This applies GUIDs to certificate and key nicknames when

chrome/browser/chromeos/cros/onc_network_parser_unittest.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/cros/onc_network_parser.h"
 
 #include <cert.h>
+#include <keyhi.h>
 #include <pk11pub.h>
 
 #include "base/lazy_instance.h"
 #include "base/scoped_temp_dir.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/cros/network_library.h"
+#include "chrome/browser/chromeos/system/runtime_environment.h"
 #include "crypto/nss_util.h"
 #include "net/base/cert_database.h"
 #include "net/base/crypto_module.h"
 #include "net/base/x509_certificate.h"
+#include "net/base/x509_util_nss.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace chromeos {
 
+namespace {
+const char g_token_name[] = "OncNetworkParserTest token";
+}
+
 class OncNetworkParserTest : public testing::Test {
  public:
   static void SetUpTestCase() {
     ASSERT_TRUE(temp_db_dir_.Get().CreateUniqueTempDir());
     // Ideally, we'd open a test DB for each test case, and close it
     // again, removing the temp dir, but unfortunately, there's a
     // bug in NSS that prevents this from working, so we just open
     // it once, and empty it for each test case.  Here's the bug:
     // https://bugzilla.mozilla.org/show_bug.cgi?id=588269
     ASSERT_TRUE(
-        crypto::OpenTestNSSDB(temp_db_dir_.Get().path(),
-                              "OncNetworkParserTest db"));
+        crypto::OpenTestNSSDB(temp_db_dir_.Get().path(), g_token_name));
   }
 
   static void TearDownTestCase() {
     ASSERT_TRUE(temp_db_dir_.Get().Delete());
   }
 
   virtual void SetUp() {
     slot_ = cert_db_.GetPublicModule();
 
     // Don't run the test if the setup failed.
@@ skipping 141 matching lines @@
   EXPECT_EQ(wifi->encryption(), chromeos::SECURITY_8021X);
   EXPECT_EQ(wifi->name(), "ssid");
   EXPECT_EQ(wifi->auto_connect(), false);
   EXPECT_EQ(wifi->eap_method(), EAP_METHOD_LEAP);
   EXPECT_EQ(wifi->eap_use_system_cas(), true);
   EXPECT_EQ(wifi->eap_identity(), "user");
   EXPECT_EQ(wifi->eap_passphrase(), "pass");
   EXPECT_EQ(wifi->eap_anonymous_identity(), "anon");
 }
 
+TEST_F(OncNetworkParserTest, TestAddClientCertificate) {
+  std::string test_blob(
+      "{"
+      "    \"Certificates\": ["
+      "        {"
+      "            \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\","
+      "            \"Type\": \"Client\","
+      "            \"PKCS12\": \"MIIGUQIBAzCCBhcGCSqGSIb3DQEHAaCCBggEggYEMII"
+      "GADCCAv8GCSqGSIb3DQEHBqCCAvAwggLsAgEAMIIC5QYJKoZIhvcNAQcBMBwGCiqGSIb3"
+      "DQEMAQYwDgQIHnFaWM2Y0BgCAggAgIICuG4ou9mxkhpus8WictLJe+JOnSQrdNXV3FMQr"
+      "4pPJ6aJJFBMKZ80W2GpR8XNY/SSKkdaNr1puDm1bDBFGaHQuCKXYcWO8ynBQ1uoZaFaTT"
+      "FxWbbHo89Jrvw+gIrgpoOHQ0KECEbh5vOZCjGHoaQb4QZOkw/6Cuc4QRoCPJAI3pbSPG4"
+      "4kRbOuOaTZvBHSIPkGf3+R6byTvZ3Yiuw7IIzxUp2fYjtpCWd/NvtI70heJCWdb5hwCeN"
+      "afIEpX+MTVuhUegysIFkOMMlUBIQSI5ky8kjx0Yi82BT/dpz9QgrqFL8NnTMXp0JlKFGL"
+      "QwsIQhvGjw/E52fEWRy85B5eezgNsD4QOLeZkF0bQAz8kXfLi+0djxsHvH9W9X2pwaFiA"
+      "veXR15/v+wfCwQGSsRhISGLzg/gO1agbQdaexI9GlEeZW0FEY7TblarKh8TVGNrauU7GC"
+      "GDmD2w7wx2HTXfo9SbViFoYVKuxcrpHGGEtBffnIeAwN6BBee4v11jxv0i/QUdK5G6FbH"
+      "qlD1AhHsm0YvidYKqJ0cnN262xIJH7dhKq/qUiAT+qk3+d3/obqxbvVY+bDoJQ10Gzj1A"
+      "SMy4zcSL7KW1l99xxMr6OlKr4Sr23oGw4BIN73FB8S8qMzz/VzL4azDUyGpPkzWl0yXPs"
+      "HpFWh1nZlsQehyknyWDH/waKrrG8tVWxHZLgq+zrFxQTh63UHXSD+TXB+AQg2xmQMeWlf"
+      "vRcsKL8titZ6PnWCHTmZY+3ibv5avDsg7He6OcZOi9ZmYMx82QHuzb4aZ/T+OC05oA97n"
+      "VNbTN6t8okkRtBamMvVhtTJANVpsdPi8saEaVF8e9liwmpq2w7pqXnzgdzvjSUpPAa4dZ"
+      "BjWnZJvFOHuxZqiRzQdZbeh9+bXwsQJhRNe+d4EgFwuqebQOczeUi4NVTHTFiuPEjCCAv"
+      "kGCSqGSIb3DQEHAaCCAuoEggLmMIIC4jCCAt4GCyqGSIb3DQEMCgECoIICpjCCAqIwHAY"
+      "KKoZIhvcNAQwBAzAOBAi0znbEekG/MgICCAAEggKAJfFPaQyYYLohEA1ruAZfepwMVrR8"
+      "eLMx00kkfXN9EoZeFPj2q7TGdqmbkUSqXnZK1ums7pFCPLgP1CsPlsq/4ZPDT2LLVFZNL"
+      "OgmdQBOSTvycfsj0iKYrwRC55wJI2OXsc062sT7oa99apkgrEyHq7JbOhszfnv5+aVy/6"
+      "O115dncqFPW2ei4CBzLEZyYa+Mka6CGqSdm97WVmv0emDKTFEP/FN4TH/tS8Qm6Y7DTKG"
+      "CujC+hb6lTRFYJAD4uld132dv0xQFkwDZGfdnuGJuNZBDC0gZk3BYvOaCUD8Y9UB5IjfG"
+      "Jax2yrurY1wSGSlTurafDTPrKqIdBovwCPsad2xz1YHC2Yy0h1FyR+2uitDyNfTiETfug"
+      "3bFbjwodu9wmt31A2ZFn4JpUrTYoZ3LZXngC3nNTayU0Tkd1ICMep2GbCReL3ajOlgOKG"
+      "FVoOm/qDnhiH6W/ebtAQXqVpuKut8uY0X0Ocmx7mTpmxlfDSRiBY9rvnrGfnpfLMxtFeF"
+      "9jv3n8vSwvA0Xn0okAv1FWYLStiCpNxnD6lmXQvcmL/skAlJJpHY9/58qt/e5sGYrkKBw"
+      "3jnX40zaK4W7GeJvhij0MRr6yUL2lvaEcWDnK6K1F90G/ybKRCTHBCJzyBe7yHhZCc+Zc"
+      "vKK6DTi83fELTyupy08BkXt7oPdapxmKlZxTldo9FpPXSqrdRtAWhDkEkIEf8dMf8QrQr"
+      "3glCWfbcQ047URYX45AHRnLTLLkJfdY8+Y3KsHoqL2UrOrct+J1u0mmnLbonN3pB2B4nd"
+      "9X9vf9/uSFrgvk0iPO0Ro3UPRUIIYEP2Kx51pZZVDd++hl5gXtqe0NIpphGhxLycIdzEl"
+      "MCMGCSqGSIb3DQEJFTEWBBR1uVpGjHRddIEYuJhz/FgG4Onh6jAxMCEwCQYFKw4DAhoFA"
+      "AQU1M+0WRDkoVGbGg1jj7q2fI67qHIECBzRYESpgt5iAgIIAA==\""
+      "        }"
+      "    ],"
+      "}");
+  std::string test_guid("{f998f760-272b-6939-4c2beffe428697ac}");
+  OncNetworkParser parser(test_blob);
+  ASSERT_EQ(1, parser.GetCertificatesSize());
+
+  scoped_refptr<net::X509Certificate> cert = parser.ParseCertificate(0).get();
+  EXPECT_TRUE(cert.get() != NULL);
+  EXPECT_EQ(net::USER_CERT, net::x509_util::GetCertType(cert.get()));
+
+  // We use the system NSS to set the label, and unless we're actually running
+  // on a ChromeOS system with a patched NSS, it won't work.
+  if (system::runtime_environment::IsRunningOnChromeOS()) {
+    EXPECT_STREQ(test_guid.c_str(),
+                 net::x509_util::GetLabel(cert.get()).c_str());
+    net::CertificateList result_list;
+    OncNetworkParser::ListCertsWithLabel(test_guid, &result_list);
+    ASSERT_EQ(1ul, result_list.size());
+    EXPECT_EQ(net::USER_CERT,
+              net::x509_util::GetCertType(result_list[0].get()));
+  }
+  SECKEYPublicKeyList* pubkey_list =
+      PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
+  EXPECT_TRUE(pubkey_list);
+  if (pubkey_list) {
+    SECKEYPublicKeyListNode* node = PUBKEY_LIST_HEAD(pubkey_list);
+    while (!PUBKEY_LIST_END(node, pubkey_list)) {
+      EXPECT_STREQ(test_guid.c_str(), PK11_GetPublicKeyNickname(node->key));
+      node = PUBKEY_LIST_NEXT(node);
+    }
+  }
+  SECKEY_DestroyPublicKeyList(pubkey_list);
+
+  SECKEYPrivateKeyList* privkey_list =
+      PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
+  EXPECT_TRUE(privkey_list);
+  if (privkey_list) {
+    SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list);
+    while (!PRIVKEY_LIST_END(node, privkey_list)) {
+      EXPECT_STREQ(test_guid.c_str(), PK11_GetPrivateKeyNickname(node->key));
+      node = PRIVKEY_LIST_NEXT(node);
+    }
+  }
+  SECKEY_DestroyPrivateKeyList(privkey_list);
+}
+
 TEST_F(OncNetworkParserTest, TestAddServerCertificate) {
   std::string test_blob(
       "{"
       "    \"Certificates\": ["
       "        {"
       "            \"GUID\": \"{f998f760-272b-6939-4c2beffe428697aa}\","
       "            \"Type\": \"Server\","
       "            \"X509\": \"MIICWDCCAcECAxAAATANBgkqhkiG9w0BAQQFADCBkzEVM"
       "BMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzEiMCAGCSqGSIb3DQ"
       "EJARYTZ3NwZW5jZXJAZ29vZ2xlLmNvbTEaMBgGA1UEBxMRTW91bnRhaW4gVmlldywgQ0E"
       "xCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzENMAsGA1UEAxMEbG1hbzAeFw0xMTAzMTYy"
       "MzQ5MzhaFw0xMjAzMTUyMzQ5MzhaMFMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVM"
       "BMGA1UEChMMR29vZ2xlLCBJbmMuMREwDwYDVQQLEwhDaHJvbWVPUzENMAsGA1UEAxMEbG"
       "1hbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA31WiJ9LvprrhKtDlW0RdLFAO7Qj"
       "kvs+sG6j2Vp2aBSrlhALG/0BVHUhWi4F/HHJho+ncLHAg5AGO0sdAjYUdQG6tfPqjLsIA"
       "LtoKEZZdFe/JhmqOEaxWsSdu2S2RdPgCQOsP79EH58gXwu2gejCkJDmU22WL4YLuqOc17"
       "nxbDC8CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCv4vMD+PMlfnftu4/6Yf/oMLE8yCOqZT"
       "Q/dWCxB9PiJnOefiBeSzSZE6Uv3G7qnblZPVZaFeJMd+ostt0viCyPucFsFgLMyyoV1dM"
       "VPVwJT5Iq1AHehWXnTBbxUK9wioA5jOEKdroKjuSSsg/Q8Wx6cpJmttQz5olGPgstmACR"
       "WA==\""
       "        }"
       "    ],"
       "}");
+  std::string test_guid("{f998f760-272b-6939-4c2beffe428697aa}");
   OncNetworkParser parser(test_blob);
+  ASSERT_EQ(1, parser.GetCertificatesSize());
 
-  EXPECT_EQ(1, parser.GetCertificatesSize());
-  EXPECT_TRUE(parser.ParseCertificate(0));
+  scoped_refptr<net::X509Certificate> cert = parser.ParseCertificate(0).get();
+  EXPECT_TRUE(cert.get() != NULL);
+  EXPECT_EQ(net::SERVER_CERT, net::x509_util::GetCertType(cert.get()));
+
+  // We use the system NSS to set the label, and unless we're actually running
+  // on a ChromeOS system with a patched NSS, it won't work.
+  if (system::runtime_environment::IsRunningOnChromeOS()) {
+    EXPECT_STREQ(test_guid.c_str(),
+                 net::x509_util::GetLabel(cert.get()).c_str());
+    net::CertificateList result_list;
+    OncNetworkParser::ListCertsWithLabel(test_guid, &result_list);
+    ASSERT_EQ(1ul, result_list.size());
+    EXPECT_EQ(net::SERVER_CERT,
+              net::x509_util::GetCertType(result_list[0].get()));
+  }
+
+  SECKEYPrivateKeyList* privkey_list =
+      PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
+  EXPECT_FALSE(privkey_list);
+
+  SECKEYPublicKeyList* pubkey_list =
+      PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
+  EXPECT_FALSE(pubkey_list);
+
 }
 
 TEST_F(OncNetworkParserTest, TestAddAuthorityCertificate) {
   const std::string test_blob("{"
       "    \"Certificates\": ["
       "        {"
       "            \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ab}\","
       "            \"Type\": \"Authority\","
       "            \"Trust\": [\"Web\"],"
       "            \"X509\": \"MIIDojCCAwugAwIBAgIJAKGvi5ZgEWDVMA0GCSqGSIb3D"
@@ skipping 11 matching lines @@
       "bSkl4kpjCNuxoezFGupA97WhgZmkgZYwgZMxFTATBgNVBAoTDEdvb2dsZSwgSW5jLjERM"
       "A8GA1UECxMIQ2hyb21lT1MxIjAgBgkqhkiG9w0BCQEWE2dzcGVuY2VyQGdvb2dsZS5jb2"
       "0xGjAYBgNVBAcTEU1vdW50YWluIFZpZXcsIENBMQswCQYDVQQIEwJDQTELMAkGA1UEBhM"
       "CVVMxDTALBgNVBAMTBGxtYW+CCQChr4uWYBFg1TANBgkqhkiG9w0BAQQFAAOBgQCDq9wi"
       "Q4uVuf1CQU3sXfXCy1yqi5m8AsO9FxHvah5/SVFNwKllqTfedpCaWEswJ55YAojW9e+pY"
       "2Fh3Fo/Y9YkF88KCtLuBjjqDKCRLxF4LycjHODKyQQ7mN/t5AtP9yKOsNvWF+M4IfReg5"
       "1kohau6FauQx87by5NIRPdkNPvkQ==\""
       "        }"
       "    ],"
       "}");
+  std::string test_guid("{f998f760-272b-6939-4c2beffe428697ab}");
   OncNetworkParser parser(test_blob);
+  ASSERT_EQ(1, parser.GetCertificatesSize());
 
-  EXPECT_EQ(1, parser.GetCertificatesSize());
-  EXPECT_TRUE(parser.ParseCertificate(0));
-}
+  scoped_refptr<net::X509Certificate> cert = parser.ParseCertificate(0).get();
+  EXPECT_TRUE(cert.get() != NULL);
+  EXPECT_EQ(net::CA_CERT, net::x509_util::GetCertType(cert.get()));
 
-TEST_F(OncNetworkParserTest, TestAddClientCertificate) {
-  std::string test_blob(
-      "{"
-      "    \"Certificates\": ["
-      "        {"
-      "            \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\","
-      "            \"Type\": \"Client\","
-      "            \"PKCS12\": \"MIIGUQIBAzCCBhcGCSqGSIb3DQEHAaCCBggEggYEMII"
-      "GADCCAv8GCSqGSIb3DQEHBqCCAvAwggLsAgEAMIIC5QYJKoZIhvcNAQcBMBwGCiqGSIb3"
-      "DQEMAQYwDgQIHnFaWM2Y0BgCAggAgIICuG4ou9mxkhpus8WictLJe+JOnSQrdNXV3FMQr"
-      "4pPJ6aJJFBMKZ80W2GpR8XNY/SSKkdaNr1puDm1bDBFGaHQuCKXYcWO8ynBQ1uoZaFaTT"
-      "FxWbbHo89Jrvw+gIrgpoOHQ0KECEbh5vOZCjGHoaQb4QZOkw/6Cuc4QRoCPJAI3pbSPG4"
-      "4kRbOuOaTZvBHSIPkGf3+R6byTvZ3Yiuw7IIzxUp2fYjtpCWd/NvtI70heJCWdb5hwCeN"
-      "afIEpX+MTVuhUegysIFkOMMlUBIQSI5ky8kjx0Yi82BT/dpz9QgrqFL8NnTMXp0JlKFGL"
-      "QwsIQhvGjw/E52fEWRy85B5eezgNsD4QOLeZkF0bQAz8kXfLi+0djxsHvH9W9X2pwaFiA"
-      "veXR15/v+wfCwQGSsRhISGLzg/gO1agbQdaexI9GlEeZW0FEY7TblarKh8TVGNrauU7GC"
-      "GDmD2w7wx2HTXfo9SbViFoYVKuxcrpHGGEtBffnIeAwN6BBee4v11jxv0i/QUdK5G6FbH"
-      "qlD1AhHsm0YvidYKqJ0cnN262xIJH7dhKq/qUiAT+qk3+d3/obqxbvVY+bDoJQ10Gzj1A"
-      "SMy4zcSL7KW1l99xxMr6OlKr4Sr23oGw4BIN73FB8S8qMzz/VzL4azDUyGpPkzWl0yXPs"
-      "HpFWh1nZlsQehyknyWDH/waKrrG8tVWxHZLgq+zrFxQTh63UHXSD+TXB+AQg2xmQMeWlf"
-      "vRcsKL8titZ6PnWCHTmZY+3ibv5avDsg7He6OcZOi9ZmYMx82QHuzb4aZ/T+OC05oA97n"
-      "VNbTN6t8okkRtBamMvVhtTJANVpsdPi8saEaVF8e9liwmpq2w7pqXnzgdzvjSUpPAa4dZ"
-      "BjWnZJvFOHuxZqiRzQdZbeh9+bXwsQJhRNe+d4EgFwuqebQOczeUi4NVTHTFiuPEjCCAv"
-      "kGCSqGSIb3DQEHAaCCAuoEggLmMIIC4jCCAt4GCyqGSIb3DQEMCgECoIICpjCCAqIwHAY"
-      "KKoZIhvcNAQwBAzAOBAi0znbEekG/MgICCAAEggKAJfFPaQyYYLohEA1ruAZfepwMVrR8"
-      "eLMx00kkfXN9EoZeFPj2q7TGdqmbkUSqXnZK1ums7pFCPLgP1CsPlsq/4ZPDT2LLVFZNL"
-      "OgmdQBOSTvycfsj0iKYrwRC55wJI2OXsc062sT7oa99apkgrEyHq7JbOhszfnv5+aVy/6"
-      "O115dncqFPW2ei4CBzLEZyYa+Mka6CGqSdm97WVmv0emDKTFEP/FN4TH/tS8Qm6Y7DTKG"
-      "CujC+hb6lTRFYJAD4uld132dv0xQFkwDZGfdnuGJuNZBDC0gZk3BYvOaCUD8Y9UB5IjfG"
-      "Jax2yrurY1wSGSlTurafDTPrKqIdBovwCPsad2xz1YHC2Yy0h1FyR+2uitDyNfTiETfug"
-      "3bFbjwodu9wmt31A2ZFn4JpUrTYoZ3LZXngC3nNTayU0Tkd1ICMep2GbCReL3ajOlgOKG"
-      "FVoOm/qDnhiH6W/ebtAQXqVpuKut8uY0X0Ocmx7mTpmxlfDSRiBY9rvnrGfnpfLMxtFeF"
-      "9jv3n8vSwvA0Xn0okAv1FWYLStiCpNxnD6lmXQvcmL/skAlJJpHY9/58qt/e5sGYrkKBw"
-      "3jnX40zaK4W7GeJvhij0MRr6yUL2lvaEcWDnK6K1F90G/ybKRCTHBCJzyBe7yHhZCc+Zc"
-      "vKK6DTi83fELTyupy08BkXt7oPdapxmKlZxTldo9FpPXSqrdRtAWhDkEkIEf8dMf8QrQr"
-      "3glCWfbcQ047URYX45AHRnLTLLkJfdY8+Y3KsHoqL2UrOrct+J1u0mmnLbonN3pB2B4nd"
-      "9X9vf9/uSFrgvk0iPO0Ro3UPRUIIYEP2Kx51pZZVDd++hl5gXtqe0NIpphGhxLycIdzEl"
-      "MCMGCSqGSIb3DQEJFTEWBBR1uVpGjHRddIEYuJhz/FgG4Onh6jAxMCEwCQYFKw4DAhoFA"
-      "AQU1M+0WRDkoVGbGg1jj7q2fI67qHIECBzRYESpgt5iAgIIAA==\""
-      "        }"
-      "    ],"
-      "}");
-  OncNetworkParser parser(test_blob);
+  // We use the system NSS to set the label, and unless we're actually running
+  // on a ChromeOS system with a patched NSS, it won't work.
+  if (system::runtime_environment::IsRunningOnChromeOS()) {
+    EXPECT_STREQ(test_guid.c_str(),
+                 net::x509_util::GetLabel(cert.get()).c_str());
+    net::CertificateList result_list;
+    OncNetworkParser::ListCertsWithLabel(test_guid, &result_list);
+    ASSERT_EQ(1ul, result_list.size());
+    EXPECT_EQ(net::CA_CERT, net::x509_util::GetCertType(result_list[0].get()));
+  }
 
-  EXPECT_EQ(1, parser.GetCertificatesSize());
-  EXPECT_TRUE(parser.ParseCertificate(0));
+  SECKEYPrivateKeyList* privkey_list =
+      PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
+  EXPECT_FALSE(privkey_list);
+
+  SECKEYPublicKeyList* pubkey_list =
+      PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
+  EXPECT_FALSE(pubkey_list);
+
 }
 
 }  // namespace chromeos