Move channel id tests up from OpenSSL and update channelid version.

net/socket/ssl_client_socket_openssl_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include <errno.h>
 #include <string.h>
 
 #include <openssl/bio.h>
@@ skipping 19 matching lines @@
 #include "net/cert/mock_cert_verifier.h"
 #include "net/cert/test_root_certs.h"
 #include "net/dns/host_resolver.h"
 #include "net/http/transport_security_state.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/socket_test_util.h"
 #include "net/socket/tcp_client_socket.h"
 #include "net/ssl/default_server_bound_cert_store.h"
 #include "net/ssl/openssl_client_key_store.h"
 #include "net/ssl/server_bound_cert_service.h"

[wtc, 2014/05/06 17:56:24]

Some of the headers should be removed, for example, *server_bound_cert*.h.

[haavardm, 2014/05/07 13:53:43]

Done.

 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/test/cert_test_util.h"
 #include "net/test/spawned_test_server/spawned_test_server.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
 
 namespace net {
 
 namespace {
 
 // These client auth tests are currently dependent on OpenSSL's struct X509.
 #if defined(USE_OPENSSL_CERTS)
 typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
 
 // BIO_free is a macro, it can't be used as a template parameter.
 void BIO_free_func(BIO* bio) {
     BIO_free(bio);
 }
 
 typedef crypto::ScopedOpenSSL<BIO, BIO_free_func> ScopedBIO;
 typedef crypto::ScopedOpenSSL<RSA, RSA_free> ScopedRSA;
 typedef crypto::ScopedOpenSSL<BIGNUM, BN_free> ScopedBIGNUM;
 
 const SSLConfig kDefaultSSLConfig;
 
-// A ServerBoundCertStore that always returns an error when asked for a
-// certificate.
-class FailingServerBoundCertStore : public ServerBoundCertStore {
-  virtual int GetServerBoundCert(const std::string& server_identifier,
-                                 base::Time* expiration_time,
-                                 std::string* private_key_result,
-                                 std::string* cert_result,
-                                 const GetCertCallback& callback) OVERRIDE {
-    return ERR_UNEXPECTED;
-  }
-  virtual void SetServerBoundCert(const std::string& server_identifier,
-                                  base::Time creation_time,
-                                  base::Time expiration_time,
-                                  const std::string& private_key,
-                                  const std::string& cert) OVERRIDE {}
-  virtual void DeleteServerBoundCert(const std::string& server_identifier,
-                                     const base::Closure& completion_callback)
-      OVERRIDE {}
-  virtual void DeleteAllCreatedBetween(base::Time delete_begin,
-                                       base::Time delete_end,
-                                       const base::Closure& completion_callback)
-      OVERRIDE {}
-  virtual void DeleteAll(const base::Closure& completion_callback) OVERRIDE {}
-  virtual void GetAllServerBoundCerts(const GetCertListCallback& callback)
-      OVERRIDE {}
-  virtual int GetCertCount() OVERRIDE { return 0; }
-  virtual void SetForceKeepSessionState() OVERRIDE {}
-};
-
 // Loads a PEM-encoded private key file into a scoped EVP_PKEY object.
 // |filepath| is the private key file path.
 // |*pkey| is reset to the new EVP_PKEY on success, untouched otherwise.
 // Returns true on success, false on failure.
 bool LoadPrivateKeyOpenSSL(
     const base::FilePath& filepath,
     OpenSSLClientKeyStore::ScopedEVP_PKEY* pkey) {
   std::string data;
   if (!base::ReadFileToString(filepath, &data)) {
     LOG(ERROR) << "Could not read private key file: "
@@ skipping 28 matching lines @@
     context_.cert_verifier = cert_verifier_.get();
     context_.transport_security_state = transport_security_state_.get();
     key_store_ = net::OpenSSLClientKeyStore::GetInstance();
   }
 
   virtual ~SSLClientSocketOpenSSLClientAuthTest() {
     key_store_->Flush();
   }
 
  protected:
-  void EnabledChannelID() {
-    cert_service_.reset(
-        new ServerBoundCertService(new DefaultServerBoundCertStore(NULL),
-                                   base::MessageLoopProxy::current()));
-    context_.server_bound_cert_service = cert_service_.get();
-  }
-
-  void EnabledFailingChannelID() {
-    cert_service_.reset(
-        new ServerBoundCertService(new FailingServerBoundCertStore(),
-                                   base::MessageLoopProxy::current()));
-    context_.server_bound_cert_service = cert_service_.get();
-  }
-
   scoped_ptr<SSLClientSocket> CreateSSLClientSocket(
       scoped_ptr<StreamSocket> transport_socket,
       const HostPortPair& host_and_port,
       const SSLConfig& ssl_config) {
     scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
     connection->SetSocket(transport_socket.Pass());
     return socket_factory_->CreateSSLClientSocket(connection.Pass(),
                                                   host_and_port,
                                                   ssl_config,
                                                   context_);
@@ skipping 61 matching lines @@
 
 
   // Check that the client certificate was sent.
   // Returns true on success.
   bool CheckSSLClientSocketSentCert() {
     SSLInfo ssl_info;
     sock_->GetSSLInfo(&ssl_info);
     return ssl_info.client_cert_sent;
   }
 
   scoped_ptr<ServerBoundCertService> cert_service_;

[wtc, 2014/05/06 17:56:24]

Delete the cert_service_ member.

[haavardm, 2014/05/07 13:53:43]

Done.

   ClientSocketFactory* socket_factory_;
   scoped_ptr<MockCertVerifier> cert_verifier_;
   scoped_ptr<TransportSecurityState> transport_security_state_;
   SSLClientSocketContext context_;
   OpenSSLClientKeyStore* key_store_;
   scoped_ptr<SpawnedTestServer> test_server_;
   AddressList addr_;
   TestCompletionCallback callback_;
   CapturingNetLog log_;
   scoped_ptr<StreamSocket> transport_;
@@ skipping 66 matching lines @@
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
 
   EXPECT_EQ(OK, rv);
   EXPECT_TRUE(sock_->IsConnected());
 
   EXPECT_TRUE(CheckSSLClientSocketSentCert());
 
   sock_->Disconnect();
   EXPECT_FALSE(sock_->IsConnected());
 }
-
-// Connect to a server using channel id. It should allow the connection.
-TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendChannelID) {
-  SpawnedTestServer::SSLOptions ssl_options;
-
-  ASSERT_TRUE(ConnectToTestServer(ssl_options));
-
-  EnabledChannelID();
-  SSLConfig ssl_config = kDefaultSSLConfig;
-  ssl_config.channel_id_enabled = true;
-
-  int rv;
-  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
-
-  EXPECT_EQ(OK, rv);
-  EXPECT_TRUE(sock_->IsConnected());
-  EXPECT_TRUE(sock_->WasChannelIDSent());
-
-  sock_->Disconnect();
-  EXPECT_FALSE(sock_->IsConnected());
-}
-
-// Connect to a server using channel id but without sending a key. It should
-// fail.
-TEST_F(SSLClientSocketOpenSSLClientAuthTest, FailingChannelID) {
-  SpawnedTestServer::SSLOptions ssl_options;
-
-  ASSERT_TRUE(ConnectToTestServer(ssl_options));
-
-  EnabledFailingChannelID();
-  SSLConfig ssl_config = kDefaultSSLConfig;
-  ssl_config.channel_id_enabled = true;
-
-  int rv;
-  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
-
-  EXPECT_EQ(ERR_UNEXPECTED, rv);
-  EXPECT_FALSE(sock_->IsConnected());
-}
 #endif  // defined(USE_OPENSSL_CERTS)
 
 }  // namespace
 }  // namespace net