| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/cert_loader.h" | 5 #include "chromeos/cert_loader.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <memory> | 9 #include <memory> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 it != cert_list.end(); | 31 it != cert_list.end(); |
| 32 ++it) { | 32 ++it) { |
| 33 if (net::X509Certificate::IsSameOSCert((*it)->os_cert_handle(), | 33 if (net::X509Certificate::IsSameOSCert((*it)->os_cert_handle(), |
| 34 cert->os_cert_handle())) { | 34 cert->os_cert_handle())) { |
| 35 return true; | 35 return true; |
| 36 } | 36 } |
| 37 } | 37 } |
| 38 return false; | 38 return false; |
| 39 } | 39 } |
| 40 | 40 |
| 41 size_t CountCertOccurencesInCertificateList( |
| 42 const net::X509Certificate* cert, |
| 43 const net::CertificateList& cert_list) { |
| 44 size_t count = 0; |
| 45 for (net::CertificateList::const_iterator it = cert_list.begin(); |
| 46 it != cert_list.end(); ++it) { |
| 47 if (net::X509Certificate::IsSameOSCert((*it)->os_cert_handle(), |
| 48 cert->os_cert_handle())) { |
| 49 ++count; |
| 50 } |
| 51 } |
| 52 return count; |
| 53 } |
| 54 |
| 41 class TestNSSCertDatabase : public net::NSSCertDatabaseChromeOS { | 55 class TestNSSCertDatabase : public net::NSSCertDatabaseChromeOS { |
| 42 public: | 56 public: |
| 43 TestNSSCertDatabase(crypto::ScopedPK11Slot public_slot, | 57 TestNSSCertDatabase(crypto::ScopedPK11Slot public_slot, |
| 44 crypto::ScopedPK11Slot private_slot) | 58 crypto::ScopedPK11Slot private_slot) |
| 45 : NSSCertDatabaseChromeOS(std::move(public_slot), | 59 : NSSCertDatabaseChromeOS(std::move(public_slot), |
| 46 std::move(private_slot)) {} | 60 std::move(private_slot)) {} |
| 47 ~TestNSSCertDatabase() override {} | 61 ~TestNSSCertDatabase() override {} |
| 48 | 62 |
| 49 // Make this method visible in the public interface. | 63 // Make this method visible in the public interface. |
| 50 void NotifyObserversCertDBChanged() { | 64 void NotifyObserversCertDBChanged() { |
| 51 NSSCertDatabaseChromeOS::NotifyObserversCertDBChanged(); | 65 NSSCertDatabaseChromeOS::NotifyObserversCertDBChanged(); |
| 52 } | 66 } |
| 53 }; | 67 }; |
| 54 | 68 |
| 69 // Describes a client certificate along with a key, stored in |
| 70 // net::GetTestCertsDirectory(). |
| 71 struct TestClientCertWithKey { |
| 72 const char* cert_pem_filename; |
| 73 const char* key_pk8_filename; |
| 74 }; |
| 75 |
| 76 const TestClientCertWithKey TEST_CLIENT_CERT_1 = {"client_1.pem", |
| 77 "client_1.pk8"}; |
| 78 const TestClientCertWithKey TEST_CLIENT_CERT_2 = {"client_2.pem", |
| 79 "client_2.pk8"}; |
| 80 |
| 55 class CertLoaderTest : public testing::Test, | 81 class CertLoaderTest : public testing::Test, |
| 56 public CertLoader::Observer { | 82 public CertLoader::Observer { |
| 57 public: | 83 public: |
| 58 CertLoaderTest() | 84 CertLoaderTest() |
| 59 : cert_loader_(nullptr), | 85 : cert_loader_(nullptr), |
| 60 scoped_task_scheduler_(&message_loop_), | 86 scoped_task_scheduler_(&message_loop_), |
| 61 certificates_loaded_events_count_(0U) {} | 87 certificates_loaded_events_count_(0U) {} |
| 62 | 88 |
| 63 ~CertLoaderTest() override {} | 89 ~CertLoaderTest() override {} |
| 64 | 90 |
| 65 void SetUp() override { | 91 void SetUp() override { |
| 66 ASSERT_TRUE(primary_db_.is_open()); | 92 ASSERT_TRUE(primary_db_.is_open()); |
| 67 | 93 |
| 68 CertLoader::Initialize(); | 94 CertLoader::Initialize(); |
| 69 cert_loader_ = CertLoader::Get(); | 95 cert_loader_ = CertLoader::Get(); |
| 70 cert_loader_->AddObserver(this); | 96 cert_loader_->AddObserver(this); |
| 71 } | 97 } |
| 72 | 98 |
| 73 void TearDown() override { | 99 void TearDown() override { |
| 74 cert_loader_->RemoveObserver(this); | 100 cert_loader_->RemoveObserver(this); |
| 75 CertLoader::Shutdown(); | 101 CertLoader::Shutdown(); |
| 76 } | 102 } |
| 77 | 103 |
| 78 protected: | 104 protected: |
| 79 void StartCertLoaderWithPrimaryDB() { | 105 void StartCertLoaderWithPrimaryDB() { |
| 80 CreateCertDatabase(&primary_db_, &primary_certdb_); | 106 CreateCertDatabase(&primary_db_, &primary_certdb_); |
| 81 cert_loader_->StartWithNSSDB(primary_certdb_.get()); | 107 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
| 82 | 108 |
| 83 base::RunLoop().RunUntilIdle(); | 109 base::RunLoop().RunUntilIdle(); |
| 84 GetAndResetCertificatesLoadedEventsCount(); | 110 GetAndResetCertificatesLoadedEventsCount(); |
| 85 } | 111 } |
| 86 | 112 |
| 87 // Starts the cert loader with a primary cert database which has access to the | 113 // Starts the cert loader with a primary cert database which has access to the |
| 88 // system token. | 114 // system token. |
| 89 void StartCertLoaderWithPrimaryDBAndSystemToken() { | 115 void StartCertLoaderWithPrimaryDBAndSystemToken() { |
| 90 CreateCertDatabase(&primary_db_, &primary_certdb_); | 116 CreateCertDatabase(&primary_db_, &primary_certdb_); |
| 91 AddSystemToken(primary_certdb_.get()); | 117 AddSystemToken(primary_certdb_.get()); |
| 92 cert_loader_->StartWithNSSDB(primary_certdb_.get()); | 118 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
| 93 | 119 |
| 94 base::RunLoop().RunUntilIdle(); | 120 base::RunLoop().RunUntilIdle(); |
| 95 GetAndResetCertificatesLoadedEventsCount(); | 121 GetAndResetCertificatesLoadedEventsCount(); |
| 96 } | 122 } |
| 97 | 123 |
| 98 // CertLoader::Observer: | 124 // CertLoader::Observer: |
| 99 // The test keeps count of times the observer method was called. | 125 // The test keeps count of times the observer method was called. |
| 100 void OnCertificatesLoaded(const net::CertificateList& cert_list, | 126 void OnCertificatesLoaded(const net::CertificateList& cert_list, |
| 101 bool initial_load) override { | 127 bool initial_load) override { |
| 102 EXPECT_TRUE(certificates_loaded_events_count_ == 0 || !initial_load); | 128 EXPECT_TRUE(certificates_loaded_events_count_ == 0 || !initial_load); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 133 net::X509Certificate::FORMAT_AUTO); | 159 net::X509Certificate::FORMAT_AUTO); |
| 134 ASSERT_EQ(1U, imported_certs->size()); | 160 ASSERT_EQ(1U, imported_certs->size()); |
| 135 | 161 |
| 136 net::NSSCertDatabase::ImportCertFailureList failed; | 162 net::NSSCertDatabase::ImportCertFailureList failed; |
| 137 ASSERT_TRUE(database->ImportCACerts(*imported_certs, | 163 ASSERT_TRUE(database->ImportCACerts(*imported_certs, |
| 138 net::NSSCertDatabase::TRUST_DEFAULT, | 164 net::NSSCertDatabase::TRUST_DEFAULT, |
| 139 &failed)); | 165 &failed)); |
| 140 ASSERT_TRUE(failed.empty()); | 166 ASSERT_TRUE(failed.empty()); |
| 141 } | 167 } |
| 142 | 168 |
| 143 // Import a client cert and key into a PKCS11 slot. Then notify | 169 // Import a client cert described by |test_cert| and key into a PKCS11 slot. |
| 170 // Then notify |database_to_notify| (which is presumably using that slot) that |
| 171 // new certificates are available. |
| 172 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( |
| 173 TestNSSCertDatabase* database_to_notify, |
| 174 PK11SlotInfo* slot_to_use, |
| 175 const TestClientCertWithKey& test_cert) { |
| 176 // Import a client cert signed by that CA. |
| 177 scoped_refptr<net::X509Certificate> client_cert( |
| 178 net::ImportClientCertAndKeyFromFile( |
| 179 net::GetTestCertsDirectory(), test_cert.cert_pem_filename, |
| 180 test_cert.key_pk8_filename, slot_to_use)); |
| 181 database_to_notify->NotifyObserversCertDBChanged(); |
| 182 return client_cert; |
| 183 } |
| 184 |
| 185 // Import |TEST_CLIENT_CERT_1| into a PKCS11 slot. Then notify |
| 144 // |database_to_notify| (which is presumably using that slot) that new | 186 // |database_to_notify| (which is presumably using that slot) that new |
| 145 // certificates are available. | 187 // certificates are avialable. |
| 146 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( | 188 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( |
| 147 TestNSSCertDatabase* database_to_notify, | 189 TestNSSCertDatabase* database_to_notify, |
| 148 PK11SlotInfo* slot_to_use) { | 190 PK11SlotInfo* slot_to_use) { |
| 149 // Import a client cert signed by that CA. | 191 return ImportClientCertAndKey(database_to_notify, slot_to_use, |
| 150 scoped_refptr<net::X509Certificate> client_cert( | 192 TEST_CLIENT_CERT_1); |
| 151 net::ImportClientCertAndKeyFromFile(net::GetTestCertsDirectory(), | |
| 152 "client_1.pem", "client_1.pk8", | |
| 153 slot_to_use)); | |
| 154 database_to_notify->NotifyObserversCertDBChanged(); | |
| 155 return client_cert; | |
| 156 } | 193 } |
| 157 | 194 |
| 158 // Import a client cert into |database|'s private slot. | 195 // Import a client cert into |database|'s private slot. |
| 159 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( | 196 scoped_refptr<net::X509Certificate> ImportClientCertAndKey( |
| 160 TestNSSCertDatabase* database) { | 197 TestNSSCertDatabase* database) { |
| 161 return ImportClientCertAndKey(database, database->GetPrivateSlot().get()); | 198 return ImportClientCertAndKey(database, database->GetPrivateSlot().get()); |
| 162 } | 199 } |
| 163 | 200 |
| 201 // Adds the PKCS11 slot from |system_db_| to |certdb| as system slot. |
| 202 void AddSystemToken(TestNSSCertDatabase* certdb) { |
| 203 ASSERT_TRUE(system_db_.is_open()); |
| 204 certdb->SetSystemSlot( |
| 205 crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot()))); |
| 206 } |
| 207 |
| 164 CertLoader* cert_loader_; | 208 CertLoader* cert_loader_; |
| 165 | 209 |
| 166 // The user is primary as the one whose certificates CertLoader handles, it | 210 // The user is primary as the one whose certificates CertLoader handles, it |
| 167 // has nothing to do with crypto::InitializeNSSForChromeOSUser is_primary_user | 211 // has nothing to do with crypto::InitializeNSSForChromeOSUser is_primary_user |
| 168 // parameter (which is irrelevant for these tests). | 212 // parameter (which is irrelevant for these tests). |
| 169 crypto::ScopedTestNSSDB primary_db_; | 213 crypto::ScopedTestNSSDB primary_db_; |
| 170 std::unique_ptr<TestNSSCertDatabase> primary_certdb_; | 214 std::unique_ptr<TestNSSCertDatabase> primary_certdb_; |
| 171 | 215 |
| 172 // Additional NSS DB simulating the system token. | 216 // Additional NSS DB simulating the system token. |
| 173 crypto::ScopedTestNSSDB system_db_; | 217 crypto::ScopedTestNSSDB system_db_; |
| 174 | 218 |
| 219 // A NSSCertDatabase which only uses the system token (simulated by |
| 220 // system_db_). |
| 221 std::unique_ptr<TestNSSCertDatabase> system_certdb_; |
| 222 |
| 175 base::MessageLoop message_loop_; | 223 base::MessageLoop message_loop_; |
| 176 | 224 |
| 177 private: | 225 private: |
| 178 // Adds the PKCS11 slot from |system_db_| to |certdb| as system slot. | |
| 179 void AddSystemToken(TestNSSCertDatabase* certdb) { | |
| 180 ASSERT_TRUE(system_db_.is_open()); | |
| 181 certdb->SetSystemSlot( | |
| 182 crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot()))); | |
| 183 } | |
| 184 | |
| 185 base::test::ScopedTaskScheduler scoped_task_scheduler_; | 226 base::test::ScopedTaskScheduler scoped_task_scheduler_; |
| 186 size_t certificates_loaded_events_count_; | 227 size_t certificates_loaded_events_count_; |
| 187 }; | 228 }; |
| 188 | 229 |
| 189 } // namespace | 230 } // namespace |
| 190 | 231 |
| 191 TEST_F(CertLoaderTest, Basic) { | 232 TEST_F(CertLoaderTest, BasicOnlyUserDB) { |
| 192 EXPECT_FALSE(cert_loader_->CertificatesLoading()); | 233 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 193 EXPECT_FALSE(cert_loader_->certificates_loaded()); | 234 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 194 | 235 |
| 195 CreateCertDatabase(&primary_db_, &primary_certdb_); | 236 CreateCertDatabase(&primary_db_, &primary_certdb_); |
| 196 cert_loader_->StartWithNSSDB(primary_certdb_.get()); | 237 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
| 197 | 238 |
| 198 EXPECT_FALSE(cert_loader_->certificates_loaded()); | 239 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 199 EXPECT_TRUE(cert_loader_->CertificatesLoading()); | 240 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 241 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
| 242 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 243 |
| 244 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 245 base::RunLoop().RunUntilIdle(); |
| 246 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 247 |
| 248 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 249 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 250 |
| 251 // Default CA cert roots should get loaded. |
| 252 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
| 253 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 254 } |
| 255 |
| 256 TEST_F(CertLoaderTest, BasicOnlySystemDB) { |
| 257 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 258 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 259 |
| 260 CreateCertDatabase(&system_db_, &system_certdb_); |
| 261 cert_loader_->SetSystemNSSDB(system_certdb_.get()); |
| 262 |
| 263 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 264 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 200 EXPECT_TRUE(cert_loader_->all_certs().empty()); | 265 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
| 201 | 266 |
| 202 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 267 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 203 base::RunLoop().RunUntilIdle(); | 268 base::RunLoop().RunUntilIdle(); |
| 204 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 269 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 205 | 270 |
| 206 EXPECT_TRUE(cert_loader_->certificates_loaded()); | 271 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 207 EXPECT_FALSE(cert_loader_->CertificatesLoading()); | 272 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 208 | 273 |
| 209 // Default CA cert roots should get loaded. | 274 // Default CA cert roots should get loaded. |
| 210 EXPECT_FALSE(cert_loader_->all_certs().empty()); | 275 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
| 211 } | 276 } |
| 212 | 277 |
| 278 // Tests the CertLoader with a system DB and then with an additional user DB |
| 279 // which does not have access to the system token. |
| 280 TEST_F(CertLoaderTest, SystemAndUnaffiliatedUserDB) { |
| 281 CreateCertDatabase(&system_db_, &system_certdb_); |
| 282 scoped_refptr<net::X509Certificate> system_token_cert(ImportClientCertAndKey( |
| 283 system_certdb_.get(), system_db_.slot(), TEST_CLIENT_CERT_1)); |
| 284 |
| 285 CreateCertDatabase(&primary_db_, &primary_certdb_); |
| 286 scoped_refptr<net::X509Certificate> user_token_cert(ImportClientCertAndKey( |
| 287 primary_certdb_.get(), primary_db_.slot(), TEST_CLIENT_CERT_2)); |
| 288 |
| 289 base::RunLoop().RunUntilIdle(); |
| 290 |
| 291 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 292 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 293 |
| 294 cert_loader_->SetSystemNSSDB(system_certdb_.get()); |
| 295 |
| 296 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 297 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 298 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
| 299 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 300 |
| 301 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 302 base::RunLoop().RunUntilIdle(); |
| 303 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 304 |
| 305 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 306 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 307 |
| 308 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 309 cert_loader_->system_certs())); |
| 310 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 311 cert_loader_->all_certs())); |
| 312 |
| 313 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
| 314 |
| 315 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 316 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 317 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
| 318 EXPECT_FALSE(cert_loader_->system_certs().empty()); |
| 319 |
| 320 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 321 base::RunLoop().RunUntilIdle(); |
| 322 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 323 |
| 324 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 325 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 326 |
| 327 EXPECT_FALSE(IsCertInCertificateList(user_token_cert.get(), |
| 328 cert_loader_->system_certs())); |
| 329 EXPECT_TRUE(IsCertInCertificateList(user_token_cert.get(), |
| 330 cert_loader_->all_certs())); |
| 331 } |
| 332 |
| 333 // Tests the CertLoader with a system DB and then with an additional user DB |
| 334 // which has access to the system token. |
| 335 TEST_F(CertLoaderTest, SystemAndAffiliatedUserDB) { |
| 336 CreateCertDatabase(&system_db_, &system_certdb_); |
| 337 scoped_refptr<net::X509Certificate> system_token_cert(ImportClientCertAndKey( |
| 338 system_certdb_.get(), system_db_.slot(), TEST_CLIENT_CERT_1)); |
| 339 |
| 340 CreateCertDatabase(&primary_db_, &primary_certdb_); |
| 341 scoped_refptr<net::X509Certificate> user_token_cert(ImportClientCertAndKey( |
| 342 primary_certdb_.get(), primary_db_.slot(), TEST_CLIENT_CERT_2)); |
| 343 |
| 344 AddSystemToken(primary_certdb_.get()); |
| 345 base::RunLoop().RunUntilIdle(); |
| 346 |
| 347 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 348 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 349 |
| 350 cert_loader_->SetSystemNSSDB(system_certdb_.get()); |
| 351 |
| 352 EXPECT_FALSE(cert_loader_->initial_load_finished()); |
| 353 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 354 EXPECT_TRUE(cert_loader_->all_certs().empty()); |
| 355 EXPECT_TRUE(cert_loader_->system_certs().empty()); |
| 356 |
| 357 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 358 base::RunLoop().RunUntilIdle(); |
| 359 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 360 |
| 361 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 362 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 363 |
| 364 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 365 cert_loader_->system_certs())); |
| 366 EXPECT_TRUE(IsCertInCertificateList(system_token_cert.get(), |
| 367 cert_loader_->all_certs())); |
| 368 |
| 369 cert_loader_->SetUserNSSDB(primary_certdb_.get()); |
| 370 |
| 371 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 372 EXPECT_TRUE(cert_loader_->initial_load_of_any_database_running()); |
| 373 EXPECT_FALSE(cert_loader_->all_certs().empty()); |
| 374 EXPECT_FALSE(cert_loader_->system_certs().empty()); |
| 375 |
| 376 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 377 base::RunLoop().RunUntilIdle(); |
| 378 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 379 |
| 380 EXPECT_TRUE(cert_loader_->initial_load_finished()); |
| 381 EXPECT_FALSE(cert_loader_->initial_load_of_any_database_running()); |
| 382 |
| 383 EXPECT_FALSE(IsCertInCertificateList(user_token_cert.get(), |
| 384 cert_loader_->system_certs())); |
| 385 EXPECT_EQ(1U, CountCertOccurencesInCertificateList( |
| 386 user_token_cert.get(), cert_loader_->all_certs())); |
| 387 } |
| 388 |
| 213 TEST_F(CertLoaderTest, CertLoaderUpdatesCertListOnNewCert) { | 389 TEST_F(CertLoaderTest, CertLoaderUpdatesCertListOnNewCert) { |
| 214 StartCertLoaderWithPrimaryDB(); | 390 StartCertLoaderWithPrimaryDB(); |
| 215 | 391 |
| 216 net::CertificateList certs; | 392 net::CertificateList certs; |
| 217 ImportCACert("root_ca_cert.pem", primary_certdb_.get(), &certs); | 393 ImportCACert("root_ca_cert.pem", primary_certdb_.get(), &certs); |
| 218 | 394 |
| 219 // Certs are loaded asynchronously, so the new cert should not yet be in the | 395 // Certs are loaded asynchronously, so the new cert should not yet be in the |
| 220 // cert list. | 396 // cert list. |
| 221 EXPECT_FALSE( | 397 EXPECT_FALSE( |
| 222 IsCertInCertificateList(certs[0].get(), cert_loader_->all_certs())); | 398 IsCertInCertificateList(certs[0].get(), cert_loader_->all_certs())); |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 330 ASSERT_TRUE(primary_certdb_->SetCertTrust(certs[0].get(), net::CA_CERT, | 506 ASSERT_TRUE(primary_certdb_->SetCertTrust(certs[0].get(), net::CA_CERT, |
| 331 net::NSSCertDatabase::TRUSTED_SSL)); | 507 net::NSSCertDatabase::TRUSTED_SSL)); |
| 332 | 508 |
| 333 // Cert trust change should trigger certificate reload in cert_loader_. | 509 // Cert trust change should trigger certificate reload in cert_loader_. |
| 334 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 510 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
| 335 base::RunLoop().RunUntilIdle(); | 511 base::RunLoop().RunUntilIdle(); |
| 336 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 512 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
| 337 } | 513 } |
| 338 | 514 |
| 339 } // namespace chromeos | 515 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2858113003:
Enable device-wide EAP-TLS networks (Closed)
