| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_mac.h" | 5 #include "net/ssl/client_cert_store_mac.h" |
| 6 | 6 |
| 7 #include "base/memory/ptr_util.h" |
| 8 #include "net/ssl/client_cert_identity_test_util.h" |
| 7 #include "net/ssl/client_cert_store_unittest-inl.h" | 9 #include "net/ssl/client_cert_store_unittest-inl.h" |
| 10 #include "net/ssl/ssl_private_key.h" |
| 8 | 11 |
| 9 namespace net { | 12 namespace net { |
| 10 | 13 |
| 11 class ClientCertStoreMacTestDelegate { | 14 class ClientCertStoreMacTestDelegate { |
| 12 public: | 15 public: |
| 13 bool SelectClientCerts(const CertificateList& input_certs, | 16 bool SelectClientCerts(const CertificateList& input_certs, |
| 14 const SSLCertRequestInfo& cert_request_info, | 17 const SSLCertRequestInfo& cert_request_info, |
| 15 CertificateList* selected_certs) { | 18 ClientCertIdentityList* selected_certs) { |
| 16 return store_.SelectClientCertsForTesting( | 19 return store_.SelectClientCertsForTesting( |
| 17 input_certs, cert_request_info, selected_certs); | 20 FakeClientCertIdentityListFromCertificateList(input_certs), |
| 21 cert_request_info, selected_certs); |
| 18 } | 22 } |
| 19 | 23 |
| 20 private: | 24 private: |
| 21 ClientCertStoreMac store_; | 25 ClientCertStoreMac store_; |
| 22 }; | 26 }; |
| 23 | 27 |
| 24 INSTANTIATE_TYPED_TEST_CASE_P(Mac, | 28 INSTANTIATE_TYPED_TEST_CASE_P(Mac, |
| 25 ClientCertStoreTest, | 29 ClientCertStoreTest, |
| 26 ClientCertStoreMacTestDelegate); | 30 ClientCertStoreMacTestDelegate); |
| 27 | 31 |
| 28 class ClientCertStoreMacTest : public ::testing::Test { | 32 class ClientCertStoreMacTest : public ::testing::Test { |
| 29 protected: | 33 protected: |
| 30 bool SelectClientCertsGivenPreferred( | 34 bool SelectClientCertsGivenPreferred( |
| 31 const scoped_refptr<X509Certificate>& preferred_cert, | 35 const scoped_refptr<X509Certificate>& preferred_cert, |
| 32 const CertificateList& regular_certs, | 36 const CertificateList& regular_certs, |
| 33 const SSLCertRequestInfo& request, | 37 const SSLCertRequestInfo& request, |
| 34 CertificateList* selected_certs) { | 38 ClientCertIdentityList* selected_certs) { |
| 39 std::unique_ptr<ClientCertIdentity> preferred_identity( |
| 40 base::MakeUnique<FakeClientCertIdentity>(preferred_cert, nullptr)); |
| 41 |
| 35 return store_.SelectClientCertsGivenPreferredForTesting( | 42 return store_.SelectClientCertsGivenPreferredForTesting( |
| 36 preferred_cert, regular_certs, request, selected_certs); | 43 std::move(preferred_identity), |
| 44 FakeClientCertIdentityListFromCertificateList(regular_certs), request, |
| 45 selected_certs); |
| 37 } | 46 } |
| 38 | 47 |
| 39 private: | 48 private: |
| 40 ClientCertStoreMac store_; | 49 ClientCertStoreMac store_; |
| 41 }; | 50 }; |
| 42 | 51 |
| 43 // Verify that the preferred cert gets filtered out when it doesn't match the | 52 // Verify that the preferred cert gets filtered out when it doesn't match the |
| 44 // server criteria. | 53 // server criteria. |
| 45 TEST_F(ClientCertStoreMacTest, FilterOutThePreferredCert) { | 54 TEST_F(ClientCertStoreMacTest, FilterOutThePreferredCert) { |
| 46 scoped_refptr<X509Certificate> cert_1( | 55 scoped_refptr<X509Certificate> cert_1( |
| 47 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 56 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 48 ASSERT_TRUE(cert_1.get()); | 57 ASSERT_TRUE(cert_1.get()); |
| 49 | 58 |
| 50 std::vector<std::string> authority_2( | 59 std::vector<std::string> authority_2( |
| 51 1, std::string(reinterpret_cast<const char*>(kAuthority2DN), | 60 1, std::string(reinterpret_cast<const char*>(kAuthority2DN), |
| 52 sizeof(kAuthority2DN))); | 61 sizeof(kAuthority2DN))); |
| 53 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); | 62 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); |
| 54 | 63 |
| 55 std::vector<scoped_refptr<X509Certificate> > certs; | 64 std::vector<scoped_refptr<X509Certificate> > certs; |
| 56 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 65 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 57 request->cert_authorities = authority_2; | 66 request->cert_authorities = authority_2; |
| 58 | 67 |
| 59 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 68 ClientCertIdentityList selected_certs; |
| 60 bool rv = SelectClientCertsGivenPreferred( | 69 bool rv = SelectClientCertsGivenPreferred( |
| 61 cert_1, certs, *request.get(), &selected_certs); | 70 cert_1, certs, *request.get(), &selected_certs); |
| 62 EXPECT_TRUE(rv); | 71 EXPECT_TRUE(rv); |
| 63 EXPECT_EQ(0u, selected_certs.size()); | 72 EXPECT_EQ(0u, selected_certs.size()); |
| 64 } | 73 } |
| 65 | 74 |
| 66 // Verify that the preferred cert takes the first position in the output list, | 75 // Verify that the preferred cert takes the first position in the output list, |
| 67 // when it does not get filtered out. | 76 // when it does not get filtered out. |
| 68 TEST_F(ClientCertStoreMacTest, PreferredCertGoesFirst) { | 77 TEST_F(ClientCertStoreMacTest, PreferredCertGoesFirst) { |
| 69 scoped_refptr<X509Certificate> cert_1( | 78 scoped_refptr<X509Certificate> cert_1( |
| 70 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 79 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 71 ASSERT_TRUE(cert_1.get()); | 80 ASSERT_TRUE(cert_1.get()); |
| 72 scoped_refptr<X509Certificate> cert_2( | 81 scoped_refptr<X509Certificate> cert_2( |
| 73 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); | 82 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); |
| 74 ASSERT_TRUE(cert_2.get()); | 83 ASSERT_TRUE(cert_2.get()); |
| 75 | 84 |
| 76 std::vector<scoped_refptr<X509Certificate> > certs; | 85 std::vector<scoped_refptr<X509Certificate> > certs; |
| 77 certs.push_back(cert_2); | 86 certs.push_back(cert_2); |
| 78 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 87 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 79 | 88 |
| 80 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 89 ClientCertIdentityList selected_certs; |
| 81 bool rv = SelectClientCertsGivenPreferred( | 90 bool rv = SelectClientCertsGivenPreferred( |
| 82 cert_1, certs, *request.get(), &selected_certs); | 91 cert_1, certs, *request.get(), &selected_certs); |
| 83 EXPECT_TRUE(rv); | 92 EXPECT_TRUE(rv); |
| 84 ASSERT_EQ(2u, selected_certs.size()); | 93 ASSERT_EQ(2u, selected_certs.size()); |
| 85 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get())); | 94 EXPECT_TRUE(selected_certs[0]->certificate()->Equals(cert_1.get())); |
| 86 EXPECT_TRUE(selected_certs[1]->Equals(cert_2.get())); | 95 EXPECT_TRUE(selected_certs[1]->certificate()->Equals(cert_2.get())); |
| 87 } | 96 } |
| 88 | 97 |
| 89 } // namespace net | 98 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
