| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/client_cert_store_chromeos.h" | 5 #include "net/ssl/client_cert_store_chromeos.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback.h" | 10 #include "base/callback.h" |
| (...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 170 ASSERT_TRUE(user.constructed_successfully()); | 170 ASSERT_TRUE(user.constructed_successfully()); |
| 171 | 171 |
| 172 crypto::ScopedTestSystemNSSKeySlot system_slot; | 172 crypto::ScopedTestSystemNSSKeySlot system_slot; |
| 173 | 173 |
| 174 ClientCertStoreChromeOS store( | 174 ClientCertStoreChromeOS store( |
| 175 true /* use system slot */, | 175 true /* use system slot */, |
| 176 user.username_hash(), | 176 user.username_hash(), |
| 177 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 177 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 178 scoped_refptr<X509Certificate> cert_1( | 178 scoped_refptr<X509Certificate> cert_1( |
| 179 ImportCertForUser(user.username_hash(), "client_1.pem", "client_1.pk8")); | 179 ImportCertForUser(user.username_hash(), "client_1.pem", "client_1.pk8")); |
| 180 ASSERT_TRUE(cert_1); | 180 ASSERT_TRUE(cert_1.get()); |
| 181 | 181 |
| 182 // Request any client certificate, which is expected to match client_1. | 182 // Request any client certificate, which is expected to match client_1. |
| 183 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); | 183 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); |
| 184 | 184 |
| 185 base::RunLoop run_loop; | 185 base::RunLoop run_loop; |
| 186 store.GetClientCerts( | 186 store.GetClientCerts( |
| 187 *request_all, &request_all->client_certs, run_loop.QuitClosure()); | 187 *request_all, &request_all->client_certs, run_loop.QuitClosure()); |
| 188 | 188 |
| 189 { | 189 { |
| 190 base::RunLoop run_loop_inner; | 190 base::RunLoop run_loop_inner; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 210 user.FinishInit(); | 210 user.FinishInit(); |
| 211 | 211 |
| 212 crypto::ScopedTestSystemNSSKeySlot system_slot; | 212 crypto::ScopedTestSystemNSSKeySlot system_slot; |
| 213 | 213 |
| 214 ClientCertStoreChromeOS store( | 214 ClientCertStoreChromeOS store( |
| 215 true /* use system slot */, | 215 true /* use system slot */, |
| 216 user.username_hash(), | 216 user.username_hash(), |
| 217 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 217 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 218 scoped_refptr<X509Certificate> cert_1( | 218 scoped_refptr<X509Certificate> cert_1( |
| 219 ImportCertForUser(user.username_hash(), "client_1.pem", "client_1.pk8")); | 219 ImportCertForUser(user.username_hash(), "client_1.pem", "client_1.pk8")); |
| 220 ASSERT_TRUE(cert_1); | 220 ASSERT_TRUE(cert_1.get()); |
| 221 | 221 |
| 222 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); | 222 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); |
| 223 | 223 |
| 224 base::RunLoop run_loop; | 224 base::RunLoop run_loop; |
| 225 store.GetClientCerts( | 225 store.GetClientCerts( |
| 226 *request_all, &request_all->client_certs, run_loop.QuitClosure()); | 226 *request_all, &request_all->client_certs, run_loop.QuitClosure()); |
| 227 run_loop.Run(); | 227 run_loop.Run(); |
| 228 | 228 |
| 229 ASSERT_EQ(1u, request_all->client_certs.size()); | 229 ASSERT_EQ(1u, request_all->client_certs.size()); |
| 230 } | 230 } |
| (...skipping 16 matching lines...) Expand all Loading... |
| 247 true /* use system slot */, | 247 true /* use system slot */, |
| 248 user1.username_hash(), | 248 user1.username_hash(), |
| 249 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 249 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 250 ClientCertStoreChromeOS store2( | 250 ClientCertStoreChromeOS store2( |
| 251 true /* use system slot */, | 251 true /* use system slot */, |
| 252 user2.username_hash(), | 252 user2.username_hash(), |
| 253 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 253 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 254 | 254 |
| 255 scoped_refptr<X509Certificate> cert_1( | 255 scoped_refptr<X509Certificate> cert_1( |
| 256 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8")); | 256 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8")); |
| 257 ASSERT_TRUE(cert_1); | 257 ASSERT_TRUE(cert_1.get()); |
| 258 scoped_refptr<X509Certificate> cert_2( | 258 scoped_refptr<X509Certificate> cert_2( |
| 259 ImportCertForUser(user2.username_hash(), "client_2.pem", "client_2.pk8")); | 259 ImportCertForUser(user2.username_hash(), "client_2.pem", "client_2.pk8")); |
| 260 ASSERT_TRUE(cert_2); | 260 ASSERT_TRUE(cert_2.get()); |
| 261 | 261 |
| 262 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); | 262 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); |
| 263 | 263 |
| 264 base::RunLoop run_loop_1; | 264 base::RunLoop run_loop_1; |
| 265 base::RunLoop run_loop_2; | 265 base::RunLoop run_loop_2; |
| 266 | 266 |
| 267 CertificateList selected_certs1, selected_certs2; | 267 CertificateList selected_certs1, selected_certs2; |
| 268 store1.GetClientCerts( | 268 store1.GetClientCerts( |
| 269 *request_all, &selected_certs1, run_loop_1.QuitClosure()); | 269 *request_all, &selected_certs1, run_loop_1.QuitClosure()); |
| 270 store2.GetClientCerts( | 270 store2.GetClientCerts( |
| 271 *request_all, &selected_certs2, run_loop_2.QuitClosure()); | 271 *request_all, &selected_certs2, run_loop_2.QuitClosure()); |
| 272 | 272 |
| 273 run_loop_1.Run(); | 273 run_loop_1.Run(); |
| 274 run_loop_2.Run(); | 274 run_loop_2.Run(); |
| 275 | 275 |
| 276 // store1 should only return certs of user1, namely cert_1. | 276 // store1 should only return certs of user1, namely cert_1. |
| 277 ASSERT_EQ(1u, selected_certs1.size()); | 277 ASSERT_EQ(1u, selected_certs1.size()); |
| 278 EXPECT_TRUE(cert_1->Equals(selected_certs1[0])); | 278 EXPECT_TRUE(cert_1->Equals(selected_certs1[0].get())); |
| 279 | 279 |
| 280 // store2 should only return certs of user2, namely cert_2. | 280 // store2 should only return certs of user2, namely cert_2. |
| 281 ASSERT_EQ(1u, selected_certs2.size()); | 281 ASSERT_EQ(1u, selected_certs2.size()); |
| 282 EXPECT_TRUE(cert_2->Equals(selected_certs2[0])); | 282 EXPECT_TRUE(cert_2->Equals(selected_certs2[0].get())); |
| 283 } | 283 } |
| 284 | 284 |
| 285 // This verifies that a request in the context of User1 doesn't see certificates | 285 // This verifies that a request in the context of User1 doesn't see certificates |
| 286 // of the system store if the system store is disabled. | 286 // of the system store if the system store is disabled. |
| 287 TEST_F(ClientCertStoreChromeOSTest, RequestDoesCrossReadSystemDB) { | 287 TEST_F(ClientCertStoreChromeOSTest, RequestDoesCrossReadSystemDB) { |
| 288 crypto::ScopedTestNSSChromeOSUser user1("scopeduser1"); | 288 crypto::ScopedTestNSSChromeOSUser user1("scopeduser1"); |
| 289 ASSERT_TRUE(user1.constructed_successfully()); | 289 ASSERT_TRUE(user1.constructed_successfully()); |
| 290 | 290 |
| 291 user1.FinishInit(); | 291 user1.FinishInit(); |
| 292 | 292 |
| 293 crypto::ScopedTestSystemNSSKeySlot system_slot; | 293 crypto::ScopedTestSystemNSSKeySlot system_slot; |
| 294 | 294 |
| 295 ClientCertStoreChromeOS store( | 295 ClientCertStoreChromeOS store( |
| 296 false /* do not use system slot */, | 296 false /* do not use system slot */, |
| 297 user1.username_hash(), | 297 user1.username_hash(), |
| 298 ClientCertStoreChromeOS::PasswordDelegateFactory()); | 298 ClientCertStoreChromeOS::PasswordDelegateFactory()); |
| 299 | 299 |
| 300 scoped_refptr<X509Certificate> cert_1( | 300 scoped_refptr<X509Certificate> cert_1( |
| 301 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8")); | 301 ImportCertForUser(user1.username_hash(), "client_1.pem", "client_1.pk8")); |
| 302 ASSERT_TRUE(cert_1); | 302 ASSERT_TRUE(cert_1.get()); |
| 303 scoped_refptr<X509Certificate> cert_2( | 303 scoped_refptr<X509Certificate> cert_2( |
| 304 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), | 304 ImportClientCertAndKeyFromFile(GetTestCertsDirectory(), |
| 305 "client_2.pem", | 305 "client_2.pem", |
| 306 "client_2.pk8", | 306 "client_2.pk8", |
| 307 system_slot.slot())); | 307 system_slot.slot())); |
| 308 ASSERT_TRUE(cert_2); | 308 ASSERT_TRUE(cert_2.get()); |
| 309 | 309 |
| 310 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); | 310 scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo()); |
| 311 | 311 |
| 312 base::RunLoop run_loop; | 312 base::RunLoop run_loop; |
| 313 | 313 |
| 314 CertificateList selected_certs; | 314 CertificateList selected_certs; |
| 315 store.GetClientCerts(*request_all, &selected_certs, run_loop.QuitClosure()); | 315 store.GetClientCerts(*request_all, &selected_certs, run_loop.QuitClosure()); |
| 316 | 316 |
| 317 run_loop.Run(); | 317 run_loop.Run(); |
| 318 | 318 |
| 319 // store should only return certs of the user, namely cert_1. | 319 // store should only return certs of the user, namely cert_1. |
| 320 ASSERT_EQ(1u, selected_certs.size()); | 320 ASSERT_EQ(1u, selected_certs.size()); |
| 321 EXPECT_TRUE(cert_1->Equals(selected_certs[0])); | 321 EXPECT_TRUE(cert_1->Equals(selected_certs[0].get())); |
| 322 } | 322 } |
| 323 | 323 |
| 324 } // namespace net | 324 } // namespace net |
| OLD | NEW |