| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/files/file_util.h" | 6 #include "base/files/file_util.h" |
| 7 #include "base/files/scoped_temp_dir.h" | 7 #include "base/files/scoped_temp_dir.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/memory/scoped_vector.h" | 9 #include "base/memory/scoped_vector.h" |
| 10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
| 11 #include "base/run_loop.h" | 11 #include "base/run_loop.h" |
| 12 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 13 #include "net/base/test_data_directory.h" | 13 #include "net/base/test_data_directory.h" |
| 14 #include "net/cert/asn1_util.h" |
| 14 #include "net/extras/sqlite/sqlite_channel_id_store.h" | 15 #include "net/extras/sqlite/sqlite_channel_id_store.h" |
| 15 #include "net/ssl/ssl_client_cert_type.h" | 16 #include "net/ssl/ssl_client_cert_type.h" |
| 16 #include "net/test/cert_test_util.h" | 17 #include "net/test/cert_test_util.h" |
| 17 #include "sql/statement.h" | 18 #include "sql/statement.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" | 19 #include "testing/gtest/include/gtest/gtest.h" |
| 19 | 20 |
| 20 namespace net { | 21 namespace net { |
| 21 | 22 |
| 22 const base::FilePath::CharType kTestChannelIDFilename[] = | 23 const base::FilePath::CharType kTestChannelIDFilename[] = |
| 23 FILE_PATH_LITERAL("ChannelID"); | 24 FILE_PATH_LITERAL("ChannelID"); |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 78 store_ = new SQLiteChannelIDStore( | 79 store_ = new SQLiteChannelIDStore( |
| 79 temp_dir_.path().Append(kTestChannelIDFilename), | 80 temp_dir_.path().Append(kTestChannelIDFilename), |
| 80 base::MessageLoopProxy::current()); | 81 base::MessageLoopProxy::current()); |
| 81 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 82 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 82 Load(&channel_ids); | 83 Load(&channel_ids); |
| 83 ASSERT_EQ(0u, channel_ids.size()); | 84 ASSERT_EQ(0u, channel_ids.size()); |
| 84 // Make sure the store gets written at least once. | 85 // Make sure the store gets written at least once. |
| 85 store_->AddChannelID( | 86 store_->AddChannelID( |
| 86 DefaultChannelIDStore::ChannelID("google.com", | 87 DefaultChannelIDStore::ChannelID("google.com", |
| 87 base::Time::FromInternalValue(1), | 88 base::Time::FromInternalValue(1), |
| 88 base::Time::FromInternalValue(2), | |
| 89 "a", | 89 "a", |
| 90 "b")); | 90 "b")); |
| 91 } | 91 } |
| 92 | 92 |
| 93 base::ScopedTempDir temp_dir_; | 93 base::ScopedTempDir temp_dir_; |
| 94 scoped_refptr<SQLiteChannelIDStore> store_; | 94 scoped_refptr<SQLiteChannelIDStore> store_; |
| 95 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; | 95 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids_; |
| 96 }; | 96 }; |
| 97 | 97 |
| 98 // Test if data is stored as expected in the SQLite database. | 98 // Test if data is stored as expected in the SQLite database. |
| 99 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { | 99 TEST_F(SQLiteChannelIDStoreTest, TestPersistence) { |
| 100 store_->AddChannelID( | 100 store_->AddChannelID( |
| 101 DefaultChannelIDStore::ChannelID("foo.com", | 101 DefaultChannelIDStore::ChannelID("foo.com", |
| 102 base::Time::FromInternalValue(3), | 102 base::Time::FromInternalValue(3), |
| 103 base::Time::FromInternalValue(4), | |
| 104 "c", | 103 "c", |
| 105 "d")); | 104 "d")); |
| 106 | 105 |
| 107 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 106 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 108 // Replace the store effectively destroying the current one and forcing it | 107 // Replace the store effectively destroying the current one and forcing it |
| 109 // to write its data to disk. Then we can see if after loading it again it | 108 // to write its data to disk. Then we can see if after loading it again it |
| 110 // is still there. | 109 // is still there. |
| 111 store_ = NULL; | 110 store_ = NULL; |
| 112 // Make sure we wait until the destructor has run. | 111 // Make sure we wait until the destructor has run. |
| 113 base::RunLoop().RunUntilIdle(); | 112 base::RunLoop().RunUntilIdle(); |
| 114 store_ = | 113 store_ = |
| 115 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 114 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
| 116 base::MessageLoopProxy::current()); | 115 base::MessageLoopProxy::current()); |
| 117 | 116 |
| 118 // Reload and test for persistence | 117 // Reload and test for persistence |
| 119 Load(&channel_ids); | 118 Load(&channel_ids); |
| 120 ASSERT_EQ(2U, channel_ids.size()); | 119 ASSERT_EQ(2U, channel_ids.size()); |
| 121 DefaultChannelIDStore::ChannelID* goog_channel_id; | 120 DefaultChannelIDStore::ChannelID* goog_channel_id; |
| 122 DefaultChannelIDStore::ChannelID* foo_channel_id; | 121 DefaultChannelIDStore::ChannelID* foo_channel_id; |
| 123 if (channel_ids[0]->server_identifier() == "google.com") { | 122 if (channel_ids[0]->server_identifier() == "google.com") { |
| 124 goog_channel_id = channel_ids[0]; | 123 goog_channel_id = channel_ids[0]; |
| 125 foo_channel_id = channel_ids[1]; | 124 foo_channel_id = channel_ids[1]; |
| 126 } else { | 125 } else { |
| 127 goog_channel_id = channel_ids[1]; | 126 goog_channel_id = channel_ids[1]; |
| 128 foo_channel_id = channel_ids[0]; | 127 foo_channel_id = channel_ids[0]; |
| 129 } | 128 } |
| 130 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); | 129 ASSERT_EQ("google.com", goog_channel_id->server_identifier()); |
| 131 ASSERT_STREQ("a", goog_channel_id->private_key().c_str()); | 130 ASSERT_STREQ("a", goog_channel_id->private_key().c_str()); |
| 132 ASSERT_STREQ("b", goog_channel_id->cert().c_str()); | 131 ASSERT_STREQ("b", goog_channel_id->public_key().c_str()); |
| 133 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); | 132 ASSERT_EQ(1, goog_channel_id->creation_time().ToInternalValue()); |
| 134 ASSERT_EQ(2, goog_channel_id->expiration_time().ToInternalValue()); | |
| 135 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); | 133 ASSERT_EQ("foo.com", foo_channel_id->server_identifier()); |
| 136 ASSERT_STREQ("c", foo_channel_id->private_key().c_str()); | 134 ASSERT_STREQ("c", foo_channel_id->private_key().c_str()); |
| 137 ASSERT_STREQ("d", foo_channel_id->cert().c_str()); | 135 ASSERT_STREQ("d", foo_channel_id->public_key().c_str()); |
| 138 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); | 136 ASSERT_EQ(3, foo_channel_id->creation_time().ToInternalValue()); |
| 139 ASSERT_EQ(4, foo_channel_id->expiration_time().ToInternalValue()); | |
| 140 | 137 |
| 141 // Now delete the cert and check persistence again. | 138 // Now delete the keypair and check persistence again. |
| 142 store_->DeleteChannelID(*channel_ids[0]); | 139 store_->DeleteChannelID(*channel_ids[0]); |
| 143 store_->DeleteChannelID(*channel_ids[1]); | 140 store_->DeleteChannelID(*channel_ids[1]); |
| 144 store_ = NULL; | 141 store_ = NULL; |
| 145 // Make sure we wait until the destructor has run. | 142 // Make sure we wait until the destructor has run. |
| 146 base::RunLoop().RunUntilIdle(); | 143 base::RunLoop().RunUntilIdle(); |
| 147 channel_ids.clear(); | 144 channel_ids.clear(); |
| 148 store_ = | 145 store_ = |
| 149 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), | 146 new SQLiteChannelIDStore(temp_dir_.path().Append(kTestChannelIDFilename), |
| 150 base::MessageLoopProxy::current()); | 147 base::MessageLoopProxy::current()); |
| 151 | 148 |
| 152 // Reload and check if the cert has been removed. | 149 // Reload and check if the keypair has been removed. |
| 153 Load(&channel_ids); | 150 Load(&channel_ids); |
| 154 ASSERT_EQ(0U, channel_ids.size()); | 151 ASSERT_EQ(0U, channel_ids.size()); |
| 155 // Close the store. | 152 // Close the store. |
| 156 store_ = NULL; | 153 store_ = NULL; |
| 157 // Make sure we wait until the destructor has run. | 154 // Make sure we wait until the destructor has run. |
| 158 base::RunLoop().RunUntilIdle(); | 155 base::RunLoop().RunUntilIdle(); |
| 159 } | 156 } |
| 160 | 157 |
| 161 // Test if data is stored as expected in the SQLite database. | 158 // Test if data is stored as expected in the SQLite database. |
| 162 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { | 159 TEST_F(SQLiteChannelIDStoreTest, TestDeleteAll) { |
| 163 store_->AddChannelID( | 160 store_->AddChannelID( |
| 164 DefaultChannelIDStore::ChannelID("foo.com", | 161 DefaultChannelIDStore::ChannelID("foo.com", |
| 165 base::Time::FromInternalValue(3), | 162 base::Time::FromInternalValue(3), |
| 166 base::Time::FromInternalValue(4), | |
| 167 "c", | 163 "c", |
| 168 "d")); | 164 "d")); |
| 169 | 165 |
| 170 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 166 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 171 // Replace the store effectively destroying the current one and forcing it | 167 // Replace the store effectively destroying the current one and forcing it |
| 172 // to write its data to disk. Then we can see if after loading it again it | 168 // to write its data to disk. Then we can see if after loading it again it |
| 173 // is still there. | 169 // is still there. |
| 174 store_ = NULL; | 170 store_ = NULL; |
| 175 // Make sure we wait until the destructor has run. | 171 // Make sure we wait until the destructor has run. |
| 176 base::RunLoop().RunUntilIdle(); | 172 base::RunLoop().RunUntilIdle(); |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 260 store_ = NULL; | 256 store_ = NULL; |
| 261 base::RunLoop().RunUntilIdle(); | 257 base::RunLoop().RunUntilIdle(); |
| 262 | 258 |
| 263 // Verify the database version is updated. | 259 // Verify the database version is updated. |
| 264 { | 260 { |
| 265 sql::Connection db; | 261 sql::Connection db; |
| 266 ASSERT_TRUE(db.Open(v1_db_path)); | 262 ASSERT_TRUE(db.Open(v1_db_path)); |
| 267 sql::Statement smt(db.GetUniqueStatement( | 263 sql::Statement smt(db.GetUniqueStatement( |
| 268 "SELECT value FROM meta WHERE key = \"version\"")); | 264 "SELECT value FROM meta WHERE key = \"version\"")); |
| 269 ASSERT_TRUE(smt.Step()); | 265 ASSERT_TRUE(smt.Step()); |
| 270 EXPECT_EQ(4, smt.ColumnInt(0)); | 266 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 271 EXPECT_FALSE(smt.Step()); | 267 EXPECT_FALSE(smt.Step()); |
| 272 } | 268 } |
| 273 } | 269 } |
| 274 } | 270 } |
| 275 | 271 |
| 276 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { | 272 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV2) { |
| 277 // Reset the store. We'll be using a different database for this test. | 273 // Reset the store. We'll be using a different database for this test. |
| 278 store_ = NULL; | 274 store_ = NULL; |
| 279 | 275 |
| 280 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); | 276 base::FilePath v2_db_path(temp_dir_.path().AppendASCII("v2db")); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 300 | 296 |
| 301 sql::Statement add_smt(db.GetUniqueStatement( | 297 sql::Statement add_smt(db.GetUniqueStatement( |
| 302 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " | 298 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) " |
| 303 "VALUES (?,?,?,?)")); | 299 "VALUES (?,?,?,?)")); |
| 304 add_smt.BindString(0, "google.com"); | 300 add_smt.BindString(0, "google.com"); |
| 305 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 301 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 306 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 302 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 307 add_smt.BindInt64(3, 64); | 303 add_smt.BindInt64(3, 64); |
| 308 ASSERT_TRUE(add_smt.Run()); | 304 ASSERT_TRUE(add_smt.Run()); |
| 309 | 305 |
| 306 // Malformed certs will be ignored and not migrated. |
| 310 ASSERT_TRUE(db.Execute( | 307 ASSERT_TRUE(db.Execute( |
| 311 "INSERT INTO \"origin_bound_certs\" VALUES(" | 308 "INSERT INTO \"origin_bound_certs\" VALUES(" |
| 312 "'foo.com',X'AA',X'BB',64);")); | 309 "'foo.com',X'AA',X'BB',64);")); |
| 313 } | 310 } |
| 314 | 311 |
| 315 // Load and test the DB contents twice. First time ensures that we can use | 312 // Load and test the DB contents twice. First time ensures that we can use |
| 316 // the updated values immediately. Second time ensures that the updated | 313 // the updated values immediately. Second time ensures that the updated |
| 317 // values are saved and read correctly on next load. | 314 // values are saved and read correctly on next load. |
| 318 for (int i = 0; i < 2; ++i) { | 315 for (int i = 0; i < 2; ++i) { |
| 319 SCOPED_TRACE(i); | 316 SCOPED_TRACE(i); |
| 320 | 317 |
| 321 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 318 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 322 store_ = | 319 store_ = |
| 323 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); | 320 new SQLiteChannelIDStore(v2_db_path, base::MessageLoopProxy::current()); |
| 324 | 321 |
| 325 // Load the database and ensure the certs can be read. | 322 // Load the database and ensure the certs can be read. |
| 326 Load(&channel_ids); | 323 Load(&channel_ids); |
| 327 ASSERT_EQ(2U, channel_ids.size()); | 324 ASSERT_EQ(1U, channel_ids.size()); |
| 328 | 325 |
| 329 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 326 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
| 330 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 327 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
| 331 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 328 ASSERT_EQ(key_data, channel_ids[0]->private_key()); |
| 332 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
| 333 | 329 |
| 334 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | 330 base::StringPiece spki_from_cert; |
| 335 // Undecodable cert, expiration time will be uninitialized. | 331 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(cert_data, &spki_from_cert)); |
| 336 ASSERT_EQ(base::Time(), channel_ids[1]->expiration_time()); | 332 std::string spki_string(spki_from_cert.data(), spki_from_cert.size()); |
| 337 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | 333 EXPECT_EQ(spki_string, channel_ids[0]->public_key()); |
| 338 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
| 339 | 334 |
| 340 store_ = NULL; | 335 store_ = NULL; |
| 341 // Make sure we wait until the destructor has run. | 336 // Make sure we wait until the destructor has run. |
| 342 base::RunLoop().RunUntilIdle(); | 337 base::RunLoop().RunUntilIdle(); |
| 343 | 338 |
| 344 // Verify the database version is updated. | 339 // Verify the database version is updated. |
| 345 { | 340 { |
| 346 sql::Connection db; | 341 sql::Connection db; |
| 347 ASSERT_TRUE(db.Open(v2_db_path)); | 342 ASSERT_TRUE(db.Open(v2_db_path)); |
| 348 sql::Statement smt(db.GetUniqueStatement( | 343 sql::Statement smt(db.GetUniqueStatement( |
| 349 "SELECT value FROM meta WHERE key = \"version\"")); | 344 "SELECT value FROM meta WHERE key = \"version\"")); |
| 350 ASSERT_TRUE(smt.Step()); | 345 ASSERT_TRUE(smt.Step()); |
| 351 EXPECT_EQ(4, smt.ColumnInt(0)); | 346 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 352 EXPECT_FALSE(smt.Step()); | 347 EXPECT_FALSE(smt.Step()); |
| 353 } | 348 } |
| 354 } | 349 } |
| 355 } | 350 } |
| 356 | 351 |
| 357 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { | 352 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV3) { |
| 358 // Reset the store. We'll be using a different database for this test. | 353 // Reset the store. We'll be using a different database for this test. |
| 359 store_ = NULL; | 354 store_ = NULL; |
| 360 | 355 |
| 361 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); | 356 base::FilePath v3_db_path(temp_dir_.path().AppendASCII("v3db")); |
| (...skipping 21 matching lines...) Expand all Loading... |
| 383 sql::Statement add_smt(db.GetUniqueStatement( | 378 sql::Statement add_smt(db.GetUniqueStatement( |
| 384 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " | 379 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
| 385 "expiration_time) VALUES (?,?,?,?,?)")); | 380 "expiration_time) VALUES (?,?,?,?,?)")); |
| 386 add_smt.BindString(0, "google.com"); | 381 add_smt.BindString(0, "google.com"); |
| 387 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 382 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 388 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 383 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 389 add_smt.BindInt64(3, 64); | 384 add_smt.BindInt64(3, 64); |
| 390 add_smt.BindInt64(4, 1000); | 385 add_smt.BindInt64(4, 1000); |
| 391 ASSERT_TRUE(add_smt.Run()); | 386 ASSERT_TRUE(add_smt.Run()); |
| 392 | 387 |
| 388 // Malformed certs will be ignored and not migrated. |
| 393 ASSERT_TRUE(db.Execute( | 389 ASSERT_TRUE(db.Execute( |
| 394 "INSERT INTO \"origin_bound_certs\" VALUES(" | 390 "INSERT INTO \"origin_bound_certs\" VALUES(" |
| 395 "'foo.com',X'AA',X'BB',64,2000);")); | 391 "'foo.com',X'AA',X'BB',64,2000);")); |
| 396 } | 392 } |
| 397 | 393 |
| 398 // Load and test the DB contents twice. First time ensures that we can use | 394 // Load and test the DB contents twice. First time ensures that we can use |
| 399 // the updated values immediately. Second time ensures that the updated | 395 // the updated values immediately. Second time ensures that the updated |
| 400 // values are saved and read correctly on next load. | 396 // values are saved and read correctly on next load. |
| 401 for (int i = 0; i < 2; ++i) { | 397 for (int i = 0; i < 2; ++i) { |
| 402 SCOPED_TRACE(i); | 398 SCOPED_TRACE(i); |
| 403 | 399 |
| 404 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 400 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 405 store_ = | 401 store_ = |
| 406 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); | 402 new SQLiteChannelIDStore(v3_db_path, base::MessageLoopProxy::current()); |
| 407 | 403 |
| 408 // Load the database and ensure the certs can be read. | 404 // Load the database and ensure the certs can be read. |
| 409 Load(&channel_ids); | 405 Load(&channel_ids); |
| 410 ASSERT_EQ(2U, channel_ids.size()); | 406 ASSERT_EQ(1U, channel_ids.size()); |
| 411 | 407 |
| 412 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 408 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
| 413 ASSERT_EQ(1000, channel_ids[0]->expiration_time().ToInternalValue()); | |
| 414 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); | 409 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
| 415 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 410 ASSERT_EQ(key_data, channel_ids[0]->private_key()); |
| 416 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
| 417 | 411 |
| 418 ASSERT_EQ("foo.com", channel_ids[1]->server_identifier()); | 412 base::StringPiece spki_from_cert; |
| 419 ASSERT_EQ(2000, channel_ids[1]->expiration_time().ToInternalValue()); | 413 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(cert_data, &spki_from_cert)); |
| 420 // Undecodable cert, creation time will be uninitialized. | 414 std::string spki_string(spki_from_cert.data(), spki_from_cert.size()); |
| 421 ASSERT_EQ(base::Time(), channel_ids[1]->creation_time()); | 415 EXPECT_EQ(spki_string, channel_ids[0]->public_key()); |
| 422 ASSERT_STREQ("\xaa", channel_ids[1]->private_key().c_str()); | |
| 423 ASSERT_STREQ("\xbb", channel_ids[1]->cert().c_str()); | |
| 424 | 416 |
| 425 store_ = NULL; | 417 store_ = NULL; |
| 426 // Make sure we wait until the destructor has run. | 418 // Make sure we wait until the destructor has run. |
| 427 base::RunLoop().RunUntilIdle(); | 419 base::RunLoop().RunUntilIdle(); |
| 428 | 420 |
| 429 // Verify the database version is updated. | 421 // Verify the database version is updated. |
| 430 { | 422 { |
| 431 sql::Connection db; | 423 sql::Connection db; |
| 432 ASSERT_TRUE(db.Open(v3_db_path)); | 424 ASSERT_TRUE(db.Open(v3_db_path)); |
| 433 sql::Statement smt(db.GetUniqueStatement( | 425 sql::Statement smt(db.GetUniqueStatement( |
| 434 "SELECT value FROM meta WHERE key = \"version\"")); | 426 "SELECT value FROM meta WHERE key = \"version\"")); |
| 435 ASSERT_TRUE(smt.Step()); | 427 ASSERT_TRUE(smt.Step()); |
| 436 EXPECT_EQ(4, smt.ColumnInt(0)); | 428 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 437 EXPECT_FALSE(smt.Step()); | 429 EXPECT_FALSE(smt.Step()); |
| 438 } | 430 } |
| 439 } | 431 } |
| 440 } | 432 } |
| 441 | 433 |
| 442 TEST_F(SQLiteChannelIDStoreTest, TestRSADiscarded) { | 434 TEST_F(SQLiteChannelIDStoreTest, TestUpgradeV4) { |
| 443 // Reset the store. We'll be using a different database for this test. | 435 // Reset the store. We'll be using a different database for this test. |
| 444 store_ = NULL; | 436 store_ = NULL; |
| 445 | 437 |
| 446 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4dbrsa")); | 438 base::FilePath v4_db_path(temp_dir_.path().AppendASCII("v4db")); |
| 447 | 439 |
| 448 std::string key_data; | 440 std::string key_data; |
| 449 std::string cert_data; | 441 std::string cert_data; |
| 450 ReadTestKeyAndCert(&key_data, &cert_data); | 442 ReadTestKeyAndCert(&key_data, &cert_data); |
| 451 | 443 |
| 452 // Create a version 4 database with a mix of RSA and ECDSA certs. | 444 // Create a version 4 database. |
| 453 { | 445 { |
| 454 sql::Connection db; | 446 sql::Connection db; |
| 455 ASSERT_TRUE(db.Open(v4_db_path)); | 447 ASSERT_TRUE(db.Open(v4_db_path)); |
| 456 ASSERT_TRUE(db.Execute( | 448 ASSERT_TRUE(db.Execute( |
| 457 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," | 449 "CREATE TABLE meta(key LONGVARCHAR NOT NULL UNIQUE PRIMARY KEY," |
| 458 "value LONGVARCHAR);" | 450 "value LONGVARCHAR);" |
| 459 "INSERT INTO \"meta\" VALUES('version','4');" | 451 "INSERT INTO \"meta\" VALUES('version','4');" |
| 460 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" | 452 "INSERT INTO \"meta\" VALUES('last_compatible_version','1');" |
| 461 "CREATE TABLE origin_bound_certs (" | 453 "CREATE TABLE origin_bound_certs (" |
| 462 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," | 454 "origin TEXT NOT NULL UNIQUE PRIMARY KEY," |
| 463 "private_key BLOB NOT NULL," | 455 "private_key BLOB NOT NULL," |
| 464 "cert BLOB NOT NULL," | 456 "cert BLOB NOT NULL," |
| 465 "cert_type INTEGER," | 457 "cert_type INTEGER," |
| 466 "expiration_time INTEGER," | 458 "expiration_time INTEGER," |
| 467 "creation_time INTEGER);")); | 459 "creation_time INTEGER);")); |
| 468 | 460 |
| 469 sql::Statement add_smt(db.GetUniqueStatement( | 461 sql::Statement add_smt(db.GetUniqueStatement( |
| 470 "INSERT INTO origin_bound_certs " | 462 "INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, " |
| 471 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 463 "expiration_time, creation_time) VALUES (?,?,?,?,?,?)")); |
| 472 " VALUES (?,?,?,?,?,?)")); | |
| 473 add_smt.BindString(0, "google.com"); | 464 add_smt.BindString(0, "google.com"); |
| 474 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 465 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 475 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 466 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 476 add_smt.BindInt64(3, 64); | 467 add_smt.BindInt64(3, 64); |
| 477 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 468 add_smt.BindInt64(4, 1000); |
| 478 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 469 add_smt.BindInt64(5, GetTestCertCreationTime().ToInternalValue()); |
| 479 ASSERT_TRUE(add_smt.Run()); | 470 ASSERT_TRUE(add_smt.Run()); |
| 480 | 471 |
| 472 // Add an RSA cert to the db. This cert should be ignored in the migration. |
| 481 add_smt.Clear(); | 473 add_smt.Clear(); |
| 482 add_smt.Assign(db.GetUniqueStatement( | 474 add_smt.Assign(db.GetUniqueStatement( |
| 483 "INSERT INTO origin_bound_certs " | 475 "INSERT INTO origin_bound_certs " |
| 484 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" | 476 "(origin, private_key, cert, cert_type, expiration_time, creation_time)" |
| 485 " VALUES (?,?,?,?,?,?)")); | 477 " VALUES (?,?,?,?,?,?)")); |
| 486 add_smt.BindString(0, "foo.com"); | 478 add_smt.BindString(0, "foo.com"); |
| 487 add_smt.BindBlob(1, key_data.data(), key_data.size()); | 479 add_smt.BindBlob(1, key_data.data(), key_data.size()); |
| 488 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); | 480 add_smt.BindBlob(2, cert_data.data(), cert_data.size()); |
| 489 add_smt.BindInt64(3, 1); | 481 add_smt.BindInt64(3, 1); |
| 490 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); | 482 add_smt.BindInt64(4, GetTestCertExpirationTime().ToInternalValue()); |
| 491 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); | 483 add_smt.BindInt64(5, base::Time::Now().ToInternalValue()); |
| 492 ASSERT_TRUE(add_smt.Run()); | 484 ASSERT_TRUE(add_smt.Run()); |
| 485 |
| 486 // Malformed certs will be ignored and not migrated. |
| 487 ASSERT_TRUE(db.Execute( |
| 488 "INSERT INTO \"origin_bound_certs\" VALUES(" |
| 489 "'bar.com',X'AA',X'BB',64,2000,3000);")); |
| 493 } | 490 } |
| 494 | 491 |
| 495 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; | 492 // Load and test the DB contents twice. First time ensures that we can use |
| 496 store_ = | 493 // the updated values immediately. Second time ensures that the updated |
| 497 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); | 494 // values are saved and read correctly on next load. |
| 495 for (int i = 0; i < 2; ++i) { |
| 496 SCOPED_TRACE(i); |
| 498 | 497 |
| 499 // Load the database and ensure the certs can be read. | 498 ScopedVector<DefaultChannelIDStore::ChannelID> channel_ids; |
| 500 Load(&channel_ids); | 499 store_ = |
| 501 // Only the ECDSA cert (for google.com) is read, the RSA one is discarded. | 500 new SQLiteChannelIDStore(v4_db_path, base::MessageLoopProxy::current()); |
| 502 ASSERT_EQ(1U, channel_ids.size()); | |
| 503 | 501 |
| 504 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); | 502 // Load the database and ensure the certs can be read. |
| 505 ASSERT_EQ(GetTestCertExpirationTime(), channel_ids[0]->expiration_time()); | 503 Load(&channel_ids); |
| 506 ASSERT_EQ(key_data, channel_ids[0]->private_key()); | 504 ASSERT_EQ(1U, channel_ids.size()); |
| 507 ASSERT_EQ(cert_data, channel_ids[0]->cert()); | |
| 508 | 505 |
| 509 store_ = NULL; | 506 ASSERT_EQ("google.com", channel_ids[0]->server_identifier()); |
| 510 // Make sure we wait until the destructor has run. | 507 ASSERT_EQ(GetTestCertCreationTime(), channel_ids[0]->creation_time()); |
| 511 base::RunLoop().RunUntilIdle(); | 508 ASSERT_EQ(key_data, channel_ids[0]->private_key()); |
| 509 |
| 510 base::StringPiece spki_from_cert; |
| 511 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(cert_data, &spki_from_cert)); |
| 512 std::string spki_string(spki_from_cert.data(), spki_from_cert.size()); |
| 513 EXPECT_EQ(spki_string, channel_ids[0]->public_key()); |
| 514 |
| 515 store_ = NULL; |
| 516 // Make sure we wait until the destructor has run. |
| 517 base::RunLoop().RunUntilIdle(); |
| 518 |
| 519 // Verify the database version is updated. |
| 520 { |
| 521 sql::Connection db; |
| 522 ASSERT_TRUE(db.Open(v4_db_path)); |
| 523 sql::Statement smt(db.GetUniqueStatement( |
| 524 "SELECT value FROM meta WHERE key = \"version\"")); |
| 525 ASSERT_TRUE(smt.Step()); |
| 526 EXPECT_EQ(5, smt.ColumnInt(0)); |
| 527 EXPECT_FALSE(smt.Step()); |
| 528 } |
| 529 } |
| 512 } | 530 } |
| 513 | 531 |
| 514 } // namespace net | 532 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master