| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer.h" | 5 #include "chromeos/network/onc/onc_certificate_importer.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 scoped_ptr<base::DictionaryValue> onc = | 83 scoped_ptr<base::DictionaryValue> onc = |
| 84 test_utils::ReadTestDictionary(filename); | 84 test_utils::ReadTestDictionary(filename); |
| 85 base::Value* certificates_value = NULL; | 85 base::Value* certificates_value = NULL; |
| 86 base::ListValue* certificates = NULL; | 86 base::ListValue* certificates = NULL; |
| 87 onc->RemoveWithoutPathExpansion(toplevel_config::kCertificates, | 87 onc->RemoveWithoutPathExpansion(toplevel_config::kCertificates, |
| 88 &certificates_value); | 88 &certificates_value); |
| 89 certificates_value->GetAsList(&certificates); | 89 certificates_value->GetAsList(&certificates); |
| 90 onc_certificates_.reset(certificates); | 90 onc_certificates_.reset(certificates); |
| 91 | 91 |
| 92 web_trust_certificates_.clear(); | 92 web_trust_certificates_.clear(); |
| 93 imported_server_and_ca_certs_.clear(); |
| 93 CertificateImporter importer(true /* allow web trust */); | 94 CertificateImporter importer(true /* allow web trust */); |
| 94 EXPECT_EQ(expected_parse_result, | 95 EXPECT_EQ(expected_parse_result, |
| 95 importer.ParseAndStoreCertificates(*certificates, | 96 importer.ParseAndStoreCertificates( |
| 96 &web_trust_certificates_)); | 97 *certificates, |
| 98 &web_trust_certificates_, |
| 99 &imported_server_and_ca_certs_)); |
| 97 | 100 |
| 98 result_list_.clear(); | 101 result_list_.clear(); |
| 99 result_list_ = ListCertsInSlot(); | 102 result_list_ = ListCertsInSlot(); |
| 100 } | 103 } |
| 101 | 104 |
| 102 void AddCertificateFromFile(std::string filename, | 105 void AddCertificateFromFile(std::string filename, |
| 103 net::CertType expected_type, | 106 net::CertType expected_type, |
| 104 std::string* guid) { | 107 std::string* guid) { |
| 108 std::string guid_temporary; |
| 109 if (!guid) |
| 110 guid = &guid_temporary; |
| 111 |
| 105 AddCertificatesFromFile(filename, CertificateImporter::IMPORT_OK); | 112 AddCertificatesFromFile(filename, CertificateImporter::IMPORT_OK); |
| 106 EXPECT_EQ(1ul, result_list_.size()); | 113 ASSERT_EQ(1ul, result_list_.size()); |
| 114 EXPECT_EQ(expected_type, GetCertType(result_list_[0]->os_cert_handle())); |
| 107 | 115 |
| 108 base::DictionaryValue* certificate = NULL; | 116 base::DictionaryValue* certificate = NULL; |
| 109 onc_certificates_->GetDictionary(0, &certificate); | 117 onc_certificates_->GetDictionary(0, &certificate); |
| 110 certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid); | 118 certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid); |
| 111 | 119 |
| 112 CertificateImporter::ListCertsWithNickname(*guid, &result_list_); | 120 if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) { |
| 113 ASSERT_EQ(1ul, result_list_.size()); | 121 EXPECT_EQ(1u, imported_server_and_ca_certs_.size()); |
| 114 EXPECT_EQ(expected_type, GetCertType(result_list_[0]->os_cert_handle())); | 122 EXPECT_TRUE(imported_server_and_ca_certs_[*guid]->Equals( |
| 123 result_list_[0])); |
| 124 } else { // net::USER_CERT |
| 125 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); |
| 126 CertificateImporter::ListCertsWithNickname(*guid, &result_list_); |
| 127 } |
| 115 } | 128 } |
| 116 | 129 |
| 117 scoped_ptr<base::ListValue> onc_certificates_; | 130 scoped_ptr<base::ListValue> onc_certificates_; |
| 118 scoped_refptr<net::CryptoModule> slot_; | 131 scoped_refptr<net::CryptoModule> slot_; |
| 119 net::CertificateList result_list_; | 132 net::CertificateList result_list_; |
| 120 net::CertificateList web_trust_certificates_; | 133 net::CertificateList web_trust_certificates_; |
| 134 CertificateImporter::CertsByGUID imported_server_and_ca_certs_; |
| 121 | 135 |
| 122 private: | 136 private: |
| 123 net::CertificateList ListCertsInSlot() { | 137 net::CertificateList ListCertsInSlot() { |
| 124 net::CertificateList result; | 138 net::CertificateList result; |
| 125 CERTCertList* cert_list = PK11_ListCertsInSlot(slot_->os_module_handle()); | 139 CERTCertList* cert_list = PK11_ListCertsInSlot(slot_->os_module_handle()); |
| 126 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); | 140 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
| 127 !CERT_LIST_END(node, cert_list); | 141 !CERT_LIST_END(node, cert_list); |
| 128 node = CERT_LIST_NEXT(node)) { | 142 node = CERT_LIST_NEXT(node)) { |
| 129 result.push_back(net::X509Certificate::CreateFromHandle( | 143 result.push_back(net::X509Certificate::CreateFromHandle( |
| 130 node->cert, net::X509Certificate::OSCertHandles())); | 144 node->cert, net::X509Certificate::OSCertHandles())); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 147 return ok; | 161 return ok; |
| 148 } | 162 } |
| 149 | 163 |
| 150 crypto::ScopedTestNSSDB test_nssdb_; | 164 crypto::ScopedTestNSSDB test_nssdb_; |
| 151 }; | 165 }; |
| 152 | 166 |
| 153 TEST_F(ONCCertificateImporterTest, MultipleCertificates) { | 167 TEST_F(ONCCertificateImporterTest, MultipleCertificates) { |
| 154 AddCertificatesFromFile("managed_toplevel2.onc", | 168 AddCertificatesFromFile("managed_toplevel2.onc", |
| 155 CertificateImporter::IMPORT_OK); | 169 CertificateImporter::IMPORT_OK); |
| 156 EXPECT_EQ(onc_certificates_->GetSize(), result_list_.size()); | 170 EXPECT_EQ(onc_certificates_->GetSize(), result_list_.size()); |
| 171 EXPECT_EQ(2ul, imported_server_and_ca_certs_.size()); |
| 157 } | 172 } |
| 158 | 173 |
| 159 TEST_F(ONCCertificateImporterTest, MultipleCertificatesWithFailures) { | 174 TEST_F(ONCCertificateImporterTest, MultipleCertificatesWithFailures) { |
| 160 AddCertificatesFromFile("toplevel_partially_invalid.onc", | 175 AddCertificatesFromFile("toplevel_partially_invalid.onc", |
| 161 CertificateImporter::IMPORT_INCOMPLETE); | 176 CertificateImporter::IMPORT_INCOMPLETE); |
| 162 EXPECT_EQ(2ul, onc_certificates_->GetSize()); | 177 EXPECT_EQ(2ul, onc_certificates_->GetSize()); |
| 163 EXPECT_EQ(1ul, result_list_.size()); | 178 EXPECT_EQ(1ul, result_list_.size()); |
| 179 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); |
| 164 } | 180 } |
| 165 | 181 |
| 166 TEST_F(ONCCertificateImporterTest, AddClientCertificate) { | 182 TEST_F(ONCCertificateImporterTest, AddClientCertificate) { |
| 167 std::string guid; | 183 std::string guid; |
| 168 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid); | 184 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid); |
| 169 EXPECT_TRUE(web_trust_certificates_.empty()); | 185 EXPECT_TRUE(web_trust_certificates_.empty()); |
| 170 | 186 |
| 171 SECKEYPrivateKeyList* privkey_list = | 187 SECKEYPrivateKeyList* privkey_list = |
| 172 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 188 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 173 EXPECT_TRUE(privkey_list); | 189 EXPECT_TRUE(privkey_list); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 193 int count = 0; | 209 int count = 0; |
| 194 while (!PUBKEY_LIST_END(node, pubkey_list)) { | 210 while (!PUBKEY_LIST_END(node, pubkey_list)) { |
| 195 count++; | 211 count++; |
| 196 node = PUBKEY_LIST_NEXT(node); | 212 node = PUBKEY_LIST_NEXT(node); |
| 197 } | 213 } |
| 198 EXPECT_EQ(1, count); | 214 EXPECT_EQ(1, count); |
| 199 SECKEY_DestroyPublicKeyList(pubkey_list); | 215 SECKEY_DestroyPublicKeyList(pubkey_list); |
| 200 } | 216 } |
| 201 } | 217 } |
| 202 | 218 |
| 203 TEST_F(ONCCertificateImporterTest, AddServerCertificate) { | 219 TEST_F(ONCCertificateImporterTest, AddServerCertificateWithWebTrust) { |
| 204 std::string guid; | 220 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, NULL); |
| 205 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, &guid); | |
| 206 | 221 |
| 207 SECKEYPrivateKeyList* privkey_list = | 222 SECKEYPrivateKeyList* privkey_list = |
| 208 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 223 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 209 EXPECT_FALSE(privkey_list); | 224 EXPECT_FALSE(privkey_list); |
| 210 | 225 |
| 211 SECKEYPublicKeyList* pubkey_list = | 226 SECKEYPublicKeyList* pubkey_list = |
| 212 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); | 227 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); |
| 213 EXPECT_FALSE(pubkey_list); | 228 EXPECT_FALSE(pubkey_list); |
| 214 | 229 |
| 215 ASSERT_EQ(1u, web_trust_certificates_.size()); | 230 ASSERT_EQ(1u, web_trust_certificates_.size()); |
| 216 ASSERT_EQ(1u, result_list_.size()); | 231 ASSERT_EQ(1u, result_list_.size()); |
| 217 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), | 232 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), |
| 218 web_trust_certificates_[0]->os_cert_handle())); | 233 web_trust_certificates_[0]->os_cert_handle())); |
| 219 } | 234 } |
| 220 | 235 |
| 221 TEST_F(ONCCertificateImporterTest, AddWebAuthorityCertificate) { | 236 TEST_F(ONCCertificateImporterTest, AddWebAuthorityCertificateWithWebTrust) { |
| 222 std::string guid; | 237 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, NULL); |
| 223 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, &guid); | |
| 224 | 238 |
| 225 SECKEYPrivateKeyList* privkey_list = | 239 SECKEYPrivateKeyList* privkey_list = |
| 226 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 240 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 227 EXPECT_FALSE(privkey_list); | 241 EXPECT_FALSE(privkey_list); |
| 228 | 242 |
| 229 SECKEYPublicKeyList* pubkey_list = | 243 SECKEYPublicKeyList* pubkey_list = |
| 230 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); | 244 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); |
| 231 EXPECT_FALSE(pubkey_list); | 245 EXPECT_FALSE(pubkey_list); |
| 232 | 246 |
| 233 ASSERT_EQ(1u, web_trust_certificates_.size()); | 247 ASSERT_EQ(1u, web_trust_certificates_.size()); |
| 234 ASSERT_EQ(1u, result_list_.size()); | 248 ASSERT_EQ(1u, result_list_.size()); |
| 235 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), | 249 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), |
| 236 web_trust_certificates_[0]->os_cert_handle())); | 250 web_trust_certificates_[0]->os_cert_handle())); |
| 237 } | 251 } |
| 238 | 252 |
| 239 TEST_F(ONCCertificateImporterTest, AddAuthorityCertificateWithoutWebTrust) { | 253 TEST_F(ONCCertificateImporterTest, AddAuthorityCertificateWithoutWebTrust) { |
| 240 std::string guid; | 254 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, NULL); |
| 241 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, &guid); | |
| 242 EXPECT_TRUE(web_trust_certificates_.empty()); | 255 EXPECT_TRUE(web_trust_certificates_.empty()); |
| 243 | 256 |
| 244 SECKEYPrivateKeyList* privkey_list = | 257 SECKEYPrivateKeyList* privkey_list = |
| 245 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 258 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 246 EXPECT_FALSE(privkey_list); | 259 EXPECT_FALSE(privkey_list); |
| 247 | 260 |
| 248 SECKEYPublicKeyList* pubkey_list = | 261 SECKEYPublicKeyList* pubkey_list = |
| 249 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); | 262 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); |
| 250 EXPECT_FALSE(pubkey_list); | 263 EXPECT_FALSE(pubkey_list); |
| 251 } | 264 } |
| (...skipping 13 matching lines...) Expand all Loading... |
| 265 | 278 |
| 266 class ONCCertificateImporterTestWithParam : | 279 class ONCCertificateImporterTestWithParam : |
| 267 public ONCCertificateImporterTest, | 280 public ONCCertificateImporterTest, |
| 268 public testing::WithParamInterface<CertParam> { | 281 public testing::WithParamInterface<CertParam> { |
| 269 }; | 282 }; |
| 270 | 283 |
| 271 TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { | 284 TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { |
| 272 // First we import a certificate. | 285 // First we import a certificate. |
| 273 { | 286 { |
| 274 SCOPED_TRACE("Import original certificate"); | 287 SCOPED_TRACE("Import original certificate"); |
| 275 std::string guid_original; | |
| 276 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, | 288 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, |
| 277 &guid_original); | 289 NULL); |
| 278 } | 290 } |
| 279 | 291 |
| 280 // Now we import the same certificate with a different GUID. The cert should | 292 // Now we import the same certificate with a different GUID. In case of a |
| 281 // be retrievable via the new GUID. | 293 // client cert, the cert should be retrievable via the new GUID. |
| 282 { | 294 { |
| 283 SCOPED_TRACE("Import updated certificate"); | 295 SCOPED_TRACE("Import updated certificate"); |
| 284 std::string guid_updated; | 296 AddCertificateFromFile(GetParam().update_file, GetParam().cert_type, NULL); |
| 285 AddCertificateFromFile(GetParam().update_file, GetParam().cert_type, | |
| 286 &guid_updated); | |
| 287 } | 297 } |
| 288 } | 298 } |
| 289 | 299 |
| 290 TEST_P(ONCCertificateImporterTestWithParam, ReimportCertificate) { | 300 TEST_P(ONCCertificateImporterTestWithParam, ReimportCertificate) { |
| 291 // Verify that reimporting a client certificate works. | 301 // Verify that reimporting a client certificate works. |
| 292 for (int i = 0; i < 2; ++i) { | 302 for (int i = 0; i < 2; ++i) { |
| 293 SCOPED_TRACE("Import certificate, iteration " + base::IntToString(i)); | 303 SCOPED_TRACE("Import certificate, iteration " + base::IntToString(i)); |
| 294 | |
| 295 std::string guid_original; | |
| 296 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, | 304 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, |
| 297 &guid_original); | 305 NULL); |
| 298 } | 306 } |
| 299 } | 307 } |
| 300 | 308 |
| 301 INSTANTIATE_TEST_CASE_P( | 309 INSTANTIATE_TEST_CASE_P( |
| 302 ONCCertificateImporterTestWithParam, | 310 ONCCertificateImporterTestWithParam, |
| 303 ONCCertificateImporterTestWithParam, | 311 ONCCertificateImporterTestWithParam, |
| 304 ::testing::Values( | 312 ::testing::Values( |
| 305 CertParam(net::USER_CERT, | 313 CertParam(net::USER_CERT, |
| 306 "certificate-client.onc", | 314 "certificate-client.onc", |
| 307 "certificate-client-update.onc"), | 315 "certificate-client-update.onc"), |
| 308 CertParam(net::SERVER_CERT, | 316 CertParam(net::SERVER_CERT, |
| 309 "certificate-server.onc", | 317 "certificate-server.onc", |
| 310 "certificate-server-update.onc"), | 318 "certificate-server-update.onc"), |
| 311 CertParam(net::CA_CERT, | 319 CertParam(net::CA_CERT, |
| 312 "certificate-web-authority.onc", | 320 "certificate-web-authority.onc", |
| 313 "certificate-web-authority-update.onc"))); | 321 "certificate-web-authority-update.onc"))); |
| 314 | 322 |
| 315 } // namespace onc | 323 } // namespace onc |
| 316 } // namespace chromeos | 324 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16946002:
Resolve certificate references in ONC by PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src