Chromium Code Reviews Chromium Code Reviews
Issue 421113002:
Use correct slot id for client certs in network config. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/network_connection_handler.h" | 5 #include "chromeos/network/network_connection_handler.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/file_util.h" | 9 #include "base/file_util.h" |
| 10 #include "base/json/json_reader.h" | 10 #include "base/json/json_reader.h" |
| (...skipping 187 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 198 CertLoader::Get()->StartWithNSSDB(test_nssdb_.get()); | 198 CertLoader::Get()->StartWithNSSDB(test_nssdb_.get()); |
| 199 base::RunLoop().RunUntilIdle(); | 199 base::RunLoop().RunUntilIdle(); |
| 200 } | 200 } |
| 201 | 201 |
| 202 void LoginToRegularUser() { | 202 void LoginToRegularUser() { |
| 203 LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_ACTIVE, | 203 LoginState::Get()->SetLoggedInState(LoginState::LOGGED_IN_ACTIVE, |
| 204 LoginState::LOGGED_IN_USER_REGULAR); | 204 LoginState::LOGGED_IN_USER_REGULAR); |
| 205 base::RunLoop().RunUntilIdle(); | 205 base::RunLoop().RunUntilIdle(); |
| 206 } | 206 } |
| 207 | 207 |
| 208 void ImportClientCertAndKey(const std::string& pkcs12_file, | 208 scoped_refptr<net::X509Certificate> ImportTestClientCert() { |
| 209 net::NSSCertDatabase* nssdb, | 209 net::CertificateList ca_cert_list = |
| 210 net::CertificateList* loaded_certs) { | 210 net::CreateCertificateListFromFile(net::GetTestCertsDirectory(), |
| 211 "websocket_cacert.pem", | |
| 212 net::X509Certificate::FORMAT_AUTO); | |
| 213 if (ca_cert_list.empty()) { | |
| 214 LOG(ERROR) << "No CA cert loaded."; | |
| 215 return NULL; | |
| 216 } | |
| 217 net::NSSCertDatabase::ImportCertFailureList failures; | |
| 218 EXPECT_TRUE(test_nssdb_->ImportCACerts( | |
| 219 ca_cert_list, net::NSSCertDatabase::TRUST_DEFAULT, &failures)); | |
| 220 if (!failures.empty()) { | |
| 221 LOG(ERROR) << net::ErrorToString(failures[0].net_error); | |
| 222 return NULL; | |
| 223 } | |
| 224 | |
| 211 std::string pkcs12_data; | 225 std::string pkcs12_data; |
| 212 base::FilePath pkcs12_path = | 226 base::FilePath pkcs12_path = |
| 213 net::GetTestCertsDirectory().Append(pkcs12_file); | 227 net::GetTestCertsDirectory().Append("websocket_client_cert.p12"); |
| 214 ASSERT_TRUE(base::ReadFileToString(pkcs12_path, &pkcs12_data)); | 228 if (!base::ReadFileToString(pkcs12_path, &pkcs12_data)) |
| 229 return NULL; | |
| 215 | 230 |
| 216 scoped_refptr<net::CryptoModule> module( | 231 net::CertificateList loaded_certs; |
| 217 net::CryptoModule::CreateFromHandle(nssdb->GetPrivateSlot().get())); | 232 scoped_refptr<net::CryptoModule> module(net::CryptoModule::CreateFromHandle( |
| 218 ASSERT_EQ( | 233 test_nssdb_->GetPrivateSlot().get())); |
| 219 net::OK, | 234 if (net::OK != |
| 220 nssdb->ImportFromPKCS12(module, pkcs12_data, base::string16(), false, | 235 test_nssdb_->ImportFromPKCS12( |
| 221 loaded_certs)); | 236 module, pkcs12_data, base::string16(), false, &loaded_certs)) { |
|
stevenjb
2014/07/29 18:31:10
nit: ... != net::OK
| |
| 222 ASSERT_EQ(1U, loaded_certs->size()); | 237 LOG(ERROR) << "Error while importing to NSSDB."; |
| 238 return NULL; | |
| 239 } | |
| 240 | |
| 241 // File contains two certs, the client cert first and the CA cert second. | |
| 242 if (loaded_certs.size() != 2U) { | |
| 243 LOG(ERROR) << "Expected two certs in file, found " << loaded_certs.size(); | |
| 244 return NULL; | |
| 245 } | |
| 246 return loaded_certs[0]; | |
| 223 } | 247 } |
| 224 | 248 |
| 225 void SetupPolicy(const std::string& network_configs_json, | 249 void SetupPolicy(const std::string& network_configs_json, |
| 226 const base::DictionaryValue& global_config, | 250 const base::DictionaryValue& global_config, |
| 227 bool user_policy) { | 251 bool user_policy) { |
| 228 std::string error; | 252 std::string error; |
| 229 scoped_ptr<base::Value> network_configs_value( | 253 scoped_ptr<base::Value> network_configs_value( |
| 230 base::JSONReader::ReadAndReturnError(network_configs_json, | 254 base::JSONReader::ReadAndReturnError(network_configs_json, |
| 231 base::JSON_ALLOW_TRAILING_COMMAS, | 255 base::JSON_ALLOW_TRAILING_COMMAS, |
| 232 NULL, | 256 NULL, |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 348 base::DictionaryValue(), // no global config | 372 base::DictionaryValue(), // no global config |
| 349 true); // load as user policy | 373 true); // load as user policy |
| 350 | 374 |
| 351 Connect("wifi4"); | 375 Connect("wifi4"); |
| 352 EXPECT_EQ(NetworkConnectionHandler::kErrorCertificateRequired, | 376 EXPECT_EQ(NetworkConnectionHandler::kErrorCertificateRequired, |
| 353 GetResultAndReset()); | 377 GetResultAndReset()); |
| 354 } | 378 } |
| 355 | 379 |
| 356 TEST_F(NetworkConnectionHandlerTest, ConnectWithCertificateSuccess) { | 380 TEST_F(NetworkConnectionHandlerTest, ConnectWithCertificateSuccess) { |
| 357 StartCertLoader(); | 381 StartCertLoader(); |
| 358 | 382 scoped_refptr<net::X509Certificate> cert = ImportTestClientCert(); |
| 359 net::CertificateList certs; | 383 ASSERT_TRUE(cert); |
| 360 ImportClientCertAndKey("websocket_client_cert.p12", | |
| 361 test_nssdb_.get(), | |
| 362 &certs); | |
| 363 | 384 |
| 364 SetupPolicy(base::StringPrintf(kPolicyWithCertPatternTemplate, | 385 SetupPolicy(base::StringPrintf(kPolicyWithCertPatternTemplate, |
| 365 certs[0]->subject().common_name.c_str()), | 386 cert->subject().common_name.c_str()), |
| 366 base::DictionaryValue(), // no global config | 387 base::DictionaryValue(), // no global config |
| 367 true); // load as user policy | 388 true); // load as user policy |
| 368 | 389 |
| 369 Connect("wifi4"); | 390 Connect("wifi4"); |
| 370 EXPECT_EQ(kSuccessResult, GetResultAndReset()); | 391 EXPECT_EQ(kSuccessResult, GetResultAndReset()); |
| 371 } | 392 } |
| 372 | 393 |
| 373 // Disabled, see http://crbug.com/396729. | 394 // Disabled, see http://crbug.com/396729. |
| 374 TEST_F(NetworkConnectionHandlerTest, | 395 TEST_F(NetworkConnectionHandlerTest, |
| 375 DISABLED_ConnectWithCertificateRequestedBeforeCertsAreLoaded) { | 396 DISABLED_ConnectWithCertificateRequestedBeforeCertsAreLoaded) { |
| 376 net::CertificateList certs; | 397 scoped_refptr<net::X509Certificate> cert = ImportTestClientCert(); |
| 377 ImportClientCertAndKey("websocket_client_cert.p12", | 398 ASSERT_TRUE(cert); |
| 378 test_nssdb_.get(), | |
| 379 &certs); | |
| 380 | 399 |
| 381 SetupPolicy(base::StringPrintf(kPolicyWithCertPatternTemplate, | 400 SetupPolicy(base::StringPrintf(kPolicyWithCertPatternTemplate, |
| 382 certs[0]->subject().common_name.c_str()), | 401 cert->subject().common_name.c_str()), |
| 383 base::DictionaryValue(), // no global config | 402 base::DictionaryValue(), // no global config |
| 384 true); // load as user policy | 403 true); // load as user policy |
| 385 | 404 |
| 386 Connect("wifi4"); | 405 Connect("wifi4"); |
| 387 | 406 |
| 388 // Connect request came before the cert loader loaded certificates, so the | 407 // Connect request came before the cert loader loaded certificates, so the |
| 389 // connect request should have been throttled until the certificates are | 408 // connect request should have been throttled until the certificates are |
| 390 // loaded. | 409 // loaded. |
| 391 EXPECT_EQ("", GetResultAndReset()); | 410 EXPECT_EQ("", GetResultAndReset()); |
| 392 | 411 |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 492 true); | 511 true); |
| 493 | 512 |
| 494 SetupPolicy(kPolicy, global_config, false /* load as device policy */); | 513 SetupPolicy(kPolicy, global_config, false /* load as device policy */); |
| 495 EXPECT_EQ(shill::kStateIdle, | 514 EXPECT_EQ(shill::kStateIdle, |
| 496 GetServiceStringProperty("wifi0", shill::kStateProperty)); | 515 GetServiceStringProperty("wifi0", shill::kStateProperty)); |
| 497 EXPECT_EQ(shill::kStateOnline, | 516 EXPECT_EQ(shill::kStateOnline, |
| 498 GetServiceStringProperty("wifi1", shill::kStateProperty)); | 517 GetServiceStringProperty("wifi1", shill::kStateProperty)); |
| 499 } | 518 } |
| 500 | 519 |
| 501 } // namespace chromeos | 520 } // namespace chromeos |
| OLD | NEW |
