OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/bind.h" | 5 #include "base/bind.h" |
6 #include "base/files/file_util.h" | 6 #include "base/files/file_util.h" |
7 #include "base/files/scoped_temp_dir.h" | 7 #include "base/files/scoped_temp_dir.h" |
8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
9 #include "base/memory/scoped_vector.h" | 9 #include "base/memory/scoped_vector.h" |
10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
11 #include "base/run_loop.h" | 11 #include "base/run_loop.h" |
12 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
13 #include "net/base/test_data_directory.h" | 13 #include "net/base/test_data_directory.h" |
14 #include "net/cert/asn1_util.h" | |
14 #include "net/extras/sqlite/sqlite_channel_id_store.h" | 15 #include "net/extras/sqlite/sqlite_channel_id_store.h" |
15 #include "net/ssl/ssl_client_cert_type.h" | 16 #include "net/ssl/ssl_client_cert_type.h" |
16 #include "net/test/cert_test_util.h" | 17 #include "net/test/cert_test_util.h" |
17 #include "sql/statement.h" | 18 #include "sql/statement.h" |
18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
19 | 20 |
20 namespace net { | 21 namespace net { |
21 | 22 |
22 const base::FilePath::CharType kTestChannelIDFilename[] = | 23 const base::FilePath::CharType kTestChannelIDFilename[] = |
23 FILE_PATH_LITERAL("ChannelID"); | 24 FILE_PATH_LITERAL("ChannelID"); |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
78 store_ = new SQLiteChannelIDStore( | 79 store_ = new SQLiteChannelIDStore( |
79 temp_dir_.path().Append(kTestChannelIDFilename), | 80 temp_dir_.path().Append(kTestChannelIDFilename), |
80 base::MessageLoopProxy::current()); | 81 base::MessageLoopProxy::current()); |
81 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 82 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
82 Load(&channel_ids); | 83 Load(&channel_ids); |
83 ASSERT_EQ(0u, channel_ids.size()); | 84 ASSERT_EQ(0u, channel_ids.size()); |
84 // Make sure the store gets written at least once. | 85 // Make sure the store gets written at least once. |
85 store_->AddChannelID( | 86 store_->AddChannelID( |
86 DefaultChannelIDStore::ChannelID("google.com", | 87 DefaultChannelIDStore::ChannelID("google.com", |
87 base::Time::FromInternalValue(1), | 88 base::Time::FromInternalValue(1), |
88 base::Time::FromInternalValue(2), | |
89 "a", | 89 "a", |
90 "b")); | 90 "b")); |
91 } | 91 } |
92 | 92 |
93 base::ScopedTempDir temp_dir_; | 93 base::ScopedTempDir temp_dir_; |
94 scoped_refptr<SQLiteChannelIDStore> store_; | 94 scoped_refptr<SQLiteChannelIDStore> store_; |
95 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; | 95 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; |
96 }; | 96 }; |
97 | 97 |
98 // Test if data is stored as expected in the SQLite database. | 98 // Test if data is stored as expected in the SQLite database. |
99 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { | 99 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { |
100 store_->AddChannelID( | 100 store_->AddChannelID( |
101 DefaultChannelIDStore::ChannelID("foo.com", | 101 DefaultChannelIDStore::ChannelID("foo.com", |
102 base::Time::FromInternalValue(3), | 102 base::Time::FromInternalValue(3), |
103 base::Time::FromInternalValue(4), | |
104 "c", | 103 "c", |
105 "d")); | 104 "d")); |
106 | 105 |
107 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 106 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
108 // Replace the store effectively destroying the current one and forcing it | 107 // Replace the store effectively destroying the current one and forcing it |
109 // to write its data to disk. Then we can see if after loading it again it | 108 // to write its data to disk. Then we can see if after loading it again it |
110 // is still there. | 109 // is still there. |
111 store_ = NULL; | 110 store_ = NULL; |
112 // Make sure we wait until the destructor has run. | 111 // Make sure we wait until the destructor has run. |
113 base::RunLoop().RunUntilIdle(); | 112 base::RunLoop().RunUntilIdle(); |
114 store_ = | 113 store_ = |
115 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 114 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
116 base::MessageLoopProxy::current()); | 115 base::MessageLoopProxy::current()); |
117 | 116 |
118 // Reload and test for persistence | 117 // Reload and test for persistence |
119 Load(&channel_ids); | 118 Load(&channel_ids); |
120 ASSERT_EQ(2U, channel_ids.size()); | 119 ASSERT_EQ(2U, channel_ids.size()); |
121 DefaultChannelIDStore::ChannelID* goog_channel_id; | 120 DefaultChannelIDStore::ChannelID* goog_channel_id; |
122 DefaultChannelIDStore::ChannelID* foo_channel_id; | 121 DefaultChannelIDStore::ChannelID* foo_channel_id; |
123 if (channel_ids[0]->server_identifier() == "google.com") { | 122 if (channel_ids[0]->server_identifier() == "google.com") { |
124 goog_channel_id = channel_ids[0]; | 123 goog_channel_id = channel_ids[0]; |
125 foo_channel_id = channel_ids[1]; | 124 foo_channel_id = channel_ids[1]; |
126 } else { | 125 } else { |
127 goog_channel_id = channel_ids[1]; | 126 goog_channel_id = channel_ids[1]; |
128 foo_channel_id = channel_ids[0]; | 127 foo_channel_id = channel_ids[0]; |
129 } | 128 } |
130 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); | 129 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); |
131 ASSERT_STREQ("a", goog_channel_id->private_key().c_str()); | 130 ASSERT_STREQ("a", goog_channel_id->private_key().c_str()); |
132 ASSERT_STREQ("b", goog_channel_id->cert().c_str()); | 131 ASSERT_STREQ("b", goog_channel_id->public_key().c_str()); |
133 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); | 132 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); |
134 ASSERT_EQ(2, goog_channel_id->expiration_time().ToInternalValue()); | |
135 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); | 133 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); |
136 ASSERT_STREQ("c", foo_channel_id->private_key().c_str()); | 134 ASSERT_STREQ("c", foo_channel_id->private_key().c_str()); |
137 ASSERT_STREQ("d", foo_channel_id->cert().c_str()); | 135 ASSERT_STREQ("d", foo_channel_id->public_key().c_str()); |
138 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); | 136 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); |
139 ASSERT_EQ(4, foo_channel_id->expiration_time().ToInternalValue()); | |
140 | 137 |
141 // Now delete the cert and check persistence again. | 138 // Now delete the keypair and check persistence again. |
142 store_->DeleteChannelID(*channel_ids[0]); | 139 store_->DeleteChannelID(*channel_ids[0]); |
143 store_->DeleteChannelID(*channel_ids[1]); | 140 store_->DeleteChannelID(*channel_ids[1]); |
144 store_ = NULL; | 141 store_ = NULL; |
145 // Make sure we wait until the destructor has run. | 142 // Make sure we wait until the destructor has run. |
146 base::RunLoop().RunUntilIdle(); | 143 base::RunLoop().RunUntilIdle(); |
147 channel_ids.clear(); | 144 channel_ids.clear(); |
148 store_ = | 145 store_ = |
149 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 146 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
150 base::MessageLoopProxy::current()); | 147 base::MessageLoopProxy::current()); |
151 | 148 |
152 // Reload and check if the cert has been removed. | 149 // Reload and check if the keypair has been removed. |
153 Load(&channel_ids); | 150 Load(&channel_ids); |
154 ASSERT_EQ(0U, channel_ids.size()); | 151 ASSERT_EQ(0U, channel_ids.size()); |
155 // Close the store. | 152 // Close the store. |
156 store_ = NULL; | 153 store_ = NULL; |
157 // Make sure we wait until the destructor has run. | 154 // Make sure we wait until the destructor has run. |
158 base::RunLoop().RunUntilIdle(); | 155 base::RunLoop().RunUntilIdle(); |
159 } | 156 } |
160 | 157 |
161 // Test if data is stored as expected in the SQLite database. | 158 // Test if data is stored as expected in the SQLite database. |
162 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { | 159 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { |
163 store_->AddChannelID( | 160 store_->AddChannelID( |
164 DefaultChannelIDStore::ChannelID("foo.com", | 161 DefaultChannelIDStore::ChannelID("foo.com", |
165 base::Time::FromInternalValue(3), | 162 base::Time::FromInternalValue(3), |
166 base::Time::FromInternalValue(4), | |
167 "c", | 163 "c", |
168 "d")); | 164 "d")); |
169 | 165 |
170 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 166 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
171 // Replace the store effectively destroying the current one and forcing it | 167 // Replace the store effectively destroying the current one and forcing it |
172 // to write its data to disk. Then we can see if after loading it again it | 168 // to write its data to disk. Then we can see if after loading it again it |
173 // is still there. | 169 // is still there. |
174 store_ = NULL; | 170 store_ = NULL; |
175 // Make sure we wait until the destructor has run. | 171 // Make sure we wait until the destructor has run. |
176 base::RunLoop().RunUntilIdle(); | 172 base::RunLoop().RunUntilIdle(); |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
260 store_ = NULL; | 256 store_ = NULL; |
261 base::RunLoop().RunUntilIdle(); | 257 base::RunLoop().RunUntilIdle(); |
262 | 258 |
263 // Verify the database version is updated. | 259 // Verify the database version is updated. |
264 { | 260 { |
265 sql::Connection db; | 261 sql::Connection db; |
266 ASSERT_TRUE(db.Open(v1_db_path)); | 262 ASSERT_TRUE(db.Open(v1_db_path)); |
267 sql::Statement smt(db.GetUniqueStatement( | 263 sql::Statement smt(db.GetUniqueStatement( |
268 "SELECT value FROM meta WHERE key = \"version\"")); | 264 "SELECT value FROM meta WHERE key = \"version\"")); |
269 ASSERT_TRUE(smt.Step()); | 265 ASSERT_TRUE(smt.Step()); |
270 EXPECT_EQ(4, smt.ColumnInt(0)); | 266 EXPECT_EQ(5, smt.ColumnInt(0)); |
271 EXPECT_FALSE(smt.Step()); | 267 EXPECT_FALSE(smt.Step()); |
272 } | 268 } |
273 } | 269 } |
274 } | 270 } |
275 | 271 |
276 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { | 272 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { |
277 // Reset the store. We'll be using a different database for this test. | 273 // Reset the store. We'll be using a different database for this test. |
278 store_ = NULL; | 274 store_ = NULL; |
279 | 275 |
280 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); | 276 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); |
(...skipping 19 matching lines...) Expand all Loading... | |
300 | 296 |
301 sql::Statement add_smt(db.GetUniqueStatement( | 297 sql::Statement add_smt(db.GetUniqueStatement( |
302 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " | 298 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " |
303 "VALUES (?,?,?,?)")); | 299 "VALUES (?,?,?,?)")); |
304 add_smt.BindString(0, "google.com"); | 300 add_smt.BindString(0, "google.com"); |
305 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 301 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
306 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 302 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
307 add_smt.BindInt64(3, 64); | 303 add_smt.BindInt64(3, 64); |
308 ASSERT_TRUE(add_smt.Run()); | 304 ASSERT_TRUE(add_smt.Run()); |
309 | 305 |
306 // Malformed certs will be ignored and not migrated. | |
310 ASSERT_TRUE(db.Execute( | 307 ASSERT_TRUE(db.Execute( |
311 "INSERT INTO \"origin_bound_certs\" VALUES(" | 308 "INSERT INTO \"origin_bound_certs\" VALUES(" |
312 "'foo.com',X'AA',X'BB',64);")); | 309 "'foo.com',X'AA',X'BB',64);")); |
313 } | 310 } |
314 | 311 |
315 // Load and test the DB contents twice. First time ensures that we can use | 312 // Load and test the DB contents twice. First time ensures that we can use |
316 // the updated values immediately. Second time ensures that the updated | 313 // the updated values immediately. Second time ensures that the updated |
317 // values are saved and read correctly on next load. | 314 // values are saved and read correctly on next load. |
318 for (int i = 0; i < 2; ++i) { | 315 for (int i = 0; i < 2; ++i) { |
319 SCOPED_TRACE(i); | 316 SCOPED_TRACE(i); |
320 | 317 |
321 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 318 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
322 store_ = | 319 store_ = |
323 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); | 320 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); |
324 | 321 |
325 // Load the database and ensure the certs can be read. | 322 // Load the database and ensure the certs can be read. |
326 Load(&channel_ids); | 323 Load(&channel_ids); |
327 ASSERT_EQ(2U, channel_ids.size()); | 324 ASSERT_EQ(1U, channel_ids.size()); |
328 | 325 |
329 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 326 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
330 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 327 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
331 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 328 ASSERT_EQ(key_data, channel_ids[0]->private_key()); |
332 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
333 | 329 |
334 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | 330 base::StringPiece spki_from_cert; |
335 // Undecodable cert, expiration time will be uninitialized. | 331 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(cert_data, &spki_from_cert)); |
336 ASSERT_EQ(base::Time(), channel_ids[1]->expiration_time()); | 332 std::string spki_string(spki_from_cert.data(), spki_from_cert.size()); |
337 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | 333 EXPECT_EQ(spki_string, channel_ids[0]->public_key()); |
338 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
339 | 334 |
340 store_ = NULL; | 335 store_ = NULL; |
341 // Make sure we wait until the destructor has run. | 336 // Make sure we wait until the destructor has run. |
342 base::RunLoop().RunUntilIdle(); | 337 base::RunLoop().RunUntilIdle(); |
343 | 338 |
344 // Verify the database version is updated. | 339 // Verify the database version is updated. |
345 { | 340 { |
346 sql::Connection db; | 341 sql::Connection db; |
347 ASSERT_TRUE(db.Open(v2_db_path)); | 342 ASSERT_TRUE(db.Open(v2_db_path)); |
348 sql::Statement smt(db.GetUniqueStatement( | 343 sql::Statement smt(db.GetUniqueStatement( |
349 "SELECT value FROM meta WHERE key = \"version\"")); | 344 "SELECT value FROM meta WHERE key = \"version\"")); |
350 ASSERT_TRUE(smt.Step()); | 345 ASSERT_TRUE(smt.Step()); |
351 EXPECT_EQ(4, smt.ColumnInt(0)); | 346 EXPECT_EQ(5, smt.ColumnInt(0)); |
352 EXPECT_FALSE(smt.Step()); | 347 EXPECT_FALSE(smt.Step()); |
353 } | 348 } |
354 } | 349 } |
355 } | 350 } |
356 | 351 |
357 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { | 352 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { |
358 // Reset the store. We'll be using a different database for this test. | 353 // Reset the store. We'll be using a different database for this test. |
359 store_ = NULL; | 354 store_ = NULL; |
360 | 355 |
361 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); | 356 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); |
(...skipping 21 matching lines...) Expand all Loading... | |
383 sql::Statement add_smt(db.GetUniqueStatement( | 378 sql::Statement add_smt(db.GetUniqueStatement( |
384 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " | 379 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
385 "expiration_time) VALUES (?,?,?,?,?)")); | 380 "expiration_time) VALUES (?,?,?,?,?)")); |
386 add_smt.BindString(0, "google.com"); | 381 add_smt.BindString(0, "google.com"); |
387 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 382 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
388 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 383 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
389 add_smt.BindInt64(3, 64); | 384 add_smt.BindInt64(3, 64); |
390 add_smt.BindInt64(4, 1000); | 385 add_smt.BindInt64(4, 1000); |
391 ASSERT_TRUE(add_smt.Run()); | 386 ASSERT_TRUE(add_smt.Run()); |
392 | 387 |
388 // Malformed certs will be ignored and not migrated. | |
393 ASSERT_TRUE(db.Execute( | 389 ASSERT_TRUE(db.Execute( |
394 "INSERT INTO \"origin_bound_certs\" VALUES(" | 390 "INSERT INTO \"origin_bound_certs\" VALUES(" |
395 "'foo.com',X'AA',X'BB',64,2000);")); | 391 "'foo.com',X'AA',X'BB',64,2000);")); |
396 } | 392 } |
397 | 393 |
398 // Load and test the DB contents twice. First time ensures that we can use | 394 // Load and test the DB contents twice. First time ensures that we can use |
399 // the updated values immediately. Second time ensures that the updated | 395 // the updated values immediately. Second time ensures that the updated |
400 // values are saved and read correctly on next load. | 396 // values are saved and read correctly on next load. |
401 for (int i = 0; i < 2; ++i) { | 397 for (int i = 0; i < 2; ++i) { |
402 SCOPED_TRACE(i); | 398 SCOPED_TRACE(i); |
403 | 399 |
404 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 400 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
405 store_ = | 401 store_ = |
406 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); | 402 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); |
407 | 403 |
408 // Load the database and ensure the certs can be read. | 404 // Load the database and ensure the certs can be read. |
409 Load(&channel_ids); | 405 Load(&channel_ids); |
410 ASSERT_EQ(2U, channel_ids.size()); | 406 ASSERT_EQ(1U, channel_ids.size()); |
411 | 407 |
412 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 408 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
413 ASSERT_EQ(1000, channel_ids[0]->expiration_time().ToInternalValue()); | |
414 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); | 409 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
415 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 410 ASSERT_EQ(key_data, channel_ids[0]->private_key()); |
416 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
417 | 411 |
418 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | 412 base::StringPiece spki_from_cert; |
419 ASSERT_EQ(2000, channel_ids[1]->expiration_time().ToInternalValue()); | 413 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(cert_data, &spki_from_cert)); |
420 // Undecodable cert, creation time will be uninitialized. | 414 std::string spki_string(spki_from_cert.data(), spki_from_cert.size()); |
421 ASSERT_EQ(base::Time(), channel_ids[1]->creation_time()); | 415 EXPECT_EQ(spki_string, channel_ids[0]->public_key()); |
422 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | |
423 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
424 | 416 |
425 store_ = NULL; | 417 store_ = NULL; |
426 // Make sure we wait until the destructor has run. | 418 // Make sure we wait until the destructor has run. |
427 base::RunLoop().RunUntilIdle(); | 419 base::RunLoop().RunUntilIdle(); |
428 | 420 |
429 // Verify the database version is updated. | 421 // Verify the database version is updated. |
430 { | 422 { |
431 sql::Connection db; | 423 sql::Connection db; |
432 ASSERT_TRUE(db.Open(v3_db_path)); | 424 ASSERT_TRUE(db.Open(v3_db_path)); |
433 sql::Statement smt(db.GetUniqueStatement( | 425 sql::Statement smt(db.GetUniqueStatement( |
434 "SELECT value FROM meta WHERE key = \"version\"")); | 426 "SELECT value FROM meta WHERE key = \"version\"")); |
435 ASSERT_TRUE(smt.Step()); | 427 ASSERT_TRUE(smt.Step()); |
436 EXPECT_EQ(4, smt.ColumnInt(0)); | 428 EXPECT_EQ(5, smt.ColumnInt(0)); |
437 EXPECT_FALSE(smt.Step()); | 429 EXPECT_FALSE(smt.Step()); |
438 } | 430 } |
439 } | 431 } |
440 } | 432 } |
441 | 433 |
442 TEST_F(SQLiteChannelIDStoreTest, TestRSADiscarded) { | 434 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV4) { |
443 // Reset the store. We'll be using a different database for this test. | 435 // Reset the store. We'll be using a different database for this test. |
444 store_ = NULL; | 436 store_ = NULL; |
445 | 437 |
446 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4dbrsa")); | 438 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4db")); |
447 | 439 |
448 std::string key_data; | 440 std::string key_data; |
449 std::string cert_data; | 441 std::string cert_data; |
450 ReadTestKeyAndCert(&key_data, &cert_data); | 442 ReadTestKeyAndCert(&key_data, &cert_data); |
451 | 443 |
452 // Create a version 4 database with a mix of RSA and ECDSA certs. | 444 // Create a version 3 database. |
Ryan Sleevi
2015/04/15 22:50:02
typo? You say UpgradeV4, but then say v3 here
nharper
2015/04/25 02:59:19
Typo. Fixed.
| |
453 { | 445 { |
454 sql::Connection db; | 446 sql::Connection db; |
455 ASSERT_TRUE(db.Open(v4_db_path)); | 447 ASSERT_TRUE(db.Open(v4_db_path)); |
456 ASSERT_TRUE(db.Execute( | 448 ASSERT_TRUE(db.Execute( |
457 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 449 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
458 "value LONGVARCHAR);" | 450 "value LONGVARCHAR);" |
459 "INSERT INTO \"meta\" VALUES('version','4');" | 451 "INSERT INTO \"meta\" VALUES('version','4');" |
460 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 452 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
461 "CREATE TABLE origin_bound_certs (" | 453 "CREATE TABLE origin_bound_certs (" |
462 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 454 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
463 "private_key BLOB NOT NULL," | 455 "private_key BLOB NOT NULL," |
464 "cert BLOB NOT NULL," | 456 "cert BLOB NOT NULL," |
465 "cert_type INTEGER," | 457 "cert_type INTEGER," |
466 "expiration_time INTEGER," | 458 "expiration_time INTEGER," |
467 "creation_time INTEGER);")); | 459 "creation_time INTEGER);")); |
468 | 460 |
469 sql::Statement add_smt(db.GetUniqueStatement( | 461 sql::Statement add_smt(db.GetUniqueStatement( |
470 "INSERT INTO origin_bound_certs " | 462 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
471 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 463 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)")); |
472 " VALUES (?,?,?,?,?,?)")); | |
473 add_smt.BindString(0, "google.com"); | 464 add_smt.BindString(0, "google.com"); |
474 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 465 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
475 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 466 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
476 add_smt.BindInt64(3, 64); | 467 add_smt.BindInt64(3, 64); |
477 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 468 add_smt.BindInt64(4, 1000); |
Ryan Sleevi
2015/04/15 22:50:02
Does this mean we migrate expired channel IDs? Is
mattm
2015/04/15 23:11:46
Seems right to me, since we've been ignoring the e
nharper
2015/04/25 02:59:19
Yes, it means we migrate keys that have expired ce
| |
478 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 469 add_smt.BindInt64(5, GetTestCertCreationTime().ToInternalValue()); |
479 ASSERT_TRUE(add_smt.Run()); | 470 ASSERT_TRUE(add_smt.Run()); |
480 | 471 |
472 // Add an RSA cert to the db. This cert should be ignored in the migration. | |
481 add_smt.Clear(); | 473 add_smt.Clear(); |
482 add_smt.Assign(db.GetUniqueStatement( | 474 add_smt.Assign(db.GetUniqueStatement( |
483 "INSERT INTO origin_bound_certs " | 475 "INSERT INTO origin_bound_certs " |
484 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 476 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" |
485 " VALUES (?,?,?,?,?,?)")); | 477 " VALUES (?,?,?,?,?,?)")); |
486 add_smt.BindString(0, "foo.com"); | 478 add_smt.BindString(0, "foo.com"); |
487 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 479 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
488 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 480 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
489 add_smt.BindInt64(3, 1); | 481 add_smt.BindInt64(3, 1); |
490 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 482 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); |
491 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 483 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); |
492 ASSERT_TRUE(add_smt.Run()); | 484 ASSERT_TRUE(add_smt.Run()); |
485 | |
486 // Malformed certs will be ignored and not migrated. | |
487 ASSERT_TRUE(db.Execute( | |
488 "INSERT INTO \"origin_bound_certs\" VALUES(" | |
489 "'bar.com',X'AA',X'BB',64,2000,3000);")); | |
493 } | 490 } |
494 | 491 |
495 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 492 // Load and test the DB contents twice. First time ensures that we can use |
496 store_ = | 493 // the updated values immediately. Second time ensures that the updated |
497 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); | 494 // values are saved and read correctly on next load. |
495 for (int i = 0; i < 2; ++i) { | |
496 SCOPED_TRACE(i); | |
498 | 497 |
499 // Load the database and ensure the certs can be read. | 498 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
500 Load(&channel_ids); | 499 store_ = |
501 // Only the ECDSA cert (for google.com) is read, the RSA one is discarded. | 500 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); |
502 ASSERT_EQ(1U, channel_ids.size()); | |
503 | 501 |
504 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 502 // Load the database and ensure the certs can be read. |
505 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 503 Load(&channel_ids); |
506 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 504 ASSERT_EQ(1U, channel_ids.size()); |
507 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
508 | 505 |
509 store_ = NULL; | 506 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
510 // Make sure we wait until the destructor has run. | 507 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
511 base::RunLoop().RunUntilIdle(); | 508 ASSERT_EQ(key_data, channel_ids[0]->private_key()); |
509 | |
510 base::StringPiece spki_from_cert; | |
511 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(cert_data, &spki_from_cert)); | |
512 std::string spki_string(spki_from_cert.data(), spki_from_cert.size()); | |
513 EXPECT_EQ(spki_string, channel_ids[0]->public_key()); | |
514 | |
515 store_ = NULL; | |
516 // Make sure we wait until the destructor has run. | |
517 base::RunLoop().RunUntilIdle(); | |
518 | |
519 // Verify the database version is updated. | |
520 { | |
521 sql::Connection db; | |
522 ASSERT_TRUE(db.Open(v4_db_path)); | |
523 sql::Statement smt(db.GetUniqueStatement( | |
524 "SELECT value FROM meta WHERE key = \"version\"")); | |
525 ASSERT_TRUE(smt.Step()); | |
526 EXPECT_EQ(5, smt.ColumnInt(0)); | |
527 EXPECT_FALSE(smt.Step()); | |
528 } | |
529 } | |
512 } | 530 } |
513 | 531 |
514 } // namespace net | 532 } // namespace net |
OLD | NEW |