| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ | 5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ |
| 6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ | 6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 119 request->cert_authorities = authority_1; | 119 request->cert_authorities = authority_1; |
| 120 | 120 |
| 121 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 121 std::vector<scoped_refptr<X509Certificate> > selected_certs; |
| 122 bool rv = this->delegate_.SelectClientCerts( | 122 bool rv = this->delegate_.SelectClientCerts( |
| 123 certs, *request.get(), &selected_certs); | 123 certs, *request.get(), &selected_certs); |
| 124 EXPECT_TRUE(rv); | 124 EXPECT_TRUE(rv); |
| 125 ASSERT_EQ(1u, selected_certs.size()); | 125 ASSERT_EQ(1u, selected_certs.size()); |
| 126 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get())); | 126 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get())); |
| 127 } | 127 } |
| 128 | 128 |
| 129 /* |
| 130 // Verify that certificates are correctly filtered against CertRequestInfo with |
| 131 // |cert_authorities| containing only |authority_1_DN|. |
| 132 TYPED_TEST_P(ClientCertStoreTest, CertChainAuthorityFiltering) { |
| 133 scoped_refptr<X509Certificate> cert_1( |
| 134 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 135 ASSERT_TRUE(cert_1.get()); |
| 136 scoped_refptr<X509Certificate> cert_2( |
| 137 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); |
| 138 ASSERT_TRUE(cert_2.get()); |
| 139 |
| 140 std::vector<std::string> authority_1( |
| 141 1, std::string(reinterpret_cast<const char*>(kAuthorityRootDN), |
| 142 sizeof(kAuthorityRootDN))); |
| 143 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_1)); |
| 144 EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1)); |
| 145 |
| 146 std::vector<scoped_refptr<X509Certificate> > certs; |
| 147 certs.push_back(cert_1); |
| 148 certs.push_back(cert_2); |
| 149 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 150 request->cert_authorities = authority_1; |
| 151 |
| 152 std::vector<scoped_refptr<X509Certificate> > selected_certs; |
| 153 bool rv = this->delegate_.SelectClientCerts( |
| 154 certs, *request.get(), &selected_certs); |
| 155 EXPECT_TRUE(rv); |
| 156 ASSERT_EQ(1u, selected_certs.size()); |
| 157 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get())); |
| 158 } |
| 159 */ |
| 160 |
| 129 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest, | 161 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest, |
| 130 EmptyQuery, | 162 EmptyQuery, |
| 131 AllIssuersAllowed, | 163 AllIssuersAllowed, |
| 132 CertAuthorityFiltering); | 164 CertAuthorityFiltering); |
| 133 | 165 |
| 166 template <typename T> |
| 167 class ClientCertStoreChainTest : public ::testing::Test { |
| 168 public: |
| 169 T delegate_; |
| 170 }; |
| 171 |
| 172 TYPED_TEST_CASE_P(ClientCertStoreChainTest); |
| 173 |
| 174 // XXX |
| 175 // Tests that ClientCertStoreNSS attempts to build a certificate chain by |
| 176 // querying NSS before return a certificate. |
| 177 TYPED_TEST_P(ClientCertStoreChainTest, BuildsCertificateChainDirectlyIssued) { |
| 178 scoped_refptr<X509Certificate> client_1( |
| 179 this->delegate_.ImportClientCert("client_1")); |
| 180 ASSERT_TRUE(client_1.get()); |
| 181 |
| 182 // Request certificates matching B CA, |client_1|'s issuer. |
| 183 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo); |
| 184 request->cert_authorities.push_back(std::string( |
| 185 reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN))); |
| 186 |
| 187 CertificateList selected_certs; |
| 188 this->delegate_.GetClientCerts(*request.get(), &selected_certs); |
| 189 |
| 190 // The result be |client_1| with no intermediates. |
| 191 ASSERT_EQ(1u, selected_certs.size()); |
| 192 scoped_refptr<X509Certificate> selected_cert = selected_certs[0]; |
| 193 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(), |
| 194 selected_cert->os_cert_handle())); |
| 195 ASSERT_EQ(0u, selected_cert->GetIntermediateCertificates().size()); |
| 196 } |
| 197 |
| 198 // XXX |
| 199 TYPED_TEST_P(ClientCertStoreChainTest, BuildsCertificateChainWithIntermediate) { |
| 200 scoped_refptr<X509Certificate> client_1( |
| 201 this->delegate_.ImportClientCert("client_1")); |
| 202 ASSERT_TRUE(client_1.get()); |
| 203 scoped_refptr<X509Certificate> client_1_ca( |
| 204 this->delegate_.ImportClientIntermediate("client_1_ca")); |
| 205 ASSERT_TRUE(client_1_ca.get()); |
| 206 |
| 207 // Request certificates matching C Root CA, |client_1_ca|'s issuer. |
| 208 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo); |
| 209 request->cert_authorities.push_back( |
| 210 std::string(reinterpret_cast<const char*>(kAuthorityRootDN), |
| 211 sizeof(kAuthorityRootDN))); |
| 212 |
| 213 CertificateList selected_certs; |
| 214 this->delegate_.GetClientCerts(*request.get(), &selected_certs); |
| 215 |
| 216 // The result be |client_1| with |client_1_ca| as an intermediate. |
| 217 ASSERT_EQ(1u, selected_certs.size()); |
| 218 scoped_refptr<X509Certificate> selected_cert = selected_certs[0]; |
| 219 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(), |
| 220 selected_cert->os_cert_handle())); |
| 221 ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size()); |
| 222 EXPECT_TRUE(X509Certificate::IsSameOSCert( |
| 223 client_1_ca->os_cert_handle(), |
| 224 selected_cert->GetIntermediateCertificates()[0])); |
| 225 } |
| 226 |
| 227 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreChainTest, |
| 228 BuildsCertificateChainDirectlyIssued, |
| 229 BuildsCertificateChainWithIntermediate); |
| 230 |
| 134 } // namespace net | 231 } // namespace net |
| 135 | 232 |
| 136 #endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ | 233 #endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2411023002:
*WIP* Mac Unittest for client cert selection with intermediate certs
