| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_client_auth_cache.h" | 5 #include "net/ssl/ssl_client_auth_cache.h" |
| 6 | 6 |
| 7 #include "base/time/time.h" | 7 #include "base/time/time.h" |
| 8 #include "net/cert/x509_certificate.h" | 8 #include "net/cert/x509_certificate.h" |
| 9 #include "net/ssl/ssl_private_key.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 10 #include "testing/gtest/include/gtest/gtest.h" |
| 10 | 11 |
| 11 namespace net { | 12 namespace net { |
| 12 | 13 |
| 14 class MockSSLPrivateKey : public SSLPrivateKey { |
| 15 public: |
| 16 MockSSLPrivateKey() {} |
| 17 |
| 18 Type GetType() override { return Type::RSA; } |
| 19 |
| 20 std::vector<SSLPrivateKey::Hash> GetDigestPreferences() override { |
| 21 NOTIMPLEMENTED(); |
| 22 return std::vector<SSLPrivateKey::Hash>(); |
| 23 } |
| 24 |
| 25 size_t GetMaxSignatureLengthInBytes() override { |
| 26 NOTIMPLEMENTED(); |
| 27 return 0; |
| 28 } |
| 29 |
| 30 void SignDigest(Hash hash, |
| 31 const base::StringPiece& input, |
| 32 const SignCallback& callback) override { |
| 33 NOTIMPLEMENTED(); |
| 34 } |
| 35 |
| 36 private: |
| 37 ~MockSSLPrivateKey() override {} |
| 38 |
| 39 DISALLOW_COPY_AND_ASSIGN(MockSSLPrivateKey); |
| 40 }; |
| 41 |
| 13 TEST(SSLClientAuthCacheTest, LookupAddRemove) { | 42 TEST(SSLClientAuthCacheTest, LookupAddRemove) { |
| 14 SSLClientAuthCache cache; | 43 SSLClientAuthCache cache; |
| 15 | 44 |
| 16 base::Time start_date = base::Time::Now(); | 45 base::Time start_date = base::Time::Now(); |
| 17 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | 46 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); |
| 18 | 47 |
| 19 HostPortPair server1("foo1", 443); | 48 HostPortPair server1("foo1", 443); |
| 20 scoped_refptr<X509Certificate> cert1( | 49 scoped_refptr<X509Certificate> cert1( |
| 21 new X509Certificate("foo1", "CA", start_date, expiration_date)); | 50 new X509Certificate("foo1", "CA", start_date, expiration_date)); |
| 22 | 51 |
| 23 HostPortPair server2("foo2", 443); | 52 HostPortPair server2("foo2", 443); |
| 24 scoped_refptr<X509Certificate> cert2( | 53 scoped_refptr<X509Certificate> cert2( |
| 25 new X509Certificate("foo2", "CA", start_date, expiration_date)); | 54 new X509Certificate("foo2", "CA", start_date, expiration_date)); |
| 26 | 55 |
| 27 HostPortPair server3("foo3", 443); | 56 HostPortPair server3("foo3", 443); |
| 28 scoped_refptr<X509Certificate> cert3( | 57 scoped_refptr<X509Certificate> cert3( |
| 29 new X509Certificate("foo3", "CA", start_date, expiration_date)); | 58 new X509Certificate("foo3", "CA", start_date, expiration_date)); |
| 30 | 59 |
| 31 scoped_refptr<X509Certificate> cached_cert; | 60 scoped_refptr<X509Certificate> cached_cert; |
| 61 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 32 // Lookup non-existent client certificate. | 62 // Lookup non-existent client certificate. |
| 33 cached_cert = NULL; | 63 cached_cert = NULL; |
| 34 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); | 64 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 35 | 65 |
| 36 // Add client certificate for server1. | 66 // Add client certificate for server1. |
| 37 cache.Add(server1, cert1.get()); | 67 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 38 cached_cert = NULL; | 68 cached_cert = NULL; |
| 39 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 69 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 40 EXPECT_EQ(cert1, cached_cert); | 70 EXPECT_EQ(cert1, cached_cert); |
| 41 | 71 |
| 42 // Add client certificate for server2. | 72 // Add client certificate for server2. |
| 43 cache.Add(server2, cert2.get()); | 73 cache.Add(server2, cert2.get(), new MockSSLPrivateKey); |
| 44 cached_cert = NULL; | 74 cached_cert = NULL; |
| 45 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 75 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 46 EXPECT_EQ(cert1.get(), cached_cert.get()); | 76 EXPECT_EQ(cert1.get(), cached_cert.get()); |
| 47 cached_cert = NULL; | 77 cached_cert = NULL; |
| 48 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); | 78 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 49 EXPECT_EQ(cert2, cached_cert); | 79 EXPECT_EQ(cert2, cached_cert); |
| 50 | 80 |
| 51 // Overwrite the client certificate for server1. | 81 // Overwrite the client certificate for server1. |
| 52 cache.Add(server1, cert3.get()); | 82 cache.Add(server1, cert3.get(), new MockSSLPrivateKey); |
| 53 cached_cert = NULL; | 83 cached_cert = NULL; |
| 54 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 84 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 55 EXPECT_EQ(cert3, cached_cert); | 85 EXPECT_EQ(cert3, cached_cert); |
| 56 cached_cert = NULL; | 86 cached_cert = NULL; |
| 57 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); | 87 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 58 EXPECT_EQ(cert2, cached_cert); | 88 EXPECT_EQ(cert2, cached_cert); |
| 59 | 89 |
| 60 // Remove client certificate of server1. | 90 // Remove client certificate of server1. |
| 61 cache.Remove(server1); | 91 cache.Remove(server1); |
| 62 cached_cert = NULL; | 92 cached_cert = NULL; |
| 63 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); | 93 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 64 cached_cert = NULL; | 94 cached_cert = NULL; |
| 65 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); | 95 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 66 EXPECT_EQ(cert2, cached_cert); | 96 EXPECT_EQ(cert2, cached_cert); |
| 67 | 97 |
| 68 // Remove non-existent client certificate. | 98 // Remove non-existent client certificate. |
| 69 cache.Remove(server1); | 99 cache.Remove(server1); |
| 70 cached_cert = NULL; | 100 cached_cert = NULL; |
| 71 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); | 101 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 72 cached_cert = NULL; | 102 cached_cert = NULL; |
| 73 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); | 103 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 74 EXPECT_EQ(cert2, cached_cert); | 104 EXPECT_EQ(cert2, cached_cert); |
| 75 } | 105 } |
| 76 | 106 |
| 77 // Check that if the server differs only by port number, it is considered | 107 // Check that if the server differs only by port number, it is considered |
| 78 // a separate server. | 108 // a separate server. |
| 79 TEST(SSLClientAuthCacheTest, LookupWithPort) { | 109 TEST(SSLClientAuthCacheTest, LookupWithPort) { |
| 80 SSLClientAuthCache cache; | 110 SSLClientAuthCache cache; |
| 81 | 111 |
| 82 base::Time start_date = base::Time::Now(); | 112 base::Time start_date = base::Time::Now(); |
| 83 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | 113 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); |
| 84 | 114 |
| 85 HostPortPair server1("foo", 443); | 115 HostPortPair server1("foo", 443); |
| 86 scoped_refptr<X509Certificate> cert1( | 116 scoped_refptr<X509Certificate> cert1( |
| 87 new X509Certificate("foo", "CA", start_date, expiration_date)); | 117 new X509Certificate("foo", "CA", start_date, expiration_date)); |
| 88 | 118 |
| 89 HostPortPair server2("foo", 8443); | 119 HostPortPair server2("foo", 8443); |
| 90 scoped_refptr<X509Certificate> cert2( | 120 scoped_refptr<X509Certificate> cert2( |
| 91 new X509Certificate("foo", "CA", start_date, expiration_date)); | 121 new X509Certificate("foo", "CA", start_date, expiration_date)); |
| 92 | 122 |
| 93 cache.Add(server1, cert1.get()); | 123 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 94 cache.Add(server2, cert2.get()); | 124 cache.Add(server2, cert2.get(), new MockSSLPrivateKey); |
| 95 | 125 |
| 96 scoped_refptr<X509Certificate> cached_cert; | 126 scoped_refptr<X509Certificate> cached_cert; |
| 97 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 127 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 128 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 98 EXPECT_EQ(cert1.get(), cached_cert.get()); | 129 EXPECT_EQ(cert1.get(), cached_cert.get()); |
| 99 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); | 130 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 100 EXPECT_EQ(cert2.get(), cached_cert.get()); | 131 EXPECT_EQ(cert2.get(), cached_cert.get()); |
| 101 } | 132 } |
| 102 | 133 |
| 103 // Check that the a NULL certificate, indicating the user has declined to send | 134 // Check that the a NULL certificate, indicating the user has declined to send |
| 104 // a certificate, is properly cached. | 135 // a certificate, is properly cached. |
| 105 TEST(SSLClientAuthCacheTest, LookupNullPreference) { | 136 TEST(SSLClientAuthCacheTest, LookupNullPreference) { |
| 106 SSLClientAuthCache cache; | 137 SSLClientAuthCache cache; |
| 107 base::Time start_date = base::Time::Now(); | 138 base::Time start_date = base::Time::Now(); |
| 108 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | 139 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); |
| 109 | 140 |
| 110 HostPortPair server1("foo", 443); | 141 HostPortPair server1("foo", 443); |
| 111 scoped_refptr<X509Certificate> cert1( | 142 scoped_refptr<X509Certificate> cert1( |
| 112 new X509Certificate("foo", "CA", start_date, expiration_date)); | 143 new X509Certificate("foo", "CA", start_date, expiration_date)); |
| 113 | 144 |
| 114 cache.Add(server1, NULL); | 145 cache.Add(server1, NULL, new MockSSLPrivateKey); |
| 115 | 146 |
| 116 scoped_refptr<X509Certificate> cached_cert(cert1); | 147 scoped_refptr<X509Certificate> cached_cert(cert1); |
| 148 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 117 // Make sure that |cached_cert| is updated to NULL, indicating the user | 149 // Make sure that |cached_cert| is updated to NULL, indicating the user |
| 118 // declined to send a certificate to |server1|. | 150 // declined to send a certificate to |server1|. |
| 119 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 151 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 120 EXPECT_EQ(NULL, cached_cert.get()); | 152 EXPECT_EQ(NULL, cached_cert.get()); |
| 121 | 153 |
| 122 // Remove the existing cached certificate. | 154 // Remove the existing cached certificate. |
| 123 cache.Remove(server1); | 155 cache.Remove(server1); |
| 124 cached_cert = NULL; | 156 cached_cert = NULL; |
| 125 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); | 157 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 126 | 158 |
| 127 // Add a new preference for a specific certificate. | 159 // Add a new preference for a specific certificate. |
| 128 cache.Add(server1, cert1.get()); | 160 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 129 cached_cert = NULL; | 161 cached_cert = NULL; |
| 130 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 162 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 131 EXPECT_EQ(cert1, cached_cert); | 163 EXPECT_EQ(cert1, cached_cert); |
| 132 | 164 |
| 133 // Replace the specific preference with a NULL certificate. | 165 // Replace the specific preference with a NULL certificate. |
| 134 cache.Add(server1, NULL); | 166 cache.Add(server1, NULL, new MockSSLPrivateKey); |
| 135 cached_cert = NULL; | 167 cached_cert = NULL; |
| 136 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 168 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 137 EXPECT_EQ(NULL, cached_cert.get()); | 169 EXPECT_EQ(NULL, cached_cert.get()); |
| 138 } | 170 } |
| 139 | 171 |
| 140 // Check that the OnCertAdded() method removes all cache entries. | 172 // Check that the OnCertAdded() method removes all cache entries. |
| 141 TEST(SSLClientAuthCacheTest, OnCertAdded) { | 173 TEST(SSLClientAuthCacheTest, OnCertAdded) { |
| 142 SSLClientAuthCache cache; | 174 SSLClientAuthCache cache; |
| 143 base::Time start_date = base::Time::Now(); | 175 base::Time start_date = base::Time::Now(); |
| 144 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | 176 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); |
| 145 | 177 |
| 146 HostPortPair server1("foo", 443); | 178 HostPortPair server1("foo", 443); |
| 147 scoped_refptr<X509Certificate> cert1( | 179 scoped_refptr<X509Certificate> cert1( |
| 148 new X509Certificate("foo", "CA", start_date, expiration_date)); | 180 new X509Certificate("foo", "CA", start_date, expiration_date)); |
| 149 | 181 |
| 150 cache.Add(server1, cert1.get()); | 182 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 151 | 183 |
| 152 HostPortPair server2("foo2", 443); | 184 HostPortPair server2("foo2", 443); |
| 153 cache.Add(server2, NULL); | 185 cache.Add(server2, NULL, new MockSSLPrivateKey); |
| 154 | 186 |
| 155 scoped_refptr<X509Certificate> cached_cert; | 187 scoped_refptr<X509Certificate> cached_cert; |
| 188 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 156 | 189 |
| 157 // Demonstrate the set up is correct. | 190 // Demonstrate the set up is correct. |
| 158 EXPECT_TRUE(cache.Lookup(server1, &cached_cert)); | 191 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 159 EXPECT_EQ(cert1, cached_cert); | 192 EXPECT_EQ(cert1, cached_cert); |
| 160 | 193 |
| 161 EXPECT_TRUE(cache.Lookup(server2, &cached_cert)); | 194 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 162 EXPECT_EQ(NULL, cached_cert.get()); | 195 EXPECT_EQ(NULL, cached_cert.get()); |
| 163 | 196 |
| 164 cache.OnCertAdded(NULL); | 197 cache.OnCertAdded(NULL); |
| 165 | 198 |
| 166 // Check that we no longer have entries for either server. | 199 // Check that we no longer have entries for either server. |
| 167 EXPECT_FALSE(cache.Lookup(server1, &cached_cert)); | 200 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 168 EXPECT_FALSE(cache.Lookup(server2, &cached_cert)); | 201 EXPECT_FALSE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 169 } | 202 } |
| 170 | 203 |
| 171 } // namespace net | 204 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1422573008:
Plumbing SSLPrivateKey (//net) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master