| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/files/file_util.h" | 6 #include "base/files/file_util.h" |
| 7 #include "base/files/scoped_temp_dir.h" | 7 #include "base/files/scoped_temp_dir.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/memory/scoped_vector.h" | 9 #include "base/memory/scoped_vector.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "base/run_loop.h" | 11 #include "base/run_loop.h" |
| 12 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 13 #include "crypto/ec_private_key.h" |
| 13 #include "net/base/test_data_directory.h" | 14 #include "net/base/test_data_directory.h" |
| 15 #include "net/cert/asn1_util.h" |
| 14 #include "net/extras/sqlite/sqlite_channel_id_store.h" | 16 #include "net/extras/sqlite/sqlite_channel_id_store.h" |
| 17 #include "net/ssl/channel_id_service.h" |
| 15 #include "net/ssl/ssl_client_cert_type.h" | 18 #include "net/ssl/ssl_client_cert_type.h" |
| 16 #include "net/test/cert_test_util.h" | 19 #include "net/test/cert_test_util.h" |
| 17 #include "sql/statement.h" | 20 #include "sql/statement.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 21 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 22 |
| 20 namespace net { | 23 namespace net { |
| 21 | 24 |
| 22 const base::FilePath::CharType kTestChannelIDFilename[] = | 25 const base::FilePath::CharType kTestChannelIDFilename[] = |
| 23 FILE_PATH_LITERAL("ChannelID"); | 26 FILE_PATH_LITERAL("ChannelID"); |
| 24 | 27 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 35 } | 38 } |
| 36 | 39 |
| 37 void OnLoaded( | 40 void OnLoaded( |
| 38 base::RunLoop* run_loop, | 41 base::RunLoop* run_loop, |
| 39 scoped_ptr<ScopedVector<DefaultChannelIDStore::ChannelID> > channel_ids) { | 42 scoped_ptr<ScopedVector<DefaultChannelIDStore::ChannelID> > channel_ids) { |
| 40 channel_ids_.swap(*channel_ids); | 43 channel_ids_.swap(*channel_ids); |
| 41 run_loop->Quit(); | 44 run_loop->Quit(); |
| 42 } | 45 } |
| 43 | 46 |
| 44 protected: | 47 protected: |
| 45 static void ReadTestKeyAndCert(std::string* key, std::string* cert) { | 48 static void ReadTestKeyAndCert(std::string* key_data, |
| 49 std::string* cert_data, |
| 50 scoped_ptr<crypto::ECPrivateKey>* key) { |
| 46 base::FilePath key_path = | 51 base::FilePath key_path = |
| 47 GetTestCertsDirectory().AppendASCII("unittest.originbound.key.der"); | 52 GetTestCertsDirectory().AppendASCII("unittest.originbound.key.der"); |
| 48 base::FilePath cert_path = | 53 base::FilePath cert_path = |
| 49 GetTestCertsDirectory().AppendASCII("unittest.originbound.der"); | 54 GetTestCertsDirectory().AppendASCII("unittest.originbound.der"); |
| 50 ASSERT_TRUE(base::ReadFileToString(key_path, key)); | 55 ASSERT_TRUE(base::ReadFileToString(key_path, key_data)); |
| 51 ASSERT_TRUE(base::ReadFileToString(cert_path, cert)); | 56 ASSERT_TRUE(base::ReadFileToString(cert_path, cert_data)); |
| 57 std::vector<uint8> private_key(key_data->size()); |
| 58 memcpy(vector_as_array(&private_key), key_data->data(), key_data->size()); |
| 59 base::StringPiece spki; |
| 60 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert_data, &spki)); |
| 61 std::vector<uint8> public_key(spki.size()); |
| 62 memcpy(vector_as_array(&public_key), spki.data(), spki.size()); |
| 63 key->reset(crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 64 ChannelIDService::kEPKIPassword, private_key, public_key)); |
| 52 } | 65 } |
| 53 | 66 |
| 54 static base::Time GetTestCertExpirationTime() { | 67 static base::Time GetTestCertExpirationTime() { |
| 55 // Cert expiration time from 'dumpasn1 unittest.originbound.der': | 68 // Cert expiration time from 'openssl asn1parse -inform der -in |
| 56 // GeneralizedTime 19/11/2111 02:23:45 GMT | 69 // unittest.originbound.der': |
| 70 // UTCTIME :160507022239Z |
| 57 // base::Time::FromUTCExploded can't generate values past 2038 on 32-bit | 71 // base::Time::FromUTCExploded can't generate values past 2038 on 32-bit |
| 58 // linux, so we use the raw value here. | 72 // linux, so we use the raw value here. |
| 59 return base::Time::FromInternalValue(GG_INT64_C(16121816625000000)); | 73 base::Time::Exploded exploded_time; |
| 74 exploded_time.year = 2016; |
| 75 exploded_time.month = 5; |
| 76 exploded_time.day_of_week = 0; // Unused. |
| 77 exploded_time.day_of_month = 7; |
| 78 exploded_time.hour = 2; |
| 79 exploded_time.minute = 22; |
| 80 exploded_time.second = 39; |
| 81 exploded_time.millisecond = 0; |
| 82 return base::Time::FromUTCExploded(exploded_time); |
| 60 } | 83 } |
| 61 | 84 |
| 62 static base::Time GetTestCertCreationTime() { | 85 static base::Time GetTestCertCreationTime() { |
| 63 // UTCTime 13/12/2011 02:23:45 GMT | 86 // UTCTIME :150508022239Z |
| 64 base::Time::Exploded exploded_time; | 87 base::Time::Exploded exploded_time; |
| 65 exploded_time.year = 2011; | 88 exploded_time.year = 2015; |
| 66 exploded_time.month = 12; | 89 exploded_time.month = 5; |
| 67 exploded_time.day_of_week = 0; // Unused. | 90 exploded_time.day_of_week = 0; // Unused. |
| 68 exploded_time.day_of_month = 13; | 91 exploded_time.day_of_month = 8; |
| 69 exploded_time.hour = 2; | 92 exploded_time.hour = 2; |
| 70 exploded_time.minute = 23; | 93 exploded_time.minute = 22; |
| 71 exploded_time.second = 45; | 94 exploded_time.second = 39; |
| 72 exploded_time.millisecond = 0; | 95 exploded_time.millisecond = 0; |
| 73 return base::Time::FromUTCExploded(exploded_time); | 96 return base::Time::FromUTCExploded(exploded_time); |
| 74 } | 97 } |
| 75 | 98 |
| 76 void SetUp() override { | 99 void SetUp() override { |
| 77 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); | 100 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); |
| 78 store_ = new SQLiteChannelIDStore( | 101 store_ = new SQLiteChannelIDStore( |
| 79 temp_dir_.path().Append(kTestChannelIDFilename), | 102 temp_dir_.path().Append(kTestChannelIDFilename), |
| 80 base::MessageLoopProxy::current()); | 103 base::MessageLoopProxy::current()); |
| 81 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 104 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 82 Load(&channel_ids); | 105 Load(&channel_ids); |
| 83 ASSERT_EQ(0u, channel_ids.size()); | 106 ASSERT_EQ(0u, channel_ids.size()); |
| 84 // Make sure the store gets written at least once. | 107 // Make sure the store gets written at least once. |
| 85 store_->AddChannelID( | 108 google_key_.reset(crypto::ECPrivateKey::Create()); |
| 86 DefaultChannelIDStore::ChannelID("google.com", | 109 store_->AddChannelID(DefaultChannelIDStore::ChannelID( |
| 87 base::Time::FromInternalValue(1), | 110 "google.com", base::Time::FromInternalValue(1), |
| 88 base::Time::FromInternalValue(2), | 111 scoped_ptr<crypto::ECPrivateKey>(google_key_->Copy()))); |
| 89 "a", | |
| 90 "b")); | |
| 91 } | 112 } |
| 92 | 113 |
| 93 base::ScopedTempDir temp_dir_; | 114 base::ScopedTempDir temp_dir_; |
| 94 scoped_refptr<SQLiteChannelIDStore> store_; | 115 scoped_refptr<SQLiteChannelIDStore> store_; |
| 95 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; | 116 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; |
| 117 scoped_ptr<crypto::ECPrivateKey> google_key_; |
| 96 }; | 118 }; |
| 97 | 119 |
| 120 void ExpectKeysEqual(crypto::ECPrivateKey* key1, crypto::ECPrivateKey* key2) { |
| 121 ASSERT_TRUE(key1); |
| 122 ASSERT_TRUE(key2); |
| 123 std::string public_key1, public_key2; |
| 124 EXPECT_TRUE(key1->ExportRawPublicKey(&public_key1)); |
| 125 EXPECT_TRUE(key2->ExportRawPublicKey(&public_key2)); |
| 126 EXPECT_EQ(public_key1, public_key2); |
| 127 } |
| 128 |
| 98 // Test if data is stored as expected in the SQLite database. | 129 // Test if data is stored as expected in the SQLite database. |
| 99 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { | 130 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { |
| 100 store_->AddChannelID( | 131 scoped_ptr<crypto::ECPrivateKey> foo_key(crypto::ECPrivateKey::Create()); |
| 101 DefaultChannelIDStore::ChannelID("foo.com", | 132 store_->AddChannelID(DefaultChannelIDStore::ChannelID( |
| 102 base::Time::FromInternalValue(3), | 133 "foo.com", base::Time::FromInternalValue(3), |
| 103 base::Time::FromInternalValue(4), | 134 scoped_ptr<crypto::ECPrivateKey>(foo_key->Copy()))); |
| 104 "c", | |
| 105 "d")); | |
| 106 | 135 |
| 107 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 136 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 108 // Replace the store effectively destroying the current one and forcing it | 137 // Replace the store effectively destroying the current one and forcing it |
| 109 // to write its data to disk. Then we can see if after loading it again it | 138 // to write its data to disk. Then we can see if after loading it again it |
| 110 // is still there. | 139 // is still there. |
| 111 store_ = NULL; | 140 store_ = NULL; |
| 112 // Make sure we wait until the destructor has run. | 141 // Make sure we wait until the destructor has run. |
| 113 base::RunLoop().RunUntilIdle(); | 142 base::RunLoop().RunUntilIdle(); |
| 114 store_ = | 143 store_ = |
| 115 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 144 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
| 116 base::MessageLoopProxy::current()); | 145 base::MessageLoopProxy::current()); |
| 117 | 146 |
| 118 // Reload and test for persistence | 147 // Reload and test for persistence |
| 119 Load(&channel_ids); | 148 Load(&channel_ids); |
| 120 ASSERT_EQ(2U, channel_ids.size()); | 149 ASSERT_EQ(2U, channel_ids.size()); |
| 121 DefaultChannelIDStore::ChannelID* goog_channel_id; | 150 DefaultChannelIDStore::ChannelID* goog_channel_id; |
| 122 DefaultChannelIDStore::ChannelID* foo_channel_id; | 151 DefaultChannelIDStore::ChannelID* foo_channel_id; |
| 123 if (channel_ids[0]->server_identifier() == "google.com") { | 152 if (channel_ids[0]->server_identifier() == "google.com") { |
| 124 goog_channel_id = channel_ids[0]; | 153 goog_channel_id = channel_ids[0]; |
| 125 foo_channel_id = channel_ids[1]; | 154 foo_channel_id = channel_ids[1]; |
| 126 } else { | 155 } else { |
| 127 goog_channel_id = channel_ids[1]; | 156 goog_channel_id = channel_ids[1]; |
| 128 foo_channel_id = channel_ids[0]; | 157 foo_channel_id = channel_ids[0]; |
| 129 } | 158 } |
| 130 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); | 159 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); |
| 131 ASSERT_STREQ("a", goog_channel_id->private_key().c_str()); | 160 ASSERT_NO_FATAL_FAILURE( |
| 132 ASSERT_STREQ("b", goog_channel_id->cert().c_str()); | 161 ExpectKeysEqual(google_key_.get(), goog_channel_id->key())); |
| 133 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); | 162 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); |
| 134 ASSERT_EQ(2, goog_channel_id->expiration_time().ToInternalValue()); | |
| 135 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); | 163 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); |
| 136 ASSERT_STREQ("c", foo_channel_id->private_key().c_str()); | 164 ASSERT_NO_FATAL_FAILURE( |
| 137 ASSERT_STREQ("d", foo_channel_id->cert().c_str()); | 165 ExpectKeysEqual(foo_key.get(), foo_channel_id->key())); |
| 138 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); | 166 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); |
| 139 ASSERT_EQ(4, foo_channel_id->expiration_time().ToInternalValue()); | |
| 140 | 167 |
| 141 // Now delete the cert and check persistence again. | 168 // Now delete the keypair and check persistence again. |
| 142 store_->DeleteChannelID(*channel_ids[0]); | 169 store_->DeleteChannelID(*channel_ids[0]); |
| 143 store_->DeleteChannelID(*channel_ids[1]); | 170 store_->DeleteChannelID(*channel_ids[1]); |
| 144 store_ = NULL; | 171 store_ = NULL; |
| 145 // Make sure we wait until the destructor has run. | 172 // Make sure we wait until the destructor has run. |
| 146 base::RunLoop().RunUntilIdle(); | 173 base::RunLoop().RunUntilIdle(); |
| 147 channel_ids.clear(); | 174 channel_ids.clear(); |
| 148 store_ = | 175 store_ = |
| 149 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 176 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
| 150 base::MessageLoopProxy::current()); | 177 base::MessageLoopProxy::current()); |
| 151 | 178 |
| 152 // Reload and check if the cert has been removed. | 179 // Reload and check if the keypair has been removed. |
| 153 Load(&channel_ids); | 180 Load(&channel_ids); |
| 154 ASSERT_EQ(0U, channel_ids.size()); | 181 ASSERT_EQ(0U, channel_ids.size()); |
| 155 // Close the store. | 182 // Close the store. |
| 156 store_ = NULL; | 183 store_ = NULL; |
| 157 // Make sure we wait until the destructor has run. | 184 // Make sure we wait until the destructor has run. |
| 158 base::RunLoop().RunUntilIdle(); | 185 base::RunLoop().RunUntilIdle(); |
| 159 } | 186 } |
| 160 | 187 |
| 161 // Test if data is stored as expected in the SQLite database. | 188 // Test if data is stored as expected in the SQLite database. |
| 162 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { | 189 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { |
| 163 store_->AddChannelID( | 190 store_->AddChannelID(DefaultChannelIDStore::ChannelID( |
| 164 DefaultChannelIDStore::ChannelID("foo.com", | 191 "foo.com", base::Time::FromInternalValue(3), |
| 165 base::Time::FromInternalValue(3), | 192 scoped_ptr<crypto::ECPrivateKey>(crypto::ECPrivateKey::Create()))); |
| 166 base::Time::FromInternalValue(4), | |
| 167 "c", | |
| 168 "d")); | |
| 169 | 193 |
| 170 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 194 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 171 // Replace the store effectively destroying the current one and forcing it | 195 // Replace the store effectively destroying the current one and forcing it |
| 172 // to write its data to disk. Then we can see if after loading it again it | 196 // to write its data to disk. Then we can see if after loading it again it |
| 173 // is still there. | 197 // is still there. |
| 174 store_ = NULL; | 198 store_ = NULL; |
| 175 // Make sure we wait until the destructor has run. | 199 // Make sure we wait until the destructor has run. |
| 176 base::RunLoop().RunUntilIdle(); | 200 base::RunLoop().RunUntilIdle(); |
| 177 store_ = | 201 store_ = |
| 178 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 202 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
| (...skipping 28 matching lines...) Expand all Loading... |
| 207 } | 231 } |
| 208 | 232 |
| 209 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV1) { | 233 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV1) { |
| 210 // Reset the store. We'll be using a different database for this test. | 234 // Reset the store. We'll be using a different database for this test. |
| 211 store_ = NULL; | 235 store_ = NULL; |
| 212 | 236 |
| 213 base::FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db")); | 237 base::FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db")); |
| 214 | 238 |
| 215 std::string key_data; | 239 std::string key_data; |
| 216 std::string cert_data; | 240 std::string cert_data; |
| 217 ReadTestKeyAndCert(&key_data, &cert_data); | 241 scoped_ptr<crypto::ECPrivateKey> key; |
| 242 ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key)); |
| 218 | 243 |
| 219 // Create a version 1 database. | 244 // Create a version 1 database. |
| 220 { | 245 { |
| 221 sql::Connection db; | 246 sql::Connection db; |
| 222 ASSERT_TRUE(db.Open(v1_db_path)); | 247 ASSERT_TRUE(db.Open(v1_db_path)); |
| 223 ASSERT_TRUE(db.Execute( | 248 ASSERT_TRUE(db.Execute( |
| 224 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 249 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
| 225 "value LONGVARCHAR);" | 250 "value LONGVARCHAR);" |
| 226 "INSERT INTO \"meta\" VALUES('version','1');" | 251 "INSERT INTO \"meta\" VALUES('version','1');" |
| 227 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 252 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 260 store_ = NULL; | 285 store_ = NULL; |
| 261 base::RunLoop().RunUntilIdle(); | 286 base::RunLoop().RunUntilIdle(); |
| 262 | 287 |
| 263 // Verify the database version is updated. | 288 // Verify the database version is updated. |
| 264 { | 289 { |
| 265 sql::Connection db; | 290 sql::Connection db; |
| 266 ASSERT_TRUE(db.Open(v1_db_path)); | 291 ASSERT_TRUE(db.Open(v1_db_path)); |
| 267 sql::Statement smt(db.GetUniqueStatement( | 292 sql::Statement smt(db.GetUniqueStatement( |
| 268 "SELECT value FROM meta WHERE key = \"version\"")); | 293 "SELECT value FROM meta WHERE key = \"version\"")); |
| 269 ASSERT_TRUE(smt.Step()); | 294 ASSERT_TRUE(smt.Step()); |
| 270 EXPECT_EQ(4, smt.ColumnInt(0)); | 295 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 271 EXPECT_FALSE(smt.Step()); | 296 EXPECT_FALSE(smt.Step()); |
| 272 } | 297 } |
| 273 } | 298 } |
| 274 } | 299 } |
| 275 | 300 |
| 276 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { | 301 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { |
| 277 // Reset the store. We'll be using a different database for this test. | 302 // Reset the store. We'll be using a different database for this test. |
| 278 store_ = NULL; | 303 store_ = NULL; |
| 279 | 304 |
| 280 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); | 305 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); |
| 281 | 306 |
| 282 std::string key_data; | 307 std::string key_data; |
| 283 std::string cert_data; | 308 std::string cert_data; |
| 284 ReadTestKeyAndCert(&key_data, &cert_data); | 309 scoped_ptr<crypto::ECPrivateKey> key; |
| 310 ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key)); |
| 285 | 311 |
| 286 // Create a version 2 database. | 312 // Create a version 2 database. |
| 287 { | 313 { |
| 288 sql::Connection db; | 314 sql::Connection db; |
| 289 ASSERT_TRUE(db.Open(v2_db_path)); | 315 ASSERT_TRUE(db.Open(v2_db_path)); |
| 290 ASSERT_TRUE(db.Execute( | 316 ASSERT_TRUE(db.Execute( |
| 291 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 317 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
| 292 "value LONGVARCHAR);" | 318 "value LONGVARCHAR);" |
| 293 "INSERT INTO \"meta\" VALUES('version','2');" | 319 "INSERT INTO \"meta\" VALUES('version','2');" |
| 294 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 320 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
| 295 "CREATE TABLE origin_bound_certs (" | 321 "CREATE TABLE origin_bound_certs (" |
| 296 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 322 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
| 297 "private_key BLOB NOT NULL," | 323 "private_key BLOB NOT NULL," |
| 298 "cert BLOB NOT NULL," | 324 "cert BLOB NOT NULL," |
| 299 "cert_type INTEGER);")); | 325 "cert_type INTEGER);")); |
| 300 | 326 |
| 301 sql::Statement add_smt(db.GetUniqueStatement( | 327 sql::Statement add_smt(db.GetUniqueStatement( |
| 302 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " | 328 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " |
| 303 "VALUES (?,?,?,?)")); | 329 "VALUES (?,?,?,?)")); |
| 304 add_smt.BindString(0, "google.com"); | 330 add_smt.BindString(0, "google.com"); |
| 305 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 331 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 306 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 332 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 307 add_smt.BindInt64(3, 64); | 333 add_smt.BindInt64(3, 64); |
| 308 ASSERT_TRUE(add_smt.Run()); | 334 ASSERT_TRUE(add_smt.Run()); |
| 309 | 335 |
| 336 // Malformed certs will be ignored and not migrated. |
| 310 ASSERT_TRUE(db.Execute( | 337 ASSERT_TRUE(db.Execute( |
| 311 "INSERT INTO \"origin_bound_certs\" VALUES(" | 338 "INSERT INTO \"origin_bound_certs\" VALUES(" |
| 312 "'foo.com',X'AA',X'BB',64);")); | 339 "'foo.com',X'AA',X'BB',64);")); |
| 313 } | 340 } |
| 314 | 341 |
| 315 // Load and test the DB contents twice. First time ensures that we can use | 342 // Load and test the DB contents twice. First time ensures that we can use |
| 316 // the updated values immediately. Second time ensures that the updated | 343 // the updated values immediately. Second time ensures that the updated |
| 317 // values are saved and read correctly on next load. | 344 // values are saved and read correctly on next load. |
| 318 for (int i = 0; i < 2; ++i) { | 345 for (int i = 0; i < 2; ++i) { |
| 319 SCOPED_TRACE(i); | 346 SCOPED_TRACE(i); |
| 320 | 347 |
| 321 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 348 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 322 store_ = | 349 store_ = |
| 323 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); | 350 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); |
| 324 | 351 |
| 325 // Load the database and ensure the certs can be read. | 352 // Load the database and ensure the certs can be read. |
| 326 Load(&channel_ids); | 353 Load(&channel_ids); |
| 327 ASSERT_EQ(2U, channel_ids.size()); | 354 ASSERT_EQ(1U, channel_ids.size()); |
| 328 | 355 |
| 329 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 356 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
| 330 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 357 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
| 331 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 358 ASSERT_NO_FATAL_FAILURE(ExpectKeysEqual(key.get(), channel_ids[0]->key())); |
| 332 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
| 333 | |
| 334 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | |
| 335 // Undecodable cert, expiration time will be uninitialized. | |
| 336 ASSERT_EQ(base::Time(), channel_ids[1]->expiration_time()); | |
| 337 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | |
| 338 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
| 339 | 359 |
| 340 store_ = NULL; | 360 store_ = NULL; |
| 341 // Make sure we wait until the destructor has run. | 361 // Make sure we wait until the destructor has run. |
| 342 base::RunLoop().RunUntilIdle(); | 362 base::RunLoop().RunUntilIdle(); |
| 343 | 363 |
| 344 // Verify the database version is updated. | 364 // Verify the database version is updated. |
| 345 { | 365 { |
| 346 sql::Connection db; | 366 sql::Connection db; |
| 347 ASSERT_TRUE(db.Open(v2_db_path)); | 367 ASSERT_TRUE(db.Open(v2_db_path)); |
| 348 sql::Statement smt(db.GetUniqueStatement( | 368 sql::Statement smt(db.GetUniqueStatement( |
| 349 "SELECT value FROM meta WHERE key = \"version\"")); | 369 "SELECT value FROM meta WHERE key = \"version\"")); |
| 350 ASSERT_TRUE(smt.Step()); | 370 ASSERT_TRUE(smt.Step()); |
| 351 EXPECT_EQ(4, smt.ColumnInt(0)); | 371 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 352 EXPECT_FALSE(smt.Step()); | 372 EXPECT_FALSE(smt.Step()); |
| 353 } | 373 } |
| 354 } | 374 } |
| 355 } | 375 } |
| 356 | 376 |
| 357 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { | 377 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { |
| 358 // Reset the store. We'll be using a different database for this test. | 378 // Reset the store. We'll be using a different database for this test. |
| 359 store_ = NULL; | 379 store_ = NULL; |
| 360 | 380 |
| 361 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); | 381 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); |
| 362 | 382 |
| 363 std::string key_data; | 383 std::string key_data; |
| 364 std::string cert_data; | 384 std::string cert_data; |
| 365 ReadTestKeyAndCert(&key_data, &cert_data); | 385 scoped_ptr<crypto::ECPrivateKey> key; |
| 386 ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key)); |
| 366 | 387 |
| 367 // Create a version 3 database. | 388 // Create a version 3 database. |
| 368 { | 389 { |
| 369 sql::Connection db; | 390 sql::Connection db; |
| 370 ASSERT_TRUE(db.Open(v3_db_path)); | 391 ASSERT_TRUE(db.Open(v3_db_path)); |
| 371 ASSERT_TRUE(db.Execute( | 392 ASSERT_TRUE(db.Execute( |
| 372 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 393 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
| 373 "value LONGVARCHAR);" | 394 "value LONGVARCHAR);" |
| 374 "INSERT INTO \"meta\" VALUES('version','3');" | 395 "INSERT INTO \"meta\" VALUES('version','3');" |
| 375 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 396 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
| 376 "CREATE TABLE origin_bound_certs (" | 397 "CREATE TABLE origin_bound_certs (" |
| 377 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 398 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
| 378 "private_key BLOB NOT NULL," | 399 "private_key BLOB NOT NULL," |
| 379 "cert BLOB NOT NULL," | 400 "cert BLOB NOT NULL," |
| 380 "cert_type INTEGER," | 401 "cert_type INTEGER," |
| 381 "expiration_time INTEGER);")); | 402 "expiration_time INTEGER);")); |
| 382 | 403 |
| 383 sql::Statement add_smt(db.GetUniqueStatement( | 404 sql::Statement add_smt(db.GetUniqueStatement( |
| 384 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " | 405 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
| 385 "expiration_time) VALUES (?,?,?,?,?)")); | 406 "expiration_time) VALUES (?,?,?,?,?)")); |
| 386 add_smt.BindString(0, "google.com"); | 407 add_smt.BindString(0, "google.com"); |
| 387 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 408 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 388 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 409 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 389 add_smt.BindInt64(3, 64); | 410 add_smt.BindInt64(3, 64); |
| 390 add_smt.BindInt64(4, 1000); | 411 add_smt.BindInt64(4, 1000); |
| 391 ASSERT_TRUE(add_smt.Run()); | 412 ASSERT_TRUE(add_smt.Run()); |
| 392 | 413 |
| 414 // Malformed certs will be ignored and not migrated. |
| 393 ASSERT_TRUE(db.Execute( | 415 ASSERT_TRUE(db.Execute( |
| 394 "INSERT INTO \"origin_bound_certs\" VALUES(" | 416 "INSERT INTO \"origin_bound_certs\" VALUES(" |
| 395 "'foo.com',X'AA',X'BB',64,2000);")); | 417 "'foo.com',X'AA',X'BB',64,2000);")); |
| 396 } | 418 } |
| 397 | 419 |
| 398 // Load and test the DB contents twice. First time ensures that we can use | 420 // Load and test the DB contents twice. First time ensures that we can use |
| 399 // the updated values immediately. Second time ensures that the updated | 421 // the updated values immediately. Second time ensures that the updated |
| 400 // values are saved and read correctly on next load. | 422 // values are saved and read correctly on next load. |
| 401 for (int i = 0; i < 2; ++i) { | 423 for (int i = 0; i < 2; ++i) { |
| 402 SCOPED_TRACE(i); | 424 SCOPED_TRACE(i); |
| 403 | 425 |
| 404 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 426 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 405 store_ = | 427 store_ = |
| 406 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); | 428 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); |
| 407 | 429 |
| 408 // Load the database and ensure the certs can be read. | 430 // Load the database and ensure the certs can be read. |
| 409 Load(&channel_ids); | 431 Load(&channel_ids); |
| 410 ASSERT_EQ(2U, channel_ids.size()); | 432 ASSERT_EQ(1U, channel_ids.size()); |
| 411 | 433 |
| 412 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 434 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
| 413 ASSERT_EQ(1000, channel_ids[0]->expiration_time().ToInternalValue()); | |
| 414 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); | 435 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
| 415 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 436 ASSERT_NO_FATAL_FAILURE(ExpectKeysEqual(key.get(), channel_ids[0]->key())); |
| 416 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
| 417 | |
| 418 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | |
| 419 ASSERT_EQ(2000, channel_ids[1]->expiration_time().ToInternalValue()); | |
| 420 // Undecodable cert, creation time will be uninitialized. | |
| 421 ASSERT_EQ(base::Time(), channel_ids[1]->creation_time()); | |
| 422 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | |
| 423 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
| 424 | 437 |
| 425 store_ = NULL; | 438 store_ = NULL; |
| 426 // Make sure we wait until the destructor has run. | 439 // Make sure we wait until the destructor has run. |
| 427 base::RunLoop().RunUntilIdle(); | 440 base::RunLoop().RunUntilIdle(); |
| 428 | 441 |
| 429 // Verify the database version is updated. | 442 // Verify the database version is updated. |
| 430 { | 443 { |
| 431 sql::Connection db; | 444 sql::Connection db; |
| 432 ASSERT_TRUE(db.Open(v3_db_path)); | 445 ASSERT_TRUE(db.Open(v3_db_path)); |
| 433 sql::Statement smt(db.GetUniqueStatement( | 446 sql::Statement smt(db.GetUniqueStatement( |
| 434 "SELECT value FROM meta WHERE key = \"version\"")); | 447 "SELECT value FROM meta WHERE key = \"version\"")); |
| 435 ASSERT_TRUE(smt.Step()); | 448 ASSERT_TRUE(smt.Step()); |
| 436 EXPECT_EQ(4, smt.ColumnInt(0)); | 449 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 437 EXPECT_FALSE(smt.Step()); | 450 EXPECT_FALSE(smt.Step()); |
| 438 } | 451 } |
| 439 } | 452 } |
| 440 } | 453 } |
| 441 | 454 |
| 442 TEST_F(SQLiteChannelIDStoreTest, TestRSADiscarded) { | 455 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV4) { |
| 443 // Reset the store. We'll be using a different database for this test. | 456 // Reset the store. We'll be using a different database for this test. |
| 444 store_ = NULL; | 457 store_ = NULL; |
| 445 | 458 |
| 446 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4dbrsa")); | 459 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4db")); |
| 447 | 460 |
| 448 std::string key_data; | 461 std::string key_data; |
| 449 std::string cert_data; | 462 std::string cert_data; |
| 450 ReadTestKeyAndCert(&key_data, &cert_data); | 463 scoped_ptr<crypto::ECPrivateKey> key; |
| 464 ASSERT_NO_FATAL_FAILURE(ReadTestKeyAndCert(&key_data, &cert_data, &key)); |
| 451 | 465 |
| 452 // Create a version 4 database with a mix of RSA and ECDSA certs. | 466 // Create a version 4 database. |
| 453 { | 467 { |
| 454 sql::Connection db; | 468 sql::Connection db; |
| 455 ASSERT_TRUE(db.Open(v4_db_path)); | 469 ASSERT_TRUE(db.Open(v4_db_path)); |
| 456 ASSERT_TRUE(db.Execute( | 470 ASSERT_TRUE(db.Execute( |
| 457 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 471 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
| 458 "value LONGVARCHAR);" | 472 "value LONGVARCHAR);" |
| 459 "INSERT INTO \"meta\" VALUES('version','4');" | 473 "INSERT INTO \"meta\" VALUES('version','4');" |
| 460 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 474 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
| 461 "CREATE TABLE origin_bound_certs (" | 475 "CREATE TABLE origin_bound_certs (" |
| 462 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 476 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
| 463 "private_key BLOB NOT NULL," | 477 "private_key BLOB NOT NULL," |
| 464 "cert BLOB NOT NULL," | 478 "cert BLOB NOT NULL," |
| 465 "cert_type INTEGER," | 479 "cert_type INTEGER," |
| 466 "expiration_time INTEGER," | 480 "expiration_time INTEGER," |
| 467 "creation_time INTEGER);")); | 481 "creation_time INTEGER);")); |
| 468 | 482 |
| 469 sql::Statement add_smt(db.GetUniqueStatement( | 483 sql::Statement add_smt(db.GetUniqueStatement( |
| 470 "INSERT INTO origin_bound_certs " | 484 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
| 471 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 485 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)")); |
| 472 " VALUES (?,?,?,?,?,?)")); | |
| 473 add_smt.BindString(0, "google.com"); | 486 add_smt.BindString(0, "google.com"); |
| 474 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 487 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 475 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 488 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 476 add_smt.BindInt64(3, 64); | 489 add_smt.BindInt64(3, 64); |
| 477 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 490 add_smt.BindInt64(4, 1000); |
| 478 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 491 add_smt.BindInt64(5, GetTestCertCreationTime().ToInternalValue()); |
| 479 ASSERT_TRUE(add_smt.Run()); | 492 ASSERT_TRUE(add_smt.Run()); |
| 480 | 493 |
| 494 // Add an RSA cert to the db. This cert should be ignored in the migration. |
| 481 add_smt.Clear(); | 495 add_smt.Clear(); |
| 482 add_smt.Assign(db.GetUniqueStatement( | 496 add_smt.Assign(db.GetUniqueStatement( |
| 483 "INSERT INTO origin_bound_certs " | 497 "INSERT INTO origin_bound_certs " |
| 484 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 498 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" |
| 485 " VALUES (?,?,?,?,?,?)")); | 499 " VALUES (?,?,?,?,?,?)")); |
| 486 add_smt.BindString(0, "foo.com"); | 500 add_smt.BindString(0, "foo.com"); |
| 487 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 501 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 488 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 502 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 489 add_smt.BindInt64(3, 1); | 503 add_smt.BindInt64(3, 1); |
| 490 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 504 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); |
| 491 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 505 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); |
| 492 ASSERT_TRUE(add_smt.Run()); | 506 ASSERT_TRUE(add_smt.Run()); |
| 507 |
| 508 // Malformed certs will be ignored and not migrated. |
| 509 ASSERT_TRUE(db.Execute( |
| 510 "INSERT INTO \"origin_bound_certs\" VALUES(" |
| 511 "'bar.com',X'AA',X'BB',64,2000,3000);")); |
| 493 } | 512 } |
| 494 | 513 |
| 495 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 514 // Load and test the DB contents twice. First time ensures that we can use |
| 496 store_ = | 515 // the updated values immediately. Second time ensures that the updated |
| 497 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); | 516 // values are saved and read correctly on next load. |
| 517 for (int i = 0; i < 2; ++i) { |
| 518 SCOPED_TRACE(i); |
| 498 | 519 |
| 499 // Load the database and ensure the certs can be read. | 520 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 500 Load(&channel_ids); | 521 store_ = |
| 501 // Only the ECDSA cert (for google.com) is read, the RSA one is discarded. | 522 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); |
| 502 ASSERT_EQ(1U, channel_ids.size()); | |
| 503 | 523 |
| 504 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 524 // Load the database and ensure the certs can be read. |
| 505 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 525 Load(&channel_ids); |
| 506 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 526 ASSERT_EQ(1U, channel_ids.size()); |
| 507 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
| 508 | 527 |
| 509 store_ = NULL; | 528 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
| 510 // Make sure we wait until the destructor has run. | 529 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
| 511 base::RunLoop().RunUntilIdle(); | 530 ASSERT_NO_FATAL_FAILURE(ExpectKeysEqual(key.get(), channel_ids[0]->key())); |
| 531 |
| 532 store_ = NULL; |
| 533 // Make sure we wait until the destructor has run. |
| 534 base::RunLoop().RunUntilIdle(); |
| 535 |
| 536 // Verify the database version is updated. |
| 537 { |
| 538 sql::Connection db; |
| 539 ASSERT_TRUE(db.Open(v4_db_path)); |
| 540 sql::Statement smt(db.GetUniqueStatement( |
| 541 "SELECT value FROM meta WHERE key = \"version\"")); |
| 542 ASSERT_TRUE(smt.Step()); |
| 543 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 544 EXPECT_FALSE(smt.Step()); |
| 545 } |
| 546 } |
| 512 } | 547 } |
| 513 | 548 |
| 514 } // namespace net | 549 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master