| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/default_origin_bound_cert_store.h" | 5 #include "net/base/default_origin_bound_cert_store.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 for (it = origin_certs_.begin(); it != origin_certs_.end(); ++it) { | 51 for (it = origin_certs_.begin(); it != origin_certs_.end(); ++it) { |
| 52 certs->push_back( | 52 certs->push_back( |
| 53 new DefaultOriginBoundCertStore::OriginBoundCert(it->second)); | 53 new DefaultOriginBoundCertStore::OriginBoundCert(it->second)); |
| 54 } | 54 } |
| 55 | 55 |
| 56 return true; | 56 return true; |
| 57 } | 57 } |
| 58 | 58 |
| 59 void MockPersistentStore::AddOriginBoundCert( | 59 void MockPersistentStore::AddOriginBoundCert( |
| 60 const DefaultOriginBoundCertStore::OriginBoundCert& cert) { | 60 const DefaultOriginBoundCertStore::OriginBoundCert& cert) { |
| 61 origin_certs_[cert.origin()] = cert; | 61 origin_certs_[cert.domain()] = cert; |
| 62 } | 62 } |
| 63 | 63 |
| 64 void MockPersistentStore::DeleteOriginBoundCert( | 64 void MockPersistentStore::DeleteOriginBoundCert( |
| 65 const DefaultOriginBoundCertStore::OriginBoundCert& cert) { | 65 const DefaultOriginBoundCertStore::OriginBoundCert& cert) { |
| 66 origin_certs_.erase(cert.origin()); | 66 origin_certs_.erase(cert.domain()); |
| 67 } | 67 } |
| 68 | 68 |
| 69 void MockPersistentStore::SetClearLocalStateOnExit(bool clear_local_state) {} | 69 void MockPersistentStore::SetClearLocalStateOnExit(bool clear_local_state) {} |
| 70 | 70 |
| 71 void MockPersistentStore::Flush(const base::Closure& completion_task) { | 71 void MockPersistentStore::Flush(const base::Closure& completion_task) { |
| 72 NOTREACHED(); | 72 NOTREACHED(); |
| 73 } | 73 } |
| 74 | 74 |
| 75 TEST(DefaultOriginBoundCertStoreTest, TestLoading) { | 75 TEST(DefaultOriginBoundCertStoreTest, TestLoading) { |
| 76 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 76 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
| 77 | 77 |
| 78 persistent_store->AddOriginBoundCert( | 78 persistent_store->AddOriginBoundCert( |
| 79 DefaultOriginBoundCertStore::OriginBoundCert( | 79 DefaultOriginBoundCertStore::OriginBoundCert( |
| 80 "https://encrypted.google.com/", | 80 "google.com", |
| 81 CLIENT_CERT_RSA_SIGN, | 81 CLIENT_CERT_RSA_SIGN, |
| 82 base::Time(), | 82 base::Time(), |
| 83 base::Time(), | 83 base::Time(), |
| 84 "a", "b")); | 84 "a", "b")); |
| 85 persistent_store->AddOriginBoundCert( | 85 persistent_store->AddOriginBoundCert( |
| 86 DefaultOriginBoundCertStore::OriginBoundCert( | 86 DefaultOriginBoundCertStore::OriginBoundCert( |
| 87 "https://www.verisign.com/", | 87 "verisign.com", |
| 88 CLIENT_CERT_ECDSA_SIGN, | 88 CLIENT_CERT_ECDSA_SIGN, |
| 89 base::Time(), | 89 base::Time(), |
| 90 base::Time(), | 90 base::Time(), |
| 91 "c", "d")); | 91 "c", "d")); |
| 92 | 92 |
| 93 // Make sure certs load properly. | 93 // Make sure certs load properly. |
| 94 DefaultOriginBoundCertStore store(persistent_store.get()); | 94 DefaultOriginBoundCertStore store(persistent_store.get()); |
| 95 EXPECT_EQ(2, store.GetCertCount()); | 95 EXPECT_EQ(2, store.GetCertCount()); |
| 96 store.SetOriginBoundCert( | 96 store.SetOriginBoundCert( |
| 97 "https://www.verisign.com/", | 97 "verisign.com", |
| 98 CLIENT_CERT_RSA_SIGN, | 98 CLIENT_CERT_RSA_SIGN, |
| 99 base::Time(), | 99 base::Time(), |
| 100 base::Time(), | 100 base::Time(), |
| 101 "e", "f"); | 101 "e", "f"); |
| 102 EXPECT_EQ(2, store.GetCertCount()); | 102 EXPECT_EQ(2, store.GetCertCount()); |
| 103 store.SetOriginBoundCert( | 103 store.SetOriginBoundCert( |
| 104 "https://www.twitter.com/", | 104 "twitter.com", |
| 105 CLIENT_CERT_RSA_SIGN, | 105 CLIENT_CERT_RSA_SIGN, |
| 106 base::Time(), | 106 base::Time(), |
| 107 base::Time(), | 107 base::Time(), |
| 108 "g", "h"); | 108 "g", "h"); |
| 109 EXPECT_EQ(3, store.GetCertCount()); | 109 EXPECT_EQ(3, store.GetCertCount()); |
| 110 } | 110 } |
| 111 | 111 |
| 112 TEST(DefaultOriginBoundCertStoreTest, TestSettingAndGetting) { | 112 TEST(DefaultOriginBoundCertStoreTest, TestSettingAndGetting) { |
| 113 DefaultOriginBoundCertStore store(NULL); | 113 DefaultOriginBoundCertStore store(NULL); |
| 114 SSLClientCertType type; | 114 SSLClientCertType type; |
| 115 base::Time creation_time; | 115 base::Time creation_time; |
| 116 base::Time expiration_time; | 116 base::Time expiration_time; |
| 117 std::string private_key, cert; | 117 std::string private_key, cert; |
| 118 EXPECT_EQ(0, store.GetCertCount()); | 118 EXPECT_EQ(0, store.GetCertCount()); |
| 119 EXPECT_FALSE(store.GetOriginBoundCert("https://www.verisign.com/", | 119 EXPECT_FALSE(store.GetOriginBoundCert("verisign.com", |
| 120 &type, | 120 &type, |
| 121 &creation_time, | 121 &creation_time, |
| 122 &expiration_time, | 122 &expiration_time, |
| 123 &private_key, | 123 &private_key, |
| 124 &cert)); | 124 &cert)); |
| 125 EXPECT_TRUE(private_key.empty()); | 125 EXPECT_TRUE(private_key.empty()); |
| 126 EXPECT_TRUE(cert.empty()); | 126 EXPECT_TRUE(cert.empty()); |
| 127 store.SetOriginBoundCert( | 127 store.SetOriginBoundCert( |
| 128 "https://www.verisign.com/", | 128 "verisign.com", |
| 129 CLIENT_CERT_RSA_SIGN, | 129 CLIENT_CERT_RSA_SIGN, |
| 130 base::Time::FromInternalValue(123), | 130 base::Time::FromInternalValue(123), |
| 131 base::Time::FromInternalValue(456), | 131 base::Time::FromInternalValue(456), |
| 132 "i", "j"); | 132 "i", "j"); |
| 133 EXPECT_TRUE(store.GetOriginBoundCert("https://www.verisign.com/", | 133 EXPECT_TRUE(store.GetOriginBoundCert("verisign.com", |
| 134 &type, | 134 &type, |
| 135 &creation_time, | 135 &creation_time, |
| 136 &expiration_time, | 136 &expiration_time, |
| 137 &private_key, | 137 &private_key, |
| 138 &cert)); | 138 &cert)); |
| 139 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type); | 139 EXPECT_EQ(CLIENT_CERT_RSA_SIGN, type); |
| 140 EXPECT_EQ(123, creation_time.ToInternalValue()); | 140 EXPECT_EQ(123, creation_time.ToInternalValue()); |
| 141 EXPECT_EQ(456, expiration_time.ToInternalValue()); | 141 EXPECT_EQ(456, expiration_time.ToInternalValue()); |
| 142 EXPECT_EQ("i", private_key); | 142 EXPECT_EQ("i", private_key); |
| 143 EXPECT_EQ("j", cert); | 143 EXPECT_EQ("j", cert); |
| 144 } | 144 } |
| 145 | 145 |
| 146 TEST(DefaultOriginBoundCertStoreTest, TestDuplicateCerts) { | 146 TEST(DefaultOriginBoundCertStoreTest, TestDuplicateCerts) { |
| 147 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 147 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
| 148 DefaultOriginBoundCertStore store(persistent_store.get()); | 148 DefaultOriginBoundCertStore store(persistent_store.get()); |
| 149 | 149 |
| 150 SSLClientCertType type; | 150 SSLClientCertType type; |
| 151 base::Time creation_time; | 151 base::Time creation_time; |
| 152 base::Time expiration_time; | 152 base::Time expiration_time; |
| 153 std::string private_key, cert; | 153 std::string private_key, cert; |
| 154 EXPECT_EQ(0, store.GetCertCount()); | 154 EXPECT_EQ(0, store.GetCertCount()); |
| 155 store.SetOriginBoundCert( | 155 store.SetOriginBoundCert( |
| 156 "https://www.verisign.com/", | 156 "verisign.com", |
| 157 CLIENT_CERT_RSA_SIGN, | 157 CLIENT_CERT_RSA_SIGN, |
| 158 base::Time::FromInternalValue(123), | 158 base::Time::FromInternalValue(123), |
| 159 base::Time::FromInternalValue(1234), | 159 base::Time::FromInternalValue(1234), |
| 160 "a", "b"); | 160 "a", "b"); |
| 161 store.SetOriginBoundCert( | 161 store.SetOriginBoundCert( |
| 162 "https://www.verisign.com/", | 162 "verisign.com", |
| 163 CLIENT_CERT_ECDSA_SIGN, | 163 CLIENT_CERT_ECDSA_SIGN, |
| 164 base::Time::FromInternalValue(456), | 164 base::Time::FromInternalValue(456), |
| 165 base::Time::FromInternalValue(4567), | 165 base::Time::FromInternalValue(4567), |
| 166 "c", "d"); | 166 "c", "d"); |
| 167 | 167 |
| 168 EXPECT_EQ(1, store.GetCertCount()); | 168 EXPECT_EQ(1, store.GetCertCount()); |
| 169 EXPECT_TRUE(store.GetOriginBoundCert("https://www.verisign.com/", | 169 EXPECT_TRUE(store.GetOriginBoundCert("verisign.com", |
| 170 &type, | 170 &type, |
| 171 &creation_time, | 171 &creation_time, |
| 172 &expiration_time, | 172 &expiration_time, |
| 173 &private_key, | 173 &private_key, |
| 174 &cert)); | 174 &cert)); |
| 175 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type); | 175 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type); |
| 176 EXPECT_EQ(456, creation_time.ToInternalValue()); | 176 EXPECT_EQ(456, creation_time.ToInternalValue()); |
| 177 EXPECT_EQ(4567, expiration_time.ToInternalValue()); | 177 EXPECT_EQ(4567, expiration_time.ToInternalValue()); |
| 178 EXPECT_EQ("c", private_key); | 178 EXPECT_EQ("c", private_key); |
| 179 EXPECT_EQ("d", cert); | 179 EXPECT_EQ("d", cert); |
| 180 } | 180 } |
| 181 | 181 |
| 182 TEST(DefaultOriginBoundCertStoreTest, TestDeleteAll) { | 182 TEST(DefaultOriginBoundCertStoreTest, TestDeleteAll) { |
| 183 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 183 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
| 184 DefaultOriginBoundCertStore store(persistent_store.get()); | 184 DefaultOriginBoundCertStore store(persistent_store.get()); |
| 185 | 185 |
| 186 EXPECT_EQ(0, store.GetCertCount()); | 186 EXPECT_EQ(0, store.GetCertCount()); |
| 187 store.SetOriginBoundCert( | 187 store.SetOriginBoundCert( |
| 188 "https://www.verisign.com/", | 188 "verisign.com", |
| 189 CLIENT_CERT_RSA_SIGN, | 189 CLIENT_CERT_RSA_SIGN, |
| 190 base::Time(), | 190 base::Time(), |
| 191 base::Time(), | 191 base::Time(), |
| 192 "a", "b"); | 192 "a", "b"); |
| 193 store.SetOriginBoundCert( | 193 store.SetOriginBoundCert( |
| 194 "https://www.google.com/", | 194 "google.com", |
| 195 CLIENT_CERT_RSA_SIGN, | 195 CLIENT_CERT_RSA_SIGN, |
| 196 base::Time(), | 196 base::Time(), |
| 197 base::Time(), | 197 base::Time(), |
| 198 "c", "d"); | 198 "c", "d"); |
| 199 store.SetOriginBoundCert( | 199 store.SetOriginBoundCert( |
| 200 "https://www.harvard.com/", | 200 "harvard.com", |
| 201 CLIENT_CERT_RSA_SIGN, | 201 CLIENT_CERT_RSA_SIGN, |
| 202 base::Time(), | 202 base::Time(), |
| 203 base::Time(), | 203 base::Time(), |
| 204 "e", "f"); | 204 "e", "f"); |
| 205 | 205 |
| 206 EXPECT_EQ(3, store.GetCertCount()); | 206 EXPECT_EQ(3, store.GetCertCount()); |
| 207 store.DeleteAll(); | 207 store.DeleteAll(); |
| 208 EXPECT_EQ(0, store.GetCertCount()); | 208 EXPECT_EQ(0, store.GetCertCount()); |
| 209 } | 209 } |
| 210 | 210 |
| 211 TEST(DefaultOriginBoundCertStoreTest, TestDelete) { | 211 TEST(DefaultOriginBoundCertStoreTest, TestDelete) { |
| 212 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 212 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
| 213 DefaultOriginBoundCertStore store(persistent_store.get()); | 213 DefaultOriginBoundCertStore store(persistent_store.get()); |
| 214 | 214 |
| 215 SSLClientCertType type; | 215 SSLClientCertType type; |
| 216 base::Time creation_time; | 216 base::Time creation_time; |
| 217 base::Time expiration_time; | 217 base::Time expiration_time; |
| 218 std::string private_key, cert; | 218 std::string private_key, cert; |
| 219 EXPECT_EQ(0, store.GetCertCount()); | 219 EXPECT_EQ(0, store.GetCertCount()); |
| 220 store.SetOriginBoundCert( | 220 store.SetOriginBoundCert( |
| 221 "https://www.verisign.com/", | 221 "verisign.com", |
| 222 CLIENT_CERT_RSA_SIGN, | 222 CLIENT_CERT_RSA_SIGN, |
| 223 base::Time(), | 223 base::Time(), |
| 224 base::Time(), | 224 base::Time(), |
| 225 "a", "b"); | 225 "a", "b"); |
| 226 store.SetOriginBoundCert( | 226 store.SetOriginBoundCert( |
| 227 "https://www.google.com/", | 227 "google.com", |
| 228 CLIENT_CERT_ECDSA_SIGN, | 228 CLIENT_CERT_ECDSA_SIGN, |
| 229 base::Time(), | 229 base::Time(), |
| 230 base::Time(), | 230 base::Time(), |
| 231 "c", "d"); | 231 "c", "d"); |
| 232 | 232 |
| 233 EXPECT_EQ(2, store.GetCertCount()); | 233 EXPECT_EQ(2, store.GetCertCount()); |
| 234 store.DeleteOriginBoundCert("https://www.verisign.com/"); | 234 store.DeleteOriginBoundCert("verisign.com"); |
| 235 EXPECT_EQ(1, store.GetCertCount()); | 235 EXPECT_EQ(1, store.GetCertCount()); |
| 236 EXPECT_FALSE(store.GetOriginBoundCert("https://www.verisign.com/", | 236 EXPECT_FALSE(store.GetOriginBoundCert("verisign.com", |
| 237 &type, | 237 &type, |
| 238 &creation_time, | 238 &creation_time, |
| 239 &expiration_time, | 239 &expiration_time, |
| 240 &private_key, | 240 &private_key, |
| 241 &cert)); | 241 &cert)); |
| 242 EXPECT_TRUE(store.GetOriginBoundCert("https://www.google.com/", | 242 EXPECT_TRUE(store.GetOriginBoundCert("google.com", |
| 243 &type, | 243 &type, |
| 244 &creation_time, | 244 &creation_time, |
| 245 &expiration_time, | 245 &expiration_time, |
| 246 &private_key, | 246 &private_key, |
| 247 &cert)); | 247 &cert)); |
| 248 store.DeleteOriginBoundCert("https://www.google.com/"); | 248 store.DeleteOriginBoundCert("google.com"); |
| 249 EXPECT_EQ(0, store.GetCertCount()); | 249 EXPECT_EQ(0, store.GetCertCount()); |
| 250 EXPECT_FALSE(store.GetOriginBoundCert("https://www.google.com/", | 250 EXPECT_FALSE(store.GetOriginBoundCert("google.com", |
| 251 &type, | 251 &type, |
| 252 &creation_time, | 252 &creation_time, |
| 253 &expiration_time, | 253 &expiration_time, |
| 254 &private_key, | 254 &private_key, |
| 255 &cert)); | 255 &cert)); |
| 256 } | 256 } |
| 257 | 257 |
| 258 TEST(DefaultOriginBoundCertStoreTest, TestGetAll) { | 258 TEST(DefaultOriginBoundCertStoreTest, TestGetAll) { |
| 259 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); | 259 scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore); |
| 260 DefaultOriginBoundCertStore store(persistent_store.get()); | 260 DefaultOriginBoundCertStore store(persistent_store.get()); |
| 261 | 261 |
| 262 EXPECT_EQ(0, store.GetCertCount()); | 262 EXPECT_EQ(0, store.GetCertCount()); |
| 263 store.SetOriginBoundCert( | 263 store.SetOriginBoundCert( |
| 264 "https://www.verisign.com/", | 264 "verisign.com", |
| 265 CLIENT_CERT_RSA_SIGN, | 265 CLIENT_CERT_RSA_SIGN, |
| 266 base::Time(), | 266 base::Time(), |
| 267 base::Time(), | 267 base::Time(), |
| 268 "a", "b"); | 268 "a", "b"); |
| 269 store.SetOriginBoundCert( | 269 store.SetOriginBoundCert( |
| 270 "https://www.google.com/", | 270 "google.com", |
| 271 CLIENT_CERT_ECDSA_SIGN, | 271 CLIENT_CERT_ECDSA_SIGN, |
| 272 base::Time(), | 272 base::Time(), |
| 273 base::Time(), | 273 base::Time(), |
| 274 "c", "d"); | 274 "c", "d"); |
| 275 store.SetOriginBoundCert( | 275 store.SetOriginBoundCert( |
| 276 "https://www.harvard.com/", | 276 "harvard.com", |
| 277 CLIENT_CERT_RSA_SIGN, | 277 CLIENT_CERT_RSA_SIGN, |
| 278 base::Time(), | 278 base::Time(), |
| 279 base::Time(), | 279 base::Time(), |
| 280 "e", "f"); | 280 "e", "f"); |
| 281 store.SetOriginBoundCert( | 281 store.SetOriginBoundCert( |
| 282 "https://www.mit.com/", | 282 "mit.com", |
| 283 CLIENT_CERT_RSA_SIGN, | 283 CLIENT_CERT_RSA_SIGN, |
| 284 base::Time(), | 284 base::Time(), |
| 285 base::Time(), | 285 base::Time(), |
| 286 "g", "h"); | 286 "g", "h"); |
| 287 | 287 |
| 288 EXPECT_EQ(4, store.GetCertCount()); | 288 EXPECT_EQ(4, store.GetCertCount()); |
| 289 std::vector<OriginBoundCertStore::OriginBoundCert> certs; | 289 std::vector<OriginBoundCertStore::OriginBoundCert> certs; |
| 290 store.GetAllOriginBoundCerts(&certs); | 290 store.GetAllOriginBoundCerts(&certs); |
| 291 EXPECT_EQ(4u, certs.size()); | 291 EXPECT_EQ(4u, certs.size()); |
| 292 } | 292 } |
| 293 | 293 |
| 294 } // namespace net | 294 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9617039:
Change Origin bound certs -> Domain bound certs. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src