OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_nss.h" | 5 #include "net/ssl/client_cert_store_nss.h" |
6 | 6 |
| 7 #include <cert.h> |
| 8 #include <certt.h> |
| 9 #include <pk11pub.h> |
| 10 |
| 11 #include <memory> |
| 12 #include <string> |
| 13 |
| 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/run_loop.h" |
| 16 #include "crypto/scoped_test_nss_db.h" |
| 17 #include "net/cert/x509_certificate.h" |
7 #include "net/ssl/client_cert_store_unittest-inl.h" | 18 #include "net/ssl/client_cert_store_unittest-inl.h" |
| 19 #include "net/ssl/ssl_cert_request_info.h" |
| 20 #include "net/test/cert_test_util.h" |
| 21 #include "testing/gtest/include/gtest/gtest.h" |
8 | 22 |
9 namespace net { | 23 namespace net { |
10 | 24 |
11 class ClientCertStoreNSSTestDelegate { | 25 class ClientCertStoreNSSTestDelegate { |
12 public: | 26 public: |
13 ClientCertStoreNSSTestDelegate() {} | 27 ClientCertStoreNSSTestDelegate() {} |
14 | 28 |
15 bool SelectClientCerts(const CertificateList& input_certs, | 29 bool SelectClientCerts(const CertificateList& input_certs, |
16 const SSLCertRequestInfo& cert_request_info, | 30 const SSLCertRequestInfo& cert_request_info, |
17 CertificateList* selected_certs) { | 31 CertificateList* selected_certs) { |
18 // Filters |input_certs| using the logic being used to filter the system | 32 // Filters |input_certs| using the logic being used to filter the system |
19 // store when GetClientCerts() is called. | 33 // store when GetClientCerts() is called. |
20 ClientCertStoreNSS::FilterCertsOnWorkerThread( | 34 ClientCertStoreNSS::FilterCertsOnWorkerThread( |
21 input_certs, cert_request_info, selected_certs); | 35 input_certs, cert_request_info, selected_certs); |
22 return true; | 36 return true; |
23 } | 37 } |
24 }; | 38 }; |
25 | 39 |
26 INSTANTIATE_TYPED_TEST_CASE_P(NSS, | 40 INSTANTIATE_TYPED_TEST_CASE_P(NSS, |
27 ClientCertStoreTest, | 41 ClientCertStoreTest, |
28 ClientCertStoreNSSTestDelegate); | 42 ClientCertStoreNSSTestDelegate); |
29 | 43 |
| 44 // Tests that ClientCertStoreNSS attempts to build a certificate chain by |
| 45 // querying NSS before return a certificate. |
| 46 TEST(ClientCertStoreNSSTest, BuildsCertificateChain) { |
| 47 // Set up a test DB and import client_1.pem and client_1_ca.pem. |
| 48 crypto::ScopedTestNSSDB test_db; |
| 49 scoped_refptr<X509Certificate> client_1(ImportClientCertAndKeyFromFile( |
| 50 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8", test_db.slot())); |
| 51 ASSERT_TRUE(client_1.get()); |
| 52 scoped_refptr<X509Certificate> client_1_ca( |
| 53 ImportCertFromFile(GetTestCertsDirectory(), "client_1_ca.pem")); |
| 54 ASSERT_TRUE(client_1_ca.get()); |
| 55 ASSERT_EQ(SECSuccess, |
| 56 PK11_ImportCert(test_db.slot(), client_1_ca->os_cert_handle(), |
| 57 CK_INVALID_HANDLE, "client_1_ca", |
| 58 PR_FALSE /* includeTrust (unused) */)); |
| 59 |
| 60 std::unique_ptr<ClientCertStoreNSS> store( |
| 61 new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory())); |
| 62 |
| 63 { |
| 64 // Request certificates matching B CA, |client_1|'s issuer. |
| 65 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo); |
| 66 request->cert_authorities.push_back(std::string( |
| 67 reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN))); |
| 68 |
| 69 CertificateList selected_certs; |
| 70 base::RunLoop loop; |
| 71 store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure()); |
| 72 loop.Run(); |
| 73 |
| 74 // The result be |client_1| with no intermediates. |
| 75 ASSERT_EQ(1u, selected_certs.size()); |
| 76 scoped_refptr<X509Certificate> selected_cert = selected_certs[0]; |
| 77 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(), |
| 78 selected_cert->os_cert_handle())); |
| 79 ASSERT_EQ(0u, selected_cert->GetIntermediateCertificates().size()); |
| 80 } |
| 81 |
| 82 { |
| 83 // Request certificates matching C Root CA, |client_1_ca|'s issuer. |
| 84 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo); |
| 85 request->cert_authorities.push_back( |
| 86 std::string(reinterpret_cast<const char*>(kAuthorityRootDN), |
| 87 sizeof(kAuthorityRootDN))); |
| 88 |
| 89 CertificateList selected_certs; |
| 90 base::RunLoop loop; |
| 91 store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure()); |
| 92 loop.Run(); |
| 93 |
| 94 // The result be |client_1| with |client_1_ca| as an intermediate. |
| 95 ASSERT_EQ(1u, selected_certs.size()); |
| 96 scoped_refptr<X509Certificate> selected_cert = selected_certs[0]; |
| 97 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(), |
| 98 selected_cert->os_cert_handle())); |
| 99 ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size()); |
| 100 EXPECT_TRUE(X509Certificate::IsSameOSCert( |
| 101 client_1_ca->os_cert_handle(), |
| 102 selected_cert->GetIntermediateCertificates()[0])); |
| 103 } |
| 104 } |
| 105 |
30 } // namespace net | 106 } // namespace net |
OLD | NEW |