net/ssl/openssl_client_key_store_unittest.cc - Issue 2898573002: Refactor client cert private key handling.

Side by Side Diff: net/ssl/openssl_client_key_store_unittest.cc

Issue 2898573002: Refactor client cert private key handling. (Closed)

Patch Set: removed no longer needed forward declaration Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
	(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/ssl/openssl_client_key_store.h"

6

7 #include "base/logging.h"

8 #include "base/memory/ref_counted.h"

9 #include "net/ssl/ssl_private_key.h"

10 #include "net/test/cert_test_util.h"

11 #include "net/test/test_data_directory.h"

12 #include "testing/gtest/include/gtest/gtest.h"

13

14 namespace net {

15

16 namespace {

17

18 // A common test class to ensure that the store is flushed after

19 // each test.

20 class OpenSSLClientKeyStoreTest : public ::testing::Test {

21 public:

22 OpenSSLClientKeyStoreTest()

23 : store_(OpenSSLClientKeyStore::GetInstance()) {

24 }

25

26 ~OpenSSLClientKeyStoreTest() override {

27 if (store_)

28 store_->Flush();

29 }

30

31 protected:

32 OpenSSLClientKeyStore* store_;

33 };

34

35 class MockSSLPrivateKey : public SSLPrivateKey {

36 public:

37 MockSSLPrivateKey() : on_destroyed_(nullptr) {}

38

39 void set_on_destroyed(bool* on_destroyed) { on_destroyed_ = on_destroyed; }

40

41 std::vector<Hash> GetDigestPreferences() override {

42 NOTREACHED();

43 return {};

44 }

45

46 void SignDigest(Hash hash,

47 const base::StringPiece& input,

48 const SignCallback& callback) override {

49 NOTREACHED();

50 }

51

52 private:

53 ~MockSSLPrivateKey() override {

54 if (on_destroyed_)

55 *on_destroyed_ = true;

56 }

57

58 bool* on_destroyed_;

59 };

60

61 // Check that GetInstance() returns non-null

62 TEST_F(OpenSSLClientKeyStoreTest, GetInstance) {

63 ASSERT_TRUE(store_);

64 }

65

66 // Check that Flush() works correctly.

67 TEST_F(OpenSSLClientKeyStoreTest, Flush) {

68 ASSERT_TRUE(store_);

69

70 scoped_refptr<X509Certificate> cert_1(

71 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));

72 ASSERT_TRUE(cert_1);

73

74 EXPECT_TRUE(store_->RecordClientCertPrivateKey(

75 cert_1.get(), make_scoped_refptr(new MockSSLPrivateKey)));

76

77 store_->Flush();

78

79 // Retrieve the private key. This should fail because the store

80 // was flushed.

81 EXPECT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get()));

82 }

83

84 // Check that trying to retrieve the private key of an unknown certificate

85 // simply fails by returning null.

86 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) {

87 ASSERT_TRUE(store_);

88

89 scoped_refptr<X509Certificate> cert_1(

90 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));

91 ASSERT_TRUE(cert_1);

92

93 // Retrieve the private key now. This should fail because it was

94 // never recorded in the store.

95 EXPECT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get()));

96 }

97

98 // Check that any private key recorded through RecordClientCertPrivateKey

99 // can be retrieved with FetchClientCertPrivateKey.

100 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) {

101 ASSERT_TRUE(store_);

102

103 // Any certificate / key pair will do, the store is not supposed to

104 // check that the private and certificate public keys match. This is

105 // by design since the private EVP_PKEY could be a wrapper around a

106 // JNI reference, with no way to access the real private key bits.

107 scoped_refptr<X509Certificate> cert_1(

108 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));

109 ASSERT_TRUE(cert_1);

110

111 bool on_destroyed = false;

112 scoped_refptr<MockSSLPrivateKey> priv_key(new MockSSLPrivateKey);

113 priv_key->set_on_destroyed(&on_destroyed);

114

115 // Add a key twice.

116 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), priv_key));

117 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), priv_key));

118

119 // Retrieve the private key.

120 scoped_refptr<SSLPrivateKey> pkey2 =

121 store_->FetchClientCertPrivateKey(cert_1.get());

122 EXPECT_EQ(pkey2.get(), priv_key.get());

123

124 // Flush the key store and release all references. At this point, the private

125 // key should be cleanly destroyed.

126 store_->Flush();

127 priv_key = nullptr;

128 pkey2 = nullptr;

129 EXPECT_TRUE(on_destroyed);

130 }

131

132 // Same test, but with two certificates / private keys.

133 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) {

134 scoped_refptr<X509Certificate> cert_1(

135 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));

136 ASSERT_TRUE(cert_1);

137

138 scoped_refptr<X509Certificate> cert_2(

139 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));

140 ASSERT_TRUE(cert_2);

141

142 scoped_refptr<SSLPrivateKey> priv_key1(new MockSSLPrivateKey);

143 scoped_refptr<SSLPrivateKey> priv_key2(new MockSSLPrivateKey);

144

145 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), priv_key1));

146 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(), priv_key2));

147

148 scoped_refptr<SSLPrivateKey> fetch_key1 =

149 store_->FetchClientCertPrivateKey(cert_1.get());

150 scoped_refptr<SSLPrivateKey> fetch_key2 =

151 store_->FetchClientCertPrivateKey(cert_2.get());

152

153 EXPECT_TRUE(fetch_key1);

154 EXPECT_TRUE(fetch_key2);

155

156 EXPECT_EQ(fetch_key1.get(), priv_key1.get());

157 EXPECT_EQ(fetch_key2.get(), priv_key2.get());

158 }

159

160 } // namespace

161 } // namespace net

OLD	NEW

« no previous file with comments | « net/ssl/openssl_client_key_store.cc ('k') | net/ssl/ssl_client_auth_cache.h » ('j') | no next file with comments »