OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/files/file_util.h" | 6 #include "base/files/file_util.h" |
7 #include "base/files/scoped_temp_dir.h" | 7 #include "base/files/scoped_temp_dir.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/memory/scoped_vector.h" | 9 #include "base/memory/scoped_vector.h" |
10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
11 #include "base/run_loop.h" | 11 #include "base/run_loop.h" |
12 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
13 #include "crypto/ec_private_key.h" | |
13 #include "net/base/test_data_directory.h" | 14 #include "net/base/test_data_directory.h" |
15 #include "net/cert/asn1_util.h" | |
14 #include "net/extras/sqlite/sqlite_channel_id_store.h" | 16 #include "net/extras/sqlite/sqlite_channel_id_store.h" |
17 #include "net/ssl/channel_id_service.h" | |
15 #include "net/ssl/ssl_client_cert_type.h" | 18 #include "net/ssl/ssl_client_cert_type.h" |
16 #include "net/test/cert_test_util.h" | 19 #include "net/test/cert_test_util.h" |
17 #include "sql/statement.h" | 20 #include "sql/statement.h" |
18 #include "testing/gtest/include/gtest/gtest.h" | 21 #include "testing/gtest/include/gtest/gtest.h" |
19 | 22 |
20 namespace net { | 23 namespace net { |
21 | 24 |
22 const base::FilePath::CharType kTestChannelIDFilename[] = | 25 const base::FilePath::CharType kTestChannelIDFilename[] = |
23 FILE_PATH_LITERAL("ChannelID"); | 26 FILE_PATH_LITERAL("ChannelID"); |
24 | 27 |
(...skipping 10 matching lines...) Expand all Loading... | |
35 } | 38 } |
36 | 39 |
37 void OnLoaded( | 40 void OnLoaded( |
38 base::RunLoop* run_loop, | 41 base::RunLoop* run_loop, |
39 scoped_ptr<ScopedVector<DefaultChannelIDStore::ChannelID> > channel_ids) { | 42 scoped_ptr<ScopedVector<DefaultChannelIDStore::ChannelID> > channel_ids) { |
40 channel_ids_.swap(*channel_ids); | 43 channel_ids_.swap(*channel_ids); |
41 run_loop->Quit(); | 44 run_loop->Quit(); |
42 } | 45 } |
43 | 46 |
44 protected: | 47 protected: |
45 static void ReadTestKeyAndCert(std::string* key, std::string* cert) { | 48 static void ReadTestKeyAndCert(std::string* key_data, |
49 std::string* cert_data, | |
50 scoped_ptr<crypto::ECPrivateKey>* key) { | |
46 base::FilePath key_path = | 51 base::FilePath key_path = |
47 GetTestCertsDirectory().AppendASCII("unittest.originbound.key.der"); | 52 GetTestCertsDirectory().AppendASCII("unittest.originbound.key.der"); |
48 base::FilePath cert_path = | 53 base::FilePath cert_path = |
49 GetTestCertsDirectory().AppendASCII("unittest.originbound.der"); | 54 GetTestCertsDirectory().AppendASCII("unittest.originbound.der"); |
50 ASSERT_TRUE(base::ReadFileToString(key_path, key)); | 55 ASSERT_TRUE(base::ReadFileToString(key_path, key_data)); |
51 ASSERT_TRUE(base::ReadFileToString(cert_path, cert)); | 56 ASSERT_TRUE(base::ReadFileToString(cert_path, cert_data)); |
57 std::vector<uint8> private_key(key_data->size()); | |
58 memcpy(&private_key[0], key_data->data(), key_data->size()); | |
59 base::StringPiece spki; | |
60 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert_data, &spki)); | |
61 std::vector<uint8> public_key(spki.size()); | |
62 memcpy(&public_key[0], spki.data(), spki.size()); | |
63 key->reset(crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | |
64 ChannelIDService::kEPKIPassword, private_key, public_key)); | |
52 } | 65 } |
53 | 66 |
54 static base::Time GetTestCertExpirationTime() { | 67 static base::Time GetTestCertExpirationTime() { |
55 // Cert expiration time from 'dumpasn1 unittest.originbound.der': | 68 // Cert expiration time from 'openssl asn1parse -inform der -in |
56 // GeneralizedTime 19/11/2111 02:23:45 GMT | 69 // unittest.originbound.der': |
70 // UTCTIME :160507022239Z | |
57 // base::Time::FromUTCExploded can't generate values past 2038 on 32-bit | 71 // base::Time::FromUTCExploded can't generate values past 2038 on 32-bit |
58 // linux, so we use the raw value here. | 72 // linux, so we use the raw value here. |
59 return base::Time::FromInternalValue(GG_INT64_C(16121816625000000)); | 73 base::Time::Exploded exploded_time; |
74 exploded_time.year = 2016; | |
75 exploded_time.month = 5; | |
76 exploded_time.day_of_week = 0; // Unused. | |
77 exploded_time.day_of_month = 7; | |
78 exploded_time.hour = 2; | |
79 exploded_time.minute = 22; | |
80 exploded_time.second = 39; | |
81 exploded_time.millisecond = 0; | |
82 return base::Time::FromUTCExploded(exploded_time); | |
60 } | 83 } |
61 | 84 |
62 static base::Time GetTestCertCreationTime() { | 85 static base::Time GetTestCertCreationTime() { |
63 // UTCTime 13/12/2011 02:23:45 GMT | 86 // UTCTIME :150508022239Z |
64 base::Time::Exploded exploded_time; | 87 base::Time::Exploded exploded_time; |
65 exploded_time.year = 2011; | 88 exploded_time.year = 2015; |
66 exploded_time.month = 12; | 89 exploded_time.month = 5; |
67 exploded_time.day_of_week = 0; // Unused. | 90 exploded_time.day_of_week = 0; // Unused. |
68 exploded_time.day_of_month = 13; | 91 exploded_time.day_of_month = 8; |
69 exploded_time.hour = 2; | 92 exploded_time.hour = 2; |
70 exploded_time.minute = 23; | 93 exploded_time.minute = 22; |
71 exploded_time.second = 45; | 94 exploded_time.second = 39; |
72 exploded_time.millisecond = 0; | 95 exploded_time.millisecond = 0; |
73 return base::Time::FromUTCExploded(exploded_time); | 96 return base::Time::FromUTCExploded(exploded_time); |
74 } | 97 } |
75 | 98 |
76 void SetUp() override { | 99 void SetUp() override { |
77 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); | 100 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); |
78 store_ = new SQLiteChannelIDStore( | 101 store_ = new SQLiteChannelIDStore( |
79 temp_dir_.path().Append(kTestChannelIDFilename), | 102 temp_dir_.path().Append(kTestChannelIDFilename), |
80 base::MessageLoopProxy::current()); | 103 base::MessageLoopProxy::current()); |
81 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 104 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
82 Load(&channel_ids); | 105 Load(&channel_ids); |
83 ASSERT_EQ(0u, channel_ids.size()); | 106 ASSERT_EQ(0u, channel_ids.size()); |
84 // Make sure the store gets written at least once. | 107 // Make sure the store gets written at least once. |
85 store_->AddChannelID( | 108 google_key_.reset(crypto::ECPrivateKey::Create()); |
86 DefaultChannelIDStore::ChannelID("google.com", | 109 store_->AddChannelID(DefaultChannelIDStore::ChannelID( |
87 base::Time::FromInternalValue(1), | 110 "google.com", base::Time::FromInternalValue(1), google_key_.get())); |
88 base::Time::FromInternalValue(2), | |
89 "a", | |
90 "b")); | |
91 } | 111 } |
92 | 112 |
93 base::ScopedTempDir temp_dir_; | 113 base::ScopedTempDir temp_dir_; |
94 scoped_refptr<SQLiteChannelIDStore> store_; | 114 scoped_refptr<SQLiteChannelIDStore> store_; |
95 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; | 115 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; |
116 scoped_ptr<crypto::ECPrivateKey> google_key_; | |
96 }; | 117 }; |
97 | 118 |
119 void ExpectKeysEqual(crypto::ECPrivateKey* key1, crypto::ECPrivateKey* key2) { | |
120 ASSERT_TRUE(key1); | |
121 ASSERT_TRUE(key2); | |
122 std::string public_key1, public_key2; | |
123 EXPECT_TRUE(key1->ExportRawPublicKey(&public_key1)); | |
124 EXPECT_TRUE(key2->ExportRawPublicKey(&public_key2)); | |
125 EXPECT_EQ(public_key1, public_key2); | |
126 } | |
Ryan Sleevi
2015/05/08 23:43:13
So this is what I was talking about w/r/t tests
h
nharper
2015/05/11 21:26:43
I'm going with the latter - they both seem about t
| |
127 | |
98 // Test if data is stored as expected in the SQLite database. | 128 // Test if data is stored as expected in the SQLite database. |
99 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { | 129 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { |
100 store_->AddChannelID( | 130 scoped_ptr<crypto::ECPrivateKey> foo_key(crypto::ECPrivateKey::Create()); |
101 DefaultChannelIDStore::ChannelID("foo.com", | 131 store_->AddChannelID(DefaultChannelIDStore::ChannelID( |
102 base::Time::FromInternalValue(3), | 132 "foo.com", base::Time::FromInternalValue(3), foo_key.get())); |
103 base::Time::FromInternalValue(4), | |
104 "c", | |
105 "d")); | |
106 | 133 |
107 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 134 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
108 // Replace the store effectively destroying the current one and forcing it | 135 // Replace the store effectively destroying the current one and forcing it |
109 // to write its data to disk. Then we can see if after loading it again it | 136 // to write its data to disk. Then we can see if after loading it again it |
110 // is still there. | 137 // is still there. |
111 store_ = NULL; | 138 store_ = NULL; |
112 // Make sure we wait until the destructor has run. | 139 // Make sure we wait until the destructor has run. |
113 base::RunLoop().RunUntilIdle(); | 140 base::RunLoop().RunUntilIdle(); |
114 store_ = | 141 store_ = |
115 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 142 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
116 base::MessageLoopProxy::current()); | 143 base::MessageLoopProxy::current()); |
117 | 144 |
118 // Reload and test for persistence | 145 // Reload and test for persistence |
119 Load(&channel_ids); | 146 Load(&channel_ids); |
120 ASSERT_EQ(2U, channel_ids.size()); | 147 ASSERT_EQ(2U, channel_ids.size()); |
121 DefaultChannelIDStore::ChannelID* goog_channel_id; | 148 DefaultChannelIDStore::ChannelID* goog_channel_id; |
122 DefaultChannelIDStore::ChannelID* foo_channel_id; | 149 DefaultChannelIDStore::ChannelID* foo_channel_id; |
123 if (channel_ids[0]->server_identifier() == "google.com") { | 150 if (channel_ids[0]->server_identifier() == "google.com") { |
124 goog_channel_id = channel_ids[0]; | 151 goog_channel_id = channel_ids[0]; |
125 foo_channel_id = channel_ids[1]; | 152 foo_channel_id = channel_ids[1]; |
126 } else { | 153 } else { |
127 goog_channel_id = channel_ids[1]; | 154 goog_channel_id = channel_ids[1]; |
128 foo_channel_id = channel_ids[0]; | 155 foo_channel_id = channel_ids[0]; |
129 } | 156 } |
130 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); | 157 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); |
131 ASSERT_STREQ("a", goog_channel_id->private_key().c_str()); | 158 ExpectKeysEqual(google_key_.get(), goog_channel_id->key()); |
132 ASSERT_STREQ("b", goog_channel_id->cert().c_str()); | |
133 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); | 159 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); |
134 ASSERT_EQ(2, goog_channel_id->expiration_time().ToInternalValue()); | |
135 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); | 160 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); |
136 ASSERT_STREQ("c", foo_channel_id->private_key().c_str()); | 161 ExpectKeysEqual(foo_key.get(), foo_channel_id->key()); |
137 ASSERT_STREQ("d", foo_channel_id->cert().c_str()); | |
138 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); | 162 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); |
139 ASSERT_EQ(4, foo_channel_id->expiration_time().ToInternalValue()); | |
140 | 163 |
141 // Now delete the cert and check persistence again. | 164 // Now delete the keypair and check persistence again. |
142 store_->DeleteChannelID(*channel_ids[0]); | 165 store_->DeleteChannelID(*channel_ids[0]); |
143 store_->DeleteChannelID(*channel_ids[1]); | 166 store_->DeleteChannelID(*channel_ids[1]); |
144 store_ = NULL; | 167 store_ = NULL; |
145 // Make sure we wait until the destructor has run. | 168 // Make sure we wait until the destructor has run. |
146 base::RunLoop().RunUntilIdle(); | 169 base::RunLoop().RunUntilIdle(); |
147 channel_ids.clear(); | 170 channel_ids.clear(); |
148 store_ = | 171 store_ = |
149 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 172 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
150 base::MessageLoopProxy::current()); | 173 base::MessageLoopProxy::current()); |
151 | 174 |
152 // Reload and check if the cert has been removed. | 175 // Reload and check if the keypair has been removed. |
153 Load(&channel_ids); | 176 Load(&channel_ids); |
154 ASSERT_EQ(0U, channel_ids.size()); | 177 ASSERT_EQ(0U, channel_ids.size()); |
155 // Close the store. | 178 // Close the store. |
156 store_ = NULL; | 179 store_ = NULL; |
157 // Make sure we wait until the destructor has run. | 180 // Make sure we wait until the destructor has run. |
158 base::RunLoop().RunUntilIdle(); | 181 base::RunLoop().RunUntilIdle(); |
159 } | 182 } |
160 | 183 |
161 // Test if data is stored as expected in the SQLite database. | 184 // Test if data is stored as expected in the SQLite database. |
162 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { | 185 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { |
163 store_->AddChannelID( | 186 store_->AddChannelID(DefaultChannelIDStore::ChannelID( |
164 DefaultChannelIDStore::ChannelID("foo.com", | 187 "foo.com", base::Time::FromInternalValue(3), |
165 base::Time::FromInternalValue(3), | 188 crypto::ECPrivateKey::Create())); |
166 base::Time::FromInternalValue(4), | |
167 "c", | |
168 "d")); | |
169 | 189 |
170 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 190 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
171 // Replace the store effectively destroying the current one and forcing it | 191 // Replace the store effectively destroying the current one and forcing it |
172 // to write its data to disk. Then we can see if after loading it again it | 192 // to write its data to disk. Then we can see if after loading it again it |
173 // is still there. | 193 // is still there. |
174 store_ = NULL; | 194 store_ = NULL; |
175 // Make sure we wait until the destructor has run. | 195 // Make sure we wait until the destructor has run. |
176 base::RunLoop().RunUntilIdle(); | 196 base::RunLoop().RunUntilIdle(); |
177 store_ = | 197 store_ = |
178 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 198 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
(...skipping 28 matching lines...) Expand all Loading... | |
207 } | 227 } |
208 | 228 |
209 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV1) { | 229 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV1) { |
210 // Reset the store. We'll be using a different database for this test. | 230 // Reset the store. We'll be using a different database for this test. |
211 store_ = NULL; | 231 store_ = NULL; |
212 | 232 |
213 base::FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db")); | 233 base::FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db")); |
214 | 234 |
215 std::string key_data; | 235 std::string key_data; |
216 std::string cert_data; | 236 std::string cert_data; |
217 ReadTestKeyAndCert(&key_data, &cert_data); | 237 scoped_ptr<crypto::ECPrivateKey> key; |
238 ReadTestKeyAndCert(&key_data, &cert_data, &key); | |
Ryan Sleevi
2015/05/08 23:43:13
BUG: If your ASSERT_TRUE (line 60) failed, this wi
nharper
2015/05/11 21:26:43
Done.
| |
218 | 239 |
219 // Create a version 1 database. | 240 // Create a version 1 database. |
220 { | 241 { |
221 sql::Connection db; | 242 sql::Connection db; |
222 ASSERT_TRUE(db.Open(v1_db_path)); | 243 ASSERT_TRUE(db.Open(v1_db_path)); |
223 ASSERT_TRUE(db.Execute( | 244 ASSERT_TRUE(db.Execute( |
224 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 245 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
225 "value LONGVARCHAR);" | 246 "value LONGVARCHAR);" |
226 "INSERT INTO \"meta\" VALUES('version','1');" | 247 "INSERT INTO \"meta\" VALUES('version','1');" |
227 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 248 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
260 store_ = NULL; | 281 store_ = NULL; |
261 base::RunLoop().RunUntilIdle(); | 282 base::RunLoop().RunUntilIdle(); |
262 | 283 |
263 // Verify the database version is updated. | 284 // Verify the database version is updated. |
264 { | 285 { |
265 sql::Connection db; | 286 sql::Connection db; |
266 ASSERT_TRUE(db.Open(v1_db_path)); | 287 ASSERT_TRUE(db.Open(v1_db_path)); |
267 sql::Statement smt(db.GetUniqueStatement( | 288 sql::Statement smt(db.GetUniqueStatement( |
268 "SELECT value FROM meta WHERE key = \"version\"")); | 289 "SELECT value FROM meta WHERE key = \"version\"")); |
269 ASSERT_TRUE(smt.Step()); | 290 ASSERT_TRUE(smt.Step()); |
270 EXPECT_EQ(4, smt.ColumnInt(0)); | 291 EXPECT_EQ(5, smt.ColumnInt(0)); |
271 EXPECT_FALSE(smt.Step()); | 292 EXPECT_FALSE(smt.Step()); |
272 } | 293 } |
273 } | 294 } |
274 } | 295 } |
275 | 296 |
276 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { | 297 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { |
277 // Reset the store. We'll be using a different database for this test. | 298 // Reset the store. We'll be using a different database for this test. |
278 store_ = NULL; | 299 store_ = NULL; |
279 | 300 |
280 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); | 301 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); |
281 | 302 |
282 std::string key_data; | 303 std::string key_data; |
283 std::string cert_data; | 304 std::string cert_data; |
284 ReadTestKeyAndCert(&key_data, &cert_data); | 305 scoped_ptr<crypto::ECPrivateKey> key; |
306 ReadTestKeyAndCert(&key_data, &cert_data, &key); | |
285 | 307 |
286 // Create a version 2 database. | 308 // Create a version 2 database. |
287 { | 309 { |
288 sql::Connection db; | 310 sql::Connection db; |
289 ASSERT_TRUE(db.Open(v2_db_path)); | 311 ASSERT_TRUE(db.Open(v2_db_path)); |
290 ASSERT_TRUE(db.Execute( | 312 ASSERT_TRUE(db.Execute( |
291 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 313 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
292 "value LONGVARCHAR);" | 314 "value LONGVARCHAR);" |
293 "INSERT INTO \"meta\" VALUES('version','2');" | 315 "INSERT INTO \"meta\" VALUES('version','2');" |
294 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 316 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
295 "CREATE TABLE origin_bound_certs (" | 317 "CREATE TABLE origin_bound_certs (" |
296 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 318 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
297 "private_key BLOB NOT NULL," | 319 "private_key BLOB NOT NULL," |
298 "cert BLOB NOT NULL," | 320 "cert BLOB NOT NULL," |
299 "cert_type INTEGER);")); | 321 "cert_type INTEGER);")); |
300 | 322 |
301 sql::Statement add_smt(db.GetUniqueStatement( | 323 sql::Statement add_smt(db.GetUniqueStatement( |
302 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " | 324 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " |
303 "VALUES (?,?,?,?)")); | 325 "VALUES (?,?,?,?)")); |
304 add_smt.BindString(0, "google.com"); | 326 add_smt.BindString(0, "google.com"); |
305 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 327 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
306 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 328 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
307 add_smt.BindInt64(3, 64); | 329 add_smt.BindInt64(3, 64); |
308 ASSERT_TRUE(add_smt.Run()); | 330 ASSERT_TRUE(add_smt.Run()); |
309 | 331 |
332 // Malformed certs will be ignored and not migrated. | |
310 ASSERT_TRUE(db.Execute( | 333 ASSERT_TRUE(db.Execute( |
311 "INSERT INTO \"origin_bound_certs\" VALUES(" | 334 "INSERT INTO \"origin_bound_certs\" VALUES(" |
312 "'foo.com',X'AA',X'BB',64);")); | 335 "'foo.com',X'AA',X'BB',64);")); |
313 } | 336 } |
314 | 337 |
315 // Load and test the DB contents twice. First time ensures that we can use | 338 // Load and test the DB contents twice. First time ensures that we can use |
316 // the updated values immediately. Second time ensures that the updated | 339 // the updated values immediately. Second time ensures that the updated |
317 // values are saved and read correctly on next load. | 340 // values are saved and read correctly on next load. |
318 for (int i = 0; i < 2; ++i) { | 341 for (int i = 0; i < 2; ++i) { |
319 SCOPED_TRACE(i); | 342 SCOPED_TRACE(i); |
320 | 343 |
321 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 344 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
322 store_ = | 345 store_ = |
323 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); | 346 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); |
324 | 347 |
325 // Load the database and ensure the certs can be read. | 348 // Load the database and ensure the certs can be read. |
326 Load(&channel_ids); | 349 Load(&channel_ids); |
327 ASSERT_EQ(2U, channel_ids.size()); | 350 ASSERT_EQ(1U, channel_ids.size()); |
328 | 351 |
329 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 352 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
330 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 353 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
331 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 354 ExpectKeysEqual(key.get(), channel_ids[0]->key()); |
332 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
333 | |
334 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | |
335 // Undecodable cert, expiration time will be uninitialized. | |
336 ASSERT_EQ(base::Time(), channel_ids[1]->expiration_time()); | |
337 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | |
338 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
339 | 355 |
340 store_ = NULL; | 356 store_ = NULL; |
341 // Make sure we wait until the destructor has run. | 357 // Make sure we wait until the destructor has run. |
342 base::RunLoop().RunUntilIdle(); | 358 base::RunLoop().RunUntilIdle(); |
343 | 359 |
344 // Verify the database version is updated. | 360 // Verify the database version is updated. |
345 { | 361 { |
346 sql::Connection db; | 362 sql::Connection db; |
347 ASSERT_TRUE(db.Open(v2_db_path)); | 363 ASSERT_TRUE(db.Open(v2_db_path)); |
348 sql::Statement smt(db.GetUniqueStatement( | 364 sql::Statement smt(db.GetUniqueStatement( |
349 "SELECT value FROM meta WHERE key = \"version\"")); | 365 "SELECT value FROM meta WHERE key = \"version\"")); |
350 ASSERT_TRUE(smt.Step()); | 366 ASSERT_TRUE(smt.Step()); |
351 EXPECT_EQ(4, smt.ColumnInt(0)); | 367 EXPECT_EQ(5, smt.ColumnInt(0)); |
352 EXPECT_FALSE(smt.Step()); | 368 EXPECT_FALSE(smt.Step()); |
353 } | 369 } |
354 } | 370 } |
355 } | 371 } |
356 | 372 |
357 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { | 373 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { |
358 // Reset the store. We'll be using a different database for this test. | 374 // Reset the store. We'll be using a different database for this test. |
359 store_ = NULL; | 375 store_ = NULL; |
360 | 376 |
361 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); | 377 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); |
362 | 378 |
363 std::string key_data; | 379 std::string key_data; |
364 std::string cert_data; | 380 std::string cert_data; |
365 ReadTestKeyAndCert(&key_data, &cert_data); | 381 scoped_ptr<crypto::ECPrivateKey> key; |
382 ReadTestKeyAndCert(&key_data, &cert_data, &key); | |
366 | 383 |
367 // Create a version 3 database. | 384 // Create a version 3 database. |
368 { | 385 { |
369 sql::Connection db; | 386 sql::Connection db; |
370 ASSERT_TRUE(db.Open(v3_db_path)); | 387 ASSERT_TRUE(db.Open(v3_db_path)); |
371 ASSERT_TRUE(db.Execute( | 388 ASSERT_TRUE(db.Execute( |
372 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 389 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
373 "value LONGVARCHAR);" | 390 "value LONGVARCHAR);" |
374 "INSERT INTO \"meta\" VALUES('version','3');" | 391 "INSERT INTO \"meta\" VALUES('version','3');" |
375 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 392 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
376 "CREATE TABLE origin_bound_certs (" | 393 "CREATE TABLE origin_bound_certs (" |
377 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 394 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
378 "private_key BLOB NOT NULL," | 395 "private_key BLOB NOT NULL," |
379 "cert BLOB NOT NULL," | 396 "cert BLOB NOT NULL," |
380 "cert_type INTEGER," | 397 "cert_type INTEGER," |
381 "expiration_time INTEGER);")); | 398 "expiration_time INTEGER);")); |
382 | 399 |
383 sql::Statement add_smt(db.GetUniqueStatement( | 400 sql::Statement add_smt(db.GetUniqueStatement( |
384 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " | 401 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
385 "expiration_time) VALUES (?,?,?,?,?)")); | 402 "expiration_time) VALUES (?,?,?,?,?)")); |
386 add_smt.BindString(0, "google.com"); | 403 add_smt.BindString(0, "google.com"); |
387 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 404 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
388 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 405 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
389 add_smt.BindInt64(3, 64); | 406 add_smt.BindInt64(3, 64); |
390 add_smt.BindInt64(4, 1000); | 407 add_smt.BindInt64(4, 1000); |
391 ASSERT_TRUE(add_smt.Run()); | 408 ASSERT_TRUE(add_smt.Run()); |
392 | 409 |
410 // Malformed certs will be ignored and not migrated. | |
393 ASSERT_TRUE(db.Execute( | 411 ASSERT_TRUE(db.Execute( |
394 "INSERT INTO \"origin_bound_certs\" VALUES(" | 412 "INSERT INTO \"origin_bound_certs\" VALUES(" |
395 "'foo.com',X'AA',X'BB',64,2000);")); | 413 "'foo.com',X'AA',X'BB',64,2000);")); |
396 } | 414 } |
397 | 415 |
398 // Load and test the DB contents twice. First time ensures that we can use | 416 // Load and test the DB contents twice. First time ensures that we can use |
399 // the updated values immediately. Second time ensures that the updated | 417 // the updated values immediately. Second time ensures that the updated |
400 // values are saved and read correctly on next load. | 418 // values are saved and read correctly on next load. |
401 for (int i = 0; i < 2; ++i) { | 419 for (int i = 0; i < 2; ++i) { |
402 SCOPED_TRACE(i); | 420 SCOPED_TRACE(i); |
403 | 421 |
404 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 422 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
405 store_ = | 423 store_ = |
406 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); | 424 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); |
407 | 425 |
408 // Load the database and ensure the certs can be read. | 426 // Load the database and ensure the certs can be read. |
409 Load(&channel_ids); | 427 Load(&channel_ids); |
410 ASSERT_EQ(2U, channel_ids.size()); | 428 ASSERT_EQ(1U, channel_ids.size()); |
411 | 429 |
412 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 430 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
413 ASSERT_EQ(1000, channel_ids[0]->expiration_time().ToInternalValue()); | |
414 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); | 431 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
415 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 432 ExpectKeysEqual(key.get(), channel_ids[0]->key()); |
416 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
417 | |
418 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | |
419 ASSERT_EQ(2000, channel_ids[1]->expiration_time().ToInternalValue()); | |
420 // Undecodable cert, creation time will be uninitialized. | |
421 ASSERT_EQ(base::Time(), channel_ids[1]->creation_time()); | |
422 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | |
423 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
424 | 433 |
425 store_ = NULL; | 434 store_ = NULL; |
426 // Make sure we wait until the destructor has run. | 435 // Make sure we wait until the destructor has run. |
427 base::RunLoop().RunUntilIdle(); | 436 base::RunLoop().RunUntilIdle(); |
428 | 437 |
429 // Verify the database version is updated. | 438 // Verify the database version is updated. |
430 { | 439 { |
431 sql::Connection db; | 440 sql::Connection db; |
432 ASSERT_TRUE(db.Open(v3_db_path)); | 441 ASSERT_TRUE(db.Open(v3_db_path)); |
433 sql::Statement smt(db.GetUniqueStatement( | 442 sql::Statement smt(db.GetUniqueStatement( |
434 "SELECT value FROM meta WHERE key = \"version\"")); | 443 "SELECT value FROM meta WHERE key = \"version\"")); |
435 ASSERT_TRUE(smt.Step()); | 444 ASSERT_TRUE(smt.Step()); |
436 EXPECT_EQ(4, smt.ColumnInt(0)); | 445 EXPECT_EQ(5, smt.ColumnInt(0)); |
437 EXPECT_FALSE(smt.Step()); | 446 EXPECT_FALSE(smt.Step()); |
438 } | 447 } |
439 } | 448 } |
440 } | 449 } |
441 | 450 |
442 TEST_F(SQLiteChannelIDStoreTest, TestRSADiscarded) { | 451 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV4) { |
443 // Reset the store. We'll be using a different database for this test. | 452 // Reset the store. We'll be using a different database for this test. |
444 store_ = NULL; | 453 store_ = NULL; |
445 | 454 |
446 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4dbrsa")); | 455 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4db")); |
447 | 456 |
448 std::string key_data; | 457 std::string key_data; |
449 std::string cert_data; | 458 std::string cert_data; |
450 ReadTestKeyAndCert(&key_data, &cert_data); | 459 scoped_ptr<crypto::ECPrivateKey> key; |
460 ReadTestKeyAndCert(&key_data, &cert_data, &key); | |
451 | 461 |
452 // Create a version 4 database with a mix of RSA and ECDSA certs. | 462 // Create a version 4 database. |
453 { | 463 { |
454 sql::Connection db; | 464 sql::Connection db; |
455 ASSERT_TRUE(db.Open(v4_db_path)); | 465 ASSERT_TRUE(db.Open(v4_db_path)); |
456 ASSERT_TRUE(db.Execute( | 466 ASSERT_TRUE(db.Execute( |
457 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 467 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
458 "value LONGVARCHAR);" | 468 "value LONGVARCHAR);" |
459 "INSERT INTO \"meta\" VALUES('version','4');" | 469 "INSERT INTO \"meta\" VALUES('version','4');" |
460 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 470 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
461 "CREATE TABLE origin_bound_certs (" | 471 "CREATE TABLE origin_bound_certs (" |
462 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 472 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
463 "private_key BLOB NOT NULL," | 473 "private_key BLOB NOT NULL," |
464 "cert BLOB NOT NULL," | 474 "cert BLOB NOT NULL," |
465 "cert_type INTEGER," | 475 "cert_type INTEGER," |
466 "expiration_time INTEGER," | 476 "expiration_time INTEGER," |
467 "creation_time INTEGER);")); | 477 "creation_time INTEGER);")); |
468 | 478 |
469 sql::Statement add_smt(db.GetUniqueStatement( | 479 sql::Statement add_smt(db.GetUniqueStatement( |
470 "INSERT INTO origin_bound_certs " | 480 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
471 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 481 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)")); |
472 " VALUES (?,?,?,?,?,?)")); | |
473 add_smt.BindString(0, "google.com"); | 482 add_smt.BindString(0, "google.com"); |
474 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 483 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
475 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 484 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
476 add_smt.BindInt64(3, 64); | 485 add_smt.BindInt64(3, 64); |
477 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 486 add_smt.BindInt64(4, 1000); |
478 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 487 add_smt.BindInt64(5, GetTestCertCreationTime().ToInternalValue()); |
479 ASSERT_TRUE(add_smt.Run()); | 488 ASSERT_TRUE(add_smt.Run()); |
480 | 489 |
490 // Add an RSA cert to the db. This cert should be ignored in the migration. | |
481 add_smt.Clear(); | 491 add_smt.Clear(); |
482 add_smt.Assign(db.GetUniqueStatement( | 492 add_smt.Assign(db.GetUniqueStatement( |
483 "INSERT INTO origin_bound_certs " | 493 "INSERT INTO origin_bound_certs " |
484 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 494 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" |
485 " VALUES (?,?,?,?,?,?)")); | 495 " VALUES (?,?,?,?,?,?)")); |
486 add_smt.BindString(0, "foo.com"); | 496 add_smt.BindString(0, "foo.com"); |
487 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 497 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
488 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 498 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
489 add_smt.BindInt64(3, 1); | 499 add_smt.BindInt64(3, 1); |
490 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 500 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); |
491 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 501 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); |
492 ASSERT_TRUE(add_smt.Run()); | 502 ASSERT_TRUE(add_smt.Run()); |
503 | |
504 // Malformed certs will be ignored and not migrated. | |
505 ASSERT_TRUE(db.Execute( | |
506 "INSERT INTO \"origin_bound_certs\" VALUES(" | |
507 "'bar.com',X'AA',X'BB',64,2000,3000);")); | |
493 } | 508 } |
494 | 509 |
495 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 510 // Load and test the DB contents twice. First time ensures that we can use |
496 store_ = | 511 // the updated values immediately. Second time ensures that the updated |
497 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); | 512 // values are saved and read correctly on next load. |
513 for (int i = 0; i < 2; ++i) { | |
514 SCOPED_TRACE(i); | |
498 | 515 |
499 // Load the database and ensure the certs can be read. | 516 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
500 Load(&channel_ids); | 517 store_ = |
501 // Only the ECDSA cert (for google.com) is read, the RSA one is discarded. | 518 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); |
502 ASSERT_EQ(1U, channel_ids.size()); | |
503 | 519 |
504 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 520 // Load the database and ensure the certs can be read. |
505 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 521 Load(&channel_ids); |
506 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 522 ASSERT_EQ(1U, channel_ids.size()); |
507 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
508 | 523 |
509 store_ = NULL; | 524 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
510 // Make sure we wait until the destructor has run. | 525 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
511 base::RunLoop().RunUntilIdle(); | 526 ExpectKeysEqual(key.get(), channel_ids[0]->key()); |
527 | |
528 store_ = NULL; | |
529 // Make sure we wait until the destructor has run. | |
530 base::RunLoop().RunUntilIdle(); | |
531 | |
532 // Verify the database version is updated. | |
533 { | |
534 sql::Connection db; | |
535 ASSERT_TRUE(db.Open(v4_db_path)); | |
536 sql::Statement smt(db.GetUniqueStatement( | |
537 "SELECT value FROM meta WHERE key = \"version\"")); | |
538 ASSERT_TRUE(smt.Step()); | |
539 EXPECT_EQ(5, smt.ColumnInt(0)); | |
540 EXPECT_FALSE(smt.Step()); | |
541 } | |
542 } | |
512 } | 543 } |
513 | 544 |
514 } // namespace net | 545 } // namespace net |
OLD | NEW |