OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
12 #include "base/location.h" | 12 #include "base/location.h" |
13 #include "base/memory/ptr_util.h" | 13 #include "base/memory/ptr_util.h" |
14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
15 #include "base/message_loop/message_loop.h" | 15 #include "base/message_loop/message_loop.h" |
16 #include "base/run_loop.h" | 16 #include "base/run_loop.h" |
17 #include "base/single_thread_task_runner.h" | 17 #include "base/single_thread_task_runner.h" |
18 #include "base/threading/thread_task_runner_handle.h" | 18 #include "base/threading/thread_task_runner_handle.h" |
19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
20 #include "crypto/scoped_test_nss_db.h" | 20 #include "crypto/scoped_test_nss_db.h" |
21 #include "net/cert/x509_certificate.h" | 21 #include "net/cert/x509_certificate.h" |
| 22 #include "net/ssl/client_cert_identity_test_util.h" |
22 #include "net/ssl/ssl_cert_request_info.h" | 23 #include "net/ssl/ssl_cert_request_info.h" |
23 #include "net/test/cert_test_util.h" | 24 #include "net/test/cert_test_util.h" |
24 #include "net/test/test_data_directory.h" | 25 #include "net/test/test_data_directory.h" |
25 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
26 | 27 |
27 namespace chromeos { | 28 namespace chromeos { |
28 | 29 |
29 namespace { | 30 namespace { |
30 | 31 |
31 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem | 32 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
67 not_allowed_cert_ = cert; | 68 not_allowed_cert_ = cert; |
68 } | 69 } |
69 | 70 |
70 private: | 71 private: |
71 bool init_finished_; | 72 bool init_finished_; |
72 bool init_called_ = false; | 73 bool init_called_ = false; |
73 base::Closure pending_callback_; | 74 base::Closure pending_callback_; |
74 scoped_refptr<net::X509Certificate> not_allowed_cert_; | 75 scoped_refptr<net::X509Certificate> not_allowed_cert_; |
75 }; | 76 }; |
76 | 77 |
77 void SaveCertsAndQuitCallback(net::CertificateList* out_certs, | 78 void SaveIdentitiesAndQuitCallback(net::ClientCertIdentityList* out_identities, |
78 base::Closure quit_closure, | 79 base::Closure quit_closure, |
79 net::CertificateList in_certs) { | 80 net::ClientCertIdentityList in_identities) { |
80 *out_certs = std::move(in_certs); | 81 *out_identities = std::move(in_identities); |
81 quit_closure.Run(); | 82 quit_closure.Run(); |
82 } | 83 } |
83 | 84 |
84 } // namespace | 85 } // namespace |
85 | 86 |
86 class ClientCertStoreChromeOSTest : public ::testing::Test { | 87 class ClientCertStoreChromeOSTest : public ::testing::Test { |
87 public: | 88 public: |
88 ClientCertStoreChromeOSTest() : message_loop_(new base::MessageLoopForIO()) {} | 89 ClientCertStoreChromeOSTest() : message_loop_(new base::MessageLoopForIO()) {} |
89 | 90 |
90 scoped_refptr<net::X509Certificate> ImportCertToSlot( | 91 scoped_refptr<net::X509Certificate> ImportCertToSlot( |
(...skipping 21 matching lines...) Expand all Loading... |
112 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 113 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
113 | 114 |
114 scoped_refptr<net::X509Certificate> cert_1( | 115 scoped_refptr<net::X509Certificate> cert_1( |
115 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); | 116 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); |
116 ASSERT_TRUE(cert_1.get()); | 117 ASSERT_TRUE(cert_1.get()); |
117 | 118 |
118 // Request any client certificate, which is expected to match client_1. | 119 // Request any client certificate, which is expected to match client_1. |
119 scoped_refptr<net::SSLCertRequestInfo> request_all( | 120 scoped_refptr<net::SSLCertRequestInfo> request_all( |
120 new net::SSLCertRequestInfo()); | 121 new net::SSLCertRequestInfo()); |
121 | 122 |
122 net::CertificateList selected_certs; | 123 net::ClientCertIdentityList selected_identities; |
123 base::RunLoop run_loop; | 124 base::RunLoop run_loop; |
124 store.GetClientCerts(*request_all, | 125 store.GetClientCerts( |
125 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 126 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
126 run_loop.QuitClosure())); | 127 &selected_identities, run_loop.QuitClosure())); |
127 | 128 |
128 { | 129 { |
129 base::RunLoop run_loop_inner; | 130 base::RunLoop run_loop_inner; |
130 run_loop_inner.RunUntilIdle(); | 131 run_loop_inner.RunUntilIdle(); |
131 // GetClientCerts should wait for the initialization of the filter to | 132 // GetClientCerts should wait for the initialization of the filter to |
132 // finish. | 133 // finish. |
133 ASSERT_EQ(0u, selected_certs.size()); | 134 ASSERT_EQ(0u, selected_identities.size()); |
134 EXPECT_TRUE(cert_filter->init_called()); | 135 EXPECT_TRUE(cert_filter->init_called()); |
135 } | 136 } |
136 cert_filter->FinishInit(); | 137 cert_filter->FinishInit(); |
137 run_loop.Run(); | 138 run_loop.Run(); |
138 | 139 |
139 ASSERT_EQ(1u, selected_certs.size()); | 140 ASSERT_EQ(1u, selected_identities.size()); |
140 } | 141 } |
141 | 142 |
142 // Ensure that cert requests, that are started after the filter was initialized, | 143 // Ensure that cert requests, that are started after the filter was initialized, |
143 // will succeed. | 144 // will succeed. |
144 TEST_F(ClientCertStoreChromeOSTest, RequestsAfterNSSInitSucceed) { | 145 TEST_F(ClientCertStoreChromeOSTest, RequestsAfterNSSInitSucceed) { |
145 crypto::ScopedTestNSSDB test_db; | 146 crypto::ScopedTestNSSDB test_db; |
146 ASSERT_TRUE(test_db.is_open()); | 147 ASSERT_TRUE(test_db.is_open()); |
147 | 148 |
148 ClientCertStoreChromeOS store( | 149 ClientCertStoreChromeOS store( |
149 nullptr, // no additional provider | 150 nullptr, // no additional provider |
150 base::WrapUnique(new TestCertFilter(true /* init synchronously */)), | 151 base::WrapUnique(new TestCertFilter(true /* init synchronously */)), |
151 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 152 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
152 | 153 |
153 scoped_refptr<net::X509Certificate> cert_1( | 154 scoped_refptr<net::X509Certificate> cert_1( |
154 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); | 155 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); |
155 ASSERT_TRUE(cert_1.get()); | 156 ASSERT_TRUE(cert_1.get()); |
156 | 157 |
157 scoped_refptr<net::SSLCertRequestInfo> request_all( | 158 scoped_refptr<net::SSLCertRequestInfo> request_all( |
158 new net::SSLCertRequestInfo()); | 159 new net::SSLCertRequestInfo()); |
159 | 160 |
160 base::RunLoop run_loop; | 161 base::RunLoop run_loop; |
161 net::CertificateList selected_certs; | 162 net::ClientCertIdentityList selected_identities; |
162 store.GetClientCerts(*request_all, | 163 store.GetClientCerts( |
163 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 164 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
164 run_loop.QuitClosure())); | 165 &selected_identities, run_loop.QuitClosure())); |
165 run_loop.Run(); | 166 run_loop.Run(); |
166 | 167 |
167 ASSERT_EQ(1u, selected_certs.size()); | 168 ASSERT_EQ(1u, selected_identities.size()); |
168 } | 169 } |
169 | 170 |
170 TEST_F(ClientCertStoreChromeOSTest, Filter) { | 171 TEST_F(ClientCertStoreChromeOSTest, Filter) { |
171 crypto::ScopedTestNSSDB test_db; | 172 crypto::ScopedTestNSSDB test_db; |
172 ASSERT_TRUE(test_db.is_open()); | 173 ASSERT_TRUE(test_db.is_open()); |
173 | 174 |
174 TestCertFilter* cert_filter = | 175 TestCertFilter* cert_filter = |
175 new TestCertFilter(true /* init synchronously */); | 176 new TestCertFilter(true /* init synchronously */); |
176 ClientCertStoreChromeOS store( | 177 ClientCertStoreChromeOS store( |
177 nullptr /* no additional provider */, base::WrapUnique(cert_filter), | 178 nullptr /* no additional provider */, base::WrapUnique(cert_filter), |
178 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 179 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
179 | 180 |
180 scoped_refptr<net::X509Certificate> cert_1( | 181 scoped_refptr<net::X509Certificate> cert_1( |
181 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); | 182 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); |
182 ASSERT_TRUE(cert_1.get()); | 183 ASSERT_TRUE(cert_1.get()); |
183 scoped_refptr<net::X509Certificate> cert_2( | 184 scoped_refptr<net::X509Certificate> cert_2( |
184 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); | 185 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); |
185 ASSERT_TRUE(cert_2.get()); | 186 ASSERT_TRUE(cert_2.get()); |
186 | 187 |
187 scoped_refptr<net::SSLCertRequestInfo> request_all( | 188 scoped_refptr<net::SSLCertRequestInfo> request_all( |
188 new net::SSLCertRequestInfo()); | 189 new net::SSLCertRequestInfo()); |
189 | 190 |
190 { | 191 { |
191 base::RunLoop run_loop; | 192 base::RunLoop run_loop; |
192 cert_filter->SetNotAllowedCert(cert_2); | 193 cert_filter->SetNotAllowedCert(cert_2); |
193 net::CertificateList selected_certs; | 194 net::ClientCertIdentityList selected_identities; |
194 store.GetClientCerts(*request_all, | 195 store.GetClientCerts( |
195 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 196 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
196 run_loop.QuitClosure())); | 197 &selected_identities, run_loop.QuitClosure())); |
197 run_loop.Run(); | 198 run_loop.Run(); |
198 | 199 |
199 ASSERT_EQ(1u, selected_certs.size()); | 200 ASSERT_EQ(1u, selected_identities.size()); |
200 EXPECT_TRUE(cert_1->Equals(selected_certs[0].get())); | 201 EXPECT_TRUE(cert_1->Equals(selected_identities[0]->certificate())); |
201 } | 202 } |
202 | 203 |
203 { | 204 { |
204 base::RunLoop run_loop; | 205 base::RunLoop run_loop; |
205 cert_filter->SetNotAllowedCert(cert_1); | 206 cert_filter->SetNotAllowedCert(cert_1); |
206 net::CertificateList selected_certs; | 207 net::ClientCertIdentityList selected_identities; |
207 store.GetClientCerts(*request_all, | 208 store.GetClientCerts( |
208 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 209 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
209 run_loop.QuitClosure())); | 210 &selected_identities, run_loop.QuitClosure())); |
210 run_loop.Run(); | 211 run_loop.Run(); |
211 | 212 |
212 ASSERT_EQ(1u, selected_certs.size()); | 213 ASSERT_EQ(1u, selected_identities.size()); |
213 EXPECT_TRUE(cert_2->Equals(selected_certs[0].get())); | 214 EXPECT_TRUE(cert_2->Equals(selected_identities[0]->certificate())); |
214 } | 215 } |
215 } | 216 } |
216 | 217 |
217 // Ensure that the delegation of the request matching to the base class is | 218 // Ensure that the delegation of the request matching to the base class is |
218 // functional. | 219 // functional. |
219 TEST_F(ClientCertStoreChromeOSTest, CertRequestMatching) { | 220 TEST_F(ClientCertStoreChromeOSTest, CertRequestMatching) { |
220 crypto::ScopedTestNSSDB test_db; | 221 crypto::ScopedTestNSSDB test_db; |
221 ASSERT_TRUE(test_db.is_open()); | 222 ASSERT_TRUE(test_db.is_open()); |
222 | 223 |
223 TestCertFilter* cert_filter = | 224 TestCertFilter* cert_filter = |
(...skipping 10 matching lines...) Expand all Loading... |
234 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); | 235 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); |
235 ASSERT_TRUE(cert_2.get()); | 236 ASSERT_TRUE(cert_2.get()); |
236 | 237 |
237 std::vector<std::string> authority_1( | 238 std::vector<std::string> authority_1( |
238 1, std::string(reinterpret_cast<const char*>(kAuthority1DN), | 239 1, std::string(reinterpret_cast<const char*>(kAuthority1DN), |
239 sizeof(kAuthority1DN))); | 240 sizeof(kAuthority1DN))); |
240 scoped_refptr<net::SSLCertRequestInfo> request(new net::SSLCertRequestInfo()); | 241 scoped_refptr<net::SSLCertRequestInfo> request(new net::SSLCertRequestInfo()); |
241 request->cert_authorities = authority_1; | 242 request->cert_authorities = authority_1; |
242 | 243 |
243 base::RunLoop run_loop; | 244 base::RunLoop run_loop; |
244 net::CertificateList selected_certs; | 245 net::ClientCertIdentityList selected_identities; |
245 store.GetClientCerts(*request, | 246 store.GetClientCerts( |
246 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 247 *request, base::Bind(SaveIdentitiesAndQuitCallback, &selected_identities, |
247 run_loop.QuitClosure())); | 248 run_loop.QuitClosure())); |
248 run_loop.Run(); | 249 run_loop.Run(); |
249 | 250 |
250 ASSERT_EQ(1u, selected_certs.size()); | 251 ASSERT_EQ(1u, selected_identities.size()); |
251 EXPECT_TRUE(cert_1->Equals(selected_certs[0].get())); | 252 EXPECT_TRUE(cert_1->Equals(selected_identities[0]->certificate())); |
252 } | 253 } |
253 | 254 |
254 } // namespace chromeos | 255 } // namespace chromeos |
OLD | NEW |