBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIB\n"
+				"IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVA\n"
+				"isamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma/3pUpgcfNAj0vYm5gsyj\n"
+				"Qo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt4CyNrY50\n"
+				"QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYt\n"
+				"bRhFboUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbUR\n"
+				"yEeNvZneVRKAAU6ouwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwID\n"
+				"AQABo4HSMIHPME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0\n"
+				"cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYwPQYDVR0f\n"
+				"BDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0xDUmFj\n"
+				"cmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB\n"
+				"/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1\n"
+				"U/hgIh6OcgLAfiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGl\n"
+				"YjJe+9zd+izPRbBqXPVQA34EXcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75Fos\n"
+				"SzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQfS//JYeIc7Fue2JNLd00UOSMMaiK/\n"
+				"t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr1ME7a55lFEnSeT0u\n"
+				"mlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5nmPb\n"
+				"K+9A46sd33oqK8n8\n"
+				"-----END CERTIFICATE-----\n";
+
+			mPemRootCert = "-----BEGIN CERTIFICATE-----\n"
+			"MIIB0TCCATqgAwIBAgIJANaTqrzEvHaRMA0GCSqGSIb3DQEBBAUAMBsxGTAXBgNV\n"
+			"BAMTEFJveGllcyB0ZXN0IHJvb3QwHhcNMDkwNDE1MjEwNzQ3WhcNMTAwNDE1MjEw\n"
+			"NzQ3WjAbMRkwFwYDVQQDExBSb3hpZXMgdGVzdCByb290MIGfMA0GCSqGSIb3DQEB\n"
+			"AQUAA4GNADCBiQKBgQCpo5nDW6RNz9IHUVZd7Tw2XAQiBniDF4xH0N1w7sUYTiFq\n"
+			"21mABsnOPJD3ra+MtOsXPHcaljm661JjTD8L40v5sfEbqDUPcOw76ClrPqnuAeyT\n"
+			"38qk8DHku/mT8YdprevGZdVcUXQg3vosVzOL93HOOHK+u61mEEoM9W5xoNVEdQID\n"
+			"AQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQF\n"
+			"AAOBgQAzn0aW/+zWPmcTbvxonyiYYUr9b4SOB/quhAkT8KT4ir1dcZAXRR59+kEn\n"
+			"HSTu1FAodV0gvESqyobftF5hZ1XMxdJqGu//xP+YCwlv244G/0pp7KLI8ihNO2+N\n"
+			"lPBUJgbo++ZkhiE1jotZi9Ay0Oedh3s/AfbMZPyfpJ23ll6+BA==\n"
+			"-----END CERTIFICATE-----\n";
+			
+			
+			
+			mPemIntermediateCert = "-----BEGIN CERTIFICATE-----\n"
+			"MIIBzzCCATigAwIBAgIBATANBgkqhkiG9w0BAQQFADAbMRkwFwYDVQQDExBSb3hp\n"
+			"ZXMgdGVzdCByb290MB4XDTA5MDQxNTIxMzE1NloXDTEwMDQxNTIxMzE1NlowITEf\n"
+			"MB0GA1UEAxMWUm94aWVzIGludGVybWVkaWF0ZSBDQTCBnzANBgkqhkiG9w0BAQEF\n"
+			"AAOBjQAwgYkCgYEA15MM0W1R37rx/24Q2Qkb5bSiQZxTUcQAhJ2pA8mwUucXuCVt\n"
+			"6ayI2TuN32nkjmsCgUkiT/bdXWp0OJo7/MXRIFeUNMCRxrpeFnxuigYEqbIXAdN6\n"
+			"qu/vdG2X4PRv/v9Ijrju4cBEiKIldIgOurWEIfXEsVSFP2XmFQHesF04qDcCAwEA\n"
+			"AaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEEBQAD\n"
+			"gYEAYljikYgak3W1jSo0vYthNHUy3lBVAKzDhpM96lY5OuXFslpCRX42zNL8X3kN\n"
+			"U/4IaJUVtZqx8WsUXl1eXHzBCaXCftapV4Ir6cENLIsXCdXs8paFYzN5nPJA5GYU\n"
+			"zWgkSEl1MEhNIc+bJW34vwi29EjrAShAhsIZ84Mt/lvD3Pc=\n"
+			"-----END CERTIFICATE-----\n";
+			
+			mPemChildCert = "-----BEGIN CERTIFICATE-----\n"
+			"MIIB5DCCAU0CBEnm9eUwDQYJKoZIhvcNAQEEBQAwITEfMB0GA1UEAxMWUm94aWVz\n"
+			"IGludGVybWVkaWF0ZSBDQTAeFw0wOTA0MTYwMDAzNDlaFw0xMDA0MTYwMDAzNDla\n"
+			"MCAxHjAcBgNVBAMTFWVuaWFjNjMubGluZGVubGFiLmNvbTCBnzANBgkqhkiG9w0B\n"
+			"AQEFAAOBjQAwgYkCgYEAp9I5rofEzbjNht+9QejfnsIlEPqSxskoWKCG255TesWR\n"
+			"RTmw9wafHQQkJk/VIsaU4RMBYHkknGbHX2dGvMHmKZoWUPSQ/8FZz09o0Qx3TNUZ\n"
+			"l7KlGOD2d1c7ZxXDPqlLC6QW8DrE1/8zfwJ5cbYBXc8e7OKdSZeRrnwHyw4Q8r8C\n"
+			"AwEAAaMvMC0wEwYDVR0lBAwwCgYIKwYBBQUHAwEwCQYDVR0TBAIwADALBgNVHQ8E\n"
+			"BAMCBaAwDQYJKoZIhvcNAQEEBQADgYEAIG0M5tqYlXyMiGKPZfXy/R3M3ZZOapDk\n"
+			"W0dsXJYXAc35ftwtn0VYu9CNnZCcli17/d+AKhkK8a/oGPazqudjFF6WLJLTXaY9\n"
+			"NmhkJcOPADXkbyQPUPXzLe4YRrkEQeGhzMb4rKDQ1TKAcXfs0Y068pTpsixNSxja\n"
+			"NhAUUcve5Is=\n"
+			"-----END CERTIFICATE-----\n";
+			
 			mDerFormat = "MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIxEzARBgNVBAoT"
 "CklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBUZWNub2xvZ2lhIGRh"
 "IEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJyYXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UE"
@@ -118,24 +216,33 @@ namespace tut
 "1ME7a55lFEnSeT0umlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5"
 "nmPbK+9A46sd33oqK8n8";
 			
-			mTestCert = new LLBasicCertificate(mPemTestCert);
-			
-			gSavedSettings.cleanup();
-			gSavedSettings.declareString("FirstName", "", "", FALSE);
-			gSavedSettings.declareString("LastName", "", "", FALSE);
 			mX509TestCert = NULL;
-			BIO * validation_bio = BIO_new_mem_buf((void*)mPemTestCert.c_str(), mPemTestCert.length());
+			mX509RootCert = NULL;
+			mX509IntermediateCert = NULL;
+			mX509ChildCert = NULL;
 			
+			BIO * validation_bio = BIO_new_mem_buf((void*)mPemTestCert.c_str(), mPemTestCert.length());			
 			PEM_read_bio_X509(validation_bio, &mX509TestCert, 0, NULL);
 			BIO_free(validation_bio);
-
+			validation_bio = BIO_new_mem_buf((void*)mPemRootCert.c_str(), mPemRootCert.length());
+			PEM_read_bio_X509(validation_bio, &mX509RootCert, 0, NULL);
+			BIO_free(validation_bio);
+			validation_bio = BIO_new_mem_buf((void*)mPemIntermediateCert.c_str(), mPemIntermediateCert.length());
+			PEM_read_bio_X509(validation_bio, &mX509IntermediateCert, 0, NULL);
+			BIO_free(validation_bio);	
+			validation_bio = BIO_new_mem_buf((void*)mPemChildCert.c_str(), mPemChildCert.length());
+			PEM_read_bio_X509(validation_bio, &mX509ChildCert, 0, NULL);
+			BIO_free(validation_bio);				
 		}
 		~sechandler_basic_test()
 		{
 			LLFile::remove("test_password.dat");
 			LLFile::remove("sechandler_settings.tmp");
-			delete mTestCert;
+			LLFile::remove("mycertstore.pem");
 			X509_free(mX509TestCert);
+			X509_free(mX509RootCert);
+			X509_free(mX509IntermediateCert);
+			X509_free(mX509ChildCert);
 		}
 	};
 	
@@ -152,18 +259,18 @@ namespace tut
 	void sechandler_basic_test_object::test<1>()
 	
 	{
-
 		char buffer[4096];
-
+		LLPointer<LLCertificate> test_cert = new LLBasicCertificate(mPemTestCert);
+		
 		ensure_equals("Resultant pem is correct",
-			   mPemTestCert, mTestCert->getPem());
-		std::vector<U8> binary_cert = mTestCert->getBinary();
+			   mPemTestCert, test_cert->getPem());
+		std::vector<U8> binary_cert = test_cert->getBinary();
 
 		apr_base64_encode(buffer, (const char *)&binary_cert[0], binary_cert.size());
 		
 		ensure_equals("Der Format is correct", memcmp(buffer, mDerFormat.c_str(), mDerFormat.length()), 0);
 		
-		LLSD llsd_cert = mTestCert->getLLSD();
+		LLSD llsd_cert = test_cert->getLLSD();
 		std::ostringstream llsd_value;
 		llsd_value << LLSDOStreamer<LLSDNotationFormatter>(llsd_cert) << std::endl;
 		std::string llsd_cert_str = llsd_value.str();
@@ -194,10 +301,15 @@ namespace tut
 		ensure_equals("serial number", (std::string)llsd_cert["serial_number"], "04");
 		// sha1 digest is giving a weird value, and I've no idea why...feh
 		//ensure_equals("sha1 digest", (std::string)llsd_cert["sha1_digest"], "8e:fd:ca:bc:93:e6:1e:92:5d:4d:1d:ed:18:1a:43:20:a4:67:a1:39");
-		ensure_equals("valid from", (std::string)llsd_cert["valid_from"], "2001-11-30T20:58:00Z");
-		ensure_equals("valid to", (std::string)llsd_cert["valid_to"], "2011-12-01T07:59:00Z");
+		ensure_equals("valid from", (std::string)llsd_cert["valid_from"], "2001-11-30T12:58:00Z");
+		ensure_equals("valid to", (std::string)llsd_cert["valid_to"], "2011-11-30T23:59:00Z");
+		LLSD expectedKeyUsage = LLSD::emptyArray();
+		expectedKeyUsage.append(LLSD((std::string)"certSigning"));
+		expectedKeyUsage.append(LLSD((std::string)"crlSigning"));
+		ensure("key usage", valueCompareLLSD(llsd_cert["keyUsage"], expectedKeyUsage));
+		ensure("basic constraints", (bool)llsd_cert["basicConstraints"]["CA"]);
 		
-		ensure("x509 is equal", !X509_cmp(mX509TestCert, mTestCert->getOpenSSLX509()));
+		ensure("x509 is equal", !X509_cmp(mX509TestCert, test_cert->getOpenSSLX509()));
 	}
 
 	
@@ -319,7 +431,6 @@ namespace tut
 	void sechandler_basic_test_object::test<3>()
 	{
 		LLPointer<LLSecAPIBasicHandler> handler = new LLSecAPIBasicHandler("sechandler_settings.tmp", "test_password.dat");
-		
 
 		LLSD my_id = LLSD::emptyMap();
 		LLSD my_authenticator = LLSD::emptyMap();
@@ -349,7 +460,7 @@ namespace tut
 			
 		// test loading of a credential, that hasn't been saved, without
 		// any legacy saved credential data
-		LLPointer<LLCredential> my_new_cred = handler->loadCredential("my_grid");
+		LLPointer<LLCredential> my_new_cred = handler->loadCredential("my_grid2");
 		ensure("unknown credential load test", my_new_cred->getIdentifier().isMap());
 		ensure("unknown credential load test", !my_new_cred->getIdentifier().has("type"));		
 		ensure("unknown credential load test", my_new_cred->getAuthenticator().isMap());
@@ -379,10 +490,8 @@ namespace tut
 		
 		// test loading of an unknown credential with legacy saved username, but without
 		// saved password
-
-		gSavedSettings.setString("FirstName", "myfirstname");
-		gSavedSettings.setString("LastName", "mylastname");
-
+		gFirstName = "myfirstname";
+		gLastName = "mylastname";
 		my_new_cred = handler->loadCredential("my_legacy_grid");
 		ensure_equals("legacy credential with no password: type", 
 					  (const std::string)my_new_cred->getIdentifier()["type"], "agent");
@@ -438,19 +547,413 @@ namespace tut
 		ensure("no authenticator values were saved", my_new_cred->getAuthenticator().isUndefined());
 	}
 
+	// test cert vector
+	template<> template<>
+	void sechandler_basic_test_object::test<4>()
+	{
+		
+		// validate create from empty vector
+		LLPointer<LLBasicCertificateVector> test_vector = new LLBasicCertificateVector();
+		ensure_equals("when loading with nothing, we should result in no certs in vector", test_vector->size(), 0);
+		
+		test_vector->add(new LLBasicCertificate(mPemTestCert));
+		ensure_equals("one element in vector", test_vector->size(), 1);
+		test_vector->add(new LLBasicCertificate(mPemChildCert));
+		ensure_equals("two elements in vector after add", test_vector->size(), 2);
+		
+		test_vector->add(new LLBasicCertificate(mPemChildCert));
+		ensure_equals("two elements in vector after re-add", test_vector->size(), 2);
+		// validate order
+		X509* test_cert = (*test_vector)[0]->getOpenSSLX509();		
+		ensure("first cert added remains first cert", !X509_cmp(test_cert, mX509TestCert));
+		X509_free(test_cert);
+		
+		test_cert = (*test_vector)[1]->getOpenSSLX509();	
+		ensure("adding a duplicate cert", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);		
+		
+		//
+		// validate iterator
+		//
+		LLBasicCertificateVector::iterator current_cert = test_vector->begin();
+		LLBasicCertificateVector::iterator copy_current_cert = current_cert;
+		// operator++(int)
+		ensure("validate iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[0]);
+		ensure("validate 2nd iterator++ element in vector is expected cert", *current_cert++ == (*test_vector)[1]);
+		ensure("validate end iterator++", current_cert == test_vector->end());
+		
+		// copy 
+		ensure("validate copy iterator element in vector is expected cert", *copy_current_cert == (*test_vector)[0]);		
+		
+		// operator--(int)
+		current_cert--;
+		ensure("validate iterator-- element in vector is expected cert", *current_cert-- == (*test_vector)[1]);		
+		ensure("validate iterator-- element in vector is expected cert", *current_cert == (*test_vector)[0]);
+		
+		ensure("begin iterator is equal", current_cert == test_vector->begin());
+		
+		// operator++
+		ensure("validate ++iterator element in vector is expected cert", *++current_cert == (*test_vector)[1]);				
+		ensure("end of cert vector after ++iterator", ++current_cert == test_vector->end());
+		// operator--
+		ensure("validate --iterator element in vector is expected cert", *--current_cert == (*test_vector)[1]);		
+		ensure("validate 2nd --iterator element in vector is expected cert", *--current_cert == (*test_vector)[0]);		
+		
+		// validate remove
+		// validate create from empty vector
+		test_vector = new LLBasicCertificateVector();
+		test_vector->add(new LLBasicCertificate(mPemTestCert));
+		test_vector->add(new LLBasicCertificate(mPemChildCert));
+		test_vector->erase(test_vector->begin());
+		ensure_equals("one element in store after remove", test_vector->size(), 1);
+		test_cert = (*test_vector)[0]->getOpenSSLX509();
+		ensure("validate cert was removed", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);
+		
+		// validate insert
+		test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemChildCert));
+		test_cert = (*test_vector)[0]->getOpenSSLX509();
+		
+		ensure("validate cert was inserted", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);	
 
+		//validate find
+		LLSD find_info = LLSD::emptyMap();
+		test_vector->insert(test_vector->begin(), new LLBasicCertificate(mPemRootCert));
+		find_info["issuer_name"] = LLSD::emptyMap();
+		find_info["issuer_name"]["commonName"] = "Roxies intermediate CA";
+		find_info["md5_digest"] = "97:24:c7:4c:d4:ba:2d:0e:9c:a1:18:8e:3a:c6:1f:c3";
+		current_cert = test_vector->find(find_info);
+		ensure("found", current_cert != test_vector->end());
+		ensure("found cert", (*current_cert).get() == (*test_vector)[1].get());
+		find_info["sha1_digest"] = "bad value";
+		current_cert =test_vector->find(find_info);
+		ensure("didn't find cert", current_cert == test_vector->end());		
+	}	
+	
 	// test cert store
 	template<> template<>
-	void sechandler_basic_test_object::test<4>()
+	void sechandler_basic_test_object::test<5>()
 	{
+		// validate load with nothing
+		LLFile::remove("mycertstore.pem");
+		LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
+		ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
+		
+		// validate load with empty file
+		test_store->save();
+		test_store = NULL;
+		test_store = new LLBasicCertificateStore("mycertstore.pem");
+		ensure_equals("when loading with nothing, we should result in no certs in store", test_store->size(), 0);
+		test_store=NULL;
+		
 		// instantiate a cert store from a file
-		llofstream certstorefile("mycertstore.pem", std::ios::out | std::ios::binary);
-
-		certstorefile << mPemTestCert;
+		llofstream certstorefile("mycertstore.pem", std::ios::out);
+		certstorefile << mPemChildCert << std::endl << mPemTestCert << std::endl;
 		certstorefile.close();
-		// LLBasicCertificateStore test_store("mycertstore.pem");
-		// X509* test_cert = test_store[0]->getOpenSSLX509();
+		// validate loaded certs
+		test_store = new LLBasicCertificateStore("mycertstore.pem");
+		ensure_equals("two elements in store", test_store->size(), 2);
+		
+		// operator[]
+		X509* test_cert = (*test_store)[0]->getOpenSSLX509();
+
+		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);
+		test_cert = (*test_store)[1]->getOpenSSLX509();
+		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));	
+		X509_free(test_cert);
+
+
+		// validate save
+		LLFile::remove("mycertstore.pem");
+		test_store->save();
+		test_store = NULL;
+		test_store = new LLBasicCertificateStore("mycertstore.pem");
+		ensure_equals("two elements in store after save", test_store->size(), 2);				
+		LLCertificateStore::iterator current_cert = test_store->begin();		
+		test_cert = (*current_cert)->getOpenSSLX509();
+		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+		current_cert++;
+		X509_free(test_cert);
+		test_cert = (*current_cert)->getOpenSSLX509();
+		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));	
+		X509_free(test_cert);
+		current_cert++;
+		ensure("end of cert store", current_cert == test_store->end());
+		
+	}
+	
+	// cert name wildcard matching
+	template<> template<>
+	void sechandler_basic_test_object::test<6>()
+	{
+		ensure("simple name match", 
+			   _cert_hostname_wildcard_match("foo", "foo"));
+		
+		ensure("simple name match, with end period", 
+			   _cert_hostname_wildcard_match("foo.", "foo."));
+		
+		ensure("simple name match, with begin period", 
+			   _cert_hostname_wildcard_match(".foo", ".foo"));		
+		
+		ensure("simple name match, with subdomain", 
+			   _cert_hostname_wildcard_match("foo.bar", "foo.bar"));	
+		
+		ensure("stutter name match", 
+			   _cert_hostname_wildcard_match("foobbbbfoo", "foo*bbbfoo"));			
+		
+		ensure("simple name match, with beginning wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "*bar"));	
+		
+		ensure("simple name match, with ending wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "foo*"));
+		
+		ensure("simple name match, with beginning null wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "*foobar"));			
+
+		ensure("simple name match, with ending null wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "foobar*"));
+		
+		ensure("simple name match, with embedded wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "f*r"));		
+		
+		ensure("simple name match, with embedded null wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "foo*bar"));
+
+		ensure("simple name match, with dual embedded wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "f*o*ar"));		
+
+		ensure("simple name mismatch", 
+			   !_cert_hostname_wildcard_match("bar", "foo"));
+		
+		ensure("simple name mismatch, with end period", 
+			   !_cert_hostname_wildcard_match("foobar.", "foo."));
+		
+		ensure("simple name mismatch, with begin period", 
+			   !_cert_hostname_wildcard_match(".foobar", ".foo"));		
+		
+		ensure("simple name mismatch, with subdomain", 
+			   !_cert_hostname_wildcard_match("foobar.bar", "foo.bar"));	
+		
+		ensure("simple name mismatch, with beginning wildcard", 
+			   !_cert_hostname_wildcard_match("foobara", "*bar"));	
+		
+		ensure("simple name mismatch, with ending wildcard", 
+			   !_cert_hostname_wildcard_match("oobar", "foo*"));
+		
+		ensure("simple name mismatch, with embedded wildcard", 
+			   !_cert_hostname_wildcard_match("oobar", "f*r"));		
+		
+		ensure("simple name mismatch, with dual embedded wildcard", 
+			   !_cert_hostname_wildcard_match("foobar", "f*d*ar"));
+		
+		ensure("simple wildcard", 
+			   _cert_hostname_wildcard_match("foobar", "*"));
+		
+		ensure("long domain", 
+			   _cert_hostname_wildcard_match("foo.bar.com", "foo.bar.com"));
+		
+		ensure("long domain with multiple wildcards", 
+			   _cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com"));	
 
-		// ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509TestCert));
+		ensure("end periods", 
+			   _cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com."));	
+		
+		ensure("mismatch end period", 
+			   !_cert_hostname_wildcard_match("foo.bar.com.", "*.b*r.com"));
+		
+		ensure("mismatch end period2", 
+			   !_cert_hostname_wildcard_match("foo.bar.com", "*.b*r.com."));				
+	}
+	
+	// test cert chain
+	template<> template<>
+	void sechandler_basic_test_object::test<7>()
+	{
+		// validate create from empty chain
+		LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
+		ensure_equals("when loading with nothing, we should result in no certs in chain", test_chain->size(), 0);
+
+		// Single cert in the chain.
+		X509_STORE_CTX *test_store = X509_STORE_CTX_new();
+		test_store->cert = mX509ChildCert;		
+		test_store->untrusted = NULL;
+		test_chain = new LLBasicCertificateChain(test_store);
+		X509_STORE_CTX_free(test_store);
+		ensure_equals("two elements in store", test_chain->size(), 1);		
+		X509* test_cert = (*test_chain)[0]->getOpenSSLX509();
+		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);		
+		
+		// cert + CA
+		
+		test_store = X509_STORE_CTX_new();
+		test_store->cert = mX509ChildCert;
+		test_store->untrusted = sk_X509_new_null();
+		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
+		test_chain = new LLBasicCertificateChain(test_store);
+		X509_STORE_CTX_free(test_store);
+		ensure_equals("two elements in store", test_chain->size(), 2);	
+		test_cert = (*test_chain)[0]->getOpenSSLX509();
+		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);
+		test_cert = (*test_chain)[1]->getOpenSSLX509();
+		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));	
+		X509_free(test_cert);
+
+		// cert + nonrelated
+		
+		test_store = X509_STORE_CTX_new();
+		test_store->cert = mX509ChildCert;
+		test_store->untrusted = sk_X509_new_null();
+		sk_X509_push(test_store->untrusted, mX509TestCert);
+		test_chain = new LLBasicCertificateChain(test_store);
+		X509_STORE_CTX_free(test_store);
+		ensure_equals("two elements in store", test_chain->size(), 1);	
+		test_cert = (*test_chain)[0]->getOpenSSLX509();
+		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);
+		
+		// cert + CA + nonrelated
+		test_store = X509_STORE_CTX_new();
+		test_store->cert = mX509ChildCert;
+		test_store->untrusted = sk_X509_new_null();
+		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
+		sk_X509_push(test_store->untrusted, mX509TestCert);
+		test_chain = new LLBasicCertificateChain(test_store);
+		X509_STORE_CTX_free(test_store);
+		ensure_equals("two elements in store", test_chain->size(), 2);	
+		test_cert = (*test_chain)[0]->getOpenSSLX509();
+		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);
+		test_cert = (*test_chain)[1]->getOpenSSLX509();
+		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));	
+		X509_free(test_cert);
+
+		// cert + intermediate + CA 
+		test_store = X509_STORE_CTX_new();
+		test_store->cert = mX509ChildCert;
+		test_store->untrusted = sk_X509_new_null();
+		sk_X509_push(test_store->untrusted, mX509IntermediateCert);
+		sk_X509_push(test_store->untrusted, mX509RootCert);
+		test_chain = new LLBasicCertificateChain(test_store);
+		X509_STORE_CTX_free(test_store);
+		ensure_equals("three elements in store", test_chain->size(), 3);	
+		test_cert = (*test_chain)[0]->getOpenSSLX509();
+		ensure("validate first element in store is expected cert", !X509_cmp(test_cert, mX509ChildCert));
+		X509_free(test_cert);
+		test_cert = (*test_chain)[1]->getOpenSSLX509();
+		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509IntermediateCert));	
+		X509_free(test_cert);
+
+		test_cert = (*test_chain)[2]->getOpenSSLX509();
+		ensure("validate second element in store is expected cert", !X509_cmp(test_cert, mX509RootCert));	
+		X509_free(test_cert);		
+	}
+	// test cert validation
+	template<> template<>
+	void sechandler_basic_test_object::test<8>()
+	{
+		// start with a trusted store with our known root cert
+		LLFile::remove("mycertstore.pem");
+		LLPointer<LLBasicCertificateStore> test_store = new LLBasicCertificateStore("mycertstore.pem");
+		test_store->add(new LLBasicCertificate(mX509RootCert));
+		LLSD validation_params;
+		
+		// validate basic trust for a chain containing only the intermediate cert.  (1 deep)
+		LLPointer<LLBasicCertificateChain> test_chain = new LLBasicCertificateChain(NULL);
+
+		test_chain->add(new LLBasicCertificate(mX509IntermediateCert));
+
+		test_chain->validate(0, test_store, validation_params);
+
+		// add the root certificate to the chain and revalidate
+		test_chain->add(new LLBasicCertificate(mX509RootCert));	
+		test_chain->validate(0, test_store, validation_params);
+
+		// add the child cert at the head of the chain, and revalidate (3 deep chain)
+		test_chain->insert(test_chain->begin(), new LLBasicCertificate(mX509ChildCert));
+		test_chain->validate(0, test_store, validation_params);
+
+		// basic failure cases
+		test_chain = new LLBasicCertificateChain(NULL);
+		//validate with only the child cert
+		test_chain->add(new LLBasicCertificate(mX509ChildCert));
+		ensure_throws("no CA, with only a child cert", 
+					  LLCertValidationTrustException, 
+					  (*test_chain)[0],
+					  test_chain->validate, 
+					  VALIDATION_POLICY_TRUSTED, 
+					  test_store, 
+					  validation_params);
+
+
+		// validate without the trust flag.
+		test_chain->validate(0, test_store, validation_params);		
+
+		// clear out the store
+		test_store = new LLBasicCertificateStore("mycertstore.pem");
+		// append the intermediate cert
+		test_chain->add(new LLBasicCertificate(mX509IntermediateCert));		
+		ensure_throws("no CA, with child and intermediate certs", 
+					  LLCertValidationTrustException, 
+					  (*test_chain)[1],
+					  test_chain->validate, 
+					  VALIDATION_POLICY_TRUSTED, 
+					  test_store, 
+					  validation_params);
+		// validate without the trust flag
+		test_chain->validate(0, test_store, validation_params);
+
+		// Test time validity
+		LLSD child_info = (*test_chain)[0]->getLLSD();
+		validation_params = LLSD::emptyMap();
+		validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() + 1.0);  
+		test_chain->validate(VALIDATION_POLICY_TIME, test_store, validation_params);
+
+		validation_params = LLSD::emptyMap();		
+		validation_params[CERT_VALIDATION_DATE] = child_info[CERT_VALID_FROM].asDate();
+		
+		validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_FROM].asDate().secondsSinceEpoch() - 1.0);
+ 		
+		// test not yet valid
+		ensure_throws("Child cert not yet valid", 
+					  LLCertValidationExpirationException, 
+					  (*test_chain)[0],
+					  test_chain->validate, 
+					  VALIDATION_POLICY_TIME, 
+					  test_store, 
+					  validation_params);	
+		validation_params = LLSD::emptyMap();		
+		validation_params[CERT_VALIDATION_DATE] = LLDate(child_info[CERT_VALID_TO].asDate().secondsSinceEpoch() + 1.0);
+ 		
+		// test cert expired
+		ensure_throws("Child cert expired", 
+					  LLCertValidationExpirationException, 
+					  (*test_chain)[0],
+					  test_chain->validate, 
+					  VALIDATION_POLICY_TIME, 
+					  test_store, 
+					  validation_params);
+
+		// test SSL KU
+		// validate basic trust for a chain containing child and intermediate.
+		test_chain = new LLBasicCertificateChain(NULL);
+		test_chain->add(new LLBasicCertificate(mX509ChildCert));
+		test_chain->add(new LLBasicCertificate(mX509IntermediateCert));
+		test_chain->validate(VALIDATION_POLICY_SSL_KU, test_store, validation_params);	
+
+		test_chain = new LLBasicCertificateChain(NULL);
+		test_chain->add(new LLBasicCertificate(mX509TestCert));
+
+		ensure_throws("Cert doesn't have ku", 
+					  LLCertKeyUsageValidationException, 
+					  (*test_chain)[0],
+					  test_chain->validate, 
+					  VALIDATION_POLICY_SSL_KU, 
+					  test_store, 
+					  validation_params);
 	}
 };
+
diff --git a/indra/newview/tests/llviewernetwork_test.cpp b/indra/newview/tests/llviewernetwork_test.cpp
index c7a6b2ad15..f341482d6f 100644
--- a/indra/newview/tests/llviewernetwork_test.cpp
+++ b/indra/newview/tests/llviewernetwork_test.cpp
@@ -37,7 +37,51 @@
 #include "../../llxml/llcontrol.h"
 #include "llfile.h"
 
-LLControlGroup gSavedSettings;
+//----------------------------------------------------------------------------               
+// Mock objects for the dependencies of the code we're testing                               
+
+LLControlGroup::LLControlGroup(const std::string& name)
+: LLInstanceTracker<LLControlGroup, std::string>(name) {}
+LLControlGroup::~LLControlGroup() {}
+BOOL LLControlGroup::declareString(const std::string& name,
+                                   const std::string& initial_val,
+                                   const std::string& comment,
+                                   BOOL persist) {return TRUE;}
+void LLControlGroup::setString(const std::string& name, const std::string& val){}
+
+std::string gCmdLineLoginURI;
+std::string gCmdLineGridChoice;
+std::string gCmdLineHelperURI;
+std::string gLoginPage;
+std::string gCurrentGrid;
+std::string LLControlGroup::getString(const std::string& name)
+{
+	if (name == "CmdLineGridChoice")
+		return gCmdLineGridChoice;
+	else if (name == "CmdLineHelperURI")
+		return gCmdLineHelperURI;
+	else if (name == "LoginPage")
+		return gLoginPage;
+	else if (name == "CurrentGrid")
+		return gCurrentGrid;
+	return "";
+}
+
+LLSD LLControlGroup::getLLSD(const std::string& name)
+{
+	if (name == "CmdLineLoginURI")
+	{
+		if(!gCmdLineLoginURI.empty())
+		{
+			return LLSD(gCmdLineLoginURI);
+		}
+	}
+	return LLSD();
+}
+
+
+LLControlGroup gSavedSettings("test");
+
 const char *gSampleGridFile = "<llsd><map>"
 "<key>grid1</key><map>"
 "  <key>favorite</key><integer>1</integer>"
@@ -68,13 +112,12 @@ namespace tut
 	{
 		viewerNetworkTest()
 		{
-			gSavedSettings.cleanup();
-			gSavedSettings.cleanup();
-			gSavedSettings.declareString("CmdLineGridChoice", "", "", FALSE);
-			gSavedSettings.declareString("CmdLineHelperURI", "", "", FALSE);
-			gSavedSettings.declareString("LoginPage", "", "", FALSE);
-			gSavedSettings.declareString("CurrentGrid", "", "", FALSE);
-			gSavedSettings.declareLLSD("CmdLineLoginURI", LLSD(), "", FALSE);
+			LLFile::remove("grid_test.xml");
+			gCmdLineLoginURI.clear();
+			gCmdLineGridChoice.clear();
+			gCmdLineHelperURI.clear();
+			gLoginPage.clear();
+			gCurrentGrid.clear();			
 		}
 		~viewerNetworkTest()
 		{
@@ -95,20 +138,25 @@ namespace tut
 	void viewerNetworkTestObject::test<1>()
 	{
 
-		LLGridManager manager("grid_test.xml");
+		LLGridManager *manager = LLGridManager::getInstance();
+		// grid file doesn't exist
+		manager->initialize("grid_test.xml");
 		// validate that some of the defaults are available.
-		std::map<std::string, std::string> known_grids = manager.getKnownGrids();
+		std::map<std::string, std::string> known_grids = manager->getKnownGrids();
 #ifndef LL_RELEASE_FOR_DOWNLOAD
 		ensure_equals("Known grids is a string-string map of size 18", known_grids.size(), 18);
+		ensure_equals("Agni has the right name and label", 
+					  known_grids[std::string("util.agni.lindenlab.com")], std::string("Agni"));
 #else // LL_RELEASE_FOR_DOWNLOAD
-		ensure_equals("Known grids is a string-string map of size 18", known_grids.size(), 2);
+		ensure_equals("Known grids is a string-string map of size 2", known_grids.size(), 2);
+		ensure_equals("Agni has the right name and label", 
+					  known_grids[std::string("util.agni.lindenlab.com")], std::string("Secondlife.com"));		
 #endif // LL_RELEASE_FOR_DOWNLOAD
 
-		ensure_equals("Agni has the right name and label", 
-					  known_grids[std::string("util.agni.lindenlab.com")], std::string("Agni"));
+
 		ensure_equals("None exists", known_grids[""], "None");
 		
-		LLSD grid = manager.getGridInfo("util.agni.lindenlab.com");
+		LLSD grid = LLGridManager::getInstance()->getGridInfo("util.agni.lindenlab.com");
 		ensure("Grid info for agni is a map", grid.isMap());
 		ensure_equals("name is correct for agni", 
 					  grid[GRID_NAME_VALUE].asString(), std::string("util.agni.lindenlab.com"));
@@ -130,8 +178,8 @@ namespace tut
 		ensure_equals("Agni login page is correct",
 					  grid[GRID_LOGIN_PAGE_VALUE].asString(), 
 					  std::string("http://secondlife.com/app/login/"));
-		ensure("Agni is not a favorite",
-			   !grid.has(GRID_IS_FAVORITE_VALUE));
+		ensure("Agni is a favorite",
+			   grid.has(GRID_IS_FAVORITE_VALUE));
 		ensure("Agni is a system grid", 
 			   grid.has(GRID_IS_SYSTEM_GRID_VALUE));
 		ensure("Grid file wasn't greated as it wasn't saved", 
@@ -146,20 +194,25 @@ namespace tut
 		gridfile << gSampleGridFile;
 		gridfile.close();
 		
-		LLGridManager manager("grid_test.xml");
-		std::map<std::string, std::string> known_grids = manager.getKnownGrids();
+		LLGridManager::getInstance()->initialize("grid_test.xml");
+		std::map<std::string, std::string> known_grids = LLGridManager::getInstance()->getKnownGrids();
 #ifndef LL_RELEASE_FOR_DOWNLOAD
 		ensure_equals("adding a grid via a grid file increases known grid size", 
 					  known_grids.size(), 19);
+		ensure_equals("Agni is still there after we've added a grid via a grid file", 
+					  known_grids["util.agni.lindenlab.com"], std::string("Agni"));
+	
 #else
 		ensure_equals("adding a grid via a grid file increases known grid size", 
 					  known_grids.size(), 3);
-#endif
 		ensure_equals("Agni is still there after we've added a grid via a grid file", 
-					  known_grids["util.agni.lindenlab.com"], std::string("Agni"));
+					  known_grids["util.agni.lindenlab.com"], std::string("Secondlife.com"));
+
+#endif
 	
+		
 		// assure Agni doesn't get overwritten
-		LLSD grid = manager.getGridInfo("util.agni.lindenlab.com");
+		LLSD grid = LLGridManager::getInstance()->getGridInfo("util.agni.lindenlab.com");
 #ifndef LL_RELEASE_FOR_DOWNLOAD
 		ensure_equals("Agni grid label was not modified by grid file", 
 					  grid[GRID_LABEL_VALUE].asString(), std::string("Agni"));
@@ -181,14 +234,14 @@ namespace tut
 		ensure_equals("Agni login page the same after grid file", 
 					  grid[GRID_LOGIN_PAGE_VALUE].asString(), 
 					  std::string("http://secondlife.com/app/login/"));
-		ensure("Agni still not favorite after grid file", 
-			   !grid.has(GRID_IS_FAVORITE_VALUE));
+		ensure("Agni still a favorite after grid file", 
+			   grid.has(GRID_IS_FAVORITE_VALUE));
 		ensure("Agni system grid still set after grid file", 
 			   grid.has(GRID_IS_SYSTEM_GRID_VALUE));
 		
 		ensure_equals("Grid file adds to name<->label map", 
 					  known_grids["grid1"], std::string("mylabel"));
-		grid = manager.getGridInfo("grid1");
+		grid = LLGridManager::getInstance()->getGridInfo("grid1");
 		ensure_equals("grid file grid name is set",
 					  grid[GRID_NAME_VALUE].asString(), std::string("grid1"));
 		ensure_equals("grid file label is set", 
@@ -217,22 +270,16 @@ namespace tut
 	template<> template<>
 	void viewerNetworkTestObject::test<3>()
 	{	
-		LLSD loginURI = std::string("https://my.login.uri/cgi-bin/login.cgi");
-		gSavedSettings.setLLSD("CmdLineLoginURI", loginURI);
-		LLGridManager manager("grid_test.xml");
+		gCmdLineLoginURI = "https://my.login.uri/cgi-bin/login.cgi";
 		
+		LLGridManager::getInstance()->initialize("grid_test.xml");
 		// with single login uri specified.
-		std::map<std::string, std::string> known_grids = manager.getKnownGrids();
-#ifndef LL_RELEASE_FOR_DOWNLOAD
+		std::map<std::string, std::string> known_grids = LLGridManager::getInstance()->getKnownGrids();
 		ensure_equals("adding a command line grid increases known grid size", 
 					  known_grids.size(), 19);
-#else
-		ensure_equals("adding a command line grid increases known grid size", 
-					  known_grids.size(), 3);
-#endif
 		ensure_equals("Command line grid is added to the list of grids", 
 					  known_grids["my.login.uri"], std::string("my.login.uri"));
-		LLSD grid = manager.getGridInfo("my.login.uri");
+		LLSD grid = LLGridManager::getInstance()->getGridInfo("my.login.uri");
 		ensure_equals("Command line grid name is set",
 					  grid[GRID_NAME_VALUE].asString(), std::string("my.login.uri"));
 		ensure_equals("Command line grid label is set", 
@@ -254,19 +301,14 @@ namespace tut
 			   !grid.has(GRID_IS_SYSTEM_GRID_VALUE));		
 		
 		// now try a command line with a custom grid identifier
-		gSavedSettings.setString("CmdLineGridChoice", "mycustomgridchoice");
-		manager = LLGridManager("grid_test.xml");
-		known_grids = manager.getKnownGrids();
-#ifndef LL_RELEASE_FOR_DOWNLOAD
+		gCmdLineGridChoice = "mycustomgridchoice";		
+		LLGridManager::getInstance()->initialize("grid_test.xml");
+		known_grids = LLGridManager::getInstance()->getKnownGrids();
 		ensure_equals("adding a command line grid with custom name increases known grid size", 
 					  known_grids.size(), 19);
-#else
-		ensure_equals("adding a command line grid with custom name inceases known grid size", 
-					  known_grids.size(), 3);
-#endif
 		ensure_equals("Custom Command line grid is added to the list of grids", 
 					  known_grids["mycustomgridchoice"], std::string("mycustomgridchoice"));
-		grid = manager.getGridInfo("mycustomgridchoice");
+		grid = LLGridManager::getInstance()->getGridInfo("mycustomgridchoice");
 		ensure_equals("Custom Command line grid name is set",
 					  grid[GRID_NAME_VALUE].asString(), std::string("mycustomgridchoice"));
 		ensure_equals("Custom Command line grid label is set", 
@@ -278,16 +320,16 @@ namespace tut
 					  std::string("https://my.login.uri/cgi-bin/login.cgi"));
 		
 		// add a helperuri
-		gSavedSettings.setString("CmdLineHelperURI", "myhelperuri");
-		manager = LLGridManager("grid_test.xml");
-		grid = manager.getGridInfo("mycustomgridchoice");		
+		gCmdLineHelperURI = "myhelperuri";
+		LLGridManager::getInstance()->initialize("grid_test.xml");
+		grid = LLGridManager::getInstance()->getGridInfo("mycustomgridchoice");		
 		ensure_equals("Validate command line helper uri", 
 					  grid[GRID_HELPER_URI_VALUE].asString(), std::string("myhelperuri"));		
 		
 		// add a login page
-		gSavedSettings.setString("LoginPage", "myloginpage");
-		manager = LLGridManager("grid_test.xml");
-		grid = manager.getGridInfo("mycustomgridchoice");		
+		gLoginPage = "myloginpage";
+		LLGridManager::getInstance()->initialize("grid_test.xml");
+		grid = LLGridManager::getInstance()->getGridInfo("mycustomgridchoice");		
 		ensure_equals("Validate command line helper uri", 
 					  grid[GRID_LOGIN_PAGE_VALUE].asString(), std::string("myloginpage"));			
 	}
@@ -301,36 +343,34 @@ namespace tut
 		// adding a grid with simply a name will populate the values.
 		grid[GRID_NAME_VALUE] = "myaddedgrid";
 
-		loginURI.append(std::string("https://my.login.uri/cgi-bin/login.cgi"));
-		gSavedSettings.setLLSD("CmdLineLoginURI", loginURI);
-		LLGridManager manager("grid_test.xml");
-		manager.addGrid(grid);
-		manager.setGridChoice("util.agni.lindenlab.com");
+		LLGridManager::getInstance()->initialize("grid_test.xml");
+		LLGridManager::getInstance()->addGrid(grid);
+		LLGridManager::getInstance()->setGridChoice("util.agni.lindenlab.com");
 #ifndef LL_RELEASE_FOR_DOWNLOAD		
-		ensure_equals("getGridLabel", manager.getGridLabel(), std::string("Agni"));
+		ensure_equals("getGridLabel", LLGridManager::getInstance()->getGridLabel(), std::string("Agni"));
 #else // LL_RELEASE_FOR_DOWNLOAD
-		ensure_equals("getGridLabel", manager.getGridLabel(), std::string("Secondlife.com"));		
+		ensure_equals("getGridLabel", LLGridManager::getInstance()->getGridLabel(), std::string("Secondlife.com"));		
 #endif // LL_RELEASE_FOR_DOWNLOAD
-		ensure_equals("getGridName", manager.getGridName(), 
+		ensure_equals("getGridName", LLGridManager::getInstance()->getGridName(), 
 					  std::string("util.agni.lindenlab.com"));
-		ensure_equals("getHelperURI", manager.getHelperURI(), 
+		ensure_equals("getHelperURI", LLGridManager::getInstance()->getHelperURI(), 
 					  std::string("https://secondlife.com/helpers/"));
-		ensure_equals("getLoginPage", manager.getLoginPage(), 
+		ensure_equals("getLoginPage", LLGridManager::getInstance()->getLoginPage(), 
 					  std::string("http://secondlife.com/app/login/"));
-		ensure_equals("getLoginPage2", manager.getLoginPage("util.agni.lindenlab.com"), 
+		ensure_equals("getLoginPage2", LLGridManager::getInstance()->getLoginPage("util.agni.lindenlab.com"), 
 					  std::string("http://secondlife.com/app/login/"));
-		ensure("Is Agni a production grid", manager.isInProductionGrid());		
+		ensure("Is Agni a production grid", LLGridManager::getInstance()->isInProductionGrid());		
 		std::vector<std::string> uris;
-		manager.getLoginURIs(uris);
+		LLGridManager::getInstance()->getLoginURIs(uris);
 		ensure_equals("getLoginURIs size", uris.size(), 1);
 		ensure_equals("getLoginURIs", uris[0], 
 					  std::string("https://login.agni.lindenlab.com/cgi-bin/login.cgi"));
-		manager.setGridChoice("myaddedgrid");
-		ensure_equals("getGridLabel", manager.getGridLabel(), std::string("myaddedgrid"));		
-		ensure("Is myaddedgrid a production grid", !manager.isInProductionGrid());
+		LLGridManager::getInstance()->setGridChoice("myaddedgrid");
+		ensure_equals("getGridLabel", LLGridManager::getInstance()->getGridLabel(), std::string("myaddedgrid"));		
+		ensure("Is myaddedgrid a production grid", !LLGridManager::getInstance()->isInProductionGrid());
 		
-		manager.setFavorite();
-		grid = manager.getGridInfo("myaddedgrid");
+		LLGridManager::getInstance()->setFavorite();
+		grid = LLGridManager::getInstance()->getGridInfo("myaddedgrid");
 		ensure("setting favorite", grid.has(GRID_IS_FAVORITE_VALUE));
 	}
 	
@@ -338,12 +378,12 @@ namespace tut
 	template<> template<>
 	void viewerNetworkTestObject::test<5>()
 	{
-		LLGridManager manager("grid_test.xml");
+		LLGridManager::getInstance()->initialize("grid_test.xml");
 		LLSD grid = LLSD::emptyMap();
 		// adding a grid with simply a name will populate the values.
 		grid[GRID_NAME_VALUE] = "myaddedgrid";
-		manager.addGrid(grid);
-		grid = manager.getGridInfo("myaddedgrid");
+		LLGridManager::getInstance()->addGrid(grid);
+		grid = LLGridManager::getInstance()->getGridInfo("myaddedgrid");
 		
 		ensure_equals("name based grid has name value", 
 					  grid[GRID_NAME_VALUE].asString(),
@@ -380,29 +420,29 @@ namespace tut
 	{
 		// try with initial grid list without a grid file,
 		// without setting the grid to a saveable favorite.
-		LLGridManager manager("grid_test.xml");
+		LLGridManager::getInstance()->initialize("grid_test.xml");
 		LLSD grid = LLSD::emptyMap();
 		grid[GRID_NAME_VALUE] = std::string("mynewgridname");
-		manager.addGrid(grid);
-		manager.saveFavorites();
+		LLGridManager::getInstance()->addGrid(grid);
+		LLGridManager::getInstance()->saveFavorites();
 		ensure("Grid file exists after saving", 
 			   LLFile::isfile("grid_test.xml"));
-		manager = LLGridManager("grid_test.xml");
+		LLGridManager::getInstance()->initialize("grid_test.xml");
 		// should not be there
-		std::map<std::string, std::string> known_grids = manager.getKnownGrids();
+		std::map<std::string, std::string> known_grids = LLGridManager::getInstance()->getKnownGrids();
 		ensure("New grid wasn't added to persisted list without being marked a favorite",
 					  known_grids.find(std::string("mynewgridname")) == known_grids.end());
 		
 		// mark a grid a favorite to make sure it's persisted
-		manager.addGrid(grid);
-		manager.setGridChoice("mynewgridname");
-		manager.setFavorite();
-		manager.saveFavorites();
+		LLGridManager::getInstance()->addGrid(grid);
+		LLGridManager::getInstance()->setGridChoice("mynewgridname");
+		LLGridManager::getInstance()->setFavorite();
+		LLGridManager::getInstance()->saveFavorites();
 		ensure("Grid file exists after saving", 
 			   LLFile::isfile("grid_test.xml"));
-		manager = LLGridManager("grid_test.xml");
+		LLGridManager::getInstance()->initialize("grid_test.xml");
 		// should not be there
-		known_grids = manager.getKnownGrids();
+		known_grids = LLGridManager::getInstance()->getKnownGrids();
 		ensure("New grid wasn't added to persisted list after being marked a favorite",
 					  known_grids.find(std::string("mynewgridname")) !=
 					  known_grids.end());
@@ -417,28 +457,28 @@ namespace tut
 		gridfile << gSampleGridFile;
 		gridfile.close();
 		
-		LLGridManager manager("grid_test.xml");
+		LLGridManager::getInstance()->initialize("grid_test.xml");
 		LLSD grid = LLSD::emptyMap();
 		grid[GRID_NAME_VALUE] = std::string("mynewgridname");
-		manager.addGrid(grid);
-		manager.saveFavorites();
+		LLGridManager::getInstance()->addGrid(grid);
+		LLGridManager::getInstance()->saveFavorites();
 		// validate we didn't lose existing favorites
-		manager = LLGridManager("grid_test.xml");
-		std::map<std::string, std::string> known_grids = manager.getKnownGrids();
+		LLGridManager::getInstance()->initialize("grid_test.xml");
+		std::map<std::string, std::string> known_grids = LLGridManager::getInstance()->getKnownGrids();
 		ensure("New grid wasn't added to persisted list after being marked a favorite",
 			   known_grids.find(std::string("grid1")) !=
 			   known_grids.end());
 		
 		// add a grid
-		manager.addGrid(grid);
-		manager.setGridChoice("mynewgridname");
-		manager.setFavorite();
-		manager.saveFavorites();
-		known_grids = manager.getKnownGrids();
+		LLGridManager::getInstance()->addGrid(grid);
+		LLGridManager::getInstance()->setGridChoice("mynewgridname");
+		LLGridManager::getInstance()->setFavorite();
+		LLGridManager::getInstance()->saveFavorites();
+		known_grids = LLGridManager::getInstance()->getKnownGrids();
 		ensure("New grid wasn't added to persisted list after being marked a favorite",
 			   known_grids.find(std::string("grid1")) !=
 			   known_grids.end());
-		known_grids = manager.getKnownGrids();
+		known_grids = LLGridManager::getInstance()->getKnownGrids();
 		ensure("New grid wasn't added to persisted list after being marked a favorite",
 			   known_grids.find(std::string("mynewgridname")) !=
 			   known_grids.end());
author	Roxanne Skelly <roxie@lindenlab.com>	2009-07-08 00:45:17 +0000
committer	Roxanne Skelly <roxie@lindenlab.com>	2009-07-08 00:45:17 +0000
commit	9e89819d55a3b6ee7fc56f3efb36f273e4e05c83 (patch)
tree	1585010af9cafd82202c22ef9cb0db4967c74394 /indra/newview/tests
parent	fe71dd340ab396b93bde45df438041af5d85fd47 (diff)