Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1289)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc

Issue 8662036: Support EC certs in OriginBoundCertService and OriginBoundCertStore. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: forgot to add new file Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/net/sqlite_origin_bound_cert_store.cc ('k') | crypto/ec_private_key.h » ('j') | net/base/net_error_list.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
diff --git a/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc b/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
index 476839544fb3bcf17b352826e17e82dcf5c8cc1d..cc3130d7b1959a89175ad7c7d686598ad5df5312 100644
--- a/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
+++ b/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
@@ -12,6 +12,7 @@
#include "chrome/browser/net/sqlite_origin_bound_cert_store.h"
#include "chrome/common/chrome_constants.h"
#include "content/test/test_browser_thread.h"
+#include "sql/statement.h"
#include "testing/gtest/include/gtest/gtest.h"
using content::BrowserThread;
@@ -34,7 +35,8 @@ class SQLiteOriginBoundCertStoreTest : public testing::Test {
// Make sure the store gets written at least once.
store_->AddOriginBoundCert(
net::DefaultOriginBoundCertStore::OriginBoundCert(
- "https://encrypted.google.com:8443", "a", "b"));
+ "https://encrypted.google.com:8443",
+ net::CLIENT_CERT_RSA_SIGN, "a", "b"));
}
content::TestBrowserThread db_thread_;
@@ -75,6 +77,10 @@ TEST_F(SQLiteOriginBoundCertStoreTest, RemoveOnDestruction) {
// Test if data is stored as expected in the SQLite database.
TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
+ store_->AddOriginBoundCert(
+ net::DefaultOriginBoundCertStore::OriginBoundCert(
+ "https://www.google.com/", net::CLIENT_CERT_ECDSA_SIGN, "c", "d"));
+
std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*> certs;
// Replace the store effectively destroying the current one and forcing it
// to write it's data to disk. Then we can see if after loading it again it
@@ -90,13 +96,28 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
// Reload and test for persistence
ASSERT_TRUE(store_->Load(&certs));
- ASSERT_EQ(1U, certs.size());
- ASSERT_STREQ("https://encrypted.google.com:8443", certs[0]->origin().c_str());
- ASSERT_STREQ("a", certs[0]->private_key().c_str());
- ASSERT_STREQ("b", certs[0]->cert().c_str());
+ ASSERT_EQ(2U, certs.size());
+ net::DefaultOriginBoundCertStore::OriginBoundCert* ec_cert;
+ net::DefaultOriginBoundCertStore::OriginBoundCert* rsa_cert;
+ if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) {
+ rsa_cert = certs[0];
+ ec_cert = certs[1];
+ } else {
+ rsa_cert = certs[1];
+ ec_cert = certs[0];
+ }
+ ASSERT_STREQ("https://encrypted.google.com:8443", rsa_cert->origin().c_str());
+ ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, rsa_cert->type());
+ ASSERT_STREQ("a", rsa_cert->private_key().c_str());
+ ASSERT_STREQ("b", rsa_cert->cert().c_str());
+ ASSERT_STREQ("https://www.google.com/", ec_cert->origin().c_str());
+ ASSERT_EQ(net::CLIENT_CERT_ECDSA_SIGN, ec_cert->type());
+ ASSERT_STREQ("c", ec_cert->private_key().c_str());
+ ASSERT_STREQ("d", ec_cert->cert().c_str());
// Now delete the cert and check persistence again.
store_->DeleteOriginBoundCert(*certs[0]);
+ store_->DeleteOriginBoundCert(*certs[1]);
store_ = NULL;
// Make sure we wait until the destructor has run.
ASSERT_TRUE(helper->Run());
@@ -110,6 +131,69 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
ASSERT_EQ(0U, certs.size());
}
+TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgrade) {
+ // Reset the store. We'll be using a different database for this test.
+ store_ = NULL;
+
+ FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db"));
+
+ // Create a version 1 database.
+ {
+ sql::Connection db;
+ ASSERT_TRUE(db.Open(v1_db_path));
+ ASSERT_TRUE(db.Execute(
+ "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY,"
+ "value LONGVARCHAR);"
+ "INSERT INTO \"meta\" VALUES('version','1');"
+ "INSERT INTO \"meta\" VALUES('last_compatible_version','1');"
+ "CREATE TABLE origin_bound_certs ("
+ "origin TEXT NOT NULL UNIQUE PRIMARY KEY,"
+ "private_key BLOB NOT NULL,cert BLOB NOT NULL);"
+ "INSERT INTO \"origin_bound_certs\" VALUES("
+ "'https://google.com',X'AA',X'BB');"
+ "INSERT INTO \"origin_bound_certs\" VALUES("
+ "'https://foo.com',X'CC',X'DD');"
+ ));
+ }
+
+ std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*> certs;
+ store_ = new SQLiteOriginBoundCertStore(v1_db_path);
+
+ // Load the database and ensure the certs can be read and are marked as RSA.
+ ASSERT_TRUE(store_->Load(&certs));
+ ASSERT_EQ(2U, certs.size());
+ ASSERT_STREQ("https://google.com", certs[0]->origin().c_str());
+ ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
+ ASSERT_STREQ("\xaa", certs[0]->private_key().c_str());
+ ASSERT_STREQ("\xbb", certs[0]->cert().c_str());
+ ASSERT_STREQ("https://foo.com", certs[1]->origin().c_str());
+ ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[1]->type());
+ ASSERT_STREQ("\xcc", certs[1]->private_key().c_str());
+ ASSERT_STREQ("\xdd", certs[1]->cert().c_str());
+
+ STLDeleteContainerPointers(certs.begin(), certs.end());
+ certs.clear();
+
+ store_ = NULL;
+ // Make sure we wait until the destructor has run.
+ scoped_refptr<base::ThreadTestHelper> helper(
+ new base::ThreadTestHelper(
+ BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB)));
+ ASSERT_TRUE(helper->Run());
+
+ // Verify the database version is updated.
+ {
+ sql::Connection db;
+ ASSERT_TRUE(db.Open(v1_db_path));
+ sql::Statement smt(db.GetUniqueStatement(
+ "SELECT value FROM meta WHERE key = \"version\""));
+ ASSERT_TRUE(smt);
+ ASSERT_TRUE(smt.Step());
+ EXPECT_EQ(2, smt.ColumnInt(0));
+ EXPECT_FALSE(smt.Step());
+ }
+}
+
// Test that we can force the database to be written by calling Flush().
TEST_F(SQLiteOriginBoundCertStoreTest, TestFlush) {
// File timestamps don't work well on all platforms, so we'll determine
@@ -125,9 +209,11 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestFlush) {
std::string private_key(1000, c);
std::string cert(1000, c);
store_->AddOriginBoundCert(
- net::DefaultOriginBoundCertStore::OriginBoundCert(origin,
- private_key,
- cert));
+ net::DefaultOriginBoundCertStore::OriginBoundCert(
+ origin,
+ net::CLIENT_CERT_RSA_SIGN,
+ private_key,
+ cert));
}
// Call Flush() and wait until the DB thread is idle.
« no previous file with comments | « chrome/browser/net/sqlite_origin_bound_cert_store.cc ('k') | crypto/ec_private_key.h » ('j') | net/base/net_error_list.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698