Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(593)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/network/client_cert_resolver_unittest.cc

Issue 421113002: Use correct slot id for client certs in network config. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressed comments. Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chromeos/network/client_cert_resolver.cc ('k') | chromeos/network/client_cert_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 #include "chromeos/network/client_cert_resolver.h" 4 #include "chromeos/network/client_cert_resolver.h"
5 5
6 #include <cert.h> 6 #include <cert.h>
7 #include <pk11pub.h> 7 #include <pk11pub.h>
8 8
9 #include "base/file_util.h" 9 #include "base/file_util.h"
10 #include "base/files/file_path.h" 10 #include "base/files/file_path.h"
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
94 CertLoader::Shutdown(); 94 CertLoader::Shutdown();
95 TPMTokenLoader::Shutdown(); 95 TPMTokenLoader::Shutdown();
96 DBusThreadManager::Shutdown(); 96 DBusThreadManager::Shutdown();
97 CleanupSlotContents(); 97 CleanupSlotContents();
98 } 98 }
99 99
100 protected: 100 protected:
101 void StartCertLoader() { 101 void StartCertLoader() {
102 cert_loader_->StartWithNSSDB(test_nssdb_.get()); 102 cert_loader_->StartWithNSSDB(test_nssdb_.get());
103 if (test_client_cert_) { 103 if (test_client_cert_) {
104 test_pkcs11_id_ = base::StringPrintf( 104 int slot_id = 0;
105 "%i:%s", 105 const std::string pkcs11_id =
106 cert_loader_->TPMTokenSlotID(), 106 CertLoader::GetPkcs11IdAndSlotForCert(*test_client_cert_, &slot_id);
107 CertLoader::GetPkcs11IdForCert(*test_client_cert_).c_str()); 107 test_cert_id_ = base::StringPrintf("%i:%s", slot_id, pkcs11_id.c_str());
108 ASSERT_TRUE(!test_pkcs11_id_.empty());
109 } 108 }
110 } 109 }
111 110
112 // Imports a CA cert (stored as PEM in test_ca_cert_pem_) and a client 111 // Imports a CA cert (stored as PEM in test_ca_cert_pem_) and a client
113 // certificate signed by that CA. Its PKCS#11 ID is stored in 112 // certificate signed by that CA. Its PKCS#11 ID is stored in
114 // |test_pkcs11_id_|. 113 // |test_cert_id_|.
115 void SetupTestCerts() { 114 void SetupTestCerts() {
116 // Import a CA cert. 115 // Import a CA cert.
117 net::CertificateList ca_cert_list = 116 net::CertificateList ca_cert_list =
118 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), 117 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
119 "websocket_cacert.pem", 118 "websocket_cacert.pem",
120 net::X509Certificate::FORMAT_AUTO); 119 net::X509Certificate::FORMAT_AUTO);
121 ASSERT_TRUE(!ca_cert_list.empty()); 120 ASSERT_TRUE(!ca_cert_list.empty());
122 net::NSSCertDatabase::ImportCertFailureList failures; 121 net::NSSCertDatabase::ImportCertFailureList failures;
123 EXPECT_TRUE(test_nssdb_->ImportCACerts( 122 EXPECT_TRUE(test_nssdb_->ImportCACerts(
124 ca_cert_list, net::NSSCertDatabase::TRUST_DEFAULT, &failures)); 123 ca_cert_list, net::NSSCertDatabase::TRUST_DEFAULT, &failures));
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
228 const base::DictionaryValue* properties = 227 const base::DictionaryValue* properties =
229 service_test_->GetServiceProperties(kWifiStub); 228 service_test_->GetServiceProperties(kWifiStub);
230 if (!properties) 229 if (!properties)
231 return; 230 return;
232 properties->GetStringWithoutPathExpansion(shill::kEapCertIdProperty, 231 properties->GetStringWithoutPathExpansion(shill::kEapCertIdProperty,
233 pkcs11_id); 232 pkcs11_id);
234 } 233 }
235 234
236 ShillServiceClient::TestInterface* service_test_; 235 ShillServiceClient::TestInterface* service_test_;
237 ShillProfileClient::TestInterface* profile_test_; 236 ShillProfileClient::TestInterface* profile_test_;
238 std::string test_pkcs11_id_; 237 std::string test_cert_id_;
239 scoped_refptr<net::X509Certificate> test_ca_cert_; 238 scoped_refptr<net::X509Certificate> test_ca_cert_;
240 std::string test_ca_cert_pem_; 239 std::string test_ca_cert_pem_;
241 base::MessageLoop message_loop_; 240 base::MessageLoop message_loop_;
242 241
243 private: 242 private:
244 void CleanupSlotContents() { 243 void CleanupSlotContents() {
245 CERTCertList* cert_list = PK11_ListCertsInSlot(private_slot_.get()); 244 CERTCertList* cert_list = PK11_ListCertsInSlot(private_slot_.get());
246 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); 245 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
247 !CERT_LIST_END(node, cert_list); 246 !CERT_LIST_END(node, cert_list);
248 node = CERT_LIST_NEXT(node)) { 247 node = CERT_LIST_NEXT(node)) {
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
288 SetupPolicy(); 287 SetupPolicy();
289 base::RunLoop().RunUntilIdle(); 288 base::RunLoop().RunUntilIdle();
290 289
291 StartCertLoader(); 290 StartCertLoader();
292 base::RunLoop().RunUntilIdle(); 291 base::RunLoop().RunUntilIdle();
293 292
294 // Verify that the resolver positively matched the pattern in the policy with 293 // Verify that the resolver positively matched the pattern in the policy with
295 // the test client cert and configured the network. 294 // the test client cert and configured the network.
296 std::string pkcs11_id; 295 std::string pkcs11_id;
297 GetClientCertProperties(&pkcs11_id); 296 GetClientCertProperties(&pkcs11_id);
298 EXPECT_EQ(test_pkcs11_id_, pkcs11_id); 297 EXPECT_EQ(test_cert_id_, pkcs11_id);
299 } 298 }
300 299
301 TEST_F(ClientCertResolverTest, ResolveAfterPolicyApplication) { 300 TEST_F(ClientCertResolverTest, ResolveAfterPolicyApplication) {
302 SetupTestCerts(); 301 SetupTestCerts();
303 StartCertLoader(); 302 StartCertLoader();
304 SetupNetworkHandlers(); 303 SetupNetworkHandlers();
305 SetupWifi(); 304 SetupWifi();
306 base::RunLoop().RunUntilIdle(); 305 base::RunLoop().RunUntilIdle();
307 306
308 // Policy application will trigger the ClientCertResolver. 307 // Policy application will trigger the ClientCertResolver.
309 SetupPolicy(); 308 SetupPolicy();
310 base::RunLoop().RunUntilIdle(); 309 base::RunLoop().RunUntilIdle();
311 310
312 // Verify that the resolver positively matched the pattern in the policy with 311 // Verify that the resolver positively matched the pattern in the policy with
313 // the test client cert and configured the network. 312 // the test client cert and configured the network.
314 std::string pkcs11_id; 313 std::string pkcs11_id;
315 GetClientCertProperties(&pkcs11_id); 314 GetClientCertProperties(&pkcs11_id);
316 EXPECT_EQ(test_pkcs11_id_, pkcs11_id); 315 EXPECT_EQ(test_cert_id_, pkcs11_id);
317 } 316 }
318 317
319 } // namespace chromeos 318 } // namespace chromeos
OLDNEW
« no previous file with comments | « chromeos/network/client_cert_resolver.cc ('k') | chromeos/network/client_cert_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698