Support EC certs in OriginBoundCertService and OriginBoundCertStore.

chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc

Index: chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
diff --git a/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc b/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
index 476839544fb3bcf17b352826e17e82dcf5c8cc1d..06cb2744b9567188a67430f04fe3d8f5682f680b 100644
--- a/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
+++ b/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
@@ -12,6 +12,7 @@
 #include "chrome/browser/net/sqlite_origin_bound_cert_store.h"
 #include "chrome/common/chrome_constants.h"
 #include "content/test/test_browser_thread.h"
+#include "sql/statement.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 using content::BrowserThread;
@@ -34,7 +35,8 @@ class SQLiteOriginBoundCertStoreTest : public testing::Test {
     // Make sure the store gets written at least once.
     store_->AddOriginBoundCert(
         net::DefaultOriginBoundCertStore::OriginBoundCert(
-            "https://encrypted.google.com:8443", "a", "b"));
+            "https://encrypted.google.com:8443",
+            net::CLIENT_CERT_RSA_SIGN, "a", "b"));
   }
 
   content::TestBrowserThread db_thread_;
@@ -75,6 +77,10 @@ TEST_F(SQLiteOriginBoundCertStoreTest, RemoveOnDestruction) {
 
 // Test if data is stored as expected in the SQLite database.
 TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
+  store_->AddOriginBoundCert(
+      net::DefaultOriginBoundCertStore::OriginBoundCert(
+          "https://www.google.com/", net::CLIENT_CERT_ECDSA_SIGN, "c", "d"));
+
   std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*> certs;
   // Replace the store effectively destroying the current one and forcing it
   // to write it's data to disk. Then we can see if after loading it again it
@@ -90,12 +96,27 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
 
   // Reload and test for persistence
   ASSERT_TRUE(store_->Load(&certs));
-  ASSERT_EQ(1U, certs.size());
-  ASSERT_STREQ("https://encrypted.google.com:8443", certs[0]->origin().c_str());
-  ASSERT_STREQ("a", certs[0]->private_key().c_str());
-  ASSERT_STREQ("b", certs[0]->cert().c_str());
+  ASSERT_EQ(2U, certs.size());
+  net::DefaultOriginBoundCertStore::OriginBoundCert* ec_cert;
+  net::DefaultOriginBoundCertStore::OriginBoundCert* rsa_cert;
+  if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) {
+    rsa_cert = certs[0];
+    ec_cert = certs[1];
+  } else {
+    rsa_cert = certs[1];
+    ec_cert = certs[0];
+  }
+  ASSERT_STREQ("https://encrypted.google.com:8443", rsa_cert->origin().c_str());
+  ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, rsa_cert->type());
+  ASSERT_STREQ("a", rsa_cert->private_key().c_str());
+  ASSERT_STREQ("b", rsa_cert->cert().c_str());
+  ASSERT_STREQ("https://www.google.com/", ec_cert->origin().c_str());
+  ASSERT_EQ(net::CLIENT_CERT_ECDSA_SIGN, ec_cert->type());
+  ASSERT_STREQ("c", ec_cert->private_key().c_str());
+  ASSERT_STREQ("d", ec_cert->cert().c_str());
 
   // Now delete the cert and check persistence again.
+  store_->DeleteOriginBoundCert(*certs[1]);

[wtc, 2011/12/02 22:06:59]

Nit: if the order of deleting certs doesn't matter, it
looks nicer to delete *certs[0] and then *certs[1].

[mattm, 2011/12/05 22:19:20]

Done.

   store_->DeleteOriginBoundCert(*certs[0]);
   store_ = NULL;
   // Make sure we wait until the destructor has run.
@@ -110,6 +131,69 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
   ASSERT_EQ(0U, certs.size());
 }
 
+TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgrade) {
+  // Reset the store.  We'll be using a different database for this test.
+  store_ = NULL;
+
+  FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db"));
+
+  // Create a version 1 database.
+  {
+    sql::Connection db;
+    ASSERT_TRUE(db.Open(v1_db_path));
+    ASSERT_TRUE(db.Execute(
+        "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY,"
+            "value LONGVARCHAR);"
+        "INSERT INTO \"meta\" VALUES('version','1');"
+        "INSERT INTO \"meta\" VALUES('last_compatible_version','1');"
+        "CREATE TABLE origin_bound_certs ("
+            "origin TEXT NOT NULL UNIQUE PRIMARY KEY,"
+            "private_key BLOB NOT NULL,cert BLOB NOT NULL);"
+        "INSERT INTO \"origin_bound_certs\" VALUES("
+            "'https://google.com',X'AA',X'BB');"
+        "INSERT INTO \"origin_bound_certs\" VALUES("
+            "'https://foo.com',X'CC',X'DD');"
+        ));
+  }
+
+  std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*> certs;
+  store_ = new SQLiteOriginBoundCertStore(v1_db_path);
+
+  // Load the database and ensure the certs can be read and are marked as RSA.
+  ASSERT_TRUE(store_->Load(&certs));
+  ASSERT_EQ(2U, certs.size());
+  ASSERT_STREQ("https://google.com", certs[0]->origin().c_str());
+  ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
+  ASSERT_STREQ("\xaa", certs[0]->private_key().c_str());
+  ASSERT_STREQ("\xbb", certs[0]->cert().c_str());
+  ASSERT_STREQ("https://foo.com", certs[1]->origin().c_str());
+  ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[1]->type());
+  ASSERT_STREQ("\xcc", certs[1]->private_key().c_str());
+  ASSERT_STREQ("\xdd", certs[1]->cert().c_str());
+
+  STLDeleteContainerPointers(certs.begin(), certs.end());
+  certs.clear();
+
+  store_ = NULL;
+  // Make sure we wait until the destructor has run.
+  scoped_refptr<base::ThreadTestHelper> helper(
+      new base::ThreadTestHelper(
+          BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB)));
+  ASSERT_TRUE(helper->Run());
+
+  // Verify the database version is updated.
+  {
+    sql::Connection db;
+    ASSERT_TRUE(db.Open(v1_db_path));
+    sql::Statement smt(db.GetUniqueStatement(
+        "SELECT value FROM meta WHERE key = \"version\""));
+    ASSERT_TRUE(smt);
+    ASSERT_TRUE(smt.Step());
+    EXPECT_EQ(2, smt.ColumnInt(0));
+    EXPECT_FALSE(smt.Step());
+  }
+}
+
 // Test that we can force the database to be written by calling Flush().
 TEST_F(SQLiteOriginBoundCertStoreTest, TestFlush) {
   // File timestamps don't work well on all platforms, so we'll determine
@@ -125,9 +209,11 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestFlush) {
     std::string private_key(1000, c);
     std::string cert(1000, c);
     store_->AddOriginBoundCert(
-        net::DefaultOriginBoundCertStore::OriginBoundCert(origin,
-                                                          private_key,
-                                                          cert));
+        net::DefaultOriginBoundCertStore::OriginBoundCert(
+            origin,
+            net::CLIENT_CERT_RSA_SIGN,
+            private_key,
+            cert));
   }
 
   // Call Flush() and wait until the DB thread is idle.