| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/ssl/client_cert_store_chromeos.h" |
| 6 |
| 7 #include "base/bind.h" |
| 8 #include "base/callback.h" |
| 9 #include "base/file_util.h" |
| 10 #include "base/run_loop.h" |
| 11 #include "base/strings/utf_string_conversions.h" |
| 12 #include "crypto/nss_util.h" |
| 13 #include "crypto/nss_util_internal.h" |
| 14 #include "net/cert/nss_cert_database.h" |
| 15 #include "net/ssl/client_cert_store_unittest-inl.h" |
| 16 |
| 17 namespace net { |
| 18 |
| 19 class ClientCertStoreChromeOSTestDelegate { |
| 20 public: |
| 21 ClientCertStoreChromeOSTestDelegate() |
| 22 : store_("usernamehash", |
| 23 ClientCertStoreChromeOS::PasswordDelegateFactory()) { |
| 24 store_.InitForTesting( |
| 25 crypto::ScopedPK11Slot(crypto::GetPublicNSSKeySlot()), |
| 26 crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot())); |
| 27 } |
| 28 |
| 29 bool SelectClientCerts(const CertificateList& input_certs, |
| 30 const SSLCertRequestInfo& cert_request_info, |
| 31 CertificateList* selected_certs) { |
| 32 return store_.SelectClientCertsForTesting( |
| 33 input_certs, cert_request_info, selected_certs); |
| 34 } |
| 35 |
| 36 private: |
| 37 ClientCertStoreChromeOS store_; |
| 38 }; |
| 39 |
| 40 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS, |
| 41 ClientCertStoreTest, |
| 42 ClientCertStoreChromeOSTestDelegate); |
| 43 |
| 44 class ClientCertStoreChromeOSTest : public ::testing::Test { |
| 45 public: |
| 46 scoped_refptr<X509Certificate> ImportCertForUser( |
| 47 const std::string& username_hash, |
| 48 const std::string& filename, |
| 49 const std::string& password) { |
| 50 crypto::ScopedPK11Slot slot( |
| 51 crypto::GetPublicSlotForChromeOSUser(username_hash)); |
| 52 EXPECT_TRUE(slot.get()); |
| 53 if (!slot.get()) |
| 54 return NULL; |
| 55 |
| 56 net::CertificateList cert_list; |
| 57 |
| 58 base::FilePath p12_path = GetTestCertsDirectory().AppendASCII(filename); |
| 59 std::string p12_data; |
| 60 if (!base::ReadFileToString(p12_path, &p12_data)) { |
| 61 EXPECT_TRUE(false); |
| 62 return NULL; |
| 63 } |
| 64 |
| 65 scoped_refptr<net::CryptoModule> module( |
| 66 net::CryptoModule::CreateFromHandle(slot.get())); |
| 67 int rv = NSSCertDatabase::GetInstance()->ImportFromPKCS12( |
| 68 module.get(), p12_data, base::UTF8ToUTF16(password), false, &cert_list); |
| 69 |
| 70 EXPECT_EQ(0, rv); |
| 71 EXPECT_EQ(1U, cert_list.size()); |
| 72 if (rv || cert_list.size() != 1) |
| 73 return NULL; |
| 74 |
| 75 return cert_list[0]; |
| 76 } |
| 77 }; |
| 78 |
| 79 // TODO(mattm): Do better testing of cert_authorities matching below. Update |
| 80 // net/data/ssl/scripts/generate-client-certificates.sh so that it actually |
| 81 // saves the .p12 files, and regenerate them. |
| 82 |
| 83 TEST_F(ClientCertStoreChromeOSTest, WaitForNSSInit) { |
| 84 crypto::ScopedTestNSSChromeOSUser user("scopeduser"); |
| 85 ASSERT_TRUE(user.constructed_successfully()); |
| 86 ClientCertStoreChromeOS store( |
| 87 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 88 scoped_refptr<X509Certificate> cert_1( |
| 89 ImportCertForUser(user.username_hash(), "client.p12", "12345")); |
| 90 scoped_refptr<X509Certificate> cert_2( |
| 91 ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", "")); |
| 92 |
| 93 std::vector<std::string> authority_1( |
| 94 1, |
| 95 std::string(reinterpret_cast<const char*>(kAuthority1DN), |
| 96 sizeof(kAuthority1DN))); |
| 97 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo()); |
| 98 request_1->cert_authorities = authority_1; |
| 99 |
| 100 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); |
| 101 |
| 102 base::RunLoop run_loop_1; |
| 103 base::RunLoop run_loop_all; |
| 104 store.GetClientCerts( |
| 105 *request_1, &request_1->client_certs, run_loop_1.QuitClosure()); |
| 106 store.GetClientCerts( |
| 107 *request_all, &request_all->client_certs, run_loop_all.QuitClosure()); |
| 108 |
| 109 // Callbacks won't be run until nss_util init finishes for the user. |
| 110 user.FinishInit(); |
| 111 |
| 112 run_loop_1.Run(); |
| 113 run_loop_all.Run(); |
| 114 |
| 115 ASSERT_EQ(0u, request_1->client_certs.size()); |
| 116 ASSERT_EQ(2u, request_all->client_certs.size()); |
| 117 } |
| 118 |
| 119 TEST_F(ClientCertStoreChromeOSTest, NSSAlreadyInitialized) { |
| 120 crypto::ScopedTestNSSChromeOSUser user("scopeduser"); |
| 121 ASSERT_TRUE(user.constructed_successfully()); |
| 122 user.FinishInit(); |
| 123 |
| 124 ClientCertStoreChromeOS store( |
| 125 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 126 scoped_refptr<X509Certificate> cert_1( |
| 127 ImportCertForUser(user.username_hash(), "client.p12", "12345")); |
| 128 scoped_refptr<X509Certificate> cert_2( |
| 129 ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", "")); |
| 130 |
| 131 std::vector<std::string> authority_1( |
| 132 1, |
| 133 std::string(reinterpret_cast<const char*>(kAuthority1DN), |
| 134 sizeof(kAuthority1DN))); |
| 135 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo()); |
| 136 request_1->cert_authorities = authority_1; |
| 137 |
| 138 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); |
| 139 |
| 140 base::RunLoop run_loop_1; |
| 141 base::RunLoop run_loop_all; |
| 142 store.GetClientCerts( |
| 143 *request_1, &request_1->client_certs, run_loop_1.QuitClosure()); |
| 144 store.GetClientCerts( |
| 145 *request_all, &request_all->client_certs, run_loop_all.QuitClosure()); |
| 146 |
| 147 run_loop_1.Run(); |
| 148 run_loop_all.Run(); |
| 149 |
| 150 ASSERT_EQ(0u, request_1->client_certs.size()); |
| 151 ASSERT_EQ(2u, request_all->client_certs.size()); |
| 152 } |
| 153 |
| 154 TEST_F(ClientCertStoreChromeOSTest, TwoUsers) { |
| 155 crypto::ScopedTestNSSChromeOSUser user1("scopeduser1"); |
| 156 ASSERT_TRUE(user1.constructed_successfully()); |
| 157 crypto::ScopedTestNSSChromeOSUser user2("scopeduser2"); |
| 158 ASSERT_TRUE(user2.constructed_successfully()); |
| 159 ClientCertStoreChromeOS store1( |
| 160 user1.username_hash(), |
| 161 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 162 ClientCertStoreChromeOS store2( |
| 163 user2.username_hash(), |
| 164 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 165 scoped_refptr<X509Certificate> cert_1( |
| 166 ImportCertForUser(user1.username_hash(), "client.p12", "12345")); |
| 167 scoped_refptr<X509Certificate> cert_2(ImportCertForUser( |
| 168 user2.username_hash(), "websocket_client_cert.p12", "")); |
| 169 |
| 170 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo()); |
| 171 scoped_refptr<SSLCertRequestInfo> request_2(new SSLCertRequestInfo()); |
| 172 |
| 173 base::RunLoop run_loop_1; |
| 174 base::RunLoop run_loop_2; |
| 175 store1.GetClientCerts( |
| 176 *request_1, &request_1->client_certs, run_loop_1.QuitClosure()); |
| 177 store2.GetClientCerts( |
| 178 *request_2, &request_2->client_certs, run_loop_2.QuitClosure()); |
| 179 |
| 180 // Callbacks won't be run until nss_util init finishes for the user. |
| 181 user1.FinishInit(); |
| 182 user2.FinishInit(); |
| 183 |
| 184 run_loop_1.Run(); |
| 185 run_loop_2.Run(); |
| 186 |
| 187 ASSERT_EQ(1u, request_1->client_certs.size()); |
| 188 EXPECT_TRUE(cert_1->Equals(request_1->client_certs[0])); |
| 189 // TODO(mattm): Request for second user will have zero results due to |
| 190 // crbug.com/315285. Update the test once that is fixed. |
| 191 } |
| 192 |
| 193 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 112533002:
Add ClientCertStoreChromeOS which only returns the certs for a given user. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src