| Index: chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc
|
| diff --git a/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..d37b977d1f1e8051e8c8d53104bf6c8bc48a1b80
|
| --- /dev/null
|
| +++ b/chrome/browser/extensions/api/enterprise_platform_keys/enterprise_platform_keys_apitest_nss.cc
|
| @@ -0,0 +1,222 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include <cryptohi.h>
|
| +
|
| +#include "base/macros.h"
|
| +#include "base/strings/stringprintf.h"
|
| +#include "chrome/browser/chrome_notification_types.h"
|
| +#include "chrome/browser/chromeos/policy/user_network_configuration_updater.h"
|
| +#include "chrome/browser/extensions/extension_apitest.h"
|
| +#include "chrome/browser/net/nss_context.h"
|
| +#include "chrome/browser/net/url_request_mock_util.h"
|
| +#include "components/policy/core/browser/browser_policy_connector.h"
|
| +#include "components/policy/core/common/mock_configuration_policy_provider.h"
|
| +#include "components/policy/core/common/policy_map.h"
|
| +#include "content/public/browser/notification_service.h"
|
| +#include "content/public/common/content_switches.h"
|
| +#include "content/public/test/test_utils.h"
|
| +#include "content/public/test/test_utils.h"
|
| +#include "content/test/net/url_request_mock_http_job.h"
|
| +#include "crypto/nss_util.h"
|
| +#include "net/base/net_errors.h"
|
| +#include "net/cert/nss_cert_database.h"
|
| +#include "policy/policy_constants.h"
|
| +#include "testing/gmock/include/gmock/gmock.h"
|
| +
|
| +namespace {
|
| +
|
| +// The test extension has a certificate referencing this private key.
|
| +//
|
| +// openssl genrsa > privkey.pem
|
| +// openssl pkcs8 -inform pem -in privkey.pem -topk8
|
| +// -outform der -out privkey8.der -nocrypt
|
| +// xxd -i privkey8.der
|
| +const unsigned char privateKeyPkcs8[] = {
|
| + 0x30, 0x82, 0x01, 0x55, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
|
| + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
|
| + 0x01, 0x3f, 0x30, 0x82, 0x01, 0x3b, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
|
| + 0xc7, 0xc1, 0x4d, 0xd5, 0xdc, 0x3a, 0x2e, 0x1f, 0x42, 0x30, 0x3d, 0x21,
|
| + 0x1e, 0xa2, 0x1f, 0x60, 0xcb, 0x71, 0x11, 0x53, 0xb0, 0x75, 0xa0, 0x62,
|
| + 0xfe, 0x5e, 0x0a, 0xde, 0xb0, 0x0f, 0x48, 0x97, 0x5e, 0x42, 0xa7, 0x3a,
|
| + 0xd1, 0xca, 0x4c, 0xe3, 0xdb, 0x5f, 0x31, 0xc2, 0x99, 0x08, 0x89, 0xcd,
|
| + 0x6d, 0x20, 0xaa, 0x75, 0xe6, 0x2b, 0x98, 0xd2, 0xf3, 0x7b, 0x4b, 0xe5,
|
| + 0x9b, 0xfe, 0xe2, 0x6d, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x40, 0x4a,
|
| + 0xf5, 0x76, 0x10, 0xe7, 0xb8, 0x89, 0x70, 0x3f, 0x75, 0x3c, 0xab, 0x3e,
|
| + 0x04, 0x96, 0x83, 0xcb, 0x34, 0x1d, 0xcd, 0x6a, 0xed, 0x69, 0x07, 0x5c,
|
| + 0xee, 0xcb, 0x63, 0x6f, 0x6b, 0xfc, 0xcf, 0xee, 0xa2, 0xc4, 0x67, 0x05,
|
| + 0x68, 0x4d, 0x21, 0x7e, 0x3e, 0xde, 0x74, 0x72, 0xf8, 0x04, 0x35, 0x66,
|
| + 0x1e, 0x6b, 0x1d, 0xef, 0x77, 0xf7, 0x33, 0xf0, 0x35, 0xcf, 0x35, 0x6e,
|
| + 0x53, 0x3f, 0x9d, 0x02, 0x21, 0x00, 0xee, 0x48, 0x67, 0x1b, 0x24, 0x6e,
|
| + 0x3d, 0x7b, 0xa0, 0xc3, 0xee, 0x8a, 0x2e, 0xc7, 0xd0, 0xa1, 0xdb, 0x25,
|
| + 0x31, 0x12, 0x99, 0x43, 0x06, 0x3c, 0xb0, 0x80, 0x35, 0x2b, 0xf4, 0xc5,
|
| + 0xa2, 0xd3, 0x02, 0x21, 0x00, 0xd6, 0x9b, 0x8b, 0x75, 0x91, 0x52, 0xd4,
|
| + 0xf0, 0x76, 0xcf, 0xa2, 0xbe, 0xa6, 0xaf, 0x72, 0x6c, 0x52, 0xf9, 0xc9,
|
| + 0x0e, 0xea, 0x4a, 0x4c, 0xd2, 0xdf, 0x25, 0x70, 0xc6, 0x66, 0x35, 0x9d,
|
| + 0xbf, 0x02, 0x21, 0x00, 0xe8, 0x9e, 0x40, 0x21, 0xcc, 0x37, 0xde, 0xc7,
|
| + 0xd1, 0x13, 0x55, 0xcd, 0x0a, 0x8c, 0x40, 0xcd, 0xb1, 0xed, 0xa5, 0xf1,
|
| + 0x7d, 0x33, 0x64, 0x64, 0x5c, 0xfe, 0x5c, 0x6a, 0x34, 0x03, 0xb8, 0xc7,
|
| + 0x02, 0x20, 0x17, 0xe1, 0xb5, 0x52, 0x3e, 0xfa, 0xc5, 0xc1, 0x80, 0xa7,
|
| + 0x38, 0x88, 0x18, 0xca, 0x7b, 0x64, 0x3c, 0x93, 0x99, 0x61, 0x34, 0x87,
|
| + 0x52, 0x27, 0x41, 0x37, 0xcc, 0x65, 0xf7, 0xa7, 0xcd, 0xc7, 0x02, 0x21,
|
| + 0x00, 0x8a, 0x17, 0x7f, 0xf9, 0x45, 0xf3, 0xfd, 0xf7, 0x96, 0x62, 0xf3,
|
| + 0x7a, 0x09, 0xfb, 0xe9, 0x9e, 0xc7, 0x7a, 0x1f, 0x53, 0x1a, 0xb8, 0xd5,
|
| + 0x88, 0x9d, 0xd4, 0x79, 0x57, 0x88, 0x68, 0x72, 0x6f};
|
| +
|
| +const base::FilePath::CharType kTestExtensionDir[] =
|
| + FILE_PATH_LITERAL("extensions/api_test/enterprise_platform_keys");
|
| +const base::FilePath::CharType kUpdateManifestFileName[] =
|
| + FILE_PATH_LITERAL("update_manifest.xml");
|
| +
|
| +// The managed_storage extension has a key defined in its manifest, so that
|
| +// its extension ID is well-known and the policy system can push policies for
|
| +// the extension.
|
| +const char kTestExtensionID[] = "aecpbnckhoppanpmefllkdkohionpmig";
|
| +
|
| +void DidGetCertDatabase(base::RunLoop* loop, net::NSSCertDatabase* cert_db) {
|
| + // In order to use a prepared certificate, import a private key at first for
|
| + // which the Javscript test will import the certificate.
|
| + SECItem pki_der = {
|
| + siBuffer,
|
| + // NSS requires non-const data even though it is just for input.
|
| + const_cast<unsigned char*>((const unsigned char*)privateKeyPkcs8),
|
| + arraysize(privateKeyPkcs8)};
|
| +
|
| + crypto::ScopedPK11Slot private_slot(cert_db->GetPrivateSlot());
|
| + SECKEYPrivateKey* seckey_private_key = NULL;
|
| + ASSERT_EQ(SECSuccess,
|
| + PK11_ImportDERPrivateKeyInfoAndReturnKey(private_slot.get(),
|
| + &pki_der,
|
| + NULL, // nickname
|
| + NULL, // publicValue
|
| + true, // isPerm
|
| + true, // isPrivate
|
| + KU_ALL, // usage
|
| + &seckey_private_key,
|
| + NULL));
|
| + loop->Quit();
|
| +}
|
| +
|
| +class EnterprisePlatformKeysTest : public ExtensionApiTest {
|
| + public:
|
| + virtual void SetUp() {
|
| + policy::UserNetworkConfigurationUpdater::
|
| + SetSkipCertificateImporterCreationForTest(true /*skip*/);
|
| + ExtensionApiTest::SetUp();
|
| + }
|
| +
|
| + virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
|
| + ExtensionApiTest::SetUpCommandLine(command_line);
|
| +
|
| + // Enable the WebCrypto API.
|
| + command_line->AppendSwitch(
|
| + switches::kEnableExperimentalWebPlatformFeatures);
|
| + }
|
| +
|
| + virtual void SetUpInProcessBrowserTestFixture() OVERRIDE {
|
| + ExtensionApiTest::SetUpInProcessBrowserTestFixture();
|
| +
|
| + EXPECT_CALL(policy_provider_, IsInitializationComplete(testing::_))
|
| + .WillRepeatedly(testing::Return(true));
|
| + policy_provider_.SetAutoRefresh();
|
| + policy::BrowserPolicyConnector::SetPolicyProviderForTesting(
|
| + &policy_provider_);
|
| + }
|
| +
|
| + virtual void SetUpOnMainThread() OVERRIDE {
|
| + ExtensionApiTest::SetUpOnMainThread();
|
| +
|
| + // Enable the URLRequestMock, which is required for force-installing the
|
| + // test extension through policy.
|
| + content::BrowserThread::PostTask(
|
| + content::BrowserThread::IO,
|
| + FROM_HERE,
|
| + base::Bind(chrome_browser_net::SetUrlRequestMocksEnabled, true));
|
| +
|
| + {
|
| + base::RunLoop loop;
|
| + content::BrowserThread::PostTask(
|
| + content::BrowserThread::IO,
|
| + FROM_HERE,
|
| + base::Bind(&EnterprisePlatformKeysTest::SetupTestNSSDBOnIOThread,
|
| + base::Unretained(this),
|
| + &loop));
|
| + loop.Run();
|
| + }
|
| +
|
| + {
|
| + base::RunLoop loop;
|
| + GetNSSCertDatabaseForProfile(browser()->profile(),
|
| + base::Bind(&DidGetCertDatabase, &loop));
|
| + loop.Run();
|
| + }
|
| +
|
| + SetPolicy();
|
| + }
|
| +
|
| + virtual void CleanUpOnMainThread() OVERRIDE {
|
| + base::RunLoop loop;
|
| + content::BrowserThread::PostTask(
|
| + content::BrowserThread::IO,
|
| + FROM_HERE,
|
| + base::Bind(&EnterprisePlatformKeysTest::DeleteTestNSSDBOnIOThread,
|
| + base::Unretained(this),
|
| + &loop));
|
| + loop.Run();
|
| + ExtensionApiTest::CleanUpOnMainThread();
|
| + }
|
| +
|
| + private:
|
| + void SetupTestNSSDBOnIOThread(base::RunLoop* loop) {
|
| + test_nssdb_.reset(new crypto::ScopedTestNSSDB);
|
| + content::BrowserThread::PostTask(
|
| + content::BrowserThread::UI, FROM_HERE, loop->QuitClosure());
|
| + }
|
| +
|
| + void DeleteTestNSSDBOnIOThread(base::RunLoop* loop) {
|
| + test_nssdb_.reset();
|
| + content::BrowserThread::PostTask(
|
| + content::BrowserThread::UI, FROM_HERE, loop->QuitClosure());
|
| + }
|
| +
|
| + void SetPolicy() {
|
| + // Extensions that are force-installed come from an update URL, which
|
| + // defaults to the webstore. Use a mock URL for this test with an update
|
| + // manifest that includes the crx file of the test extension.
|
| + base::FilePath update_manifest_path =
|
| + base::FilePath(kTestExtensionDir).Append(kUpdateManifestFileName);
|
| + GURL update_manifest_url(
|
| + content::URLRequestMockHTTPJob::GetMockUrl(update_manifest_path));
|
| +
|
| + scoped_ptr<base::ListValue> forcelist(new base::ListValue);
|
| + forcelist->AppendString(base::StringPrintf(
|
| + "%s;%s", kTestExtensionID, update_manifest_url.spec().c_str()));
|
| +
|
| + policy::PolicyMap policy;
|
| + policy.Set(policy::key::kExtensionInstallForcelist,
|
| + policy::POLICY_LEVEL_MANDATORY,
|
| + policy::POLICY_SCOPE_MACHINE,
|
| + forcelist.release(),
|
| + NULL);
|
| +
|
| + // Set the policy and wait until the extension is installed.
|
| + content::WindowedNotificationObserver observer(
|
| + chrome::NOTIFICATION_EXTENSION_INSTALLED_DEPRECATED,
|
| + content::NotificationService::AllSources());
|
| + policy_provider_.UpdateChromePolicy(policy);
|
| + observer.Wait();
|
| + }
|
| +
|
| + scoped_ptr<crypto::ScopedTestNSSDB> test_nssdb_;
|
| + policy::MockConfigurationPolicyProvider policy_provider_;
|
| +};
|
| +
|
| +} // namespace
|
| +
|
| +IN_PROC_BROWSER_TEST_F(EnterprisePlatformKeysTest, Basic) {
|
| + ASSERT_TRUE(RunExtensionSubtest(
|
| + "",
|
| + base::StringPrintf("chrome-extension://%s/basic.html", kTestExtensionID)))
|
| + << message_;
|
| +}
|
|
|
Chromium Code Reviews
Issue 214863002:
Extension API enterprise.platformKeys. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src