| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 'use strict'; | 5 'use strict'; |
| 6 | 6 |
| 7 var systemTokenEnabled = (location.search.indexOf("systemTokenEnabled") != -1); | 7 var systemTokenEnabled = (location.search.indexOf("systemTokenEnabled") != -1); |
| 8 var selectedTestSuite = location.hash.slice(1); | 8 var selectedTestSuite = location.hash.slice(1); |
| 9 console.log('[SELECTED TEST SUITE] ' + selectedTestSuite + | 9 console.log('[SELECTED TEST SUITE] ' + selectedTestSuite + |
| 10 ', systemTokenEnable ' + systemTokenEnabled); | 10 ', systemTokenEnable ' + systemTokenEnabled); |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 167 algorithm.name = null; | 167 algorithm.name = null; |
| 168 algorithm.modulusLength = null; | 168 algorithm.modulusLength = null; |
| 169 algorithm.publicExponent = null; | 169 algorithm.publicExponent = null; |
| 170 assertEq(originalAlgorithm, key.algorithm); | 170 assertEq(originalAlgorithm, key.algorithm); |
| 171 } | 171 } |
| 172 | 172 |
| 173 function checkPropertyIsReadOnly(object, key) { | 173 function checkPropertyIsReadOnly(object, key) { |
| 174 var original = object[key]; | 174 var original = object[key]; |
| 175 try { | 175 try { |
| 176 object[key] = {}; | 176 object[key] = {}; |
| 177 fail('Expected the property to be read-only and an exception to be thrown'); | 177 fail('Expected the property ' + key + |
| 178 ' to be read-only and an exception to be thrown'); |
| 178 } catch (error) { | 179 } catch (error) { |
| 179 assertEq(original, object[key]); | 180 assertEq(original, object[key]); |
| 180 } | 181 } |
| 181 } | 182 } |
| 182 | 183 |
| 183 function checkPrivateKeyFormat(privateKey) { | 184 function checkPrivateKeyFormat(privateKey) { |
| 184 assertEq('private', privateKey.type); | 185 assertEq('private', privateKey.type); |
| 185 assertEq(false, privateKey.extractable); | 186 assertEq(false, privateKey.extractable); |
| 186 checkPropertyIsReadOnly(privateKey, 'algorithm'); | 187 checkPropertyIsReadOnly(privateKey, 'algorithm'); |
| 187 checkAlgorithmIsCopiedOnRead(privateKey); | 188 checkAlgorithmIsCopiedOnRead(privateKey); |
| (...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 508 function testVerifyUntrusted() { | 509 function testVerifyUntrusted() { |
| 509 var details = { | 510 var details = { |
| 510 serverCertificateChain: [data.client_1.buffer], | 511 serverCertificateChain: [data.client_1.buffer], |
| 511 hostname: "127.0.0.1" | 512 hostname: "127.0.0.1" |
| 512 }; | 513 }; |
| 513 chrome.platformKeys.verifyTLSServerCertificate( | 514 chrome.platformKeys.verifyTLSServerCertificate( |
| 514 details, callbackPass(function(result) { assertFalse(result.trusted); })); | 515 details, callbackPass(function(result) { assertFalse(result.trusted); })); |
| 515 } | 516 } |
| 516 | 517 |
| 517 var testSuites = { | 518 var testSuites = { |
| 518 // These tests assume already granted permissions for client_1 and client_2. | |
| 519 // On interactive selectClientCertificates calls, the simulated user does not | 519 // On interactive selectClientCertificates calls, the simulated user does not |
| 520 // select any cert. | 520 // select any cert. |
| 521 basicTests: function() { | 521 basicTests: function() { |
| 522 var tests = [ | 522 var tests = [ |
| 523 testStaticMethods, | 523 testStaticMethods, |
| 524 | 524 |
| 525 // Interactively select client_1 and client_2 to grant permissions for | 525 // Interactively select client_1 and client_2 to grant permissions for |
| 526 // these certificates. | 526 // these certificates. |
| 527 testInteractiveSelectClient1, | 527 testInteractiveSelectClient1, |
| 528 testInteractiveSelectClient2, | 528 testInteractiveSelectClient2, |
| (...skipping 15 matching lines...) Expand all Loading... |
| 544 testSignSha1Client1, | 544 testSignSha1Client1, |
| 545 testVerifyTrusted, | 545 testVerifyTrusted, |
| 546 testVerifyTrustedChain, | 546 testVerifyTrustedChain, |
| 547 testVerifyCommonNameInvalid, | 547 testVerifyCommonNameInvalid, |
| 548 testVerifyUntrusted, | 548 testVerifyUntrusted, |
| 549 ]; | 549 ]; |
| 550 | 550 |
| 551 chrome.test.runTests(tests); | 551 chrome.test.runTests(tests); |
| 552 }, | 552 }, |
| 553 | 553 |
| 554 // This test suite starts without any granted permissions. | |
| 555 // On interactive selectClientCertificates calls, the simulated user selects | 554 // On interactive selectClientCertificates calls, the simulated user selects |
| 556 // client_1, if matching. | 555 // client_1, if matching. |
| 557 permissionTests: function() { | 556 permissionTests: function() { |
| 558 var tests = [ | 557 var tests = [ |
| 559 // Without permissions both sign attempts fail. | 558 // Without permissions both sign attempts fail. |
| 560 testSignClient1Fails, | 559 testSignClient1Fails, |
| 561 testSignClient2Fails, | 560 testSignClient2Fails, |
| 562 | 561 |
| 563 // Without permissions, non-interactive select calls return no certs. | 562 // Without permissions, non-interactive select calls return no certs. |
| 564 testSelectAllReturnsNoCerts, | 563 testSelectAllReturnsNoCerts, |
| 565 | 564 |
| 566 testInteractiveSelectClient1, | 565 testInteractiveSelectClient1, |
| 567 // Now the permission for client_1 is granted. | 566 // Now the permission for client_1 is granted. |
| 568 | 567 |
| 569 // Verify that signing with client_1 is possible and with client_2 still | 568 // Verify that signing with client_1 is possible and with client_2 still |
| 570 // fails. | 569 // fails. |
| 571 testSignSha1Client1, | 570 testSignSha1Client1, |
| 572 testSignClient2Fails, | 571 testSignClient2Fails, |
| 573 | 572 |
| 574 // Verify that client_1 can still be selected interactively. | 573 // Verify that client_1 can still be selected interactively. |
| 575 testInteractiveSelectClient1, | 574 testInteractiveSelectClient1, |
| 576 | 575 |
| 577 // Verify that client_1 but not client_2 is selected in non-interactive | 576 // Verify that client_1 but not client_2 is selected in non-interactive |
| 578 // calls. | 577 // calls. |
| 579 testSelectAllReturnsClient1, | 578 testSelectAllReturnsClient1, |
| 580 ]; | 579 ]; |
| 581 | 580 |
| 582 chrome.test.runTests(tests); | 581 chrome.test.runTests(tests); |
| 583 } | 582 }, |
| 583 |
| 584 managedProfile: function() { |
| 585 var tests = [ |
| 586 // If the profile is managed, the user cannot grant permissions for any |
| 587 // certificates. |
| 588 testInteractiveSelectNoCerts |
| 589 ]; |
| 590 chrome.test.runTests(tests); |
| 591 }, |
| 592 |
| 593 corporateKeyWithoutPermissionTests: function() { |
| 594 var tests = [ |
| 595 // Directly trying to sign must fail |
| 596 testSignClient1Fails, |
| 597 |
| 598 // Interactively selecting must not show any cert to the user. |
| 599 testInteractiveSelectNoCerts, |
| 600 ]; |
| 601 chrome.test.runTests(tests); |
| 602 }, |
| 603 |
| 604 corporateKeyWithPermissionTests: function() { |
| 605 var tests = [ |
| 606 // The extension has non-interactive access to all corporate keys, even |
| 607 // without previous additional consent of the user. |
| 608 testSignSha1Client1, |
| 609 |
| 610 // Interactively selecting for client_1 will work as well. |
| 611 testInteractiveSelectClient1, |
| 612 ]; |
| 613 chrome.test.runTests(tests); |
| 614 }, |
| 615 |
| 616 untaggedKeyWithUnrelatedPermissionTests: function() { |
| 617 // The permission from policy must not affect usage of non-corproate keys. |
| 618 var tests = [ |
| 619 // Attempts to sign must fail. |
| 620 testSignClient1Fails, |
| 621 |
| 622 // Interactive selection must not prompt the user and not return any |
| 623 // certificate. |
| 624 testInteractiveSelectNoCerts, |
| 625 ]; |
| 626 chrome.test.runTests(tests); |
| 627 }, |
| 628 |
| 584 }; | 629 }; |
| 585 | 630 |
| 586 setUp(testSuites[selectedTestSuite]); | 631 setUp(testSuites[selectedTestSuite]); |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1150373002:
platformKeys: Add policy and corporate key tagging. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@key_perm