| Index: chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js
|
| diff --git a/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js b/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js
|
| index 116dd592c3cc9656061b2f76dcc478e081503efc..e515f87fc86cd16e3f9cdbca02aad40da16f280b 100644
|
| --- a/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js
|
| +++ b/chrome/test/data/extensions/api_test/enterprise_platform_keys/basic.js
|
| @@ -18,7 +18,7 @@ var callbackFail= chrome.test.callbackFail;
|
| // openssl req -new -x509 -key privkey.pem \
|
| // -outform der -out cert.der -days 36500
|
| // xxd -i cert.der
|
| -// based on privateKeyPkcs8
|
| +// Based on privateKeyPkcs8User, which is stored in the user's token.
|
| var cert1a = new Uint8Array([
|
| 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
|
| 0x02, 0x02, 0x09, 0x00, 0xd2, 0xcc, 0x76, 0xeb, 0x19, 0xb9, 0x3a, 0x33,
|
| @@ -62,7 +62,7 @@ var cert1a = new Uint8Array([
|
| 0x4e, 0x78, 0xc3, 0xe8, 0x80
|
| ]);
|
|
|
| -// based on privateKeyPkcs8, different from cert1a
|
| +// Based on privateKeyPkcs8User, different from cert1a.
|
| var cert1b = new Uint8Array([
|
| 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
|
| 0x02, 0x02, 0x09, 0x00, 0xe7, 0x1e, 0x6e, 0xb0, 0x12, 0x87, 0xf5, 0x09,
|
| @@ -106,7 +106,8 @@ var cert1b = new Uint8Array([
|
| 0xdb, 0x54, 0x95, 0xca, 0x5a
|
| ]);
|
|
|
| -// based on a private key different than privateKeyPkcs8
|
| +// Based on a private key different than privateKeyPkcs8User or
|
| +// privateKeyPkcs8System.
|
| var cert2 = new Uint8Array([
|
| 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
|
| 0x02, 0x02, 0x09, 0x00, 0x9e, 0x11, 0x7e, 0xff, 0x43, 0x84, 0xd4, 0xe6,
|
| @@ -150,6 +151,50 @@ var cert2 = new Uint8Array([
|
| 0x2f, 0x68, 0xb2, 0x4a, 0x4a
|
| ]);
|
|
|
| +// Based on privateKeyPkcs8System, which is stored in the system token.
|
| +var certSystem = new Uint8Array([
|
| + 0x30, 0x82, 0x01, 0xd5, 0x30, 0x82, 0x01, 0x7f, 0xa0, 0x03, 0x02, 0x01,
|
| + 0x02, 0x02, 0x09, 0x00, 0xf4, 0x3d, 0x9f, 0xd2, 0x1e, 0xa4, 0xf5, 0x82,
|
| + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
|
| + 0x05, 0x05, 0x00, 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
|
| + 0x04, 0x06, 0x13, 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
|
| + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74,
|
| + 0x61, 0x74, 0x65, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a,
|
| + 0x0c, 0x18, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57,
|
| + 0x69, 0x64, 0x67, 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c,
|
| + 0x74, 0x64, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x37, 0x32, 0x38,
|
| + 0x31, 0x33, 0x31, 0x36, 0x34, 0x35, 0x5a, 0x18, 0x0f, 0x32, 0x31, 0x31,
|
| + 0x34, 0x30, 0x37, 0x30, 0x34, 0x31, 0x33, 0x31, 0x36, 0x34, 0x35, 0x5a,
|
| + 0x30, 0x45, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
|
| + 0x02, 0x41, 0x55, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08,
|
| + 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65,
|
| + 0x31, 0x21, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x18, 0x49,
|
| + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x20, 0x57, 0x69, 0x64, 0x67,
|
| + 0x69, 0x74, 0x73, 0x20, 0x50, 0x74, 0x79, 0x20, 0x4c, 0x74, 0x64, 0x30,
|
| + 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
|
| + 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00,
|
| + 0xe8, 0xb3, 0x04, 0xb1, 0xad, 0xef, 0x6b, 0xe5, 0xbe, 0xc9, 0x05, 0x75,
|
| + 0x07, 0x41, 0xf5, 0x70, 0x50, 0xc2, 0xe8, 0xee, 0xeb, 0x09, 0x9d, 0x49,
|
| + 0x64, 0x4c, 0x60, 0x61, 0x80, 0xbe, 0xc5, 0x41, 0xf3, 0x8c, 0x57, 0x90,
|
| + 0x3a, 0x44, 0x62, 0x6d, 0x51, 0xb8, 0xbb, 0xc6, 0x9a, 0x16, 0xdf, 0xf9,
|
| + 0xce, 0xe3, 0xb8, 0x8c, 0x2e, 0xa2, 0x16, 0xc8, 0xed, 0xc7, 0xf8, 0x4f,
|
| + 0xbd, 0xd3, 0x6e, 0x63, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30,
|
| + 0x4e, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
|
| + 0xcd, 0x97, 0x2d, 0xb2, 0xe2, 0xb8, 0x11, 0xea, 0xcf, 0x0b, 0xca, 0xad,
|
| + 0x61, 0xf4, 0x2e, 0x49, 0x3e, 0xa0, 0x7e, 0xa7, 0x30, 0x1f, 0x06, 0x03,
|
| + 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xcd, 0x97, 0x2d,
|
| + 0xb2, 0xe2, 0xb8, 0x11, 0xea, 0xcf, 0x0b, 0xca, 0xad, 0x61, 0xf4, 0x2e,
|
| + 0x49, 0x3e, 0xa0, 0x7e, 0xa7, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13,
|
| + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
|
| + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41,
|
| + 0x00, 0x8c, 0x05, 0x7e, 0xb1, 0xef, 0x5f, 0x7d, 0x80, 0x0c, 0x70, 0x9c,
|
| + 0x99, 0x70, 0x97, 0x5f, 0x83, 0x89, 0xe3, 0x4e, 0x3c, 0x77, 0xed, 0xf3,
|
| + 0x66, 0x2d, 0xd6, 0xa9, 0x46, 0x7d, 0xeb, 0x58, 0xbc, 0x50, 0xa7, 0xe6,
|
| + 0xd7, 0x7d, 0xfc, 0xdd, 0x18, 0x20, 0x53, 0xfb, 0x11, 0x3d, 0xfc, 0x2f,
|
| + 0xf3, 0x30, 0x60, 0x47, 0x2d, 0x8e, 0xd7, 0xbf, 0x0f, 0x0d, 0x47, 0x99,
|
| + 0xcc, 0x6d, 0xab, 0xb6, 0xd6
|
| +]);
|
| +
|
| /**
|
| * Runs an array of asynchronous functions [f1, f2, ...] of the form
|
| * function(callback) {}
|
| @@ -223,17 +268,20 @@ function assertCertsStored(token, expectedCerts, callback) {
|
|
|
| /**
|
| * Fetches all available tokens using platformKeys.getTokens and calls
|
| - * |callback| with the user token if available or with undefined otherwise.
|
| + * |callback| with the user and system token if available or with undefined
|
| + * otherwise.
|
| */
|
| -function getUserToken(callback) {
|
| +function getTokens(callback) {
|
| chrome.enterprise.platformKeys.getTokens(function(tokens) {
|
| + var userToken = null;
|
| + var systemToken = null;
|
| for (var i = 0; i < tokens.length; i++) {
|
| - if (tokens[i].id == 'user') {
|
| - callback(tokens[i]);
|
| - return;
|
| - }
|
| + if (tokens[i].id == 'user')
|
| + userToken = tokens[i];
|
| + else if (tokens[i].id == 'system')
|
| + systemToken = tokens[i];
|
| }
|
| - callback(undefined);
|
| + callback(userToken, systemToken);
|
| });
|
| }
|
|
|
| @@ -250,13 +298,18 @@ function beforeTests(callback) {
|
| assertTrue(!!chrome.enterprise.platformKeys.removeCertificate,
|
| "No removeCertificate function.");
|
|
|
| - getUserToken(function(userToken) {
|
| + getTokens(function(userToken, systemToken) {
|
| if (!userToken)
|
| fail('no user token');
|
| if (userToken.id != 'user')
|
| - fail('token is not named "user".');
|
| + fail('user token is not named "user".');
|
| +
|
| + if (!systemToken)
|
| + fail('no system token');
|
| + if (systemToken.id != 'system')
|
| + fail('system token is not named "system".');
|
|
|
| - callback(userToken);
|
| + callback(userToken, systemToken);
|
| });
|
| }
|
|
|
| @@ -378,7 +431,7 @@ function generateKeyAndVerify(token, algorithm, data, callback) {
|
| }), function(error) { fail("Verification failed: " + error); });
|
| }
|
|
|
| -function runTests(userToken) {
|
| +function runTests(userToken, systemToken) {
|
| chrome.test.runTests([
|
| function hasSubtleCryptoMethods() {
|
| assertTrue(!!userToken.subtleCrypto.generateKey,
|
| @@ -389,7 +442,11 @@ function runTests(userToken) {
|
| "user token has no exportKey method");
|
| succeed();
|
| },
|
| - function initiallyNoCerts() { assertCertsStored(userToken, []); },
|
| +
|
| + function initiallyNoCerts() {
|
| + assertCertsStored(userToken, []);
|
| + assertCertsStored(systemToken, []);
|
| + },
|
|
|
| // Generates a key and signs some data with it. Verifies the signature using
|
| // WebCrypto. Verifies also that a second sign operation fails.
|
| @@ -445,10 +502,19 @@ function runTests(userToken) {
|
| generateKeyAndVerify(userToken, algorithm, data, callbackPass());
|
| },
|
|
|
| - // Imports and removes certificates for privateKeyPkcs8, which was imported
|
| - // by on C++'s side.
|
| - // Note: After this test, privateKeyPkcs8 is not stored anymore!
|
| - function importAndRemoveCerts() {
|
| + // Importing a cert should fail, if the private key is stored in another
|
| + // token.
|
| + // This uses the cert that refers to the privateKeyPkcs8, which was imported
|
| + // on C++'s side.
|
| + function importCertWithKeyInOtherToken() {
|
| + chrome.enterprise.platformKeys.importCertificate(
|
| + systemToken.id, cert1a.buffer, callbackFail('Key not found.'));
|
| + },
|
| +
|
| + // Imports and removes certificates for privateKeyPkcs8User, which was
|
| + // imported on C++'s side.
|
| + // Note: After this test, privateKeyPkcs8User is not stored anymore!
|
| + function importAndRemoveCertsToUserToken() {
|
| runAsyncSequence([
|
| chrome.enterprise.platformKeys.importCertificate.bind(
|
| null, userToken.id, cert1a.buffer),
|
| @@ -461,6 +527,8 @@ function runTests(userToken) {
|
| chrome.enterprise.platformKeys.importCertificate.bind(
|
| null, userToken.id, cert1b.buffer),
|
| assertCertsStored.bind(null, userToken, [cert1a, cert1b]),
|
| + // Shouldn't affect the system token.
|
| + assertCertsStored.bind(null, systemToken, []),
|
| chrome.enterprise.platformKeys.removeCertificate.bind(
|
| null, userToken.id, cert1a.buffer),
|
| assertCertsStored.bind(null, userToken, [cert1b]),
|
| @@ -470,6 +538,26 @@ function runTests(userToken) {
|
| ]);
|
| },
|
|
|
| + // Imports and removes certificates for privateKeyPkcs8System, which was
|
| + // imported on C++'s side.
|
| + // Note: After this test, privateKeyPkcs8System is not stored anymore!
|
| + function importAndRemoveCertsToSystemToken() {
|
| + runAsyncSequence([
|
| + chrome.enterprise.platformKeys.importCertificate.bind(
|
| + null, systemToken.id, certSystem.buffer),
|
| + assertCertsStored.bind(null, systemToken, [certSystem]),
|
| + // Importing the same cert again shouldn't change anything.
|
| + chrome.enterprise.platformKeys.importCertificate.bind(
|
| + null, systemToken.id, certSystem.buffer),
|
| + assertCertsStored.bind(null, systemToken, [certSystem]),
|
| + // Shouldn't affect the user token.
|
| + assertCertsStored.bind(null, userToken, []),
|
| + chrome.enterprise.platformKeys.removeCertificate.bind(
|
| + null, systemToken.id, certSystem.buffer),
|
| + assertCertsStored.bind(null, systemToken, []),
|
| + ]);
|
| + },
|
| +
|
| // Call generate key with invalid algorithm parameter, missing
|
| // modulusLength.
|
| function algorithmParameterMissingModulusLength() {
|
| @@ -525,12 +613,13 @@ function runTests(userToken) {
|
| }));
|
| },
|
|
|
| - // Imports a certificate for which now private key was imported/generated
|
| + // Imports a certificate for which no private key was imported/generated
|
| // before.
|
| function missingPrivateKey() {
|
| chrome.enterprise.platformKeys.importCertificate(
|
| userToken.id, cert2.buffer, callbackFail('Key not found.'));
|
| },
|
| +
|
| function importInvalidCert() {
|
| var invalidCert = new ArrayBuffer(16);
|
| chrome.enterprise.platformKeys.importCertificate(
|
| @@ -538,12 +627,14 @@ function runTests(userToken) {
|
| invalidCert,
|
| callbackFail('Certificate is not a valid X.509 certificate.'));
|
| },
|
| +
|
| function removeUnknownCert() {
|
| chrome.enterprise.platformKeys.removeCertificate(
|
| userToken.id,
|
| cert2.buffer,
|
| callbackFail('Certificate could not be found.'));
|
| },
|
| +
|
| function removeInvalidCert() {
|
| var invalidCert = new ArrayBuffer(16);
|
| chrome.enterprise.platformKeys.removeCertificate(
|
| @@ -551,6 +642,7 @@ function runTests(userToken) {
|
| invalidCert,
|
| callbackFail('Certificate is not a valid X.509 certificate.'));
|
| },
|
| +
|
| function getCertsInvalidToken() {
|
| chrome.enterprise.platformKeys.getCertificates(
|
| 'invalid token id', callbackFail('The token is not valid.'));
|
|
|
Chromium Code Reviews
Issue 430563002:
Enable system token in platformKeys api. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src