| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/nss_cert_database_chromeos.h" | 5 #include "net/cert/nss_cert_database_chromeos.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/message_loop/message_loop_proxy.h" | 9 #include "base/message_loop/message_loop_proxy.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| 11 #include "crypto/nss_util_internal.h" | 11 #include "crypto/nss_util_internal.h" |
| 12 #include "crypto/scoped_test_nss_chromeos_user.h" | 12 #include "crypto/scoped_test_nss_chromeos_user.h" |
| 13 #include "crypto/scoped_test_nss_db.h" |
| 13 #include "net/base/test_data_directory.h" | 14 #include "net/base/test_data_directory.h" |
| 14 #include "net/cert/cert_database.h" | 15 #include "net/cert/cert_database.h" |
| 15 #include "net/test/cert_test_util.h" | 16 #include "net/test/cert_test_util.h" |
| 16 #include "testing/gtest/include/gtest/gtest.h" | 17 #include "testing/gtest/include/gtest/gtest.h" |
| 17 | 18 |
| 18 namespace net { | 19 namespace net { |
| 19 | 20 |
| 20 namespace { | 21 namespace { |
| 21 | 22 |
| 22 bool IsCertInCertificateList(const X509Certificate* cert, | 23 bool IsCertInCertificateList(const X509Certificate* cert, |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 54 user_1_.FinishInit(); | 55 user_1_.FinishInit(); |
| 55 user_2_.FinishInit(); | 56 user_2_.FinishInit(); |
| 56 | 57 |
| 57 // Create NSSCertDatabaseChromeOS for each user. | 58 // Create NSSCertDatabaseChromeOS for each user. |
| 58 db_1_.reset(new NSSCertDatabaseChromeOS( | 59 db_1_.reset(new NSSCertDatabaseChromeOS( |
| 59 crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()), | 60 crypto::GetPublicSlotForChromeOSUser(user_1_.username_hash()), |
| 60 crypto::GetPrivateSlotForChromeOSUser( | 61 crypto::GetPrivateSlotForChromeOSUser( |
| 61 user_1_.username_hash(), | 62 user_1_.username_hash(), |
| 62 base::Callback<void(crypto::ScopedPK11Slot)>()))); | 63 base::Callback<void(crypto::ScopedPK11Slot)>()))); |
| 63 db_1_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); | 64 db_1_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); |
| 65 db_1_->SetSystemSlot( |
| 66 crypto::ScopedPK11Slot(PK11_ReferenceSlot(system_db_.slot()))); |
| 64 db_2_.reset(new NSSCertDatabaseChromeOS( | 67 db_2_.reset(new NSSCertDatabaseChromeOS( |
| 65 crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()), | 68 crypto::GetPublicSlotForChromeOSUser(user_2_.username_hash()), |
| 66 crypto::GetPrivateSlotForChromeOSUser( | 69 crypto::GetPrivateSlotForChromeOSUser( |
| 67 user_2_.username_hash(), | 70 user_2_.username_hash(), |
| 68 base::Callback<void(crypto::ScopedPK11Slot)>()))); | 71 base::Callback<void(crypto::ScopedPK11Slot)>()))); |
| 69 db_2_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); | 72 db_2_->SetSlowTaskRunnerForTest(base::MessageLoopProxy::current()); |
| 70 | 73 |
| 71 // Add observer to CertDatabase for checking that notifications from | 74 // Add observer to CertDatabase for checking that notifications from |
| 72 // NSSCertDatabaseChromeOS are proxied to the CertDatabase. | 75 // NSSCertDatabaseChromeOS are proxied to the CertDatabase. |
| 73 CertDatabase::GetInstance()->AddObserver(this); | 76 CertDatabase::GetInstance()->AddObserver(this); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 91 } | 94 } |
| 92 | 95 |
| 93 protected: | 96 protected: |
| 94 bool observer_added_; | 97 bool observer_added_; |
| 95 // Certificates that were passed to the CertDatabase observers. | 98 // Certificates that were passed to the CertDatabase observers. |
| 96 std::vector<CERTCertificate*> added_ca_; | 99 std::vector<CERTCertificate*> added_ca_; |
| 97 std::vector<CERTCertificate*> added_; | 100 std::vector<CERTCertificate*> added_; |
| 98 | 101 |
| 99 crypto::ScopedTestNSSChromeOSUser user_1_; | 102 crypto::ScopedTestNSSChromeOSUser user_1_; |
| 100 crypto::ScopedTestNSSChromeOSUser user_2_; | 103 crypto::ScopedTestNSSChromeOSUser user_2_; |
| 104 crypto::ScopedTestNSSDB system_db_; |
| 101 scoped_ptr<NSSCertDatabaseChromeOS> db_1_; | 105 scoped_ptr<NSSCertDatabaseChromeOS> db_1_; |
| 102 scoped_ptr<NSSCertDatabaseChromeOS> db_2_; | 106 scoped_ptr<NSSCertDatabaseChromeOS> db_2_; |
| 103 }; | 107 }; |
| 104 | 108 |
| 105 // Test that ListModules() on each user includes that user's NSS software slot, | 109 // Test that ListModules() on each user includes that user's NSS software slot, |
| 106 // and does not include the software slot of the other user. (Does not check the | 110 // and does not include the software slot of the other user. (Does not check the |
| 107 // private slot, since it is the same as the public slot in tests.) | 111 // private slot, since it is the same as the public slot in tests.) |
| 108 TEST_F(NSSCertDatabaseChromeOSTest, ListModules) { | 112 TEST_F(NSSCertDatabaseChromeOSTest, ListModules) { |
| 109 CryptoModuleList modules_1; | 113 CryptoModuleList modules_1; |
| 110 CryptoModuleList modules_2; | 114 CryptoModuleList modules_2; |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 269 db_1_->ListCerts(base::Bind(&SwapCertLists, base::Unretained(&certlist))); | 273 db_1_->ListCerts(base::Bind(&SwapCertLists, base::Unretained(&certlist))); |
| 270 EXPECT_EQ(0U, certlist.size()); | 274 EXPECT_EQ(0U, certlist.size()); |
| 271 | 275 |
| 272 db_1_.reset(); | 276 db_1_.reset(); |
| 273 | 277 |
| 274 base::RunLoop().RunUntilIdle(); | 278 base::RunLoop().RunUntilIdle(); |
| 275 | 279 |
| 276 EXPECT_LT(0U, certlist.size()); | 280 EXPECT_LT(0U, certlist.size()); |
| 277 } | 281 } |
| 278 | 282 |
| 283 TEST_F(NSSCertDatabaseChromeOSTest, ListCertsReadsSystemSlot) { |
| 284 scoped_refptr<X509Certificate> cert_1( |
| 285 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 286 "client_1.pem", |
| 287 "client_1.pk8", |
| 288 db_1_->GetPublicSlot().get())); |
| 289 |
| 290 scoped_refptr<X509Certificate> cert_2( |
| 291 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 292 "client_2.pem", |
| 293 "client_2.pk8", |
| 294 db_1_->GetSystemSlot().get())); |
| 295 CertificateList certs; |
| 296 db_1_->ListCertsSync(&certs); |
| 297 EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs)); |
| 298 EXPECT_TRUE(IsCertInCertificateList(cert_2.get(), certs)); |
| 299 } |
| 300 |
| 301 TEST_F(NSSCertDatabaseChromeOSTest, ListCertsDoesNotCrossReadSystemSlot) { |
| 302 scoped_refptr<X509Certificate> cert_1( |
| 303 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 304 "client_1.pem", |
| 305 "client_1.pk8", |
| 306 db_2_->GetPublicSlot().get())); |
| 307 |
| 308 scoped_refptr<X509Certificate> cert_2( |
| 309 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 310 "client_2.pem", |
| 311 "client_2.pk8", |
| 312 system_db_.slot())); |
| 313 CertificateList certs; |
| 314 db_2_->ListCertsSync(&certs); |
| 315 EXPECT_TRUE(IsCertInCertificateList(cert_1.get(), certs)); |
| 316 EXPECT_FALSE(IsCertInCertificateList(cert_2.get(), certs)); |
| 317 } |
| 318 |
| 279 } // namespace net | 319 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 429633004:
Test NSSCertDatabaseChromeOS in the presence of the system slot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src