| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/openssl_client_key_store.h" | 5 #include "net/ssl/openssl_client_key_store.h" |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "crypto/scoped_openssl_types.h" |
| 8 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 9 #include "net/test/cert_test_util.h" | 10 #include "net/test/cert_test_util.h" |
| 10 #include "testing/gtest/include/gtest/gtest.h" | 11 #include "testing/gtest/include/gtest/gtest.h" |
| 11 | 12 |
| 12 namespace net { | 13 namespace net { |
| 13 | 14 |
| 14 namespace { | 15 namespace { |
| 15 | 16 |
| 16 typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY; | |
| 17 | |
| 18 // Return the internal reference count of a given EVP_PKEY. | 17 // Return the internal reference count of a given EVP_PKEY. |
| 19 int EVP_PKEY_get_refcount(EVP_PKEY* pkey) { | 18 int EVP_PKEY_get_refcount(EVP_PKEY* pkey) { |
| 20 return pkey->references; | 19 return pkey->references; |
| 21 } | 20 } |
| 22 | 21 |
| 23 // A common test class to ensure that the store is flushed after | 22 // A common test class to ensure that the store is flushed after |
| 24 // each test. | 23 // each test. |
| 25 class OpenSSLClientKeyStoreTest : public ::testing::Test { | 24 class OpenSSLClientKeyStoreTest : public ::testing::Test { |
| 26 public: | 25 public: |
| 27 OpenSSLClientKeyStoreTest() | 26 OpenSSLClientKeyStoreTest() |
| (...skipping 15 matching lines...) Expand all Loading... |
| 43 } | 42 } |
| 44 | 43 |
| 45 // Check that Flush() works correctly. | 44 // Check that Flush() works correctly. |
| 46 TEST_F(OpenSSLClientKeyStoreTest, Flush) { | 45 TEST_F(OpenSSLClientKeyStoreTest, Flush) { |
| 47 ASSERT_TRUE(store_); | 46 ASSERT_TRUE(store_); |
| 48 | 47 |
| 49 scoped_refptr<X509Certificate> cert_1( | 48 scoped_refptr<X509Certificate> cert_1( |
| 50 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 49 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 51 ASSERT_TRUE(cert_1.get()); | 50 ASSERT_TRUE(cert_1.get()); |
| 52 | 51 |
| 53 ScopedEVP_PKEY priv_key(EVP_PKEY_new()); | 52 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); |
| 54 ASSERT_TRUE(priv_key.get()); | 53 ASSERT_TRUE(priv_key.get()); |
| 55 | 54 |
| 56 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | 55 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), |
| 57 priv_key.get())); | 56 priv_key.get())); |
| 58 | 57 |
| 59 store_->Flush(); | 58 store_->Flush(); |
| 60 | 59 |
| 61 // Retrieve the private key. This should fail because the store | 60 // Retrieve the private key. This should fail because the store |
| 62 // was flushed. | 61 // was flushed. |
| 63 ScopedEVP_PKEY pkey; | 62 crypto::ScopedEVP_PKEY pkey; |
| 64 ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); | 63 ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); |
| 65 ASSERT_FALSE(pkey.get()); | 64 ASSERT_FALSE(pkey.get()); |
| 66 } | 65 } |
| 67 | 66 |
| 68 // Check that trying to retrieve the private key of an unknown certificate | 67 // Check that trying to retrieve the private key of an unknown certificate |
| 69 // simply fails by returning null. | 68 // simply fails by returning null. |
| 70 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) { | 69 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) { |
| 71 ASSERT_TRUE(store_); | 70 ASSERT_TRUE(store_); |
| 72 | 71 |
| 73 scoped_refptr<X509Certificate> cert_1( | 72 scoped_refptr<X509Certificate> cert_1( |
| 74 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 73 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 75 ASSERT_TRUE(cert_1.get()); | 74 ASSERT_TRUE(cert_1.get()); |
| 76 | 75 |
| 77 // Retrieve the private key now. This should fail because it was | 76 // Retrieve the private key now. This should fail because it was |
| 78 // never recorded in the store. | 77 // never recorded in the store. |
| 79 ScopedEVP_PKEY pkey; | 78 crypto::ScopedEVP_PKEY pkey; |
| 80 ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); | 79 ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); |
| 81 ASSERT_FALSE(pkey.get()); | 80 ASSERT_FALSE(pkey.get()); |
| 82 } | 81 } |
| 83 | 82 |
| 84 // Check that any private key recorded through RecordClientCertPrivateKey | 83 // Check that any private key recorded through RecordClientCertPrivateKey |
| 85 // can be retrieved with FetchClientCertPrivateKey. | 84 // can be retrieved with FetchClientCertPrivateKey. |
| 86 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { | 85 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { |
| 87 ASSERT_TRUE(store_); | 86 ASSERT_TRUE(store_); |
| 88 | 87 |
| 89 // Any certificate / key pair will do, the store is not supposed to | 88 // Any certificate / key pair will do, the store is not supposed to |
| 90 // check that the private and certificate public keys match. This is | 89 // check that the private and certificate public keys match. This is |
| 91 // by design since the private EVP_PKEY could be a wrapper around a | 90 // by design since the private EVP_PKEY could be a wrapper around a |
| 92 // JNI reference, with no way to access the real private key bits. | 91 // JNI reference, with no way to access the real private key bits. |
| 93 scoped_refptr<X509Certificate> cert_1( | 92 scoped_refptr<X509Certificate> cert_1( |
| 94 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 93 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 95 ASSERT_TRUE(cert_1.get()); | 94 ASSERT_TRUE(cert_1.get()); |
| 96 | 95 |
| 97 ScopedEVP_PKEY priv_key(EVP_PKEY_new()); | 96 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); |
| 98 ASSERT_TRUE(priv_key.get()); | 97 ASSERT_TRUE(priv_key.get()); |
| 99 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get())); | 98 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get())); |
| 100 | 99 |
| 101 // Add the key a first time, this should increment its reference count. | 100 // Add the key a first time, this should increment its reference count. |
| 102 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | 101 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), |
| 103 priv_key.get())); | 102 priv_key.get())); |
| 104 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | 103 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); |
| 105 | 104 |
| 106 // Two successive calls with the same certificate / private key shall | 105 // Two successive calls with the same certificate / private key shall |
| 107 // also succeed, but the key's reference count should not be incremented. | 106 // also succeed, but the key's reference count should not be incremented. |
| 108 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | 107 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), |
| 109 priv_key.get())); | 108 priv_key.get())); |
| 110 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | 109 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); |
| 111 | 110 |
| 112 // Retrieve the private key. This should increment the private key's | 111 // Retrieve the private key. This should increment the private key's |
| 113 // reference count. | 112 // reference count. |
| 114 ScopedEVP_PKEY pkey2; | 113 crypto::ScopedEVP_PKEY pkey2; |
| 115 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey2)); | 114 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey2)); |
| 116 ASSERT_EQ(pkey2.get(), priv_key.get()); | 115 ASSERT_EQ(pkey2.get(), priv_key.get()); |
| 117 ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get())); | 116 ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get())); |
| 118 | 117 |
| 119 // Flush the store explicitely, this should decrement the private | 118 // Flush the store explicitely, this should decrement the private |
| 120 // key's reference count. | 119 // key's reference count. |
| 121 store_->Flush(); | 120 store_->Flush(); |
| 122 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | 121 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); |
| 123 } | 122 } |
| 124 | 123 |
| 125 // Same test, but with two certificates / private keys. | 124 // Same test, but with two certificates / private keys. |
| 126 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) { | 125 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) { |
| 127 scoped_refptr<X509Certificate> cert_1( | 126 scoped_refptr<X509Certificate> cert_1( |
| 128 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 127 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 129 ASSERT_TRUE(cert_1.get()); | 128 ASSERT_TRUE(cert_1.get()); |
| 130 | 129 |
| 131 scoped_refptr<X509Certificate> cert_2( | 130 scoped_refptr<X509Certificate> cert_2( |
| 132 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); | 131 ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); |
| 133 ASSERT_TRUE(cert_2.get()); | 132 ASSERT_TRUE(cert_2.get()); |
| 134 | 133 |
| 135 ScopedEVP_PKEY priv_key1(EVP_PKEY_new()); | 134 crypto::ScopedEVP_PKEY priv_key1(EVP_PKEY_new()); |
| 136 ASSERT_TRUE(priv_key1.get()); | 135 ASSERT_TRUE(priv_key1.get()); |
| 137 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get())); | 136 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get())); |
| 138 | 137 |
| 139 ScopedEVP_PKEY priv_key2(EVP_PKEY_new()); | 138 crypto::ScopedEVP_PKEY priv_key2(EVP_PKEY_new()); |
| 140 ASSERT_TRUE(priv_key2.get()); | 139 ASSERT_TRUE(priv_key2.get()); |
| 141 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get())); | 140 ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get())); |
| 142 | 141 |
| 143 ASSERT_NE(priv_key1.get(), priv_key2.get()); | 142 ASSERT_NE(priv_key1.get(), priv_key2.get()); |
| 144 | 143 |
| 145 // Add the key a first time, this shall succeed, and increment the | 144 // Add the key a first time, this shall succeed, and increment the |
| 146 // reference count. | 145 // reference count. |
| 147 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | 146 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), |
| 148 priv_key1.get())); | 147 priv_key1.get())); |
| 149 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(), | 148 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(), |
| 150 priv_key2.get())); | 149 priv_key2.get())); |
| 151 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get())); | 150 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get())); |
| 152 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get())); | 151 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get())); |
| 153 | 152 |
| 154 // Retrieve the private key now. This shall succeed and increment | 153 // Retrieve the private key now. This shall succeed and increment |
| 155 // the private key's reference count. | 154 // the private key's reference count. |
| 156 ScopedEVP_PKEY fetch_key1; | 155 crypto::ScopedEVP_PKEY fetch_key1; |
| 157 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), | 156 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), |
| 158 &fetch_key1)); | 157 &fetch_key1)); |
| 159 ScopedEVP_PKEY fetch_key2; | 158 crypto::ScopedEVP_PKEY fetch_key2; |
| 160 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_2.get(), | 159 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_2.get(), |
| 161 &fetch_key2)); | 160 &fetch_key2)); |
| 162 EXPECT_TRUE(fetch_key1.get()); | 161 EXPECT_TRUE(fetch_key1.get()); |
| 163 EXPECT_TRUE(fetch_key2.get()); | 162 EXPECT_TRUE(fetch_key2.get()); |
| 164 | 163 |
| 165 EXPECT_EQ(fetch_key1.get(), priv_key1.get()); | 164 EXPECT_EQ(fetch_key1.get(), priv_key1.get()); |
| 166 EXPECT_EQ(fetch_key2.get(), priv_key2.get()); | 165 EXPECT_EQ(fetch_key2.get(), priv_key2.get()); |
| 167 | 166 |
| 168 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get())); | 167 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get())); |
| 169 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get())); | 168 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get())); |
| 170 } | 169 } |
| 171 | 170 |
| 172 } // namespace | 171 } // namespace |
| 173 } // namespace net | 172 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 388683002:
Switch OpenSSLClientKeyStore::ScopedEVP_PKEY to crypto::ScopedEVP_PKEY. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src