| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ | 5 #ifndef NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ |
| 6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ | 6 #define NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 45 // implementations of ClientCertStore. These cases test the client cert | 45 // implementations of ClientCertStore. These cases test the client cert |
| 46 // filtering behavior. | 46 // filtering behavior. |
| 47 // | 47 // |
| 48 // NOTE: If any test cases are added, removed, or renamed, the | 48 // NOTE: If any test cases are added, removed, or renamed, the |
| 49 // REGISTER_TYPED_TEST_CASE_P macro at the bottom of this file must be updated. | 49 // REGISTER_TYPED_TEST_CASE_P macro at the bottom of this file must be updated. |
| 50 // | 50 // |
| 51 // The type T provided as the third argument to INSTANTIATE_TYPED_TEST_CASE_P by | 51 // The type T provided as the third argument to INSTANTIATE_TYPED_TEST_CASE_P by |
| 52 // the platform implementation should implement this method: | 52 // the platform implementation should implement this method: |
| 53 // bool SelectClientCerts(const CertificateList& input_certs, | 53 // bool SelectClientCerts(const CertificateList& input_certs, |
| 54 // const SSLCertRequestInfo& cert_request_info, | 54 // const SSLCertRequestInfo& cert_request_info, |
| 55 // CertificateList* selected_certs); | 55 // ClientCertIdentityList* selected_identities); |
| 56 template <typename T> | 56 template <typename T> |
| 57 class ClientCertStoreTest : public ::testing::Test { | 57 class ClientCertStoreTest : public ::testing::Test { |
| 58 public: | 58 public: |
| 59 T delegate_; | 59 T delegate_; |
| 60 }; | 60 }; |
| 61 | 61 |
| 62 TYPED_TEST_CASE_P(ClientCertStoreTest); | 62 TYPED_TEST_CASE_P(ClientCertStoreTest); |
| 63 | 63 |
| 64 TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) { | 64 TYPED_TEST_P(ClientCertStoreTest, EmptyQuery) { |
| 65 std::vector<scoped_refptr<X509Certificate> > certs; | 65 CertificateList certs; |
| 66 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 66 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 67 | 67 |
| 68 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 68 ClientCertIdentityList selected_identities; |
| 69 bool rv = this->delegate_.SelectClientCerts( | 69 bool rv = this->delegate_.SelectClientCerts(certs, *request.get(), |
| 70 certs, *request.get(), &selected_certs); | 70 &selected_identities); |
| 71 EXPECT_TRUE(rv); | 71 EXPECT_TRUE(rv); |
| 72 EXPECT_EQ(0u, selected_certs.size()); | 72 EXPECT_EQ(0u, selected_identities.size()); |
| 73 } | 73 } |
| 74 | 74 |
| 75 // Verify that CertRequestInfo with empty |cert_authorities| matches all | 75 // Verify that CertRequestInfo with empty |cert_authorities| matches all |
| 76 // issuers, rather than no issuers. | 76 // issuers, rather than no issuers. |
| 77 TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) { | 77 TYPED_TEST_P(ClientCertStoreTest, AllIssuersAllowed) { |
| 78 scoped_refptr<X509Certificate> cert( | 78 scoped_refptr<X509Certificate> cert( |
| 79 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 79 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 80 ASSERT_TRUE(cert.get()); | 80 ASSERT_TRUE(cert.get()); |
| 81 | 81 |
| 82 std::vector<scoped_refptr<X509Certificate> > certs; | 82 std::vector<scoped_refptr<X509Certificate> > certs; |
| 83 certs.push_back(cert); | 83 certs.push_back(cert); |
| 84 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 84 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 85 | 85 |
| 86 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 86 ClientCertIdentityList selected_identities; |
| 87 bool rv = this->delegate_.SelectClientCerts( | 87 bool rv = this->delegate_.SelectClientCerts(certs, *request.get(), |
| 88 certs, *request.get(), &selected_certs); | 88 &selected_identities); |
| 89 EXPECT_TRUE(rv); | 89 EXPECT_TRUE(rv); |
| 90 ASSERT_EQ(1u, selected_certs.size()); | 90 ASSERT_EQ(1u, selected_identities.size()); |
| 91 EXPECT_TRUE(selected_certs[0]->Equals(cert.get())); | 91 EXPECT_TRUE(selected_identities[0]->certificate()->Equals(cert.get())); |
| 92 } | 92 } |
| 93 | 93 |
| 94 // Verify that certificates are correctly filtered against CertRequestInfo with | 94 // Verify that certificates are correctly filtered against CertRequestInfo with |
| 95 // |cert_authorities| containing only |authority_1_DN|. | 95 // |cert_authorities| containing only |authority_1_DN|. |
| 96 // Flaky: https://crbug.com/716730 | 96 // Flaky: https://crbug.com/716730 |
| 97 TYPED_TEST_P(ClientCertStoreTest, DISABLED_CertAuthorityFiltering) { | 97 TYPED_TEST_P(ClientCertStoreTest, DISABLED_CertAuthorityFiltering) { |
| 98 scoped_refptr<X509Certificate> cert_1( | 98 scoped_refptr<X509Certificate> cert_1( |
| 99 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 99 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 100 ASSERT_TRUE(cert_1.get()); | 100 ASSERT_TRUE(cert_1.get()); |
| 101 scoped_refptr<X509Certificate> cert_2( | 101 scoped_refptr<X509Certificate> cert_2( |
| (...skipping 10 matching lines...) Expand all Loading... |
| 112 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); | 112 EXPECT_FALSE(cert_1->IsIssuedByEncoded(authority_2)); |
| 113 EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2)); | 113 EXPECT_TRUE(cert_2->IsIssuedByEncoded(authority_2)); |
| 114 EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1)); | 114 EXPECT_FALSE(cert_2->IsIssuedByEncoded(authority_1)); |
| 115 | 115 |
| 116 std::vector<scoped_refptr<X509Certificate> > certs; | 116 std::vector<scoped_refptr<X509Certificate> > certs; |
| 117 certs.push_back(cert_1); | 117 certs.push_back(cert_1); |
| 118 certs.push_back(cert_2); | 118 certs.push_back(cert_2); |
| 119 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); | 119 scoped_refptr<SSLCertRequestInfo> request(new SSLCertRequestInfo()); |
| 120 request->cert_authorities = authority_1; | 120 request->cert_authorities = authority_1; |
| 121 | 121 |
| 122 std::vector<scoped_refptr<X509Certificate> > selected_certs; | 122 ClientCertIdentityList selected_identities; |
| 123 bool rv = this->delegate_.SelectClientCerts( | 123 bool rv = this->delegate_.SelectClientCerts(certs, *request.get(), |
| 124 certs, *request.get(), &selected_certs); | 124 &selected_identities); |
| 125 EXPECT_TRUE(rv); | 125 EXPECT_TRUE(rv); |
| 126 ASSERT_EQ(1u, selected_certs.size()); | 126 ASSERT_EQ(1u, selected_identities.size()); |
| 127 EXPECT_TRUE(selected_certs[0]->Equals(cert_1.get())); | 127 EXPECT_TRUE(selected_identities[0]->certificate()->Equals(cert_1.get())); |
| 128 } | 128 } |
| 129 | 129 |
| 130 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest, | 130 REGISTER_TYPED_TEST_CASE_P(ClientCertStoreTest, |
| 131 EmptyQuery, | 131 EmptyQuery, |
| 132 AllIssuersAllowed, | 132 AllIssuersAllowed, |
| 133 DISABLED_CertAuthorityFiltering); | 133 DISABLED_CertAuthorityFiltering); |
| 134 | 134 |
| 135 } // namespace net | 135 } // namespace net |
| 136 | 136 |
| 137 #endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ | 137 #endif // NET_SSL_CLIENT_CERT_STORE_UNITTEST_INL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2898573002:
Refactor client cert private key handling. (Closed)
