| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/profile_auth_data.h" | 5 #include "chrome/browser/chromeos/login/profile_auth_data.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 12 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 13 #include "base/run_loop.h" | 13 #include "base/run_loop.h" |
| 14 #include "base/strings/string16.h" | 14 #include "base/strings/string16.h" |
| 15 #include "base/strings/utf_string_conversions.h" | 15 #include "base/strings/utf_string_conversions.h" |
| 16 #include "base/time/time.h" | 16 #include "base/time/time.h" |
| 17 #include "chrome/test/base/testing_profile.h" | 17 #include "chrome/test/base/testing_profile.h" |
| 18 #include "content/public/browser/browser_context.h" | 18 #include "content/public/browser/browser_context.h" |
| 19 #include "content/public/test/test_browser_thread_bundle.h" | 19 #include "content/public/test/test_browser_thread_bundle.h" |
| 20 #include "net/cookies/canonical_cookie.h" | 20 #include "net/cookies/canonical_cookie.h" |
| 21 #include "net/cookies/cookie_constants.h" | 21 #include "net/cookies/cookie_constants.h" |
| 22 #include "net/cookies/cookie_monster.h" | 22 #include "net/cookies/cookie_monster.h" |
| 23 #include "net/cookies/cookie_store.h" | 23 #include "net/cookies/cookie_store.h" |
| 24 #include "net/http/http_auth.h" | 24 #include "net/http/http_auth.h" |
| 25 #include "net/http/http_auth_cache.h" | 25 #include "net/http/http_auth_cache.h" |
| 26 #include "net/http/http_network_session.h" | 26 #include "net/http/http_network_session.h" |
| 27 #include "net/http/http_transaction_factory.h" | 27 #include "net/http/http_transaction_factory.h" |
| 28 #include "net/ssl/channel_id_service.h" | 28 #include "net/ssl/channel_id_service.h" |
| 29 #include "net/ssl/channel_id_store.h" | 29 #include "net/ssl/channel_id_store.h" |
| 30 #include "net/test/channel_id_test_util.h" |
| 30 #include "net/url_request/url_request_context.h" | 31 #include "net/url_request/url_request_context.h" |
| 31 #include "net/url_request/url_request_context_getter.h" | 32 #include "net/url_request/url_request_context_getter.h" |
| 32 #include "testing/gtest/include/gtest/gtest.h" | 33 #include "testing/gtest/include/gtest/gtest.h" |
| 33 #include "url/gurl.h" | 34 #include "url/gurl.h" |
| 34 | 35 |
| 35 namespace chromeos { | 36 namespace chromeos { |
| 36 | 37 |
| 37 namespace { | 38 namespace { |
| 38 | 39 |
| 39 const char kProxyAuthURL[] = "http://example.com/"; | 40 const char kProxyAuthURL[] = "http://example.com/"; |
| 40 const char kProxyAuthRealm[] = "realm"; | 41 const char kProxyAuthRealm[] = "realm"; |
| 41 const char kProxyAuthChallenge[] = "challenge"; | 42 const char kProxyAuthChallenge[] = "challenge"; |
| 42 const char kProxyAuthPassword1[] = "password 1"; | 43 const char kProxyAuthPassword1[] = "password 1"; |
| 43 const char kProxyAuthPassword2[] = "password 2"; | 44 const char kProxyAuthPassword2[] = "password 2"; |
| 44 | 45 |
| 45 const char kGAIACookieURL[] = "http://google.com/"; | 46 const char kGAIACookieURL[] = "http://google.com/"; |
| 46 const char kSAMLIdPCookieURL[] = "http://example.com/"; | 47 const char kSAMLIdPCookieURL[] = "http://example.com/"; |
| 47 const char kCookieName[] = "cookie"; | 48 const char kCookieName[] = "cookie"; |
| 48 const char kCookieValue1[] = "value 1"; | 49 const char kCookieValue1[] = "value 1"; |
| 49 const char kCookieValue2[] = "value 2"; | 50 const char kCookieValue2[] = "value 2"; |
| 50 const char kGAIACookieDomain[] = "google.com"; | 51 const char kGAIACookieDomain[] = "google.com"; |
| 51 const char kSAMLIdPCookieDomain[] = "example.com"; | 52 const char kSAMLIdPCookieDomain[] = "example.com"; |
| 52 | 53 |
| 53 const char kChannelIDServerIdentifier[] = "server"; | 54 const char kChannelIDServerIdentifier[] = "server"; |
| 54 const char kChannelIDPrivateKey1[] = "private key 1"; | |
| 55 const char kChannelIDPrivateKey2[] = "private key 2"; | |
| 56 const char kChannelIDCert1[] = "cert 1"; | |
| 57 const char kChannelIDCert2[] = "cert 2"; | |
| 58 | 55 |
| 59 } // namespace | 56 } // namespace |
| 60 | 57 |
| 61 class ProfileAuthDataTest : public testing::Test { | 58 class ProfileAuthDataTest : public testing::Test { |
| 62 public: | 59 public: |
| 63 // testing::Test: | 60 // testing::Test: |
| 64 void SetUp() override; | 61 void SetUp() override; |
| 65 | 62 |
| 66 void PopulateUserBrowserContext(); | 63 void PopulateUserBrowserContext(); |
| 67 | 64 |
| 68 void Transfer( | 65 void Transfer( |
| 69 bool transfer_auth_cookies_and_channel_ids_on_first_login, | 66 bool transfer_auth_cookies_and_channel_ids_on_first_login, |
| 70 bool transfer_saml_auth_cookies_on_subsequent_login); | 67 bool transfer_saml_auth_cookies_on_subsequent_login); |
| 71 | 68 |
| 72 net::CookieList GetUserCookies(); | 69 net::CookieList GetUserCookies(); |
| 73 net::ChannelIDStore::ChannelIDList GetUserChannelIDs(); | 70 net::ChannelIDStore::ChannelIDList GetUserChannelIDs(); |
| 74 | 71 |
| 75 void VerifyTransferredUserProxyAuthEntry(); | 72 void VerifyTransferredUserProxyAuthEntry(); |
| 76 void VerifyUserCookies(const std::string& expected_gaia_cookie_value, | 73 void VerifyUserCookies(const std::string& expected_gaia_cookie_value, |
| 77 const std::string& expected_saml_idp_cookie_value); | 74 const std::string& expected_saml_idp_cookie_value); |
| 78 void VerifyUserChannelID(const std::string& expected_private_key, | 75 void VerifyUserChannelID(crypto::ECPrivateKey* expected_key); |
| 79 const std::string& expected_cert); | 76 |
| 77 protected: |
| 78 scoped_ptr<crypto::ECPrivateKey> channel_id_key1_; |
| 79 scoped_ptr<crypto::ECPrivateKey> channel_id_key2_; |
| 80 | 80 |
| 81 private: | 81 private: |
| 82 void PopulateBrowserContext(content::BrowserContext* browser_context, | 82 void PopulateBrowserContext(content::BrowserContext* browser_context, |
| 83 const std::string& proxy_auth_password, | 83 const std::string& proxy_auth_password, |
| 84 const std::string& cookie_value, | 84 const std::string& cookie_value, |
| 85 const std::string& channel_id_private_key, | 85 scoped_ptr<crypto::ECPrivateKey> channel_id_key); |
| 86 const std::string& channel_id_cert); | |
| 87 | 86 |
| 88 net::URLRequestContext* GetRequestContext( | 87 net::URLRequestContext* GetRequestContext( |
| 89 content::BrowserContext* browser_context); | 88 content::BrowserContext* browser_context); |
| 90 net::HttpAuthCache* GetProxyAuth(content::BrowserContext* browser_context); | 89 net::HttpAuthCache* GetProxyAuth(content::BrowserContext* browser_context); |
| 91 net::CookieMonster* GetCookies(content::BrowserContext* browser_context); | 90 net::CookieMonster* GetCookies(content::BrowserContext* browser_context); |
| 92 net::ChannelIDStore* GetChannelIDs(content::BrowserContext* browser_context); | 91 net::ChannelIDStore* GetChannelIDs(content::BrowserContext* browser_context); |
| 93 | 92 |
| 94 void QuitLoop(const net::CookieList& ignored); | 93 void QuitLoop(const net::CookieList& ignored); |
| 95 void StoreCookieListAndQuitLoop(const net::CookieList& cookie_list); | 94 void StoreCookieListAndQuitLoop(const net::CookieList& cookie_list); |
| 96 void StoreChannelIDListAndQuitLoop( | 95 void StoreChannelIDListAndQuitLoop( |
| 97 const net::ChannelIDStore::ChannelIDList& channel_id_list); | 96 const net::ChannelIDStore::ChannelIDList& channel_id_list); |
| 98 | 97 |
| 99 content::TestBrowserThreadBundle thread_bundle_; | 98 content::TestBrowserThreadBundle thread_bundle_; |
| 100 | 99 |
| 101 TestingProfile login_browser_context_; | 100 TestingProfile login_browser_context_; |
| 102 TestingProfile user_browser_context_; | 101 TestingProfile user_browser_context_; |
| 103 | 102 |
| 104 net::CookieList user_cookie_list_; | 103 net::CookieList user_cookie_list_; |
| 105 net::ChannelIDStore::ChannelIDList user_channel_id_list_; | 104 net::ChannelIDStore::ChannelIDList user_channel_id_list_; |
| 106 | 105 |
| 107 scoped_ptr<base::RunLoop> run_loop_; | 106 scoped_ptr<base::RunLoop> run_loop_; |
| 108 }; | 107 }; |
| 109 | 108 |
| 110 void ProfileAuthDataTest::SetUp() { | 109 void ProfileAuthDataTest::SetUp() { |
| 111 PopulateBrowserContext(&login_browser_context_, | 110 channel_id_key1_.reset(crypto::ECPrivateKey::Create()); |
| 112 kProxyAuthPassword1, | 111 channel_id_key2_.reset(crypto::ECPrivateKey::Create()); |
| 112 PopulateBrowserContext(&login_browser_context_, kProxyAuthPassword1, |
| 113 kCookieValue1, | 113 kCookieValue1, |
| 114 kChannelIDPrivateKey1, | 114 make_scoped_ptr(channel_id_key1_->Copy())); |
| 115 kChannelIDCert1); | |
| 116 } | 115 } |
| 117 | 116 |
| 118 void ProfileAuthDataTest::PopulateUserBrowserContext() { | 117 void ProfileAuthDataTest::PopulateUserBrowserContext() { |
| 119 PopulateBrowserContext(&user_browser_context_, | 118 PopulateBrowserContext(&user_browser_context_, kProxyAuthPassword2, |
| 120 kProxyAuthPassword2, | |
| 121 kCookieValue2, | 119 kCookieValue2, |
| 122 kChannelIDPrivateKey2, | 120 make_scoped_ptr(channel_id_key2_->Copy())); |
| 123 kChannelIDCert2); | |
| 124 } | 121 } |
| 125 | 122 |
| 126 void ProfileAuthDataTest::Transfer( | 123 void ProfileAuthDataTest::Transfer( |
| 127 bool transfer_auth_cookies_and_channel_ids_on_first_login, | 124 bool transfer_auth_cookies_and_channel_ids_on_first_login, |
| 128 bool transfer_saml_auth_cookies_on_subsequent_login) { | 125 bool transfer_saml_auth_cookies_on_subsequent_login) { |
| 129 base::RunLoop run_loop; | 126 base::RunLoop run_loop; |
| 130 ProfileAuthData::Transfer( | 127 ProfileAuthData::Transfer( |
| 131 login_browser_context_.GetRequestContext(), | 128 login_browser_context_.GetRequestContext(), |
| 132 user_browser_context_.GetRequestContext(), | 129 user_browser_context_.GetRequestContext(), |
| 133 transfer_auth_cookies_and_channel_ids_on_first_login, | 130 transfer_auth_cookies_and_channel_ids_on_first_login, |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 183 EXPECT_EQ(expected_saml_idp_cookie_value, cookie->Value()); | 180 EXPECT_EQ(expected_saml_idp_cookie_value, cookie->Value()); |
| 184 EXPECT_EQ(kSAMLIdPCookieDomain, cookie->Domain()); | 181 EXPECT_EQ(kSAMLIdPCookieDomain, cookie->Domain()); |
| 185 cookie = &user_cookies[1]; | 182 cookie = &user_cookies[1]; |
| 186 EXPECT_EQ(kGAIACookieURL, cookie->Source()); | 183 EXPECT_EQ(kGAIACookieURL, cookie->Source()); |
| 187 EXPECT_EQ(kCookieName, cookie->Name()); | 184 EXPECT_EQ(kCookieName, cookie->Name()); |
| 188 EXPECT_EQ(expected_gaia_cookie_value, cookie->Value()); | 185 EXPECT_EQ(expected_gaia_cookie_value, cookie->Value()); |
| 189 EXPECT_EQ(kGAIACookieDomain, cookie->Domain()); | 186 EXPECT_EQ(kGAIACookieDomain, cookie->Domain()); |
| 190 } | 187 } |
| 191 | 188 |
| 192 void ProfileAuthDataTest::VerifyUserChannelID( | 189 void ProfileAuthDataTest::VerifyUserChannelID( |
| 193 const std::string& expected_private_key, | 190 crypto::ECPrivateKey* expected_key) { |
| 194 const std::string& expected_cert) { | |
| 195 net::ChannelIDStore::ChannelIDList user_channel_ids = GetUserChannelIDs(); | 191 net::ChannelIDStore::ChannelIDList user_channel_ids = GetUserChannelIDs(); |
| 196 ASSERT_EQ(1u, user_channel_ids.size()); | 192 ASSERT_EQ(1u, user_channel_ids.size()); |
| 197 net::ChannelIDStore::ChannelID* channel_id = &user_channel_ids.front(); | 193 net::ChannelIDStore::ChannelID* channel_id = &user_channel_ids.front(); |
| 198 EXPECT_EQ(kChannelIDServerIdentifier, channel_id->server_identifier()); | 194 EXPECT_EQ(kChannelIDServerIdentifier, channel_id->server_identifier()); |
| 199 EXPECT_EQ(expected_private_key, channel_id->private_key()); | 195 EXPECT_TRUE(net::KeysEqual(expected_key, channel_id->key())); |
| 200 EXPECT_EQ(expected_cert, channel_id->cert()); | |
| 201 } | 196 } |
| 202 | 197 |
| 203 void ProfileAuthDataTest::PopulateBrowserContext( | 198 void ProfileAuthDataTest::PopulateBrowserContext( |
| 204 content::BrowserContext* browser_context, | 199 content::BrowserContext* browser_context, |
| 205 const std::string& proxy_auth_password, | 200 const std::string& proxy_auth_password, |
| 206 const std::string& cookie_value, | 201 const std::string& cookie_value, |
| 207 const std::string& channel_id_private_key, | 202 scoped_ptr<crypto::ECPrivateKey> channel_id_key) { |
| 208 const std::string& channel_id_cert) { | |
| 209 GetProxyAuth(browser_context)->Add( | 203 GetProxyAuth(browser_context)->Add( |
| 210 GURL(kProxyAuthURL), | 204 GURL(kProxyAuthURL), |
| 211 kProxyAuthRealm, | 205 kProxyAuthRealm, |
| 212 net::HttpAuth::AUTH_SCHEME_BASIC, | 206 net::HttpAuth::AUTH_SCHEME_BASIC, |
| 213 kProxyAuthChallenge, | 207 kProxyAuthChallenge, |
| 214 net::AuthCredentials(base::string16(), | 208 net::AuthCredentials(base::string16(), |
| 215 base::ASCIIToUTF16(proxy_auth_password)), | 209 base::ASCIIToUTF16(proxy_auth_password)), |
| 216 std::string()); | 210 std::string()); |
| 217 | 211 |
| 218 net::CookieMonster* cookies = GetCookies(browser_context); | 212 net::CookieMonster* cookies = GetCookies(browser_context); |
| 219 // Ensure |cookies| is fully initialized. | 213 // Ensure |cookies| is fully initialized. |
| 220 run_loop_.reset(new base::RunLoop); | 214 run_loop_.reset(new base::RunLoop); |
| 221 cookies->GetAllCookiesAsync(base::Bind(&ProfileAuthDataTest::QuitLoop, | 215 cookies->GetAllCookiesAsync(base::Bind(&ProfileAuthDataTest::QuitLoop, |
| 222 base::Unretained(this))); | 216 base::Unretained(this))); |
| 223 run_loop_->Run(); | 217 run_loop_->Run(); |
| 224 | 218 |
| 225 net::CookieList cookie_list; | 219 net::CookieList cookie_list; |
| 226 cookie_list.push_back(net::CanonicalCookie( | 220 cookie_list.push_back(net::CanonicalCookie( |
| 227 GURL(kGAIACookieURL), kCookieName, cookie_value, kGAIACookieDomain, | 221 GURL(kGAIACookieURL), kCookieName, cookie_value, kGAIACookieDomain, |
| 228 std::string(), base::Time(), base::Time(), base::Time(), true, false, | 222 std::string(), base::Time(), base::Time(), base::Time(), true, false, |
| 229 false, net::COOKIE_PRIORITY_DEFAULT)); | 223 false, net::COOKIE_PRIORITY_DEFAULT)); |
| 230 cookie_list.push_back(net::CanonicalCookie( | 224 cookie_list.push_back(net::CanonicalCookie( |
| 231 GURL(kSAMLIdPCookieURL), kCookieName, cookie_value, kSAMLIdPCookieDomain, | 225 GURL(kSAMLIdPCookieURL), kCookieName, cookie_value, kSAMLIdPCookieDomain, |
| 232 std::string(), base::Time(), base::Time(), base::Time(), true, false, | 226 std::string(), base::Time(), base::Time(), base::Time(), true, false, |
| 233 false, net::COOKIE_PRIORITY_DEFAULT)); | 227 false, net::COOKIE_PRIORITY_DEFAULT)); |
| 234 cookies->ImportCookies(cookie_list); | 228 cookies->ImportCookies(cookie_list); |
| 235 | 229 |
| 236 GetChannelIDs(browser_context)->SetChannelID(kChannelIDServerIdentifier, | 230 GetChannelIDs(browser_context) |
| 237 base::Time(), | 231 ->SetChannelID(make_scoped_ptr(new net::ChannelIDStore::ChannelID( |
| 238 base::Time(), | 232 kChannelIDServerIdentifier, base::Time(), channel_id_key.Pass()))); |
| 239 channel_id_private_key, | |
| 240 channel_id_cert); | |
| 241 } | 233 } |
| 242 | 234 |
| 243 net::URLRequestContext* ProfileAuthDataTest::GetRequestContext( | 235 net::URLRequestContext* ProfileAuthDataTest::GetRequestContext( |
| 244 content::BrowserContext* browser_context) { | 236 content::BrowserContext* browser_context) { |
| 245 return browser_context->GetRequestContext()->GetURLRequestContext(); | 237 return browser_context->GetRequestContext()->GetURLRequestContext(); |
| 246 } | 238 } |
| 247 | 239 |
| 248 net::HttpAuthCache* ProfileAuthDataTest::GetProxyAuth( | 240 net::HttpAuthCache* ProfileAuthDataTest::GetProxyAuth( |
| 249 content::BrowserContext* browser_context) { | 241 content::BrowserContext* browser_context) { |
| 250 return GetRequestContext(browser_context)->http_transaction_factory()-> | 242 return GetRequestContext(browser_context)->http_transaction_factory()-> |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 289 } | 281 } |
| 290 | 282 |
| 291 // Verifies that when the transfer of auth cookies and channel IDs on first | 283 // Verifies that when the transfer of auth cookies and channel IDs on first |
| 292 // login is requested, they do get transferred along with the proxy auth state | 284 // login is requested, they do get transferred along with the proxy auth state |
| 293 // on first login. | 285 // on first login. |
| 294 TEST_F(ProfileAuthDataTest, TransferOnFirstLoginWithNewProfile) { | 286 TEST_F(ProfileAuthDataTest, TransferOnFirstLoginWithNewProfile) { |
| 295 Transfer(true, false); | 287 Transfer(true, false); |
| 296 | 288 |
| 297 VerifyTransferredUserProxyAuthEntry(); | 289 VerifyTransferredUserProxyAuthEntry(); |
| 298 VerifyUserCookies(kCookieValue1, kCookieValue1); | 290 VerifyUserCookies(kCookieValue1, kCookieValue1); |
| 299 VerifyUserChannelID(kChannelIDPrivateKey1, kChannelIDCert1); | 291 VerifyUserChannelID(channel_id_key1_.get()); |
| 300 } | 292 } |
| 301 | 293 |
| 302 // Verifies that even if the transfer of auth cookies and channel IDs on first | 294 // Verifies that even if the transfer of auth cookies and channel IDs on first |
| 303 // login is requested, only the proxy auth state is transferred on subsequent | 295 // login is requested, only the proxy auth state is transferred on subsequent |
| 304 // login. | 296 // login. |
| 305 TEST_F(ProfileAuthDataTest, TransferOnFirstLoginWithExistingProfile) { | 297 TEST_F(ProfileAuthDataTest, TransferOnFirstLoginWithExistingProfile) { |
| 306 PopulateUserBrowserContext(); | 298 PopulateUserBrowserContext(); |
| 307 | 299 |
| 308 Transfer(true, false); | 300 Transfer(true, false); |
| 309 | 301 |
| 310 VerifyTransferredUserProxyAuthEntry(); | 302 VerifyTransferredUserProxyAuthEntry(); |
| 311 VerifyUserCookies(kCookieValue2, kCookieValue2); | 303 VerifyUserCookies(kCookieValue2, kCookieValue2); |
| 312 VerifyUserChannelID(kChannelIDPrivateKey2, kChannelIDCert2); | 304 VerifyUserChannelID(channel_id_key2_.get()); |
| 313 } | 305 } |
| 314 | 306 |
| 315 // Verifies that when the transfer of auth cookies set by a SAML IdP on | 307 // Verifies that when the transfer of auth cookies set by a SAML IdP on |
| 316 // subsequent login is requested, they do get transferred along with the proxy | 308 // subsequent login is requested, they do get transferred along with the proxy |
| 317 // auth state on subsequent login. | 309 // auth state on subsequent login. |
| 318 TEST_F(ProfileAuthDataTest, TransferOnSubsequentLogin) { | 310 TEST_F(ProfileAuthDataTest, TransferOnSubsequentLogin) { |
| 319 PopulateUserBrowserContext(); | 311 PopulateUserBrowserContext(); |
| 320 | 312 |
| 321 Transfer(false, true); | 313 Transfer(false, true); |
| 322 | 314 |
| 323 VerifyTransferredUserProxyAuthEntry(); | 315 VerifyTransferredUserProxyAuthEntry(); |
| 324 VerifyUserCookies(kCookieValue2, kCookieValue1); | 316 VerifyUserCookies(kCookieValue2, kCookieValue1); |
| 325 VerifyUserChannelID(kChannelIDPrivateKey2, kChannelIDCert2); | 317 VerifyUserChannelID(channel_id_key2_.get()); |
| 326 } | 318 } |
| 327 | 319 |
| 328 } // namespace chromeos | 320 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master