net/ssl/client_cert_store_nss_unittest.cc - Issue 2185403003: Return the certificate chain in ClientCertStoreNSS.

Side by Side Diff: net/ssl/client_cert_store_nss_unittest.cc

Issue 2185403003: Return the certificate chain in ClientCertStoreNSS. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rsleevi comments Created 4 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/client_cert_store_nss.h"	5 #include "net/ssl/client_cert_store_nss.h"

6	6

	7 #include <cert.h>

	8 #include <certt.h>

	9 #include <pk11pub.h>

	10

	11 #include <memory>

	12 #include <string>

	13

	14 #include "base/memory/ref_counted.h"

	15 #include "base/run_loop.h"

	16 #include "crypto/scoped_test_nss_db.h"

	17 #include "net/cert/x509_certificate.h"

7 #include "net/ssl/client_cert_store_unittest-inl.h"	18 #include "net/ssl/client_cert_store_unittest-inl.h"

	19 #include "net/ssl/ssl_cert_request_info.h"

	20 #include "net/test/cert_test_util.h"

	21 #include "testing/gtest/include/gtest/gtest.h"

8	22

9 namespace net {	23 namespace net {

10	24

11 class ClientCertStoreNSSTestDelegate {	25 class ClientCertStoreNSSTestDelegate {

12 public:	26 public:

13 ClientCertStoreNSSTestDelegate() {}	27 ClientCertStoreNSSTestDelegate() {}

14	28

15 bool SelectClientCerts(const CertificateList& input_certs,	29 bool SelectClientCerts(const CertificateList& input_certs,

16 const SSLCertRequestInfo& cert_request_info,	30 const SSLCertRequestInfo& cert_request_info,

17 CertificateList* selected_certs) {	31 CertificateList* selected_certs) {

18 // Filters \|input_certs\| using the logic being used to filter the system	32 // Filters \|input_certs\| using the logic being used to filter the system

19 // store when GetClientCerts() is called.	33 // store when GetClientCerts() is called.

20 ClientCertStoreNSS::FilterCertsOnWorkerThread(	34 ClientCertStoreNSS::FilterCertsOnWorkerThread(

21 input_certs, cert_request_info, selected_certs);	35 input_certs, cert_request_info, selected_certs);

22 return true;	36 return true;

23 }	37 }

24 };	38 };

25	39

26 INSTANTIATE_TYPED_TEST_CASE_P(NSS,	40 INSTANTIATE_TYPED_TEST_CASE_P(NSS,

27 ClientCertStoreTest,	41 ClientCertStoreTest,

28 ClientCertStoreNSSTestDelegate);	42 ClientCertStoreNSSTestDelegate);

29	43

	44 // Tests that ClientCertStoreNSS attempts to build a certificate chain by

	45 // querying NSS before return a certificate.

	46 TEST(ClientCertStoreNSSTest, BuildsCertificateChain) {

	47 // Set up a test DB and import client_1.pem and client_1_ca.pem.

	48 crypto::ScopedTestNSSDB test_db;

	49 scoped_refptr<X509Certificate> client_1(ImportClientCertAndKeyFromFile(

	50 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8", test_db.slot()));

	51 ASSERT_TRUE(client_1.get());

	52 scoped_refptr<X509Certificate> client_1_ca(

	53 ImportCertFromFile(GetTestCertsDirectory(), "client_1_ca.pem"));

	54 ASSERT_TRUE(client_1_ca.get());

	55 ASSERT_EQ(SECSuccess,

	56 PK11_ImportCert(test_db.slot(), client_1_ca->os_cert_handle(),

	57 CK_INVALID_HANDLE, "client_1_ca",

	58 PR_FALSE /* includeTrust (unused) */));

	59

	60 std::unique_ptr<ClientCertStoreNSS> store(

	61 new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory()));

	62

	63 {

	64 // Request certificates matching B CA, \|client_1\|'s issuer.

	65 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);

	66 request->cert_authorities.push_back(std::string(

	67 reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN)));

	68

	69 CertificateList selected_certs;

	70 base::RunLoop loop;

	71 store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure());

	72 loop.Run();

	73

	74 // The result be \|client_1\| with no intermediates.

	75 ASSERT_EQ(1u, selected_certs.size());

	76 scoped_refptr<X509Certificate> selected_cert = selected_certs[0];

	77 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),

	78 selected_cert->os_cert_handle()));

	79 ASSERT_EQ(0u, selected_cert->GetIntermediateCertificates().size());

	80 }

	81

	82 {

	83 // Request certificates matching C Root CA, \|client_1_ca\|'s issuer.

	84 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);

	85 request->cert_authorities.push_back(

	86 std::string(reinterpret_cast<const char*>(kAuthorityRootDN),

	87 sizeof(kAuthorityRootDN)));

	88

	89 CertificateList selected_certs;

	90 base::RunLoop loop;

	91 store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure());

	92 loop.Run();

	93

	94 // The result be \|client_1\| with \|client_1_ca\| as an intermediate.

	95 ASSERT_EQ(1u, selected_certs.size());

	96 scoped_refptr<X509Certificate> selected_cert = selected_certs[0];

	97 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),

	98 selected_cert->os_cert_handle()));

	99 ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size());

	100 EXPECT_TRUE(X509Certificate::IsSameOSCert(

	101 client_1_ca->os_cert_handle(),

	102 selected_cert->GetIntermediateCertificates()[0]));

	103 }

	104 }

	105

30 } // namespace net	106 } // namespace net

OLD	NEW

« no previous file with comments | « net/ssl/client_cert_store_nss.cc ('k') | net/ssl/client_cert_store_unittest-inl.h » ('j') | net/third_party/nss/ssl/cmpcert.cc » ('J')