| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" | 5 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| 11 #include "base/files/file_path.h" | 11 #include "base/files/file_path.h" |
| 12 #include "base/location.h" | 12 #include "base/location.h" |
| 13 #include "base/memory/ptr_util.h" | 13 #include "base/memory/ptr_util.h" |
| 14 #include "base/memory/ref_counted.h" | 14 #include "base/memory/ref_counted.h" |
| 15 #include "base/message_loop/message_loop.h" | 15 #include "base/message_loop/message_loop.h" |
| 16 #include "base/run_loop.h" | 16 #include "base/run_loop.h" |
| 17 #include "base/single_thread_task_runner.h" | 17 #include "base/single_thread_task_runner.h" |
| 18 #include "base/threading/thread_task_runner_handle.h" | 18 #include "base/threading/thread_task_runner_handle.h" |
| 19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" | 19 #include "chrome/browser/chromeos/certificate_provider/certificate_provider.h" |
| 20 #include "crypto/scoped_test_nss_db.h" | 20 #include "crypto/scoped_test_nss_db.h" |
| 21 #include "net/cert/x509_certificate.h" | 21 #include "net/cert/x509_certificate.h" |
| 22 #include "net/ssl/client_cert_identity_test_util.h" |
| 22 #include "net/ssl/ssl_cert_request_info.h" | 23 #include "net/ssl/ssl_cert_request_info.h" |
| 23 #include "net/test/cert_test_util.h" | 24 #include "net/test/cert_test_util.h" |
| 24 #include "net/test/test_data_directory.h" | 25 #include "net/test/test_data_directory.h" |
| 25 #include "testing/gtest/include/gtest/gtest.h" | 26 #include "testing/gtest/include/gtest/gtest.h" |
| 26 | 27 |
| 27 namespace chromeos { | 28 namespace chromeos { |
| 28 | 29 |
| 29 namespace { | 30 namespace { |
| 30 | 31 |
| 31 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem | 32 // "CN=B CA" - DER encoded DN of the issuer of client_1.pem |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 not_allowed_cert_ = cert; | 68 not_allowed_cert_ = cert; |
| 68 } | 69 } |
| 69 | 70 |
| 70 private: | 71 private: |
| 71 bool init_finished_; | 72 bool init_finished_; |
| 72 bool init_called_ = false; | 73 bool init_called_ = false; |
| 73 base::Closure pending_callback_; | 74 base::Closure pending_callback_; |
| 74 scoped_refptr<net::X509Certificate> not_allowed_cert_; | 75 scoped_refptr<net::X509Certificate> not_allowed_cert_; |
| 75 }; | 76 }; |
| 76 | 77 |
| 77 void SaveCertsAndQuitCallback(net::CertificateList* out_certs, | 78 void SaveIdentitiesAndQuitCallback(net::ClientCertIdentityList* out_identities, |
| 78 base::Closure quit_closure, | 79 base::Closure quit_closure, |
| 79 net::CertificateList in_certs) { | 80 net::ClientCertIdentityList in_identities) { |
| 80 *out_certs = std::move(in_certs); | 81 *out_identities = std::move(in_identities); |
| 81 quit_closure.Run(); | 82 quit_closure.Run(); |
| 82 } | 83 } |
| 83 | 84 |
| 84 } // namespace | 85 } // namespace |
| 85 | 86 |
| 86 class ClientCertStoreChromeOSTest : public ::testing::Test { | 87 class ClientCertStoreChromeOSTest : public ::testing::Test { |
| 87 public: | 88 public: |
| 88 ClientCertStoreChromeOSTest() : message_loop_(new base::MessageLoopForIO()) {} | 89 ClientCertStoreChromeOSTest() : message_loop_(new base::MessageLoopForIO()) {} |
| 89 | 90 |
| 90 scoped_refptr<net::X509Certificate> ImportCertToSlot( | 91 scoped_refptr<net::X509Certificate> ImportCertToSlot( |
| (...skipping 21 matching lines...) Expand all Loading... |
| 112 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 113 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 113 | 114 |
| 114 scoped_refptr<net::X509Certificate> cert_1( | 115 scoped_refptr<net::X509Certificate> cert_1( |
| 115 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); | 116 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); |
| 116 ASSERT_TRUE(cert_1.get()); | 117 ASSERT_TRUE(cert_1.get()); |
| 117 | 118 |
| 118 // Request any client certificate, which is expected to match client_1. | 119 // Request any client certificate, which is expected to match client_1. |
| 119 scoped_refptr<net::SSLCertRequestInfo> request_all( | 120 scoped_refptr<net::SSLCertRequestInfo> request_all( |
| 120 new net::SSLCertRequestInfo()); | 121 new net::SSLCertRequestInfo()); |
| 121 | 122 |
| 122 net::CertificateList selected_certs; | 123 net::ClientCertIdentityList selected_identities; |
| 123 base::RunLoop run_loop; | 124 base::RunLoop run_loop; |
| 124 store.GetClientCerts(*request_all, | 125 store.GetClientCerts( |
| 125 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 126 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
| 126 run_loop.QuitClosure())); | 127 &selected_identities, run_loop.QuitClosure())); |
| 127 | 128 |
| 128 { | 129 { |
| 129 base::RunLoop run_loop_inner; | 130 base::RunLoop run_loop_inner; |
| 130 run_loop_inner.RunUntilIdle(); | 131 run_loop_inner.RunUntilIdle(); |
| 131 // GetClientCerts should wait for the initialization of the filter to | 132 // GetClientCerts should wait for the initialization of the filter to |
| 132 // finish. | 133 // finish. |
| 133 ASSERT_EQ(0u, selected_certs.size()); | 134 ASSERT_EQ(0u, selected_identities.size()); |
| 134 EXPECT_TRUE(cert_filter->init_called()); | 135 EXPECT_TRUE(cert_filter->init_called()); |
| 135 } | 136 } |
| 136 cert_filter->FinishInit(); | 137 cert_filter->FinishInit(); |
| 137 run_loop.Run(); | 138 run_loop.Run(); |
| 138 | 139 |
| 139 ASSERT_EQ(1u, selected_certs.size()); | 140 ASSERT_EQ(1u, selected_identities.size()); |
| 140 } | 141 } |
| 141 | 142 |
| 142 // Ensure that cert requests, that are started after the filter was initialized, | 143 // Ensure that cert requests, that are started after the filter was initialized, |
| 143 // will succeed. | 144 // will succeed. |
| 144 TEST_F(ClientCertStoreChromeOSTest, RequestsAfterNSSInitSucceed) { | 145 TEST_F(ClientCertStoreChromeOSTest, RequestsAfterNSSInitSucceed) { |
| 145 crypto::ScopedTestNSSDB test_db; | 146 crypto::ScopedTestNSSDB test_db; |
| 146 ASSERT_TRUE(test_db.is_open()); | 147 ASSERT_TRUE(test_db.is_open()); |
| 147 | 148 |
| 148 ClientCertStoreChromeOS store( | 149 ClientCertStoreChromeOS store( |
| 149 nullptr, // no additional provider | 150 nullptr, // no additional provider |
| 150 base::WrapUnique(new TestCertFilter(true /* init synchronously */)), | 151 base::WrapUnique(new TestCertFilter(true /* init synchronously */)), |
| 151 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 152 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 152 | 153 |
| 153 scoped_refptr<net::X509Certificate> cert_1( | 154 scoped_refptr<net::X509Certificate> cert_1( |
| 154 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); | 155 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); |
| 155 ASSERT_TRUE(cert_1.get()); | 156 ASSERT_TRUE(cert_1.get()); |
| 156 | 157 |
| 157 scoped_refptr<net::SSLCertRequestInfo> request_all( | 158 scoped_refptr<net::SSLCertRequestInfo> request_all( |
| 158 new net::SSLCertRequestInfo()); | 159 new net::SSLCertRequestInfo()); |
| 159 | 160 |
| 160 base::RunLoop run_loop; | 161 base::RunLoop run_loop; |
| 161 net::CertificateList selected_certs; | 162 net::ClientCertIdentityList selected_identities; |
| 162 store.GetClientCerts(*request_all, | 163 store.GetClientCerts( |
| 163 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 164 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
| 164 run_loop.QuitClosure())); | 165 &selected_identities, run_loop.QuitClosure())); |
| 165 run_loop.Run(); | 166 run_loop.Run(); |
| 166 | 167 |
| 167 ASSERT_EQ(1u, selected_certs.size()); | 168 ASSERT_EQ(1u, selected_identities.size()); |
| 168 } | 169 } |
| 169 | 170 |
| 170 TEST_F(ClientCertStoreChromeOSTest, Filter) { | 171 TEST_F(ClientCertStoreChromeOSTest, Filter) { |
| 171 crypto::ScopedTestNSSDB test_db; | 172 crypto::ScopedTestNSSDB test_db; |
| 172 ASSERT_TRUE(test_db.is_open()); | 173 ASSERT_TRUE(test_db.is_open()); |
| 173 | 174 |
| 174 TestCertFilter* cert_filter = | 175 TestCertFilter* cert_filter = |
| 175 new TestCertFilter(true /* init synchronously */); | 176 new TestCertFilter(true /* init synchronously */); |
| 176 ClientCertStoreChromeOS store( | 177 ClientCertStoreChromeOS store( |
| 177 nullptr /* no additional provider */, base::WrapUnique(cert_filter), | 178 nullptr /* no additional provider */, base::WrapUnique(cert_filter), |
| 178 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 179 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 179 | 180 |
| 180 scoped_refptr<net::X509Certificate> cert_1( | 181 scoped_refptr<net::X509Certificate> cert_1( |
| 181 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); | 182 ImportCertToSlot("client_1.pem", "client_1.pk8", test_db.slot())); |
| 182 ASSERT_TRUE(cert_1.get()); | 183 ASSERT_TRUE(cert_1.get()); |
| 183 scoped_refptr<net::X509Certificate> cert_2( | 184 scoped_refptr<net::X509Certificate> cert_2( |
| 184 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); | 185 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); |
| 185 ASSERT_TRUE(cert_2.get()); | 186 ASSERT_TRUE(cert_2.get()); |
| 186 | 187 |
| 187 scoped_refptr<net::SSLCertRequestInfo> request_all( | 188 scoped_refptr<net::SSLCertRequestInfo> request_all( |
| 188 new net::SSLCertRequestInfo()); | 189 new net::SSLCertRequestInfo()); |
| 189 | 190 |
| 190 { | 191 { |
| 191 base::RunLoop run_loop; | 192 base::RunLoop run_loop; |
| 192 cert_filter->SetNotAllowedCert(cert_2); | 193 cert_filter->SetNotAllowedCert(cert_2); |
| 193 net::CertificateList selected_certs; | 194 net::ClientCertIdentityList selected_identities; |
| 194 store.GetClientCerts(*request_all, | 195 store.GetClientCerts( |
| 195 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 196 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
| 196 run_loop.QuitClosure())); | 197 &selected_identities, run_loop.QuitClosure())); |
| 197 run_loop.Run(); | 198 run_loop.Run(); |
| 198 | 199 |
| 199 ASSERT_EQ(1u, selected_certs.size()); | 200 ASSERT_EQ(1u, selected_identities.size()); |
| 200 EXPECT_TRUE(cert_1->Equals(selected_certs[0].get())); | 201 EXPECT_TRUE(cert_1->Equals(selected_identities[0]->certificate())); |
| 201 } | 202 } |
| 202 | 203 |
| 203 { | 204 { |
| 204 base::RunLoop run_loop; | 205 base::RunLoop run_loop; |
| 205 cert_filter->SetNotAllowedCert(cert_1); | 206 cert_filter->SetNotAllowedCert(cert_1); |
| 206 net::CertificateList selected_certs; | 207 net::ClientCertIdentityList selected_identities; |
| 207 store.GetClientCerts(*request_all, | 208 store.GetClientCerts( |
| 208 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 209 *request_all, base::Bind(SaveIdentitiesAndQuitCallback, |
| 209 run_loop.QuitClosure())); | 210 &selected_identities, run_loop.QuitClosure())); |
| 210 run_loop.Run(); | 211 run_loop.Run(); |
| 211 | 212 |
| 212 ASSERT_EQ(1u, selected_certs.size()); | 213 ASSERT_EQ(1u, selected_identities.size()); |
| 213 EXPECT_TRUE(cert_2->Equals(selected_certs[0].get())); | 214 EXPECT_TRUE(cert_2->Equals(selected_identities[0]->certificate())); |
| 214 } | 215 } |
| 215 } | 216 } |
| 216 | 217 |
| 217 // Ensure that the delegation of the request matching to the base class is | 218 // Ensure that the delegation of the request matching to the base class is |
| 218 // functional. | 219 // functional. |
| 219 TEST_F(ClientCertStoreChromeOSTest, CertRequestMatching) { | 220 TEST_F(ClientCertStoreChromeOSTest, CertRequestMatching) { |
| 220 crypto::ScopedTestNSSDB test_db; | 221 crypto::ScopedTestNSSDB test_db; |
| 221 ASSERT_TRUE(test_db.is_open()); | 222 ASSERT_TRUE(test_db.is_open()); |
| 222 | 223 |
| 223 TestCertFilter* cert_filter = | 224 TestCertFilter* cert_filter = |
| (...skipping 10 matching lines...) Expand all Loading... |
| 234 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); | 235 ImportCertToSlot("client_2.pem", "client_2.pk8", test_db.slot())); |
| 235 ASSERT_TRUE(cert_2.get()); | 236 ASSERT_TRUE(cert_2.get()); |
| 236 | 237 |
| 237 std::vector<std::string> authority_1( | 238 std::vector<std::string> authority_1( |
| 238 1, std::string(reinterpret_cast<const char*>(kAuthority1DN), | 239 1, std::string(reinterpret_cast<const char*>(kAuthority1DN), |
| 239 sizeof(kAuthority1DN))); | 240 sizeof(kAuthority1DN))); |
| 240 scoped_refptr<net::SSLCertRequestInfo> request(new net::SSLCertRequestInfo()); | 241 scoped_refptr<net::SSLCertRequestInfo> request(new net::SSLCertRequestInfo()); |
| 241 request->cert_authorities = authority_1; | 242 request->cert_authorities = authority_1; |
| 242 | 243 |
| 243 base::RunLoop run_loop; | 244 base::RunLoop run_loop; |
| 244 net::CertificateList selected_certs; | 245 net::ClientCertIdentityList selected_identities; |
| 245 store.GetClientCerts(*request, | 246 store.GetClientCerts( |
| 246 base::Bind(SaveCertsAndQuitCallback, &selected_certs, | 247 *request, base::Bind(SaveIdentitiesAndQuitCallback, &selected_identities, |
| 247 run_loop.QuitClosure())); | 248 run_loop.QuitClosure())); |
| 248 run_loop.Run(); | 249 run_loop.Run(); |
| 249 | 250 |
| 250 ASSERT_EQ(1u, selected_certs.size()); | 251 ASSERT_EQ(1u, selected_identities.size()); |
| 251 EXPECT_TRUE(cert_1->Equals(selected_certs[0].get())); | 252 EXPECT_TRUE(cert_1->Equals(selected_identities[0]->certificate())); |
| 252 } | 253 } |
| 253 | 254 |
| 254 } // namespace chromeos | 255 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
