Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(55)

Side by Side Diff: chrome/browser/extensions/api/certificate_provider/certificate_provider_apitest.cc

Issue 1232553003: Add new certificateProvider extension API. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebased. Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <openssl/evp.h>
6 #include <openssl/rsa.h>
7
8 #include "base/files/file_path.h"
9 #include "base/macros.h"
bartfab (slow) 2015/09/03 17:30:53 Nit: Not used.
pneubeck (no reviews) 2015/09/07 17:21:33 Done.
10 #include "base/memory/scoped_ptr.h"
11 #include "base/strings/string_number_conversions.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "chrome/browser/extensions/extension_apitest.h"
14 #include "chrome/browser/ui/tabs/tab_strip_model.h"
15 #include "chrome/test/base/ui_test_utils.h"
16 #include "chromeos/chromeos_switches.h"
bartfab (slow) 2015/09/03 17:30:53 Nit: Not used.
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
pneubeck (no reviews) 2015/09/07 17:21:33 Done.
17 #include "components/policy/core/browser/browser_policy_connector.h"
18 #include "components/policy/core/common/mock_configuration_policy_provider.h"
19 #include "components/policy/core/common/policy_map.h"
20 #include "components/policy/core/common/policy_types.h"
21 #include "content/public/browser/render_frame_host.h"
22 #include "content/public/browser/web_contents.h"
23 #include "content/public/test/test_navigation_observer.h"
24 #include "content/public/test/test_utils.h"
25 #include "crypto/rsa_private_key.h"
26 #include "crypto/scoped_openssl_types.h"
27 #include "extensions/test/result_catcher.h"
28 #include "net/base/escape.h"
bartfab (slow) 2015/09/03 17:30:53 Nit: Not used.
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
29 #include "net/base/test_data_directory.h"
bartfab (slow) 2015/09/03 17:30:53 Nit: Not used.
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
30 #include "net/cert/test_root_certs.h"
bartfab (slow) 2015/09/03 17:30:52 Nit: Not used.
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
31 #include "net/test/spawned_test_server/spawned_test_server.h"
32 #include "policy/policy_constants.h"
33 #include "testing/gmock/include/gmock/gmock.h"
34
35 using testing::Return;
36 using testing::_;
37
38 namespace {
39
40 void IgnoreResult(base::Closure callback, const base::Value* value) {
bartfab (slow) 2015/09/03 17:30:53 Nit 1: Pass |callback| by const reference. Nit 2:
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
41 callback.Run();
42 }
43
44 void StoreBool(bool* result, base::Closure callback, const base::Value* value) {
bartfab (slow) 2015/09/03 17:30:53 Nit: Pass |callback| by const reference.
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
45 value->GetAsBoolean(result);
46 callback.Run();
47 }
48
49 void StoreString(std::string* result,
bartfab (slow) 2015/09/03 17:30:52 Nit: #include <string>
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
50 base::Closure callback,
bartfab (slow) 2015/09/03 17:30:53 Nit: Pass |callback| by const reference.
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
51 const base::Value* value) {
52 value->GetAsString(result);
53 callback.Run();
54 }
55
56 void StoreDigest(base::Closure callback,
bartfab (slow) 2015/09/03 17:30:53 Nit 1: Pass |callback| by const reference. Nit 2:
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
57 std::vector<uint8>* digest,
bartfab (slow) 2015/09/03 17:30:53 Nit 1: Here and throughout the file: s/uint8/uint8
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
58 const base::Value* value) {
59 const base::BinaryValue* binary = nullptr;
60 value->GetAsBinary(&binary);
61 const uint8* const binary_begin =
bartfab (slow) 2015/09/03 17:30:53 Nit: const pointer to const.
pneubeck (no reviews) 2015/09/07 17:21:32 It is already. Isn't it?
bartfab (slow) 2015/09/08 14:55:16 Sorry :).
62 reinterpret_cast<const uint8*>(binary->GetBuffer());
63 digest->assign(binary_begin, binary_begin + binary->GetSize());
64
65 callback.Run();
66 }
67
68 // See net::SSLPrivateKey::SignDigest for the expected padding and DigestInfo
69 // prefixing.
70 bool RsaSign(const std::vector<uint8>& digest,
71 crypto::RSAPrivateKey* key,
72 std::vector<uint8>* signature) {
73 crypto::ScopedRSA rsa_key(EVP_PKEY_get1_RSA(key->key()));
74 if (!rsa_key)
75 return false;
76
77 uint8_t* prefixed_digest = nullptr;
78 size_t prefixed_digest_len = 0;
bartfab (slow) 2015/09/03 17:30:53 Nit: #include <stddef.h>
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
79 int is_alloced = 0;
80 if (!RSA_add_pkcs1_prefix(&prefixed_digest, &prefixed_digest_len, &is_alloced,
81 NID_sha1, vector_as_array(&digest),
bartfab (slow) 2015/09/03 17:30:52 Nit: #include "base/stl_util.h"
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
82 digest.size())) {
83 return false;
84 }
85 size_t len = 0;
86 signature->resize(RSA_size(rsa_key.get()));
87 const int rv = RSA_sign_raw(rsa_key.get(), &len, vector_as_array(signature),
88 signature->size(), prefixed_digest,
89 prefixed_digest_len, RSA_PKCS1_PADDING);
90 if (is_alloced)
91 free(prefixed_digest);
bartfab (slow) 2015/09/03 17:30:52 Nit: #include <stdlib.h>
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
92
93 if (rv) {
94 signature->resize(len);
95 return true;
96 } else {
97 signature->clear();
98 return false;
99 }
100 }
101
102 // Create a string that if evaluated in Javascript returns a Uint8Array with
bartfab (slow) 2015/09/03 17:30:53 Nit: s/Javascript/JavaScript/
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
103 // |bytes| as content.
104 std::string JsUint8Array(const std::vector<uint8>& bytes) {
105 std::string res = "new Uint8Array([";
106 for (size_t i = 0; i < bytes.size(); i++) {
bartfab (slow) 2015/09/03 17:30:53 Nit: Why not use an iterator?
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
107 res += base::UintToString(bytes[i]);
108 if (i < bytes.size() - 1) {
bartfab (slow) 2015/09/03 17:30:53 JavaScript actually allows trailing commas, so you
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
109 res += ", ";
110 }
111 }
112 res += "])";
113 return res;
114 }
115
116 class CertificateProviderApiTest : public ExtensionApiTest {
117 public:
118 CertificateProviderApiTest() {}
119
120 void SetUpInProcessBrowserTestFixture() override {
121 EXPECT_CALL(provider_, IsInitializationComplete(_))
122 .WillRepeatedly(Return(true));
123 policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);
124
125 ExtensionApiTest::SetUpInProcessBrowserTestFixture();
126 }
127
128 void SetUpOnMainThread() override {
129 // Setup the AutoSelectCertificateForUrls policy to avoid the client
bartfab (slow) 2015/09/03 17:30:52 Nit: s/Setup/Set up/
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
130 // certificate selection dialog.
131 const std::string autoselect_pattern =
132 "{\"pattern\": \"*\", \"filter\": {\"ISSUER\": {\"CN\": \"root\"}}}";
133
134 scoped_ptr<base::ListValue> autoselect_policy(new base::ListValue);
135 autoselect_policy->AppendString(autoselect_pattern);
136
137 policy::PolicyMap policy;
138 policy.Set(policy::key::kAutoSelectCertificateForUrls,
139 policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
140 autoselect_policy.release(), nullptr);
141 provider_.UpdateChromePolicy(policy);
142
143 content::RunAllPendingInMessageLoop();
144 }
145
146 protected:
147 policy::MockConfigurationPolicyProvider provider_;
148 };
149
150 } // namespace
151
152 IN_PROC_BROWSER_TEST_F(CertificateProviderApiTest, Basic) {
153 // Start an HTTPS test server that requests a client certificates.
bartfab (slow) 2015/09/03 17:30:52 Nit: s/certificates/certificate/
pneubeck (no reviews) 2015/09/07 17:21:33 Done.
154 net::SpawnedTestServer::SSLOptions ssl_options;
155 ssl_options.request_client_certificate = true;
156 net::SpawnedTestServer https_server(
157 net::SpawnedTestServer::TYPE_HTTPS, ssl_options,
158 base::FilePath(FILE_PATH_LITERAL("chrome/test/data")));
bartfab (slow) 2015/09/03 17:30:53 Nit: Use |PathService::Get(chrome::DIR_TEST_DATA,
159 ASSERT_TRUE(https_server.Start());
160
161 extensions::ResultCatcher catcher;
162
163 const base::FilePath extension_path =
164 test_data_dir_.AppendASCII("certificate_provider");
165 const extensions::Extension* extension = LoadExtension(extension_path);
bartfab (slow) 2015/09/03 17:30:52 Nit 1: const pointer to const. Nit 2: #include "ex
pneubeck (no reviews) 2015/09/07 17:21:33 Done.
166 ui_test_utils::NavigateToURL(browser(),
167 extension->GetResourceURL("basic.html"));
168
169 ASSERT_TRUE(catcher.GetNextResult()) << catcher.message();
170 VLOG(1) << "Extension registered. Navigate to the test https page.";
171
172 content::WebContents* const extension_contents =
173 browser()->tab_strip_model()->GetActiveWebContents();
174
175 content::TestNavigationObserver navigation_observer(
176 nullptr /* no WebContents */);
177 navigation_observer.StartWatchingNewWebContents();
178 ui_test_utils::NavigateToURLWithDisposition(
179 browser(), https_server.GetURL("client-cert"), NEW_FOREGROUND_TAB,
180 ui_test_utils::BROWSER_TEST_NONE);
181
182 content::WebContents* const https_contents =
183 browser()->tab_strip_model()->GetActiveWebContents();
184
185 VLOG(1) << "Wait for the extension to receive the sign request.";
186 ASSERT_TRUE(catcher.GetNextResult()) << catcher.message();
187
188 VLOG(1) << "Fetch the digest from the sign request.";
189 std::vector<uint8> request_digest;
190 {
191 base::RunLoop run_loop;
bartfab (slow) 2015/09/03 17:30:52 Nit: #include "base/run_loop.h"
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
192 extension_contents->GetMainFrame()->ExecuteJavaScriptForTests(
193 base::ASCIIToUTF16(
194 "(function() {return signDigestRequest.digest;})();"),
bartfab (slow) 2015/09/03 17:30:53 Nit: Does this really need to be wrapped into a fu
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
195 base::Bind(&StoreDigest, run_loop.QuitClosure(), &request_digest));
bartfab (slow) 2015/09/03 17:30:53 Nit: #include "base/bind.h"
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
196 run_loop.Run();
197 }
198
199 VLOG(1) << "Sign the digest using the private key.";
200 std::string key_pk8;
201 base::ReadFileToString(extension_path.AppendASCII("l1_leaf.pk8"), &key_pk8);
bartfab (slow) 2015/09/03 17:30:53 Nit: #include "base/files/file_util.h"
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
202
203 const uint8* const key_pk8_begin =
204 reinterpret_cast<const uint8*>(key_pk8.data());
205 scoped_ptr<crypto::RSAPrivateKey> key(
206 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(
207 std::vector<uint8>(key_pk8_begin, key_pk8_begin + key_pk8.size())));
208 ASSERT_TRUE(key);
209
210 std::vector<uint8> signature;
211 ASSERT_TRUE(RsaSign(request_digest, key.get(), &signature));
bartfab (slow) 2015/09/03 17:30:53 Nit: EXPECT_TRUE() should be sufficient here.
pneubeck (no reviews) 2015/09/07 17:21:33 Done.
212
213 VLOG(1) << "Inject the signature back to the extension and let it reply.";
214 {
215 base::RunLoop run_loop;
216 const std::string code = "(function() {replyWithSignature(" +
bartfab (slow) 2015/09/03 17:30:53 Nit: As above, does this really need to be wrapped
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
217 JsUint8Array(signature) + ");})();";
218 extension_contents->GetMainFrame()->ExecuteJavaScriptForTests(
219 base::ASCIIToUTF16(code),
220 base::Bind(&IgnoreResult, run_loop.QuitClosure()));
221 run_loop.Run();
222 }
223
224 VLOG(1) << "Wait for the https navigation to finish.";
225 navigation_observer.Wait();
226
227 VLOG(1) << "Check whether the server acknowledged that a client certificate "
228 "was presented.";
229 {
230 base::RunLoop run_loop;
231 std::string https_reply;
232 https_contents->GetMainFrame()->ExecuteJavaScriptForTests(
233 base::ASCIIToUTF16(
234 "(function() {return document.body.textContent;})();"),
bartfab (slow) 2015/09/03 17:30:53 Nit: As above, does this really need to be wrapped
pneubeck (no reviews) 2015/09/07 17:21:32 Done.
235 base::Bind(&StoreString, &https_reply, run_loop.QuitClosure()));
236 run_loop.Run();
237 // Expect the server to return the fingerprint of the client cert that we
238 // presented, which should be the fingerprint of 'l1_leaf.der'.
239 // The fingerprint can be calculated independently using:
240 // openssl x509 -inform DER -noout -fingerprint -in \
241 // chrome/test/data/extensions/api_test/certificate_provider/l1_leaf.der
242 ASSERT_EQ(
243 "got client cert with fingerprint: "
244 "2ab3f55e06eb8b36a741fe285a769da45edb2695",
245 https_reply);
246 }
247
248 // Replying to the same signature request a second time must fail.
249 {
250 base::RunLoop run_loop;
251 const std::string code = "replyWithSignatureSecondTime();";
252 bool result = false;
253 extension_contents->GetMainFrame()->ExecuteJavaScriptForTests(
254 base::ASCIIToUTF16(code),
255 base::Bind(&StoreBool, &result, run_loop.QuitClosure()));
256 run_loop.Run();
257 EXPECT_TRUE(result);
258 }
259 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698