Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Side by Side Diff: chromeos/network/onc/onc_certificate_importer_impl_unittest.cc

Issue 20041002: Make CertificateHandler a proper interface of CertificateImporter. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressed comments. Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/network/onc/onc_certificate_importer.h" 5 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
6 6
7 #include <cert.h> 7 #include <cert.h>
8 #include <certdb.h> 8 #include <certdb.h>
9 #include <keyhi.h> 9 #include <keyhi.h>
10 #include <pk11pub.h> 10 #include <pk11pub.h>
11 #include <string> 11 #include <string>
12 12
13 #include "base/logging.h" 13 #include "base/logging.h"
14 #include "base/strings/string_number_conversions.h" 14 #include "base/strings/string_number_conversions.h"
15 #include "base/values.h" 15 #include "base/values.h"
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
48 return net::SERVER_CERT; 48 return net::SERVER_CERT;
49 return net::UNKNOWN_CERT; 49 return net::UNKNOWN_CERT;
50 } 50 }
51 #else 51 #else
52 net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) { 52 net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) {
53 NOTIMPLEMENTED(); 53 NOTIMPLEMENTED();
54 return net::UNKNOWN_CERT; 54 return net::UNKNOWN_CERT;
55 } 55 }
56 #endif // USE_NSS 56 #endif // USE_NSS
57 57
58 class ONCCertificateImporterTest : public testing::Test { 58 class ONCCertificateImporterImplTest : public testing::Test {
59 public: 59 public:
60 virtual void SetUp() { 60 virtual void SetUp() {
61 ASSERT_TRUE(test_nssdb_.is_open()); 61 ASSERT_TRUE(test_nssdb_.is_open());
62 62
63 slot_ = net::NSSCertDatabase::GetInstance()->GetPublicModule(); 63 slot_ = net::NSSCertDatabase::GetInstance()->GetPublicModule();
64 64
65 // Don't run the test if the setup failed. 65 // Don't run the test if the setup failed.
66 ASSERT_TRUE(slot_->os_module_handle()); 66 ASSERT_TRUE(slot_->os_module_handle());
67 67
68 // Test db should be empty at start of test. 68 // Test db should be empty at start of test.
69 EXPECT_EQ(0ul, ListCertsInSlot().size()); 69 EXPECT_EQ(0ul, ListCertsInSlot().size());
70 } 70 }
71 71
72 virtual void TearDown() { 72 virtual void TearDown() {
73 EXPECT_TRUE(CleanupSlotContents()); 73 EXPECT_TRUE(CleanupSlotContents());
74 EXPECT_EQ(0ul, ListCertsInSlot().size()); 74 EXPECT_EQ(0ul, ListCertsInSlot().size());
75 } 75 }
76 76
77 virtual ~ONCCertificateImporterTest() {} 77 virtual ~ONCCertificateImporterImplTest() {}
78 78
79 protected: 79 protected:
80 void AddCertificatesFromFile( 80 void AddCertificatesFromFile(std::string filename, bool expected_success) {
81 std::string filename,
82 CertificateImporter::ParseResult expected_parse_result) {
83 scoped_ptr<base::DictionaryValue> onc = 81 scoped_ptr<base::DictionaryValue> onc =
84 test_utils::ReadTestDictionary(filename); 82 test_utils::ReadTestDictionary(filename);
85 base::Value* certificates_value = NULL; 83 base::Value* certificates_value = NULL;
86 base::ListValue* certificates = NULL; 84 base::ListValue* certificates = NULL;
87 onc->RemoveWithoutPathExpansion(toplevel_config::kCertificates, 85 onc->RemoveWithoutPathExpansion(toplevel_config::kCertificates,
88 &certificates_value); 86 &certificates_value);
89 certificates_value->GetAsList(&certificates); 87 certificates_value->GetAsList(&certificates);
90 onc_certificates_.reset(certificates); 88 onc_certificates_.reset(certificates);
91 89
92 web_trust_certificates_.clear(); 90 web_trust_certificates_.clear();
93 imported_server_and_ca_certs_.clear(); 91 imported_server_and_ca_certs_.clear();
94 CertificateImporter importer(true /* allow web trust */); 92 CertificateImporterImpl importer;
95 EXPECT_EQ(expected_parse_result, 93 EXPECT_EQ(
96 importer.ParseAndStoreCertificates( 94 expected_success,
97 *certificates, 95 importer.ParseAndStoreCertificates(true, // allow web trust
98 &web_trust_certificates_, 96 *certificates,
99 &imported_server_and_ca_certs_)); 97 &web_trust_certificates_,
98 &imported_server_and_ca_certs_));
100 99
101 result_list_.clear(); 100 result_list_.clear();
102 result_list_ = ListCertsInSlot(); 101 result_list_ = ListCertsInSlot();
103 } 102 }
104 103
105 void AddCertificateFromFile(std::string filename, 104 void AddCertificateFromFile(std::string filename,
106 net::CertType expected_type, 105 net::CertType expected_type,
107 std::string* guid) { 106 std::string* guid) {
108 std::string guid_temporary; 107 std::string guid_temporary;
109 if (!guid) 108 if (!guid)
110 guid = &guid_temporary; 109 guid = &guid_temporary;
111 110
112 AddCertificatesFromFile(filename, CertificateImporter::IMPORT_OK); 111 AddCertificatesFromFile(filename, true);
113 ASSERT_EQ(1ul, result_list_.size()); 112 ASSERT_EQ(1ul, result_list_.size());
114 EXPECT_EQ(expected_type, GetCertType(result_list_[0]->os_cert_handle())); 113 EXPECT_EQ(expected_type, GetCertType(result_list_[0]->os_cert_handle()));
115 114
116 base::DictionaryValue* certificate = NULL; 115 base::DictionaryValue* certificate = NULL;
117 onc_certificates_->GetDictionary(0, &certificate); 116 onc_certificates_->GetDictionary(0, &certificate);
118 certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid); 117 certificate->GetStringWithoutPathExpansion(certificate::kGUID, guid);
119 118
120 if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) { 119 if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) {
121 EXPECT_EQ(1u, imported_server_and_ca_certs_.size()); 120 EXPECT_EQ(1u, imported_server_and_ca_certs_.size());
122 EXPECT_TRUE(imported_server_and_ca_certs_[*guid]->Equals( 121 EXPECT_TRUE(imported_server_and_ca_certs_[*guid]->Equals(
123 result_list_[0])); 122 result_list_[0]));
124 } else { // net::USER_CERT 123 } else { // net::USER_CERT
125 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); 124 EXPECT_TRUE(imported_server_and_ca_certs_.empty());
126 CertificateImporter::ListCertsWithNickname(*guid, &result_list_); 125 CertificateImporterImpl::ListCertsWithNickname(*guid, &result_list_);
127 } 126 }
128 } 127 }
129 128
130 scoped_ptr<base::ListValue> onc_certificates_; 129 scoped_ptr<base::ListValue> onc_certificates_;
131 scoped_refptr<net::CryptoModule> slot_; 130 scoped_refptr<net::CryptoModule> slot_;
132 net::CertificateList result_list_; 131 net::CertificateList result_list_;
133 net::CertificateList web_trust_certificates_; 132 net::CertificateList web_trust_certificates_;
134 CertificateImporter::CertsByGUID imported_server_and_ca_certs_; 133 CertificateImporterImpl::CertsByGUID imported_server_and_ca_certs_;
135 134
136 private: 135 private:
137 net::CertificateList ListCertsInSlot() { 136 net::CertificateList ListCertsInSlot() {
138 net::CertificateList result; 137 net::CertificateList result;
139 CERTCertList* cert_list = PK11_ListCertsInSlot(slot_->os_module_handle()); 138 CERTCertList* cert_list = PK11_ListCertsInSlot(slot_->os_module_handle());
140 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); 139 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
141 !CERT_LIST_END(node, cert_list); 140 !CERT_LIST_END(node, cert_list);
142 node = CERT_LIST_NEXT(node)) { 141 node = CERT_LIST_NEXT(node)) {
143 result.push_back(net::X509Certificate::CreateFromHandle( 142 result.push_back(net::X509Certificate::CreateFromHandle(
144 node->cert, net::X509Certificate::OSCertHandles())); 143 node->cert, net::X509Certificate::OSCertHandles()));
(...skipping 12 matching lines...) Expand all
157 if (!net::NSSCertDatabase::GetInstance()->DeleteCertAndKey(certs[i] 156 if (!net::NSSCertDatabase::GetInstance()->DeleteCertAndKey(certs[i]
158 .get())) 157 .get()))
159 ok = false; 158 ok = false;
160 } 159 }
161 return ok; 160 return ok;
162 } 161 }
163 162
164 crypto::ScopedTestNSSDB test_nssdb_; 163 crypto::ScopedTestNSSDB test_nssdb_;
165 }; 164 };
166 165
167 TEST_F(ONCCertificateImporterTest, MultipleCertificates) { 166 TEST_F(ONCCertificateImporterImplTest, MultipleCertificates) {
168 AddCertificatesFromFile("managed_toplevel2.onc", 167 AddCertificatesFromFile("managed_toplevel2.onc", true);
169 CertificateImporter::IMPORT_OK);
170 EXPECT_EQ(onc_certificates_->GetSize(), result_list_.size()); 168 EXPECT_EQ(onc_certificates_->GetSize(), result_list_.size());
171 EXPECT_EQ(2ul, imported_server_and_ca_certs_.size()); 169 EXPECT_EQ(2ul, imported_server_and_ca_certs_.size());
172 } 170 }
173 171
174 TEST_F(ONCCertificateImporterTest, MultipleCertificatesWithFailures) { 172 TEST_F(ONCCertificateImporterImplTest, MultipleCertificatesWithFailures) {
175 AddCertificatesFromFile("toplevel_partially_invalid.onc", 173 AddCertificatesFromFile("toplevel_partially_invalid.onc", false);
176 CertificateImporter::IMPORT_INCOMPLETE);
177 EXPECT_EQ(3ul, onc_certificates_->GetSize()); 174 EXPECT_EQ(3ul, onc_certificates_->GetSize());
178 EXPECT_EQ(1ul, result_list_.size()); 175 EXPECT_EQ(1ul, result_list_.size());
179 EXPECT_TRUE(imported_server_and_ca_certs_.empty()); 176 EXPECT_TRUE(imported_server_and_ca_certs_.empty());
180 } 177 }
181 178
182 TEST_F(ONCCertificateImporterTest, AddClientCertificate) { 179 TEST_F(ONCCertificateImporterImplTest, AddClientCertificate) {
183 std::string guid; 180 std::string guid;
184 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid); 181 AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid);
185 EXPECT_TRUE(web_trust_certificates_.empty()); 182 EXPECT_TRUE(web_trust_certificates_.empty());
186 183
187 SECKEYPrivateKeyList* privkey_list = 184 SECKEYPrivateKeyList* privkey_list =
188 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); 185 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
189 EXPECT_TRUE(privkey_list); 186 EXPECT_TRUE(privkey_list);
190 if (privkey_list) { 187 if (privkey_list) {
191 SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list); 188 SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list);
192 int count = 0; 189 int count = 0;
(...skipping 16 matching lines...) Expand all
209 int count = 0; 206 int count = 0;
210 while (!PUBKEY_LIST_END(node, pubkey_list)) { 207 while (!PUBKEY_LIST_END(node, pubkey_list)) {
211 count++; 208 count++;
212 node = PUBKEY_LIST_NEXT(node); 209 node = PUBKEY_LIST_NEXT(node);
213 } 210 }
214 EXPECT_EQ(1, count); 211 EXPECT_EQ(1, count);
215 SECKEY_DestroyPublicKeyList(pubkey_list); 212 SECKEY_DestroyPublicKeyList(pubkey_list);
216 } 213 }
217 } 214 }
218 215
219 TEST_F(ONCCertificateImporterTest, AddServerCertificateWithWebTrust) { 216 TEST_F(ONCCertificateImporterImplTest, AddServerCertificateWithWebTrust) {
220 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, NULL); 217 AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, NULL);
221 218
222 SECKEYPrivateKeyList* privkey_list = 219 SECKEYPrivateKeyList* privkey_list =
223 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); 220 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
224 EXPECT_FALSE(privkey_list); 221 EXPECT_FALSE(privkey_list);
225 222
226 SECKEYPublicKeyList* pubkey_list = 223 SECKEYPublicKeyList* pubkey_list =
227 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); 224 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
228 EXPECT_FALSE(pubkey_list); 225 EXPECT_FALSE(pubkey_list);
229 226
230 ASSERT_EQ(1u, web_trust_certificates_.size()); 227 ASSERT_EQ(1u, web_trust_certificates_.size());
231 ASSERT_EQ(1u, result_list_.size()); 228 ASSERT_EQ(1u, result_list_.size());
232 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), 229 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(),
233 web_trust_certificates_[0]->os_cert_handle())); 230 web_trust_certificates_[0]->os_cert_handle()));
234 } 231 }
235 232
236 TEST_F(ONCCertificateImporterTest, AddWebAuthorityCertificateWithWebTrust) { 233 TEST_F(ONCCertificateImporterImplTest, AddWebAuthorityCertificateWithWebTrust) {
237 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, NULL); 234 AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, NULL);
238 235
239 SECKEYPrivateKeyList* privkey_list = 236 SECKEYPrivateKeyList* privkey_list =
240 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); 237 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
241 EXPECT_FALSE(privkey_list); 238 EXPECT_FALSE(privkey_list);
242 239
243 SECKEYPublicKeyList* pubkey_list = 240 SECKEYPublicKeyList* pubkey_list =
244 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); 241 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
245 EXPECT_FALSE(pubkey_list); 242 EXPECT_FALSE(pubkey_list);
246 243
247 ASSERT_EQ(1u, web_trust_certificates_.size()); 244 ASSERT_EQ(1u, web_trust_certificates_.size());
248 ASSERT_EQ(1u, result_list_.size()); 245 ASSERT_EQ(1u, result_list_.size());
249 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(), 246 EXPECT_TRUE(CERT_CompareCerts(result_list_[0]->os_cert_handle(),
250 web_trust_certificates_[0]->os_cert_handle())); 247 web_trust_certificates_[0]->os_cert_handle()));
251 } 248 }
252 249
253 TEST_F(ONCCertificateImporterTest, AddAuthorityCertificateWithoutWebTrust) { 250 TEST_F(ONCCertificateImporterImplTest, AddAuthorityCertificateWithoutWebTrust) {
254 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, NULL); 251 AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, NULL);
255 EXPECT_TRUE(web_trust_certificates_.empty()); 252 EXPECT_TRUE(web_trust_certificates_.empty());
256 253
257 SECKEYPrivateKeyList* privkey_list = 254 SECKEYPrivateKeyList* privkey_list =
258 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL); 255 PK11_ListPrivKeysInSlot(slot_->os_module_handle(), NULL, NULL);
259 EXPECT_FALSE(privkey_list); 256 EXPECT_FALSE(privkey_list);
260 257
261 SECKEYPublicKeyList* pubkey_list = 258 SECKEYPublicKeyList* pubkey_list =
262 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL); 259 PK11_ListPublicKeysInSlot(slot_->os_module_handle(), NULL);
263 EXPECT_FALSE(pubkey_list); 260 EXPECT_FALSE(pubkey_list);
264 } 261 }
265 262
266 struct CertParam { 263 struct CertParam {
267 CertParam(net::CertType certificate_type, 264 CertParam(net::CertType certificate_type,
268 const char* original_filename, 265 const char* original_filename,
269 const char* update_filename) 266 const char* update_filename)
270 : cert_type(certificate_type), 267 : cert_type(certificate_type),
271 original_file(original_filename), 268 original_file(original_filename),
272 update_file(update_filename) {} 269 update_file(update_filename) {}
273 270
274 net::CertType cert_type; 271 net::CertType cert_type;
275 const char* original_file; 272 const char* original_file;
276 const char* update_file; 273 const char* update_file;
277 }; 274 };
278 275
279 class ONCCertificateImporterTestWithParam : 276 class ONCCertificateImporterImplTestWithParam :
280 public ONCCertificateImporterTest, 277 public ONCCertificateImporterImplTest,
281 public testing::WithParamInterface<CertParam> { 278 public testing::WithParamInterface<CertParam> {
282 }; 279 };
283 280
284 TEST_P(ONCCertificateImporterTestWithParam, UpdateCertificate) { 281 TEST_P(ONCCertificateImporterImplTestWithParam, UpdateCertificate) {
285 // First we import a certificate. 282 // First we import a certificate.
286 { 283 {
287 SCOPED_TRACE("Import original certificate"); 284 SCOPED_TRACE("Import original certificate");
288 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, 285 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type,
289 NULL); 286 NULL);
290 } 287 }
291 288
292 // Now we import the same certificate with a different GUID. In case of a 289 // Now we import the same certificate with a different GUID. In case of a
293 // client cert, the cert should be retrievable via the new GUID. 290 // client cert, the cert should be retrievable via the new GUID.
294 { 291 {
295 SCOPED_TRACE("Import updated certificate"); 292 SCOPED_TRACE("Import updated certificate");
296 AddCertificateFromFile(GetParam().update_file, GetParam().cert_type, NULL); 293 AddCertificateFromFile(GetParam().update_file, GetParam().cert_type, NULL);
297 } 294 }
298 } 295 }
299 296
300 TEST_P(ONCCertificateImporterTestWithParam, ReimportCertificate) { 297 TEST_P(ONCCertificateImporterImplTestWithParam, ReimportCertificate) {
301 // Verify that reimporting a client certificate works. 298 // Verify that reimporting a client certificate works.
302 for (int i = 0; i < 2; ++i) { 299 for (int i = 0; i < 2; ++i) {
303 SCOPED_TRACE("Import certificate, iteration " + base::IntToString(i)); 300 SCOPED_TRACE("Import certificate, iteration " + base::IntToString(i));
304 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type, 301 AddCertificateFromFile(GetParam().original_file, GetParam().cert_type,
305 NULL); 302 NULL);
306 } 303 }
307 } 304 }
308 305
309 INSTANTIATE_TEST_CASE_P( 306 INSTANTIATE_TEST_CASE_P(
310 ONCCertificateImporterTestWithParam, 307 ONCCertificateImporterImplTestWithParam,
311 ONCCertificateImporterTestWithParam, 308 ONCCertificateImporterImplTestWithParam,
312 ::testing::Values( 309 ::testing::Values(
313 CertParam(net::USER_CERT, 310 CertParam(net::USER_CERT,
314 "certificate-client.onc", 311 "certificate-client.onc",
315 "certificate-client-update.onc"), 312 "certificate-client-update.onc"),
316 CertParam(net::SERVER_CERT, 313 CertParam(net::SERVER_CERT,
317 "certificate-server.onc", 314 "certificate-server.onc",
318 "certificate-server-update.onc"), 315 "certificate-server-update.onc"),
319 CertParam(net::CA_CERT, 316 CertParam(net::CA_CERT,
320 "certificate-web-authority.onc", 317 "certificate-web-authority.onc",
321 "certificate-web-authority-update.onc"))); 318 "certificate-web-authority-update.onc")));
322 319
323 } // namespace onc 320 } // namespace onc
324 } // namespace chromeos 321 } // namespace chromeos
OLDNEW
« no previous file with comments | « chromeos/network/onc/onc_certificate_importer_impl.cc ('k') | chromeos/network/onc/onc_certificate_importer_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698