Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(498)

Side by Side Diff: net/ssl/client_cert_store_chromeos_unittest.cc

Issue 112533002: Add ClientCertStoreChromeOS which only returns the certs for a given user. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: . Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/ssl/client_cert_store_chromeos.h"
6
7 #include "base/bind.h"
8 #include "base/callback.h"
9 #include "base/file_util.h"
10 #include "base/run_loop.h"
11 #include "base/strings/utf_string_conversions.h"
12 #include "crypto/nss_util.h"
13 #include "crypto/nss_util_internal.h"
14 #include "net/cert/nss_cert_database.h"
15 #include "net/ssl/client_cert_store_unittest-inl.h"
16
17 namespace net {
18
19 class ClientCertStoreChromeOSTestDelegate {
20 public:
21 ClientCertStoreChromeOSTestDelegate()
22 : store_("usernamehash",
23 ClientCertStoreChromeOS::PasswordDelegateFactory()) {
24 store_.InitForTesting(
25 crypto::ScopedPK11Slot(crypto::GetPublicNSSKeySlot()),
26 crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot()));
27 }
28
29 bool SelectClientCerts(const CertificateList& input_certs,
30 const SSLCertRequestInfo& cert_request_info,
31 CertificateList* selected_certs) {
32 return store_.SelectClientCertsForTesting(
33 input_certs, cert_request_info, selected_certs);
34 }
35
36 private:
37 ClientCertStoreChromeOS store_;
38 };
39
40 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS,
41 ClientCertStoreTest,
42 ClientCertStoreChromeOSTestDelegate);
43
44 class ClientCertStoreChromeOSTest : public ::testing::Test {
45 public:
46 scoped_refptr<X509Certificate> ImportCertForUser(
47 const std::string& username_hash,
48 const std::string& filename,
49 const std::string& password) {
50 crypto::ScopedPK11Slot slot(
51 crypto::GetPublicSlotForChromeOSUser(username_hash));
52 EXPECT_TRUE(slot.get());
53 if (!slot.get())
54 return NULL;
55
56 net::CertificateList cert_list;
57
58 base::FilePath p12_path = GetTestCertsDirectory().AppendASCII(filename);
59 std::string p12_data;
60 if (!base::ReadFileToString(p12_path, &p12_data)) {
61 EXPECT_TRUE(false);
62 return NULL;
63 }
64
65 scoped_refptr<net::CryptoModule> module(
66 net::CryptoModule::CreateFromHandle(slot.get()));
67 int rv = NSSCertDatabase::GetInstance()->ImportFromPKCS12(
68 module.get(), p12_data, base::UTF8ToUTF16(password), false, &cert_list);
69
70 EXPECT_EQ(0, rv);
71 EXPECT_EQ(1U, cert_list.size());
72 if (rv || cert_list.size() != 1)
73 return NULL;
74
75 return cert_list[0];
76 }
77 };
78
79 // TODO(mattm): Do better testing of cert_authorities matching below. Update
80 // net/data/ssl/scripts/generate-client-certificates.sh so that it actually
81 // saves the .p12 files, and regenerate them.
82
83 TEST_F(ClientCertStoreChromeOSTest, WaitForNSSInit) {
84 crypto::ScopedTestNSSChromeOSUser user("scopeduser");
85 ASSERT_TRUE(user.constructed_successfully());
86 ClientCertStoreChromeOS store(
87 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());
88 scoped_refptr<X509Certificate> cert_1(
89 ImportCertForUser(user.username_hash(), "client.p12", "12345"));
90 scoped_refptr<X509Certificate> cert_2(
91 ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", ""));
92
93 std::vector<std::string> authority_1(
94 1,
95 std::string(reinterpret_cast<const char*>(kAuthority1DN),
96 sizeof(kAuthority1DN)));
97 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());
98 request_1->cert_authorities = authority_1;
99
100 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());
101
102 base::RunLoop run_loop_1;
103 base::RunLoop run_loop_all;
104 store.GetClientCerts(
105 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());
106 store.GetClientCerts(
107 *request_all, &request_all->client_certs, run_loop_all.QuitClosure());
108
109 // Callbacks won't be run until nss_util init finishes for the user.
110 user.FinishInit();
111
112 run_loop_1.Run();
113 run_loop_all.Run();
114
115 ASSERT_EQ(0u, request_1->client_certs.size());
116 ASSERT_EQ(2u, request_all->client_certs.size());
117 }
118
119 TEST_F(ClientCertStoreChromeOSTest, NSSAlreadyInitialized) {
120 crypto::ScopedTestNSSChromeOSUser user("scopeduser");
121 ASSERT_TRUE(user.constructed_successfully());
122 user.FinishInit();
123
124 ClientCertStoreChromeOS store(
125 user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());
126 scoped_refptr<X509Certificate> cert_1(
127 ImportCertForUser(user.username_hash(), "client.p12", "12345"));
128 scoped_refptr<X509Certificate> cert_2(
129 ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", ""));
130
131 std::vector<std::string> authority_1(
132 1,
133 std::string(reinterpret_cast<const char*>(kAuthority1DN),
134 sizeof(kAuthority1DN)));
135 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());
136 request_1->cert_authorities = authority_1;
137
138 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());
139
140 base::RunLoop run_loop_1;
141 base::RunLoop run_loop_all;
142 store.GetClientCerts(
143 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());
144 store.GetClientCerts(
145 *request_all, &request_all->client_certs, run_loop_all.QuitClosure());
146
147 run_loop_1.Run();
148 run_loop_all.Run();
149
150 ASSERT_EQ(0u, request_1->client_certs.size());
151 ASSERT_EQ(2u, request_all->client_certs.size());
152 }
153
154 TEST_F(ClientCertStoreChromeOSTest, TwoUsers) {
155 crypto::ScopedTestNSSChromeOSUser user1("scopeduser1");
156 ASSERT_TRUE(user1.constructed_successfully());
157 crypto::ScopedTestNSSChromeOSUser user2("scopeduser2");
158 ASSERT_TRUE(user2.constructed_successfully());
159 ClientCertStoreChromeOS store1(
160 user1.username_hash(),
161 ClientCertStoreChromeOS::PasswordDelegateFactory());
162 ClientCertStoreChromeOS store2(
163 user2.username_hash(),
164 ClientCertStoreChromeOS::PasswordDelegateFactory());
165 scoped_refptr<X509Certificate> cert_1(
166 ImportCertForUser(user1.username_hash(), "client.p12", "12345"));
167 scoped_refptr<X509Certificate> cert_2(ImportCertForUser(
168 user2.username_hash(), "websocket_client_cert.p12", ""));
169
170 scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());
171 scoped_refptr<SSLCertRequestInfo> request_2(new SSLCertRequestInfo());
172
173 base::RunLoop run_loop_1;
174 base::RunLoop run_loop_2;
175 store1.GetClientCerts(
176 *request_1, &request_1->client_certs, run_loop_1.QuitClosure());
177 store2.GetClientCerts(
178 *request_2, &request_2->client_certs, run_loop_2.QuitClosure());
179
180 // Callbacks won't be run until nss_util init finishes for the user.
181 user1.FinishInit();
182 user2.FinishInit();
183
184 run_loop_1.Run();
185 run_loop_2.Run();
186
187 ASSERT_EQ(1u, request_1->client_certs.size());
188 EXPECT_TRUE(cert_1->Equals(request_1->client_certs[0]));
189 // TODO(mattm): Request for second user will have zero results due to
190 // crbug.com/315285. Update the test once that is fixed.
191 }
192
193 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698