Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(438)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/client_cert_store_unittest-inl.h

Issue 2411023002: *WIP* Mac Unittest for client cert selection with intermediate certs
Patch Set: rebase Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/ssl/client_cert_store_nss_unittest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/client_cert_store_unittest-inl.h
diff --git a/net/ssl/client_cert_store_unittest-inl.h b/net/ssl/client_cert_store_unittest-inl.h
index b72ba254f841a5224ad332436e8fcfeee2d54f7c..c77001468f9ed664e3b3a0469fcf5be3d8df9842 100644
--- a/net/ssl/client_cert_store_unittest-inl.h
+++ b/net/ssl/client_cert_store_unittest-inl.h
@@ -126,11 +126,108 @@ TYPED_TEST_P(ClientCertStoreTest, CertAuthorityFiltering) {
EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
}
+/*
+// Verify that certificates are correctly filtered against CertRequestInfo with
+// |cert_authorities| containing only |authority_1_DN|.
+TYPED_TEST_P(ClientCertStoreTest, CertChainAuthorityFiltering) {
+ scoped_refptr<X509Certificate> cert_1(
+ ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
+ ASSERT_TRUE(cert_1.get());
+ scoped_refptr<X509Certificate> cert_2(
+ ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
+ ASSERT_TRUE(cert_2.get());
+
+ std::vector<std::string> authority_1(
+ 1, std::string(reinterpret_cast<const char*>(kAuthorityRootDN),
+ sizeof(kAuthorityRootDN)));
+ EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_1));
+ EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1));
+
+ std::vector<scoped_refptr<X509Certificate> > certs;
+ certs.push_back(cert_1);
+ certs.push_back(cert_2);
+ scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo());
+ request->cert_authorities = authority_1;
+
+ std::vector<scoped_refptr<X509Certificate> > selected_certs;
+ bool rv = this->delegate_.SelectClientCerts(
+ certs, *request.get(), &selected_certs);
+ EXPECT_TRUE(rv);
+ ASSERT_EQ(1u, selected_certs.size());
+ EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get()));
+}
+*/
+
REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest,
EmptyQuery,
AllIssuersAllowed,
CertAuthorityFiltering);
+template <typename T>
+class ClientCertStoreChainTest : public ::testing::Test {
+ public:
+ T delegate_;
+};
+
+TYPED_TEST_CASE_P(ClientCertStoreChainTest);
+
+// XXX
+// Tests that ClientCertStoreNSS attempts to build a certificate chain by
+// querying NSS before return a certificate.
+TYPED_TEST_P(ClientCertStoreChainTest, BuildsCertificateChainDirectlyIssued) {
+ scoped_refptr<X509Certificate> client_1(
+ this->delegate_.ImportClientCert("client_1"));
+ ASSERT_TRUE(client_1.get());
+
+ // Request certificates matching B CA, |client_1|'s issuer.
+ scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
+ request->cert_authorities.push_back(std::string(
+ reinterpret_cast<const char*>(kAuthority1DN), sizeof(kAuthority1DN)));
+
+ CertificateList selected_certs;
+ this->delegate_.GetClientCerts(*request.get(), &selected_certs);
+
+ // The result be |client_1| with no intermediates.
+ ASSERT_EQ(1u, selected_certs.size());
+ scoped_refptr<X509Certificate> selected_cert = selected_certs[0];
+ EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),
+ selected_cert->os_cert_handle()));
+ ASSERT_EQ(0u, selected_cert->GetIntermediateCertificates().size());
+}
+
+// XXX
+TYPED_TEST_P(ClientCertStoreChainTest, BuildsCertificateChainWithIntermediate) {
+ scoped_refptr<X509Certificate> client_1(
+ this->delegate_.ImportClientCert("client_1"));
+ ASSERT_TRUE(client_1.get());
+ scoped_refptr<X509Certificate> client_1_ca(
+ this->delegate_.ImportClientIntermediate("client_1_ca"));
+ ASSERT_TRUE(client_1_ca.get());
+
+ // Request certificates matching C Root CA, |client_1_ca|'s issuer.
+ scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo);
+ request->cert_authorities.push_back(
+ std::string(reinterpret_cast<const char*>(kAuthorityRootDN),
+ sizeof(kAuthorityRootDN)));
+
+ CertificateList selected_certs;
+ this->delegate_.GetClientCerts(*request.get(), &selected_certs);
+
+ // The result be |client_1| with |client_1_ca| as an intermediate.
+ ASSERT_EQ(1u, selected_certs.size());
+ scoped_refptr<X509Certificate> selected_cert = selected_certs[0];
+ EXPECT_TRUE(X509Certificate::IsSameOSCert(client_1->os_cert_handle(),
+ selected_cert->os_cert_handle()));
+ ASSERT_EQ(1u, selected_cert->GetIntermediateCertificates().size());
+ EXPECT_TRUE(X509Certificate::IsSameOSCert(
+ client_1_ca->os_cert_handle(),
+ selected_cert->GetIntermediateCertificates()[0]));
+}
+
+REGISTER_TYPED_TEST_CASE_P(ClientCertStoreChainTest,
+ BuildsCertificateChainDirectlyIssued,
+ BuildsCertificateChainWithIntermediate);
+
} // namespace net
#endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_
« no previous file with comments | « net/ssl/client_cert_store_nss_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698