Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(590)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/origin_bound_cert_service_unittest.cc

Issue 8662036: Support EC certs in OriginBoundCertService and OriginBoundCertStore. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: review changes Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/origin_bound_cert_service.cc ('k') | net/base/origin_bound_cert_store.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/origin_bound_cert_service.h" 5 #include "net/base/origin_bound_cert_service.h"
6 6
7 #include <string> 7 #include <string>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
11 #include "base/memory/scoped_ptr.h" 11 #include "base/memory/scoped_ptr.h"
12 #include "crypto/ec_private_key.h"
12 #include "crypto/rsa_private_key.h" 13 #include "crypto/rsa_private_key.h"
14 #include "net/base/asn1_util.h"
13 #include "net/base/default_origin_bound_cert_store.h" 15 #include "net/base/default_origin_bound_cert_store.h"
14 #include "net/base/net_errors.h" 16 #include "net/base/net_errors.h"
15 #include "net/base/test_completion_callback.h" 17 #include "net/base/test_completion_callback.h"
16 #include "net/base/x509_certificate.h" 18 #include "net/base/x509_certificate.h"
17 #include "testing/gtest/include/gtest/gtest.h" 19 #include "testing/gtest/include/gtest/gtest.h"
18 20
19 namespace net { 21 namespace net {
20 22
21 namespace { 23 namespace {
22 24
23 void FailTest(int /* result */) { 25 void FailTest(int /* result */) {
24 FAIL(); 26 FAIL();
25 } 27 }
26 28
27 // See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned. 29 // See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned.
28 #if !defined(USE_OPENSSL) 30 #if !defined(USE_OPENSSL)
29 31
30 TEST(OriginBoundCertServiceTest, CacheHit) { 32 TEST(OriginBoundCertServiceTest, CacheHit) {
31 scoped_ptr<OriginBoundCertService> service( 33 scoped_ptr<OriginBoundCertService> service(
32 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); 34 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
33 std::string origin("https://encrypted.google.com:443"); 35 std::string origin("https://encrypted.google.com:443");
34 36
35 int error; 37 int error;
38 std::vector<uint8> types;
39 types.push_back(CLIENT_CERT_RSA_SIGN);
36 TestCompletionCallback callback; 40 TestCompletionCallback callback;
37 OriginBoundCertService::RequestHandle request_handle; 41 OriginBoundCertService::RequestHandle request_handle;
38 42
39 // Asynchronous completion. 43 // Asynchronous completion.
44 SSLClientCertType type1;
40 std::string private_key_info1, der_cert1; 45 std::string private_key_info1, der_cert1;
41 EXPECT_EQ(0, service->cert_count()); 46 EXPECT_EQ(0, service->cert_count());
42 error = service->GetOriginBoundCert( 47 error = service->GetOriginBoundCert(
43 origin, &private_key_info1, &der_cert1, callback.callback(), 48 origin, types, &type1, &private_key_info1, &der_cert1,
44 &request_handle); 49 callback.callback(), &request_handle);
45 EXPECT_EQ(ERR_IO_PENDING, error); 50 EXPECT_EQ(ERR_IO_PENDING, error);
46 EXPECT_TRUE(request_handle != NULL); 51 EXPECT_TRUE(request_handle != NULL);
47 error = callback.WaitForResult(); 52 error = callback.WaitForResult();
48 EXPECT_EQ(OK, error); 53 EXPECT_EQ(OK, error);
49 EXPECT_EQ(1, service->cert_count()); 54 EXPECT_EQ(1, service->cert_count());
55 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type1);
50 EXPECT_FALSE(private_key_info1.empty()); 56 EXPECT_FALSE(private_key_info1.empty());
51 EXPECT_FALSE(der_cert1.empty()); 57 EXPECT_FALSE(der_cert1.empty());
52 58
53 // Synchronous completion. 59 // Synchronous completion.
60 SSLClientCertType type2;
61 // If we request EC and RSA, should still retrieve the RSA cert.
62 types.insert(types.begin(), CLIENT_CERT_ECDSA_SIGN);
54 std::string private_key_info2, der_cert2; 63 std::string private_key_info2, der_cert2;
55 error = service->GetOriginBoundCert( 64 error = service->GetOriginBoundCert(
56 origin, &private_key_info2, &der_cert2, callback.callback(), 65 origin, types, &type2, &private_key_info2, &der_cert2,
57 &request_handle); 66 callback.callback(), &request_handle);
58 EXPECT_TRUE(request_handle == NULL); 67 EXPECT_TRUE(request_handle == NULL);
59 EXPECT_EQ(OK, error); 68 EXPECT_EQ(OK, error);
60 EXPECT_EQ(1, service->cert_count()); 69 EXPECT_EQ(1, service->cert_count());
61 70 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type2);
62 EXPECT_EQ(private_key_info1, private_key_info2); 71 EXPECT_EQ(private_key_info1, private_key_info2);
63 EXPECT_EQ(der_cert1, der_cert2); 72 EXPECT_EQ(der_cert1, der_cert2);
64 73
65 EXPECT_EQ(2u, service->requests()); 74 // Request only EC. Should generate a new EC cert and discard the old RSA
66 EXPECT_EQ(1u, service->cert_store_hits()); 75 // cert.
76 SSLClientCertType type3;
77 types.pop_back(); // Remove CLIENT_CERT_RSA_SIGN from requested types.
78 std::string private_key_info3, der_cert3;
79 EXPECT_EQ(1, service->cert_count());
80 error = service->GetOriginBoundCert(
81 origin, types, &type3, &private_key_info3, &der_cert3,
82 callback.callback(), &request_handle);
83 EXPECT_EQ(ERR_IO_PENDING, error);
84 EXPECT_TRUE(request_handle != NULL);
85 error = callback.WaitForResult();
86 EXPECT_EQ(OK, error);
87 EXPECT_EQ(1, service->cert_count());
88 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type3);
89 EXPECT_FALSE(private_key_info1.empty());
90 EXPECT_FALSE(der_cert1.empty());
91 EXPECT_NE(private_key_info1, private_key_info3);
92 EXPECT_NE(der_cert1, der_cert3);
93
94 // Synchronous completion.
95 // If we request RSA and EC, should now retrieve the EC cert.
96 SSLClientCertType type4;
97 types.insert(types.begin(), CLIENT_CERT_RSA_SIGN);
98 std::string private_key_info4, der_cert4;
99 error = service->GetOriginBoundCert(
100 origin, types, &type4, &private_key_info4, &der_cert4,
101 callback.callback(), &request_handle);
102 EXPECT_TRUE(request_handle == NULL);
103 EXPECT_EQ(OK, error);
104 EXPECT_EQ(1, service->cert_count());
105 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type4);
106 EXPECT_EQ(private_key_info3, private_key_info4);
107 EXPECT_EQ(der_cert3, der_cert4);
108
109 EXPECT_EQ(4u, service->requests());
110 EXPECT_EQ(2u, service->cert_store_hits());
67 EXPECT_EQ(0u, service->inflight_joins()); 111 EXPECT_EQ(0u, service->inflight_joins());
68 } 112 }
69 113
114 TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
115 scoped_ptr<OriginBoundCertService> service(
116 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
117 std::string origin("https://encrypted.google.com:443");
118
119 int error;
120 std::vector<uint8> types;
121 TestCompletionCallback callback;
122 OriginBoundCertService::RequestHandle request_handle;
123
124 // Empty requested_types.
125 SSLClientCertType type1;
126 std::string private_key_info1, der_cert1;
127 error = service->GetOriginBoundCert(
128 origin, types, &type1, &private_key_info1, &der_cert1,
129 callback.callback(), &request_handle);
130 EXPECT_EQ(ERR_INVALID_ARGUMENT, error);
131 EXPECT_TRUE(request_handle == NULL);
132
133 // No supported types in requested_types.
134 types.push_back(2);
135 types.push_back(3);
136 error = service->GetOriginBoundCert(
137 origin, types, &type1, &private_key_info1, &der_cert1,
138 callback.callback(), &request_handle);
139 EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error);
140 EXPECT_TRUE(request_handle == NULL);
141
142 // Supported types after unsupported ones in requested_types.
143 types.push_back(CLIENT_CERT_ECDSA_SIGN);
144 types.push_back(CLIENT_CERT_RSA_SIGN);
145 // Asynchronous completion.
146 EXPECT_EQ(0, service->cert_count());
147 error = service->GetOriginBoundCert(
148 origin, types, &type1, &private_key_info1, &der_cert1,
149 callback.callback(), &request_handle);
150 EXPECT_EQ(ERR_IO_PENDING, error);
151 EXPECT_TRUE(request_handle != NULL);
152 error = callback.WaitForResult();
153 EXPECT_EQ(OK, error);
154 EXPECT_EQ(1, service->cert_count());
155 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1);
156 EXPECT_FALSE(private_key_info1.empty());
157 EXPECT_FALSE(der_cert1.empty());
158
159 // Now that the cert is created, doing requests for unsupported types
160 // shouldn't affect the created cert.
161 // Empty requested_types.
162 types.clear();
163 SSLClientCertType type2;
164 std::string private_key_info2, der_cert2;
165 error = service->GetOriginBoundCert(
166 origin, types, &type2, &private_key_info2, &der_cert2,
167 callback.callback(), &request_handle);
168 EXPECT_EQ(ERR_INVALID_ARGUMENT, error);
169 EXPECT_TRUE(request_handle == NULL);
170
171 // No supported types in requested_types.
172 types.push_back(2);
173 types.push_back(3);
174 error = service->GetOriginBoundCert(
175 origin, types, &type2, &private_key_info2, &der_cert2,
176 callback.callback(), &request_handle);
177 EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error);
178 EXPECT_TRUE(request_handle == NULL);
179
180 // If we request EC, the cert we created before should still be there.
181 types.push_back(CLIENT_CERT_RSA_SIGN);
182 types.push_back(CLIENT_CERT_ECDSA_SIGN);
183 error = service->GetOriginBoundCert(
184 origin, types, &type2, &private_key_info2, &der_cert2,
185 callback.callback(), &request_handle);
186 EXPECT_TRUE(request_handle == NULL);
187 EXPECT_EQ(OK, error);
188 EXPECT_EQ(1, service->cert_count());
189 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2);
190 EXPECT_EQ(private_key_info1, private_key_info2);
191 EXPECT_EQ(der_cert1, der_cert2);
192 }
193
70 TEST(OriginBoundCertServiceTest, StoreCerts) { 194 TEST(OriginBoundCertServiceTest, StoreCerts) {
71 scoped_ptr<OriginBoundCertService> service( 195 scoped_ptr<OriginBoundCertService> service(
72 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); 196 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
73 int error; 197 int error;
198 std::vector<uint8> types;
199 types.push_back(CLIENT_CERT_RSA_SIGN);
74 TestCompletionCallback callback; 200 TestCompletionCallback callback;
75 OriginBoundCertService::RequestHandle request_handle; 201 OriginBoundCertService::RequestHandle request_handle;
76 202
77 std::string origin1("https://encrypted.google.com:443"); 203 std::string origin1("https://encrypted.google.com:443");
204 SSLClientCertType type1;
78 std::string private_key_info1, der_cert1; 205 std::string private_key_info1, der_cert1;
79 EXPECT_EQ(0, service->cert_count()); 206 EXPECT_EQ(0, service->cert_count());
80 error = service->GetOriginBoundCert( 207 error = service->GetOriginBoundCert(
81 origin1, &private_key_info1, &der_cert1, callback.callback(), 208 origin1, types, &type1, &private_key_info1, &der_cert1,
82 &request_handle); 209 callback.callback(), &request_handle);
83 EXPECT_EQ(ERR_IO_PENDING, error); 210 EXPECT_EQ(ERR_IO_PENDING, error);
84 EXPECT_TRUE(request_handle != NULL); 211 EXPECT_TRUE(request_handle != NULL);
85 error = callback.WaitForResult(); 212 error = callback.WaitForResult();
86 EXPECT_EQ(OK, error); 213 EXPECT_EQ(OK, error);
87 EXPECT_EQ(1, service->cert_count()); 214 EXPECT_EQ(1, service->cert_count());
88 215
89 std::string origin2("https://www.verisign.com:443"); 216 std::string origin2("https://www.verisign.com:443");
217 SSLClientCertType type2;
90 std::string private_key_info2, der_cert2; 218 std::string private_key_info2, der_cert2;
91 error = service->GetOriginBoundCert( 219 error = service->GetOriginBoundCert(
92 origin2, &private_key_info2, &der_cert2, callback.callback(), 220 origin2, types, &type2, &private_key_info2, &der_cert2,
93 &request_handle); 221 callback.callback(), &request_handle);
94 EXPECT_EQ(ERR_IO_PENDING, error); 222 EXPECT_EQ(ERR_IO_PENDING, error);
95 EXPECT_TRUE(request_handle != NULL); 223 EXPECT_TRUE(request_handle != NULL);
96 error = callback.WaitForResult(); 224 error = callback.WaitForResult();
97 EXPECT_EQ(OK, error); 225 EXPECT_EQ(OK, error);
98 EXPECT_EQ(2, service->cert_count()); 226 EXPECT_EQ(2, service->cert_count());
99 227
100 std::string origin3("https://www.twitter.com:443"); 228 std::string origin3("https://www.twitter.com:443");
229 SSLClientCertType type3;
101 std::string private_key_info3, der_cert3; 230 std::string private_key_info3, der_cert3;
231 types[0] = CLIENT_CERT_ECDSA_SIGN;
102 error = service->GetOriginBoundCert( 232 error = service->GetOriginBoundCert(
103 origin3, &private_key_info3, &der_cert3, callback.callback(), 233 origin3, types, &type3, &private_key_info3, &der_cert3,
104 &request_handle); 234 callback.callback(), &request_handle);
105 EXPECT_EQ(ERR_IO_PENDING, error); 235 EXPECT_EQ(ERR_IO_PENDING, error);
106 EXPECT_TRUE(request_handle != NULL); 236 EXPECT_TRUE(request_handle != NULL);
107 error = callback.WaitForResult(); 237 error = callback.WaitForResult();
108 EXPECT_EQ(OK, error); 238 EXPECT_EQ(OK, error);
109 EXPECT_EQ(3, service->cert_count()); 239 EXPECT_EQ(3, service->cert_count());
110 240
111 EXPECT_NE(private_key_info1, private_key_info2); 241 EXPECT_NE(private_key_info1, private_key_info2);
112 EXPECT_NE(der_cert1, der_cert2); 242 EXPECT_NE(der_cert1, der_cert2);
113 EXPECT_NE(private_key_info1, private_key_info3); 243 EXPECT_NE(private_key_info1, private_key_info3);
114 EXPECT_NE(der_cert1, der_cert3); 244 EXPECT_NE(der_cert1, der_cert3);
115 EXPECT_NE(private_key_info2, private_key_info3); 245 EXPECT_NE(private_key_info2, private_key_info3);
116 EXPECT_NE(der_cert2, der_cert3); 246 EXPECT_NE(der_cert2, der_cert3);
247 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type1);
248 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type2);
249 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type3);
117 } 250 }
118 251
119 // Tests an inflight join. 252 // Tests an inflight join.
120 TEST(OriginBoundCertServiceTest, InflightJoin) { 253 TEST(OriginBoundCertServiceTest, InflightJoin) {
121 scoped_ptr<OriginBoundCertService> service( 254 scoped_ptr<OriginBoundCertService> service(
122 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); 255 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
123 std::string origin("https://encrypted.google.com:443"); 256 std::string origin("https://encrypted.google.com:443");
124 int error; 257 int error;
258 std::vector<uint8> types;
259 types.push_back(CLIENT_CERT_RSA_SIGN);
125 260
261 SSLClientCertType type1;
126 std::string private_key_info1, der_cert1; 262 std::string private_key_info1, der_cert1;
127 TestCompletionCallback callback1; 263 TestCompletionCallback callback1;
128 OriginBoundCertService::RequestHandle request_handle1; 264 OriginBoundCertService::RequestHandle request_handle1;
129 265
266 SSLClientCertType type2;
130 std::string private_key_info2, der_cert2; 267 std::string private_key_info2, der_cert2;
131 TestCompletionCallback callback2; 268 TestCompletionCallback callback2;
132 OriginBoundCertService::RequestHandle request_handle2; 269 OriginBoundCertService::RequestHandle request_handle2;
133 270
134 error = service->GetOriginBoundCert( 271 error = service->GetOriginBoundCert(
135 origin, &private_key_info1, &der_cert1, callback1.callback(), 272 origin, types, &type1, &private_key_info1, &der_cert1,
136 &request_handle1); 273 callback1.callback(), &request_handle1);
137 EXPECT_EQ(ERR_IO_PENDING, error); 274 EXPECT_EQ(ERR_IO_PENDING, error);
138 EXPECT_TRUE(request_handle1 != NULL); 275 EXPECT_TRUE(request_handle1 != NULL);
276 // If we request EC and RSA in the 2nd request, should still join with the
277 // original request.
278 types.insert(types.begin(), CLIENT_CERT_ECDSA_SIGN);
139 error = service->GetOriginBoundCert( 279 error = service->GetOriginBoundCert(
140 origin, &private_key_info2, &der_cert2, callback2.callback(), 280 origin, types, &type2, &private_key_info2, &der_cert2,
141 &request_handle2); 281 callback2.callback(), &request_handle2);
142 EXPECT_EQ(ERR_IO_PENDING, error); 282 EXPECT_EQ(ERR_IO_PENDING, error);
143 EXPECT_TRUE(request_handle2 != NULL); 283 EXPECT_TRUE(request_handle2 != NULL);
144 284
145 error = callback1.WaitForResult(); 285 error = callback1.WaitForResult();
146 EXPECT_EQ(OK, error); 286 EXPECT_EQ(OK, error);
147 error = callback2.WaitForResult(); 287 error = callback2.WaitForResult();
148 EXPECT_EQ(OK, error); 288 EXPECT_EQ(OK, error);
149 289
290 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type1);
291 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type2);
150 EXPECT_EQ(2u, service->requests()); 292 EXPECT_EQ(2u, service->requests());
151 EXPECT_EQ(0u, service->cert_store_hits()); 293 EXPECT_EQ(0u, service->cert_store_hits());
152 EXPECT_EQ(1u, service->inflight_joins()); 294 EXPECT_EQ(1u, service->inflight_joins());
153 } 295 }
154 296
155 TEST(OriginBoundCertServiceTest, ExtractValuesFromBytes) { 297 // Tests an inflight join with mismatching request types.
298 TEST(OriginBoundCertServiceTest, InflightJoinTypeMismatch) {
156 scoped_ptr<OriginBoundCertService> service( 299 scoped_ptr<OriginBoundCertService> service(
157 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); 300 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
158 std::string origin("https://encrypted.google.com:443"); 301 std::string origin("https://encrypted.google.com:443");
302 int error;
303 std::vector<uint8> types1;
304 types1.push_back(CLIENT_CERT_RSA_SIGN);
305 std::vector<uint8> types2;
306 types2.push_back(CLIENT_CERT_ECDSA_SIGN);
307
308 SSLClientCertType type1;
309 std::string private_key_info1, der_cert1;
310 TestCompletionCallback callback1;
311 OriginBoundCertService::RequestHandle request_handle1;
312
313 SSLClientCertType type2;
314 std::string private_key_info2, der_cert2;
315 TestCompletionCallback callback2;
316 OriginBoundCertService::RequestHandle request_handle2;
317
318 error = service->GetOriginBoundCert(
319 origin, types1, &type1, &private_key_info1, &der_cert1,
320 callback1.callback(), &request_handle1);
321 EXPECT_EQ(ERR_IO_PENDING, error);
322 EXPECT_TRUE(request_handle1 != NULL);
323 // If we request only EC in the 2nd request, it should return an error.
324 error = service->GetOriginBoundCert(
325 origin, types2, &type2, &private_key_info2, &der_cert2,
326 callback2.callback(), &request_handle2);
327 EXPECT_EQ(ERR_ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH, error);
328 EXPECT_TRUE(request_handle2 == NULL);
329
330 error = callback1.WaitForResult();
331 EXPECT_EQ(OK, error);
332
333 EXPECT_FALSE(private_key_info1.empty());
334 EXPECT_FALSE(der_cert1.empty());
335 EXPECT_TRUE(private_key_info2.empty());
336 EXPECT_TRUE(der_cert2.empty());
337 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type1);
338 EXPECT_EQ(2u, service->requests());
339 EXPECT_EQ(0u, service->cert_store_hits());
340 EXPECT_EQ(0u, service->inflight_joins());
341 }
342
343 TEST(OriginBoundCertServiceTest, ExtractValuesFromBytesRSA) {
344 scoped_ptr<OriginBoundCertService> service(
345 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
346 std::string origin("https://encrypted.google.com:443");
347 SSLClientCertType type;
159 std::string private_key_info, der_cert; 348 std::string private_key_info, der_cert;
160 int error; 349 int error;
350 std::vector<uint8> types;
351 types.push_back(CLIENT_CERT_RSA_SIGN);
161 TestCompletionCallback callback; 352 TestCompletionCallback callback;
162 OriginBoundCertService::RequestHandle request_handle; 353 OriginBoundCertService::RequestHandle request_handle;
163 354
164 error = service->GetOriginBoundCert( 355 error = service->GetOriginBoundCert(
165 origin, &private_key_info, &der_cert, callback.callback(), 356 origin, types, &type, &private_key_info, &der_cert, callback.callback(),
166 &request_handle); 357 &request_handle);
167 EXPECT_EQ(ERR_IO_PENDING, error); 358 EXPECT_EQ(ERR_IO_PENDING, error);
168 EXPECT_TRUE(request_handle != NULL); 359 EXPECT_TRUE(request_handle != NULL);
169 error = callback.WaitForResult(); 360 error = callback.WaitForResult();
170 EXPECT_EQ(OK, error); 361 EXPECT_EQ(OK, error);
171 362
172 // Check that we can retrieve the key from the bytes. 363 // Check that we can retrieve the key from the bytes.
173 std::vector<uint8> key_vec(private_key_info.begin(), private_key_info.end()); 364 std::vector<uint8> key_vec(private_key_info.begin(), private_key_info.end());
174 scoped_ptr<crypto::RSAPrivateKey> private_key( 365 scoped_ptr<crypto::RSAPrivateKey> private_key(
175 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vec)); 366 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vec));
176 EXPECT_TRUE(private_key != NULL); 367 EXPECT_TRUE(private_key != NULL);
177 368
178 // Check that we can retrieve the cert from the bytes. 369 // Check that we can retrieve the cert from the bytes.
179 scoped_refptr<X509Certificate> x509cert( 370 scoped_refptr<X509Certificate> x509cert(
180 X509Certificate::CreateFromBytes(der_cert.data(), der_cert.size())); 371 X509Certificate::CreateFromBytes(der_cert.data(), der_cert.size()));
181 EXPECT_TRUE(x509cert != NULL); 372 EXPECT_TRUE(x509cert != NULL);
182 } 373 }
183 374
375 TEST(OriginBoundCertServiceTest, ExtractValuesFromBytesEC) {
376 scoped_ptr<OriginBoundCertService> service(
377 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
378 std::string origin("https://encrypted.google.com:443");
379 SSLClientCertType type;
380 std::string private_key_info, der_cert;
381 int error;
382 std::vector<uint8> types;
383 types.push_back(CLIENT_CERT_ECDSA_SIGN);
384 TestCompletionCallback callback;
385 OriginBoundCertService::RequestHandle request_handle;
386
387 error = service->GetOriginBoundCert(
388 origin, types, &type, &private_key_info, &der_cert, callback.callback(),
389 &request_handle);
390 EXPECT_EQ(ERR_IO_PENDING, error);
391 EXPECT_TRUE(request_handle != NULL);
392 error = callback.WaitForResult();
393 EXPECT_EQ(OK, error);
394
395 base::StringPiece spki_piece;
396 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_cert, &spki_piece));
397 std::vector<uint8> spki(
398 spki_piece.data(),
399 spki_piece.data() + spki_piece.size());
400
401 // Check that we can retrieve the key from the bytes.
402 std::vector<uint8> key_vec(private_key_info.begin(), private_key_info.end());
403 scoped_ptr<crypto::ECPrivateKey> private_key(
404 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
405 OriginBoundCertService::kEPKIPassword, key_vec, spki));
406 EXPECT_TRUE(private_key != NULL);
407
408 // Check that we can retrieve the cert from the bytes.
409 scoped_refptr<X509Certificate> x509cert(
410 X509Certificate::CreateFromBytes(der_cert.data(), der_cert.size()));
411 EXPECT_TRUE(x509cert != NULL);
412 }
413
184 // Tests that the callback of a canceled request is never made. 414 // Tests that the callback of a canceled request is never made.
185 TEST(OriginBoundCertServiceTest, CancelRequest) { 415 TEST(OriginBoundCertServiceTest, CancelRequest) {
186 scoped_ptr<OriginBoundCertService> service( 416 scoped_ptr<OriginBoundCertService> service(
187 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL))); 417 new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
188 std::string origin("https://encrypted.google.com:443"); 418 std::string origin("https://encrypted.google.com:443");
419 SSLClientCertType type;
189 std::string private_key_info, der_cert; 420 std::string private_key_info, der_cert;
190 int error; 421 int error;
422 std::vector<uint8> types;
423 types.push_back(CLIENT_CERT_RSA_SIGN);
191 OriginBoundCertService::RequestHandle request_handle; 424 OriginBoundCertService::RequestHandle request_handle;
192 425
193 error = service->GetOriginBoundCert(origin, 426 error = service->GetOriginBoundCert(origin,
427 types,
428 &type,
194 &private_key_info, 429 &private_key_info,
195 &der_cert, 430 &der_cert,
196 base::Bind(&FailTest), 431 base::Bind(&FailTest),
197 &request_handle); 432 &request_handle);
198 EXPECT_EQ(ERR_IO_PENDING, error); 433 EXPECT_EQ(ERR_IO_PENDING, error);
199 EXPECT_TRUE(request_handle != NULL); 434 EXPECT_TRUE(request_handle != NULL);
200 service->CancelRequest(request_handle); 435 service->CancelRequest(request_handle);
201 436
202 // Issue a few more requests to the worker pool and wait for their 437 // Issue a few more requests to the worker pool and wait for their
203 // completion, so that the task of the canceled request (which runs on a 438 // completion, so that the task of the canceled request (which runs on a
204 // worker thread) is likely to complete by the end of this test. 439 // worker thread) is likely to complete by the end of this test.
205 TestCompletionCallback callback; 440 TestCompletionCallback callback;
206 for (int i = 0; i < 5; ++i) { 441 for (int i = 0; i < 5; ++i) {
207 error = service->GetOriginBoundCert( 442 error = service->GetOriginBoundCert(
208 "https://encrypted.google.com:" + std::string(1, (char) ('1' + i)), 443 "https://encrypted.google.com:" + std::string(1, (char) ('1' + i)),
444 types,
445 &type,
209 &private_key_info, 446 &private_key_info,
210 &der_cert, 447 &der_cert,
211 callback.callback(), 448 callback.callback(),
212 &request_handle); 449 &request_handle);
213 EXPECT_EQ(ERR_IO_PENDING, error); 450 EXPECT_EQ(ERR_IO_PENDING, error);
214 EXPECT_TRUE(request_handle != NULL); 451 EXPECT_TRUE(request_handle != NULL);
215 error = callback.WaitForResult(); 452 error = callback.WaitForResult();
216 } 453 }
454
455 // Even though the original request was cancelled, the service will still
456 // store the result, it just doesn't call the callback.
457 EXPECT_EQ(6, service->cert_count());
217 } 458 }
218 459
219 #endif // !defined(USE_OPENSSL) 460 #endif // !defined(USE_OPENSSL)
220 461
221 } // namespace 462 } // namespace
222 463
223 } // namespace net 464 } // namespace net
OLDNEW
« no previous file with comments | « net/base/origin_bound_cert_service.cc ('k') | net/base/origin_bound_cert_store.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698