OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/nss_cert_database_chromeos.h" | 5 #include "net/cert/nss_cert_database_chromeos.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/callback.h" | 8 #include "base/callback.h" |
9 #include "base/message_loop/message_loop_proxy.h" | 9 #include "base/message_loop/message_loop_proxy.h" |
10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
11 #include "crypto/nss_util_internal.h" | 11 #include "crypto/nss_util_internal.h" |
12 #include "crypto/scoped_test_nss_chromeos_user.h" | 12 #include "crypto/scoped_test_nss_chromeos_user.h" |
| 13 #include "crypto/scoped_test_nss_db.h" |
13 #include "net/base/test_data_directory.h" | 14 #include "net/base/test_data_directory.h" |
14 #include "net/cert/cert_database.h" | 15 #include "net/cert/cert_database.h" |
15 #include "net/test/cert_test_util.h" | 16 #include "net/test/cert_test_util.h" |
16 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
17 | 18 |
18 namespace net { | 19 namespace net { |
19 | 20 |
20 namespace { | 21 namespace { |
21 | 22 |
22 bool IsCertInCertificateList(const X509Certificate* cert, | 23 bool IsCertInCertificateList(const X509Certificate* cert, |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 user_1_.FinishInit(); | 55 user_1_.FinishInit(); |
55 user_2_.FinishInit(); | 56 user_2_.FinishInit(); |
56 | 57 |
57 // Create NSSCertDatabaseChromeOS for each user. | 58 // Create NSSCertDatabaseChromeOS for each user. |
58 db_1_.reset(new NSSCertDatabaseChromeOS( | 59 db_1_.reset(new NSSCertDatabaseChromeOS( |
59 crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()), | 60 crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()), |
60 crypto::GetPrivateSlotForChromeOSUser( | 61 crypto::GetPrivateSlotForChromeOSUser( |
61 user_1_.username_hash(), | 62 user_1_.username_hash(), |
62 base::Callback<void(crypto::ScopedPK11Slot)>()))); | 63 base::Callback<void(crypto::ScopedPK11Slot)>()))); |
63 db_1_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); | 64 db_1_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); |
| 65 db_1_->SetSystemSlot( |
| 66 crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot()))); |
64 db_2_.reset(new NSSCertDatabaseChromeOS( | 67 db_2_.reset(new NSSCertDatabaseChromeOS( |
65 crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()), | 68 crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()), |
66 crypto::GetPrivateSlotForChromeOSUser( | 69 crypto::GetPrivateSlotForChromeOSUser( |
67 user_2_.username_hash(), | 70 user_2_.username_hash(), |
68 base::Callback<void(crypto::ScopedPK11Slot)>()))); | 71 base::Callback<void(crypto::ScopedPK11Slot)>()))); |
69 db_2_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); | 72 db_2_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); |
70 | 73 |
71 // Add observer to CertDatabase for checking that notifications from | 74 // Add observer to CertDatabase for checking that notifications from |
72 // NSSCertDatabaseChromeOS are proxied to the CertDatabase. | 75 // NSSCertDatabaseChromeOS are proxied to the CertDatabase. |
73 CertDatabase::GetInstance()->AddObserver(this); | 76 CertDatabase::GetInstance()->AddObserver(this); |
(...skipping 17 matching lines...) Expand all Loading... |
91 } | 94 } |
92 | 95 |
93 protected: | 96 protected: |
94 bool observer_added_; | 97 bool observer_added_; |
95 // Certificates that were passed to the CertDatabase observers. | 98 // Certificates that were passed to the CertDatabase observers. |
96 std::vector<CERTCertificate*> added_ca_; | 99 std::vector<CERTCertificate*> added_ca_; |
97 std::vector<CERTCertificate*> added_; | 100 std::vector<CERTCertificate*> added_; |
98 | 101 |
99 crypto::ScopedTestNSSChromeOSUser user_1_; | 102 crypto::ScopedTestNSSChromeOSUser user_1_; |
100 crypto::ScopedTestNSSChromeOSUser user_2_; | 103 crypto::ScopedTestNSSChromeOSUser user_2_; |
| 104 crypto::ScopedTestNSSDB system_db_; |
101 scoped_ptr<NSSCertDatabaseChromeOS> db_1_; | 105 scoped_ptr<NSSCertDatabaseChromeOS> db_1_; |
102 scoped_ptr<NSSCertDatabaseChromeOS> db_2_; | 106 scoped_ptr<NSSCertDatabaseChromeOS> db_2_; |
103 }; | 107 }; |
104 | 108 |
105 // Test that ListModules() on each user includes that user's NSS software slot, | 109 // Test that ListModules() on each user includes that user's NSS software slot, |
106 // and does not include the software slot of the other user. (Does not check the | 110 // and does not include the software slot of the other user. (Does not check the |
107 // private slot, since it is the same as the public slot in tests.) | 111 // private slot, since it is the same as the public slot in tests.) |
108 TEST_F(NSSCertDatabaseChromeOSTest, ListModules) { | 112 TEST_F(NSSCertDatabaseChromeOSTest, ListModules) { |
109 CryptoModuleList modules_1; | 113 CryptoModuleList modules_1; |
110 CryptoModuleList modules_2; | 114 CryptoModuleList modules_2; |
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
269 db_1_->ListCerts(base::Bind(&SwapCertLists, base::Unretained(&certlist))); | 273 db_1_->ListCerts(base::Bind(&SwapCertLists, base::Unretained(&certlist))); |
270 EXPECT_EQ(0U, certlist.size()); | 274 EXPECT_EQ(0U, certlist.size()); |
271 | 275 |
272 db_1_.reset(); | 276 db_1_.reset(); |
273 | 277 |
274 base::RunLoop().RunUntilIdle(); | 278 base::RunLoop().RunUntilIdle(); |
275 | 279 |
276 EXPECT_LT(0U, certlist.size()); | 280 EXPECT_LT(0U, certlist.size()); |
277 } | 281 } |
278 | 282 |
| 283 TEST_F(NSSCertDatabaseChromeOSTest, ListCertsReadsSystemSlot) { |
| 284 scoped_refptr<X509Certificate> cert_1( |
| 285 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 286 "client_1.pem", |
| 287 "client_1.pk8", |
| 288 db_1_->GetPublicSlot().get())); |
| 289 |
| 290 scoped_refptr<X509Certificate> cert_2( |
| 291 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 292 "client_2.pem", |
| 293 "client_2.pk8", |
| 294 db_1_->GetSystemSlot().get())); |
| 295 CertificateList certs; |
| 296 db_1_->ListCertsSync(&certs); |
| 297 EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs)); |
| 298 EXPECT_TRUE(IsCertInCertificateList(cert_2.get(), certs)); |
| 299 } |
| 300 |
| 301 TEST_F(NSSCertDatabaseChromeOSTest, ListCertsDoesNotCrossReadSystemSlot) { |
| 302 scoped_refptr<X509Certificate> cert_1( |
| 303 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 304 "client_1.pem", |
| 305 "client_1.pk8", |
| 306 db_2_->GetPublicSlot().get())); |
| 307 |
| 308 scoped_refptr<X509Certificate> cert_2( |
| 309 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 310 "client_2.pem", |
| 311 "client_2.pk8", |
| 312 system_db_.slot())); |
| 313 CertificateList certs; |
| 314 db_2_->ListCertsSync(&certs); |
| 315 EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs)); |
| 316 EXPECT_FALSE(IsCertInCertificateList(cert_2.get(), certs)); |
| 317 } |
| 318 |
279 } // namespace net | 319 } // namespace net |
OLD | NEW |