Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "base/memory/scoped_vector.h" | 8 #include "base/memory/scoped_vector.h" |
| 9 #include "base/message_loop.h" | 9 #include "base/message_loop.h" |
| 10 #include "base/scoped_temp_dir.h" | 10 #include "base/scoped_temp_dir.h" |
| 11 #include "base/stl_util.h" | 11 #include "base/stl_util.h" |
| 12 #include "base/test/thread_test_helper.h" | 12 #include "base/test/thread_test_helper.h" |
| 13 #include "chrome/browser/net/clear_on_exit_policy.h" | |
| 13 #include "chrome/browser/net/sqlite_server_bound_cert_store.h" | 14 #include "chrome/browser/net/sqlite_server_bound_cert_store.h" |
| 14 #include "chrome/common/chrome_constants.h" | 15 #include "chrome/common/chrome_constants.h" |
| 15 #include "content/test/test_browser_thread.h" | 16 #include "content/test/test_browser_thread.h" |
| 16 #include "net/base/cert_test_util.h" | 17 #include "net/base/cert_test_util.h" |
| 17 #include "sql/statement.h" | 18 #include "sql/statement.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 20 #include "webkit/quota/mock_special_storage_policy.h" | |
| 19 | 21 |
| 20 using content::BrowserThread; | 22 using content::BrowserThread; |
| 21 | 23 |
| 22 class SQLiteServerBoundCertStoreTest : public testing::Test { | 24 class SQLiteServerBoundCertStoreTest : public testing::Test { |
| 23 public: | 25 public: |
| 24 SQLiteServerBoundCertStoreTest() | 26 SQLiteServerBoundCertStoreTest() |
| 25 : db_thread_(BrowserThread::DB) { | 27 : db_thread_(BrowserThread::DB) { |
| 26 } | 28 } |
| 27 | 29 |
| 28 protected: | 30 protected: |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 54 exploded_time.minute = 23; | 56 exploded_time.minute = 23; |
| 55 exploded_time.second = 45; | 57 exploded_time.second = 45; |
| 56 exploded_time.millisecond = 0; | 58 exploded_time.millisecond = 0; |
| 57 return base::Time::FromUTCExploded(exploded_time); | 59 return base::Time::FromUTCExploded(exploded_time); |
| 58 } | 60 } |
| 59 | 61 |
| 60 virtual void SetUp() { | 62 virtual void SetUp() { |
| 61 db_thread_.Start(); | 63 db_thread_.Start(); |
| 62 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); | 64 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); |
| 63 store_ = new SQLiteServerBoundCertStore( | 65 store_ = new SQLiteServerBoundCertStore( |
| 64 temp_dir_.path().Append(chrome::kOBCertFilename)); | 66 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); |
| 65 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 67 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 66 ASSERT_TRUE(store_->Load(&certs.get())); | 68 ASSERT_TRUE(store_->Load(&certs.get())); |
| 67 ASSERT_EQ(0u, certs.size()); | 69 ASSERT_EQ(0u, certs.size()); |
| 68 // Make sure the store gets written at least once. | 70 // Make sure the store gets written at least once. |
| 69 store_->AddServerBoundCert( | 71 store_->AddServerBoundCert( |
| 70 net::DefaultServerBoundCertStore::ServerBoundCert( | 72 net::DefaultServerBoundCertStore::ServerBoundCert( |
| 71 "google.com", | 73 "google.com", |
| 72 net::CLIENT_CERT_RSA_SIGN, | 74 net::CLIENT_CERT_RSA_SIGN, |
| 73 base::Time::FromInternalValue(1), | 75 base::Time::FromInternalValue(1), |
| 74 base::Time::FromInternalValue(2), | 76 base::Time::FromInternalValue(2), |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 125 // Replace the store effectively destroying the current one and forcing it | 127 // Replace the store effectively destroying the current one and forcing it |
| 126 // to write its data to disk. Then we can see if after loading it again it | 128 // to write its data to disk. Then we can see if after loading it again it |
| 127 // is still there. | 129 // is still there. |
| 128 store_ = NULL; | 130 store_ = NULL; |
| 129 scoped_refptr<base::ThreadTestHelper> helper( | 131 scoped_refptr<base::ThreadTestHelper> helper( |
| 130 new base::ThreadTestHelper( | 132 new base::ThreadTestHelper( |
| 131 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); | 133 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); |
| 132 // Make sure we wait until the destructor has run. | 134 // Make sure we wait until the destructor has run. |
| 133 ASSERT_TRUE(helper->Run()); | 135 ASSERT_TRUE(helper->Run()); |
| 134 store_ = new SQLiteServerBoundCertStore( | 136 store_ = new SQLiteServerBoundCertStore( |
| 135 temp_dir_.path().Append(chrome::kOBCertFilename)); | 137 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); |
| 136 | 138 |
| 137 // Reload and test for persistence | 139 // Reload and test for persistence |
| 138 ASSERT_TRUE(store_->Load(&certs.get())); | 140 ASSERT_TRUE(store_->Load(&certs.get())); |
| 139 ASSERT_EQ(2U, certs.size()); | 141 ASSERT_EQ(2U, certs.size()); |
| 140 net::DefaultServerBoundCertStore::ServerBoundCert* ec_cert; | 142 net::DefaultServerBoundCertStore::ServerBoundCert* ec_cert; |
| 141 net::DefaultServerBoundCertStore::ServerBoundCert* rsa_cert; | 143 net::DefaultServerBoundCertStore::ServerBoundCert* rsa_cert; |
| 142 if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) { | 144 if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) { |
| 143 rsa_cert = certs[0]; | 145 rsa_cert = certs[0]; |
| 144 ec_cert = certs[1]; | 146 ec_cert = certs[1]; |
| 145 } else { | 147 } else { |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 160 ASSERT_EQ(4, ec_cert->expiration_time().ToInternalValue()); | 162 ASSERT_EQ(4, ec_cert->expiration_time().ToInternalValue()); |
| 161 | 163 |
| 162 // Now delete the cert and check persistence again. | 164 // Now delete the cert and check persistence again. |
| 163 store_->DeleteServerBoundCert(*certs[0]); | 165 store_->DeleteServerBoundCert(*certs[0]); |
| 164 store_->DeleteServerBoundCert(*certs[1]); | 166 store_->DeleteServerBoundCert(*certs[1]); |
| 165 store_ = NULL; | 167 store_ = NULL; |
| 166 // Make sure we wait until the destructor has run. | 168 // Make sure we wait until the destructor has run. |
| 167 ASSERT_TRUE(helper->Run()); | 169 ASSERT_TRUE(helper->Run()); |
| 168 certs.reset(); | 170 certs.reset(); |
| 169 store_ = new SQLiteServerBoundCertStore( | 171 store_ = new SQLiteServerBoundCertStore( |
| 170 temp_dir_.path().Append(chrome::kOBCertFilename)); | 172 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); |
| 171 | 173 |
| 172 // Reload and check if the cert has been removed. | 174 // Reload and check if the cert has been removed. |
| 173 ASSERT_TRUE(store_->Load(&certs.get())); | 175 ASSERT_TRUE(store_->Load(&certs.get())); |
| 174 ASSERT_EQ(0U, certs.size()); | 176 ASSERT_EQ(0U, certs.size()); |
| 175 } | 177 } |
| 176 | 178 |
| 177 TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) { | 179 TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) { |
| 178 // Reset the store. We'll be using a different database for this test. | 180 // Reset the store. We'll be using a different database for this test. |
| 179 store_ = NULL; | 181 store_ = NULL; |
| 180 | 182 |
| (...skipping 30 matching lines...) Expand all Loading... | |
| 211 )); | 213 )); |
| 212 } | 214 } |
| 213 | 215 |
| 214 // Load and test the DB contents twice. First time ensures that we can use | 216 // Load and test the DB contents twice. First time ensures that we can use |
| 215 // the updated values immediately. Second time ensures that the updated | 217 // the updated values immediately. Second time ensures that the updated |
| 216 // values are stored and read correctly on next load. | 218 // values are stored and read correctly on next load. |
| 217 for (int i = 0; i < 2; ++i) { | 219 for (int i = 0; i < 2; ++i) { |
| 218 SCOPED_TRACE(i); | 220 SCOPED_TRACE(i); |
| 219 | 221 |
| 220 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 222 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 221 store_ = new SQLiteServerBoundCertStore(v1_db_path); | 223 store_ = new SQLiteServerBoundCertStore(v1_db_path, NULL); |
| 222 | 224 |
| 223 // Load the database and ensure the certs can be read and are marked as RSA. | 225 // Load the database and ensure the certs can be read and are marked as RSA. |
| 224 ASSERT_TRUE(store_->Load(&certs.get())); | 226 ASSERT_TRUE(store_->Load(&certs.get())); |
| 225 ASSERT_EQ(2U, certs.size()); | 227 ASSERT_EQ(2U, certs.size()); |
| 226 | 228 |
| 227 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); | 229 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); |
| 228 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); | 230 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); |
| 229 ASSERT_EQ(GetTestCertExpirationTime(), | 231 ASSERT_EQ(GetTestCertExpirationTime(), |
| 230 certs[0]->expiration_time()); | 232 certs[0]->expiration_time()); |
| 231 ASSERT_EQ(key_data, certs[0]->private_key()); | 233 ASSERT_EQ(key_data, certs[0]->private_key()); |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 299 )); | 301 )); |
| 300 } | 302 } |
| 301 | 303 |
| 302 // Load and test the DB contents twice. First time ensures that we can use | 304 // Load and test the DB contents twice. First time ensures that we can use |
| 303 // the updated values immediately. Second time ensures that the updated | 305 // the updated values immediately. Second time ensures that the updated |
| 304 // values are saved and read correctly on next load. | 306 // values are saved and read correctly on next load. |
| 305 for (int i = 0; i < 2; ++i) { | 307 for (int i = 0; i < 2; ++i) { |
| 306 SCOPED_TRACE(i); | 308 SCOPED_TRACE(i); |
| 307 | 309 |
| 308 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 310 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 309 store_ = new SQLiteServerBoundCertStore(v2_db_path); | 311 store_ = new SQLiteServerBoundCertStore(v2_db_path, NULL); |
| 310 | 312 |
| 311 // Load the database and ensure the certs can be read and are marked as RSA. | 313 // Load the database and ensure the certs can be read and are marked as RSA. |
| 312 ASSERT_TRUE(store_->Load(&certs.get())); | 314 ASSERT_TRUE(store_->Load(&certs.get())); |
| 313 ASSERT_EQ(2U, certs.size()); | 315 ASSERT_EQ(2U, certs.size()); |
| 314 | 316 |
| 315 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); | 317 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); |
| 316 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); | 318 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); |
| 317 ASSERT_EQ(GetTestCertExpirationTime(), | 319 ASSERT_EQ(GetTestCertExpirationTime(), |
| 318 certs[0]->expiration_time()); | 320 certs[0]->expiration_time()); |
| 319 ASSERT_EQ(key_data, certs[0]->private_key()); | 321 ASSERT_EQ(key_data, certs[0]->private_key()); |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 389 )); | 391 )); |
| 390 } | 392 } |
| 391 | 393 |
| 392 // Load and test the DB contents twice. First time ensures that we can use | 394 // Load and test the DB contents twice. First time ensures that we can use |
| 393 // the updated values immediately. Second time ensures that the updated | 395 // the updated values immediately. Second time ensures that the updated |
| 394 // values are saved and read correctly on next load. | 396 // values are saved and read correctly on next load. |
| 395 for (int i = 0; i < 2; ++i) { | 397 for (int i = 0; i < 2; ++i) { |
| 396 SCOPED_TRACE(i); | 398 SCOPED_TRACE(i); |
| 397 | 399 |
| 398 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 400 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 399 store_ = new SQLiteServerBoundCertStore(v3_db_path); | 401 store_ = new SQLiteServerBoundCertStore(v3_db_path, NULL); |
| 400 | 402 |
| 401 // Load the database and ensure the certs can be read and are marked as RSA. | 403 // Load the database and ensure the certs can be read and are marked as RSA. |
| 402 ASSERT_TRUE(store_->Load(&certs.get())); | 404 ASSERT_TRUE(store_->Load(&certs.get())); |
| 403 ASSERT_EQ(2U, certs.size()); | 405 ASSERT_EQ(2U, certs.size()); |
| 404 | 406 |
| 405 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); | 407 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); |
| 406 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); | 408 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); |
| 407 ASSERT_EQ(1000, certs[0]->expiration_time().ToInternalValue()); | 409 ASSERT_EQ(1000, certs[0]->expiration_time().ToInternalValue()); |
| 408 ASSERT_EQ(GetTestCertCreationTime(), | 410 ASSERT_EQ(GetTestCertCreationTime(), |
| 409 certs[0]->creation_time()); | 411 certs[0]->creation_time()); |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 503 | 505 |
| 504 store_->Flush(base::Bind(&CallbackCounter::Callback, counter.get())); | 506 store_->Flush(base::Bind(&CallbackCounter::Callback, counter.get())); |
| 505 | 507 |
| 506 scoped_refptr<base::ThreadTestHelper> helper( | 508 scoped_refptr<base::ThreadTestHelper> helper( |
| 507 new base::ThreadTestHelper( | 509 new base::ThreadTestHelper( |
| 508 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); | 510 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); |
| 509 ASSERT_TRUE(helper->Run()); | 511 ASSERT_TRUE(helper->Run()); |
| 510 | 512 |
| 511 ASSERT_EQ(1, counter->callback_count()); | 513 ASSERT_EQ(1, counter->callback_count()); |
| 512 } | 514 } |
| 515 | |
| 516 // Tests the interaction with the clear on exit policy. | |
| 517 TEST_F(SQLiteServerBoundCertStoreTest, TestClearOnExitPolicy) { | |
| 518 store_->SetClearLocalStateOnExit(true); | |
| 519 // Replace the store effectively destroying the current one and forcing it | |
| 520 // to write its data to disk. Then we can see if after loading it again it | |
| 521 // is still there. | |
| 522 store_ = NULL; | |
| 523 // Make sure we wait until the destructor has run. | |
| 524 scoped_refptr<base::ThreadTestHelper> helper( | |
| 525 new base::ThreadTestHelper( | |
| 526 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); | |
| 527 ASSERT_TRUE(helper->Run()); | |
| 528 | |
| 529 scoped_refptr<quota::MockSpecialStoragePolicy> storage_policy = | |
| 530 new quota::MockSpecialStoragePolicy; | |
| 531 scoped_refptr<ClearOnExitPolicy> clear_policy = | |
| 532 new ClearOnExitPolicy(storage_policy.get()); | |
| 533 storage_policy->AddSessionOnly(GURL("https://google.com")); | |
| 534 | |
| 535 store_ = new SQLiteServerBoundCertStore( | |
| 536 temp_dir_.path().Append(chrome::kOBCertFilename), clear_policy.get()); | |
| 537 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | |
| 538 ASSERT_TRUE(store_->Load(&certs.get())); | |
| 539 ASSERT_EQ(0u, certs.size()); | |
| 540 // Make sure the store gets written at least once. | |
|
erikwright (departed)
2012/05/29 13:09:03
It's not evident to me that this has ensured a wri
jochen (gone - plz use gerrit)
2012/05/30 11:28:42
Done.
| |
| 541 store_->AddServerBoundCert( | |
| 542 net::DefaultServerBoundCertStore::ServerBoundCert( | |
| 543 "google.com", | |
| 544 net::CLIENT_CERT_RSA_SIGN, | |
| 545 base::Time::FromInternalValue(1), | |
| 546 base::Time::FromInternalValue(2), | |
| 547 "a", "b")); | |
| 548 | |
| 549 store_ = NULL; | |
| 550 | |
| 551 // Make sure we wait until the destructor has run. | |
| 552 ASSERT_TRUE(helper->Run()); | |
| 553 | |
| 554 store_ = new SQLiteServerBoundCertStore( | |
| 555 temp_dir_.path().Append(chrome::kOBCertFilename), clear_policy.get()); | |
| 556 | |
| 557 // Reload and test for persistence | |
| 558 ASSERT_TRUE(store_->Load(&certs.get())); | |
| 559 ASSERT_EQ(0U, certs.size()); | |
| 560 } | |
| OLD | NEW |