Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(544)

Side by Side Diff: net/ssl/client_cert_store_unittest-inl.h

Issue 2411023002: *WIP* Mac Unittest for client cert selection with intermediate certs
Patch Set: rebase Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/client_cert_store_nss_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ 5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ 6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
119 request->cert_authorities = authority_1; 119 request->cert_authorities = authority_1;
120 120
121 std::vector<scoped_refptr<X509Certificate> > selected_certs; 121 std::vector<scoped_refptr<X509Certificate> > selected_certs;
122 bool rv = this->delegate_.SelectClientCerts( 122 bool rv = this->delegate_.SelectClientCerts(
123 certs, *request.get(), &selected_certs); 123 certs, *request.get(), &selected_certs);
124 EXPECT_TRUE(rv); 124 EXPECT_TRUE(rv);
125 ASSERT_EQ(1u, selected_certs.size()); 125 ASSERT_EQ(1u, selected_certs.size());
126 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get())); 126 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
127 } 127 }
128 128
129 /*
130 // Verify that certificates are correctly filtered against CertRequestInfo with
131 // |cert_authorities| containing only |authority_1_DN|.
132 TYPED_TEST_P(ClientCertStoreTest, CertChainAuthorityFiltering) {
133 scoped_refptr<X509Certificate> cert_1(
134 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
135 ASSERT_TRUE(cert_1.get());
136 scoped_refptr<X509Certificate> cert_2(
137 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
138 ASSERT_TRUE(cert_2.get());
139
140 std::vector<std::string> authority_1(
141 1, std::string(reinterpret_cast<const char*>(kAuthorityRootDN),
142 sizeof(kAuthorityRootDN)));
143 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_1));
144 EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1));
145
146 std::vector<scoped_refptr<X509Certificate> > certs;
147 certs.push_back(cert_1);
148 certs.push_back(cert_2);
149 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
150 request->cert_authorities = authority_1;
151
152 std::vector<scoped_refptr<X509Certificate> > selected_certs;
153 bool rv = this->delegate_.SelectClientCerts(
154 certs, *request.get(), &selected_certs);
155 EXPECT_TRUE(rv);
156 ASSERT_EQ(1u, selected_certs.size());
157 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
158 }
159 */
160
129 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest, 161 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest,
130 EmptyQuery, 162 EmptyQuery,
131 AllIssuersAllowed, 163 AllIssuersAllowed,
132 CertAuthorityFiltering); 164 CertAuthorityFiltering);
133 165
166 template <typename T>
167 class ClientCertStoreChainTest : public ::testing::Test {
168 public:
169 T delegate_;
170 };
171
172 TYPED_TEST_CASE_P(ClientCertStoreChainTest);
173
174 // XXX
175 // Tests that ClientCertStoreNSS attempts to build a certificate chain by
176 // querying NSS before return a certificate.
177 TYPED_TEST_P(ClientCertStoreChainTest, BuildsCertificateChainDirectlyIssued) {
178 scoped_refptr<X509Certificate> client_1(
179 this->delegate_.ImportClientCert("client_1"));
180 ASSERT_TRUE(client_1.get());
181
182 // Request certificates matching B CA, |client_1|'s issuer.
183 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
184 request->cert_authorities.push_back(std::string(
185 reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN)));
186
187 CertificateList selected_certs;
188 this->delegate_.GetClientCerts(*request.get(), &selected_certs);
189
190 // The result be |client_1| with no intermediates.
191 ASSERT_EQ(1u, selected_certs.size());
192 scoped_refptr<X509Certificate> selected_cert = selected_certs[0];
193 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),
194 selected_cert->os_cert_handle()));
195 ASSERT_EQ(0u, selected_cert->GetIntermediateCertificates().size());
196 }
197
198 // XXX
199 TYPED_TEST_P(ClientCertStoreChainTest, BuildsCertificateChainWithIntermediate) {
200 scoped_refptr<X509Certificate> client_1(
201 this->delegate_.ImportClientCert("client_1"));
202 ASSERT_TRUE(client_1.get());
203 scoped_refptr<X509Certificate> client_1_ca(
204 this->delegate_.ImportClientIntermediate("client_1_ca"));
205 ASSERT_TRUE(client_1_ca.get());
206
207 // Request certificates matching C Root CA, |client_1_ca|'s issuer.
208 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
209 request->cert_authorities.push_back(
210 std::string(reinterpret_cast<const char*>(kAuthorityRootDN),
211 sizeof(kAuthorityRootDN)));
212
213 CertificateList selected_certs;
214 this->delegate_.GetClientCerts(*request.get(), &selected_certs);
215
216 // The result be |client_1| with |client_1_ca| as an intermediate.
217 ASSERT_EQ(1u, selected_certs.size());
218 scoped_refptr<X509Certificate> selected_cert = selected_certs[0];
219 EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),
220 selected_cert->os_cert_handle()));
221 ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size());
222 EXPECT_TRUE(X509Certificate::IsSameOSCert(
223 client_1_ca->os_cert_handle(),
224 selected_cert->GetIntermediateCertificates()[0]));
225 }
226
227 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreChainTest,
228 BuildsCertificateChainDirectlyIssued,
229 BuildsCertificateChainWithIntermediate);
230
134 } // namespace net 231 } // namespace net
135 232
136 #endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ 233 #endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
OLDNEW
« no previous file with comments | « net/ssl/client_cert_store_nss_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698