OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/client_cert_store_chromeos.h" | 5 #include "net/ssl/client_cert_store_chromeos.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/file_util.h" | 11 #include "base/file_util.h" |
12 #include "base/run_loop.h" | 12 #include "base/run_loop.h" |
13 #include "crypto/nss_util.h" | |
14 #include "crypto/nss_util_internal.h" | 13 #include "crypto/nss_util_internal.h" |
15 #include "crypto/rsa_private_key.h" | 14 #include "crypto/rsa_private_key.h" |
16 #include "crypto/scoped_test_nss_chromeos_user.h" | 15 #include "crypto/scoped_test_nss_chromeos_user.h" |
17 #include "crypto/scoped_test_system_nss_key_slot.h" | 16 #include "crypto/scoped_test_system_nss_key_slot.h" |
18 #include "net/base/test_data_directory.h" | 17 #include "net/base/test_data_directory.h" |
19 #include "net/cert/cert_type.h" | |
20 #include "net/cert/x509_certificate.h" | 18 #include "net/cert/x509_certificate.h" |
21 #include "net/ssl/client_cert_store_unittest-inl.h" | 19 #include "net/ssl/client_cert_store_unittest-inl.h" |
22 #include "net/test/cert_test_util.h" | 20 #include "net/test/cert_test_util.h" |
23 | 21 |
24 namespace net { | 22 namespace net { |
25 | 23 |
26 namespace { | 24 namespace { |
27 | 25 |
28 bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert, | |
29 PK11SlotInfo* slot) { | |
30 std::string nickname = cert->GetDefaultNickname(USER_CERT); | |
31 { | |
32 crypto::AutoNSSWriteLock lock; | |
33 SECStatus rv = PK11_ImportCert(slot, | |
34 cert->os_cert_handle(), | |
35 CK_INVALID_HANDLE, | |
36 nickname.c_str(), | |
37 PR_FALSE); | |
38 if (rv != SECSuccess) { | |
39 LOG(ERROR) << "Could not import cert"; | |
40 return false; | |
41 } | |
42 } | |
43 return true; | |
44 } | |
45 | |
46 enum ReadFromSlot { | 26 enum ReadFromSlot { |
47 READ_FROM_SLOT_USER, | 27 READ_FROM_SLOT_USER, |
48 READ_FROM_SLOT_SYSTEM | 28 READ_FROM_SLOT_SYSTEM |
49 }; | 29 }; |
50 | 30 |
51 enum SystemSlotAvailability { | 31 enum SystemSlotAvailability { |
52 SYSTEM_SLOT_AVAILABILITY_ENABLED, | 32 SYSTEM_SLOT_AVAILABILITY_ENABLED, |
53 SYSTEM_SLOT_AVAILABILITY_DISABLED | 33 SYSTEM_SLOT_AVAILABILITY_DISABLED |
54 }; | 34 }; |
55 | 35 |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
159 // the system slot is enabled in the store. | 139 // the system slot is enabled in the store. |
160 typedef ClientCertStoreChromeOSTestDelegate<READ_FROM_SLOT_SYSTEM, | 140 typedef ClientCertStoreChromeOSTestDelegate<READ_FROM_SLOT_SYSTEM, |
161 SYSTEM_SLOT_AVAILABILITY_ENABLED> | 141 SYSTEM_SLOT_AVAILABILITY_ENABLED> |
162 DelegateReadSystem; | 142 DelegateReadSystem; |
163 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS_ReadSystem, | 143 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS_ReadSystem, |
164 ClientCertStoreTest, | 144 ClientCertStoreTest, |
165 DelegateReadSystem); | 145 DelegateReadSystem); |
166 | 146 |
167 class ClientCertStoreChromeOSTest : public ::testing::Test { | 147 class ClientCertStoreChromeOSTest : public ::testing::Test { |
168 public: | 148 public: |
169 scoped_refptr<X509Certificate> ImportCertToSlot( | |
170 const std::string& cert_filename, | |
171 const std::string& key_filename, | |
172 PK11SlotInfo* slot) { | |
173 if (!ImportSensitiveKeyFromFile( | |
174 GetTestCertsDirectory(), key_filename, slot)) { | |
175 LOG(ERROR) << "Could not import private key from file " << key_filename; | |
176 return NULL; | |
177 } | |
178 | |
179 scoped_refptr<X509Certificate> cert( | |
180 ImportCertFromFile(GetTestCertsDirectory(), cert_filename)); | |
181 | |
182 if (!cert) { | |
183 LOG(ERROR) << "Failed to parse cert from file " << cert_filename; | |
184 return NULL; | |
185 } | |
186 | |
187 if (!ImportClientCertToSlot(cert, slot)) | |
188 return NULL; | |
189 | |
190 // |cert| continues to point to the original X509Certificate before the | |
191 // import to |slot|. However this should not make a difference for this | |
192 // test. | |
193 return cert; | |
194 } | |
195 | |
196 scoped_refptr<X509Certificate> ImportCertForUser( | 149 scoped_refptr<X509Certificate> ImportCertForUser( |
197 const std::string& username_hash, | 150 const std::string& username_hash, |
198 const std::string& cert_filename, | 151 const std::string& cert_filename, |
199 const std::string& key_filename) { | 152 const std::string& key_filename) { |
200 crypto::ScopedPK11Slot slot( | 153 crypto::ScopedPK11Slot slot( |
201 crypto::GetPublicSlotForChromeOSUser(username_hash)); | 154 crypto::GetPublicSlotForChromeOSUser(username_hash)); |
202 if (!slot) { | 155 if (!slot) { |
203 LOG(ERROR) << "No slot for user " << username_hash; | 156 LOG(ERROR) << "No slot for user " << username_hash; |
204 return NULL; | 157 return NULL; |
205 } | 158 } |
206 | 159 |
207 return ImportCertToSlot(cert_filename, key_filename, slot.get()); | 160 return ImportClientCertAndKeyFromFile( |
| 161 GetTestCertsDirectory(), cert_filename, key_filename, slot.get()); |
208 } | 162 } |
209 | 163 |
210 }; | 164 }; |
211 | 165 |
212 // Ensure that cert requests, that are started before the user's NSS DB is | 166 // Ensure that cert requests, that are started before the user's NSS DB is |
213 // initialized, will wait for the initialization and succeed afterwards. | 167 // initialized, will wait for the initialization and succeed afterwards. |
214 TEST_F(ClientCertStoreChromeOSTest, RequestWaitsForNSSInitAndSucceeds) { | 168 TEST_F(ClientCertStoreChromeOSTest, RequestWaitsForNSSInitAndSucceeds) { |
215 crypto::ScopedTestNSSChromeOSUser user("scopeduser"); | 169 crypto::ScopedTestNSSChromeOSUser user("scopeduser"); |
216 ASSERT_TRUE(user.constructed_successfully()); | 170 ASSERT_TRUE(user.constructed_successfully()); |
217 | 171 |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
340 | 294 |
341 ClientCertStoreChromeOS store( | 295 ClientCertStoreChromeOS store( |
342 false /* do not use system slot */, | 296 false /* do not use system slot */, |
343 user1.username_hash(), | 297 user1.username_hash(), |
344 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 298 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
345 | 299 |
346 scoped_refptr<X509Certificate> cert_1( | 300 scoped_refptr<X509Certificate> cert_1( |
347 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8")); | 301 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8")); |
348 ASSERT_TRUE(cert_1); | 302 ASSERT_TRUE(cert_1); |
349 scoped_refptr<X509Certificate> cert_2( | 303 scoped_refptr<X509Certificate> cert_2( |
350 ImportCertToSlot("client_2.pem", "client_2.pk8", system_slot.slot())); | 304 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 305 "client_2.pem", |
| 306 "client_2.pk8", |
| 307 system_slot.slot())); |
351 ASSERT_TRUE(cert_2); | 308 ASSERT_TRUE(cert_2); |
352 | 309 |
353 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); | 310 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); |
354 | 311 |
355 base::RunLoop run_loop; | 312 base::RunLoop run_loop; |
356 | 313 |
357 CertificateList selected_certs; | 314 CertificateList selected_certs; |
358 store.GetClientCerts(*request_all, &selected_certs, run_loop.QuitClosure()); | 315 store.GetClientCerts(*request_all, &selected_certs, run_loop.QuitClosure()); |
359 | 316 |
360 run_loop.Run(); | 317 run_loop.Run(); |
361 | 318 |
362 // store should only return certs of the user, namely cert_1. | 319 // store should only return certs of the user, namely cert_1. |
363 ASSERT_EQ(1u, selected_certs.size()); | 320 ASSERT_EQ(1u, selected_certs.size()); |
364 EXPECT_TRUE(cert_1->Equals(selected_certs[0])); | 321 EXPECT_TRUE(cert_1->Equals(selected_certs[0])); |
365 } | 322 } |
366 | 323 |
367 } // namespace net | 324 } // namespace net |
OLD | NEW |