Make ONCCertificateImporter async.

chromeos/network/onc/onc_certificate_importer_impl_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
 
 #include <cert.h>
 #include <certdb.h>
 #include <keyhi.h>
 #include <pk11pub.h>
 #include <string>
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
+#include "base/test/test_simple_task_runner.h"
+#include "base/thread_task_runner_handle.h"
 #include "base/values.h"
 #include "chromeos/network/onc/onc_test_utils.h"
 #include "components/onc/onc_constants.h"
-#include "crypto/nss_util_internal.h"
-#include "crypto/scoped_test_nss_chromeos_user.h"
+#include "crypto/scoped_test_nss_db.h"
 #include "net/base/crypto_module.h"
 #include "net/cert/cert_type.h"
 #include "net/cert/nss_cert_database_chromeos.h"
 #include "net/cert/x509_certificate.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace chromeos {
 namespace onc {
 
 namespace {
@@ skipping 25 matching lines @@
 net::CertType GetCertType(net::X509Certificate::OSCertHandle cert) {
   NOTIMPLEMENTED();
   return net::OTHER_CERT;
 }
 #endif  // USE_NSS
 
 }  // namespace
 
 class ONCCertificateImporterImplTest : public testing::Test {
  public:
-  ONCCertificateImporterImplTest() : user_("username_hash"),
-                                     private_user_("private_user_hash") {}
+  ONCCertificateImporterImplTest() {}
+  virtual ~ONCCertificateImporterImplTest() {}
 
-  virtual void SetUp() {
-    ASSERT_TRUE(user_.constructed_successfully());
-    ASSERT_TRUE(private_user_.constructed_successfully());
+  virtual void SetUp() OVERRIDE {
+    ASSERT_TRUE(public_nssdb_.is_open());
+    ASSERT_TRUE(private_nssdb_.is_open());
 
-    // By default test user will have the same public and private slot.
-    // Unfortunatelly, ONC importer should care about which slot certificates
-    // get imported to. To work around this, we create another NSS user whose
-    // public slot will act as the private slot.
-    // TODO(tbarzic): See if there's a better way to achieve this.
+    task_runner_ = new base::TestSimpleTaskRunner();
+    thread_task_runner_handle_.reset(
+        new base::ThreadTaskRunnerHandle(task_runner_));
+
     test_nssdb_.reset(new net::NSSCertDatabaseChromeOS(
-        crypto::GetPublicSlotForChromeOSUser(user_.username_hash()),
-        crypto::GetPublicSlotForChromeOSUser(private_user_.username_hash())));
+        crypto::ScopedPK11Slot(public_nssdb_.slot()),
+        crypto::ScopedPK11Slot(private_nssdb_.slot())));
 
     // Test db should be empty at start of test.
     EXPECT_TRUE(ListCertsInPublicSlot().empty());
     EXPECT_TRUE(ListCertsInPrivateSlot().empty());
   }
 
-  virtual ~ONCCertificateImporterImplTest() {}
+  virtual void TearDown() OVERRIDE {
+    thread_task_runner_handle_.reset();
+    task_runner_ = NULL;
+  }
 
  protected:
+  void OnImportCompleted(bool expected_success,
+                         bool success,
+                         const net::CertificateList& onc_trusted_certificates) {
+    EXPECT_EQ(expected_success, success);
+    web_trust_certificates_ = onc_trusted_certificates;
+  }
+
   void AddCertificatesFromFile(std::string filename, bool expected_success) {
     scoped_ptr<base::DictionaryValue> onc =
         test_utils::ReadTestDictionary(filename);
     scoped_ptr<base::Value> certificates_value;
     base::ListValue* certificates = NULL;
     onc->RemoveWithoutPathExpansion(::onc::toplevel_config::kCertificates,
                                     &certificates_value);
     certificates_value.release()->GetAsList(&certificates);
     onc_certificates_.reset(certificates);
 
     web_trust_certificates_.clear();
-    imported_server_and_ca_certs_.clear();
-    CertificateImporterImpl importer(test_nssdb_.get());
-    EXPECT_EQ(
-        expected_success,
-        importer.ParseAndStoreCertificates(true,  // allow web trust
-                                           *certificates,
-                                           &web_trust_certificates_,
-                                           &imported_server_and_ca_certs_));
+    CertificateImporterImpl importer(task_runner_, test_nssdb_.get());
+    importer.ImportCertificates(
+        *certificates,
+        ::onc::ONC_SOURCE_USER_IMPORT,  // allow web trust
+        base::Bind(&ONCCertificateImporterImplTest::OnImportCompleted,
+                   base::Unretained(this),
+                   expected_success));
+
+    task_runner_->RunUntilIdle();
 
     public_list_ = ListCertsInPublicSlot();
     private_list_ = ListCertsInPrivateSlot();
   }
 
   void AddCertificateFromFile(std::string filename,
                               net::CertType expected_type,
                               std::string* guid) {
     std::string guid_temporary;
     if (!guid)
       guid = &guid_temporary;
 
     AddCertificatesFromFile(filename, true);
-    ASSERT_EQ(1ul, public_list_.size() + private_list_.size());
-    if (!public_list_.empty())
+
+    if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) {
+      ASSERT_EQ(1u, public_list_.size());
       EXPECT_EQ(expected_type, GetCertType(public_list_[0]->os_cert_handle()));
-    if (!private_list_.empty())
+      EXPECT_TRUE(private_list_.empty());
+    } else {  // net::USER_CERT
+      EXPECT_TRUE(public_list_.empty());
+      ASSERT_EQ(1u, private_list_.size());
       EXPECT_EQ(expected_type, GetCertType(private_list_[0]->os_cert_handle()));
+    }
 
     base::DictionaryValue* certificate = NULL;
     onc_certificates_->GetDictionary(0, &certificate);
     certificate->GetStringWithoutPathExpansion(::onc::certificate::kGUID, guid);
-
-    if (expected_type == net::SERVER_CERT || expected_type == net::CA_CERT) {
-      EXPECT_EQ(1u, imported_server_and_ca_certs_.size());
-      EXPECT_TRUE(
-          imported_server_and_ca_certs_[*guid]->Equals(public_list_[0].get()));
-    } else {  // net::USER_CERT
-      EXPECT_TRUE(imported_server_and_ca_certs_.empty());
-    }
   }
 
+  // Certificates and the NSSCertDatabase depend on these test DBs. Destroy them
+  // last.
+  crypto::ScopedTestNSSDB public_nssdb_;
+  crypto::ScopedTestNSSDB private_nssdb_;
+
+  scoped_refptr<base::TestSimpleTaskRunner> task_runner_;
+  scoped_ptr<base::ThreadTaskRunnerHandle> thread_task_runner_handle_;
   scoped_ptr<net::NSSCertDatabaseChromeOS> test_nssdb_;
   scoped_ptr<base::ListValue> onc_certificates_;
   // List of certs in the nssdb's public slot.
   net::CertificateList public_list_;
   // List of certs in the nssdb's "private" slot.
   net::CertificateList private_list_;
   net::CertificateList web_trust_certificates_;
-  CertificateImporterImpl::CertsByGUID imported_server_and_ca_certs_;
 
  private:
   net::CertificateList ListCertsInPublicSlot() {
-    return ListCertsInSlot(test_nssdb_->GetPublicSlot().get());
+    return ListCertsInSlot(public_nssdb_.slot());
   }
 
   net::CertificateList ListCertsInPrivateSlot() {
-    return ListCertsInSlot(test_nssdb_->GetPrivateSlot().get());
+    return ListCertsInSlot(private_nssdb_.slot());
   }
 
   net::CertificateList ListCertsInSlot(PK11SlotInfo* slot) {
     net::CertificateList result;
     CERTCertList* cert_list = PK11_ListCertsInSlot(slot);
     for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
          !CERT_LIST_END(node, cert_list);
          node = CERT_LIST_NEXT(node)) {
       result.push_back(net::X509Certificate::CreateFromHandle(
           node->cert, net::X509Certificate::OSCertHandles()));
     }
     CERT_DestroyCertList(cert_list);
 
     // Sort the result so that test comparisons can be deterministic.
     std::sort(result.begin(), result.end(), net::X509Certificate::LessThan());
     return result;
   }
-
-  crypto::ScopedTestNSSChromeOSUser user_;
-  crypto::ScopedTestNSSChromeOSUser private_user_;
 };
 
 TEST_F(ONCCertificateImporterImplTest, MultipleCertificates) {
   AddCertificatesFromFile("managed_toplevel2.onc", true);
   EXPECT_EQ(onc_certificates_->GetSize(), public_list_.size());
   EXPECT_TRUE(private_list_.empty());
-  EXPECT_EQ(2ul, imported_server_and_ca_certs_.size());
+  EXPECT_EQ(2ul, public_list_.size());
 }
 
 TEST_F(ONCCertificateImporterImplTest, MultipleCertificatesWithFailures) {
   AddCertificatesFromFile("toplevel_partially_invalid.onc", false);
   EXPECT_EQ(3ul, onc_certificates_->GetSize());
   EXPECT_EQ(1ul, private_list_.size());
   EXPECT_TRUE(public_list_.empty());
-  EXPECT_TRUE(imported_server_and_ca_certs_.empty());
 }
 
 TEST_F(ONCCertificateImporterImplTest, AddClientCertificate) {
   std::string guid;
   AddCertificateFromFile("certificate-client.onc", net::USER_CERT, &guid);
   EXPECT_TRUE(web_trust_certificates_.empty());
   EXPECT_EQ(1ul, private_list_.size());
   EXPECT_TRUE(public_list_.empty());
 
   SECKEYPrivateKeyList* privkey_list =
-      PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL);
+      PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL);
   EXPECT_TRUE(privkey_list);
   if (privkey_list) {
     SECKEYPrivateKeyListNode* node = PRIVKEY_LIST_HEAD(privkey_list);
     int count = 0;
     while (!PRIVKEY_LIST_END(node, privkey_list)) {
       char* name = PK11_GetPrivateKeyNickname(node->key);
       EXPECT_STREQ(guid.c_str(), name);
       PORT_Free(name);
       count++;
       node = PRIVKEY_LIST_NEXT(node);
     }
     EXPECT_EQ(1, count);
     SECKEY_DestroyPrivateKeyList(privkey_list);
   }
 
   SECKEYPublicKeyList* pubkey_list =
-      PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL);
+      PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL);
   EXPECT_TRUE(pubkey_list);
   if (pubkey_list) {
     SECKEYPublicKeyListNode* node = PUBKEY_LIST_HEAD(pubkey_list);
     int count = 0;
     while (!PUBKEY_LIST_END(node, pubkey_list)) {
       count++;
       node = PUBKEY_LIST_NEXT(node);
     }
     EXPECT_EQ(1, count);
     SECKEY_DestroyPublicKeyList(pubkey_list);
   }
 }
 
 TEST_F(ONCCertificateImporterImplTest, AddServerCertificateWithWebTrust) {
   AddCertificateFromFile("certificate-server.onc", net::SERVER_CERT, NULL);
 
   SECKEYPrivateKeyList* privkey_list =
-      PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL);
+      PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL);
   EXPECT_FALSE(privkey_list);
 
   SECKEYPublicKeyList* pubkey_list =
-      PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL);
+      PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL);
   EXPECT_FALSE(pubkey_list);
 
   ASSERT_EQ(1u, web_trust_certificates_.size());
   ASSERT_EQ(1u, public_list_.size());
   EXPECT_TRUE(private_list_.empty());
   EXPECT_TRUE(CERT_CompareCerts(public_list_[0]->os_cert_handle(),
                                 web_trust_certificates_[0]->os_cert_handle()));
 }
 
 TEST_F(ONCCertificateImporterImplTest, AddWebAuthorityCertificateWithWebTrust) {
   AddCertificateFromFile("certificate-web-authority.onc", net::CA_CERT, NULL);
 
   SECKEYPrivateKeyList* privkey_list =
-      PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL);
+      PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL);
   EXPECT_FALSE(privkey_list);
 
   SECKEYPublicKeyList* pubkey_list =
-      PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL);
+      PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL);
   EXPECT_FALSE(pubkey_list);
 
   ASSERT_EQ(1u, web_trust_certificates_.size());
   ASSERT_EQ(1u, public_list_.size());
   EXPECT_TRUE(private_list_.empty());
   EXPECT_TRUE(CERT_CompareCerts(public_list_[0]->os_cert_handle(),
                                 web_trust_certificates_[0]->os_cert_handle()));
 }
 
 TEST_F(ONCCertificateImporterImplTest, AddAuthorityCertificateWithoutWebTrust) {
   AddCertificateFromFile("certificate-authority.onc", net::CA_CERT, NULL);
   EXPECT_TRUE(web_trust_certificates_.empty());
 
   SECKEYPrivateKeyList* privkey_list =
-      PK11_ListPrivKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL, NULL);
+      PK11_ListPrivKeysInSlot(private_nssdb_.slot(), NULL, NULL);
   EXPECT_FALSE(privkey_list);
 
   SECKEYPublicKeyList* pubkey_list =
-      PK11_ListPublicKeysInSlot(test_nssdb_->GetPrivateSlot().get(), NULL);
+      PK11_ListPublicKeysInSlot(private_nssdb_.slot(), NULL);
   EXPECT_FALSE(pubkey_list);
 }
 
 struct CertParam {
   CertParam(net::CertType certificate_type,
             const char* original_filename,
             const char* update_filename)
       : cert_type(certificate_type),
         original_file(original_filename),
         update_file(update_filename) {}
@@ skipping 42 matching lines @@
                   "certificate-client-update.onc"),
         CertParam(net::SERVER_CERT,
                   "certificate-server.onc",
                   "certificate-server-update.onc"),
         CertParam(net::CA_CERT,
                   "certificate-web-authority.onc",
                   "certificate-web-authority-update.onc")));
 
 }  // namespace onc
 }  // namespace chromeos