OLD | NEW |
| (Empty) |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/ssl/openssl_client_key_store.h" | |
6 | |
7 #include "base/logging.h" | |
8 #include "base/memory/ref_counted.h" | |
9 #include "net/ssl/ssl_private_key.h" | |
10 #include "net/test/cert_test_util.h" | |
11 #include "net/test/test_data_directory.h" | |
12 #include "testing/gtest/include/gtest/gtest.h" | |
13 | |
14 namespace net { | |
15 | |
16 namespace { | |
17 | |
18 // A common test class to ensure that the store is flushed after | |
19 // each test. | |
20 class OpenSSLClientKeyStoreTest : public ::testing::Test { | |
21 public: | |
22 OpenSSLClientKeyStoreTest() | |
23 : store_(OpenSSLClientKeyStore::GetInstance()) { | |
24 } | |
25 | |
26 ~OpenSSLClientKeyStoreTest() override { | |
27 if (store_) | |
28 store_->Flush(); | |
29 } | |
30 | |
31 protected: | |
32 OpenSSLClientKeyStore* store_; | |
33 }; | |
34 | |
35 class MockSSLPrivateKey : public SSLPrivateKey { | |
36 public: | |
37 MockSSLPrivateKey() : on_destroyed_(nullptr) {} | |
38 | |
39 void set_on_destroyed(bool* on_destroyed) { on_destroyed_ = on_destroyed; } | |
40 | |
41 std::vector<Hash> GetDigestPreferences() override { | |
42 NOTREACHED(); | |
43 return {}; | |
44 } | |
45 | |
46 void SignDigest(Hash hash, | |
47 const base::StringPiece& input, | |
48 const SignCallback& callback) override { | |
49 NOTREACHED(); | |
50 } | |
51 | |
52 private: | |
53 ~MockSSLPrivateKey() override { | |
54 if (on_destroyed_) | |
55 *on_destroyed_ = true; | |
56 } | |
57 | |
58 bool* on_destroyed_; | |
59 }; | |
60 | |
61 // Check that GetInstance() returns non-null | |
62 TEST_F(OpenSSLClientKeyStoreTest, GetInstance) { | |
63 ASSERT_TRUE(store_); | |
64 } | |
65 | |
66 // Check that Flush() works correctly. | |
67 TEST_F(OpenSSLClientKeyStoreTest, Flush) { | |
68 ASSERT_TRUE(store_); | |
69 | |
70 scoped_refptr<X509Certificate> cert_1( | |
71 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
72 ASSERT_TRUE(cert_1); | |
73 | |
74 EXPECT_TRUE(store_->RecordClientCertPrivateKey( | |
75 cert_1.get(), make_scoped_refptr(new MockSSLPrivateKey))); | |
76 | |
77 store_->Flush(); | |
78 | |
79 // Retrieve the private key. This should fail because the store | |
80 // was flushed. | |
81 EXPECT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get())); | |
82 } | |
83 | |
84 // Check that trying to retrieve the private key of an unknown certificate | |
85 // simply fails by returning null. | |
86 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) { | |
87 ASSERT_TRUE(store_); | |
88 | |
89 scoped_refptr<X509Certificate> cert_1( | |
90 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
91 ASSERT_TRUE(cert_1); | |
92 | |
93 // Retrieve the private key now. This should fail because it was | |
94 // never recorded in the store. | |
95 EXPECT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get())); | |
96 } | |
97 | |
98 // Check that any private key recorded through RecordClientCertPrivateKey | |
99 // can be retrieved with FetchClientCertPrivateKey. | |
100 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { | |
101 ASSERT_TRUE(store_); | |
102 | |
103 // Any certificate / key pair will do, the store is not supposed to | |
104 // check that the private and certificate public keys match. This is | |
105 // by design since the private EVP_PKEY could be a wrapper around a | |
106 // JNI reference, with no way to access the real private key bits. | |
107 scoped_refptr<X509Certificate> cert_1( | |
108 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
109 ASSERT_TRUE(cert_1); | |
110 | |
111 bool on_destroyed = false; | |
112 scoped_refptr<MockSSLPrivateKey> priv_key(new MockSSLPrivateKey); | |
113 priv_key->set_on_destroyed(&on_destroyed); | |
114 | |
115 // Add a key twice. | |
116 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), priv_key)); | |
117 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), priv_key)); | |
118 | |
119 // Retrieve the private key. | |
120 scoped_refptr<SSLPrivateKey> pkey2 = | |
121 store_->FetchClientCertPrivateKey(cert_1.get()); | |
122 EXPECT_EQ(pkey2.get(), priv_key.get()); | |
123 | |
124 // Flush the key store and release all references. At this point, the private | |
125 // key should be cleanly destroyed. | |
126 store_->Flush(); | |
127 priv_key = nullptr; | |
128 pkey2 = nullptr; | |
129 EXPECT_TRUE(on_destroyed); | |
130 } | |
131 | |
132 // Same test, but with two certificates / private keys. | |
133 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) { | |
134 scoped_refptr<X509Certificate> cert_1( | |
135 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | |
136 ASSERT_TRUE(cert_1); | |
137 | |
138 scoped_refptr<X509Certificate> cert_2( | |
139 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); | |
140 ASSERT_TRUE(cert_2); | |
141 | |
142 scoped_refptr<SSLPrivateKey> priv_key1(new MockSSLPrivateKey); | |
143 scoped_refptr<SSLPrivateKey> priv_key2(new MockSSLPrivateKey); | |
144 | |
145 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), priv_key1)); | |
146 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(), priv_key2)); | |
147 | |
148 scoped_refptr<SSLPrivateKey> fetch_key1 = | |
149 store_->FetchClientCertPrivateKey(cert_1.get()); | |
150 scoped_refptr<SSLPrivateKey> fetch_key2 = | |
151 store_->FetchClientCertPrivateKey(cert_2.get()); | |
152 | |
153 EXPECT_TRUE(fetch_key1); | |
154 EXPECT_TRUE(fetch_key2); | |
155 | |
156 EXPECT_EQ(fetch_key1.get(), priv_key1.get()); | |
157 EXPECT_EQ(fetch_key2.get(), priv_key2.get()); | |
158 } | |
159 | |
160 } // namespace | |
161 } // namespace net | |
OLD | NEW |