Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(99)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/network_cert_migrator_unittest.cc

Issue 135193007: Use user specific NSSDatabase in CertLoader. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: return of slow task runner Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chromeos/network/client_cert_resolver_unittest.cc ('K') | « chromeos/network/client_cert_util.cc ('k') | chromeos/network/network_connection_handler.h » ('j') | chromeos/network/network_connection_handler.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/network/network_cert_migrator.h" 5 #include "chromeos/network/network_cert_migrator.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 8
9 #include "base/file_util.h" 9 #include "base/file_util.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
11 #include "base/run_loop.h" 11 #include "base/run_loop.h"
12 #include "chromeos/cert_loader.h" 12 #include "chromeos/cert_loader.h"
13 #include "chromeos/dbus/dbus_thread_manager.h" 13 #include "chromeos/dbus/dbus_thread_manager.h"
14 #include "chromeos/dbus/shill_service_client.h" 14 #include "chromeos/dbus/shill_service_client.h"
15 #include "chromeos/login/login_state.h" 15 #include "chromeos/login/login_state.h"
pneubeck (no reviews) 2014/01/24 13:18:02 unused?
tbarzic 2014/01/25 00:26:27 Done.
16 #include "chromeos/network/network_state_handler.h" 16 #include "chromeos/network/network_state_handler.h"
17 #include "chromeos/tpm_token_loader.h" 17 #include "chromeos/tpm_token_loader.h"
18 #include "crypto/nss_util.h" 18 #include "crypto/nss_util.h"
19 #include "crypto/nss_util_internal.h"
19 #include "net/base/crypto_module.h" 20 #include "net/base/crypto_module.h"
20 #include "net/base/net_errors.h" 21 #include "net/base/net_errors.h"
21 #include "net/base/test_data_directory.h" 22 #include "net/base/test_data_directory.h"
22 #include "net/cert/nss_cert_database.h" 23 #include "net/cert/nss_cert_database_chromeos.h"
23 #include "net/cert/x509_certificate.h" 24 #include "net/cert/x509_certificate.h"
24 #include "net/test/cert_test_util.h" 25 #include "net/test/cert_test_util.h"
25 #include "testing/gtest/include/gtest/gtest.h" 26 #include "testing/gtest/include/gtest/gtest.h"
26 #include "third_party/cros_system_api/dbus/service_constants.h" 27 #include "third_party/cros_system_api/dbus/service_constants.h"
27 28
28 namespace chromeos { 29 namespace chromeos {
29 30
30 namespace { 31 namespace {
31 32
32 const char* kWifiStub = "wifi_stub"; 33 const char* kWifiStub = "wifi_stub";
33 const char* kVPNStub = "vpn_stub"; 34 const char* kVPNStub = "vpn_stub";
34 const char* kNSSNickname = "nss_nickname"; 35 const char* kNSSNickname = "nss_nickname";
35 const char* kFakePEM = "pem"; 36 const char* kFakePEM = "pem";
36 37
37 } // namespace 38 } // namespace
38 39
39 class NetworkCertMigratorTest : public testing::Test { 40 class NetworkCertMigratorTest : public testing::Test {
40 public: 41 public:
41 NetworkCertMigratorTest() {} 42 NetworkCertMigratorTest() : service_test_(NULL),
43 user_("user_hash") {
44 }
42 virtual ~NetworkCertMigratorTest() {} 45 virtual ~NetworkCertMigratorTest() {}
43 46
44 virtual void SetUp() OVERRIDE { 47 virtual void SetUp() OVERRIDE {
45 ASSERT_TRUE(test_nssdb_.is_open()); 48 // Initialize NSS db for the user.
46 slot_ = net::NSSCertDatabase::GetInstance()->GetPublicModule(); 49 ASSERT_TRUE(user_.constructed_successfully());
47 ASSERT_TRUE(slot_->os_module_handle()); 50 user_.FinishInit();
48 51 test_nssdb_.reset(new net::NSSCertDatabaseChromeOS(
49 LoginState::Initialize(); 52 crypto::GetPublicSlotForChromeOSUser(user_.username_hash()),
53 crypto::GetPrivateSlotForChromeOSUser(
54 user_.username_hash(),
55 base::Callback<void(crypto::ScopedPK11Slot)>())));
50 56
51 DBusThreadManager::InitializeWithStub(); 57 DBusThreadManager::InitializeWithStub();
52 service_test_ = 58 service_test_ =
53 DBusThreadManager::Get()->GetShillServiceClient()->GetTestInterface(); 59 DBusThreadManager::Get()->GetShillServiceClient()->GetTestInterface();
54 message_loop_.RunUntilIdle(); 60 base::RunLoop().RunUntilIdle();
55 service_test_->ClearServices(); 61 service_test_->ClearServices();
56 message_loop_.RunUntilIdle(); 62 base::RunLoop().RunUntilIdle();
57
58 TPMTokenLoader::Initialize();
59 TPMTokenLoader* tpm_token_loader = TPMTokenLoader::Get();
60 tpm_token_loader->InitializeTPMForTest();
61 tpm_token_loader->SetCryptoTaskRunner(message_loop_.message_loop_proxy());
62 63
63 CertLoader::Initialize(); 64 CertLoader::Initialize();
64 CertLoader::Get()->SetSlowTaskRunnerForTest( 65 CertLoader* cert_loader_ = CertLoader::Get();
65 message_loop_.message_loop_proxy()); 66 cert_loader_->SetSlowTaskRunnerForTest(message_loop_.message_loop_proxy());
67 cert_loader_->set_hardware_backed_for_test();
pneubeck (no reviews) 2014/01/24 13:18:02 shouldn't be necessary for these tests.
tbarzic 2014/01/25 00:26:27 Done.
68 cert_loader_->StartWithNSSDB(test_nssdb_.get());
66 } 69 }
67 70
68 virtual void TearDown() OVERRIDE { 71 virtual void TearDown() OVERRIDE {
69 network_cert_migrator_.reset(); 72 network_cert_migrator_.reset();
70 network_state_handler_.reset(); 73 network_state_handler_.reset();
71 CertLoader::Shutdown(); 74 CertLoader::Shutdown();
72 TPMTokenLoader::Shutdown();
73 DBusThreadManager::Shutdown(); 75 DBusThreadManager::Shutdown();
74 LoginState::Shutdown();
75 CleanupTestCert(); 76 CleanupTestCert();
76 } 77 }
77 78
78 protected: 79 protected:
79 void SetupTestCACert() { 80 void SetupTestCACert() {
80 scoped_refptr<net::X509Certificate> cert_wo_nickname = 81 scoped_refptr<net::X509Certificate> cert_wo_nickname =
81 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 82 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
82 "eku-test-root.pem", 83 "eku-test-root.pem",
83 net::X509Certificate::FORMAT_AUTO) 84 net::X509Certificate::FORMAT_AUTO)
84 .back(); 85 .back();
85 net::X509Certificate::GetPEMEncoded(cert_wo_nickname->os_cert_handle(), 86 net::X509Certificate::GetPEMEncoded(cert_wo_nickname->os_cert_handle(),
86 &test_ca_cert_pem_); 87 &test_ca_cert_pem_);
87 std::string der_encoded; 88 std::string der_encoded;
88 net::X509Certificate::GetDEREncoded(cert_wo_nickname->os_cert_handle(), 89 net::X509Certificate::GetDEREncoded(cert_wo_nickname->os_cert_handle(),
89 &der_encoded); 90 &der_encoded);
90 cert_wo_nickname = NULL; 91 cert_wo_nickname = NULL;
91 92
92 test_ca_cert_ = net::X509Certificate::CreateFromBytesWithNickname( 93 test_ca_cert_ = net::X509Certificate::CreateFromBytesWithNickname(
93 der_encoded.data(), der_encoded.size(), kNSSNickname); 94 der_encoded.data(), der_encoded.size(), kNSSNickname);
94 net::NSSCertDatabase* cert_database = net::NSSCertDatabase::GetInstance();
95 net::CertificateList cert_list; 95 net::CertificateList cert_list;
96 cert_list.push_back(test_ca_cert_); 96 cert_list.push_back(test_ca_cert_);
97 net::NSSCertDatabase::ImportCertFailureList failures; 97 net::NSSCertDatabase::ImportCertFailureList failures;
98 EXPECT_TRUE(cert_database->ImportCACerts( 98 EXPECT_TRUE(test_nssdb_->ImportCACerts(
99 cert_list, net::NSSCertDatabase::TRUST_DEFAULT, &failures)); 99 cert_list, net::NSSCertDatabase::TRUST_DEFAULT, &failures));
100 ASSERT_TRUE(failures.empty()) << net::ErrorToString(failures[0].net_error); 100 ASSERT_TRUE(failures.empty()) << net::ErrorToString(failures[0].net_error);
101 } 101 }
102 102
103 void SetupNetworkHandlers() { 103 void SetupNetworkHandlers() {
104 network_state_handler_.reset(NetworkStateHandler::InitializeForTest()); 104 network_state_handler_.reset(NetworkStateHandler::InitializeForTest());
105 network_cert_migrator_.reset(new NetworkCertMigrator); 105 network_cert_migrator_.reset(new NetworkCertMigrator);
106 network_cert_migrator_->Init(network_state_handler_.get()); 106 network_cert_migrator_->Init(network_state_handler_.get());
107 } 107 }
108 108
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
174 ca_pems->GetString(0, ca_pem); 174 ca_pems->GetString(0, ca_pem);
175 } 175 }
176 176
177 ShillServiceClient::TestInterface* service_test_; 177 ShillServiceClient::TestInterface* service_test_;
178 scoped_refptr<net::X509Certificate> test_ca_cert_; 178 scoped_refptr<net::X509Certificate> test_ca_cert_;
179 std::string test_ca_cert_pem_; 179 std::string test_ca_cert_pem_;
180 base::MessageLoop message_loop_; 180 base::MessageLoop message_loop_;
181 181
182 private: 182 private:
183 void CleanupTestCert() { 183 void CleanupTestCert() {
184 ASSERT_TRUE(net::NSSCertDatabase::GetInstance()->DeleteCertAndKey( 184 ASSERT_TRUE(test_nssdb_->DeleteCertAndKey(test_ca_cert_.get()));
185 test_ca_cert_.get()));
186 } 185 }
187 186
188 scoped_ptr<NetworkStateHandler> network_state_handler_; 187 scoped_ptr<NetworkStateHandler> network_state_handler_;
189 scoped_ptr<NetworkCertMigrator> network_cert_migrator_; 188 scoped_ptr<NetworkCertMigrator> network_cert_migrator_;
190 scoped_refptr<net::CryptoModule> slot_; 189 crypto::ScopedTestNSSChromeOSUser user_;
191 crypto::ScopedTestNSSDB test_nssdb_; 190 scoped_ptr<net::NSSCertDatabaseChromeOS> test_nssdb_;
192 191
193 DISALLOW_COPY_AND_ASSIGN(NetworkCertMigratorTest); 192 DISALLOW_COPY_AND_ASSIGN(NetworkCertMigratorTest);
194 }; 193 };
195 194
196 TEST_F(NetworkCertMigratorTest, MigrateNssOnInitialization) { 195 TEST_F(NetworkCertMigratorTest, MigrateNssOnInitialization) {
197 // Add a new network for migration before the handlers are initialized. 196 // Add a new network for migration before the handlers are initialized.
198 SetupWifiWithNss(); 197 SetupWifiWithNss();
199 SetupTestCACert(); 198 SetupTestCACert();
200 SetupNetworkHandlers(); 199 SetupNetworkHandlers();
201 200
202 message_loop_.RunUntilIdle(); 201 base::RunLoop().RunUntilIdle();
203 std::string nss_nickname, ca_pem; 202 std::string nss_nickname, ca_pem;
204 GetEapCACertProperties(&nss_nickname, &ca_pem); 203 GetEapCACertProperties(&nss_nickname, &ca_pem);
205 EXPECT_TRUE(nss_nickname.empty()); 204 EXPECT_TRUE(nss_nickname.empty());
206 EXPECT_EQ(test_ca_cert_pem_, ca_pem); 205 EXPECT_EQ(test_ca_cert_pem_, ca_pem);
207 } 206 }
208 207
209 TEST_F(NetworkCertMigratorTest, MigrateNssOnNetworkAppearance) { 208 TEST_F(NetworkCertMigratorTest, MigrateNssOnNetworkAppearance) {
210 SetupTestCACert(); 209 SetupTestCACert();
211 SetupNetworkHandlers(); 210 SetupNetworkHandlers();
212 message_loop_.RunUntilIdle(); 211 base::RunLoop().RunUntilIdle();
213 212
214 // Add a new network for migration after the handlers are initialized. 213 // Add a new network for migration after the handlers are initialized.
215 SetupWifiWithNss(); 214 SetupWifiWithNss();
216 215
217 message_loop_.RunUntilIdle(); 216 base::RunLoop().RunUntilIdle();
218 std::string nss_nickname, ca_pem; 217 std::string nss_nickname, ca_pem;
219 GetEapCACertProperties(&nss_nickname, &ca_pem); 218 GetEapCACertProperties(&nss_nickname, &ca_pem);
220 EXPECT_TRUE(nss_nickname.empty()); 219 EXPECT_TRUE(nss_nickname.empty());
221 EXPECT_EQ(test_ca_cert_pem_, ca_pem); 220 EXPECT_EQ(test_ca_cert_pem_, ca_pem);
222 } 221 }
223 222
224 TEST_F(NetworkCertMigratorTest, DoNotMigrateNssIfPemSet) { 223 TEST_F(NetworkCertMigratorTest, DoNotMigrateNssIfPemSet) {
225 // Add a new network with an already set PEM property. 224 // Add a new network with an already set PEM property.
226 SetupWifiWithNss(); 225 SetupWifiWithNss();
227 base::ListValue ca_pems; 226 base::ListValue ca_pems;
228 ca_pems.AppendString(kFakePEM); 227 ca_pems.AppendString(kFakePEM);
229 service_test_->SetServiceProperty( 228 service_test_->SetServiceProperty(
230 kWifiStub, shill::kEapCaCertPemProperty, ca_pems); 229 kWifiStub, shill::kEapCaCertPemProperty, ca_pems);
231 230
232 SetupTestCACert(); 231 SetupTestCACert();
233 SetupNetworkHandlers(); 232 SetupNetworkHandlers();
234 message_loop_.RunUntilIdle(); 233 base::RunLoop().RunUntilIdle();
235 234
236 std::string nss_nickname, ca_pem; 235 std::string nss_nickname, ca_pem;
237 GetEapCACertProperties(&nss_nickname, &ca_pem); 236 GetEapCACertProperties(&nss_nickname, &ca_pem);
238 EXPECT_TRUE(nss_nickname.empty()); 237 EXPECT_TRUE(nss_nickname.empty());
239 EXPECT_EQ(kFakePEM, ca_pem); 238 EXPECT_EQ(kFakePEM, ca_pem);
240 } 239 }
241 240
242 TEST_F(NetworkCertMigratorTest, MigrateOpenVpn) { 241 TEST_F(NetworkCertMigratorTest, MigrateOpenVpn) {
243 // Add a new network for migration before the handlers are initialized. 242 // Add a new network for migration before the handlers are initialized.
244 SetupVpnWithNss(true /* OpenVPN */); 243 SetupVpnWithNss(true /* OpenVPN */);
245 244
246 SetupTestCACert(); 245 SetupTestCACert();
247 SetupNetworkHandlers(); 246 SetupNetworkHandlers();
248 247
249 message_loop_.RunUntilIdle(); 248 base::RunLoop().RunUntilIdle();
250 std::string nss_nickname, ca_pem; 249 std::string nss_nickname, ca_pem;
251 GetVpnCACertProperties(true /* OpenVPN */, &nss_nickname, &ca_pem); 250 GetVpnCACertProperties(true /* OpenVPN */, &nss_nickname, &ca_pem);
252 EXPECT_TRUE(nss_nickname.empty()); 251 EXPECT_TRUE(nss_nickname.empty());
253 EXPECT_EQ(test_ca_cert_pem_, ca_pem); 252 EXPECT_EQ(test_ca_cert_pem_, ca_pem);
254 } 253 }
255 254
256 TEST_F(NetworkCertMigratorTest, MigrateIpsecVpn) { 255 TEST_F(NetworkCertMigratorTest, MigrateIpsecVpn) {
257 // Add a new network for migration before the handlers are initialized. 256 // Add a new network for migration before the handlers are initialized.
258 SetupVpnWithNss(false /* not OpenVPN */); 257 SetupVpnWithNss(false /* not OpenVPN */);
259 258
260 SetupTestCACert(); 259 SetupTestCACert();
261 SetupNetworkHandlers(); 260 SetupNetworkHandlers();
262 261
263 message_loop_.RunUntilIdle(); 262 base::RunLoop().RunUntilIdle();
264 std::string nss_nickname, ca_pem; 263 std::string nss_nickname, ca_pem;
265 GetVpnCACertProperties(false /* not OpenVPN */, &nss_nickname, &ca_pem); 264 GetVpnCACertProperties(false /* not OpenVPN */, &nss_nickname, &ca_pem);
266 EXPECT_TRUE(nss_nickname.empty()); 265 EXPECT_TRUE(nss_nickname.empty());
267 EXPECT_EQ(test_ca_cert_pem_, ca_pem); 266 EXPECT_EQ(test_ca_cert_pem_, ca_pem);
268 } 267 }
269 268
270
271 } // namespace chromeos 269 } // namespace chromeos
OLDNEW
« chromeos/network/client_cert_resolver_unittest.cc ('K') | « chromeos/network/client_cert_util.cc ('k') | chromeos/network/network_connection_handler.h » ('j') | chromeos/network/network_connection_handler.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698