| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_nss.h" | 5 #include "net/ssl/client_cert_store_nss.h" |
| 6 | 6 |
| 7 #include <cert.h> | 7 #include <cert.h> |
| 8 #include <certt.h> | 8 #include <certt.h> |
| 9 #include <pk11pub.h> | 9 #include <pk11pub.h> |
| 10 | 10 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 34 ClientCertStoreNSS::FilterCertsOnWorkerThread( | 34 ClientCertStoreNSS::FilterCertsOnWorkerThread( |
| 35 input_certs, cert_request_info, selected_certs); | 35 input_certs, cert_request_info, selected_certs); |
| 36 return true; | 36 return true; |
| 37 } | 37 } |
| 38 }; | 38 }; |
| 39 | 39 |
| 40 INSTANTIATE_TYPED_TEST_CASE_P(NSS, | 40 INSTANTIATE_TYPED_TEST_CASE_P(NSS, |
| 41 ClientCertStoreTest, | 41 ClientCertStoreTest, |
| 42 ClientCertStoreNSSTestDelegate); | 42 ClientCertStoreNSSTestDelegate); |
| 43 | 43 |
| 44 // Tests that ClientCertStoreNSS attempts to build a certificate chain by | 44 class ClientCertStoreChainNSSTestDelegate { |
| 45 // querying NSS before return a certificate. | 45 public: |
| 46 TEST(ClientCertStoreNSSTest, BuildsCertificateChain) { | 46 ClientCertStoreChainNSSTestDelegate() {} |
| 47 // Set up a test DB and import client_1.pem and client_1_ca.pem. | |
| 48 crypto::ScopedTestNSSDB test_db; | |
| 49 scoped_refptr<X509Certificate> client_1(ImportClientCertAndKeyFromFile( | |
| 50 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8", test_db.slot())); | |
| 51 ASSERT_TRUE(client_1.get()); | |
| 52 scoped_refptr<X509Certificate> client_1_ca( | |
| 53 ImportCertFromFile(GetTestCertsDirectory(), "client_1_ca.pem")); | |
| 54 ASSERT_TRUE(client_1_ca.get()); | |
| 55 ASSERT_EQ(SECSuccess, | |
| 56 PK11_ImportCert(test_db.slot(), client_1_ca->os_cert_handle(), | |
| 57 CK_INVALID_HANDLE, "client_1_ca", | |
| 58 PR_FALSE /* includeTrust (unused) */)); | |
| 59 | 47 |
| 60 std::unique_ptr<ClientCertStoreNSS> store( | 48 scoped_refptr<X509Certificate> ImportClientCert(const std::string& name) { |
| 61 new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory())); | 49 return ImportClientCertAndKeyFromFile( |
| 62 | 50 GetTestCertsDirectory(), name + ".pem", name + ".pk8", test_db.slot()); |
| 63 { | |
| 64 // Request certificates matching B CA, |client_1|'s issuer. | |
| 65 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo); | |
| 66 request->cert_authorities.push_back(std::string( | |
| 67 reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN))); | |
| 68 | |
| 69 CertificateList selected_certs; | |
| 70 base::RunLoop loop; | |
| 71 store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure()); | |
| 72 loop.Run(); | |
| 73 | |
| 74 // The result be |client_1| with no intermediates. | |
| 75 ASSERT_EQ(1u, selected_certs.size()); | |
| 76 scoped_refptr<X509Certificate> selected_cert = selected_certs[0]; | |
| 77 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(), | |
| 78 selected_cert->os_cert_handle())); | |
| 79 ASSERT_EQ(0u, selected_cert->GetIntermediateCertificates().size()); | |
| 80 } | 51 } |
| 81 | 52 |
| 82 { | 53 scoped_refptr<X509Certificate> ImportClientIntermediate( |
| 83 // Request certificates matching C Root CA, |client_1_ca|'s issuer. | 54 const std::string& name) { |
| 84 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo); | 55 scoped_refptr<X509Certificate> client_ca( |
| 85 request->cert_authorities.push_back( | 56 ImportCertFromFile(GetTestCertsDirectory(), name + ".pem")); |
| 86 std::string(reinterpret_cast<const char*>(kAuthorityRootDN), | 57 if (!client_ca) |
| 87 sizeof(kAuthorityRootDN))); | 58 return nullptr; |
| 88 | 59 |
| 89 CertificateList selected_certs; | 60 SECStatus rv = PK11_ImportCert(test_db.slot(), client_ca->os_cert_handle(), |
| 61 CK_INVALID_HANDLE, name.c_str(), |
| 62 PR_FALSE /* includeTrust (unused) */); |
| 63 EXPECT_EQ(SECSuccess, rv); |
| 64 if (rv != SECSuccess) |
| 65 return nullptr; |
| 66 return client_ca; |
| 67 } |
| 68 |
| 69 void GetClientCerts(const SSLCertRequestInfo& cert_request_info, |
| 70 CertificateList* selected_certs) { |
| 71 std::unique_ptr<ClientCertStoreNSS> store( |
| 72 new ClientCertStoreNSS(ClientCertStoreNSS::PasswordDelegateFactory())); |
| 73 |
| 90 base::RunLoop loop; | 74 base::RunLoop loop; |
| 91 store->GetClientCerts(*request.get(), &selected_certs, loop.QuitClosure()); | 75 store->GetClientCerts(cert_request_info, selected_certs, |
| 76 loop.QuitClosure()); |
| 92 loop.Run(); | 77 loop.Run(); |
| 78 // return true; |
| 79 } |
| 93 | 80 |
| 94 // The result be |client_1| with |client_1_ca| as an intermediate. | 81 protected: |
| 95 ASSERT_EQ(1u, selected_certs.size()); | 82 crypto::ScopedTestNSSDB test_db; |
| 96 scoped_refptr<X509Certificate> selected_cert = selected_certs[0]; | 83 }; |
| 97 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(), | 84 |
| 98 selected_cert->os_cert_handle())); | 85 INSTANTIATE_TYPED_TEST_CASE_P(NSS, |
| 99 ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size()); | 86 ClientCertStoreChainTest, |
| 100 EXPECT_TRUE(X509Certificate::IsSameOSCert( | 87 ClientCertStoreChainNSSTestDelegate); |
| 101 client_1_ca->os_cert_handle(), | |
| 102 selected_cert->GetIntermediateCertificates()[0])); | |
| 103 } | |
| 104 } | |
| 105 | 88 |
| 106 } // namespace net | 89 } // namespace net |
| OLD | NEW |