OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/cert_loader.h" | 5 #include "chromeos/cert_loader.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/files/file_util.h" | 8 #include "base/files/file_util.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "base/message_loop/message_loop.h" | 10 #include "base/message_loop/message_loop.h" |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
142 ASSERT_TRUE(imported_certs); | 142 ASSERT_TRUE(imported_certs); |
143 | 143 |
144 std::string pkcs12_data; | 144 std::string pkcs12_data; |
145 base::FilePath pkcs12_file_path = | 145 base::FilePath pkcs12_file_path = |
146 net::GetTestCertsDirectory().Append(pkcs12_file); | 146 net::GetTestCertsDirectory().Append(pkcs12_file); |
147 ASSERT_TRUE(base::ReadFileToString(pkcs12_file_path, &pkcs12_data)); | 147 ASSERT_TRUE(base::ReadFileToString(pkcs12_file_path, &pkcs12_data)); |
148 | 148 |
149 net::CertificateList client_cert_list; | 149 net::CertificateList client_cert_list; |
150 scoped_refptr<net::CryptoModule> module(net::CryptoModule::CreateFromHandle( | 150 scoped_refptr<net::CryptoModule> module(net::CryptoModule::CreateFromHandle( |
151 database->GetPrivateSlot().get())); | 151 database->GetPrivateSlot().get())); |
152 ASSERT_EQ( | 152 ASSERT_EQ(net::OK, |
153 net::OK, | 153 database->ImportFromPKCS12(module.get(), |
154 database->ImportFromPKCS12(module, pkcs12_data, base::string16(), false, | 154 pkcs12_data, |
155 imported_certs)); | 155 base::string16(), |
| 156 false, |
| 157 imported_certs)); |
156 ASSERT_EQ(1U, imported_certs->size()); | 158 ASSERT_EQ(1U, imported_certs->size()); |
157 } | 159 } |
158 | 160 |
159 CertLoader* cert_loader_; | 161 CertLoader* cert_loader_; |
160 | 162 |
161 // The user is primary as the one whose certificates CertLoader handles, it | 163 // The user is primary as the one whose certificates CertLoader handles, it |
162 // has nothing to do with crypto::InitializeNSSForChromeOSUser is_primary_user | 164 // has nothing to do with crypto::InitializeNSSForChromeOSUser is_primary_user |
163 // parameter (which is irrelevant for these tests). | 165 // parameter (which is irrelevant for these tests). |
164 crypto::ScopedTestNSSChromeOSUser primary_user_; | 166 crypto::ScopedTestNSSChromeOSUser primary_user_; |
165 scoped_ptr<net::NSSCertDatabaseChromeOS> primary_db_; | 167 scoped_ptr<net::NSSCertDatabaseChromeOS> primary_db_; |
(...skipping 29 matching lines...) Expand all Loading... |
195 } | 197 } |
196 | 198 |
197 TEST_F(CertLoaderTest, CertLoaderUpdatesCertListOnNewCert) { | 199 TEST_F(CertLoaderTest, CertLoaderUpdatesCertListOnNewCert) { |
198 StartCertLoaderWithPrimaryUser(); | 200 StartCertLoaderWithPrimaryUser(); |
199 | 201 |
200 net::CertificateList certs; | 202 net::CertificateList certs; |
201 ImportCACert("root_ca_cert.pem", primary_db_.get(), &certs); | 203 ImportCACert("root_ca_cert.pem", primary_db_.get(), &certs); |
202 | 204 |
203 // Certs are loaded asynchronously, so the new cert should not yet be in the | 205 // Certs are loaded asynchronously, so the new cert should not yet be in the |
204 // cert list. | 206 // cert list. |
205 EXPECT_FALSE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 207 EXPECT_FALSE( |
| 208 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
206 | 209 |
207 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 210 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
208 base::RunLoop().RunUntilIdle(); | 211 base::RunLoop().RunUntilIdle(); |
209 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 212 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
210 | 213 |
211 // The certificate list should be updated now, as the message loop's been run. | 214 // The certificate list should be updated now, as the message loop's been run. |
212 EXPECT_TRUE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 215 EXPECT_TRUE( |
| 216 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
213 } | 217 } |
214 | 218 |
215 TEST_F(CertLoaderTest, CertLoaderNoUpdateOnSecondaryDbChanges) { | 219 TEST_F(CertLoaderTest, CertLoaderNoUpdateOnSecondaryDbChanges) { |
216 crypto::ScopedTestNSSChromeOSUser secondary_user("secondary"); | 220 crypto::ScopedTestNSSChromeOSUser secondary_user("secondary"); |
217 scoped_ptr<net::NSSCertDatabaseChromeOS> secondary_db; | 221 scoped_ptr<net::NSSCertDatabaseChromeOS> secondary_db; |
218 | 222 |
219 StartCertLoaderWithPrimaryUser(); | 223 StartCertLoaderWithPrimaryUser(); |
220 FinishUserInitAndGetDatabase(&secondary_user, &secondary_db); | 224 FinishUserInitAndGetDatabase(&secondary_user, &secondary_db); |
221 | 225 |
222 net::CertificateList certs; | 226 net::CertificateList certs; |
223 ImportCACert("root_ca_cert.pem", secondary_db.get(), &certs); | 227 ImportCACert("root_ca_cert.pem", secondary_db.get(), &certs); |
224 | 228 |
225 base::RunLoop().RunUntilIdle(); | 229 base::RunLoop().RunUntilIdle(); |
226 | 230 |
227 EXPECT_FALSE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 231 EXPECT_FALSE( |
| 232 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
228 } | 233 } |
229 | 234 |
230 TEST_F(CertLoaderTest, ClientLoaderUpdateOnNewClientCert) { | 235 TEST_F(CertLoaderTest, ClientLoaderUpdateOnNewClientCert) { |
231 StartCertLoaderWithPrimaryUser(); | 236 StartCertLoaderWithPrimaryUser(); |
232 | 237 |
233 net::CertificateList certs; | 238 net::CertificateList certs; |
234 ImportClientCertAndKey("websocket_client_cert.p12", | 239 ImportClientCertAndKey("websocket_client_cert.p12", |
235 primary_db_.get(), | 240 primary_db_.get(), |
236 &certs); | 241 &certs); |
237 | 242 |
238 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 243 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
239 base::RunLoop().RunUntilIdle(); | 244 base::RunLoop().RunUntilIdle(); |
240 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 245 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
241 | 246 |
242 EXPECT_TRUE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 247 EXPECT_TRUE( |
| 248 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
243 } | 249 } |
244 | 250 |
245 TEST_F(CertLoaderTest, CertLoaderNoUpdateOnNewClientCertInSecondaryDb) { | 251 TEST_F(CertLoaderTest, CertLoaderNoUpdateOnNewClientCertInSecondaryDb) { |
246 crypto::ScopedTestNSSChromeOSUser secondary_user("secondary"); | 252 crypto::ScopedTestNSSChromeOSUser secondary_user("secondary"); |
247 scoped_ptr<net::NSSCertDatabaseChromeOS> secondary_db; | 253 scoped_ptr<net::NSSCertDatabaseChromeOS> secondary_db; |
248 | 254 |
249 StartCertLoaderWithPrimaryUser(); | 255 StartCertLoaderWithPrimaryUser(); |
250 FinishUserInitAndGetDatabase(&secondary_user, &secondary_db); | 256 FinishUserInitAndGetDatabase(&secondary_user, &secondary_db); |
251 | 257 |
252 net::CertificateList certs; | 258 net::CertificateList certs; |
253 ImportClientCertAndKey("websocket_client_cert.p12", | 259 ImportClientCertAndKey("websocket_client_cert.p12", |
254 secondary_db.get(), | 260 secondary_db.get(), |
255 &certs); | 261 &certs); |
256 | 262 |
257 base::RunLoop().RunUntilIdle(); | 263 base::RunLoop().RunUntilIdle(); |
258 | 264 |
259 EXPECT_FALSE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 265 EXPECT_FALSE( |
| 266 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
260 } | 267 } |
261 | 268 |
262 TEST_F(CertLoaderTest, UpdatedOnCertRemoval) { | 269 TEST_F(CertLoaderTest, UpdatedOnCertRemoval) { |
263 StartCertLoaderWithPrimaryUser(); | 270 StartCertLoaderWithPrimaryUser(); |
264 | 271 |
265 net::CertificateList certs; | 272 net::CertificateList certs; |
266 ImportClientCertAndKey("websocket_client_cert.p12", | 273 ImportClientCertAndKey("websocket_client_cert.p12", |
267 primary_db_.get(), | 274 primary_db_.get(), |
268 &certs); | 275 &certs); |
269 | 276 |
270 base::RunLoop().RunUntilIdle(); | 277 base::RunLoop().RunUntilIdle(); |
271 | 278 |
272 ASSERT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 279 ASSERT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
273 ASSERT_TRUE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 280 ASSERT_TRUE( |
| 281 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
274 | 282 |
275 primary_db_->DeleteCertAndKey(certs[0]); | 283 primary_db_->DeleteCertAndKey(certs[0].get()); |
276 | 284 |
277 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 285 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
278 base::RunLoop().RunUntilIdle(); | 286 base::RunLoop().RunUntilIdle(); |
279 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 287 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
280 | 288 |
281 ASSERT_FALSE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 289 ASSERT_FALSE( |
| 290 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
282 } | 291 } |
283 | 292 |
284 TEST_F(CertLoaderTest, UpdatedOnCACertTrustChange) { | 293 TEST_F(CertLoaderTest, UpdatedOnCACertTrustChange) { |
285 StartCertLoaderWithPrimaryUser(); | 294 StartCertLoaderWithPrimaryUser(); |
286 | 295 |
287 net::CertificateList certs; | 296 net::CertificateList certs; |
288 ImportCACert("root_ca_cert.pem", primary_db_.get(), &certs); | 297 ImportCACert("root_ca_cert.pem", primary_db_.get(), &certs); |
289 | 298 |
290 base::RunLoop().RunUntilIdle(); | 299 base::RunLoop().RunUntilIdle(); |
291 ASSERT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 300 ASSERT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
292 ASSERT_TRUE(IsCertInCertificateList(certs[0], cert_loader_->cert_list())); | 301 ASSERT_TRUE( |
| 302 IsCertInCertificateList(certs[0].get(), cert_loader_->cert_list())); |
293 | 303 |
294 // The value that should have been set by |ImportCACert|. | 304 // The value that should have been set by |ImportCACert|. |
295 ASSERT_EQ(net::NSSCertDatabase::TRUST_DEFAULT, | 305 ASSERT_EQ(net::NSSCertDatabase::TRUST_DEFAULT, |
296 primary_db_->GetCertTrust(certs[0], net::CA_CERT)); | 306 primary_db_->GetCertTrust(certs[0].get(), net::CA_CERT)); |
297 ASSERT_TRUE(primary_db_->SetCertTrust( | 307 ASSERT_TRUE(primary_db_->SetCertTrust( |
298 certs[0], net::CA_CERT, net::NSSCertDatabase::TRUSTED_SSL)); | 308 certs[0].get(), net::CA_CERT, net::NSSCertDatabase::TRUSTED_SSL)); |
299 | 309 |
300 // Cert trust change should trigger certificate reload in cert_loader_. | 310 // Cert trust change should trigger certificate reload in cert_loader_. |
301 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); | 311 ASSERT_EQ(0U, GetAndResetCertificatesLoadedEventsCount()); |
302 base::RunLoop().RunUntilIdle(); | 312 base::RunLoop().RunUntilIdle(); |
303 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); | 313 EXPECT_EQ(1U, GetAndResetCertificatesLoadedEventsCount()); |
304 } | 314 } |
305 | 315 |
306 } // namespace | 316 } // namespace |
307 } // namespace chromeos | 317 } // namespace chromeos |
OLD | NEW |