Enable system token in platformKeys api.

chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Must be packed to ../enterprise_platform_keys.crx using the private key
 // ../enterprise_platform_keys.pem .
 
 'use strict';
 
 var assertEq = chrome.test.assertEq;
 var assertTrue = chrome.test.assertTrue;
 var assertThrows = chrome.test.assertThrows;
 var fail = chrome.test.fail;
 var succeed = chrome.test.succeed;
 var callbackPass = chrome.test.callbackPass;
 var callbackFail= chrome.test.callbackFail;
 
 // openssl req -new -x509 -key privkey.pem \
 //   -outform der -out cert.der -days 36500
 // xxd -i cert.der
-// based on privateKeyPkcs8
+// Based on privateKeyPkcs8User, which is stored in the user's token.
 var cert1a = new Uint8Array([
   0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
   0x02, 0x02, 0x09, 0x00, 0xd2, 0xcc, 0x76, 0xeb, 0x19, 0xb9, 0x3a, 0x33,
   0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
   0x05, 0x05, 0x00, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
   0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
   0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
   0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a,
   0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
   0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c,
@@ skipping 23 matching lines @@
   0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
   0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41,
   0x00, 0x37, 0x23, 0x2f, 0x81, 0x24, 0xfc, 0xec, 0x2d, 0x0b, 0xd1, 0xa0,
   0x74, 0xdf, 0x2e, 0x34, 0x9a, 0x92, 0x33, 0xae, 0x75, 0xd6, 0x60, 0xfc,
   0x44, 0x1d, 0x65, 0x8c, 0xb7, 0xd9, 0x60, 0x3b, 0xc7, 0x20, 0x30, 0xdf,
   0x17, 0x07, 0xd1, 0x87, 0xda, 0x2b, 0x7f, 0x84, 0xf3, 0xfc, 0xb0, 0x31,
   0x42, 0x08, 0x17, 0x96, 0xd2, 0x1b, 0xdc, 0x28, 0xae, 0xf8, 0xbd, 0xf9,
   0x4e, 0x78, 0xc3, 0xe8, 0x80
 ]);
 
-// based on privateKeyPkcs8, different from cert1a
+// Based on privateKeyPkcs8User, different from cert1a.
 var cert1b = new Uint8Array([
   0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
   0x02, 0x02, 0x09, 0x00, 0xe7, 0x1e, 0x6e, 0xb0, 0x12, 0x87, 0xf5, 0x09,
   0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
   0x05, 0x05, 0x00, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
   0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
   0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
   0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a,
   0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
   0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c,
@@ skipping 23 matching lines @@
   0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
   0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41,
   0x00, 0x82, 0x95, 0xa7, 0x08, 0x6c, 0xbd, 0x49, 0xe6, 0x1e, 0xc1, 0xd9,
   0x58, 0x54, 0x11, 0x11, 0x84, 0x77, 0x1e, 0xad, 0xe9, 0x73, 0x69, 0x1c,
   0x5c, 0xaa, 0x26, 0x3e, 0x5f, 0x1d, 0x89, 0x20, 0xc3, 0x90, 0xa4, 0x67,
   0xfa, 0x26, 0x20, 0xd7, 0x1f, 0xae, 0x42, 0x89, 0x30, 0x61, 0x43, 0x8a,
   0x8c, 0xbe, 0xd4, 0x32, 0xf7, 0x96, 0x71, 0x2a, 0xcd, 0xeb, 0x26, 0xf6,
   0xdb, 0x54, 0x95, 0xca, 0x5a
 ]);
 
-// based on a private key different than privateKeyPkcs8
+// Based on a private key different than privateKeyPkcs8User or
+// privateKeyPkcs8System.
 var cert2 = new Uint8Array([
   0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
   0x02, 0x02, 0x09, 0x00, 0x9e, 0x11, 0x7e, 0xff, 0x43, 0x84, 0xd4, 0xe6,
   0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
   0x05, 0x05, 0x00, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
   0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
   0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
   0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a,
   0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
   0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c,
@@ skipping 23 matching lines @@
   0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
   0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41,
   0x00, 0xa5, 0xe8, 0x9d, 0x3d, 0xc4, 0x1a, 0x6e, 0xd2, 0x92, 0x42, 0x37,
   0xb9, 0x3a, 0xb3, 0x8e, 0x2f, 0x55, 0xb5, 0xf2, 0xe4, 0x6e, 0x39, 0x0d,
   0xa8, 0xba, 0x10, 0x43, 0x57, 0xdd, 0x4e, 0x4e, 0x52, 0xc6, 0xbe, 0x07,
   0xdb, 0x83, 0x05, 0x97, 0x97, 0xc1, 0x7b, 0xd5, 0x5c, 0x50, 0x64, 0x0f,
   0x96, 0xff, 0x3d, 0x83, 0x37, 0x8f, 0x3a, 0x85, 0x08, 0x62, 0x5c, 0xb1,
   0x2f, 0x68, 0xb2, 0x4a, 0x4a
 ]);
 
+// Based on privateKeyPkcs8System, which is stored in the system token.
+var certSystem = new Uint8Array([
+  0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
+  0x02, 0x02, 0x09, 0x00, 0xf4, 0x3d, 0x9f, 0xd2, 0x1e, 0xa4, 0xf5, 0x82,
+  0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
+  0x05, 0x05, 0x00, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
+  0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+  0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
+  0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+  0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
+  0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c,
+  0x74, 0x64, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x37, 0x32, 0x38,
+  0x31, 0x33, 0x31, 0x36, 0x34, 0x35, 0x5a, 0x18, 0x0f, 0x32, 0x31, 0x31,
+  0x34, 0x30, 0x37, 0x30, 0x34, 0x31, 0x33, 0x31, 0x36, 0x34, 0x35, 0x5a,
+  0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+  0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
+  0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
+  0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
+  0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
+  0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30,
+  0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
+  0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00,
+  0xe8, 0xb3, 0x04, 0xb1, 0xad, 0xef, 0x6b, 0xe5, 0xbe, 0xc9, 0x05, 0x75,
+  0x07, 0x41, 0xf5, 0x70, 0x50, 0xc2, 0xe8, 0xee, 0xeb, 0x09, 0x9d, 0x49,
+  0x64, 0x4c, 0x60, 0x61, 0x80, 0xbe, 0xc5, 0x41, 0xf3, 0x8c, 0x57, 0x90,
+  0x3a, 0x44, 0x62, 0x6d, 0x51, 0xb8, 0xbb, 0xc6, 0x9a, 0x16, 0xdf, 0xf9,
+  0xce, 0xe3, 0xb8, 0x8c, 0x2e, 0xa2, 0x16, 0xc8, 0xed, 0xc7, 0xf8, 0x4f,
+  0xbd, 0xd3, 0x6e, 0x63, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30,
+  0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
+  0xcd, 0x97, 0x2d, 0xb2, 0xe2, 0xb8, 0x11, 0xea, 0xcf, 0x0b, 0xca, 0xad,
+  0x61, 0xf4, 0x2e, 0x49, 0x3e, 0xa0, 0x7e, 0xa7, 0x30, 0x1f, 0x06, 0x03,
+  0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xcd, 0x97, 0x2d,
+  0xb2, 0xe2, 0xb8, 0x11, 0xea, 0xcf, 0x0b, 0xca, 0xad, 0x61, 0xf4, 0x2e,
+  0x49, 0x3e, 0xa0, 0x7e, 0xa7, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
+  0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
+  0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41,
+  0x00, 0x8c, 0x05, 0x7e, 0xb1, 0xef, 0x5f, 0x7d, 0x80, 0x0c, 0x70, 0x9c,
+  0x99, 0x70, 0x97, 0x5f, 0x83, 0x89, 0xe3, 0x4e, 0x3c, 0x77, 0xed, 0xf3,
+  0x66, 0x2d, 0xd6, 0xa9, 0x46, 0x7d, 0xeb, 0x58, 0xbc, 0x50, 0xa7, 0xe6,
+  0xd7, 0x7d, 0xfc, 0xdd, 0x18, 0x20, 0x53, 0xfb, 0x11, 0x3d, 0xfc, 0x2f,
+  0xf3, 0x30, 0x60, 0x47, 0x2d, 0x8e, 0xd7, 0xbf, 0x0f, 0x0d, 0x47, 0x99,
+  0xcc, 0x6d, 0xab, 0xb6, 0xd6
+]);
+
 /**
  * Runs an array of asynchronous functions [f1, f2, ...] of the form
  *   function(callback) {}
  * by chaining, i.e. f1(f2(...)). Additionally, each callback is wrapped with
  * callbackPass.
  */
 function runAsyncSequence(funcs) {
   if (funcs.length == 0)
     return;
   function go(i) {
@@ skipping 53 matching lines @@
                        'Certs at index ' + i + ' differ');
           }
         }
         if (callback)
           callback();
       }));
 }
 
 /**
  * Fetches all available tokens using platformKeys.getTokens and calls
- * |callback| with the user token if available or with undefined otherwise.
+ * |callback| with the user and system token if available or with undefined
+ * otherwise.
  */
-function getUserToken(callback) {
+function getTokens(callback) {
   chrome.enterprise.platformKeys.getTokens(function(tokens) {
+    var userToken = null;
+    var systemToken = null;
     for (var i = 0; i < tokens.length; i++) {
-      if (tokens[i].id == 'user') {
-        callback(tokens[i]);
-        return;
-      }
+      if (tokens[i].id == 'user')
+        userToken = tokens[i];
+      else if (tokens[i].id == 'system')
+        systemToken = tokens[i];
     }
-    callback(undefined);
+    callback(userToken, systemToken);
   });
 }
 
 /**
  * Runs preparations before the actual tests. Calls |callback| with |userToken|.
  */
 function beforeTests(callback) {
   assertTrue(!!chrome.enterprise, "No enterprise namespace.");
   assertTrue(!!chrome.enterprise.platformKeys, "No platformKeys namespace.");
   assertTrue(!!chrome.enterprise.platformKeys.getTokens,
              "No getTokens function.");
   assertTrue(!!chrome.enterprise.platformKeys.importCertificate,
              "No importCertificate function.");
   assertTrue(!!chrome.enterprise.platformKeys.removeCertificate,
              "No removeCertificate function.");
 
-  getUserToken(function(userToken) {
-    if (!userToken)
-      fail('no user token');
-    if (userToken.id != 'user')
-      fail('token is not named "user".');
+  getTokens(function(userToken, systemToken) {
+    if (!systemToken)
+      fail('no system token');
+    if (systemToken.id != 'system')
+      fail('token is not named "system".');

[Joao da Silva, 2014/07/30 08:46:39]

Shouldnt these checks be done for the userToken too?

[pneubeck (no reviews), 2014/07/30 13:53:45]

Uuuhh. Yeah, something went wrong here.

 
-    callback(userToken);
+    callback(userToken, systemToken);
   });
 }
 
 function checkAlgorithmIsCopiedOnRead(key) {
   var algorithm = key.algorithm;
   var originalAlgorithm = {
     name: algorithm.name,
     modulusLength: algorithm.modulusLength,
     publicExponent: algorithm.publicExponent,
     hash: {name: algorithm.hash.name}
@@ skipping 101 matching lines @@
                   return window.crypto.subtle.verify(
                       algorithm, webCryptoPublicKey, cachedSignature, data);
                 }),
             function(error) { fail("Import failed: " + error); })
       .then(callbackPass(function(success) {
     assertEq(true, success, "Signature invalid.");
     callback(cachedKeyPair);
   }), function(error) { fail("Verification failed: " + error); });
 }
 
-function runTests(userToken) {
+function runTests(userToken, systemToken) {
   chrome.test.runTests([
     function hasSubtleCryptoMethods() {
       assertTrue(!!userToken.subtleCrypto.generateKey,
                  "user token has no generateKey method");
       assertTrue(!!userToken.subtleCrypto.sign,
                  "user token has no sign method");
       assertTrue(!!userToken.subtleCrypto.exportKey,
                  "user token has no exportKey method");
       succeed();
     },
-    function initiallyNoCerts() { assertCertsStored(userToken, []); },
+    function initiallyNoCerts() {
+      assertCertsStored(userToken, []);
+      assertCertsStored(systemToken, []);
+    },
 
     // Generates a key and signs some data with it. Verifies the signature using
     // WebCrypto. Verifies also that a second sign operation fails.
     function generateKeyAndSign() {
       var algorithm = {
         name: "RSASSA-PKCS1-v1_5",
         // RsaHashedKeyGenParams
         modulusLength: 512,
         // Equivalent to 65537
         publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
@@ skipping 35 matching lines @@
         hash: {
           name: "SHA-512",
         }
       };
 
       // Some random data to sign.
       var data = new Uint8Array([5, 1, 2, 3, 4, 5, 1, 2, 3, 4, 5, 0, 0, 254]);
       generateKeyAndVerify(userToken, algorithm, data, callbackPass());
     },
 
-    // Imports and removes certificates for privateKeyPkcs8, which was imported
-    // by on C++'s side.
-    // Note: After this test, privateKeyPkcs8 is not stored anymore!
-    function importAndRemoveCerts() {
+    // Importing a cert should fail, if the private key is stored in another
+    // token.
+    // This uses the cert that refers to the privateKeyPkcs8, which was imported
+    // on C++'s side.
+    function importCertWithKeyInOtherToken() {
+      chrome.enterprise.platformKeys.importCertificate(
+          systemToken.id, cert1a.buffer, callbackFail('Key not found.'));
+    },
+
+    // Imports and removes certificates for privateKeyPkcs8User, which was
+    // imported on C++'s side.
+    // Note: After this test, privateKeyPkcs8User is not stored anymore!
+    function importAndRemoveCertsToUserToken() {
       runAsyncSequence([
         chrome.enterprise.platformKeys.importCertificate.bind(
             null, userToken.id, cert1a.buffer),
         assertCertsStored.bind(null, userToken, [cert1a]),
         // Importing the same cert again shouldn't change anything.
         chrome.enterprise.platformKeys.importCertificate.bind(
             null, userToken.id, cert1a.buffer),
         assertCertsStored.bind(null, userToken, [cert1a]),
         // Importing another certificate should succeed.
         chrome.enterprise.platformKeys.importCertificate.bind(
             null, userToken.id, cert1b.buffer),
         assertCertsStored.bind(null, userToken, [cert1a, cert1b]),
+        // Shouldn't affect the system token.
+        assertCertsStored.bind(null, systemToken, []),
         chrome.enterprise.platformKeys.removeCertificate.bind(
             null, userToken.id, cert1a.buffer),
         assertCertsStored.bind(null, userToken, [cert1b]),
         chrome.enterprise.platformKeys.removeCertificate.bind(
             null, userToken.id, cert1b.buffer),
         assertCertsStored.bind(null, userToken, [])
       ]);
     },
 
+    // Imports and removes certificates for privateKeyPkcs8System, which was
+    // imported on C++'s side.
+    // Note: After this test, privateKeyPkcs8System is not stored anymore!
+    function importAndRemoveCertsToSystemToken() {
+      runAsyncSequence([
+        chrome.enterprise.platformKeys.importCertificate.bind(
+            null, systemToken.id, certSystem.buffer),
+        assertCertsStored.bind(null, systemToken, [certSystem]),
+        // Importing the same cert again shouldn't change anything.
+        chrome.enterprise.platformKeys.importCertificate.bind(
+            null, systemToken.id, certSystem.buffer),
+        assertCertsStored.bind(null, systemToken, [certSystem]),
+        // Shouldn't affect the user token.
+        assertCertsStored.bind(null, userToken, []),
+        chrome.enterprise.platformKeys.removeCertificate.bind(
+            null, systemToken.id, certSystem.buffer),
+        assertCertsStored.bind(null, systemToken, []),
+      ]);
+    },
+
     // Call generate key with invalid algorithm parameter, missing
     // modulusLength.
     function algorithmParameterMissingModulusLength() {
       var algorithm = {
         name: "RSASSA-PKCS1-v1_5",
         // Equivalent to 65537
         publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
         hash: {
           name: "SHA-1",
         }
@@ skipping 35 matching lines @@
       };
       userToken.subtleCrypto.generateKey(algorithm, false, ['sign']).then(
           function(keyPair) { fail('generateKey was expected to fail'); },
           callbackPass(function(error) {
       assertTrue(error instanceof Error);
       assertEq('A required parameter was missing or out-of-range',
                error.message);
       }));
     },
 
-    // Imports a certificate for which now private key was imported/generated
+    // Imports a certificate for which no private key was imported/generated
     // before.
     function missingPrivateKey() {
       chrome.enterprise.platformKeys.importCertificate(
           userToken.id, cert2.buffer, callbackFail('Key not found.'));
     },
+

[Joao da Silva, 2014/07/30 08:46:39]

Add newlines after the functions below too

[pneubeck (no reviews), 2014/07/30 13:53:45]

Done.

     function importInvalidCert() {
       var invalidCert = new ArrayBuffer(16);
       chrome.enterprise.platformKeys.importCertificate(
           userToken.id,
           invalidCert,
           callbackFail('Certificate is not a valid X.509 certificate.'));
     },
     function removeUnknownCert() {
       chrome.enterprise.platformKeys.removeCertificate(
           userToken.id,
           cert2.buffer,
           callbackFail('Certificate could not be found.'));
     },
     function removeInvalidCert() {
       var invalidCert = new ArrayBuffer(16);
       chrome.enterprise.platformKeys.removeCertificate(
           userToken.id,
           invalidCert,
           callbackFail('Certificate is not a valid X.509 certificate.'));
     },
     function getCertsInvalidToken() {
       chrome.enterprise.platformKeys.getCertificates(
           'invalid token id', callbackFail('The token is not valid.'));
     }
   ]);
 }
 
 beforeTests(runTests);