| Index: chrome/browser/chromeos/cros/onc_network_parser_unittest.cc
|
| diff --git a/chrome/browser/chromeos/cros/onc_network_parser_unittest.cc b/chrome/browser/chromeos/cros/onc_network_parser_unittest.cc
|
| index 24e656bf916fa86eaf2da0d48f3454f996911dd5..0931146ef42ab65dfc5bfbd2e4fc548f5c410482 100644
|
| --- a/chrome/browser/chromeos/cros/onc_network_parser_unittest.cc
|
| +++ b/chrome/browser/chromeos/cros/onc_network_parser_unittest.cc
|
| @@ -5,20 +5,27 @@
|
| #include "chrome/browser/chromeos/cros/onc_network_parser.h"
|
|
|
| #include <cert.h>
|
| +#include <keyhi.h>
|
| #include <pk11pub.h>
|
|
|
| #include "base/lazy_instance.h"
|
| #include "base/scoped_temp_dir.h"
|
| #include "base/values.h"
|
| #include "chrome/browser/chromeos/cros/network_library.h"
|
| +#include "chrome/browser/chromeos/system/runtime_environment.h"
|
| #include "crypto/nss_util.h"
|
| #include "net/base/cert_database.h"
|
| #include "net/base/crypto_module.h"
|
| #include "net/base/x509_certificate.h"
|
| +#include "net/base/x509_util_nss.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
|
|
| namespace chromeos {
|
|
|
| +namespace {
|
| +const char g_token_name[] = "OncNetworkParserTest token";
|
| +}
|
| +
|
| class OncNetworkParserTest : public testing::Test {
|
| public:
|
| static void SetUpTestCase() {
|
| @@ -29,8 +36,7 @@ class OncNetworkParserTest : public testing::Test {
|
| // it once, and empty it for each test case. Here's the bug:
|
| // https://bugzilla.mozilla.org/show_bug.cgi?id=588269
|
| ASSERT_TRUE(
|
| - crypto::OpenTestNSSDB(temp_db_dir_.Get().path(),
|
| - "OncNetworkParserTest db"));
|
| + crypto::OpenTestNSSDB(temp_db_dir_.Get().path(), g_token_name));
|
| }
|
|
|
| static void TearDownTestCase() {
|
| @@ -192,6 +198,92 @@ TEST_F(OncNetworkParserTest, TestCreateNetworkWifiEAP2) {
|
| EXPECT_EQ(wifi->eap_anonymous_identity(), "anon");
|
| }
|
|
|
| +TEST_F(OncNetworkParserTest, TestAddClientCertificate) {
|
| + std::string test_blob(
|
| + "{"
|
| + " \"Certificates\": ["
|
| + " {"
|
| + " \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\","
|
| + " \"Type\": \"Client\","
|
| + " \"PKCS12\": \"MIIGUQIBAzCCBhcGCSqGSIb3DQEHAaCCBggEggYEMII"
|
| + "GADCCAv8GCSqGSIb3DQEHBqCCAvAwggLsAgEAMIIC5QYJKoZIhvcNAQcBMBwGCiqGSIb3"
|
| + "DQEMAQYwDgQIHnFaWM2Y0BgCAggAgIICuG4ou9mxkhpus8WictLJe+JOnSQrdNXV3FMQr"
|
| + "4pPJ6aJJFBMKZ80W2GpR8XNY/SSKkdaNr1puDm1bDBFGaHQuCKXYcWO8ynBQ1uoZaFaTT"
|
| + "FxWbbHo89Jrvw+gIrgpoOHQ0KECEbh5vOZCjGHoaQb4QZOkw/6Cuc4QRoCPJAI3pbSPG4"
|
| + "4kRbOuOaTZvBHSIPkGf3+R6byTvZ3Yiuw7IIzxUp2fYjtpCWd/NvtI70heJCWdb5hwCeN"
|
| + "afIEpX+MTVuhUegysIFkOMMlUBIQSI5ky8kjx0Yi82BT/dpz9QgrqFL8NnTMXp0JlKFGL"
|
| + "QwsIQhvGjw/E52fEWRy85B5eezgNsD4QOLeZkF0bQAz8kXfLi+0djxsHvH9W9X2pwaFiA"
|
| + "veXR15/v+wfCwQGSsRhISGLzg/gO1agbQdaexI9GlEeZW0FEY7TblarKh8TVGNrauU7GC"
|
| + "GDmD2w7wx2HTXfo9SbViFoYVKuxcrpHGGEtBffnIeAwN6BBee4v11jxv0i/QUdK5G6FbH"
|
| + "qlD1AhHsm0YvidYKqJ0cnN262xIJH7dhKq/qUiAT+qk3+d3/obqxbvVY+bDoJQ10Gzj1A"
|
| + "SMy4zcSL7KW1l99xxMr6OlKr4Sr23oGw4BIN73FB8S8qMzz/VzL4azDUyGpPkzWl0yXPs"
|
| + "HpFWh1nZlsQehyknyWDH/waKrrG8tVWxHZLgq+zrFxQTh63UHXSD+TXB+AQg2xmQMeWlf"
|
| + "vRcsKL8titZ6PnWCHTmZY+3ibv5avDsg7He6OcZOi9ZmYMx82QHuzb4aZ/T+OC05oA97n"
|
| + "VNbTN6t8okkRtBamMvVhtTJANVpsdPi8saEaVF8e9liwmpq2w7pqXnzgdzvjSUpPAa4dZ"
|
| + "BjWnZJvFOHuxZqiRzQdZbeh9+bXwsQJhRNe+d4EgFwuqebQOczeUi4NVTHTFiuPEjCCAv"
|
| + "kGCSqGSIb3DQEHAaCCAuoEggLmMIIC4jCCAt4GCyqGSIb3DQEMCgECoIICpjCCAqIwHAY"
|
| + "KKoZIhvcNAQwBAzAOBAi0znbEekG/MgICCAAEggKAJfFPaQyYYLohEA1ruAZfepwMVrR8"
|
| + "eLMx00kkfXN9EoZeFPj2q7TGdqmbkUSqXnZK1ums7pFCPLgP1CsPlsq/4ZPDT2LLVFZNL"
|
| + "OgmdQBOSTvycfsj0iKYrwRC55wJI2OXsc062sT7oa99apkgrEyHq7JbOhszfnv5+aVy/6"
|
| + "O115dncqFPW2ei4CBzLEZyYa+Mka6CGqSdm97WVmv0emDKTFEP/FN4TH/tS8Qm6Y7DTKG"
|
| + "CujC+hb6lTRFYJAD4uld132dv0xQFkwDZGfdnuGJuNZBDC0gZk3BYvOaCUD8Y9UB5IjfG"
|
| + "Jax2yrurY1wSGSlTurafDTPrKqIdBovwCPsad2xz1YHC2Yy0h1FyR+2uitDyNfTiETfug"
|
| + "3bFbjwodu9wmt31A2ZFn4JpUrTYoZ3LZXngC3nNTayU0Tkd1ICMep2GbCReL3ajOlgOKG"
|
| + "FVoOm/qDnhiH6W/ebtAQXqVpuKut8uY0X0Ocmx7mTpmxlfDSRiBY9rvnrGfnpfLMxtFeF"
|
| + "9jv3n8vSwvA0Xn0okAv1FWYLStiCpNxnD6lmXQvcmL/skAlJJpHY9/58qt/e5sGYrkKBw"
|
| + "3jnX40zaK4W7GeJvhij0MRr6yUL2lvaEcWDnK6K1F90G/ybKRCTHBCJzyBe7yHhZCc+Zc"
|
| + "vKK6DTi83fELTyupy08BkXt7oPdapxmKlZxTldo9FpPXSqrdRtAWhDkEkIEf8dMf8QrQr"
|
| + "3glCWfbcQ047URYX45AHRnLTLLkJfdY8+Y3KsHoqL2UrOrct+J1u0mmnLbonN3pB2B4nd"
|
| + "9X9vf9/uSFrgvk0iPO0Ro3UPRUIIYEP2Kx51pZZVDd++hl5gXtqe0NIpphGhxLycIdzEl"
|
| + "MCMGCSqGSIb3DQEJFTEWBBR1uVpGjHRddIEYuJhz/FgG4Onh6jAxMCEwCQYFKw4DAhoFA"
|
| + "AQU1M+0WRDkoVGbGg1jj7q2fI67qHIECBzRYESpgt5iAgIIAA==\""
|
| + " }"
|
| + " ],"
|
| + "}");
|
| + std::string test_guid("{f998f760-272b-6939-4c2beffe428697ac}");
|
| + OncNetworkParser parser(test_blob);
|
| + ASSERT_EQ(1, parser.GetCertificatesSize());
|
| +
|
| + scoped_refptr<net::X509Certificate> cert = parser.ParseCertificate(0).get();
|
| + EXPECT_TRUE(cert.get() != NULL);
|
| + EXPECT_EQ(net::USER_CERT, net::x509_util::GetCertType(cert.get()));
|
| +
|
| + // We use the system NSS to set the label, and unless we're actually running
|
| + // on a ChromeOS system with a patched NSS, it won't work.
|
| + if (system::runtime_environment::IsRunningOnChromeOS()) {
|
| + EXPECT_STREQ(test_guid.c_str(),
|
| + net::x509_util::GetLabel(cert.get()).c_str());
|
| + net::CertificateList result_list;
|
| + OncNetworkParser::ListCertsWithLabel(test_guid, &result_list);
|
| + ASSERT_EQ(1ul, result_list.size());
|
| + EXPECT_EQ(net::USER_CERT,
|
| + net::x509_util::GetCertType(result_list[0].get()));
|
| + }
|
| + SECKEYPublicKeyList* pubkey_list =
|
| + PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
|
| + EXPECT_TRUE(pubkey_list);
|
| + if (pubkey_list) {
|
| + SECKEYPublicKeyListNode* node = PUBKEY_LIST_HEAD(pubkey_list);
|
| + while (!PUBKEY_LIST_END(node, pubkey_list)) {
|
| + EXPECT_STREQ(test_guid.c_str(), PK11_GetPublicKeyNickname(node->key));
|
| + node = PUBKEY_LIST_NEXT(node);
|
| + }
|
| + }
|
| + SECKEY_DestroyPublicKeyList(pubkey_list);
|
| +
|
| + SECKEYPrivateKeyList* privkey_list =
|
| + PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
|
| + EXPECT_TRUE(privkey_list);
|
| + if (privkey_list) {
|
| + SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list);
|
| + while (!PRIVKEY_LIST_END(node, privkey_list)) {
|
| + EXPECT_STREQ(test_guid.c_str(), PK11_GetPrivateKeyNickname(node->key));
|
| + node = PRIVKEY_LIST_NEXT(node);
|
| + }
|
| + }
|
| + SECKEY_DestroyPrivateKeyList(privkey_list);
|
| +}
|
| +
|
| TEST_F(OncNetworkParserTest, TestAddServerCertificate) {
|
| std::string test_blob(
|
| "{"
|
| @@ -215,10 +307,34 @@ TEST_F(OncNetworkParserTest, TestAddServerCertificate) {
|
| " }"
|
| " ],"
|
| "}");
|
| + std::string test_guid("{f998f760-272b-6939-4c2beffe428697aa}");
|
| OncNetworkParser parser(test_blob);
|
| + ASSERT_EQ(1, parser.GetCertificatesSize());
|
| +
|
| + scoped_refptr<net::X509Certificate> cert = parser.ParseCertificate(0).get();
|
| + EXPECT_TRUE(cert.get() != NULL);
|
| + EXPECT_EQ(net::SERVER_CERT, net::x509_util::GetCertType(cert.get()));
|
| +
|
| + // We use the system NSS to set the label, and unless we're actually running
|
| + // on a ChromeOS system with a patched NSS, it won't work.
|
| + if (system::runtime_environment::IsRunningOnChromeOS()) {
|
| + EXPECT_STREQ(test_guid.c_str(),
|
| + net::x509_util::GetLabel(cert.get()).c_str());
|
| + net::CertificateList result_list;
|
| + OncNetworkParser::ListCertsWithLabel(test_guid, &result_list);
|
| + ASSERT_EQ(1ul, result_list.size());
|
| + EXPECT_EQ(net::SERVER_CERT,
|
| + net::x509_util::GetCertType(result_list[0].get()));
|
| + }
|
| +
|
| + SECKEYPrivateKeyList* privkey_list =
|
| + PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
|
| + EXPECT_FALSE(privkey_list);
|
| +
|
| + SECKEYPublicKeyList* pubkey_list =
|
| + PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
|
| + EXPECT_FALSE(pubkey_list);
|
|
|
| - EXPECT_EQ(1, parser.GetCertificatesSize());
|
| - EXPECT_TRUE(parser.ParseCertificate(0));
|
| }
|
|
|
| TEST_F(OncNetworkParserTest, TestAddAuthorityCertificate) {
|
| @@ -250,58 +366,33 @@ TEST_F(OncNetworkParserTest, TestAddAuthorityCertificate) {
|
| " }"
|
| " ],"
|
| "}");
|
| + std::string test_guid("{f998f760-272b-6939-4c2beffe428697ab}");
|
| OncNetworkParser parser(test_blob);
|
| + ASSERT_EQ(1, parser.GetCertificatesSize());
|
| +
|
| + scoped_refptr<net::X509Certificate> cert = parser.ParseCertificate(0).get();
|
| + EXPECT_TRUE(cert.get() != NULL);
|
| + EXPECT_EQ(net::CA_CERT, net::x509_util::GetCertType(cert.get()));
|
| +
|
| + // We use the system NSS to set the label, and unless we're actually running
|
| + // on a ChromeOS system with a patched NSS, it won't work.
|
| + if (system::runtime_environment::IsRunningOnChromeOS()) {
|
| + EXPECT_STREQ(test_guid.c_str(),
|
| + net::x509_util::GetLabel(cert.get()).c_str());
|
| + net::CertificateList result_list;
|
| + OncNetworkParser::ListCertsWithLabel(test_guid, &result_list);
|
| + ASSERT_EQ(1ul, result_list.size());
|
| + EXPECT_EQ(net::CA_CERT, net::x509_util::GetCertType(result_list[0].get()));
|
| + }
|
|
|
| - EXPECT_EQ(1, parser.GetCertificatesSize());
|
| - EXPECT_TRUE(parser.ParseCertificate(0));
|
| -}
|
| + SECKEYPrivateKeyList* privkey_list =
|
| + PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
|
| + EXPECT_FALSE(privkey_list);
|
|
|
| -TEST_F(OncNetworkParserTest, TestAddClientCertificate) {
|
| - std::string test_blob(
|
| - "{"
|
| - " \"Certificates\": ["
|
| - " {"
|
| - " \"GUID\": \"{f998f760-272b-6939-4c2beffe428697ac}\","
|
| - " \"Type\": \"Client\","
|
| - " \"PKCS12\": \"MIIGUQIBAzCCBhcGCSqGSIb3DQEHAaCCBggEggYEMII"
|
| - "GADCCAv8GCSqGSIb3DQEHBqCCAvAwggLsAgEAMIIC5QYJKoZIhvcNAQcBMBwGCiqGSIb3"
|
| - "DQEMAQYwDgQIHnFaWM2Y0BgCAggAgIICuG4ou9mxkhpus8WictLJe+JOnSQrdNXV3FMQr"
|
| - "4pPJ6aJJFBMKZ80W2GpR8XNY/SSKkdaNr1puDm1bDBFGaHQuCKXYcWO8ynBQ1uoZaFaTT"
|
| - "FxWbbHo89Jrvw+gIrgpoOHQ0KECEbh5vOZCjGHoaQb4QZOkw/6Cuc4QRoCPJAI3pbSPG4"
|
| - "4kRbOuOaTZvBHSIPkGf3+R6byTvZ3Yiuw7IIzxUp2fYjtpCWd/NvtI70heJCWdb5hwCeN"
|
| - "afIEpX+MTVuhUegysIFkOMMlUBIQSI5ky8kjx0Yi82BT/dpz9QgrqFL8NnTMXp0JlKFGL"
|
| - "QwsIQhvGjw/E52fEWRy85B5eezgNsD4QOLeZkF0bQAz8kXfLi+0djxsHvH9W9X2pwaFiA"
|
| - "veXR15/v+wfCwQGSsRhISGLzg/gO1agbQdaexI9GlEeZW0FEY7TblarKh8TVGNrauU7GC"
|
| - "GDmD2w7wx2HTXfo9SbViFoYVKuxcrpHGGEtBffnIeAwN6BBee4v11jxv0i/QUdK5G6FbH"
|
| - "qlD1AhHsm0YvidYKqJ0cnN262xIJH7dhKq/qUiAT+qk3+d3/obqxbvVY+bDoJQ10Gzj1A"
|
| - "SMy4zcSL7KW1l99xxMr6OlKr4Sr23oGw4BIN73FB8S8qMzz/VzL4azDUyGpPkzWl0yXPs"
|
| - "HpFWh1nZlsQehyknyWDH/waKrrG8tVWxHZLgq+zrFxQTh63UHXSD+TXB+AQg2xmQMeWlf"
|
| - "vRcsKL8titZ6PnWCHTmZY+3ibv5avDsg7He6OcZOi9ZmYMx82QHuzb4aZ/T+OC05oA97n"
|
| - "VNbTN6t8okkRtBamMvVhtTJANVpsdPi8saEaVF8e9liwmpq2w7pqXnzgdzvjSUpPAa4dZ"
|
| - "BjWnZJvFOHuxZqiRzQdZbeh9+bXwsQJhRNe+d4EgFwuqebQOczeUi4NVTHTFiuPEjCCAv"
|
| - "kGCSqGSIb3DQEHAaCCAuoEggLmMIIC4jCCAt4GCyqGSIb3DQEMCgECoIICpjCCAqIwHAY"
|
| - "KKoZIhvcNAQwBAzAOBAi0znbEekG/MgICCAAEggKAJfFPaQyYYLohEA1ruAZfepwMVrR8"
|
| - "eLMx00kkfXN9EoZeFPj2q7TGdqmbkUSqXnZK1ums7pFCPLgP1CsPlsq/4ZPDT2LLVFZNL"
|
| - "OgmdQBOSTvycfsj0iKYrwRC55wJI2OXsc062sT7oa99apkgrEyHq7JbOhszfnv5+aVy/6"
|
| - "O115dncqFPW2ei4CBzLEZyYa+Mka6CGqSdm97WVmv0emDKTFEP/FN4TH/tS8Qm6Y7DTKG"
|
| - "CujC+hb6lTRFYJAD4uld132dv0xQFkwDZGfdnuGJuNZBDC0gZk3BYvOaCUD8Y9UB5IjfG"
|
| - "Jax2yrurY1wSGSlTurafDTPrKqIdBovwCPsad2xz1YHC2Yy0h1FyR+2uitDyNfTiETfug"
|
| - "3bFbjwodu9wmt31A2ZFn4JpUrTYoZ3LZXngC3nNTayU0Tkd1ICMep2GbCReL3ajOlgOKG"
|
| - "FVoOm/qDnhiH6W/ebtAQXqVpuKut8uY0X0Ocmx7mTpmxlfDSRiBY9rvnrGfnpfLMxtFeF"
|
| - "9jv3n8vSwvA0Xn0okAv1FWYLStiCpNxnD6lmXQvcmL/skAlJJpHY9/58qt/e5sGYrkKBw"
|
| - "3jnX40zaK4W7GeJvhij0MRr6yUL2lvaEcWDnK6K1F90G/ybKRCTHBCJzyBe7yHhZCc+Zc"
|
| - "vKK6DTi83fELTyupy08BkXt7oPdapxmKlZxTldo9FpPXSqrdRtAWhDkEkIEf8dMf8QrQr"
|
| - "3glCWfbcQ047URYX45AHRnLTLLkJfdY8+Y3KsHoqL2UrOrct+J1u0mmnLbonN3pB2B4nd"
|
| - "9X9vf9/uSFrgvk0iPO0Ro3UPRUIIYEP2Kx51pZZVDd++hl5gXtqe0NIpphGhxLycIdzEl"
|
| - "MCMGCSqGSIb3DQEJFTEWBBR1uVpGjHRddIEYuJhz/FgG4Onh6jAxMCEwCQYFKw4DAhoFA"
|
| - "AQU1M+0WRDkoVGbGg1jj7q2fI67qHIECBzRYESpgt5iAgIIAA==\""
|
| - " }"
|
| - " ],"
|
| - "}");
|
| - OncNetworkParser parser(test_blob);
|
| + SECKEYPublicKeyList* pubkey_list =
|
| + PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
|
| + EXPECT_FALSE(pubkey_list);
|
|
|
| - EXPECT_EQ(1, parser.GetCertificatesSize());
|
| - EXPECT_TRUE(parser.ParseCertificate(0));
|
| }
|
|
|
| } // namespace chromeos
|
|
|
Chromium Code Reviews
Issue 8566056:
This applies GUIDs to certificate and key nicknames when (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src