| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/openssl_client_key_store.h" | 5 #include "net/ssl/openssl_client_key_store.h" |
| 6 | 6 |
| 7 #include "base/memory/ref_counted.h" | 7 #include "base/memory/ref_counted.h" |
| 8 #include "crypto/scoped_openssl_types.h" | 8 #include "crypto/scoped_openssl_types.h" |
| 9 #include "net/base/test_data_directory.h" | 9 #include "net/base/test_data_directory.h" |
| 10 #include "net/test/cert_test_util.h" | 10 #include "net/test/cert_test_util.h" |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); | 52 crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); |
| 53 ASSERT_TRUE(priv_key.get()); | 53 ASSERT_TRUE(priv_key.get()); |
| 54 | 54 |
| 55 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | 55 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), |
| 56 priv_key.get())); | 56 priv_key.get())); |
| 57 | 57 |
| 58 store_->Flush(); | 58 store_->Flush(); |
| 59 | 59 |
| 60 // Retrieve the private key. This should fail because the store | 60 // Retrieve the private key. This should fail because the store |
| 61 // was flushed. | 61 // was flushed. |
| 62 crypto::ScopedEVP_PKEY pkey; | 62 crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get()); |
| 63 ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); | |
| 64 ASSERT_FALSE(pkey.get()); | 63 ASSERT_FALSE(pkey.get()); |
| 65 } | 64 } |
| 66 | 65 |
| 67 // Check that trying to retrieve the private key of an unknown certificate | 66 // Check that trying to retrieve the private key of an unknown certificate |
| 68 // simply fails by returning null. | 67 // simply fails by returning null. |
| 69 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) { | 68 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) { |
| 70 ASSERT_TRUE(store_); | 69 ASSERT_TRUE(store_); |
| 71 | 70 |
| 72 scoped_refptr<X509Certificate> cert_1( | 71 scoped_refptr<X509Certificate> cert_1( |
| 73 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); | 72 ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); |
| 74 ASSERT_TRUE(cert_1.get()); | 73 ASSERT_TRUE(cert_1.get()); |
| 75 | 74 |
| 76 // Retrieve the private key now. This should fail because it was | 75 // Retrieve the private key now. This should fail because it was |
| 77 // never recorded in the store. | 76 // never recorded in the store. |
| 78 crypto::ScopedEVP_PKEY pkey; | 77 crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get()); |
| 79 ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); | |
| 80 ASSERT_FALSE(pkey.get()); | 78 ASSERT_FALSE(pkey.get()); |
| 81 } | 79 } |
| 82 | 80 |
| 83 // Check that any private key recorded through RecordClientCertPrivateKey | 81 // Check that any private key recorded through RecordClientCertPrivateKey |
| 84 // can be retrieved with FetchClientCertPrivateKey. | 82 // can be retrieved with FetchClientCertPrivateKey. |
| 85 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { | 83 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { |
| 86 ASSERT_TRUE(store_); | 84 ASSERT_TRUE(store_); |
| 87 | 85 |
| 88 // Any certificate / key pair will do, the store is not supposed to | 86 // Any certificate / key pair will do, the store is not supposed to |
| 89 // check that the private and certificate public keys match. This is | 87 // check that the private and certificate public keys match. This is |
| (...skipping 13 matching lines...) Expand all Loading... |
| 103 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | 101 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); |
| 104 | 102 |
| 105 // Two successive calls with the same certificate / private key shall | 103 // Two successive calls with the same certificate / private key shall |
| 106 // also succeed, but the key's reference count should not be incremented. | 104 // also succeed, but the key's reference count should not be incremented. |
| 107 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | 105 ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), |
| 108 priv_key.get())); | 106 priv_key.get())); |
| 109 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | 107 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); |
| 110 | 108 |
| 111 // Retrieve the private key. This should increment the private key's | 109 // Retrieve the private key. This should increment the private key's |
| 112 // reference count. | 110 // reference count. |
| 113 crypto::ScopedEVP_PKEY pkey2; | 111 crypto::ScopedEVP_PKEY pkey2 = |
| 114 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey2)); | 112 store_->FetchClientCertPrivateKey(cert_1.get()); |
| 115 ASSERT_EQ(pkey2.get(), priv_key.get()); | 113 ASSERT_EQ(pkey2.get(), priv_key.get()); |
| 116 ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get())); | 114 ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get())); |
| 117 | 115 |
| 118 // Flush the store explicitely, this should decrement the private | 116 // Flush the store explicitely, this should decrement the private |
| 119 // key's reference count. | 117 // key's reference count. |
| 120 store_->Flush(); | 118 store_->Flush(); |
| 121 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); | 119 ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get())); |
| 122 } | 120 } |
| 123 | 121 |
| 124 // Same test, but with two certificates / private keys. | 122 // Same test, but with two certificates / private keys. |
| (...skipping 20 matching lines...) Expand all Loading... |
| 145 // reference count. | 143 // reference count. |
| 146 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), | 144 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), |
| 147 priv_key1.get())); | 145 priv_key1.get())); |
| 148 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(), | 146 EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(), |
| 149 priv_key2.get())); | 147 priv_key2.get())); |
| 150 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get())); | 148 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get())); |
| 151 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get())); | 149 EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get())); |
| 152 | 150 |
| 153 // Retrieve the private key now. This shall succeed and increment | 151 // Retrieve the private key now. This shall succeed and increment |
| 154 // the private key's reference count. | 152 // the private key's reference count. |
| 155 crypto::ScopedEVP_PKEY fetch_key1; | 153 crypto::ScopedEVP_PKEY fetch_key1 = |
| 156 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), | 154 store_->FetchClientCertPrivateKey(cert_1.get()); |
| 157 &fetch_key1)); | 155 crypto::ScopedEVP_PKEY fetch_key2 = |
| 158 crypto::ScopedEVP_PKEY fetch_key2; | 156 store_->FetchClientCertPrivateKey(cert_2.get()); |
| 159 ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_2.get(), | 157 |
| 160 &fetch_key2)); | |
| 161 EXPECT_TRUE(fetch_key1.get()); | 158 EXPECT_TRUE(fetch_key1.get()); |
| 162 EXPECT_TRUE(fetch_key2.get()); | 159 EXPECT_TRUE(fetch_key2.get()); |
| 163 | 160 |
| 164 EXPECT_EQ(fetch_key1.get(), priv_key1.get()); | 161 EXPECT_EQ(fetch_key1.get(), priv_key1.get()); |
| 165 EXPECT_EQ(fetch_key2.get(), priv_key2.get()); | 162 EXPECT_EQ(fetch_key2.get(), priv_key2.get()); |
| 166 | 163 |
| 167 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get())); | 164 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get())); |
| 168 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get())); | 165 EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get())); |
| 169 } | 166 } |
| 170 | 167 |
| 171 } // namespace | 168 } // namespace |
| 172 } // namespace net | 169 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 396803002:
Implement TLS client auth in the OS X OpenSSL port. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src