Chromium Code Reviews Chromium Code Reviews
Issue 2453093004:
Remove dependence on a message loop for net::PathBuilder. (Closed)
| Index: net/cert/internal/path_builder_unittest.cc |
| diff --git a/net/cert/internal/path_builder_unittest.cc b/net/cert/internal/path_builder_unittest.cc |
| index 5f0a2eb62348d5c64db87734cee6f22b67784b9c..7b150f43a3d0b4f191893a4ffc65c2ed782eb20a 100644 |
| --- a/net/cert/internal/path_builder_unittest.cc |
| +++ b/net/cert/internal/path_builder_unittest.cc |
| @@ -5,18 +5,13 @@ |
| #include "net/cert/internal/path_builder.h" |
| #include "base/base_paths.h" |
| -#include "base/cancelable_callback.h" |
| #include "base/files/file_util.h" |
| -#include "base/location.h" |
| #include "base/path_service.h" |
| -#include "base/threading/thread_task_runner_handle.h" |
| -#include "net/base/test_completion_callback.h" |
| #include "net/cert/internal/cert_issuer_source_static.h" |
| #include "net/cert/internal/parsed_certificate.h" |
| #include "net/cert/internal/signature_policy.h" |
| #include "net/cert/internal/test_helpers.h" |
| #include "net/cert/internal/trust_store_in_memory.h" |
| -#include "net/cert/internal/trust_store_test_helpers.h" |
| #include "net/cert/internal/verify_certificate_chain.h" |
| #include "net/cert/pem_tokenizer.h" |
| #include "net/der/input.h" |
| @@ -44,32 +39,17 @@ class AsyncCertIssuerSourceStatic : public CertIssuerSource { |
| public: |
| class StaticAsyncRequest : public Request { |
| public: |
| - StaticAsyncRequest(const IssuerCallback& issuers_callback, |
| - ParsedCertificateList&& issuers) |
| - : cancelable_closure_(base::Bind(&StaticAsyncRequest::RunCallback, |
| - base::Unretained(this))), |
| - issuers_callback_(issuers_callback) { |
| + StaticAsyncRequest(ParsedCertificateList&& issuers) { |
| issuers_.swap(issuers); |
| issuers_iter_ = issuers_.begin(); |
| } |
| ~StaticAsyncRequest() override {} |
| - CompletionStatus GetNext( |
| - scoped_refptr<ParsedCertificate>* out_cert) override { |
| - if (issuers_iter_ == issuers_.end()) |
| - *out_cert = nullptr; |
| - else |
| - *out_cert = std::move(*issuers_iter_++); |
| - return CompletionStatus::SYNC; |
| + void GetNext(ParsedCertificateList* out_certs) override { |
| + if (issuers_iter_ != issuers_.end()) |
| + out_certs->push_back(std::move(*issuers_iter_++)); |
| } |
| - base::Closure callback() { return cancelable_closure_.callback(); } |
| - |
| - private: |
| - void RunCallback() { issuers_callback_.Run(this); } |
| - |
| - base::CancelableClosure cancelable_closure_; |
| - IssuerCallback issuers_callback_; |
| ParsedCertificateList issuers_; |
| ParsedCertificateList::iterator issuers_iter_; |
| @@ -85,14 +65,12 @@ class AsyncCertIssuerSourceStatic : public CertIssuerSource { |
| void SyncGetIssuersOf(const ParsedCertificate* cert, |
| ParsedCertificateList* issuers) override {} |
| void AsyncGetIssuersOf(const ParsedCertificate* cert, |
| - const IssuerCallback& issuers_callback, |
| std::unique_ptr<Request>* out_req) override { |
| num_async_gets_++; |
| ParsedCertificateList issuers; |
| static_cert_issuer_source_.SyncGetIssuersOf(cert, &issuers); |
| std::unique_ptr<StaticAsyncRequest> req( |
| - new StaticAsyncRequest(issuers_callback, std::move(issuers))); |
| - base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, req->callback()); |
| + new StaticAsyncRequest(std::move(issuers))); |
| *out_req = std::move(req); |
| } |
| int num_async_gets() const { return num_async_gets_; } |
| @@ -131,21 +109,6 @@ class AsyncCertIssuerSourceStatic : public CertIssuerSource { |
| return ::testing::AssertionSuccess(); |
| } |
| -// Run the path builder, and wait for async completion if necessary. The return |
| -// value signifies whether the path builder completed synchronously or |
| -// asynchronously, not that RunPathBuilder itself is asynchronous. |
| -CompletionStatus RunPathBuilder(CertPathBuilder* path_builder) { |
| - TestClosure callback; |
| - CompletionStatus rv = path_builder->Run(callback.closure()); |
| - |
| - if (rv == CompletionStatus::ASYNC) { |
| - DVLOG(1) << "waiting for async completion..."; |
| - callback.WaitForResult(); |
| - DVLOG(1) << "async completed."; |
| - } |
| - return rv; |
| -} |
| - |
| class PathBuilderMultiRootTest : public ::testing::Test { |
| public: |
| PathBuilderMultiRootTest() : signature_policy_(1024) {} |
| @@ -194,7 +157,7 @@ TEST_F(PathBuilderMultiRootTest, TargetHasNameAndSpkiOfTrustAnchor) { |
| CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| &result); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| ASSERT_TRUE(result.HasValidPath()); |
| const auto& path = result.GetBestValidPath()->path; |
| @@ -214,7 +177,7 @@ TEST_F(PathBuilderMultiRootTest, TargetWithSameNameAsTrustAnchorFails) { |
| CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| &result); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_FALSE(result.HasValidPath()); |
| } |
| @@ -245,7 +208,7 @@ TEST_F(PathBuilderMultiRootTest, SelfSignedTrustAnchorSupplementalCert) { |
| expired_time, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_FALSE(result.HasValidPath()); |
| ASSERT_EQ(2U, result.paths.size()); |
| @@ -277,7 +240,7 @@ TEST_F(PathBuilderMultiRootTest, TargetIsSelfSignedTrustAnchor) { |
| CertPathBuilder path_builder(e_by_e_, &trust_store, &signature_policy_, time_, |
| &result); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| ASSERT_TRUE(result.HasValidPath()); |
| const auto& path = result.GetBestValidPath()->path; |
| @@ -296,7 +259,7 @@ TEST_F(PathBuilderMultiRootTest, TargetDirectlySignedByTrustAnchor) { |
| CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| &result); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| ASSERT_TRUE(result.HasValidPath()); |
| const auto& path = result.GetBestValidPath()->path; |
| @@ -325,35 +288,12 @@ TEST_F(PathBuilderMultiRootTest, TriesSyncFirst) { |
| path_builder.AddCertIssuerSource(&async_certs); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_TRUE(result.HasValidPath()); |
| EXPECT_EQ(0, async_certs.num_async_gets()); |
| } |
| -// Test that async cert queries are not made if no callback is provided. |
| -TEST_F(PathBuilderMultiRootTest, SychronousOnlyMode) { |
| - TrustStoreInMemory trust_store; |
| - AddTrustedCertificate(e_by_e_, &trust_store); |
| - |
| - CertIssuerSourceStatic sync_certs; |
| - sync_certs.AddCert(f_by_e_); |
| - |
| - AsyncCertIssuerSourceStatic async_certs; |
| - async_certs.AddCert(b_by_f_); |
| - |
| - CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(a_by_b_, &trust_store, &signature_policy_, time_, |
| - &result); |
| - path_builder.AddCertIssuerSource(&async_certs); |
| - path_builder.AddCertIssuerSource(&sync_certs); |
| - |
| - EXPECT_EQ(CompletionStatus::SYNC, path_builder.Run(base::Closure())); |
| - |
| - EXPECT_FALSE(result.HasValidPath()); |
| - EXPECT_EQ(0, async_certs.num_async_gets()); |
| -} |
| - |
| // If async queries are needed, all async sources will be queried |
| // simultaneously. |
| TEST_F(PathBuilderMultiRootTest, TestAsyncSimultaneous) { |
| @@ -377,7 +317,7 @@ TEST_F(PathBuilderMultiRootTest, TestAsyncSimultaneous) { |
| path_builder.AddCertIssuerSource(&async_certs2); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_TRUE(result.HasValidPath()); |
| EXPECT_EQ(1, async_certs1.num_async_gets()); |
| @@ -402,7 +342,7 @@ TEST_F(PathBuilderMultiRootTest, TestLongChain) { |
| &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| ASSERT_TRUE(result.HasValidPath()); |
| @@ -436,7 +376,7 @@ TEST_F(PathBuilderMultiRootTest, TestBacktracking) { |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.AddCertIssuerSource(&async_certs); |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| ASSERT_TRUE(result.HasValidPath()); |
| @@ -474,7 +414,7 @@ TEST_F(PathBuilderMultiRootTest, TestCertIssuerOrdering) { |
| time_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| ASSERT_TRUE(result.HasValidPath()); |
| @@ -558,7 +498,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverOnlyOldRootTrusted) { |
| &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_TRUE(result.HasValidPath()); |
| @@ -606,7 +546,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverBothRootsTrusted) { |
| &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_TRUE(result.HasValidPath()); |
| @@ -630,141 +570,36 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverBothRootsTrusted) { |
| } |
| } |
| -// If trust anchors are provided both synchronously and asynchronously for the |
| -// same cert, the synchronously provided ones should be tried first, and |
| -// pathbuilder should finish synchronously. |
| -TEST_F(PathBuilderKeyRolloverTest, TestSyncAnchorsPreferred) { |
| - TrustStoreInMemoryAsync trust_store; |
| - // Both oldintermediate and newintermediate are trusted, but oldintermediate |
| - // is returned synchronously and newintermediate asynchronously. |
| - trust_store.AddSyncTrustAnchor( |
| - TrustAnchor::CreateFromCertificateNoConstraints(oldintermediate_)); |
| - trust_store.AddAsyncTrustAnchor( |
| - TrustAnchor::CreateFromCertificateNoConstraints(newintermediate_)); |
| - |
| - CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - &result); |
| - |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| - |
| - EXPECT_TRUE(result.HasValidPath()); |
| - |
| - ASSERT_EQ(1U, result.paths.size()); |
| - const auto& path = result.paths[0]->path; |
| - EXPECT_TRUE(result.paths[0]->valid); |
| - ASSERT_EQ(1U, path.certs.size()); |
| - EXPECT_EQ(target_, path.certs[0]); |
| - EXPECT_EQ(oldintermediate_, path.trust_anchor->cert()); |
| -} |
| - |
| -// Async trust anchor checks should be done before synchronous issuer checks are |
| -// considered. (Avoiding creating unnecessarily long paths.) |
| -// |
| -// Two valid paths could be built: |
| -// newintermediate <- newrootrollover <- oldroot |
| -// newintermediate <- newroot |
| -// One invalid path could be built: |
| -// newintermediate <- oldroot |
| -// |
| -// First: newintermediate <- oldroot will be tried, since oldroot is |
| -// available synchronously, but this path will not verify. |
| -// Second: newintermediate <- newroot should be built, even though |
| -// newrootrollover issuer is available synchronously and newroot is async. This |
| -// path should verify and pathbuilder will stop. |
| -TEST_F(PathBuilderKeyRolloverTest, TestAsyncAnchorsBeforeSyncIssuers) { |
| - TrustStoreInMemoryAsync trust_store; |
| - trust_store.AddSyncTrustAnchor(oldroot_); |
| - trust_store.AddAsyncTrustAnchor( |
| - TrustAnchor::CreateFromCertificateNoConstraints(newroot_)); |
| - |
| - CertIssuerSourceStatic sync_certs; |
| - sync_certs.AddCert(newrootrollover_); |
| - |
| - CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(newintermediate_, &trust_store, |
| - &signature_policy_, time_, &result); |
| - path_builder.AddCertIssuerSource(&sync_certs); |
| - |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| - |
| - EXPECT_TRUE(result.HasValidPath()); |
| - |
| - ASSERT_EQ(2U, result.paths.size()); |
| - { |
| - const auto& path = result.paths[0]->path; |
| - EXPECT_FALSE(result.paths[0]->valid); |
| - ASSERT_EQ(1U, path.certs.size()); |
| - EXPECT_EQ(newintermediate_, path.certs[0]); |
| - EXPECT_EQ(oldroot_, path.trust_anchor); |
| - } |
| - { |
| - const auto& path = result.paths[1]->path; |
| - EXPECT_TRUE(result.paths[1]->valid); |
| - ASSERT_EQ(1U, path.certs.size()); |
| - EXPECT_EQ(newintermediate_, path.certs[0]); |
| - EXPECT_EQ(newroot_, path.trust_anchor->cert()); |
| - } |
| -} |
| - |
| -// If async trust anchor query returned no results, and there are no issuer |
| +// If trust anchor query returned no results, and there are no issuer |
| // sources, path building should fail at that point. |
| -TEST_F(PathBuilderKeyRolloverTest, TestAsyncAnchorsNoMatchAndNoIssuerSources) { |
| - TrustStoreInMemoryAsync trust_store; |
| - trust_store.AddAsyncTrustAnchor( |
| +TEST_F(PathBuilderKeyRolloverTest, TestAnchorsNoMatchAndNoIssuerSources) { |
| + TrustStoreInMemory trust_store; |
| + trust_store.AddTrustAnchor( |
| TrustAnchor::CreateFromCertificateNoConstraints(newroot_)); |
| CertPathBuilder::Result result; |
| CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| &result); |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_FALSE(result.HasValidPath()); |
| ASSERT_EQ(0U, result.paths.size()); |
| } |
| -// Both trust store and issuer source are async. Should successfully build a |
| -// path. |
| -TEST_F(PathBuilderKeyRolloverTest, TestAsyncAnchorsAndAsyncIssuers) { |
| - TrustStoreInMemoryAsync trust_store; |
| - trust_store.AddAsyncTrustAnchor( |
| - TrustAnchor::CreateFromCertificateNoConstraints(newroot_)); |
| - |
| - AsyncCertIssuerSourceStatic async_certs; |
| - async_certs.AddCert(newintermediate_); |
| - |
| - CertPathBuilder::Result result; |
| - CertPathBuilder path_builder(target_, &trust_store, &signature_policy_, time_, |
| - &result); |
| - path_builder.AddCertIssuerSource(&async_certs); |
| - |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| - |
| - EXPECT_TRUE(result.HasValidPath()); |
| - |
| - ASSERT_EQ(1U, result.paths.size()); |
| - const auto& path = result.paths[0]->path; |
| - EXPECT_TRUE(result.paths[0]->valid); |
| - ASSERT_EQ(2U, path.certs.size()); |
| - EXPECT_EQ(target_, path.certs[0]); |
| - EXPECT_EQ(newintermediate_, path.certs[1]); |
| - EXPECT_EQ(newroot_, path.trust_anchor->cert()); |
| -} |
| - |
| // Tests that multiple trust root matches on a single path will be considered. |
| // Both roots have the same subject but different keys. Only one of them will |
| // verify. |
| TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { |
| - TrustStoreInMemoryAsync trust_store; |
| + TrustStoreInMemory trust_store; |
| // Since FindTrustAnchorsByNormalizedName returns newroot synchronously, it |
| // should be tried first. |
| - trust_store.AddSyncTrustAnchor( |
| + trust_store.AddTrustAnchor( |
| TrustAnchor::CreateFromCertificateNoConstraints(newroot_)); |
| // oldroot is returned asynchronously, so it should only be tried after the |
| // path built with newroot fails. |
|
mattm
2016/10/28 02:11:55
comment needs updating
eroman
2016/11/23 22:10:21
Done.
|
| - trust_store.AddAsyncTrustAnchor(oldroot_); |
| + trust_store.AddTrustAnchor(oldroot_); |
| // Only oldintermediate is supplied, so the path with newroot should fail, |
| // oldroot should succeed. |
| @@ -776,7 +611,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestMultipleRootMatchesOnlyOneWorks) { |
| &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_TRUE(result.HasValidPath()); |
| ASSERT_EQ(2U, result.paths.size()); |
| @@ -827,7 +662,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestRolloverLongChain) { |
| path_builder.AddCertIssuerSource(&sync_certs); |
| path_builder.AddCertIssuerSource(&async_certs); |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_TRUE(result.HasValidPath()); |
| ASSERT_EQ(3U, result.paths.size()); |
| @@ -882,7 +717,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestEndEntityIsTrustRoot) { |
| CertPathBuilder path_builder(newintermediate_, &trust_store, |
| &signature_policy_, time_, &result); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_FALSE(result.HasValidPath()); |
| } |
| @@ -907,7 +742,7 @@ TEST_F(PathBuilderKeyRolloverTest, |
| time_, &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| // This could actually be OK, but CertPathBuilder does not build the |
| // newroot <- newrootrollover <- oldroot path. |
| @@ -927,7 +762,7 @@ TEST_F(PathBuilderKeyRolloverTest, |
| CertPathBuilder path_builder(newroot_, &trust_store, &signature_policy_, |
| time_, &result); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| ASSERT_TRUE(result.HasValidPath()); |
| @@ -975,7 +810,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediates) { |
| path_builder.AddCertIssuerSource(&sync_certs2); |
| path_builder.AddCertIssuerSource(&async_certs); |
| - EXPECT_EQ(CompletionStatus::ASYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_TRUE(result.HasValidPath()); |
| ASSERT_EQ(2U, result.paths.size()); |
| @@ -1024,7 +859,7 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { |
| &result); |
| path_builder.AddCertIssuerSource(&sync_certs); |
| - EXPECT_EQ(CompletionStatus::SYNC, RunPathBuilder(&path_builder)); |
| + path_builder.Run(); |
| EXPECT_FALSE(result.HasValidPath()); |
| ASSERT_EQ(2U, result.paths.size()); |
| @@ -1042,9 +877,11 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateIntermediateAndRoot) { |
| EXPECT_EQ(newroot_->der_cert(), path.trust_anchor->cert()->der_cert()); |
| } |
| +// TODO(eroman): Re-enable these tests |
| +#if 0 |
| class MockCertIssuerSourceRequest : public CertIssuerSource::Request { |
| public: |
| - MOCK_METHOD1(GetNext, CompletionStatus(scoped_refptr<ParsedCertificate>*)); |
| + MOCK_METHOD1(GetNext, void(ParsedCertificateList*)); |
| }; |
| class MockCertIssuerSource : public CertIssuerSource { |
| @@ -1053,7 +890,6 @@ class MockCertIssuerSource : public CertIssuerSource { |
| void(const ParsedCertificate*, ParsedCertificateList*)); |
| MOCK_METHOD3(AsyncGetIssuersOf, |
| void(const ParsedCertificate*, |
| - const IssuerCallback&, |
| std::unique_ptr<Request>*)); |
| }; |
| @@ -1292,6 +1128,8 @@ TEST_F(PathBuilderKeyRolloverTest, TestDuplicateAsyncIntermediates) { |
| EXPECT_EQ(newroot_, path1.trust_anchor->cert()); |
| } |
| +#endif |
| + |
| } // namespace |
| } // namespace net |
