| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_client_auth_cache.h" | 5 #include "net/ssl/ssl_client_auth_cache.h" |
| 6 | 6 |
| 7 #include "base/macros.h" | 7 #include "base/macros.h" |
| 8 #include "base/time/time.h" | 8 #include "base/time/time.h" |
| 9 #include "net/cert/x509_certificate.h" | 9 #include "net/cert/x509_certificate.h" |
| 10 #include "net/ssl/ssl_private_key.h" | 10 #include "net/ssl/ssl_private_key.h" |
| 11 #include "net/test/cert_test_util.h" |
| 12 #include "net/test/test_data_directory.h" |
| 11 #include "testing/gtest/include/gtest/gtest.h" | 13 #include "testing/gtest/include/gtest/gtest.h" |
| 12 | 14 |
| 13 namespace net { | 15 namespace net { |
| 14 | 16 |
| 15 class MockSSLPrivateKey : public SSLPrivateKey { | 17 class MockSSLPrivateKey : public SSLPrivateKey { |
| 16 public: | 18 public: |
| 17 MockSSLPrivateKey() {} | 19 MockSSLPrivateKey() {} |
| 18 | 20 |
| 19 Type GetType() override { return Type::RSA; } | 21 Type GetType() override { return Type::RSA; } |
| 20 | 22 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 36 | 38 |
| 37 private: | 39 private: |
| 38 ~MockSSLPrivateKey() override {} | 40 ~MockSSLPrivateKey() override {} |
| 39 | 41 |
| 40 DISALLOW_COPY_AND_ASSIGN(MockSSLPrivateKey); | 42 DISALLOW_COPY_AND_ASSIGN(MockSSLPrivateKey); |
| 41 }; | 43 }; |
| 42 | 44 |
| 43 TEST(SSLClientAuthCacheTest, LookupAddRemove) { | 45 TEST(SSLClientAuthCacheTest, LookupAddRemove) { |
| 44 SSLClientAuthCache cache; | 46 SSLClientAuthCache cache; |
| 45 | 47 |
| 46 base::Time start_date = base::Time::Now(); | |
| 47 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | |
| 48 | |
| 49 HostPortPair server1("foo1", 443); | 48 HostPortPair server1("foo1", 443); |
| 50 scoped_refptr<X509Certificate> cert1( | 49 scoped_refptr<X509Certificate> cert1( |
| 51 new X509Certificate("foo1", "CA", start_date, expiration_date)); | 50 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); |
| 51 ASSERT_TRUE(cert1); |
| 52 | 52 |
| 53 HostPortPair server2("foo2", 443); | 53 HostPortPair server2("foo2", 443); |
| 54 scoped_refptr<X509Certificate> cert2( | 54 scoped_refptr<X509Certificate> cert2( |
| 55 new X509Certificate("foo2", "CA", start_date, expiration_date)); | 55 ImportCertFromFile(GetTestCertsDirectory(), "expired_cert.pem")); |
| 56 ASSERT_TRUE(cert2); |
| 56 | 57 |
| 57 HostPortPair server3("foo3", 443); | 58 HostPortPair server3("foo3", 443); |
| 58 scoped_refptr<X509Certificate> cert3( | 59 scoped_refptr<X509Certificate> cert3( |
| 59 new X509Certificate("foo3", "CA", start_date, expiration_date)); | 60 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem")); |
| 61 ASSERT_TRUE(cert3); |
| 60 | 62 |
| 61 scoped_refptr<X509Certificate> cached_cert; | 63 scoped_refptr<X509Certificate> cached_cert; |
| 62 scoped_refptr<SSLPrivateKey> cached_pkey; | 64 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 63 // Lookup non-existent client certificate. | 65 // Lookup non-existent client certificate. |
| 64 cached_cert = NULL; | 66 cached_cert = nullptr; |
| 65 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 67 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 66 | 68 |
| 67 // Add client certificate for server1. | 69 // Add client certificate for server1. |
| 68 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); | 70 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 69 cached_cert = NULL; | 71 cached_cert = nullptr; |
| 70 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 72 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 71 EXPECT_EQ(cert1, cached_cert); | 73 EXPECT_EQ(cert1, cached_cert); |
| 72 | 74 |
| 73 // Add client certificate for server2. | 75 // Add client certificate for server2. |
| 74 cache.Add(server2, cert2.get(), new MockSSLPrivateKey); | 76 cache.Add(server2, cert2.get(), new MockSSLPrivateKey); |
| 75 cached_cert = NULL; | 77 cached_cert = nullptr; |
| 76 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 78 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 77 EXPECT_EQ(cert1.get(), cached_cert.get()); | 79 EXPECT_EQ(cert1.get(), cached_cert.get()); |
| 78 cached_cert = NULL; | 80 cached_cert = nullptr; |
| 79 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); | 81 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 80 EXPECT_EQ(cert2, cached_cert); | 82 EXPECT_EQ(cert2, cached_cert); |
| 81 | 83 |
| 82 // Overwrite the client certificate for server1. | 84 // Overwrite the client certificate for server1. |
| 83 cache.Add(server1, cert3.get(), new MockSSLPrivateKey); | 85 cache.Add(server1, cert3.get(), new MockSSLPrivateKey); |
| 84 cached_cert = NULL; | 86 cached_cert = nullptr; |
| 85 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 87 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 86 EXPECT_EQ(cert3, cached_cert); | 88 EXPECT_EQ(cert3, cached_cert); |
| 87 cached_cert = NULL; | 89 cached_cert = nullptr; |
| 88 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); | 90 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 89 EXPECT_EQ(cert2, cached_cert); | 91 EXPECT_EQ(cert2, cached_cert); |
| 90 | 92 |
| 91 // Remove client certificate of server1. | 93 // Remove client certificate of server1. |
| 92 cache.Remove(server1); | 94 cache.Remove(server1); |
| 93 cached_cert = NULL; | 95 cached_cert = nullptr; |
| 94 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 96 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 95 cached_cert = NULL; | 97 cached_cert = nullptr; |
| 96 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); | 98 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 97 EXPECT_EQ(cert2, cached_cert); | 99 EXPECT_EQ(cert2, cached_cert); |
| 98 | 100 |
| 99 // Remove non-existent client certificate. | 101 // Remove non-existent client certificate. |
| 100 cache.Remove(server1); | 102 cache.Remove(server1); |
| 101 cached_cert = NULL; | 103 cached_cert = nullptr; |
| 102 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 104 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 103 cached_cert = NULL; | 105 cached_cert = nullptr; |
| 104 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); | 106 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 105 EXPECT_EQ(cert2, cached_cert); | 107 EXPECT_EQ(cert2, cached_cert); |
| 106 } | 108 } |
| 107 | 109 |
| 108 // Check that if the server differs only by port number, it is considered | 110 // Check that if the server differs only by port number, it is considered |
| 109 // a separate server. | 111 // a separate server. |
| 110 TEST(SSLClientAuthCacheTest, LookupWithPort) { | 112 TEST(SSLClientAuthCacheTest, LookupWithPort) { |
| 111 SSLClientAuthCache cache; | 113 SSLClientAuthCache cache; |
| 112 | 114 |
| 113 base::Time start_date = base::Time::Now(); | |
| 114 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | |
| 115 | |
| 116 HostPortPair server1("foo", 443); | 115 HostPortPair server1("foo", 443); |
| 117 scoped_refptr<X509Certificate> cert1( | 116 scoped_refptr<X509Certificate> cert1( |
| 118 new X509Certificate("foo", "CA", start_date, expiration_date)); | 117 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); |
| 118 ASSERT_TRUE(cert1); |
| 119 | 119 |
| 120 HostPortPair server2("foo", 8443); | 120 HostPortPair server2("foo", 8443); |
| 121 scoped_refptr<X509Certificate> cert2( | 121 scoped_refptr<X509Certificate> cert2( |
| 122 new X509Certificate("foo", "CA", start_date, expiration_date)); | 122 ImportCertFromFile(GetTestCertsDirectory(), "expired_cert.pem")); |
| 123 ASSERT_TRUE(cert2); |
| 123 | 124 |
| 124 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); | 125 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 125 cache.Add(server2, cert2.get(), new MockSSLPrivateKey); | 126 cache.Add(server2, cert2.get(), new MockSSLPrivateKey); |
| 126 | 127 |
| 127 scoped_refptr<X509Certificate> cached_cert; | 128 scoped_refptr<X509Certificate> cached_cert; |
| 128 scoped_refptr<SSLPrivateKey> cached_pkey; | 129 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 129 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 130 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 130 EXPECT_EQ(cert1.get(), cached_cert.get()); | 131 EXPECT_EQ(cert1.get(), cached_cert.get()); |
| 131 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); | 132 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 132 EXPECT_EQ(cert2.get(), cached_cert.get()); | 133 EXPECT_EQ(cert2.get(), cached_cert.get()); |
| 133 } | 134 } |
| 134 | 135 |
| 135 // Check that the a NULL certificate, indicating the user has declined to send | 136 // Check that the a nullptr certificate, indicating the user has declined to |
| 136 // a certificate, is properly cached. | 137 // send a certificate, is properly cached. |
| 137 TEST(SSLClientAuthCacheTest, LookupNullPreference) { | 138 TEST(SSLClientAuthCacheTest, LookupNullPreference) { |
| 138 SSLClientAuthCache cache; | 139 SSLClientAuthCache cache; |
| 139 base::Time start_date = base::Time::Now(); | |
| 140 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | |
| 141 | 140 |
| 142 HostPortPair server1("foo", 443); | 141 HostPortPair server1("foo", 443); |
| 143 scoped_refptr<X509Certificate> cert1( | 142 scoped_refptr<X509Certificate> cert1( |
| 144 new X509Certificate("foo", "CA", start_date, expiration_date)); | 143 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); |
| 144 ASSERT_TRUE(cert1); |
| 145 | 145 |
| 146 cache.Add(server1, NULL, new MockSSLPrivateKey); | 146 cache.Add(server1, nullptr, new MockSSLPrivateKey); |
| 147 | 147 |
| 148 scoped_refptr<X509Certificate> cached_cert(cert1); | 148 scoped_refptr<X509Certificate> cached_cert(cert1); |
| 149 scoped_refptr<SSLPrivateKey> cached_pkey; | 149 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 150 // Make sure that |cached_cert| is updated to NULL, indicating the user | 150 // Make sure that |cached_cert| is updated to nullptr, indicating the user |
| 151 // declined to send a certificate to |server1|. | 151 // declined to send a certificate to |server1|. |
| 152 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 152 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 153 EXPECT_EQ(NULL, cached_cert.get()); | 153 EXPECT_EQ(nullptr, cached_cert.get()); |
| 154 | 154 |
| 155 // Remove the existing cached certificate. | 155 // Remove the existing cached certificate. |
| 156 cache.Remove(server1); | 156 cache.Remove(server1); |
| 157 cached_cert = NULL; | 157 cached_cert = nullptr; |
| 158 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 158 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 159 | 159 |
| 160 // Add a new preference for a specific certificate. | 160 // Add a new preference for a specific certificate. |
| 161 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); | 161 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 162 cached_cert = NULL; | 162 cached_cert = nullptr; |
| 163 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 163 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 164 EXPECT_EQ(cert1, cached_cert); | 164 EXPECT_EQ(cert1, cached_cert); |
| 165 | 165 |
| 166 // Replace the specific preference with a NULL certificate. | 166 // Replace the specific preference with a nullptr certificate. |
| 167 cache.Add(server1, NULL, new MockSSLPrivateKey); | 167 cache.Add(server1, nullptr, new MockSSLPrivateKey); |
| 168 cached_cert = NULL; | 168 cached_cert = nullptr; |
| 169 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 169 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 170 EXPECT_EQ(NULL, cached_cert.get()); | 170 EXPECT_EQ(nullptr, cached_cert.get()); |
| 171 } | 171 } |
| 172 | 172 |
| 173 // Check that the OnCertAdded() method removes all cache entries. | 173 // Check that the OnCertAdded() method removes all cache entries. |
| 174 TEST(SSLClientAuthCacheTest, OnCertAdded) { | 174 TEST(SSLClientAuthCacheTest, OnCertAdded) { |
| 175 SSLClientAuthCache cache; | 175 SSLClientAuthCache cache; |
| 176 base::Time start_date = base::Time::Now(); | |
| 177 base::Time expiration_date = start_date + base::TimeDelta::FromDays(1); | |
| 178 | 176 |
| 179 HostPortPair server1("foo", 443); | 177 HostPortPair server1("foo", 443); |
| 180 scoped_refptr<X509Certificate> cert1( | 178 scoped_refptr<X509Certificate> cert1( |
| 181 new X509Certificate("foo", "CA", start_date, expiration_date)); | 179 ImportCertFromFile(GetTestCertsDirectory(), "ok_cert.pem")); |
| 180 ASSERT_TRUE(cert1); |
| 182 | 181 |
| 183 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); | 182 cache.Add(server1, cert1.get(), new MockSSLPrivateKey); |
| 184 | 183 |
| 185 HostPortPair server2("foo2", 443); | 184 HostPortPair server2("foo2", 443); |
| 186 cache.Add(server2, NULL, new MockSSLPrivateKey); | 185 cache.Add(server2, nullptr, new MockSSLPrivateKey); |
| 187 | 186 |
| 188 scoped_refptr<X509Certificate> cached_cert; | 187 scoped_refptr<X509Certificate> cached_cert; |
| 189 scoped_refptr<SSLPrivateKey> cached_pkey; | 188 scoped_refptr<SSLPrivateKey> cached_pkey; |
| 190 | 189 |
| 191 // Demonstrate the set up is correct. | 190 // Demonstrate the set up is correct. |
| 192 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 191 EXPECT_TRUE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 193 EXPECT_EQ(cert1, cached_cert); | 192 EXPECT_EQ(cert1, cached_cert); |
| 194 | 193 |
| 195 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); | 194 EXPECT_TRUE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 196 EXPECT_EQ(NULL, cached_cert.get()); | 195 EXPECT_EQ(nullptr, cached_cert.get()); |
| 197 | 196 |
| 198 cache.OnCertAdded(NULL); | 197 cache.OnCertAdded(nullptr); |
| 199 | 198 |
| 200 // Check that we no longer have entries for either server. | 199 // Check that we no longer have entries for either server. |
| 201 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); | 200 EXPECT_FALSE(cache.Lookup(server1, &cached_cert, &cached_pkey)); |
| 202 EXPECT_FALSE(cache.Lookup(server2, &cached_cert, &cached_pkey)); | 201 EXPECT_FALSE(cache.Lookup(server2, &cached_cert, &cached_pkey)); |
| 203 } | 202 } |
| 204 | 203 |
| 205 } // namespace net | 204 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2084153003:
Remove the test-only X509Certificate constructor (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master