Chromium Code Reviews Chromium Code Reviews
Issue 2094333002:
Implementation for chrome.certificateProvider.requestPin/stopPinRequest (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <openssl/evp.h> | 5 #include <openssl/evp.h> |
| 6 #include <openssl/rsa.h> | 6 #include <openssl/rsa.h> |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 #include <stdlib.h> | 9 #include <stdlib.h> |
| 10 | 10 |
| 11 #include <memory> | 11 #include <memory> |
| 12 #include <string> | 12 #include <string> |
| 13 #include <vector> | 13 #include <vector> |
| 14 | 14 |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/callback.h" | 16 #include "base/callback.h" |
| 17 #include "base/files/file_path.h" | 17 #include "base/files/file_path.h" |
| 18 #include "base/files/file_util.h" | 18 #include "base/files/file_util.h" |
| 19 #include "base/run_loop.h" | 19 #include "base/run_loop.h" |
| 20 #include "base/strings/string_number_conversions.h" | 20 #include "base/strings/string_number_conversions.h" |
| 21 #include "base/strings/utf_string_conversions.h" | 21 #include "base/strings/utf_string_conversions.h" |
| 22 #include "base/values.h" | 22 #include "base/values.h" |
| 23 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice.h" | |
| 24 #include "chrome/browser/chromeos/certificate_provider/certificate_provider_serv ice_factory.h" | |
| 25 #include "chrome/browser/extensions/api/certificate_provider/certificate_provide r_api.h" | |
| 23 #include "chrome/browser/extensions/extension_apitest.h" | 26 #include "chrome/browser/extensions/extension_apitest.h" |
| 24 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 27 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 25 #include "chrome/test/base/ui_test_utils.h" | 28 #include "chrome/test/base/ui_test_utils.h" |
| 26 #include "components/policy/core/browser/browser_policy_connector.h" | 29 #include "components/policy/core/browser/browser_policy_connector.h" |
| 27 #include "components/policy/core/common/mock_configuration_policy_provider.h" | 30 #include "components/policy/core/common/mock_configuration_policy_provider.h" |
| 28 #include "components/policy/core/common/policy_map.h" | 31 #include "components/policy/core/common/policy_map.h" |
| 29 #include "components/policy/core/common/policy_types.h" | 32 #include "components/policy/core/common/policy_types.h" |
| 30 #include "components/policy/policy_constants.h" | 33 #include "components/policy/policy_constants.h" |
| 31 #include "content/public/browser/render_frame_host.h" | 34 #include "content/public/browser/render_frame_host.h" |
| 32 #include "content/public/browser/web_contents.h" | 35 #include "content/public/browser/web_contents.h" |
| 33 #include "content/public/test/test_navigation_observer.h" | 36 #include "content/public/test/test_navigation_observer.h" |
| 34 #include "content/public/test/test_utils.h" | 37 #include "content/public/test/test_utils.h" |
| 35 #include "crypto/rsa_private_key.h" | 38 #include "crypto/rsa_private_key.h" |
| 36 #include "crypto/scoped_openssl_types.h" | 39 #include "crypto/scoped_openssl_types.h" |
| 37 #include "extensions/common/extension.h" | 40 #include "extensions/common/extension.h" |
| 38 #include "extensions/test/result_catcher.h" | 41 #include "extensions/test/result_catcher.h" |
| 39 #include "net/test/spawned_test_server/spawned_test_server.h" | 42 #include "net/test/spawned_test_server/spawned_test_server.h" |
| 40 #include "testing/gmock/include/gmock/gmock.h" | 43 #include "testing/gmock/include/gmock/gmock.h" |
| 44 #include "ui/views/controls/label.h" | |
| 45 #include "ui/views/controls/textfield/textfield.h" | |
| 46 #include "ui/views/widget/widget.h" | |
| 41 | 47 |
| 42 using testing::Return; | 48 using testing::Return; |
| 43 using testing::_; | 49 using testing::_; |
| 44 | 50 |
| 45 namespace { | 51 namespace { |
| 46 | 52 |
| 47 void IgnoreResult(const base::Closure& callback, const base::Value* value) { | 53 void IgnoreResult(const base::Closure& callback, const base::Value* value) { |
| 48 callback.Run(); | 54 callback.Run(); |
| 49 } | 55 } |
| 50 | 56 |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 115 std::string JsUint8Array(const std::vector<uint8_t>& bytes) { | 121 std::string JsUint8Array(const std::vector<uint8_t>& bytes) { |
| 116 std::string res = "new Uint8Array(["; | 122 std::string res = "new Uint8Array(["; |
| 117 for (const uint8_t byte : bytes) { | 123 for (const uint8_t byte : bytes) { |
| 118 res += base::UintToString(byte); | 124 res += base::UintToString(byte); |
| 119 res += ", "; | 125 res += ", "; |
| 120 } | 126 } |
| 121 res += "])"; | 127 res += "])"; |
| 122 return res; | 128 return res; |
| 123 } | 129 } |
| 124 | 130 |
| 131 // Enters the code in the ShowPinDialog window and pushes the OK event. | |
| 132 void EnterCode(chromeos::CertificateProviderService* service, | |
| 133 const base::string16& code) { | |
| 134 chromeos::RequestPinView* view = | |
| 135 service->pin_dialog_manager()->active_view_for_testing(); | |
| 136 view->textfield_for_testing()->SetText(code); | |
| 137 view->Accept(); | |
| 138 base::RunLoop().RunUntilIdle(); | |
| 139 } | |
| 140 | |
| 141 // Enters the valid code for extensions from local example folders, in the | |
| 142 // ShowPinDialog window and waits for the window to close. | |
| 143 void EnterCorrectPin(chromeos::CertificateProviderService* service) { | |
| 144 views::Widget* active_window = | |
| 145 service->pin_dialog_manager()->active_window_for_testing(); | |
| 146 EnterCode(service, base::ASCIIToUTF16("1234")); | |
| 147 | |
| 148 // Wait for extension to send request to close the window. | |
| 149 while (!active_window->IsClosed()) { | |
| 150 base::RunLoop().RunUntilIdle(); | |
| 151 } | |
| 152 } | |
| 153 | |
| 154 // Enters an invalid code for extensions from local example folders, in the | |
| 155 // ShowPinDialog window and waits for the window to update with the error. | |
| 156 void EnterWrongPin(chromeos::CertificateProviderService* service) { | |
| 157 EnterCode(service, base::ASCIIToUTF16("567")); | |
| 158 | |
| 159 chromeos::RequestPinView* view = | |
| 160 service->pin_dialog_manager()->active_view_for_testing(); | |
| 161 // Waiting for extension to open the dialog again with an error in red | |
| 162 // displayed. | |
| 163 while (view->error_label_for_testing()->enabled_color() != SK_ColorRED) { | |
| 164 base::RunLoop().RunUntilIdle(); | |
| 165 } | |
| 166 } | |
| 167 | |
| 125 class CertificateProviderApiTest : public ExtensionApiTest { | 168 class CertificateProviderApiTest : public ExtensionApiTest { |
| 126 public: | 169 public: |
| 127 CertificateProviderApiTest() {} | 170 CertificateProviderApiTest() {} |
| 128 | 171 |
| 129 void SetUpInProcessBrowserTestFixture() override { | 172 void SetUpInProcessBrowserTestFixture() override { |
| 130 EXPECT_CALL(provider_, IsInitializationComplete(_)) | 173 EXPECT_CALL(provider_, IsInitializationComplete(_)) |
| 131 .WillRepeatedly(Return(true)); | 174 .WillRepeatedly(Return(true)); |
| 132 policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_); | 175 policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_); |
| 133 | 176 |
| 134 ExtensionApiTest::SetUpInProcessBrowserTestFixture(); | 177 ExtensionApiTest::SetUpInProcessBrowserTestFixture(); |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 146 policy::PolicyMap policy; | 189 policy::PolicyMap policy; |
| 147 policy.Set(policy::key::kAutoSelectCertificateForUrls, | 190 policy.Set(policy::key::kAutoSelectCertificateForUrls, |
| 148 policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER, | 191 policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER, |
| 149 policy::POLICY_SOURCE_CLOUD, std::move(autoselect_policy), | 192 policy::POLICY_SOURCE_CLOUD, std::move(autoselect_policy), |
| 150 nullptr); | 193 nullptr); |
| 151 provider_.UpdateChromePolicy(policy); | 194 provider_.UpdateChromePolicy(policy); |
| 152 | 195 |
| 153 content::RunAllPendingInMessageLoop(); | 196 content::RunAllPendingInMessageLoop(); |
| 154 } | 197 } |
| 155 | 198 |
| 199 // Loads certificate_provider extension from folder (the page basic.html). | |
|
emaxx
2016/09/19 23:15:02
nit: You probably duplicated the helper method by
igorcov
2016/09/20 09:28:59
Done.
| |
| 200 // Returns the CertificateProviderService object from browser context. | |
| 201 chromeos::CertificateProviderService* LoadRequestPinExtension( | |
| 202 const std::string& folder, | |
| 203 const std::string& file_name) { | |
| 204 content::WebContents* extension_contents = | |
| 205 browser()->tab_strip_model()->GetActiveWebContents(); | |
| 206 chromeos::CertificateProviderService* service = | |
| 207 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 208 extension_contents->GetBrowserContext()); | |
| 209 const base::FilePath extension_path = | |
| 210 test_data_dir_.AppendASCII("certificate_provider/" + folder); | |
| 211 const extensions::Extension* const extension = | |
| 212 LoadExtension(extension_path); | |
| 213 service->pin_dialog_manager()->AddSignRequestId(extension->id(), 123); | |
| 214 ui_test_utils::NavigateToURL(browser(), | |
| 215 extension->GetResourceURL(file_name)); | |
| 216 base::RunLoop().RunUntilIdle(); | |
| 217 return service; | |
| 218 } | |
| 219 | |
| 156 protected: | 220 protected: |
| 157 policy::MockConfigurationPolicyProvider provider_; | 221 policy::MockConfigurationPolicyProvider provider_; |
| 158 }; | 222 }; |
| 159 | 223 |
| 224 class CertificateProviderRequestPinTest : public CertificateProviderApiTest { | |
| 225 public: | |
| 226 // Loads certificate_provider extension from |folder| and |file_name|. | |
| 227 // Returns the CertificateProviderService object from browser context. | |
| 228 chromeos::CertificateProviderService* LoadRequestPinExtension( | |
| 229 const std::string& folder, | |
| 230 const std::string& file_name) { | |
| 231 content::WebContents* extension_contents = | |
| 232 browser()->tab_strip_model()->GetActiveWebContents(); | |
| 233 chromeos::CertificateProviderService* service = | |
| 234 chromeos::CertificateProviderServiceFactory::GetForBrowserContext( | |
| 235 extension_contents->GetBrowserContext()); | |
| 236 const base::FilePath extension_path = | |
| 237 test_data_dir_.AppendASCII("certificate_provider/" + folder); | |
| 238 const extensions::Extension* const extension = | |
| 239 LoadExtension(extension_path); | |
| 240 service->pin_dialog_manager()->AddSignRequestId(extension->id(), 123); | |
| 241 ui_test_utils::NavigateToURL(browser(), | |
| 242 extension->GetResourceURL(file_name)); | |
| 243 base::RunLoop().RunUntilIdle(); | |
| 244 return service; | |
| 245 } | |
| 246 }; | |
| 247 | |
| 160 } // namespace | 248 } // namespace |
| 161 | 249 |
| 162 IN_PROC_BROWSER_TEST_F(CertificateProviderApiTest, Basic) { | 250 IN_PROC_BROWSER_TEST_F(CertificateProviderApiTest, Basic) { |
| 163 // Start an HTTPS test server that requests a client certificate. | 251 // Start an HTTPS test server that requests a client certificate. |
| 164 net::SpawnedTestServer::SSLOptions ssl_options; | 252 net::SpawnedTestServer::SSLOptions ssl_options; |
| 165 ssl_options.request_client_certificate = true; | 253 ssl_options.request_client_certificate = true; |
| 166 net::SpawnedTestServer https_server(net::SpawnedTestServer::TYPE_HTTPS, | 254 net::SpawnedTestServer https_server(net::SpawnedTestServer::TYPE_HTTPS, |
| 167 ssl_options, base::FilePath()); | 255 ssl_options, base::FilePath()); |
| 168 ASSERT_TRUE(https_server.Start()); | 256 ASSERT_TRUE(https_server.Start()); |
| 169 | 257 |
| (...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 261 base::RunLoop run_loop; | 349 base::RunLoop run_loop; |
| 262 const std::string code = "replyWithSignatureSecondTime();"; | 350 const std::string code = "replyWithSignatureSecondTime();"; |
| 263 bool result = false; | 351 bool result = false; |
| 264 extension_contents->GetMainFrame()->ExecuteJavaScriptForTests( | 352 extension_contents->GetMainFrame()->ExecuteJavaScriptForTests( |
| 265 base::ASCIIToUTF16(code), | 353 base::ASCIIToUTF16(code), |
| 266 base::Bind(&StoreBool, &result, run_loop.QuitClosure())); | 354 base::Bind(&StoreBool, &result, run_loop.QuitClosure())); |
| 267 run_loop.Run(); | 355 run_loop.Run(); |
| 268 EXPECT_TRUE(result); | 356 EXPECT_TRUE(result); |
| 269 } | 357 } |
| 270 } | 358 } |
| 359 | |
| 360 // User enters the correct PIN. | |
| 361 IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest, ShowPinDialogAccept) { | |
| 362 chromeos::CertificateProviderService* service = | |
| 363 LoadRequestPinExtension("request_pin", "basic.html"); | |
| 364 | |
| 365 // Enter the valid PIN. | |
| 366 EnterCorrectPin(service); | |
| 367 | |
| 368 // The view should be set to nullptr when the window is closed. | |
| 369 EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr); | |
| 370 } | |
| 371 | |
| 372 // User closes the dialog kMaxClosedDialogsPer10Mins times, and the extension | |
| 373 // should be blocked from showing it again. | |
| 374 IN_PROC_BROWSER_TEST_F(CertificateProviderApiTest, ShowPinDialogClose) { | |
| 375 chromeos::CertificateProviderService* service = | |
| 376 LoadRequestPinExtension("request_pin", "basic.html"); | |
| 377 | |
| 378 views::Widget* window = | |
| 379 service->pin_dialog_manager()->active_window_for_testing(); | |
| 380 for (int i = 0; | |
| 381 i < extensions::api::certificate_provider::kMaxClosedDialogsPer10Mins; | |
| 382 i++) { | |
| 383 window->Close(); | |
| 384 // Waiting for the new window to pop up. | |
| 385 while (service->pin_dialog_manager()->active_view_for_testing() == nullptr) | |
| 386 base::RunLoop().RunUntilIdle(); | |
| 387 | |
| 388 window = service->pin_dialog_manager()->active_window_for_testing(); | |
| 389 } | |
| 390 | |
| 391 // This time when closed, the window should not be able to pop up again. | |
| 392 window->Close(); | |
| 393 base::RunLoop().RunUntilIdle(); | |
| 394 EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr); | |
| 395 } | |
| 396 | |
| 397 // User enters a wrong PIN first and a correct PIN on the second try. | |
| 398 IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest, | |
| 399 ShowPinDialogWrongPin) { | |
| 400 chromeos::CertificateProviderService* service = | |
| 401 LoadRequestPinExtension("request_pin", "basic.html"); | |
| 402 EnterWrongPin(service); | |
| 403 | |
| 404 // The window should be active. | |
| 405 EXPECT_EQ( | |
| 406 service->pin_dialog_manager()->active_window_for_testing()->IsVisible(), | |
| 407 true); | |
| 408 EXPECT_NE(service->pin_dialog_manager()->active_view_for_testing(), nullptr); | |
| 409 | |
| 410 // Enter the valid PIN. | |
| 411 EnterCorrectPin(service); | |
| 412 | |
| 413 // The view should be set to nullptr when the window is closed. | |
| 414 EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr); | |
| 415 } | |
| 416 | |
| 417 // User enters wrong PIN three times. | |
| 418 IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest, | |
| 419 ShowPinDialogWrongPinThreeTimes) { | |
| 420 chromeos::CertificateProviderService* service = | |
| 421 LoadRequestPinExtension("request_pin", "basic.html"); | |
| 422 for (int i = 0; i < 3; i++) { | |
| 423 EnterWrongPin(service); | |
| 424 } | |
| 425 | |
| 426 chromeos::RequestPinView* view = | |
| 427 service->pin_dialog_manager()->active_view_for_testing(); | |
| 428 | |
| 429 // The textfield has to be disabled, as extension does not allow input now. | |
| 430 EXPECT_EQ(view->textfield_for_testing()->enabled(), false); | |
| 431 | |
| 432 // Close the dialog. | |
| 433 service->pin_dialog_manager()->active_window_for_testing()->Close(); | |
| 434 base::RunLoop().RunUntilIdle(); | |
| 435 EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr); | |
| 436 } | |
| 437 | |
| 438 // User closes the dialog while the extension is processing the request. | |
| 439 IN_PROC_BROWSER_TEST_F(CertificateProviderRequestPinTest, | |
| 440 ShowPinDialogCloseWhileProcessing) { | |
| 441 chromeos::CertificateProviderService* service = | |
| 442 LoadRequestPinExtension("request_pin", "basic_lock.html"); | |
| 443 | |
| 444 EnterCode(service, base::ASCIIToUTF16("123")); | |
| 445 service->pin_dialog_manager()->active_window_for_testing()->Close(); | |
| 446 base::RunLoop().RunUntilIdle(); | |
| 447 // The view should be set to nullptr when the window is closed. | |
| 448 EXPECT_EQ(service->pin_dialog_manager()->active_view_for_testing(), nullptr); | |
| 449 } | |
| OLD | NEW |
