net/ssl/ssl_client_auth_cache_unittest.cc - Issue 1304143010: Plumbing SSLPrivateKey

Side by Side Diff: net/ssl/ssl_client_auth_cache_unittest.cc

Issue 1304143010: Plumbing SSLPrivateKey Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixing unused function in Android. Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/ssl_client_auth_cache.h"	5 #include "net/ssl/ssl_client_auth_cache.h"

6	6

7 #include "base/time/time.h"	7 #include "base/time/time.h"

8 #include "net/cert/x509_certificate.h"	8 #include "net/cert/x509_certificate.h"

	9 #include "net/ssl/ssl_private_key.h"

9 #include "testing/gtest/include/gtest/gtest.h"	10 #include "testing/gtest/include/gtest/gtest.h"

10	11

11 namespace net {	12 namespace net {

12	13

13 TEST(SSLClientAuthCacheTest, LookupAddRemove) {	14 TEST(SSLClientAuthCacheTest, LookupAddRemove) {
	davidben 2015/10/13 20:32:16 It would probably be good if these tests had some It would probably be good if these tests had some dummy SSLPrivateKeys in there rather than storing null everywhere. It can be a really silly impl that just NOT_IMPLEMENTED()'s everything. svaldez 2015/10/14 15:06:19 Done. Show quoted text On 2015/10/13 20:32:16, David Benjamin wrote: > It would probably be good if these tests had some dummy SSLPrivateKeys in there > rather than storing null everywhere. It can be a really silly impl that just > NOT_IMPLEMENTED()'s everything. Done.
14 SSLClientAuthCache cache;	15 SSLClientAuthCache cache;

15	16

16 base::Time start_date = base::Time::Now();	17 base::Time start_date = base::Time::Now();

17 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);	18 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);

18	19

19 HostPortPair server1("foo1", 443);	20 HostPortPair server1("foo1", 443);

20 scoped_refptr<X509Certificate> cert1(	21 scoped_refptr<X509Certificate> cert1(

21 new X509Certificate("foo1", "CA", start_date, expiration_date));	22 new X509Certificate("foo1", "CA", start_date, expiration_date));

22	23

23 HostPortPair server2("foo2", 443);	24 HostPortPair server2("foo2", 443);

24 scoped_refptr<X509Certificate> cert2(	25 scoped_refptr<X509Certificate> cert2(

25 new X509Certificate("foo2", "CA", start_date, expiration_date));	26 new X509Certificate("foo2", "CA", start_date, expiration_date));

26	27

27 HostPortPair server3("foo3", 443);	28 HostPortPair server3("foo3", 443);

28 scoped_refptr<X509Certificate> cert3(	29 scoped_refptr<X509Certificate> cert3(

29 new X509Certificate("foo3", "CA", start_date, expiration_date));	30 new X509Certificate("foo3", "CA", start_date, expiration_date));

30	31

31 scoped_refptr<X509Certificate> cached_cert;	32 scoped_refptr<X509Certificate> cached_cert;

	33 scoped_refptr<SSLPrivateKey> cached_pkey;

32 // Lookup non-existent client certificate.	34 // Lookup non-existent client certificate.

33 cached_cert = NULL;	35 cached_cert = NULL;

34 EXPECT_FALSE(cache.Lookup(server1, &cached_cert));	36 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey));

35	37

36 // Add client certificate for server1.	38 // Add client certificate for server1.

37 cache.Add(server1, cert1.get());	39 cache.Add(server1, cert1.get(), NULL);
	davidben 2015/10/13 20:32:16 nullptr, etc. :-) nullptr, etc. :-) svaldez 2015/10/14 15:06:19 Done. Show quoted text On 2015/10/13 20:32:16, David Benjamin wrote: > nullptr, etc. :-) Done.
38 cached_cert = NULL;	40 cached_cert = NULL;

39 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	41 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

40 EXPECT_EQ(cert1, cached_cert);	42 EXPECT_EQ(cert1, cached_cert);

41	43

42 // Add client certificate for server2.	44 // Add client certificate for server2.

43 cache.Add(server2, cert2.get());	45 cache.Add(server2, cert2.get(), NULL);

44 cached_cert = NULL;	46 cached_cert = NULL;

45 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	47 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

46 EXPECT_EQ(cert1.get(), cached_cert.get());	48 EXPECT_EQ(cert1.get(), cached_cert.get());

47 cached_cert = NULL;	49 cached_cert = NULL;

48 EXPECT_TRUE(cache.Lookup(server2, &cached_cert));	50 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey));

49 EXPECT_EQ(cert2, cached_cert);	51 EXPECT_EQ(cert2, cached_cert);

50	52

51 // Overwrite the client certificate for server1.	53 // Overwrite the client certificate for server1.

52 cache.Add(server1, cert3.get());	54 cache.Add(server1, cert3.get(), NULL);

53 cached_cert = NULL;	55 cached_cert = NULL;

54 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	56 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

55 EXPECT_EQ(cert3, cached_cert);	57 EXPECT_EQ(cert3, cached_cert);

56 cached_cert = NULL;	58 cached_cert = NULL;

57 EXPECT_TRUE(cache.Lookup(server2, &cached_cert));	59 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey));

58 EXPECT_EQ(cert2, cached_cert);	60 EXPECT_EQ(cert2, cached_cert);

59	61

60 // Remove client certificate of server1.	62 // Remove client certificate of server1.

61 cache.Remove(server1);	63 cache.Remove(server1);

62 cached_cert = NULL;	64 cached_cert = NULL;

63 EXPECT_FALSE(cache.Lookup(server1, &cached_cert));	65 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey));

64 cached_cert = NULL;	66 cached_cert = NULL;

65 EXPECT_TRUE(cache.Lookup(server2, &cached_cert));	67 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey));

66 EXPECT_EQ(cert2, cached_cert);	68 EXPECT_EQ(cert2, cached_cert);

67	69

68 // Remove non-existent client certificate.	70 // Remove non-existent client certificate.

69 cache.Remove(server1);	71 cache.Remove(server1);

70 cached_cert = NULL;	72 cached_cert = NULL;

71 EXPECT_FALSE(cache.Lookup(server1, &cached_cert));	73 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey));

72 cached_cert = NULL;	74 cached_cert = NULL;

73 EXPECT_TRUE(cache.Lookup(server2, &cached_cert));	75 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey));

74 EXPECT_EQ(cert2, cached_cert);	76 EXPECT_EQ(cert2, cached_cert);

75 }	77 }

76	78

77 // Check that if the server differs only by port number, it is considered	79 // Check that if the server differs only by port number, it is considered

78 // a separate server.	80 // a separate server.

79 TEST(SSLClientAuthCacheTest, LookupWithPort) {	81 TEST(SSLClientAuthCacheTest, LookupWithPort) {

80 SSLClientAuthCache cache;	82 SSLClientAuthCache cache;

81	83

82 base::Time start_date = base::Time::Now();	84 base::Time start_date = base::Time::Now();

83 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);	85 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);

84	86

85 HostPortPair server1("foo", 443);	87 HostPortPair server1("foo", 443);

86 scoped_refptr<X509Certificate> cert1(	88 scoped_refptr<X509Certificate> cert1(

87 new X509Certificate("foo", "CA", start_date, expiration_date));	89 new X509Certificate("foo", "CA", start_date, expiration_date));

88	90

89 HostPortPair server2("foo", 8443);	91 HostPortPair server2("foo", 8443);

90 scoped_refptr<X509Certificate> cert2(	92 scoped_refptr<X509Certificate> cert2(

91 new X509Certificate("foo", "CA", start_date, expiration_date));	93 new X509Certificate("foo", "CA", start_date, expiration_date));

92	94

93 cache.Add(server1, cert1.get());	95 cache.Add(server1, cert1.get(), NULL);

94 cache.Add(server2, cert2.get());	96 cache.Add(server2, cert2.get(), NULL);

95	97

96 scoped_refptr<X509Certificate> cached_cert;	98 scoped_refptr<X509Certificate> cached_cert;

97 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	99 scoped_refptr<SSLPrivateKey> cached_pkey;

	100 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

98 EXPECT_EQ(cert1.get(), cached_cert.get());	101 EXPECT_EQ(cert1.get(), cached_cert.get());

99 EXPECT_TRUE(cache.Lookup(server2, &cached_cert));	102 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey));

100 EXPECT_EQ(cert2.get(), cached_cert.get());	103 EXPECT_EQ(cert2.get(), cached_cert.get());

101 }	104 }

102	105

103 // Check that the a NULL certificate, indicating the user has declined to send	106 // Check that the a NULL certificate, indicating the user has declined to send

104 // a certificate, is properly cached.	107 // a certificate, is properly cached.

105 TEST(SSLClientAuthCacheTest, LookupNullPreference) {	108 TEST(SSLClientAuthCacheTest, LookupNullPreference) {

106 SSLClientAuthCache cache;	109 SSLClientAuthCache cache;

107 base::Time start_date = base::Time::Now();	110 base::Time start_date = base::Time::Now();

108 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);	111 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);

109	112

110 HostPortPair server1("foo", 443);	113 HostPortPair server1("foo", 443);

111 scoped_refptr<X509Certificate> cert1(	114 scoped_refptr<X509Certificate> cert1(

112 new X509Certificate("foo", "CA", start_date, expiration_date));	115 new X509Certificate("foo", "CA", start_date, expiration_date));

113	116

114 cache.Add(server1, NULL);	117 cache.Add(server1, NULL, NULL);

115	118

116 scoped_refptr<X509Certificate> cached_cert(cert1);	119 scoped_refptr<X509Certificate> cached_cert(cert1);

	120 scoped_refptr<SSLPrivateKey> cached_pkey;

117 // Make sure that \|cached_cert\| is updated to NULL, indicating the user	121 // Make sure that \|cached_cert\| is updated to NULL, indicating the user

118 // declined to send a certificate to \|server1\|.	122 // declined to send a certificate to \|server1\|.

119 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	123 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

120 EXPECT_EQ(NULL, cached_cert.get());	124 EXPECT_EQ(NULL, cached_cert.get());

121	125

122 // Remove the existing cached certificate.	126 // Remove the existing cached certificate.

123 cache.Remove(server1);	127 cache.Remove(server1);

124 cached_cert = NULL;	128 cached_cert = NULL;

125 EXPECT_FALSE(cache.Lookup(server1, &cached_cert));	129 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey));

126	130

127 // Add a new preference for a specific certificate.	131 // Add a new preference for a specific certificate.

128 cache.Add(server1, cert1.get());	132 cache.Add(server1, cert1.get(), NULL);

129 cached_cert = NULL;	133 cached_cert = NULL;

130 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	134 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

131 EXPECT_EQ(cert1, cached_cert);	135 EXPECT_EQ(cert1, cached_cert);

132	136

133 // Replace the specific preference with a NULL certificate.	137 // Replace the specific preference with a NULL certificate.

134 cache.Add(server1, NULL);	138 cache.Add(server1, NULL, NULL);

135 cached_cert = NULL;	139 cached_cert = NULL;

136 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	140 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

137 EXPECT_EQ(NULL, cached_cert.get());	141 EXPECT_EQ(NULL, cached_cert.get());

138 }	142 }

139	143

140 // Check that the OnCertAdded() method removes all cache entries.	144 // Check that the OnCertAdded() method removes all cache entries.

141 TEST(SSLClientAuthCacheTest, OnCertAdded) {	145 TEST(SSLClientAuthCacheTest, OnCertAdded) {

142 SSLClientAuthCache cache;	146 SSLClientAuthCache cache;

143 base::Time start_date = base::Time::Now();	147 base::Time start_date = base::Time::Now();

144 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);	148 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1);

145	149

146 HostPortPair server1("foo", 443);	150 HostPortPair server1("foo", 443);

147 scoped_refptr<X509Certificate> cert1(	151 scoped_refptr<X509Certificate> cert1(

148 new X509Certificate("foo", "CA", start_date, expiration_date));	152 new X509Certificate("foo", "CA", start_date, expiration_date));

149	153

150 cache.Add(server1, cert1.get());	154 cache.Add(server1, cert1.get(), NULL);

151	155

152 HostPortPair server2("foo2", 443);	156 HostPortPair server2("foo2", 443);

153 cache.Add(server2, NULL);	157 cache.Add(server2, NULL, NULL);

154	158

155 scoped_refptr<X509Certificate> cached_cert;	159 scoped_refptr<X509Certificate> cached_cert;

	160 scoped_refptr<SSLPrivateKey> cached_pkey;

156	161

157 // Demonstrate the set up is correct.	162 // Demonstrate the set up is correct.

158 EXPECT_TRUE(cache.Lookup(server1, &cached_cert));	163 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey));

159 EXPECT_EQ(cert1, cached_cert);	164 EXPECT_EQ(cert1, cached_cert);

160	165

161 EXPECT_TRUE(cache.Lookup(server2, &cached_cert));	166 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey));

162 EXPECT_EQ(NULL, cached_cert.get());	167 EXPECT_EQ(NULL, cached_cert.get());

163	168

164 cache.OnCertAdded(NULL);	169 cache.OnCertAdded(NULL);

165	170

166 // Check that we no longer have entries for either server.	171 // Check that we no longer have entries for either server.

167 EXPECT_FALSE(cache.Lookup(server1, &cached_cert));	172 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey));

168 EXPECT_FALSE(cache.Lookup(server2, &cached_cert));	173 EXPECT_FALSE(cache.Lookup(server2, &cached_cert, &cached_pkey));

169 }	174 }

170	175

171 } // namespace net	176 } // namespace net

OLD	NEW

« net/socket/ssl_client_socket_openssl_unittest.cc ('K') | « net/ssl/ssl_client_auth_cache.cc ('k') | net/ssl/ssl_config.h » ('j') | net/ssl/ssl_platform_key.h » ('J')