Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(73)

Side by Side Diff: net/ssl/client_cert_store_chromeos_unittest.cc

Issue 429633004: Test NSSCertDatabaseChromeOS in the presence of the system slot. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fixed a comment. Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/nss_cert_database_chromeos_unittest.cc ('k') | net/test/cert_test_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/client_cert_store_chromeos.h" 5 #include "net/ssl/client_cert_store_chromeos.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/callback.h" 10 #include "base/callback.h"
11 #include "base/file_util.h" 11 #include "base/file_util.h"
12 #include "base/run_loop.h" 12 #include "base/run_loop.h"
13 #include "crypto/nss_util.h"
14 #include "crypto/nss_util_internal.h" 13 #include "crypto/nss_util_internal.h"
15 #include "crypto/rsa_private_key.h" 14 #include "crypto/rsa_private_key.h"
16 #include "crypto/scoped_test_nss_chromeos_user.h" 15 #include "crypto/scoped_test_nss_chromeos_user.h"
17 #include "crypto/scoped_test_system_nss_key_slot.h" 16 #include "crypto/scoped_test_system_nss_key_slot.h"
18 #include "net/base/test_data_directory.h" 17 #include "net/base/test_data_directory.h"
19 #include "net/cert/cert_type.h"
20 #include "net/cert/x509_certificate.h" 18 #include "net/cert/x509_certificate.h"
21 #include "net/ssl/client_cert_store_unittest-inl.h" 19 #include "net/ssl/client_cert_store_unittest-inl.h"
22 #include "net/test/cert_test_util.h" 20 #include "net/test/cert_test_util.h"
23 21
24 namespace net { 22 namespace net {
25 23
26 namespace { 24 namespace {
27 25
28 bool ImportClientCertToSlot(const scoped_refptr<X509Certificate>& cert,
29 PK11SlotInfo* slot) {
30 std::string nickname = cert->GetDefaultNickname(USER_CERT);
31 {
32 crypto::AutoNSSWriteLock lock;
33 SECStatus rv = PK11_ImportCert(slot,
34 cert->os_cert_handle(),
35 CK_INVALID_HANDLE,
36 nickname.c_str(),
37 PR_FALSE);
38 if (rv != SECSuccess) {
39 LOG(ERROR) << "Could not import cert";
40 return false;
41 }
42 }
43 return true;
44 }
45
46 enum ReadFromSlot { 26 enum ReadFromSlot {
47 READ_FROM_SLOT_USER, 27 READ_FROM_SLOT_USER,
48 READ_FROM_SLOT_SYSTEM 28 READ_FROM_SLOT_SYSTEM
49 }; 29 };
50 30
51 enum SystemSlotAvailability { 31 enum SystemSlotAvailability {
52 SYSTEM_SLOT_AVAILABILITY_ENABLED, 32 SYSTEM_SLOT_AVAILABILITY_ENABLED,
53 SYSTEM_SLOT_AVAILABILITY_DISABLED 33 SYSTEM_SLOT_AVAILABILITY_DISABLED
54 }; 34 };
55 35
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
159 // the system slot is enabled in the store. 139 // the system slot is enabled in the store.
160 typedef ClientCertStoreChromeOSTestDelegate<READ_FROM_SLOT_SYSTEM, 140 typedef ClientCertStoreChromeOSTestDelegate<READ_FROM_SLOT_SYSTEM,
161 SYSTEM_SLOT_AVAILABILITY_ENABLED> 141 SYSTEM_SLOT_AVAILABILITY_ENABLED>
162 DelegateReadSystem; 142 DelegateReadSystem;
163 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS_ReadSystem, 143 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS_ReadSystem,
164 ClientCertStoreTest, 144 ClientCertStoreTest,
165 DelegateReadSystem); 145 DelegateReadSystem);
166 146
167 class ClientCertStoreChromeOSTest : public ::testing::Test { 147 class ClientCertStoreChromeOSTest : public ::testing::Test {
168 public: 148 public:
169 scoped_refptr<X509Certificate> ImportCertToSlot(
170 const std::string& cert_filename,
171 const std::string& key_filename,
172 PK11SlotInfo* slot) {
173 if (!ImportSensitiveKeyFromFile(
174 GetTestCertsDirectory(), key_filename, slot)) {
175 LOG(ERROR) << "Could not import private key from file " << key_filename;
176 return NULL;
177 }
178
179 scoped_refptr<X509Certificate> cert(
180 ImportCertFromFile(GetTestCertsDirectory(), cert_filename));
181
182 if (!cert) {
183 LOG(ERROR) << "Failed to parse cert from file " << cert_filename;
184 return NULL;
185 }
186
187 if (!ImportClientCertToSlot(cert, slot))
188 return NULL;
189
190 // |cert| continues to point to the original X509Certificate before the
191 // import to |slot|. However this should not make a difference for this
192 // test.
193 return cert;
194 }
195
196 scoped_refptr<X509Certificate> ImportCertForUser( 149 scoped_refptr<X509Certificate> ImportCertForUser(
197 const std::string& username_hash, 150 const std::string& username_hash,
198 const std::string& cert_filename, 151 const std::string& cert_filename,
199 const std::string& key_filename) { 152 const std::string& key_filename) {
200 crypto::ScopedPK11Slot slot( 153 crypto::ScopedPK11Slot slot(
201 crypto::GetPublicSlotForChromeOSUser(username_hash)); 154 crypto::GetPublicSlotForChromeOSUser(username_hash));
202 if (!slot) { 155 if (!slot) {
203 LOG(ERROR) << "No slot for user " << username_hash; 156 LOG(ERROR) << "No slot for user " << username_hash;
204 return NULL; 157 return NULL;
205 } 158 }
206 159
207 return ImportCertToSlot(cert_filename, key_filename, slot.get()); 160 return ImportClientCertAndKeyFromFile(
161 GetTestCertsDirectory(), cert_filename, key_filename, slot.get());
208 } 162 }
209 163
210 }; 164 };
211 165
212 // Ensure that cert requests, that are started before the user's NSS DB is 166 // Ensure that cert requests, that are started before the user's NSS DB is
213 // initialized, will wait for the initialization and succeed afterwards. 167 // initialized, will wait for the initialization and succeed afterwards.
214 TEST_F(ClientCertStoreChromeOSTest, RequestWaitsForNSSInitAndSucceeds) { 168 TEST_F(ClientCertStoreChromeOSTest, RequestWaitsForNSSInitAndSucceeds) {
215 crypto::ScopedTestNSSChromeOSUser user("scopeduser"); 169 crypto::ScopedTestNSSChromeOSUser user("scopeduser");
216 ASSERT_TRUE(user.constructed_successfully()); 170 ASSERT_TRUE(user.constructed_successfully());
217 171
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after
340 294
341 ClientCertStoreChromeOS store( 295 ClientCertStoreChromeOS store(
342 false /* do not use system slot */, 296 false /* do not use system slot */,
343 user1.username_hash(), 297 user1.username_hash(),
344 ClientCertStoreChromeOS::PasswordDelegateFactory()); 298 ClientCertStoreChromeOS::PasswordDelegateFactory());
345 299
346 scoped_refptr<X509Certificate> cert_1( 300 scoped_refptr<X509Certificate> cert_1(
347 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8")); 301 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8"));
348 ASSERT_TRUE(cert_1); 302 ASSERT_TRUE(cert_1);
349 scoped_refptr<X509Certificate> cert_2( 303 scoped_refptr<X509Certificate> cert_2(
350 ImportCertToSlot("client_2.pem", "client_2.pk8", system_slot.slot())); 304 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(),
305 "client_2.pem",
306 "client_2.pk8",
307 system_slot.slot()));
351 ASSERT_TRUE(cert_2); 308 ASSERT_TRUE(cert_2);
352 309
353 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); 310 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());
354 311
355 base::RunLoop run_loop; 312 base::RunLoop run_loop;
356 313
357 CertificateList selected_certs; 314 CertificateList selected_certs;
358 store.GetClientCerts(*request_all, &selected_certs, run_loop.QuitClosure()); 315 store.GetClientCerts(*request_all, &selected_certs, run_loop.QuitClosure());
359 316
360 run_loop.Run(); 317 run_loop.Run();
361 318
362 // store should only return certs of the user, namely cert_1. 319 // store should only return certs of the user, namely cert_1.
363 ASSERT_EQ(1u, selected_certs.size()); 320 ASSERT_EQ(1u, selected_certs.size());
364 EXPECT_TRUE(cert_1->Equals(selected_certs[0])); 321 EXPECT_TRUE(cert_1->Equals(selected_certs[0]));
365 } 322 }
366 323
367 } // namespace net 324 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/nss_cert_database_chromeos_unittest.cc ('k') | net/test/cert_test_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698