| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/ssl/openssl_client_key_store.h" | |
| 6 | |
| 7 #include "base/memory/ref_counted.h" | |
| 8 #include "crypto/scoped_openssl_types.h" | |
| 9 #include "net/base/test_data_directory.h" | |
| 10 #include "net/test/cert_test_util.h" | |
| 11 #include "testing/gtest/include/gtest/gtest.h" | |
| 12 | |
| 13 namespace net { | |
| 14 | |
| 15 namespace { | |
| 16 | |
| 17 // Return the internal reference count of a given EVP_PKEY. | |
| 18 int EVP_PKEY_get_refcount(EVP_PKEY* pkey) { | |
| 19 return pkey->references; | |
| 20 } | |
| 21 | |
| 22 // A common test class to ensure that the store is flushed after | |
| 23 // each test. | |
| 24 class OpenSSLClientKeyStoreTest : public ::testing::Test { | |
| 25 public: | |
| 26 OpenSSLClientKeyStoreTest() | |
| 27 : store_(OpenSSLClientKeyStore::GetInstance()) { | |
| 28 } | |
| 29 | |
| 30 ~OpenSSLClientKeyStoreTest() override { | |
| 31 if (store_) | |
| 32 store_->Flush(); | |
| 33 } | |
| 34 | |
| 35 protected: | |
| 36 OpenSSLClientKeyStore* store_; | |
| 37 }; | |
| 38 | |
| 39 // Check that GetInstance() returns non-null | |
| 40 TEST_F(OpenSSLClientKeyStoreTest, GetInstance) { | |
| 41 ASSERT_TRUE(store_); | |
| 42 } | |
| 43 | |
| 44 // Check that Flush() works correctly. | |
| 45 TEST_F(OpenSSLClientKeyStoreTest, Flush) { | |
| 46 ASSERT_TRUE(store_); | |
| 47 | |
| 48 scoped_refptr<X509Certificate> cert_1( | |
| 49 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
| 50 ASSERT_TRUE(cert_1.get()); | |
| 51 | |
| 52 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); | |
| 53 ASSERT_TRUE(priv_key.get()); | |
| 54 | |
| 55 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | |
| 56 priv_key.get())); | |
| 57 | |
| 58 store_->Flush(); | |
| 59 | |
| 60 // Retrieve the private key. This should fail because the store | |
| 61 // was flushed. | |
| 62 crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get()); | |
| 63 ASSERT_FALSE(pkey.get()); | |
| 64 } | |
| 65 | |
| 66 // Check that trying to retrieve the private key of an unknown certificate | |
| 67 // simply fails by returning null. | |
| 68 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) { | |
| 69 ASSERT_TRUE(store_); | |
| 70 | |
| 71 scoped_refptr<X509Certificate> cert_1( | |
| 72 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
| 73 ASSERT_TRUE(cert_1.get()); | |
| 74 | |
| 75 // Retrieve the private key now. This should fail because it was | |
| 76 // never recorded in the store. | |
| 77 crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get()); | |
| 78 ASSERT_FALSE(pkey.get()); | |
| 79 } | |
| 80 | |
| 81 // Check that any private key recorded through RecordClientCertPrivateKey | |
| 82 // can be retrieved with FetchClientCertPrivateKey. | |
| 83 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { | |
| 84 ASSERT_TRUE(store_); | |
| 85 | |
| 86 // Any certificate / key pair will do, the store is not supposed to | |
| 87 // check that the private and certificate public keys match. This is | |
| 88 // by design since the private EVP_PKEY could be a wrapper around a | |
| 89 // JNI reference, with no way to access the real private key bits. | |
| 90 scoped_refptr<X509Certificate> cert_1( | |
| 91 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
| 92 ASSERT_TRUE(cert_1.get()); | |
| 93 | |
| 94 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); | |
| 95 ASSERT_TRUE(priv_key.get()); | |
| 96 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get())); | |
| 97 | |
| 98 // Add the key a first time, this should increment its reference count. | |
| 99 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | |
| 100 priv_key.get())); | |
| 101 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | |
| 102 | |
| 103 // Two successive calls with the same certificate / private key shall | |
| 104 // also succeed, but the key's reference count should not be incremented. | |
| 105 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | |
| 106 priv_key.get())); | |
| 107 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | |
| 108 | |
| 109 // Retrieve the private key. This should increment the private key's | |
| 110 // reference count. | |
| 111 crypto::ScopedEVP_PKEY pkey2 = | |
| 112 store_->FetchClientCertPrivateKey(cert_1.get()); | |
| 113 ASSERT_EQ(pkey2.get(), priv_key.get()); | |
| 114 ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get())); | |
| 115 | |
| 116 // Flush the store explicitely, this should decrement the private | |
| 117 // key's reference count. | |
| 118 store_->Flush(); | |
| 119 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | |
| 120 } | |
| 121 | |
| 122 // Same test, but with two certificates / private keys. | |
| 123 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) { | |
| 124 scoped_refptr<X509Certificate> cert_1( | |
| 125 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
| 126 ASSERT_TRUE(cert_1.get()); | |
| 127 | |
| 128 scoped_refptr<X509Certificate> cert_2( | |
| 129 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); | |
| 130 ASSERT_TRUE(cert_2.get()); | |
| 131 | |
| 132 crypto::ScopedEVP_PKEY priv_key1(EVP_PKEY_new()); | |
| 133 ASSERT_TRUE(priv_key1.get()); | |
| 134 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get())); | |
| 135 | |
| 136 crypto::ScopedEVP_PKEY priv_key2(EVP_PKEY_new()); | |
| 137 ASSERT_TRUE(priv_key2.get()); | |
| 138 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get())); | |
| 139 | |
| 140 ASSERT_NE(priv_key1.get(), priv_key2.get()); | |
| 141 | |
| 142 // Add the key a first time, this shall succeed, and increment the | |
| 143 // reference count. | |
| 144 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | |
| 145 priv_key1.get())); | |
| 146 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(), | |
| 147 priv_key2.get())); | |
| 148 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get())); | |
| 149 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get())); | |
| 150 | |
| 151 // Retrieve the private key now. This shall succeed and increment | |
| 152 // the private key's reference count. | |
| 153 crypto::ScopedEVP_PKEY fetch_key1 = | |
| 154 store_->FetchClientCertPrivateKey(cert_1.get()); | |
| 155 crypto::ScopedEVP_PKEY fetch_key2 = | |
| 156 store_->FetchClientCertPrivateKey(cert_2.get()); | |
| 157 | |
| 158 EXPECT_TRUE(fetch_key1.get()); | |
| 159 EXPECT_TRUE(fetch_key2.get()); | |
| 160 | |
| 161 EXPECT_EQ(fetch_key1.get(), priv_key1.get()); | |
| 162 EXPECT_EQ(fetch_key2.get(), priv_key2.get()); | |
| 163 | |
| 164 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get())); | |
| 165 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get())); | |
| 166 } | |
| 167 | |
| 168 } // namespace | |
| 169 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1304143010:
Plumbing SSLPrivateKey
Base URL: https://chromium.googlesource.com/chromium/src.git@master