| Index: net/base/server_bound_cert_service_unittest.cc
|
| diff --git a/net/base/server_bound_cert_service_unittest.cc b/net/base/server_bound_cert_service_unittest.cc
|
| deleted file mode 100644
|
| index 9e505db81d9acbce5f069cc74ab38ec4c6469c42..0000000000000000000000000000000000000000
|
| --- a/net/base/server_bound_cert_service_unittest.cc
|
| +++ /dev/null
|
| @@ -1,564 +0,0 @@
|
| -// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "net/base/server_bound_cert_service.h"
|
| -
|
| -#include <string>
|
| -#include <vector>
|
| -
|
| -#include "base/bind.h"
|
| -#include "base/memory/scoped_ptr.h"
|
| -#include "base/message_loop.h"
|
| -#include "base/threading/sequenced_worker_pool.h"
|
| -#include "crypto/ec_private_key.h"
|
| -#include "net/base/asn1_util.h"
|
| -#include "net/base/default_server_bound_cert_store.h"
|
| -#include "net/base/net_errors.h"
|
| -#include "net/base/test_completion_callback.h"
|
| -#include "net/base/x509_certificate.h"
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| -
|
| -namespace net {
|
| -
|
| -namespace {
|
| -
|
| -void FailTest(int /* result */) {
|
| - FAIL();
|
| -}
|
| -
|
| -class ServerBoundCertServiceTest : public testing::Test {
|
| - protected:
|
| - virtual void SetUp() OVERRIDE {
|
| - sequenced_worker_pool_ = new base::SequencedWorkerPool(
|
| - 3, "ServerBoundCertServiceTest");
|
| - service_.reset(new ServerBoundCertService(
|
| - new DefaultServerBoundCertStore(NULL), sequenced_worker_pool_));
|
| - }
|
| -
|
| - virtual void TearDown() OVERRIDE {
|
| - sequenced_worker_pool_->Shutdown();
|
| - }
|
| -
|
| - scoped_refptr<base::SequencedWorkerPool> sequenced_worker_pool_;
|
| - scoped_ptr<ServerBoundCertService> service_;
|
| -};
|
| -
|
| -TEST_F(ServerBoundCertServiceTest, GetDomainForHost) {
|
| - EXPECT_EQ("google.com",
|
| - ServerBoundCertService::GetDomainForHost("google.com"));
|
| - EXPECT_EQ("google.com",
|
| - ServerBoundCertService::GetDomainForHost("www.google.com"));
|
| - // NOTE(rch): we would like to segregate cookies and certificates for
|
| - // *.appspot.com, but currently we can not do that becaues we want to
|
| - // allow direct navigation to appspot.com.
|
| - EXPECT_EQ("appspot.com",
|
| - ServerBoundCertService::GetDomainForHost("foo.appspot.com"));
|
| - EXPECT_EQ("google.com",
|
| - ServerBoundCertService::GetDomainForHost("www.mail.google.com"));
|
| - EXPECT_EQ("goto",
|
| - ServerBoundCertService::GetDomainForHost("goto"));
|
| - EXPECT_EQ("127.0.0.1",
|
| - ServerBoundCertService::GetDomainForHost("127.0.0.1"));
|
| -}
|
| -
|
| -// See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned.
|
| -#if !defined(USE_OPENSSL)
|
| -
|
| -TEST_F(ServerBoundCertServiceTest, CacheHit) {
|
| - std::string origin("https://encrypted.google.com:443");
|
| -
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - TestCompletionCallback callback;
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - // Asynchronous completion.
|
| - SSLClientCertType type1;
|
| - std::string private_key_info1, der_cert1;
|
| - EXPECT_EQ(0, service_->cert_count());
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type1, &private_key_info1, &der_cert1,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - error = callback.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(1, service_->cert_count());
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1);
|
| - EXPECT_FALSE(private_key_info1.empty());
|
| - EXPECT_FALSE(der_cert1.empty());
|
| - EXPECT_FALSE(request_handle.is_active());
|
| -
|
| - // Synchronous completion.
|
| - SSLClientCertType type2;
|
| - std::string private_key_info2, der_cert2;
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type2, &private_key_info2, &der_cert2,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_FALSE(request_handle.is_active());
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(1, service_->cert_count());
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2);
|
| - EXPECT_EQ(private_key_info1, private_key_info2);
|
| - EXPECT_EQ(der_cert1, der_cert2);
|
| -
|
| - EXPECT_EQ(2u, service_->requests());
|
| - EXPECT_EQ(1u, service_->cert_store_hits());
|
| - EXPECT_EQ(0u, service_->inflight_joins());
|
| -}
|
| -
|
| -TEST_F(ServerBoundCertServiceTest, UnsupportedTypes) {
|
| - std::string origin("https://encrypted.google.com:443");
|
| -
|
| - int error;
|
| - std::vector<uint8> types;
|
| - TestCompletionCallback callback;
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - // Empty requested_types.
|
| - SSLClientCertType type1;
|
| - std::string private_key_info1, der_cert1;
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type1, &private_key_info1, &der_cert1,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_INVALID_ARGUMENT, error);
|
| - EXPECT_FALSE(request_handle.is_active());
|
| -
|
| - // No supported types in requested_types.
|
| - types.push_back(CLIENT_CERT_RSA_SIGN);
|
| - types.push_back(2);
|
| - types.push_back(3);
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type1, &private_key_info1, &der_cert1,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error);
|
| - EXPECT_FALSE(request_handle.is_active());
|
| -
|
| - // Supported types after unsupported ones in requested_types.
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - // Asynchronous completion.
|
| - EXPECT_EQ(0, service_->cert_count());
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type1, &private_key_info1, &der_cert1,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - error = callback.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(1, service_->cert_count());
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1);
|
| - EXPECT_FALSE(private_key_info1.empty());
|
| - EXPECT_FALSE(der_cert1.empty());
|
| -
|
| - // Now that the cert is created, doing requests for unsupported types
|
| - // shouldn't affect the created cert.
|
| - // Empty requested_types.
|
| - types.clear();
|
| - SSLClientCertType type2;
|
| - std::string private_key_info2, der_cert2;
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type2, &private_key_info2, &der_cert2,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_INVALID_ARGUMENT, error);
|
| - EXPECT_FALSE(request_handle.is_active());
|
| -
|
| - // No supported types in requested_types.
|
| - types.push_back(CLIENT_CERT_RSA_SIGN);
|
| - types.push_back(2);
|
| - types.push_back(3);
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type2, &private_key_info2, &der_cert2,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error);
|
| - EXPECT_FALSE(request_handle.is_active());
|
| -
|
| - // If we request EC, the cert we created before should still be there.
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type2, &private_key_info2, &der_cert2,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_FALSE(request_handle.is_active());
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(1, service_->cert_count());
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2);
|
| - EXPECT_EQ(private_key_info1, private_key_info2);
|
| - EXPECT_EQ(der_cert1, der_cert2);
|
| -}
|
| -
|
| -TEST_F(ServerBoundCertServiceTest, StoreCerts) {
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - TestCompletionCallback callback;
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - std::string origin1("https://encrypted.google.com:443");
|
| - SSLClientCertType type1;
|
| - std::string private_key_info1, der_cert1;
|
| - EXPECT_EQ(0, service_->cert_count());
|
| - error = service_->GetDomainBoundCert(
|
| - origin1, types, &type1, &private_key_info1, &der_cert1,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - error = callback.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(1, service_->cert_count());
|
| -
|
| - std::string origin2("https://www.verisign.com:443");
|
| - SSLClientCertType type2;
|
| - std::string private_key_info2, der_cert2;
|
| - error = service_->GetDomainBoundCert(
|
| - origin2, types, &type2, &private_key_info2, &der_cert2,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - error = callback.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(2, service_->cert_count());
|
| -
|
| - std::string origin3("https://www.twitter.com:443");
|
| - SSLClientCertType type3;
|
| - std::string private_key_info3, der_cert3;
|
| - error = service_->GetDomainBoundCert(
|
| - origin3, types, &type3, &private_key_info3, &der_cert3,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - error = callback.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(3, service_->cert_count());
|
| -
|
| - EXPECT_NE(private_key_info1, private_key_info2);
|
| - EXPECT_NE(der_cert1, der_cert2);
|
| - EXPECT_NE(private_key_info1, private_key_info3);
|
| - EXPECT_NE(der_cert1, der_cert3);
|
| - EXPECT_NE(private_key_info2, private_key_info3);
|
| - EXPECT_NE(der_cert2, der_cert3);
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1);
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2);
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type3);
|
| -}
|
| -
|
| -// Tests an inflight join.
|
| -TEST_F(ServerBoundCertServiceTest, InflightJoin) {
|
| - std::string origin("https://encrypted.google.com:443");
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| -
|
| - SSLClientCertType type1;
|
| - std::string private_key_info1, der_cert1;
|
| - TestCompletionCallback callback1;
|
| - ServerBoundCertService::RequestHandle request_handle1;
|
| -
|
| - SSLClientCertType type2;
|
| - std::string private_key_info2, der_cert2;
|
| - TestCompletionCallback callback2;
|
| - ServerBoundCertService::RequestHandle request_handle2;
|
| -
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type1, &private_key_info1, &der_cert1,
|
| - callback1.callback(), &request_handle1);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle1.is_active());
|
| - // If we request RSA and EC in the 2nd request, should still join with the
|
| - // original request.
|
| - types.insert(types.begin(), CLIENT_CERT_RSA_SIGN);
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type2, &private_key_info2, &der_cert2,
|
| - callback2.callback(), &request_handle2);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle2.is_active());
|
| -
|
| - error = callback1.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - error = callback2.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| -
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1);
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2);
|
| - EXPECT_EQ(2u, service_->requests());
|
| - EXPECT_EQ(0u, service_->cert_store_hits());
|
| - EXPECT_EQ(1u, service_->inflight_joins());
|
| -}
|
| -
|
| -TEST_F(ServerBoundCertServiceTest, ExtractValuesFromBytesEC) {
|
| - std::string origin("https://encrypted.google.com:443");
|
| - SSLClientCertType type;
|
| - std::string private_key_info, der_cert;
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - TestCompletionCallback callback;
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - error = service_->GetDomainBoundCert(
|
| - origin, types, &type, &private_key_info, &der_cert, callback.callback(),
|
| - &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - error = callback.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| -
|
| - base::StringPiece spki_piece;
|
| - ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(der_cert, &spki_piece));
|
| - std::vector<uint8> spki(
|
| - spki_piece.data(),
|
| - spki_piece.data() + spki_piece.size());
|
| -
|
| - // Check that we can retrieve the key from the bytes.
|
| - std::vector<uint8> key_vec(private_key_info.begin(), private_key_info.end());
|
| - scoped_ptr<crypto::ECPrivateKey> private_key(
|
| - crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
|
| - ServerBoundCertService::kEPKIPassword, key_vec, spki));
|
| - EXPECT_TRUE(private_key != NULL);
|
| -
|
| - // Check that we can retrieve the cert from the bytes.
|
| - scoped_refptr<X509Certificate> x509cert(
|
| - X509Certificate::CreateFromBytes(der_cert.data(), der_cert.size()));
|
| - EXPECT_TRUE(x509cert != NULL);
|
| -}
|
| -
|
| -// Tests that the callback of a canceled request is never made.
|
| -TEST_F(ServerBoundCertServiceTest, CancelRequest) {
|
| - std::string origin("https://encrypted.google.com:443");
|
| - SSLClientCertType type;
|
| - std::string private_key_info, der_cert;
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - error = service_->GetDomainBoundCert(origin,
|
| - types,
|
| - &type,
|
| - &private_key_info,
|
| - &der_cert,
|
| - base::Bind(&FailTest),
|
| - &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - request_handle.Cancel();
|
| - EXPECT_FALSE(request_handle.is_active());
|
| -
|
| - // Wait for generation to finish.
|
| - sequenced_worker_pool_->FlushForTesting();
|
| - // Wait for reply from ServerBoundCertServiceWorker to be posted back to the
|
| - // ServerBoundCertService.
|
| - MessageLoop::current()->RunUntilIdle();
|
| -
|
| - // Even though the original request was cancelled, the service will still
|
| - // store the result, it just doesn't call the callback.
|
| - EXPECT_EQ(1, service_->cert_count());
|
| -}
|
| -
|
| -// Tests that destructing the RequestHandle cancels the request.
|
| -TEST_F(ServerBoundCertServiceTest, CancelRequestByHandleDestruction) {
|
| - std::string origin("https://encrypted.google.com:443");
|
| - SSLClientCertType type;
|
| - std::string private_key_info, der_cert;
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - {
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - error = service_->GetDomainBoundCert(origin,
|
| - types,
|
| - &type,
|
| - &private_key_info,
|
| - &der_cert,
|
| - base::Bind(&FailTest),
|
| - &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - }
|
| -
|
| - // Wait for generation to finish.
|
| - sequenced_worker_pool_->FlushForTesting();
|
| - // Wait for reply from ServerBoundCertServiceWorker to be posted back to the
|
| - // ServerBoundCertService.
|
| - MessageLoop::current()->RunUntilIdle();
|
| -
|
| - // Even though the original request was cancelled, the service will still
|
| - // store the result, it just doesn't call the callback.
|
| - EXPECT_EQ(1, service_->cert_count());
|
| -}
|
| -
|
| -TEST_F(ServerBoundCertServiceTest, DestructionWithPendingRequest) {
|
| - std::string origin("https://encrypted.google.com:443");
|
| - SSLClientCertType type;
|
| - std::string private_key_info, der_cert;
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - error = service_->GetDomainBoundCert(origin,
|
| - types,
|
| - &type,
|
| - &private_key_info,
|
| - &der_cert,
|
| - base::Bind(&FailTest),
|
| - &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| -
|
| - // Cancel request and destroy the ServerBoundCertService.
|
| - request_handle.Cancel();
|
| - service_.reset();
|
| -
|
| - // Wait for generation to finish.
|
| - sequenced_worker_pool_->FlushForTesting();
|
| - // ServerBoundCertServiceWorker should not post anything back to the
|
| - // non-existant ServerBoundCertService, but run the loop just to be sure it
|
| - // doesn't.
|
| - MessageLoop::current()->RunUntilIdle();
|
| -
|
| - // If we got here without crashing or a valgrind error, it worked.
|
| -}
|
| -
|
| -// Tests that simultaneous creation of different certs works.
|
| -TEST_F(ServerBoundCertServiceTest, SimultaneousCreation) {
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| -
|
| - std::string origin1("https://encrypted.google.com:443");
|
| - SSLClientCertType type1;
|
| - std::string private_key_info1, der_cert1;
|
| - TestCompletionCallback callback1;
|
| - ServerBoundCertService::RequestHandle request_handle1;
|
| -
|
| - std::string origin2("https://foo.com:443");
|
| - SSLClientCertType type2;
|
| - std::string private_key_info2, der_cert2;
|
| - TestCompletionCallback callback2;
|
| - ServerBoundCertService::RequestHandle request_handle2;
|
| -
|
| - std::string origin3("https://bar.com:443");
|
| - SSLClientCertType type3;
|
| - std::string private_key_info3, der_cert3;
|
| - TestCompletionCallback callback3;
|
| - ServerBoundCertService::RequestHandle request_handle3;
|
| -
|
| - error = service_->GetDomainBoundCert(origin1,
|
| - types,
|
| - &type1,
|
| - &private_key_info1,
|
| - &der_cert1,
|
| - callback1.callback(),
|
| - &request_handle1);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle1.is_active());
|
| -
|
| - error = service_->GetDomainBoundCert(origin2,
|
| - types,
|
| - &type2,
|
| - &private_key_info2,
|
| - &der_cert2,
|
| - callback2.callback(),
|
| - &request_handle2);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle2.is_active());
|
| -
|
| - error = service_->GetDomainBoundCert(origin3,
|
| - types,
|
| - &type3,
|
| - &private_key_info3,
|
| - &der_cert3,
|
| - callback3.callback(),
|
| - &request_handle3);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle3.is_active());
|
| -
|
| - error = callback1.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1);
|
| - EXPECT_FALSE(private_key_info1.empty());
|
| - EXPECT_FALSE(der_cert1.empty());
|
| -
|
| - error = callback2.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2);
|
| - EXPECT_FALSE(private_key_info2.empty());
|
| - EXPECT_FALSE(der_cert2.empty());
|
| -
|
| - error = callback3.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type3);
|
| - EXPECT_FALSE(private_key_info3.empty());
|
| - EXPECT_FALSE(der_cert3.empty());
|
| -
|
| - EXPECT_NE(private_key_info1, private_key_info2);
|
| - EXPECT_NE(der_cert1, der_cert2);
|
| -
|
| - EXPECT_NE(private_key_info1, private_key_info3);
|
| - EXPECT_NE(der_cert1, der_cert3);
|
| -
|
| - EXPECT_NE(private_key_info2, private_key_info3);
|
| - EXPECT_NE(der_cert2, der_cert3);
|
| -
|
| - EXPECT_EQ(3, service_->cert_count());
|
| -}
|
| -
|
| -TEST_F(ServerBoundCertServiceTest, Expiration) {
|
| - ServerBoundCertStore* store = service_->GetCertStore();
|
| - base::Time now = base::Time::Now();
|
| - store->SetServerBoundCert("good",
|
| - CLIENT_CERT_ECDSA_SIGN,
|
| - now,
|
| - now + base::TimeDelta::FromDays(1),
|
| - "a",
|
| - "b");
|
| - store->SetServerBoundCert("expired",
|
| - CLIENT_CERT_ECDSA_SIGN,
|
| - now - base::TimeDelta::FromDays(2),
|
| - now - base::TimeDelta::FromDays(1),
|
| - "c",
|
| - "d");
|
| - EXPECT_EQ(2, service_->cert_count());
|
| -
|
| - int error;
|
| - std::vector<uint8> types;
|
| - types.push_back(CLIENT_CERT_ECDSA_SIGN);
|
| - TestCompletionCallback callback;
|
| - ServerBoundCertService::RequestHandle request_handle;
|
| -
|
| - // Cert still valid - synchronous completion.
|
| - SSLClientCertType type1;
|
| - std::string private_key_info1, der_cert1;
|
| - error = service_->GetDomainBoundCert(
|
| - "https://good", types, &type1, &private_key_info1, &der_cert1,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_FALSE(request_handle.is_active());
|
| - EXPECT_EQ(2, service_->cert_count());
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type1);
|
| - EXPECT_STREQ("a", private_key_info1.c_str());
|
| - EXPECT_STREQ("b", der_cert1.c_str());
|
| -
|
| - // Cert expired - New cert will be generated, asynchronous completion.
|
| - SSLClientCertType type2;
|
| - std::string private_key_info2, der_cert2;
|
| - error = service_->GetDomainBoundCert(
|
| - "https://expired", types, &type2, &private_key_info2, &der_cert2,
|
| - callback.callback(), &request_handle);
|
| - EXPECT_EQ(ERR_IO_PENDING, error);
|
| - EXPECT_TRUE(request_handle.is_active());
|
| - error = callback.WaitForResult();
|
| - EXPECT_EQ(OK, error);
|
| - EXPECT_EQ(2, service_->cert_count());
|
| - EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, type2);
|
| - EXPECT_LT(1U, private_key_info2.size());
|
| - EXPECT_LT(1U, der_cert2.size());
|
| -}
|
| -
|
| -#endif // !defined(USE_OPENSSL)
|
| -
|
| -} // namespace
|
| -
|
| -} // namespace net
|
|
|
Chromium Code Reviews
Issue 12680003:
net: split net/ssl out of net/base (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src