| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/bind.h" | 5 #include "base/bind.h" |
| 6 #include "base/file_util.h" | 6 #include "base/file_util.h" |
| 7 #include "base/files/scoped_temp_dir.h" | 7 #include "base/files/scoped_temp_dir.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/memory/scoped_vector.h" | 9 #include "base/memory/scoped_vector.h" |
| 10 #include "base/message_loop.h" | 10 #include "base/message_loop.h" |
| 11 #include "base/run_loop.h" |
| 11 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 12 #include "base/test/thread_test_helper.h" | 13 #include "base/test/thread_test_helper.h" |
| 13 #include "chrome/browser/net/clear_on_exit_policy.h" | 14 #include "chrome/browser/net/clear_on_exit_policy.h" |
| 14 #include "chrome/browser/net/sqlite_server_bound_cert_store.h" | 15 #include "chrome/browser/net/sqlite_server_bound_cert_store.h" |
| 15 #include "chrome/common/chrome_constants.h" | 16 #include "chrome/common/chrome_constants.h" |
| 16 #include "content/public/test/test_browser_thread.h" | 17 #include "content/public/test/test_browser_thread.h" |
| 17 #include "net/base/cert_test_util.h" | 18 #include "net/base/cert_test_util.h" |
| 18 #include "net/base/test_data_directory.h" | 19 #include "net/base/test_data_directory.h" |
| 19 #include "sql/statement.h" | 20 #include "sql/statement.h" |
| 20 #include "testing/gtest/include/gtest/gtest.h" | 21 #include "testing/gtest/include/gtest/gtest.h" |
| 21 #include "webkit/quota/mock_special_storage_policy.h" | 22 #include "webkit/quota/mock_special_storage_policy.h" |
| 22 | 23 |
| 23 using content::BrowserThread; | 24 using content::BrowserThread; |
| 24 | 25 |
| 25 class SQLiteServerBoundCertStoreTest : public testing::Test { | 26 class SQLiteServerBoundCertStoreTest : public testing::Test { |
| 26 public: | 27 public: |
| 27 SQLiteServerBoundCertStoreTest() | 28 SQLiteServerBoundCertStoreTest() : db_thread_(BrowserThread::DB) {} |
| 28 : db_thread_(BrowserThread::DB) { | 29 |
| 30 void Load( |
| 31 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert>* certs) { |
| 32 base::RunLoop run_loop; |
| 33 store_->Load(base::Bind(&SQLiteServerBoundCertStoreTest::OnLoaded, |
| 34 base::Unretained(this), |
| 35 &run_loop)); |
| 36 run_loop.Run(); |
| 37 certs->swap(certs_); |
| 38 certs_.clear(); |
| 39 } |
| 40 |
| 41 void OnLoaded( |
| 42 base::RunLoop* run_loop, |
| 43 scoped_ptr<ScopedVector< |
| 44 net::DefaultServerBoundCertStore::ServerBoundCert> > certs) { |
| 45 certs_.swap(*certs); |
| 46 run_loop->Quit(); |
| 29 } | 47 } |
| 30 | 48 |
| 31 protected: | 49 protected: |
| 32 static void ReadTestKeyAndCert(std::string* key, std::string* cert) { | 50 static void ReadTestKeyAndCert(std::string* key, std::string* cert) { |
| 33 FilePath key_path = net::GetTestCertsDirectory().AppendASCII( | 51 FilePath key_path = net::GetTestCertsDirectory().AppendASCII( |
| 34 "unittest.originbound.key.der"); | 52 "unittest.originbound.key.der"); |
| 35 FilePath cert_path = net::GetTestCertsDirectory().AppendASCII( | 53 FilePath cert_path = net::GetTestCertsDirectory().AppendASCII( |
| 36 "unittest.originbound.der"); | 54 "unittest.originbound.der"); |
| 37 ASSERT_TRUE(file_util::ReadFileToString(key_path, key)); | 55 ASSERT_TRUE(file_util::ReadFileToString(key_path, key)); |
| 38 ASSERT_TRUE(file_util::ReadFileToString(cert_path, cert)); | 56 ASSERT_TRUE(file_util::ReadFileToString(cert_path, cert)); |
| (...skipping 20 matching lines...) Expand all Loading... |
| 59 exploded_time.millisecond = 0; | 77 exploded_time.millisecond = 0; |
| 60 return base::Time::FromUTCExploded(exploded_time); | 78 return base::Time::FromUTCExploded(exploded_time); |
| 61 } | 79 } |
| 62 | 80 |
| 63 virtual void SetUp() { | 81 virtual void SetUp() { |
| 64 db_thread_.Start(); | 82 db_thread_.Start(); |
| 65 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); | 83 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); |
| 66 store_ = new SQLiteServerBoundCertStore( | 84 store_ = new SQLiteServerBoundCertStore( |
| 67 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); | 85 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); |
| 68 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 86 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 69 ASSERT_TRUE(store_->Load(&certs.get())); | 87 Load(&certs); |
| 70 ASSERT_EQ(0u, certs.size()); | 88 ASSERT_EQ(0u, certs.size()); |
| 71 // Make sure the store gets written at least once. | 89 // Make sure the store gets written at least once. |
| 72 store_->AddServerBoundCert( | 90 store_->AddServerBoundCert( |
| 73 net::DefaultServerBoundCertStore::ServerBoundCert( | 91 net::DefaultServerBoundCertStore::ServerBoundCert( |
| 74 "google.com", | 92 "google.com", |
| 75 net::CLIENT_CERT_RSA_SIGN, | 93 net::CLIENT_CERT_RSA_SIGN, |
| 76 base::Time::FromInternalValue(1), | 94 base::Time::FromInternalValue(1), |
| 77 base::Time::FromInternalValue(2), | 95 base::Time::FromInternalValue(2), |
| 78 "a", "b")); | 96 "a", "b")); |
| 79 } | 97 } |
| 80 | 98 |
| 99 MessageLoopForIO message_loop_; |
| 81 content::TestBrowserThread db_thread_; | 100 content::TestBrowserThread db_thread_; |
| 82 base::ScopedTempDir temp_dir_; | 101 base::ScopedTempDir temp_dir_; |
| 83 scoped_refptr<SQLiteServerBoundCertStore> store_; | 102 scoped_refptr<SQLiteServerBoundCertStore> store_; |
| 103 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs_; |
| 84 }; | 104 }; |
| 85 | 105 |
| 86 // Test if data is stored as expected in the SQLite database. | 106 // Test if data is stored as expected in the SQLite database. |
| 87 TEST_F(SQLiteServerBoundCertStoreTest, TestPersistence) { | 107 TEST_F(SQLiteServerBoundCertStoreTest, TestPersistence) { |
| 88 store_->AddServerBoundCert( | 108 store_->AddServerBoundCert( |
| 89 net::DefaultServerBoundCertStore::ServerBoundCert( | 109 net::DefaultServerBoundCertStore::ServerBoundCert( |
| 90 "foo.com", | 110 "foo.com", |
| 91 net::CLIENT_CERT_ECDSA_SIGN, | 111 net::CLIENT_CERT_ECDSA_SIGN, |
| 92 base::Time::FromInternalValue(3), | 112 base::Time::FromInternalValue(3), |
| 93 base::Time::FromInternalValue(4), | 113 base::Time::FromInternalValue(4), |
| 94 "c", "d")); | 114 "c", "d")); |
| 95 | 115 |
| 96 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 116 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 97 // Replace the store effectively destroying the current one and forcing it | 117 // Replace the store effectively destroying the current one and forcing it |
| 98 // to write its data to disk. Then we can see if after loading it again it | 118 // to write its data to disk. Then we can see if after loading it again it |
| 99 // is still there. | 119 // is still there. |
| 100 store_ = NULL; | 120 store_ = NULL; |
| 101 scoped_refptr<base::ThreadTestHelper> helper( | 121 scoped_refptr<base::ThreadTestHelper> helper( |
| 102 new base::ThreadTestHelper( | 122 new base::ThreadTestHelper( |
| 103 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); | 123 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); |
| 104 // Make sure we wait until the destructor has run. | 124 // Make sure we wait until the destructor has run. |
| 105 ASSERT_TRUE(helper->Run()); | 125 ASSERT_TRUE(helper->Run()); |
| 106 store_ = new SQLiteServerBoundCertStore( | 126 store_ = new SQLiteServerBoundCertStore( |
| 107 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); | 127 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); |
| 108 | 128 |
| 109 // Reload and test for persistence | 129 // Reload and test for persistence |
| 110 ASSERT_TRUE(store_->Load(&certs.get())); | 130 Load(&certs); |
| 111 ASSERT_EQ(2U, certs.size()); | 131 ASSERT_EQ(2U, certs.size()); |
| 112 net::DefaultServerBoundCertStore::ServerBoundCert* ec_cert; | 132 net::DefaultServerBoundCertStore::ServerBoundCert* ec_cert; |
| 113 net::DefaultServerBoundCertStore::ServerBoundCert* rsa_cert; | 133 net::DefaultServerBoundCertStore::ServerBoundCert* rsa_cert; |
| 114 if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) { | 134 if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) { |
| 115 rsa_cert = certs[0]; | 135 rsa_cert = certs[0]; |
| 116 ec_cert = certs[1]; | 136 ec_cert = certs[1]; |
| 117 } else { | 137 } else { |
| 118 rsa_cert = certs[1]; | 138 rsa_cert = certs[1]; |
| 119 ec_cert = certs[0]; | 139 ec_cert = certs[0]; |
| 120 } | 140 } |
| (...skipping 14 matching lines...) Expand all Loading... |
| 135 store_->DeleteServerBoundCert(*certs[0]); | 155 store_->DeleteServerBoundCert(*certs[0]); |
| 136 store_->DeleteServerBoundCert(*certs[1]); | 156 store_->DeleteServerBoundCert(*certs[1]); |
| 137 store_ = NULL; | 157 store_ = NULL; |
| 138 // Make sure we wait until the destructor has run. | 158 // Make sure we wait until the destructor has run. |
| 139 ASSERT_TRUE(helper->Run()); | 159 ASSERT_TRUE(helper->Run()); |
| 140 certs.clear(); | 160 certs.clear(); |
| 141 store_ = new SQLiteServerBoundCertStore( | 161 store_ = new SQLiteServerBoundCertStore( |
| 142 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); | 162 temp_dir_.path().Append(chrome::kOBCertFilename), NULL); |
| 143 | 163 |
| 144 // Reload and check if the cert has been removed. | 164 // Reload and check if the cert has been removed. |
| 145 ASSERT_TRUE(store_->Load(&certs.get())); | 165 Load(&certs); |
| 146 ASSERT_EQ(0U, certs.size()); | 166 ASSERT_EQ(0U, certs.size()); |
| 147 } | 167 } |
| 148 | 168 |
| 149 TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) { | 169 TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) { |
| 150 // Reset the store. We'll be using a different database for this test. | 170 // Reset the store. We'll be using a different database for this test. |
| 151 store_ = NULL; | 171 store_ = NULL; |
| 152 | 172 |
| 153 FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db")); | 173 FilePath v1_db_path(temp_dir_.path().AppendASCII("v1db")); |
| 154 | 174 |
| 155 std::string key_data; | 175 std::string key_data; |
| (...skipping 30 matching lines...) Expand all Loading... |
| 186 // Load and test the DB contents twice. First time ensures that we can use | 206 // Load and test the DB contents twice. First time ensures that we can use |
| 187 // the updated values immediately. Second time ensures that the updated | 207 // the updated values immediately. Second time ensures that the updated |
| 188 // values are stored and read correctly on next load. | 208 // values are stored and read correctly on next load. |
| 189 for (int i = 0; i < 2; ++i) { | 209 for (int i = 0; i < 2; ++i) { |
| 190 SCOPED_TRACE(i); | 210 SCOPED_TRACE(i); |
| 191 | 211 |
| 192 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 212 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 193 store_ = new SQLiteServerBoundCertStore(v1_db_path, NULL); | 213 store_ = new SQLiteServerBoundCertStore(v1_db_path, NULL); |
| 194 | 214 |
| 195 // Load the database and ensure the certs can be read and are marked as RSA. | 215 // Load the database and ensure the certs can be read and are marked as RSA. |
| 196 ASSERT_TRUE(store_->Load(&certs.get())); | 216 Load(&certs); |
| 197 ASSERT_EQ(2U, certs.size()); | 217 ASSERT_EQ(2U, certs.size()); |
| 198 | 218 |
| 199 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); | 219 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); |
| 200 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); | 220 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); |
| 201 ASSERT_EQ(GetTestCertExpirationTime(), | 221 ASSERT_EQ(GetTestCertExpirationTime(), |
| 202 certs[0]->expiration_time()); | 222 certs[0]->expiration_time()); |
| 203 ASSERT_EQ(key_data, certs[0]->private_key()); | 223 ASSERT_EQ(key_data, certs[0]->private_key()); |
| 204 ASSERT_EQ(cert_data, certs[0]->cert()); | 224 ASSERT_EQ(cert_data, certs[0]->cert()); |
| 205 | 225 |
| 206 ASSERT_STREQ("foo.com", certs[1]->server_identifier().c_str()); | 226 ASSERT_STREQ("foo.com", certs[1]->server_identifier().c_str()); |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 274 // Load and test the DB contents twice. First time ensures that we can use | 294 // Load and test the DB contents twice. First time ensures that we can use |
| 275 // the updated values immediately. Second time ensures that the updated | 295 // the updated values immediately. Second time ensures that the updated |
| 276 // values are saved and read correctly on next load. | 296 // values are saved and read correctly on next load. |
| 277 for (int i = 0; i < 2; ++i) { | 297 for (int i = 0; i < 2; ++i) { |
| 278 SCOPED_TRACE(i); | 298 SCOPED_TRACE(i); |
| 279 | 299 |
| 280 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 300 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 281 store_ = new SQLiteServerBoundCertStore(v2_db_path, NULL); | 301 store_ = new SQLiteServerBoundCertStore(v2_db_path, NULL); |
| 282 | 302 |
| 283 // Load the database and ensure the certs can be read and are marked as RSA. | 303 // Load the database and ensure the certs can be read and are marked as RSA. |
| 284 ASSERT_TRUE(store_->Load(&certs.get())); | 304 Load(&certs); |
| 285 ASSERT_EQ(2U, certs.size()); | 305 ASSERT_EQ(2U, certs.size()); |
| 286 | 306 |
| 287 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); | 307 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); |
| 288 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); | 308 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); |
| 289 ASSERT_EQ(GetTestCertExpirationTime(), | 309 ASSERT_EQ(GetTestCertExpirationTime(), |
| 290 certs[0]->expiration_time()); | 310 certs[0]->expiration_time()); |
| 291 ASSERT_EQ(key_data, certs[0]->private_key()); | 311 ASSERT_EQ(key_data, certs[0]->private_key()); |
| 292 ASSERT_EQ(cert_data, certs[0]->cert()); | 312 ASSERT_EQ(cert_data, certs[0]->cert()); |
| 293 | 313 |
| 294 ASSERT_STREQ("foo.com", certs[1]->server_identifier().c_str()); | 314 ASSERT_STREQ("foo.com", certs[1]->server_identifier().c_str()); |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 364 // Load and test the DB contents twice. First time ensures that we can use | 384 // Load and test the DB contents twice. First time ensures that we can use |
| 365 // the updated values immediately. Second time ensures that the updated | 385 // the updated values immediately. Second time ensures that the updated |
| 366 // values are saved and read correctly on next load. | 386 // values are saved and read correctly on next load. |
| 367 for (int i = 0; i < 2; ++i) { | 387 for (int i = 0; i < 2; ++i) { |
| 368 SCOPED_TRACE(i); | 388 SCOPED_TRACE(i); |
| 369 | 389 |
| 370 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; | 390 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; |
| 371 store_ = new SQLiteServerBoundCertStore(v3_db_path, NULL); | 391 store_ = new SQLiteServerBoundCertStore(v3_db_path, NULL); |
| 372 | 392 |
| 373 // Load the database and ensure the certs can be read and are marked as RSA. | 393 // Load the database and ensure the certs can be read and are marked as RSA. |
| 374 ASSERT_TRUE(store_->Load(&certs.get())); | 394 Load(&certs); |
| 375 ASSERT_EQ(2U, certs.size()); | 395 ASSERT_EQ(2U, certs.size()); |
| 376 | 396 |
| 377 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); | 397 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); |
| 378 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); | 398 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); |
| 379 ASSERT_EQ(1000, certs[0]->expiration_time().ToInternalValue()); | 399 ASSERT_EQ(1000, certs[0]->expiration_time().ToInternalValue()); |
| 380 ASSERT_EQ(GetTestCertCreationTime(), | 400 ASSERT_EQ(GetTestCertCreationTime(), |
| 381 certs[0]->creation_time()); | 401 certs[0]->creation_time()); |
| 382 ASSERT_EQ(key_data, certs[0]->private_key()); | 402 ASSERT_EQ(key_data, certs[0]->private_key()); |
| 383 ASSERT_EQ(cert_data, certs[0]->cert()); | 403 ASSERT_EQ(cert_data, certs[0]->cert()); |
| 384 | 404 |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 475 | 495 |
| 476 store_->Flush(base::Bind(&CallbackCounter::Callback, counter.get())); | 496 store_->Flush(base::Bind(&CallbackCounter::Callback, counter.get())); |
| 477 | 497 |
| 478 scoped_refptr<base::ThreadTestHelper> helper( | 498 scoped_refptr<base::ThreadTestHelper> helper( |
| 479 new base::ThreadTestHelper( | 499 new base::ThreadTestHelper( |
| 480 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); | 500 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); |
| 481 ASSERT_TRUE(helper->Run()); | 501 ASSERT_TRUE(helper->Run()); |
| 482 | 502 |
| 483 ASSERT_EQ(1, counter->callback_count()); | 503 ASSERT_EQ(1, counter->callback_count()); |
| 484 } | 504 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11742037:
Make ServerBoundCertStore interface async, move SQLiteServerBoundCertStore load onto DB thread. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src