Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(439)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/origin_bound_cert_service_unittest.cc

Issue 8890073: Handle Origin Bound Certificate expiration. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/base/origin_bound_cert_service.cc ('K') | « net/base/origin_bound_cert_service.cc ('k') | net/base/origin_bound_cert_store.h » ('j') | net/base/origin_bound_cert_store.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/origin_bound_cert_service_unittest.cc
diff --git a/net/base/origin_bound_cert_service_unittest.cc b/net/base/origin_bound_cert_service_unittest.cc
index 1adedfaa350cbd8d96f06157b49709c5b472db0d..a62ba8456556b79eae52ee9d499ba14b2b6c20b9 100644
--- a/net/base/origin_bound_cert_service_unittest.cc
+++ b/net/base/origin_bound_cert_service_unittest.cc
@@ -457,6 +457,56 @@ TEST(OriginBoundCertServiceTest, CancelRequest) {
EXPECT_EQ(6, service->cert_count());
}
+TEST(OriginBoundCertServiceTest, Expiration) {
+ OriginBoundCertStore* store = new DefaultOriginBoundCertStore(NULL);
+ store->SetOriginBoundCert("https://good",
+ CLIENT_CERT_RSA_SIGN,
+ base::Time::Now() + base::TimeDelta::FromDays(1),
+ "a",
+ "b");
+ store->SetOriginBoundCert("https://expired",
+ CLIENT_CERT_RSA_SIGN,
+ base::Time::Now() - base::TimeDelta::FromDays(1),
+ "c",
+ "d");
+ scoped_ptr<OriginBoundCertService> service(new OriginBoundCertService(store));
wtc 2011/12/15 03:18:51 Nit: 'service' can be allocated on the stack: Or
mattm 2011/12/20 00:28:38 Done.
+ EXPECT_EQ(2, service->cert_count());
+
+ int error;
+ std::vector<uint8> types;
+ types.push_back(CLIENT_CERT_RSA_SIGN);
+ TestCompletionCallback callback;
+ OriginBoundCertService::RequestHandle request_handle;
+
+ // Cert still valid - synchronous completion.
+ SSLClientCertType type1;
+ std::string private_key_info1, der_cert1;
+ error = service->GetOriginBoundCert(
+ "https://good", types, &type1, &private_key_info1, &der_cert1,
+ callback.callback(), &request_handle);
+ EXPECT_TRUE(request_handle == NULL);
+ EXPECT_EQ(OK, error);
wtc 2011/12/15 03:18:51 Nit: please test 'error' (the return value) before
mattm 2011/12/20 00:28:38 Done.
+ EXPECT_EQ(2, service->cert_count());
+ EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type1);
+ EXPECT_STREQ("a", private_key_info1.c_str());
+ EXPECT_STREQ("b", der_cert1.c_str());
+
+ // Cert expired - New cert will be generated, asynchronous completion.
+ SSLClientCertType type2;
+ std::string private_key_info2, der_cert2;
+ error = service->GetOriginBoundCert(
+ "https://expired", types, &type2, &private_key_info2, &der_cert2,
+ callback.callback(), &request_handle);
+ EXPECT_EQ(ERR_IO_PENDING, error);
+ EXPECT_TRUE(request_handle != NULL);
+ error = callback.WaitForResult();
+ EXPECT_EQ(OK, error);
+ EXPECT_EQ(2, service->cert_count());
+ EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type2);
+ EXPECT_LT(1U, private_key_info2.size());
+ EXPECT_LT(1U, der_cert2.size());
+}
+
#endif // !defined(USE_OPENSSL)
} // namespace
« net/base/origin_bound_cert_service.cc ('K') | « net/base/origin_bound_cert_service.cc ('k') | net/base/origin_bound_cert_store.h » ('j') | net/base/origin_bound_cert_store.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698