| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/loader/resource_loader.h" | 5 #include "content/browser/loader/resource_loader.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <deque> | 10 #include <deque> |
| (...skipping 24 matching lines...) Expand all Loading... |
| 35 #include "content/test/test_web_contents.h" | 35 #include "content/test/test_web_contents.h" |
| 36 #include "ipc/ipc_message.h" | 36 #include "ipc/ipc_message.h" |
| 37 #include "net/base/chunked_upload_data_stream.h" | 37 #include "net/base/chunked_upload_data_stream.h" |
| 38 #include "net/base/io_buffer.h" | 38 #include "net/base/io_buffer.h" |
| 39 #include "net/base/net_errors.h" | 39 #include "net/base/net_errors.h" |
| 40 #include "net/base/request_priority.h" | 40 #include "net/base/request_priority.h" |
| 41 #include "net/base/upload_bytes_element_reader.h" | 41 #include "net/base/upload_bytes_element_reader.h" |
| 42 #include "net/cert/x509_certificate.h" | 42 #include "net/cert/x509_certificate.h" |
| 43 #include "net/nqe/effective_connection_type.h" | 43 #include "net/nqe/effective_connection_type.h" |
| 44 #include "net/nqe/network_quality_estimator_test_util.h" | 44 #include "net/nqe/network_quality_estimator_test_util.h" |
| 45 #include "net/ssl/client_cert_identity_test_util.h" |
| 45 #include "net/ssl/client_cert_store.h" | 46 #include "net/ssl/client_cert_store.h" |
| 46 #include "net/ssl/ssl_cert_request_info.h" | 47 #include "net/ssl/ssl_cert_request_info.h" |
| 47 #include "net/ssl/ssl_private_key.h" | 48 #include "net/ssl/ssl_private_key.h" |
| 48 #include "net/test/cert_test_util.h" | 49 #include "net/test/cert_test_util.h" |
| 49 #include "net/test/embedded_test_server/embedded_test_server.h" | 50 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 50 #include "net/test/test_data_directory.h" | 51 #include "net/test/test_data_directory.h" |
| 51 #include "net/test/url_request/url_request_failed_job.h" | 52 #include "net/test/url_request/url_request_failed_job.h" |
| 52 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" | 53 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" |
| 53 #include "net/url_request/url_request.h" | 54 #include "net/url_request/url_request.h" |
| 54 #include "net/url_request/url_request_filter.h" | 55 #include "net/url_request/url_request_filter.h" |
| (...skipping 17 matching lines...) Expand all Loading... |
| 72 // in |requested_authorities| and |request_count|, respectively. The caller is | 73 // in |requested_authorities| and |request_count|, respectively. The caller is |
| 73 // responsible for ensuring those pointers outlive the ClientCertStoreStub. | 74 // responsible for ensuring those pointers outlive the ClientCertStoreStub. |
| 74 // | 75 // |
| 75 // TODO(ppi): Make the stub independent from the internal representation of | 76 // TODO(ppi): Make the stub independent from the internal representation of |
| 76 // SSLCertRequestInfo. For now it seems that we can neither save the | 77 // SSLCertRequestInfo. For now it seems that we can neither save the |
| 77 // scoped_refptr<> (since it is never passed to us) nor copy the entire | 78 // scoped_refptr<> (since it is never passed to us) nor copy the entire |
| 78 // CertificateRequestInfo (since there is no copy constructor). | 79 // CertificateRequestInfo (since there is no copy constructor). |
| 79 ClientCertStoreStub(const net::CertificateList& response, | 80 ClientCertStoreStub(const net::CertificateList& response, |
| 80 int* request_count, | 81 int* request_count, |
| 81 std::vector<std::string>* requested_authorities) | 82 std::vector<std::string>* requested_authorities) |
| 82 : response_(response), | 83 : response_(std::move(response)), |
| 83 requested_authorities_(requested_authorities), | 84 requested_authorities_(requested_authorities), |
| 84 request_count_(request_count) { | 85 request_count_(request_count) { |
| 85 requested_authorities_->clear(); | 86 requested_authorities_->clear(); |
| 86 *request_count_ = 0; | 87 *request_count_ = 0; |
| 87 } | 88 } |
| 88 | 89 |
| 89 ~ClientCertStoreStub() override {} | 90 ~ClientCertStoreStub() override {} |
| 90 | 91 |
| 91 // net::ClientCertStore: | 92 // net::ClientCertStore: |
| 92 void GetClientCerts(const net::SSLCertRequestInfo& cert_request_info, | 93 void GetClientCerts(const net::SSLCertRequestInfo& cert_request_info, |
| 93 const ClientCertListCallback& callback) override { | 94 const ClientCertListCallback& callback) override { |
| 94 *requested_authorities_ = cert_request_info.cert_authorities; | 95 *requested_authorities_ = cert_request_info.cert_authorities; |
| 95 ++(*request_count_); | 96 ++(*request_count_); |
| 96 | 97 |
| 97 callback.Run(response_); | 98 callback.Run(net::FakeClientCertIdentityListFromCertificateList(response_)); |
| 98 } | 99 } |
| 99 | 100 |
| 100 private: | 101 private: |
| 101 const net::CertificateList response_; | 102 const net::CertificateList response_; |
| 102 std::vector<std::string>* requested_authorities_; | 103 std::vector<std::string>* requested_authorities_; |
| 103 int* request_count_; | 104 int* request_count_; |
| 104 }; | 105 }; |
| 105 | 106 |
| 106 // Client certificate store which destroys its resource loader before the | 107 // Client certificate store which destroys its resource loader before the |
| 107 // asynchronous GetClientCerts callback is called. | 108 // asynchronous GetClientCerts callback is called. |
| (...skipping 19 matching lines...) Expand all Loading... |
| 127 } | 128 } |
| 128 | 129 |
| 129 private: | 130 private: |
| 130 // This needs to be static because |loader| owns the | 131 // This needs to be static because |loader| owns the |
| 131 // LoaderDestroyingCertStore (ClientCertStores are actually handles, and not | 132 // LoaderDestroyingCertStore (ClientCertStores are actually handles, and not |
| 132 // global cert stores). | 133 // global cert stores). |
| 133 static void DoCallback(std::unique_ptr<ResourceLoader>* loader, | 134 static void DoCallback(std::unique_ptr<ResourceLoader>* loader, |
| 134 const ClientCertListCallback& cert_selected_callback, | 135 const ClientCertListCallback& cert_selected_callback, |
| 135 const base::Closure& on_loader_deleted_callback) { | 136 const base::Closure& on_loader_deleted_callback) { |
| 136 loader->reset(); | 137 loader->reset(); |
| 137 cert_selected_callback.Run(net::CertificateList()); | 138 cert_selected_callback.Run(net::ClientCertIdentityList()); |
| 138 on_loader_deleted_callback.Run(); | 139 on_loader_deleted_callback.Run(); |
| 139 } | 140 } |
| 140 | 141 |
| 141 std::unique_ptr<ResourceLoader>* loader_; | 142 std::unique_ptr<ResourceLoader>* loader_; |
| 142 base::Closure on_loader_deleted_callback_; | 143 base::Closure on_loader_deleted_callback_; |
| 143 | 144 |
| 144 DISALLOW_COPY_AND_ASSIGN(LoaderDestroyingCertStore); | 145 DISALLOW_COPY_AND_ASSIGN(LoaderDestroyingCertStore); |
| 145 }; | 146 }; |
| 146 | 147 |
| 147 // A mock URLRequestJob which simulates an SSL client auth request. | 148 // A mock URLRequestJob which simulates an SSL client auth request. |
| (...skipping 13 matching lines...) Expand all Loading... |
| 161 scoped_refptr<net::SSLCertRequestInfo> cert_request_info( | 162 scoped_refptr<net::SSLCertRequestInfo> cert_request_info( |
| 162 new net::SSLCertRequestInfo); | 163 new net::SSLCertRequestInfo); |
| 163 cert_request_info->cert_authorities = test_authorities(); | 164 cert_request_info->cert_authorities = test_authorities(); |
| 164 base::ThreadTaskRunnerHandle::Get()->PostTask( | 165 base::ThreadTaskRunnerHandle::Get()->PostTask( |
| 165 FROM_HERE, | 166 FROM_HERE, |
| 166 base::Bind(&MockClientCertURLRequestJob::NotifyCertificateRequested, | 167 base::Bind(&MockClientCertURLRequestJob::NotifyCertificateRequested, |
| 167 weak_factory_.GetWeakPtr(), | 168 weak_factory_.GetWeakPtr(), |
| 168 base::RetainedRef(cert_request_info))); | 169 base::RetainedRef(cert_request_info))); |
| 169 } | 170 } |
| 170 | 171 |
| 171 void ContinueWithCertificate(net::X509Certificate* cert, | 172 void ContinueWithCertificate( |
| 172 net::SSLPrivateKey* private_key) override { | 173 scoped_refptr<net::X509Certificate> cert, |
| 174 scoped_refptr<net::SSLPrivateKey> private_key) override { |
| 173 net::URLRequestTestJob::Start(); | 175 net::URLRequestTestJob::Start(); |
| 174 } | 176 } |
| 175 | 177 |
| 176 private: | 178 private: |
| 177 ~MockClientCertURLRequestJob() override {} | 179 ~MockClientCertURLRequestJob() override {} |
| 178 | 180 |
| 179 base::WeakPtrFactory<MockClientCertURLRequestJob> weak_factory_; | 181 base::WeakPtrFactory<MockClientCertURLRequestJob> weak_factory_; |
| 180 | 182 |
| 181 DISALLOW_COPY_AND_ASSIGN(MockClientCertURLRequestJob); | 183 DISALLOW_COPY_AND_ASSIGN(MockClientCertURLRequestJob); |
| 182 }; | 184 }; |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 270 void WaitForSelectCertificate() { | 272 void WaitForSelectCertificate() { |
| 271 select_certificate_run_loop_.Run(); | 273 select_certificate_run_loop_.Run(); |
| 272 // Process any pending messages - just so tests can check if | 274 // Process any pending messages - just so tests can check if |
| 273 // SelectClientCertificate was called more than once. | 275 // SelectClientCertificate was called more than once. |
| 274 base::RunLoop().RunUntilIdle(); | 276 base::RunLoop().RunUntilIdle(); |
| 275 } | 277 } |
| 276 | 278 |
| 277 void SelectClientCertificate( | 279 void SelectClientCertificate( |
| 278 WebContents* web_contents, | 280 WebContents* web_contents, |
| 279 net::SSLCertRequestInfo* cert_request_info, | 281 net::SSLCertRequestInfo* cert_request_info, |
| 280 net::CertificateList client_certs, | 282 net::ClientCertIdentityList client_certs, |
| 281 std::unique_ptr<ClientCertificateDelegate> delegate) override { | 283 std::unique_ptr<ClientCertificateDelegate> delegate) override { |
| 282 EXPECT_FALSE(delegate_.get()); | 284 EXPECT_FALSE(delegate_.get()); |
| 283 | 285 |
| 284 ++call_count_; | 286 ++call_count_; |
| 285 passed_certs_ = std::move(client_certs); | 287 passed_identities_ = std::move(client_certs); |
| 286 delegate_ = std::move(delegate); | 288 delegate_ = std::move(delegate); |
| 287 select_certificate_run_loop_.Quit(); | 289 select_certificate_run_loop_.Quit(); |
| 288 } | 290 } |
| 289 | 291 |
| 290 int call_count() { return call_count_; } | 292 int call_count() { return call_count_; } |
| 291 net::CertificateList passed_certs() { return passed_certs_; } | 293 const net::ClientCertIdentityList& passed_identities() { |
| 294 return passed_identities_; |
| 295 } |
| 292 | 296 |
| 293 void ContinueWithCertificate(net::X509Certificate* cert) { | 297 void ContinueWithCertificate(scoped_refptr<net::X509Certificate> cert, |
| 294 delegate_->ContinueWithCertificate(cert); | 298 scoped_refptr<net::SSLPrivateKey> private_key) { |
| 299 delegate_->ContinueWithCertificate(std::move(cert), std::move(private_key)); |
| 295 delegate_.reset(); | 300 delegate_.reset(); |
| 296 } | 301 } |
| 297 | 302 |
| 298 void CancelCertificateSelection() { delegate_.reset(); } | 303 void CancelCertificateSelection() { delegate_.reset(); } |
| 299 | 304 |
| 300 private: | 305 private: |
| 301 net::CertificateList passed_certs_; | 306 net::ClientCertIdentityList passed_identities_; |
| 302 int call_count_; | 307 int call_count_; |
| 303 std::unique_ptr<ClientCertificateDelegate> delegate_; | 308 std::unique_ptr<ClientCertificateDelegate> delegate_; |
| 304 | 309 |
| 305 base::RunLoop select_certificate_run_loop_; | 310 base::RunLoop select_certificate_run_loop_; |
| 306 | 311 |
| 307 DISALLOW_COPY_AND_ASSIGN(SelectCertificateBrowserClient); | 312 DISALLOW_COPY_AND_ASSIGN(SelectCertificateBrowserClient); |
| 308 }; | 313 }; |
| 309 | 314 |
| 310 // Wraps a ChunkedUploadDataStream to behave as non-chunked to enable upload | 315 // Wraps a ChunkedUploadDataStream to behave as non-chunked to enable upload |
| 311 // progress reporting. | 316 // progress reporting. |
| (...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 592 private: | 597 private: |
| 593 const GURL test_https_url_; | 598 const GURL test_https_url_; |
| 594 const GURL test_https_redirect_url_; | 599 const GURL test_https_redirect_url_; |
| 595 }; | 600 }; |
| 596 | 601 |
| 597 // Tests that client certificates are requested with ClientCertStore lookup. | 602 // Tests that client certificates are requested with ClientCertStore lookup. |
| 598 TEST_F(ClientCertResourceLoaderTest, WithStoreLookup) { | 603 TEST_F(ClientCertResourceLoaderTest, WithStoreLookup) { |
| 599 // Set up the test client cert store. | 604 // Set up the test client cert store. |
| 600 int store_request_count; | 605 int store_request_count; |
| 601 std::vector<std::string> store_requested_authorities; | 606 std::vector<std::string> store_requested_authorities; |
| 602 net::CertificateList dummy_certs(1, GetTestCert()); | 607 scoped_refptr<net::X509Certificate> test_cert = GetTestCert(); |
| 608 net::CertificateList dummy_certs(1, test_cert); |
| 603 std::unique_ptr<ClientCertStoreStub> test_store(new ClientCertStoreStub( | 609 std::unique_ptr<ClientCertStoreStub> test_store(new ClientCertStoreStub( |
| 604 dummy_certs, &store_request_count, &store_requested_authorities)); | 610 dummy_certs, &store_request_count, &store_requested_authorities)); |
| 605 SetClientCertStore(std::move(test_store)); | 611 SetClientCertStore(std::move(test_store)); |
| 606 | 612 |
| 607 // Plug in test content browser client. | 613 // Plug in test content browser client. |
| 608 SelectCertificateBrowserClient test_client; | 614 SelectCertificateBrowserClient test_client; |
| 609 ContentBrowserClient* old_client = SetBrowserClientForTesting(&test_client); | 615 ContentBrowserClient* old_client = SetBrowserClientForTesting(&test_client); |
| 610 | 616 |
| 611 // Start the request and wait for it to pause. | 617 // Start the request and wait for it to pause. |
| 612 loader_->StartRequest(); | 618 loader_->StartRequest(); |
| 613 test_client.WaitForSelectCertificate(); | 619 test_client.WaitForSelectCertificate(); |
| 614 | 620 |
| 615 EXPECT_EQ(0, raw_ptr_resource_handler_->on_response_completed_called()); | 621 EXPECT_EQ(0, raw_ptr_resource_handler_->on_response_completed_called()); |
| 616 | 622 |
| 617 // Check if the test store was queried against correct |cert_authorities|. | 623 // Check if the test store was queried against correct |cert_authorities|. |
| 618 EXPECT_EQ(1, store_request_count); | 624 EXPECT_EQ(1, store_request_count); |
| 619 EXPECT_EQ(MockClientCertURLRequestJob::test_authorities(), | 625 EXPECT_EQ(MockClientCertURLRequestJob::test_authorities(), |
| 620 store_requested_authorities); | 626 store_requested_authorities); |
| 621 | 627 |
| 622 // Check if the retrieved certificates were passed to the content browser | 628 // Check if the retrieved certificates were passed to the content browser |
| 623 // client. | 629 // client. |
| 624 EXPECT_EQ(1, test_client.call_count()); | 630 EXPECT_EQ(1, test_client.call_count()); |
| 625 EXPECT_EQ(dummy_certs, test_client.passed_certs()); | 631 EXPECT_EQ(1U, test_client.passed_identities().size()); |
| 632 EXPECT_EQ(test_cert.get(), test_client.passed_identities()[0]->certificate()); |
| 626 | 633 |
| 627 // Continue the request. | 634 // Continue the request. |
| 628 test_client.ContinueWithCertificate(nullptr); | 635 test_client.ContinueWithCertificate(nullptr, nullptr); |
| 629 raw_ptr_resource_handler_->WaitUntilResponseComplete(); | 636 raw_ptr_resource_handler_->WaitUntilResponseComplete(); |
| 630 EXPECT_EQ(net::OK, raw_ptr_resource_handler_->final_status().error()); | 637 EXPECT_EQ(net::OK, raw_ptr_resource_handler_->final_status().error()); |
| 631 | 638 |
| 632 // Restore the original content browser client. | 639 // Restore the original content browser client. |
| 633 SetBrowserClientForTesting(old_client); | 640 SetBrowserClientForTesting(old_client); |
| 634 } | 641 } |
| 635 | 642 |
| 636 // Tests that client certificates are requested on a platform with NULL | 643 // Tests that client certificates are requested on a platform with NULL |
| 637 // ClientCertStore. | 644 // ClientCertStore. |
| 638 TEST_F(ClientCertResourceLoaderTest, WithNullStore) { | 645 TEST_F(ClientCertResourceLoaderTest, WithNullStore) { |
| 639 // Plug in test content browser client. | 646 // Plug in test content browser client. |
| 640 SelectCertificateBrowserClient test_client; | 647 SelectCertificateBrowserClient test_client; |
| 641 ContentBrowserClient* old_client = SetBrowserClientForTesting(&test_client); | 648 ContentBrowserClient* old_client = SetBrowserClientForTesting(&test_client); |
| 642 | 649 |
| 643 // Start the request and wait for it to pause. | 650 // Start the request and wait for it to pause. |
| 644 loader_->StartRequest(); | 651 loader_->StartRequest(); |
| 645 test_client.WaitForSelectCertificate(); | 652 test_client.WaitForSelectCertificate(); |
| 646 | 653 |
| 647 // Check if the SelectClientCertificate was called on the content browser | 654 // Check if the SelectClientCertificate was called on the content browser |
| 648 // client. | 655 // client. |
| 649 EXPECT_EQ(1, test_client.call_count()); | 656 EXPECT_EQ(1, test_client.call_count()); |
| 650 EXPECT_EQ(net::CertificateList(), test_client.passed_certs()); | 657 EXPECT_EQ(net::ClientCertIdentityList(), test_client.passed_identities()); |
| 651 | 658 |
| 652 // Continue the request. | 659 // Continue the request. |
| 653 test_client.ContinueWithCertificate(nullptr); | 660 test_client.ContinueWithCertificate(nullptr, nullptr); |
| 654 raw_ptr_resource_handler_->WaitUntilResponseComplete(); | 661 raw_ptr_resource_handler_->WaitUntilResponseComplete(); |
| 655 EXPECT_EQ(net::OK, raw_ptr_resource_handler_->final_status().error()); | 662 EXPECT_EQ(net::OK, raw_ptr_resource_handler_->final_status().error()); |
| 656 | 663 |
| 657 // Restore the original content browser client. | 664 // Restore the original content browser client. |
| 658 SetBrowserClientForTesting(old_client); | 665 SetBrowserClientForTesting(old_client); |
| 659 } | 666 } |
| 660 | 667 |
| 661 // Tests that the ContentBrowserClient may cancel a certificate request. | 668 // Tests that the ContentBrowserClient may cancel a certificate request. |
| 662 TEST_F(ClientCertResourceLoaderTest, CancelSelection) { | 669 TEST_F(ClientCertResourceLoaderTest, CancelSelection) { |
| 663 // Plug in test content browser client. | 670 // Plug in test content browser client. |
| 664 SelectCertificateBrowserClient test_client; | 671 SelectCertificateBrowserClient test_client; |
| 665 ContentBrowserClient* old_client = SetBrowserClientForTesting(&test_client); | 672 ContentBrowserClient* old_client = SetBrowserClientForTesting(&test_client); |
| 666 | 673 |
| 667 // Start the request and wait for it to pause. | 674 // Start the request and wait for it to pause. |
| 668 loader_->StartRequest(); | 675 loader_->StartRequest(); |
| 669 test_client.WaitForSelectCertificate(); | 676 test_client.WaitForSelectCertificate(); |
| 670 | 677 |
| 671 // Check if the SelectClientCertificate was called on the content browser | 678 // Check if the SelectClientCertificate was called on the content browser |
| 672 // client. | 679 // client. |
| 673 EXPECT_EQ(1, test_client.call_count()); | 680 EXPECT_EQ(1, test_client.call_count()); |
| 674 EXPECT_EQ(net::CertificateList(), test_client.passed_certs()); | 681 EXPECT_EQ(net::ClientCertIdentityList(), test_client.passed_identities()); |
| 675 | 682 |
| 676 // Cancel the request. | 683 // Cancel the request. |
| 677 test_client.CancelCertificateSelection(); | 684 test_client.CancelCertificateSelection(); |
| 678 raw_ptr_resource_handler_->WaitUntilResponseComplete(); | 685 raw_ptr_resource_handler_->WaitUntilResponseComplete(); |
| 679 EXPECT_EQ(net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED, | 686 EXPECT_EQ(net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED, |
| 680 raw_ptr_resource_handler_->final_status().error()); | 687 raw_ptr_resource_handler_->final_status().error()); |
| 681 | 688 |
| 682 // Restore the original content browser client. | 689 // Restore the original content browser client. |
| 683 SetBrowserClientForTesting(old_client); | 690 SetBrowserClientForTesting(old_client); |
| 684 } | 691 } |
| (...skipping 872 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1557 | 1564 |
| 1558 // Tests that the effective connection type is not set on non-main frame | 1565 // Tests that the effective connection type is not set on non-main frame |
| 1559 // requests. | 1566 // requests. |
| 1560 TEST_F(EffectiveConnectionTypeResourceLoaderTest, DoesNotBelongToMainFrame) { | 1567 TEST_F(EffectiveConnectionTypeResourceLoaderTest, DoesNotBelongToMainFrame) { |
| 1561 VerifyEffectiveConnectionType(RESOURCE_TYPE_OBJECT, false, | 1568 VerifyEffectiveConnectionType(RESOURCE_TYPE_OBJECT, false, |
| 1562 net::EFFECTIVE_CONNECTION_TYPE_3G, | 1569 net::EFFECTIVE_CONNECTION_TYPE_3G, |
| 1563 net::EFFECTIVE_CONNECTION_TYPE_UNKNOWN); | 1570 net::EFFECTIVE_CONNECTION_TYPE_UNKNOWN); |
| 1564 } | 1571 } |
| 1565 | 1572 |
| 1566 } // namespace content | 1573 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
