Chromium Code Reviews Chromium Code Reviews
Issue 430563002:
Enable system token in platformKeys api. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js |
| diff --git a/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js b/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js |
| index 116dd592c3cc9656061b2f76dcc478e081503efc..b0fc61476e760843510d4da72291f0f9de2dcd64 100644 |
| --- a/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js |
| +++ b/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js |
| @@ -18,7 +18,7 @@ var callbackFail= chrome.test.callbackFail; |
| // openssl req -new -x509 -key privkey.pem \ |
| // -outform der -out cert.der -days 36500 |
| // xxd -i cert.der |
| -// based on privateKeyPkcs8 |
| +// Based on privateKeyPkcs8User, which is stored in the user's token. |
| var cert1a = new Uint8Array([ |
| 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01, |
| 0x02, 0x02, 0x09, 0x00, 0xd2, 0xcc, 0x76, 0xeb, 0x19, 0xb9, 0x3a, 0x33, |
| @@ -62,7 +62,7 @@ var cert1a = new Uint8Array([ |
| 0x4e, 0x78, 0xc3, 0xe8, 0x80 |
| ]); |
| -// based on privateKeyPkcs8, different from cert1a |
| +// Based on privateKeyPkcs8User, different from cert1a. |
| var cert1b = new Uint8Array([ |
| 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01, |
| 0x02, 0x02, 0x09, 0x00, 0xe7, 0x1e, 0x6e, 0xb0, 0x12, 0x87, 0xf5, 0x09, |
| @@ -106,7 +106,8 @@ var cert1b = new Uint8Array([ |
| 0xdb, 0x54, 0x95, 0xca, 0x5a |
| ]); |
| -// based on a private key different than privateKeyPkcs8 |
| +// Based on a private key different than privateKeyPkcs8User or |
| +// privateKeyPkcs8System. |
| var cert2 = new Uint8Array([ |
| 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01, |
| 0x02, 0x02, 0x09, 0x00, 0x9e, 0x11, 0x7e, 0xff, 0x43, 0x84, 0xd4, 0xe6, |
| @@ -150,6 +151,50 @@ var cert2 = new Uint8Array([ |
| 0x2f, 0x68, 0xb2, 0x4a, 0x4a |
| ]); |
| +// Based on privateKeyPkcs8System, which is stored in the system token. |
| +var certSystem = new Uint8Array([ |
| + 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01, |
| + 0x02, 0x02, 0x09, 0x00, 0xf4, 0x3d, 0x9f, 0xd2, 0x1e, 0xa4, 0xf5, 0x82, |
| + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, |
| + 0x05, 0x05, 0x00, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, |
| + 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, |
| + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, |
| + 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, |
| + 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, |
| + 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, |
| + 0x74, 0x64, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x37, 0x32, 0x38, |
| + 0x31, 0x33, 0x31, 0x36, 0x34, 0x35, 0x5a, 0x18, 0x0f, 0x32, 0x31, 0x31, |
| + 0x34, 0x30, 0x37, 0x30, 0x34, 0x31, 0x33, 0x31, 0x36, 0x34, 0x35, 0x5a, |
| + 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, |
| + 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, |
| + 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, |
| + 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49, |
| + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67, |
| + 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30, |
| + 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, |
| + 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, |
| + 0xe8, 0xb3, 0x04, 0xb1, 0xad, 0xef, 0x6b, 0xe5, 0xbe, 0xc9, 0x05, 0x75, |
| + 0x07, 0x41, 0xf5, 0x70, 0x50, 0xc2, 0xe8, 0xee, 0xeb, 0x09, 0x9d, 0x49, |
| + 0x64, 0x4c, 0x60, 0x61, 0x80, 0xbe, 0xc5, 0x41, 0xf3, 0x8c, 0x57, 0x90, |
| + 0x3a, 0x44, 0x62, 0x6d, 0x51, 0xb8, 0xbb, 0xc6, 0x9a, 0x16, 0xdf, 0xf9, |
| + 0xce, 0xe3, 0xb8, 0x8c, 0x2e, 0xa2, 0x16, 0xc8, 0xed, 0xc7, 0xf8, 0x4f, |
| + 0xbd, 0xd3, 0x6e, 0x63, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, |
| + 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, |
| + 0xcd, 0x97, 0x2d, 0xb2, 0xe2, 0xb8, 0x11, 0xea, 0xcf, 0x0b, 0xca, 0xad, |
| + 0x61, 0xf4, 0x2e, 0x49, 0x3e, 0xa0, 0x7e, 0xa7, 0x30, 0x1f, 0x06, 0x03, |
| + 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xcd, 0x97, 0x2d, |
| + 0xb2, 0xe2, 0xb8, 0x11, 0xea, 0xcf, 0x0b, 0xca, 0xad, 0x61, 0xf4, 0x2e, |
| + 0x49, 0x3e, 0xa0, 0x7e, 0xa7, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, |
| + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, |
| + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, |
| + 0x00, 0x8c, 0x05, 0x7e, 0xb1, 0xef, 0x5f, 0x7d, 0x80, 0x0c, 0x70, 0x9c, |
| + 0x99, 0x70, 0x97, 0x5f, 0x83, 0x89, 0xe3, 0x4e, 0x3c, 0x77, 0xed, 0xf3, |
| + 0x66, 0x2d, 0xd6, 0xa9, 0x46, 0x7d, 0xeb, 0x58, 0xbc, 0x50, 0xa7, 0xe6, |
| + 0xd7, 0x7d, 0xfc, 0xdd, 0x18, 0x20, 0x53, 0xfb, 0x11, 0x3d, 0xfc, 0x2f, |
| + 0xf3, 0x30, 0x60, 0x47, 0x2d, 0x8e, 0xd7, 0xbf, 0x0f, 0x0d, 0x47, 0x99, |
| + 0xcc, 0x6d, 0xab, 0xb6, 0xd6 |
| +]); |
| + |
| /** |
| * Runs an array of asynchronous functions [f1, f2, ...] of the form |
| * function(callback) {} |
| @@ -223,17 +268,20 @@ function assertCertsStored(token, expectedCerts, callback) { |
| /** |
| * Fetches all available tokens using platformKeys.getTokens and calls |
| - * |callback| with the user token if available or with undefined otherwise. |
| + * |callback| with the user and system token if available or with undefined |
| + * otherwise. |
| */ |
| -function getUserToken(callback) { |
| +function getTokens(callback) { |
| chrome.enterprise.platformKeys.getTokens(function(tokens) { |
| + var userToken = null; |
| + var systemToken = null; |
| for (var i = 0; i < tokens.length; i++) { |
| - if (tokens[i].id == 'user') { |
| - callback(tokens[i]); |
| - return; |
| - } |
| + if (tokens[i].id == 'user') |
| + userToken = tokens[i]; |
| + else if (tokens[i].id == 'system') |
| + systemToken = tokens[i]; |
| } |
| - callback(undefined); |
| + callback(userToken, systemToken); |
| }); |
| } |
| @@ -250,13 +298,13 @@ function beforeTests(callback) { |
| assertTrue(!!chrome.enterprise.platformKeys.removeCertificate, |
| "No removeCertificate function."); |
| - getUserToken(function(userToken) { |
| - if (!userToken) |
| - fail('no user token'); |
| - if (userToken.id != 'user') |
| - fail('token is not named "user".'); |
| + getTokens(function(userToken, systemToken) { |
| + if (!systemToken) |
| + fail('no system token'); |
| + if (systemToken.id != 'system') |
| + fail('token is not named "system".'); |
|
Joao da Silva
2014/07/30 08:46:39
Shouldnt these checks be done for the userToken to
pneubeck (no reviews)
2014/07/30 13:53:45
Uuuhh. Yeah, something went wrong here.
|
| - callback(userToken); |
| + callback(userToken, systemToken); |
| }); |
| } |
| @@ -378,7 +426,7 @@ function generateKeyAndVerify(token, algorithm, data, callback) { |
| }), function(error) { fail("Verification failed: " + error); }); |
| } |
| -function runTests(userToken) { |
| +function runTests(userToken, systemToken) { |
| chrome.test.runTests([ |
| function hasSubtleCryptoMethods() { |
| assertTrue(!!userToken.subtleCrypto.generateKey, |
| @@ -389,7 +437,10 @@ function runTests(userToken) { |
| "user token has no exportKey method"); |
| succeed(); |
| }, |
| - function initiallyNoCerts() { assertCertsStored(userToken, []); }, |
| + function initiallyNoCerts() { |
| + assertCertsStored(userToken, []); |
| + assertCertsStored(systemToken, []); |
| + }, |
| // Generates a key and signs some data with it. Verifies the signature using |
| // WebCrypto. Verifies also that a second sign operation fails. |
| @@ -445,10 +496,19 @@ function runTests(userToken) { |
| generateKeyAndVerify(userToken, algorithm, data, callbackPass()); |
| }, |
| - // Imports and removes certificates for privateKeyPkcs8, which was imported |
| - // by on C++'s side. |
| - // Note: After this test, privateKeyPkcs8 is not stored anymore! |
| - function importAndRemoveCerts() { |
| + // Importing a cert should fail, if the private key is stored in another |
| + // token. |
| + // This uses the cert that refers to the privateKeyPkcs8, which was imported |
| + // on C++'s side. |
| + function importCertWithKeyInOtherToken() { |
| + chrome.enterprise.platformKeys.importCertificate( |
| + systemToken.id, cert1a.buffer, callbackFail('Key not found.')); |
| + }, |
| + |
| + // Imports and removes certificates for privateKeyPkcs8User, which was |
| + // imported on C++'s side. |
| + // Note: After this test, privateKeyPkcs8User is not stored anymore! |
| + function importAndRemoveCertsToUserToken() { |
| runAsyncSequence([ |
| chrome.enterprise.platformKeys.importCertificate.bind( |
| null, userToken.id, cert1a.buffer), |
| @@ -461,6 +521,8 @@ function runTests(userToken) { |
| chrome.enterprise.platformKeys.importCertificate.bind( |
| null, userToken.id, cert1b.buffer), |
| assertCertsStored.bind(null, userToken, [cert1a, cert1b]), |
| + // Shouldn't affect the system token. |
| + assertCertsStored.bind(null, systemToken, []), |
| chrome.enterprise.platformKeys.removeCertificate.bind( |
| null, userToken.id, cert1a.buffer), |
| assertCertsStored.bind(null, userToken, [cert1b]), |
| @@ -470,6 +532,26 @@ function runTests(userToken) { |
| ]); |
| }, |
| + // Imports and removes certificates for privateKeyPkcs8System, which was |
| + // imported on C++'s side. |
| + // Note: After this test, privateKeyPkcs8System is not stored anymore! |
| + function importAndRemoveCertsToSystemToken() { |
| + runAsyncSequence([ |
| + chrome.enterprise.platformKeys.importCertificate.bind( |
| + null, systemToken.id, certSystem.buffer), |
| + assertCertsStored.bind(null, systemToken, [certSystem]), |
| + // Importing the same cert again shouldn't change anything. |
| + chrome.enterprise.platformKeys.importCertificate.bind( |
| + null, systemToken.id, certSystem.buffer), |
| + assertCertsStored.bind(null, systemToken, [certSystem]), |
| + // Shouldn't affect the user token. |
| + assertCertsStored.bind(null, userToken, []), |
| + chrome.enterprise.platformKeys.removeCertificate.bind( |
| + null, systemToken.id, certSystem.buffer), |
| + assertCertsStored.bind(null, systemToken, []), |
| + ]); |
| + }, |
| + |
| // Call generate key with invalid algorithm parameter, missing |
| // modulusLength. |
| function algorithmParameterMissingModulusLength() { |
| @@ -525,12 +607,13 @@ function runTests(userToken) { |
| })); |
| }, |
| - // Imports a certificate for which now private key was imported/generated |
| + // Imports a certificate for which no private key was imported/generated |
| // before. |
| function missingPrivateKey() { |
| chrome.enterprise.platformKeys.importCertificate( |
| userToken.id, cert2.buffer, callbackFail('Key not found.')); |
| }, |
| + |
|
Joao da Silva
2014/07/30 08:46:39
Add newlines after the functions below too
pneubeck (no reviews)
2014/07/30 13:53:45
Done.
|
| function importInvalidCert() { |
| var invalidCert = new ArrayBuffer(16); |
| chrome.enterprise.platformKeys.importCertificate( |
