| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/onc/onc_certificate_importer.h" | 5 #include "chromeos/network/onc/onc_certificate_importer.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certdb.h> | 8 #include <certdb.h> |
| 9 #include <keyhi.h> | 9 #include <keyhi.h> |
| 10 #include <pk11pub.h> | 10 #include <pk11pub.h> |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 scoped_ptr<base::DictionaryValue> onc = | 83 scoped_ptr<base::DictionaryValue> onc = |
| 84 test_utils::ReadTestDictionary(filename); | 84 test_utils::ReadTestDictionary(filename); |
| 85 base::Value* certificates_value = NULL; | 85 base::Value* certificates_value = NULL; |
| 86 base::ListValue* certificates = NULL; | 86 base::ListValue* certificates = NULL; |
| 87 onc->RemoveWithoutPathExpansion(toplevel_config::kCertificates, | 87 onc->RemoveWithoutPathExpansion(toplevel_config::kCertificates, |
| 88 &certificates_value); | 88 &certificates_value); |
| 89 certificates_value->GetAsList(&certificates); | 89 certificates_value->GetAsList(&certificates); |
| 90 onc_certificates_.reset(certificates); | 90 onc_certificates_.reset(certificates); |
| 91 | 91 |
| 92 web_trust_certificates_.clear(); | 92 web_trust_certificates_.clear(); |
| 93 imported_server_and_ca_certs_.clear(); |
| 93 CertificateImporter importer(true /* allow web trust */); | 94 CertificateImporter importer(true /* allow web trust */); |
| 94 EXPECT_EQ(expected_parse_result, | 95 EXPECT_EQ(expected_parse_result, |
| 95 importer.ParseAndStoreCertificates(*certificates, | 96 importer.ParseAndStoreCertificates( |
| 96 &web_trust_certificates_)); | 97 *certificates, |
| 98 &web_trust_certificates_, |
| 99 &imported_server_and_ca_certs_)); |
| 97 | 100 |
| 98 result_list_.clear(); | 101 result_list_.clear(); |
| 99 result_list_ = ListCertsInSlot(); | 102 result_list_ = ListCertsInSlot(); |
| 100 } | 103 } |
| 101 | 104 |
| 102 void AddCertificateFromFile(std::string filename, | 105 void AddCertificateFromFile(std::string filename, |
| 103 net::CertType expected_type, | 106 net::CertType expected_type, |
| 104 std::string* guid) { | 107 std::string* guid) { |
| 108 std::string guid_temporary; |
| 109 if (!guid) |
| 110 guid = &guid_temporary; |
| 111 |
| 105 AddCertificatesFromFile(filename, CertificateImporter::IMPORT_OK); | 112 AddCertificatesFromFile(filename, CertificateImporter::IMPORT_OK); |
| 106 EXPECT_EQ(1ul, result_list_.size()); | 113 ASSERT_EQ(1ul, result_list_.size()); |
| 114 EXPECT_EQ(expected_type, GetCertType(result_list_[0]->os_cert_handle())); |
| 107 | 115 |
| 108 base::DictionaryValue* certificate = NULL; | 116 base::DictionaryValue* certificate = NULL; |
| 109 onc_certificates_->GetDictionary(0, &certificate); | 117 onc_certificates_->GetDictionary(0, &certificate); |
| 110 certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid); | 118 certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid); |
| 111 | 119 |
| 112 CertificateImporter::ListCertsWithNickname(*guid, &result_list_); | 120 if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) { |
| 113 ASSERT_EQ(1ul, result_list_.size()); | 121 EXPECT_EQ(1u, imported_server_and_ca_certs_.size()); |
| 114 EXPECT_EQ(expected_type, GetCertType(result_list_[0]->os_cert_handle())); | 122 EXPECT_TRUE(imported_server_and_ca_certs_[*guid]->Equals( |
| 123 result_list_[0])); |
| 124 } else { // net::USER_CERT |
| 125 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); |
| 126 CertificateImporter::ListCertsWithNickname(*guid, &result_list_); |
| 127 } |
| 115 } | 128 } |
| 116 | 129 |
| 117 scoped_ptr<base::ListValue> onc_certificates_; | 130 scoped_ptr<base::ListValue> onc_certificates_; |
| 118 scoped_refptr<net::CryptoModule> slot_; | 131 scoped_refptr<net::CryptoModule> slot_; |
| 119 net::CertificateList result_list_; | 132 net::CertificateList result_list_; |
| 120 net::CertificateList web_trust_certificates_; | 133 net::CertificateList web_trust_certificates_; |
| 134 CertificateImporter::CertsByGUID imported_server_and_ca_certs_; |
| 121 | 135 |
| 122 private: | 136 private: |
| 123 net::CertificateList ListCertsInSlot() { | 137 net::CertificateList ListCertsInSlot() { |
| 124 net::CertificateList result; | 138 net::CertificateList result; |
| 125 CERTCertList* cert_list = PK11_ListCertsInSlot(slot_->os_module_handle()); | 139 CERTCertList* cert_list = PK11_ListCertsInSlot(slot_->os_module_handle()); |
| 126 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); | 140 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); |
| 127 !CERT_LIST_END(node, cert_list); | 141 !CERT_LIST_END(node, cert_list); |
| 128 node = CERT_LIST_NEXT(node)) { | 142 node = CERT_LIST_NEXT(node)) { |
| 129 result.push_back(net::X509Certificate::CreateFromHandle( | 143 result.push_back(net::X509Certificate::CreateFromHandle( |
| 130 node->cert, net::X509Certificate::OSCertHandles())); | 144 node->cert, net::X509Certificate::OSCertHandles())); |
| (...skipping 15 matching lines...) Expand all Loading... |
| 146 return ok; | 160 return ok; |
| 147 } | 161 } |
| 148 | 162 |
| 149 crypto::ScopedTestNSSDB test_nssdb_; | 163 crypto::ScopedTestNSSDB test_nssdb_; |
| 150 }; | 164 }; |
| 151 | 165 |
| 152 TEST_F(ONCCertificateImporterTest, MultipleCertificates) { | 166 TEST_F(ONCCertificateImporterTest, MultipleCertificates) { |
| 153 AddCertificatesFromFile("managed_toplevel2.onc", | 167 AddCertificatesFromFile("managed_toplevel2.onc", |
| 154 CertificateImporter::IMPORT_OK); | 168 CertificateImporter::IMPORT_OK); |
| 155 EXPECT_EQ(onc_certificates_->GetSize(), result_list_.size()); | 169 EXPECT_EQ(onc_certificates_->GetSize(), result_list_.size()); |
| 170 EXPECT_EQ(2ul, imported_server_and_ca_certs_.size()); |
| 156 } | 171 } |
| 157 | 172 |
| 158 TEST_F(ONCCertificateImporterTest, MultipleCertificatesWithFailures) { | 173 TEST_F(ONCCertificateImporterTest, MultipleCertificatesWithFailures) { |
| 159 AddCertificatesFromFile("toplevel_partially_invalid.onc", | 174 AddCertificatesFromFile("toplevel_partially_invalid.onc", |
| 160 CertificateImporter::IMPORT_INCOMPLETE); | 175 CertificateImporter::IMPORT_INCOMPLETE); |
| 161 EXPECT_EQ(2ul, onc_certificates_->GetSize()); | 176 EXPECT_EQ(2ul, onc_certificates_->GetSize()); |
| 162 EXPECT_EQ(1ul, result_list_.size()); | 177 EXPECT_EQ(1ul, result_list_.size()); |
| 178 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); |
| 163 } | 179 } |
| 164 | 180 |
| 165 TEST_F(ONCCertificateImporterTest, AddClientCertificate) { | 181 TEST_F(ONCCertificateImporterTest, AddClientCertificate) { |
| 166 std::string guid; | 182 std::string guid; |
| 167 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid); | 183 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid); |
| 168 EXPECT_TRUE(web_trust_certificates_.empty()); | 184 EXPECT_TRUE(web_trust_certificates_.empty()); |
| 169 | 185 |
| 170 SECKEYPrivateKeyList* privkey_list = | 186 SECKEYPrivateKeyList* privkey_list = |
| 171 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 187 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 172 EXPECT_TRUE(privkey_list); | 188 EXPECT_TRUE(privkey_list); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 192 int count = 0; | 208 int count = 0; |
| 193 while (!PUBKEY_LIST_END(node, pubkey_list)) { | 209 while (!PUBKEY_LIST_END(node, pubkey_list)) { |
| 194 count++; | 210 count++; |
| 195 node = PUBKEY_LIST_NEXT(node); | 211 node = PUBKEY_LIST_NEXT(node); |
| 196 } | 212 } |
| 197 EXPECT_EQ(1, count); | 213 EXPECT_EQ(1, count); |
| 198 SECKEY_DestroyPublicKeyList(pubkey_list); | 214 SECKEY_DestroyPublicKeyList(pubkey_list); |
| 199 } | 215 } |
| 200 } | 216 } |
| 201 | 217 |
| 202 TEST_F(ONCCertificateImporterTest, AddServerCertificate) { | 218 TEST_F(ONCCertificateImporterTest, AddServerCertificateWithWebTrust) { |
| 203 std::string guid; | 219 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, NULL); |
| 204 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, &guid); | |
| 205 | 220 |
| 206 SECKEYPrivateKeyList* privkey_list = | 221 SECKEYPrivateKeyList* privkey_list = |
| 207 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 222 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 208 EXPECT_FALSE(privkey_list); | 223 EXPECT_FALSE(privkey_list); |
| 209 | 224 |
| 210 SECKEYPublicKeyList* pubkey_list = | 225 SECKEYPublicKeyList* pubkey_list = |
| 211 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); | 226 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); |
| 212 EXPECT_FALSE(pubkey_list); | 227 EXPECT_FALSE(pubkey_list); |
| 213 | 228 |
| 214 ASSERT_EQ(1u, web_trust_certificates_.size()); | 229 ASSERT_EQ(1u, web_trust_certificates_.size()); |
| 215 ASSERT_EQ(1u, result_list_.size()); | 230 ASSERT_EQ(1u, result_list_.size()); |
| 216 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), | 231 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), |
| 217 web_trust_certificates_[0]->os_cert_handle())); | 232 web_trust_certificates_[0]->os_cert_handle())); |
| 218 } | 233 } |
| 219 | 234 |
| 220 TEST_F(ONCCertificateImporterTest, AddWebAuthorityCertificate) { | 235 TEST_F(ONCCertificateImporterTest, AddWebAuthorityCertificateWithWebTrust) { |
| 221 std::string guid; | 236 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, NULL); |
| 222 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, &guid); | |
| 223 | 237 |
| 224 SECKEYPrivateKeyList* privkey_list = | 238 SECKEYPrivateKeyList* privkey_list = |
| 225 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 239 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 226 EXPECT_FALSE(privkey_list); | 240 EXPECT_FALSE(privkey_list); |
| 227 | 241 |
| 228 SECKEYPublicKeyList* pubkey_list = | 242 SECKEYPublicKeyList* pubkey_list = |
| 229 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); | 243 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); |
| 230 EXPECT_FALSE(pubkey_list); | 244 EXPECT_FALSE(pubkey_list); |
| 231 | 245 |
| 232 ASSERT_EQ(1u, web_trust_certificates_.size()); | 246 ASSERT_EQ(1u, web_trust_certificates_.size()); |
| 233 ASSERT_EQ(1u, result_list_.size()); | 247 ASSERT_EQ(1u, result_list_.size()); |
| 234 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), | 248 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), |
| 235 web_trust_certificates_[0]->os_cert_handle())); | 249 web_trust_certificates_[0]->os_cert_handle())); |
| 236 } | 250 } |
| 237 | 251 |
| 238 TEST_F(ONCCertificateImporterTest, AddAuthorityCertificateWithoutWebTrust) { | 252 TEST_F(ONCCertificateImporterTest, AddAuthorityCertificateWithoutWebTrust) { |
| 239 std::string guid; | 253 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, NULL); |
| 240 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, &guid); | |
| 241 EXPECT_TRUE(web_trust_certificates_.empty()); | 254 EXPECT_TRUE(web_trust_certificates_.empty()); |
| 242 | 255 |
| 243 SECKEYPrivateKeyList* privkey_list = | 256 SECKEYPrivateKeyList* privkey_list = |
| 244 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); | 257 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); |
| 245 EXPECT_FALSE(privkey_list); | 258 EXPECT_FALSE(privkey_list); |
| 246 | 259 |
| 247 SECKEYPublicKeyList* pubkey_list = | 260 SECKEYPublicKeyList* pubkey_list = |
| 248 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); | 261 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); |
| 249 EXPECT_FALSE(pubkey_list); | 262 EXPECT_FALSE(pubkey_list); |
| 250 } | 263 } |
| (...skipping 13 matching lines...) Expand all Loading... |
| 264 | 277 |
| 265 class ONCCertificateImporterTestWithParam : | 278 class ONCCertificateImporterTestWithParam : |
| 266 public ONCCertificateImporterTest, | 279 public ONCCertificateImporterTest, |
| 267 public testing::WithParamInterface<CertParam> { | 280 public testing::WithParamInterface<CertParam> { |
| 268 }; | 281 }; |
| 269 | 282 |
| 270 TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { | 283 TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { |
| 271 // First we import a certificate. | 284 // First we import a certificate. |
| 272 { | 285 { |
| 273 SCOPED_TRACE("Import original certificate"); | 286 SCOPED_TRACE("Import original certificate"); |
| 274 std::string guid_original; | |
| 275 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, | 287 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, |
| 276 &guid_original); | 288 NULL); |
| 277 } | 289 } |
| 278 | 290 |
| 279 // Now we import the same certificate with a different GUID. The cert should | 291 // Now we import the same certificate with a different GUID. In case of a |
| 280 // be retrievable via the new GUID. | 292 // client cert, the cert should be retrievable via the new GUID. |
| 281 { | 293 { |
| 282 SCOPED_TRACE("Import updated certificate"); | 294 SCOPED_TRACE("Import updated certificate"); |
| 283 std::string guid_updated; | 295 AddCertificateFromFile(GetParam().update_file, GetParam().cert_type, NULL); |
| 284 AddCertificateFromFile(GetParam().update_file, GetParam().cert_type, | |
| 285 &guid_updated); | |
| 286 } | 296 } |
| 287 } | 297 } |
| 288 | 298 |
| 289 TEST_P(ONCCertificateImporterTestWithParam, ReimportCertificate) { | 299 TEST_P(ONCCertificateImporterTestWithParam, ReimportCertificate) { |
| 290 // Verify that reimporting a client certificate works. | 300 // Verify that reimporting a client certificate works. |
| 291 for (int i = 0; i < 2; ++i) { | 301 for (int i = 0; i < 2; ++i) { |
| 292 SCOPED_TRACE("Import certificate, iteration " + base::IntToString(i)); | 302 SCOPED_TRACE("Import certificate, iteration " + base::IntToString(i)); |
| 293 | |
| 294 std::string guid_original; | |
| 295 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, | 303 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, |
| 296 &guid_original); | 304 NULL); |
| 297 } | 305 } |
| 298 } | 306 } |
| 299 | 307 |
| 300 INSTANTIATE_TEST_CASE_P( | 308 INSTANTIATE_TEST_CASE_P( |
| 301 ONCCertificateImporterTestWithParam, | 309 ONCCertificateImporterTestWithParam, |
| 302 ONCCertificateImporterTestWithParam, | 310 ONCCertificateImporterTestWithParam, |
| 303 ::testing::Values( | 311 ::testing::Values( |
| 304 CertParam(net::USER_CERT, | 312 CertParam(net::USER_CERT, |
| 305 "certificate-client.onc", | 313 "certificate-client.onc", |
| 306 "certificate-client-update.onc"), | 314 "certificate-client-update.onc"), |
| 307 CertParam(net::SERVER_CERT, | 315 CertParam(net::SERVER_CERT, |
| 308 "certificate-server.onc", | 316 "certificate-server.onc", |
| 309 "certificate-server-update.onc"), | 317 "certificate-server-update.onc"), |
| 310 CertParam(net::CA_CERT, | 318 CertParam(net::CA_CERT, |
| 311 "certificate-web-authority.onc", | 319 "certificate-web-authority.onc", |
| 312 "certificate-web-authority-update.onc"))); | 320 "certificate-web-authority-update.onc"))); |
| 313 | 321 |
| 314 } // namespace onc | 322 } // namespace onc |
| 315 } // namespace chromeos | 323 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 16946002:
Resolve certificate references in ONC by PEM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src