Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chromeos/cert_loader_unittest.cc

Issue 2828713002: Enable client certificate patterns in device ONC policy (Closed)
Patch Set: Rebase. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chromeos/cert_loader.cc ('K') | « chromeos/cert_loader.cc ('k') | chromeos/network/auto_connect_handler.cc » ('j') | chromeos/network/client_cert_resolver.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/cert_loader_unittest.cc
diff --git a/chromeos/cert_loader_unittest.cc b/chromeos/cert_loader_unittest.cc
index 6056f7675e849259dffeb2571fe9f4d9b6715198..3f1d810aaf5f4c83d5455668f44b7d7225ecc854 100644
--- a/chromeos/cert_loader_unittest.cc
+++ b/chromeos/cert_loader_unittest.cc
@@ -80,6 +80,15 @@ class CertLoaderTest : public testing::Test,
GetAndResetCertificatesLoadedEventsCount();
}
+ void StartCertLoaderWithPrimaryDBAndSystemToken() {
+ CreateCertDatabase(&primary_db_, &primary_certdb_);
+ AddSystemToken(primary_certdb_.get());
+ cert_loader_->StartWithNSSDB(primary_certdb_.get());
+
+ base::RunLoop().RunUntilIdle();
+ GetAndResetCertificatesLoadedEventsCount();
+ }
+
// CertLoader::Observer:
// The test keeps count of times the observer method was called.
void OnCertificatesLoaded(const net::CertificateList& cert_list,
@@ -106,6 +115,12 @@ class CertLoaderTest : public testing::Test,
(*certdb)->SetSlowTaskRunnerForTest(message_loop_.task_runner());
}
+ void AddSystemToken(TestNSSCertDatabase* certdb) {
emaxx 2017/04/20 20:10:39 nit: As this method is not going to be used from t
pmarko 2017/04/24 14:49:56 Done.
+ ASSERT_TRUE(system_db_.is_open());
+ certdb->SetSystemSlot(
+ crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot())));
+ }
+
void ImportCACert(const std::string& cert_file,
net::NSSCertDatabase* database,
net::CertificateList* imported_certs) {
@@ -125,17 +140,27 @@ class CertLoaderTest : public testing::Test,
ASSERT_TRUE(failed.empty());
}
+ // Import a client cert and key into a PKCS 11 slot. Then notify
emaxx 2017/04/20 20:10:39 nit: s/PKCS 11/PKCS11/
pmarko 2017/04/24 14:49:55 Done.
+ // |database_to_notify| (which is presumably using that slot) that new
+ // certificates are available.
scoped_refptr<net::X509Certificate> ImportClientCertAndKey(
- TestNSSCertDatabase* database) {
+ TestNSSCertDatabase* database_to_notify,
+ PK11SlotInfo* slot_to_use) {
// Import a client cert signed by that CA.
scoped_refptr<net::X509Certificate> client_cert(
net::ImportClientCertAndKeyFromFile(net::GetTestCertsDirectory(),
"client_1.pem", "client_1.pk8",
- database->GetPrivateSlot().get()));
- database->NotifyOfCertAdded(client_cert.get());
+ slot_to_use));
+ database_to_notify->NotifyOfCertAdded(client_cert.get());
emaxx 2017/04/20 20:10:39 Looks like this parameter is actually unused, so p
pmarko 2017/04/24 14:49:55 Done.
return client_cert;
}
+ // Import a client cert into |database|'s private slot.
+ scoped_refptr<net::X509Certificate> ImportClientCertAndKey(
+ TestNSSCertDatabase* database) {
+ return ImportClientCertAndKey(database, database->GetPrivateSlot().get());
+ }
+
CertLoader* cert_loader_;
// The user is primary as the one whose certificates CertLoader handles, it
@@ -144,6 +169,9 @@ class CertLoaderTest : public testing::Test,
crypto::ScopedTestNSSDB primary_db_;
std::unique_ptr<TestNSSCertDatabase> primary_certdb_;
+ // Additional NSS DB simulating the system token.
+ crypto::ScopedTestNSSDB system_db_;
+
base::MessageLoop message_loop_;
private:
@@ -225,6 +253,23 @@ TEST_F(CertLoaderTest, ClientLoaderUpdateOnNewClientCert) {
EXPECT_TRUE(IsCertInCertificateList(cert.get(), cert_loader_->cert_list()));
}
+TEST_F(CertLoaderTest, ClientLoaderUpdateOnNewClientCertInSystemToken) {
+ StartCertLoaderWithPrimaryDBAndSystemToken();
+
+ EXPECT_TRUE(cert_loader_->system_cert_list().empty());
+ scoped_refptr<net::X509Certificate> cert(ImportClientCertAndKey(
+ primary_certdb_.get(), primary_certdb_->GetSystemSlot().get()));
+
+ ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount());
+ base::RunLoop().RunUntilIdle();
+ EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount());
+
+ EXPECT_TRUE(IsCertInCertificateList(cert.get(), cert_loader_->cert_list()));
+ EXPECT_EQ(1U, cert_loader_->system_cert_list().size());
+ EXPECT_TRUE(
+ IsCertInCertificateList(cert.get(), cert_loader_->system_cert_list()));
+}
+
TEST_F(CertLoaderTest, CertLoaderNoUpdateOnNewClientCertInSecondaryDb) {
crypto::ScopedTestNSSDB secondary_db;
std::unique_ptr<TestNSSCertDatabase> secondary_certdb;
« chromeos/cert_loader.cc ('K') | « chromeos/cert_loader.cc ('k') | chromeos/network/auto_connect_handler.cc » ('j') | chromeos/network/client_cert_resolver.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698