| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/server_bound_cert_service.h" | 5 #include "net/base/server_bound_cert_service.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 75 ServerBoundCertService::RequestHandle request_handle; | 75 ServerBoundCertService::RequestHandle request_handle; |
| 76 | 76 |
| 77 // Asynchronous completion. | 77 // Asynchronous completion. |
| 78 SSLClientCertType type1; | 78 SSLClientCertType type1; |
| 79 std::string private_key_info1, der_cert1; | 79 std::string private_key_info1, der_cert1; |
| 80 EXPECT_EQ(0, service_->cert_count()); | 80 EXPECT_EQ(0, service_->cert_count()); |
| 81 error = service_->GetDomainBoundCert( | 81 error = service_->GetDomainBoundCert( |
| 82 origin, types, &type1, &private_key_info1, &der_cert1, | 82 origin, types, &type1, &private_key_info1, &der_cert1, |
| 83 callback.callback(), &request_handle); | 83 callback.callback(), &request_handle); |
| 84 EXPECT_EQ(ERR_IO_PENDING, error); | 84 EXPECT_EQ(ERR_IO_PENDING, error); |
| 85 EXPECT_TRUE(request_handle != NULL); | 85 EXPECT_TRUE(request_handle.is_active()); |
| 86 error = callback.WaitForResult(); | 86 error = callback.WaitForResult(); |
| 87 EXPECT_EQ(OK, error); | 87 EXPECT_EQ(OK, error); |
| 88 EXPECT_EQ(1, service_->cert_count()); | 88 EXPECT_EQ(1, service_->cert_count()); |
| 89 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); | 89 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); |
| 90 EXPECT_FALSE(private_key_info1.empty()); | 90 EXPECT_FALSE(private_key_info1.empty()); |
| 91 EXPECT_FALSE(der_cert1.empty()); | 91 EXPECT_FALSE(der_cert1.empty()); |
| 92 EXPECT_FALSE(request_handle.is_active()); |
| 92 | 93 |
| 93 // Synchronous completion. | 94 // Synchronous completion. |
| 94 SSLClientCertType type2; | 95 SSLClientCertType type2; |
| 95 std::string private_key_info2, der_cert2; | 96 std::string private_key_info2, der_cert2; |
| 96 error = service_->GetDomainBoundCert( | 97 error = service_->GetDomainBoundCert( |
| 97 origin, types, &type2, &private_key_info2, &der_cert2, | 98 origin, types, &type2, &private_key_info2, &der_cert2, |
| 98 callback.callback(), &request_handle); | 99 callback.callback(), &request_handle); |
| 99 EXPECT_TRUE(request_handle == NULL); | 100 EXPECT_FALSE(request_handle.is_active()); |
| 100 EXPECT_EQ(OK, error); | 101 EXPECT_EQ(OK, error); |
| 101 EXPECT_EQ(1, service_->cert_count()); | 102 EXPECT_EQ(1, service_->cert_count()); |
| 102 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); | 103 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); |
| 103 EXPECT_EQ(private_key_info1, private_key_info2); | 104 EXPECT_EQ(private_key_info1, private_key_info2); |
| 104 EXPECT_EQ(der_cert1, der_cert2); | 105 EXPECT_EQ(der_cert1, der_cert2); |
| 105 | 106 |
| 106 EXPECT_EQ(2u, service_->requests()); | 107 EXPECT_EQ(2u, service_->requests()); |
| 107 EXPECT_EQ(1u, service_->cert_store_hits()); | 108 EXPECT_EQ(1u, service_->cert_store_hits()); |
| 108 EXPECT_EQ(0u, service_->inflight_joins()); | 109 EXPECT_EQ(0u, service_->inflight_joins()); |
| 109 } | 110 } |
| 110 | 111 |
| 111 TEST_F(ServerBoundCertServiceTest, UnsupportedTypes) { | 112 TEST_F(ServerBoundCertServiceTest, UnsupportedTypes) { |
| 112 std::string origin("https://encrypted.google.com:443"); | 113 std::string origin("https://encrypted.google.com:443"); |
| 113 | 114 |
| 114 int error; | 115 int error; |
| 115 std::vector<uint8> types; | 116 std::vector<uint8> types; |
| 116 TestCompletionCallback callback; | 117 TestCompletionCallback callback; |
| 117 ServerBoundCertService::RequestHandle request_handle; | 118 ServerBoundCertService::RequestHandle request_handle; |
| 118 | 119 |
| 119 // Empty requested_types. | 120 // Empty requested_types. |
| 120 SSLClientCertType type1; | 121 SSLClientCertType type1; |
| 121 std::string private_key_info1, der_cert1; | 122 std::string private_key_info1, der_cert1; |
| 122 error = service_->GetDomainBoundCert( | 123 error = service_->GetDomainBoundCert( |
| 123 origin, types, &type1, &private_key_info1, &der_cert1, | 124 origin, types, &type1, &private_key_info1, &der_cert1, |
| 124 callback.callback(), &request_handle); | 125 callback.callback(), &request_handle); |
| 125 EXPECT_EQ(ERR_INVALID_ARGUMENT, error); | 126 EXPECT_EQ(ERR_INVALID_ARGUMENT, error); |
| 126 EXPECT_TRUE(request_handle == NULL); | 127 EXPECT_FALSE(request_handle.is_active()); |
| 127 | 128 |
| 128 // No supported types in requested_types. | 129 // No supported types in requested_types. |
| 129 types.push_back(CLIENT_CERT_RSA_SIGN); | 130 types.push_back(CLIENT_CERT_RSA_SIGN); |
| 130 types.push_back(2); | 131 types.push_back(2); |
| 131 types.push_back(3); | 132 types.push_back(3); |
| 132 error = service_->GetDomainBoundCert( | 133 error = service_->GetDomainBoundCert( |
| 133 origin, types, &type1, &private_key_info1, &der_cert1, | 134 origin, types, &type1, &private_key_info1, &der_cert1, |
| 134 callback.callback(), &request_handle); | 135 callback.callback(), &request_handle); |
| 135 EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error); | 136 EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error); |
| 136 EXPECT_TRUE(request_handle == NULL); | 137 EXPECT_FALSE(request_handle.is_active()); |
| 137 | 138 |
| 138 // Supported types after unsupported ones in requested_types. | 139 // Supported types after unsupported ones in requested_types. |
| 139 types.push_back(CLIENT_CERT_ECDSA_SIGN); | 140 types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 140 // Asynchronous completion. | 141 // Asynchronous completion. |
| 141 EXPECT_EQ(0, service_->cert_count()); | 142 EXPECT_EQ(0, service_->cert_count()); |
| 142 error = service_->GetDomainBoundCert( | 143 error = service_->GetDomainBoundCert( |
| 143 origin, types, &type1, &private_key_info1, &der_cert1, | 144 origin, types, &type1, &private_key_info1, &der_cert1, |
| 144 callback.callback(), &request_handle); | 145 callback.callback(), &request_handle); |
| 145 EXPECT_EQ(ERR_IO_PENDING, error); | 146 EXPECT_EQ(ERR_IO_PENDING, error); |
| 146 EXPECT_TRUE(request_handle != NULL); | 147 EXPECT_TRUE(request_handle.is_active()); |
| 147 error = callback.WaitForResult(); | 148 error = callback.WaitForResult(); |
| 148 EXPECT_EQ(OK, error); | 149 EXPECT_EQ(OK, error); |
| 149 EXPECT_EQ(1, service_->cert_count()); | 150 EXPECT_EQ(1, service_->cert_count()); |
| 150 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); | 151 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); |
| 151 EXPECT_FALSE(private_key_info1.empty()); | 152 EXPECT_FALSE(private_key_info1.empty()); |
| 152 EXPECT_FALSE(der_cert1.empty()); | 153 EXPECT_FALSE(der_cert1.empty()); |
| 153 | 154 |
| 154 // Now that the cert is created, doing requests for unsupported types | 155 // Now that the cert is created, doing requests for unsupported types |
| 155 // shouldn't affect the created cert. | 156 // shouldn't affect the created cert. |
| 156 // Empty requested_types. | 157 // Empty requested_types. |
| 157 types.clear(); | 158 types.clear(); |
| 158 SSLClientCertType type2; | 159 SSLClientCertType type2; |
| 159 std::string private_key_info2, der_cert2; | 160 std::string private_key_info2, der_cert2; |
| 160 error = service_->GetDomainBoundCert( | 161 error = service_->GetDomainBoundCert( |
| 161 origin, types, &type2, &private_key_info2, &der_cert2, | 162 origin, types, &type2, &private_key_info2, &der_cert2, |
| 162 callback.callback(), &request_handle); | 163 callback.callback(), &request_handle); |
| 163 EXPECT_EQ(ERR_INVALID_ARGUMENT, error); | 164 EXPECT_EQ(ERR_INVALID_ARGUMENT, error); |
| 164 EXPECT_TRUE(request_handle == NULL); | 165 EXPECT_FALSE(request_handle.is_active()); |
| 165 | 166 |
| 166 // No supported types in requested_types. | 167 // No supported types in requested_types. |
| 167 types.push_back(CLIENT_CERT_RSA_SIGN); | 168 types.push_back(CLIENT_CERT_RSA_SIGN); |
| 168 types.push_back(2); | 169 types.push_back(2); |
| 169 types.push_back(3); | 170 types.push_back(3); |
| 170 error = service_->GetDomainBoundCert( | 171 error = service_->GetDomainBoundCert( |
| 171 origin, types, &type2, &private_key_info2, &der_cert2, | 172 origin, types, &type2, &private_key_info2, &der_cert2, |
| 172 callback.callback(), &request_handle); | 173 callback.callback(), &request_handle); |
| 173 EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error); | 174 EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error); |
| 174 EXPECT_TRUE(request_handle == NULL); | 175 EXPECT_FALSE(request_handle.is_active()); |
| 175 | 176 |
| 176 // If we request EC, the cert we created before should still be there. | 177 // If we request EC, the cert we created before should still be there. |
| 177 types.push_back(CLIENT_CERT_ECDSA_SIGN); | 178 types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 178 error = service_->GetDomainBoundCert( | 179 error = service_->GetDomainBoundCert( |
| 179 origin, types, &type2, &private_key_info2, &der_cert2, | 180 origin, types, &type2, &private_key_info2, &der_cert2, |
| 180 callback.callback(), &request_handle); | 181 callback.callback(), &request_handle); |
| 181 EXPECT_TRUE(request_handle == NULL); | 182 EXPECT_FALSE(request_handle.is_active()); |
| 182 EXPECT_EQ(OK, error); | 183 EXPECT_EQ(OK, error); |
| 183 EXPECT_EQ(1, service_->cert_count()); | 184 EXPECT_EQ(1, service_->cert_count()); |
| 184 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); | 185 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); |
| 185 EXPECT_EQ(private_key_info1, private_key_info2); | 186 EXPECT_EQ(private_key_info1, private_key_info2); |
| 186 EXPECT_EQ(der_cert1, der_cert2); | 187 EXPECT_EQ(der_cert1, der_cert2); |
| 187 } | 188 } |
| 188 | 189 |
| 189 TEST_F(ServerBoundCertServiceTest, StoreCerts) { | 190 TEST_F(ServerBoundCertServiceTest, StoreCerts) { |
| 190 int error; | 191 int error; |
| 191 std::vector<uint8> types; | 192 std::vector<uint8> types; |
| 192 types.push_back(CLIENT_CERT_ECDSA_SIGN); | 193 types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 193 TestCompletionCallback callback; | 194 TestCompletionCallback callback; |
| 194 ServerBoundCertService::RequestHandle request_handle; | 195 ServerBoundCertService::RequestHandle request_handle; |
| 195 | 196 |
| 196 std::string origin1("https://encrypted.google.com:443"); | 197 std::string origin1("https://encrypted.google.com:443"); |
| 197 SSLClientCertType type1; | 198 SSLClientCertType type1; |
| 198 std::string private_key_info1, der_cert1; | 199 std::string private_key_info1, der_cert1; |
| 199 EXPECT_EQ(0, service_->cert_count()); | 200 EXPECT_EQ(0, service_->cert_count()); |
| 200 error = service_->GetDomainBoundCert( | 201 error = service_->GetDomainBoundCert( |
| 201 origin1, types, &type1, &private_key_info1, &der_cert1, | 202 origin1, types, &type1, &private_key_info1, &der_cert1, |
| 202 callback.callback(), &request_handle); | 203 callback.callback(), &request_handle); |
| 203 EXPECT_EQ(ERR_IO_PENDING, error); | 204 EXPECT_EQ(ERR_IO_PENDING, error); |
| 204 EXPECT_TRUE(request_handle != NULL); | 205 EXPECT_TRUE(request_handle.is_active()); |
| 205 error = callback.WaitForResult(); | 206 error = callback.WaitForResult(); |
| 206 EXPECT_EQ(OK, error); | 207 EXPECT_EQ(OK, error); |
| 207 EXPECT_EQ(1, service_->cert_count()); | 208 EXPECT_EQ(1, service_->cert_count()); |
| 208 | 209 |
| 209 std::string origin2("https://www.verisign.com:443"); | 210 std::string origin2("https://www.verisign.com:443"); |
| 210 SSLClientCertType type2; | 211 SSLClientCertType type2; |
| 211 std::string private_key_info2, der_cert2; | 212 std::string private_key_info2, der_cert2; |
| 212 error = service_->GetDomainBoundCert( | 213 error = service_->GetDomainBoundCert( |
| 213 origin2, types, &type2, &private_key_info2, &der_cert2, | 214 origin2, types, &type2, &private_key_info2, &der_cert2, |
| 214 callback.callback(), &request_handle); | 215 callback.callback(), &request_handle); |
| 215 EXPECT_EQ(ERR_IO_PENDING, error); | 216 EXPECT_EQ(ERR_IO_PENDING, error); |
| 216 EXPECT_TRUE(request_handle != NULL); | 217 EXPECT_TRUE(request_handle.is_active()); |
| 217 error = callback.WaitForResult(); | 218 error = callback.WaitForResult(); |
| 218 EXPECT_EQ(OK, error); | 219 EXPECT_EQ(OK, error); |
| 219 EXPECT_EQ(2, service_->cert_count()); | 220 EXPECT_EQ(2, service_->cert_count()); |
| 220 | 221 |
| 221 std::string origin3("https://www.twitter.com:443"); | 222 std::string origin3("https://www.twitter.com:443"); |
| 222 SSLClientCertType type3; | 223 SSLClientCertType type3; |
| 223 std::string private_key_info3, der_cert3; | 224 std::string private_key_info3, der_cert3; |
| 224 error = service_->GetDomainBoundCert( | 225 error = service_->GetDomainBoundCert( |
| 225 origin3, types, &type3, &private_key_info3, &der_cert3, | 226 origin3, types, &type3, &private_key_info3, &der_cert3, |
| 226 callback.callback(), &request_handle); | 227 callback.callback(), &request_handle); |
| 227 EXPECT_EQ(ERR_IO_PENDING, error); | 228 EXPECT_EQ(ERR_IO_PENDING, error); |
| 228 EXPECT_TRUE(request_handle != NULL); | 229 EXPECT_TRUE(request_handle.is_active()); |
| 229 error = callback.WaitForResult(); | 230 error = callback.WaitForResult(); |
| 230 EXPECT_EQ(OK, error); | 231 EXPECT_EQ(OK, error); |
| 231 EXPECT_EQ(3, service_->cert_count()); | 232 EXPECT_EQ(3, service_->cert_count()); |
| 232 | 233 |
| 233 EXPECT_NE(private_key_info1, private_key_info2); | 234 EXPECT_NE(private_key_info1, private_key_info2); |
| 234 EXPECT_NE(der_cert1, der_cert2); | 235 EXPECT_NE(der_cert1, der_cert2); |
| 235 EXPECT_NE(private_key_info1, private_key_info3); | 236 EXPECT_NE(private_key_info1, private_key_info3); |
| 236 EXPECT_NE(der_cert1, der_cert3); | 237 EXPECT_NE(der_cert1, der_cert3); |
| 237 EXPECT_NE(private_key_info2, private_key_info3); | 238 EXPECT_NE(private_key_info2, private_key_info3); |
| 238 EXPECT_NE(der_cert2, der_cert3); | 239 EXPECT_NE(der_cert2, der_cert3); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 255 | 256 |
| 256 SSLClientCertType type2; | 257 SSLClientCertType type2; |
| 257 std::string private_key_info2, der_cert2; | 258 std::string private_key_info2, der_cert2; |
| 258 TestCompletionCallback callback2; | 259 TestCompletionCallback callback2; |
| 259 ServerBoundCertService::RequestHandle request_handle2; | 260 ServerBoundCertService::RequestHandle request_handle2; |
| 260 | 261 |
| 261 error = service_->GetDomainBoundCert( | 262 error = service_->GetDomainBoundCert( |
| 262 origin, types, &type1, &private_key_info1, &der_cert1, | 263 origin, types, &type1, &private_key_info1, &der_cert1, |
| 263 callback1.callback(), &request_handle1); | 264 callback1.callback(), &request_handle1); |
| 264 EXPECT_EQ(ERR_IO_PENDING, error); | 265 EXPECT_EQ(ERR_IO_PENDING, error); |
| 265 EXPECT_TRUE(request_handle1 != NULL); | 266 EXPECT_TRUE(request_handle1.is_active()); |
| 266 // If we request RSA and EC in the 2nd request, should still join with the | 267 // If we request RSA and EC in the 2nd request, should still join with the |
| 267 // original request. | 268 // original request. |
| 268 types.insert(types.begin(), CLIENT_CERT_RSA_SIGN); | 269 types.insert(types.begin(), CLIENT_CERT_RSA_SIGN); |
| 269 error = service_->GetDomainBoundCert( | 270 error = service_->GetDomainBoundCert( |
| 270 origin, types, &type2, &private_key_info2, &der_cert2, | 271 origin, types, &type2, &private_key_info2, &der_cert2, |
| 271 callback2.callback(), &request_handle2); | 272 callback2.callback(), &request_handle2); |
| 272 EXPECT_EQ(ERR_IO_PENDING, error); | 273 EXPECT_EQ(ERR_IO_PENDING, error); |
| 273 EXPECT_TRUE(request_handle2 != NULL); | 274 EXPECT_TRUE(request_handle2.is_active()); |
| 274 | 275 |
| 275 error = callback1.WaitForResult(); | 276 error = callback1.WaitForResult(); |
| 276 EXPECT_EQ(OK, error); | 277 EXPECT_EQ(OK, error); |
| 277 error = callback2.WaitForResult(); | 278 error = callback2.WaitForResult(); |
| 278 EXPECT_EQ(OK, error); | 279 EXPECT_EQ(OK, error); |
| 279 | 280 |
| 280 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); | 281 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); |
| 281 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); | 282 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); |
| 282 EXPECT_EQ(2u, service_->requests()); | 283 EXPECT_EQ(2u, service_->requests()); |
| 283 EXPECT_EQ(0u, service_->cert_store_hits()); | 284 EXPECT_EQ(0u, service_->cert_store_hits()); |
| 284 EXPECT_EQ(1u, service_->inflight_joins()); | 285 EXPECT_EQ(1u, service_->inflight_joins()); |
| 285 } | 286 } |
| 286 | 287 |
| 287 TEST_F(ServerBoundCertServiceTest, ExtractValuesFromBytesEC) { | 288 TEST_F(ServerBoundCertServiceTest, ExtractValuesFromBytesEC) { |
| 288 std::string origin("https://encrypted.google.com:443"); | 289 std::string origin("https://encrypted.google.com:443"); |
| 289 SSLClientCertType type; | 290 SSLClientCertType type; |
| 290 std::string private_key_info, der_cert; | 291 std::string private_key_info, der_cert; |
| 291 int error; | 292 int error; |
| 292 std::vector<uint8> types; | 293 std::vector<uint8> types; |
| 293 types.push_back(CLIENT_CERT_ECDSA_SIGN); | 294 types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 294 TestCompletionCallback callback; | 295 TestCompletionCallback callback; |
| 295 ServerBoundCertService::RequestHandle request_handle; | 296 ServerBoundCertService::RequestHandle request_handle; |
| 296 | 297 |
| 297 error = service_->GetDomainBoundCert( | 298 error = service_->GetDomainBoundCert( |
| 298 origin, types, &type, &private_key_info, &der_cert, callback.callback(), | 299 origin, types, &type, &private_key_info, &der_cert, callback.callback(), |
| 299 &request_handle); | 300 &request_handle); |
| 300 EXPECT_EQ(ERR_IO_PENDING, error); | 301 EXPECT_EQ(ERR_IO_PENDING, error); |
| 301 EXPECT_TRUE(request_handle != NULL); | 302 EXPECT_TRUE(request_handle.is_active()); |
| 302 error = callback.WaitForResult(); | 303 error = callback.WaitForResult(); |
| 303 EXPECT_EQ(OK, error); | 304 EXPECT_EQ(OK, error); |
| 304 | 305 |
| 305 base::StringPiece spki_piece; | 306 base::StringPiece spki_piece; |
| 306 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_cert, &spki_piece)); | 307 ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_cert, &spki_piece)); |
| 307 std::vector<uint8> spki( | 308 std::vector<uint8> spki( |
| 308 spki_piece.data(), | 309 spki_piece.data(), |
| 309 spki_piece.data() + spki_piece.size()); | 310 spki_piece.data() + spki_piece.size()); |
| 310 | 311 |
| 311 // Check that we can retrieve the key from the bytes. | 312 // Check that we can retrieve the key from the bytes. |
| (...skipping 20 matching lines...) Expand all Loading... |
| 332 ServerBoundCertService::RequestHandle request_handle; | 333 ServerBoundCertService::RequestHandle request_handle; |
| 333 | 334 |
| 334 error = service_->GetDomainBoundCert(origin, | 335 error = service_->GetDomainBoundCert(origin, |
| 335 types, | 336 types, |
| 336 &type, | 337 &type, |
| 337 &private_key_info, | 338 &private_key_info, |
| 338 &der_cert, | 339 &der_cert, |
| 339 base::Bind(&FailTest), | 340 base::Bind(&FailTest), |
| 340 &request_handle); | 341 &request_handle); |
| 341 EXPECT_EQ(ERR_IO_PENDING, error); | 342 EXPECT_EQ(ERR_IO_PENDING, error); |
| 342 EXPECT_TRUE(request_handle != NULL); | 343 EXPECT_TRUE(request_handle.is_active()); |
| 343 service_->CancelRequest(request_handle); | 344 request_handle.Cancel(); |
| 345 EXPECT_FALSE(request_handle.is_active()); |
| 344 | 346 |
| 345 // Wait for generation to finish. | 347 // Wait for generation to finish. |
| 346 sequenced_worker_pool_->FlushForTesting(); | 348 sequenced_worker_pool_->FlushForTesting(); |
| 349 // Wait for reply from ServerBoundCertServiceWorker to be posted back to the |
| 350 // ServerBoundCertService. |
| 351 MessageLoop::current()->RunUntilIdle(); |
| 352 |
| 353 // Even though the original request was cancelled, the service will still |
| 354 // store the result, it just doesn't call the callback. |
| 355 EXPECT_EQ(1, service_->cert_count()); |
| 356 } |
| 357 |
| 358 // Tests that destructing the RequestHandle cancels the request. |
| 359 TEST_F(ServerBoundCertServiceTest, CancelRequestByHandleDestruction) { |
| 360 std::string origin("https://encrypted.google.com:443"); |
| 361 SSLClientCertType type; |
| 362 std::string private_key_info, der_cert; |
| 363 int error; |
| 364 std::vector<uint8> types; |
| 365 types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 366 { |
| 367 ServerBoundCertService::RequestHandle request_handle; |
| 368 |
| 369 error = service_->GetDomainBoundCert(origin, |
| 370 types, |
| 371 &type, |
| 372 &private_key_info, |
| 373 &der_cert, |
| 374 base::Bind(&FailTest), |
| 375 &request_handle); |
| 376 EXPECT_EQ(ERR_IO_PENDING, error); |
| 377 EXPECT_TRUE(request_handle.is_active()); |
| 378 } |
| 379 |
| 380 // Wait for generation to finish. |
| 381 sequenced_worker_pool_->FlushForTesting(); |
| 347 // Wait for reply from ServerBoundCertServiceWorker to be posted back to the | 382 // Wait for reply from ServerBoundCertServiceWorker to be posted back to the |
| 348 // ServerBoundCertService. | 383 // ServerBoundCertService. |
| 349 MessageLoop::current()->RunUntilIdle(); | 384 MessageLoop::current()->RunUntilIdle(); |
| 350 | 385 |
| 351 // Even though the original request was cancelled, the service will still | 386 // Even though the original request was cancelled, the service will still |
| 352 // store the result, it just doesn't call the callback. | 387 // store the result, it just doesn't call the callback. |
| 353 EXPECT_EQ(1, service_->cert_count()); | 388 EXPECT_EQ(1, service_->cert_count()); |
| 354 } | 389 } |
| 355 | 390 |
| 356 TEST_F(ServerBoundCertServiceTest, DestructionWithPendingRequest) { | 391 TEST_F(ServerBoundCertServiceTest, DestructionWithPendingRequest) { |
| 357 std::string origin("https://encrypted.google.com:443"); | 392 std::string origin("https://encrypted.google.com:443"); |
| 358 SSLClientCertType type; | 393 SSLClientCertType type; |
| 359 std::string private_key_info, der_cert; | 394 std::string private_key_info, der_cert; |
| 360 int error; | 395 int error; |
| 361 std::vector<uint8> types; | 396 std::vector<uint8> types; |
| 362 types.push_back(CLIENT_CERT_ECDSA_SIGN); | 397 types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 363 ServerBoundCertService::RequestHandle request_handle; | 398 ServerBoundCertService::RequestHandle request_handle; |
| 364 | 399 |
| 365 error = service_->GetDomainBoundCert(origin, | 400 error = service_->GetDomainBoundCert(origin, |
| 366 types, | 401 types, |
| 367 &type, | 402 &type, |
| 368 &private_key_info, | 403 &private_key_info, |
| 369 &der_cert, | 404 &der_cert, |
| 370 base::Bind(&FailTest), | 405 base::Bind(&FailTest), |
| 371 &request_handle); | 406 &request_handle); |
| 372 EXPECT_EQ(ERR_IO_PENDING, error); | 407 EXPECT_EQ(ERR_IO_PENDING, error); |
| 373 EXPECT_TRUE(request_handle != NULL); | 408 EXPECT_TRUE(request_handle.is_active()); |
| 374 | 409 |
| 375 // Cancel request and destroy the ServerBoundCertService. | 410 // Cancel request and destroy the ServerBoundCertService. |
| 376 service_->CancelRequest(request_handle); | 411 request_handle.Cancel(); |
| 377 service_.reset(); | 412 service_.reset(); |
| 378 | 413 |
| 379 // Wait for generation to finish. | 414 // Wait for generation to finish. |
| 380 sequenced_worker_pool_->FlushForTesting(); | 415 sequenced_worker_pool_->FlushForTesting(); |
| 381 // ServerBoundCertServiceWorker should not post anything back to the | 416 // ServerBoundCertServiceWorker should not post anything back to the |
| 382 // non-existant ServerBoundCertService, but run the loop just to be sure it | 417 // non-existant ServerBoundCertService, but run the loop just to be sure it |
| 383 // doesn't. | 418 // doesn't. |
| 384 MessageLoop::current()->RunUntilIdle(); | 419 MessageLoop::current()->RunUntilIdle(); |
| 385 | 420 |
| 386 // If we got here without crashing or a valgrind error, it worked. | 421 // If we got here without crashing or a valgrind error, it worked. |
| 387 } | 422 } |
| 388 | 423 |
| 389 // Tests that simultaneous creation of different certs works. | 424 // Tests that simultaneous creation of different certs works. |
| 390 TEST_F(ServerBoundCertServiceTest, SimultaneousCreation) { | 425 TEST_F(ServerBoundCertServiceTest, SimultaneousCreation) { |
| 391 int error; | 426 int error; |
| 392 std::vector<uint8> types; | 427 std::vector<uint8> types; |
| 393 types.push_back(CLIENT_CERT_ECDSA_SIGN); | 428 types.push_back(CLIENT_CERT_ECDSA_SIGN); |
| 394 ServerBoundCertService::RequestHandle request_handle; | |
| 395 | 429 |
| 396 std::string origin1("https://encrypted.google.com:443"); | 430 std::string origin1("https://encrypted.google.com:443"); |
| 397 SSLClientCertType type1; | 431 SSLClientCertType type1; |
| 398 std::string private_key_info1, der_cert1; | 432 std::string private_key_info1, der_cert1; |
| 399 TestCompletionCallback callback1; | 433 TestCompletionCallback callback1; |
| 434 ServerBoundCertService::RequestHandle request_handle1; |
| 400 | 435 |
| 401 std::string origin2("https://foo.com:443"); | 436 std::string origin2("https://foo.com:443"); |
| 402 SSLClientCertType type2; | 437 SSLClientCertType type2; |
| 403 std::string private_key_info2, der_cert2; | 438 std::string private_key_info2, der_cert2; |
| 404 TestCompletionCallback callback2; | 439 TestCompletionCallback callback2; |
| 440 ServerBoundCertService::RequestHandle request_handle2; |
| 405 | 441 |
| 406 std::string origin3("https://bar.com:443"); | 442 std::string origin3("https://bar.com:443"); |
| 407 SSLClientCertType type3; | 443 SSLClientCertType type3; |
| 408 std::string private_key_info3, der_cert3; | 444 std::string private_key_info3, der_cert3; |
| 409 TestCompletionCallback callback3; | 445 TestCompletionCallback callback3; |
| 446 ServerBoundCertService::RequestHandle request_handle3; |
| 410 | 447 |
| 411 error = service_->GetDomainBoundCert(origin1, | 448 error = service_->GetDomainBoundCert(origin1, |
| 412 types, | 449 types, |
| 413 &type1, | 450 &type1, |
| 414 &private_key_info1, | 451 &private_key_info1, |
| 415 &der_cert1, | 452 &der_cert1, |
| 416 callback1.callback(), | 453 callback1.callback(), |
| 417 &request_handle); | 454 &request_handle1); |
| 418 EXPECT_EQ(ERR_IO_PENDING, error); | 455 EXPECT_EQ(ERR_IO_PENDING, error); |
| 419 EXPECT_TRUE(request_handle != NULL); | 456 EXPECT_TRUE(request_handle1.is_active()); |
| 420 | 457 |
| 421 error = service_->GetDomainBoundCert(origin2, | 458 error = service_->GetDomainBoundCert(origin2, |
| 422 types, | 459 types, |
| 423 &type2, | 460 &type2, |
| 424 &private_key_info2, | 461 &private_key_info2, |
| 425 &der_cert2, | 462 &der_cert2, |
| 426 callback2.callback(), | 463 callback2.callback(), |
| 427 &request_handle); | 464 &request_handle2); |
| 428 EXPECT_EQ(ERR_IO_PENDING, error); | 465 EXPECT_EQ(ERR_IO_PENDING, error); |
| 429 EXPECT_TRUE(request_handle != NULL); | 466 EXPECT_TRUE(request_handle2.is_active()); |
| 430 | 467 |
| 431 error = service_->GetDomainBoundCert(origin3, | 468 error = service_->GetDomainBoundCert(origin3, |
| 432 types, | 469 types, |
| 433 &type3, | 470 &type3, |
| 434 &private_key_info3, | 471 &private_key_info3, |
| 435 &der_cert3, | 472 &der_cert3, |
| 436 callback3.callback(), | 473 callback3.callback(), |
| 437 &request_handle); | 474 &request_handle3); |
| 438 EXPECT_EQ(ERR_IO_PENDING, error); | 475 EXPECT_EQ(ERR_IO_PENDING, error); |
| 439 EXPECT_TRUE(request_handle != NULL); | 476 EXPECT_TRUE(request_handle3.is_active()); |
| 440 | 477 |
| 441 error = callback1.WaitForResult(); | 478 error = callback1.WaitForResult(); |
| 442 EXPECT_EQ(OK, error); | 479 EXPECT_EQ(OK, error); |
| 443 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); | 480 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); |
| 444 EXPECT_FALSE(private_key_info1.empty()); | 481 EXPECT_FALSE(private_key_info1.empty()); |
| 445 EXPECT_FALSE(der_cert1.empty()); | 482 EXPECT_FALSE(der_cert1.empty()); |
| 446 | 483 |
| 447 error = callback2.WaitForResult(); | 484 error = callback2.WaitForResult(); |
| 448 EXPECT_EQ(OK, error); | 485 EXPECT_EQ(OK, error); |
| 449 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); | 486 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 491 TestCompletionCallback callback; | 528 TestCompletionCallback callback; |
| 492 ServerBoundCertService::RequestHandle request_handle; | 529 ServerBoundCertService::RequestHandle request_handle; |
| 493 | 530 |
| 494 // Cert still valid - synchronous completion. | 531 // Cert still valid - synchronous completion. |
| 495 SSLClientCertType type1; | 532 SSLClientCertType type1; |
| 496 std::string private_key_info1, der_cert1; | 533 std::string private_key_info1, der_cert1; |
| 497 error = service_->GetDomainBoundCert( | 534 error = service_->GetDomainBoundCert( |
| 498 "https://good", types, &type1, &private_key_info1, &der_cert1, | 535 "https://good", types, &type1, &private_key_info1, &der_cert1, |
| 499 callback.callback(), &request_handle); | 536 callback.callback(), &request_handle); |
| 500 EXPECT_EQ(OK, error); | 537 EXPECT_EQ(OK, error); |
| 501 EXPECT_TRUE(request_handle == NULL); | 538 EXPECT_FALSE(request_handle.is_active()); |
| 502 EXPECT_EQ(2, service_->cert_count()); | 539 EXPECT_EQ(2, service_->cert_count()); |
| 503 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); | 540 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1); |
| 504 EXPECT_STREQ("a", private_key_info1.c_str()); | 541 EXPECT_STREQ("a", private_key_info1.c_str()); |
| 505 EXPECT_STREQ("b", der_cert1.c_str()); | 542 EXPECT_STREQ("b", der_cert1.c_str()); |
| 506 | 543 |
| 507 // Cert expired - New cert will be generated, asynchronous completion. | 544 // Cert expired - New cert will be generated, asynchronous completion. |
| 508 SSLClientCertType type2; | 545 SSLClientCertType type2; |
| 509 std::string private_key_info2, der_cert2; | 546 std::string private_key_info2, der_cert2; |
| 510 error = service_->GetDomainBoundCert( | 547 error = service_->GetDomainBoundCert( |
| 511 "https://expired", types, &type2, &private_key_info2, &der_cert2, | 548 "https://expired", types, &type2, &private_key_info2, &der_cert2, |
| 512 callback.callback(), &request_handle); | 549 callback.callback(), &request_handle); |
| 513 EXPECT_EQ(ERR_IO_PENDING, error); | 550 EXPECT_EQ(ERR_IO_PENDING, error); |
| 514 EXPECT_TRUE(request_handle != NULL); | 551 EXPECT_TRUE(request_handle.is_active()); |
| 515 error = callback.WaitForResult(); | 552 error = callback.WaitForResult(); |
| 516 EXPECT_EQ(OK, error); | 553 EXPECT_EQ(OK, error); |
| 517 EXPECT_EQ(2, service_->cert_count()); | 554 EXPECT_EQ(2, service_->cert_count()); |
| 518 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); | 555 EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2); |
| 519 EXPECT_LT(1U, private_key_info2.size()); | 556 EXPECT_LT(1U, private_key_info2.size()); |
| 520 EXPECT_LT(1U, der_cert2.size()); | 557 EXPECT_LT(1U, der_cert2.size()); |
| 521 } | 558 } |
| 522 | 559 |
| 523 #endif // !defined(USE_OPENSSL) | 560 #endif // !defined(USE_OPENSSL) |
| 524 | 561 |
| 525 } // namespace | 562 } // namespace |
| 526 | 563 |
| 527 } // namespace net | 564 } // namespace net |
| OLD | NEW |