Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(43)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromeos/cert_loader_unittest.cc

Issue 2828713002: Enable client certificate patterns in device ONC policy (Closed)
Patch Set: Clean up. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chromeos/cert_loader.cc ('K') | « chromeos/cert_loader.cc ('k') | chromeos/network/auto_connect_handler.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/cert_loader_unittest.cc
diff --git a/chromeos/cert_loader_unittest.cc b/chromeos/cert_loader_unittest.cc
index 6056f7675e849259dffeb2571fe9f4d9b6715198..7ab6b7a65cd3436df4fa277f372fca871d63eaa1 100644
--- a/chromeos/cert_loader_unittest.cc
+++ b/chromeos/cert_loader_unittest.cc
@@ -45,7 +45,8 @@ class TestNSSCertDatabase : public net::NSSCertDatabaseChromeOS {
std::move(private_slot)) {}
~TestNSSCertDatabase() override {}
- void NotifyOfCertAdded(const net::X509Certificate* cert) {
+ // Make this method visible in the public interface.
+ void NotifyObserversCertDBChanged() {
NSSCertDatabaseChromeOS::NotifyObserversCertDBChanged();
}
};
@@ -63,6 +64,7 @@ class CertLoaderTest : public testing::Test,
CertLoader::Initialize();
cert_loader_ = CertLoader::Get();
+ cert_loader_->SetSlowTaskRunnerForTest(message_loop_.task_runner());
cert_loader_->AddObserver(this);
}
@@ -80,6 +82,17 @@ class CertLoaderTest : public testing::Test,
GetAndResetCertificatesLoadedEventsCount();
}
+ // Starts the cert loader with a primary cert database which has access to the
+ // system token.
+ void StartCertLoaderWithPrimaryDBAndSystemToken() {
+ CreateCertDatabase(&primary_db_, &primary_certdb_);
+ AddSystemToken(primary_certdb_.get());
+ cert_loader_->StartWithNSSDB(primary_certdb_.get());
+
+ base::RunLoop().RunUntilIdle();
+ GetAndResetCertificatesLoadedEventsCount();
+ }
+
// CertLoader::Observer:
// The test keeps count of times the observer method was called.
void OnCertificatesLoaded(const net::CertificateList& cert_list,
@@ -125,17 +138,27 @@ class CertLoaderTest : public testing::Test,
ASSERT_TRUE(failed.empty());
}
+ // Import a client cert and key into a PKCS11 slot. Then notify
+ // |database_to_notify| (which is presumably using that slot) that new
+ // certificates are available.
scoped_refptr<net::X509Certificate> ImportClientCertAndKey(
- TestNSSCertDatabase* database) {
+ TestNSSCertDatabase* database_to_notify,
+ PK11SlotInfo* slot_to_use) {
// Import a client cert signed by that CA.
scoped_refptr<net::X509Certificate> client_cert(
net::ImportClientCertAndKeyFromFile(net::GetTestCertsDirectory(),
"client_1.pem", "client_1.pk8",
- database->GetPrivateSlot().get()));
- database->NotifyOfCertAdded(client_cert.get());
+ slot_to_use));
+ database_to_notify->NotifyObserversCertDBChanged();
return client_cert;
}
+ // Import a client cert into |database|'s private slot.
+ scoped_refptr<net::X509Certificate> ImportClientCertAndKey(
+ TestNSSCertDatabase* database) {
+ return ImportClientCertAndKey(database, database->GetPrivateSlot().get());
+ }
+
CertLoader* cert_loader_;
// The user is primary as the one whose certificates CertLoader handles, it
@@ -144,9 +167,19 @@ class CertLoaderTest : public testing::Test,
crypto::ScopedTestNSSDB primary_db_;
std::unique_ptr<TestNSSCertDatabase> primary_certdb_;
+ // Additional NSS DB simulating the system token.
+ crypto::ScopedTestNSSDB system_db_;
+
base::MessageLoop message_loop_;
private:
+ // Adds the PKCS11 slot from |system_db_| to |certdb| as system slot.
+ void AddSystemToken(TestNSSCertDatabase* certdb) {
+ ASSERT_TRUE(system_db_.is_open());
+ certdb->SetSystemSlot(
+ crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot())));
+ }
+
size_t certificates_loaded_events_count_;
};
@@ -225,6 +258,23 @@ TEST_F(CertLoaderTest, ClientLoaderUpdateOnNewClientCert) {
EXPECT_TRUE(IsCertInCertificateList(cert.get(), cert_loader_->cert_list()));
}
+TEST_F(CertLoaderTest, ClientLoaderUpdateOnNewClientCertInSystemToken) {
+ StartCertLoaderWithPrimaryDBAndSystemToken();
+
+ EXPECT_TRUE(cert_loader_->system_cert_list().empty());
+ scoped_refptr<net::X509Certificate> cert(ImportClientCertAndKey(
+ primary_certdb_.get(), primary_certdb_->GetSystemSlot().get()));
+
+ ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount());
+ base::RunLoop().RunUntilIdle();
+ EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount());
+
+ EXPECT_TRUE(IsCertInCertificateList(cert.get(), cert_loader_->cert_list()));
+ EXPECT_EQ(1U, cert_loader_->system_cert_list().size());
+ EXPECT_TRUE(
+ IsCertInCertificateList(cert.get(), cert_loader_->system_cert_list()));
+}
+
TEST_F(CertLoaderTest, CertLoaderNoUpdateOnNewClientCertInSecondaryDb) {
crypto::ScopedTestNSSDB secondary_db;
std::unique_ptr<TestNSSCertDatabase> secondary_certdb;
« chromeos/cert_loader.cc ('K') | « chromeos/cert_loader.cc ('k') | chromeos/network/auto_connect_handler.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698