Chromium Code Reviews Chromium Code Reviews
Issue 1192493005:
Encrypt password values in LoginDatabase on Mac. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/password_manager/password_store_mac.h" | 5 #include "chrome/browser/password_manager/password_store_mac.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/files/scoped_temp_dir.h" | 8 #include "base/files/scoped_temp_dir.h" |
| 9 #include "base/scoped_observer.h" | 9 #include "base/scoped_observer.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| 11 #include "base/strings/string_util.h" | 11 #include "base/strings/string_util.h" |
| 12 #include "base/strings/utf_string_conversions.h" | 12 #include "base/strings/utf_string_conversions.h" |
| 13 #include "base/synchronization/waitable_event.h" | 13 #include "base/synchronization/waitable_event.h" |
| 14 #include "base/test/histogram_tester.h" | |
| 14 #include "base/thread_task_runner_handle.h" | 15 #include "base/thread_task_runner_handle.h" |
| 15 #include "chrome/browser/password_manager/password_store_mac_internal.h" | 16 #include "chrome/browser/password_manager/password_store_mac_internal.h" |
| 16 #include "chrome/common/chrome_paths.h" | 17 #include "chrome/common/chrome_paths.h" |
| 18 #include "components/os_crypt/os_crypt.h" | |
| 17 #include "components/password_manager/core/browser/login_database.h" | 19 #include "components/password_manager/core/browser/login_database.h" |
| 18 #include "components/password_manager/core/browser/password_manager_test_utils.h " | 20 #include "components/password_manager/core/browser/password_manager_test_utils.h " |
| 19 #include "components/password_manager/core/browser/password_store_consumer.h" | 21 #include "components/password_manager/core/browser/password_store_consumer.h" |
| 20 #include "content/public/test/test_browser_thread.h" | 22 #include "content/public/test/test_browser_thread.h" |
| 21 #include "crypto/mock_apple_keychain.h" | 23 #include "crypto/mock_apple_keychain.h" |
| 22 #include "testing/gmock/include/gmock/gmock.h" | 24 #include "testing/gmock/include/gmock/gmock.h" |
| 23 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 24 | 26 |
| 25 using autofill::PasswordForm; | 27 using autofill::PasswordForm; |
| 26 using base::ASCIIToUTF16; | 28 using base::ASCIIToUTF16; |
| (...skipping 1171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1198 | 1200 |
| 1199 #pragma mark - | 1201 #pragma mark - |
| 1200 | 1202 |
| 1201 class PasswordStoreMacTest : public testing::Test { | 1203 class PasswordStoreMacTest : public testing::Test { |
| 1202 public: | 1204 public: |
| 1203 PasswordStoreMacTest() : ui_thread_(BrowserThread::UI, &message_loop_) {} | 1205 PasswordStoreMacTest() : ui_thread_(BrowserThread::UI, &message_loop_) {} |
| 1204 | 1206 |
| 1205 void SetUp() override { | 1207 void SetUp() override { |
| 1206 ASSERT_TRUE(db_dir_.CreateUniqueTempDir()); | 1208 ASSERT_TRUE(db_dir_.CreateUniqueTempDir()); |
| 1207 | 1209 |
| 1210 // Ensure that LoginDatabase will use the mock keychain if it needs to | |
| 1211 // encrypt/decrypt a password. | |
| 1212 OSCrypt::UseMockKeychain(true); | |
| 1208 scoped_ptr<password_manager::LoginDatabase> login_db( | 1213 scoped_ptr<password_manager::LoginDatabase> login_db( |
| 1209 new password_manager::LoginDatabase(test_login_db_file_path())); | 1214 new password_manager::LoginDatabase(test_login_db_file_path())); |
| 1210 CreateAndInitPasswordStore(login_db.Pass()); | 1215 CreateAndInitPasswordStore(login_db.Pass()); |
| 1211 // Make sure deferred initialization is performed before some tests start | 1216 // Make sure deferred initialization is performed before some tests start |
| 1212 // accessing the |login_db| directly. | 1217 // accessing the |login_db| directly. |
| 1213 FinishAsyncProcessing(); | 1218 FinishAsyncProcessing(); |
| 1214 } | 1219 } |
| 1215 | 1220 |
| 1216 void TearDown() override { ClosePasswordStore(); } | 1221 void TearDown() override { |
| 1222 ClosePasswordStore(); | |
| 1223 // Whatever a test did, PasswordStoreMac store only empty password values in | |
|
vabr (Chromium)
2015/06/18 13:39:08
nit: stores
vasilii
2015/06/18 14:28:13
Done.
| |
| 1224 // LoginDatabase. The empty valus do not require encryption and therefore | |
| 1225 // OSCrypt shouldn't call the Keychain. The histogram doesn't cover the | |
| 1226 // internet passwords. | |
| 1227 EXPECT_FALSE(histogram_tester_.GetHistogramSamplesSinceCreation( | |
| 1228 "OSX.Keychain.Access")); | |
| 1229 } | |
| 1217 | 1230 |
| 1218 void CreateAndInitPasswordStore( | 1231 void CreateAndInitPasswordStore( |
| 1219 scoped_ptr<password_manager::LoginDatabase> login_db) { | 1232 scoped_ptr<password_manager::LoginDatabase> login_db) { |
| 1220 store_ = new TestPasswordStoreMac( | 1233 store_ = new TestPasswordStoreMac( |
| 1221 base::ThreadTaskRunnerHandle::Get(), | 1234 base::ThreadTaskRunnerHandle::Get(), |
| 1222 base::ThreadTaskRunnerHandle::Get(), | 1235 base::ThreadTaskRunnerHandle::Get(), |
| 1223 make_scoped_ptr<AppleKeychain>(new MockAppleKeychain), login_db.Pass()); | 1236 make_scoped_ptr<AppleKeychain>(new MockAppleKeychain), login_db.Pass()); |
| 1224 ASSERT_TRUE(store_->Init(syncer::SyncableService::StartSyncFlare())); | 1237 ASSERT_TRUE(store_->Init(syncer::SyncableService::StartSyncFlare())); |
| 1225 } | 1238 } |
| 1226 | 1239 |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1307 } | 1320 } |
| 1308 | 1321 |
| 1309 TestPasswordStoreMac* store() { return store_.get(); } | 1322 TestPasswordStoreMac* store() { return store_.get(); } |
| 1310 | 1323 |
| 1311 protected: | 1324 protected: |
| 1312 base::MessageLoopForUI message_loop_; | 1325 base::MessageLoopForUI message_loop_; |
| 1313 content::TestBrowserThread ui_thread_; | 1326 content::TestBrowserThread ui_thread_; |
| 1314 | 1327 |
| 1315 base::ScopedTempDir db_dir_; | 1328 base::ScopedTempDir db_dir_; |
| 1316 scoped_refptr<TestPasswordStoreMac> store_; | 1329 scoped_refptr<TestPasswordStoreMac> store_; |
| 1330 base::HistogramTester histogram_tester_; | |
| 1317 }; | 1331 }; |
| 1318 | 1332 |
| 1319 TEST_F(PasswordStoreMacTest, TestStoreUpdate) { | 1333 TEST_F(PasswordStoreMacTest, TestStoreUpdate) { |
| 1320 // Insert a password into both the database and the keychain. | 1334 // Insert a password into both the database and the keychain. |
| 1321 // This is done manually, rather than through store_->AddLogin, because the | 1335 // This is done manually, rather than through store_->AddLogin, because the |
| 1322 // Mock Keychain isn't smart enough to be able to support update generically, | 1336 // Mock Keychain isn't smart enough to be able to support update generically, |
| 1323 // so some.domain.com triggers special handling to test it that make inserting | 1337 // so some.domain.com triggers special handling to test it that make inserting |
| 1324 // fail. | 1338 // fail. |
| 1325 PasswordFormData joint_data = { | 1339 PasswordFormData joint_data = { |
| 1326 PasswordForm::SCHEME_HTML, "http://some.domain.com/", | 1340 PasswordForm::SCHEME_HTML, "http://some.domain.com/", |
| (...skipping 493 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1820 // Verify that federated credentials can be stored, retrieved and deleted. | 1834 // Verify that federated credentials can be stored, retrieved and deleted. |
| 1821 TEST_F(PasswordStoreMacTest, StoringAndRetrievingFederatedCredentials) { | 1835 TEST_F(PasswordStoreMacTest, StoringAndRetrievingFederatedCredentials) { |
| 1822 PasswordForm form; | 1836 PasswordForm form; |
| 1823 form.signon_realm = "android://7x7IDboo8u9YKraUsbmVkuf1@net.rateflix.app/"; | 1837 form.signon_realm = "android://7x7IDboo8u9YKraUsbmVkuf1@net.rateflix.app/"; |
| 1824 form.federation_url = GURL(password_manager::kTestingFederationUrlSpec); | 1838 form.federation_url = GURL(password_manager::kTestingFederationUrlSpec); |
| 1825 form.username_value = base::UTF8ToUTF16("randomusername"); | 1839 form.username_value = base::UTF8ToUTF16("randomusername"); |
| 1826 form.password_value = base::UTF8ToUTF16(""); // No password. | 1840 form.password_value = base::UTF8ToUTF16(""); // No password. |
| 1827 | 1841 |
| 1828 VerifyCredentialLifecycle(form); | 1842 VerifyCredentialLifecycle(form); |
| 1829 } | 1843 } |
| OLD | NEW |
