Plumbing SSLPrivateKey

content/browser/loader/resource_loader_unittest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/loader/resource_loader.h"
 
 #include "base/files/file.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/macros.h"
@@ skipping 20 matching lines @@
 #include "net/base/chunked_upload_data_stream.h"
 #include "net/base/io_buffer.h"
 #include "net/base/mock_file_stream.h"
 #include "net/base/net_errors.h"
 #include "net/base/request_priority.h"
 #include "net/base/test_data_directory.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/cert/x509_certificate.h"
 #include "net/ssl/client_cert_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_private_key.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_filter.h"
 #include "net/url_request/url_request_interceptor.h"
 #include "net/url_request/url_request_job_factory.h"
 #include "net/url_request/url_request_job_factory_impl.h"
 #include "net/url_request/url_request_test_job.h"
 #include "net/url_request/url_request_test_util.h"
 #include "storage/browser/blob/shareable_file_reference.h"
@@ skipping 105 matching lines @@
   void Start() override {
     scoped_refptr<net::SSLCertRequestInfo> cert_request_info(
         new net::SSLCertRequestInfo);
     cert_request_info->cert_authorities = test_authorities();
     base::ThreadTaskRunnerHandle::Get()->PostTask(
         FROM_HERE,
         base::Bind(&MockClientCertURLRequestJob::NotifyCertificateRequested,
                    this, cert_request_info));
   }
 
-  void ContinueWithCertificate(net::X509Certificate* cert) override {
+  void ContinueWithCertificate(net::X509Certificate* cert,
+                               net::SSLPrivateKey* private_key) override {
     net::URLRequestTestJob::Start();
   }
 
  private:
   ~MockClientCertURLRequestJob() override {}
 
   DISALLOW_COPY_AND_ASSIGN(MockClientCertURLRequestJob);
 };
 
 class MockClientCertJobProtocolHandler
@@ skipping 264 matching lines @@
 
     ++call_count_;
     passed_certs_ = cert_request_info->client_certs;
     delegate_ = delegate.Pass();
     select_certificate_run_loop_.Quit();
   }
 
   int call_count() { return call_count_; }
   net::CertificateList passed_certs() { return passed_certs_; }
 
-  void ContinueWithCertificate(net::X509Certificate* cert) {
-    delegate_->ContinueWithCertificate(cert);
+  void ContinueWithCertificate(net::X509Certificate* cert,
+                               net::SSLPrivateKey* private_key) {
+    delegate_->ContinueWithCertificate(cert, private_key);
     delegate_.reset();
   }
 
   void CancelCertificateSelection() { delegate_.reset(); }
 
  private:
   net::CertificateList passed_certs_;
   int call_count_;
   scoped_ptr<ClientCertificateDelegate> delegate_;
 
@@ skipping 237 matching lines @@
   EXPECT_EQ(1, store_request_count);
   EXPECT_EQ(MockClientCertURLRequestJob::test_authorities(),
             store_requested_authorities);
 
   // Check if the retrieved certificates were passed to the content browser
   // client.
   EXPECT_EQ(1, test_client.call_count());
   EXPECT_EQ(dummy_certs, test_client.passed_certs());
 
   // Continue the request.
-  test_client.ContinueWithCertificate(dummy_certs[0].get());
+  test_client.ContinueWithCertificate(dummy_certs[0].get(), nullptr);

[davidben, 2015/10/13 20:32:15]

Given that this call does absolutely nothing with the certificate, I would
actually drop cert too and pass in nullptr. Maybe explicitly say "Continue the
request with no certificate."

Also helps in trying to get rid of that very confusing X509Certificate
constructor that creates a broken X509Certificate. I'm guessing this is why you
wanted to add an os_cert_handle check.

[svaldez, 2015/10/14 15:06:18]

Done.

   raw_ptr_resource_handler_->WaitForResponseComplete();
   EXPECT_EQ(net::OK, raw_ptr_resource_handler_->status().error());
 
   // Restore the original content browser client.
   SetBrowserClientForTesting(old_client);
 }
 
 // Tests that client certificates are requested on a platform with NULL
 // ClientCertStore.
 TEST_F(ClientCertResourceLoaderTest, WithNullStore) {
   // Plug in test content browser client.
   SelectCertificateBrowserClient test_client;
   ContentBrowserClient* old_client = SetBrowserClientForTesting(&test_client);
 
   // Start the request and wait for it to pause.
   loader_->StartRequest();
   test_client.WaitForSelectCertificate();
 
   // Check if the SelectClientCertificate was called on the content browser
   // client.
   EXPECT_EQ(1, test_client.call_count());
   EXPECT_EQ(net::CertificateList(), test_client.passed_certs());
 
   // Continue the request.
   scoped_refptr<net::X509Certificate> cert(
       new net::X509Certificate("test", "test", base::Time(), base::Time()));
-  test_client.ContinueWithCertificate(cert.get());
+
+  test_client.ContinueWithCertificate(cert.get(), nullptr);

[davidben, 2015/10/13 20:32:15]

Ditto

[svaldez, 2015/10/14 15:06:18]

Done.

   raw_ptr_resource_handler_->WaitForResponseComplete();
   EXPECT_EQ(net::OK, raw_ptr_resource_handler_->status().error());
 
   // Restore the original content browser client.
   SetBrowserClientForTesting(old_client);
 }
 
 // Tests that the ContentBrowserClient may cancel a certificate request.
 TEST_F(ClientCertResourceLoaderTest, CancelSelection) {
   // Plug in test content browser client.
@@ skipping 391 matching lines @@
   ASSERT_TRUE(
       CertStore::GetInstance()->RetrieveCert(deserialized.cert_id, &cert));
   EXPECT_TRUE(cert->Equals(GetTestCert().get()));
 
   EXPECT_EQ(kTestCertError, deserialized.cert_status);
   EXPECT_EQ(kTestConnectionStatus, deserialized.connection_status);
   EXPECT_EQ(kTestSecurityBits, deserialized.security_bits);
 }
 
 }  // namespace content