Reduce runtime of client_cert_resolver_unittest

chromeos/network/client_cert_resolver_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "chromeos/network/client_cert_resolver.h"
 
 #include <cert.h>
 #include <pk11pub.h>
 
 #include "base/files/file_path.h"
 #include "base/files/file_util.h"
 #include "base/json/json_reader.h"
 #include "base/run_loop.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chromeos/cert_loader.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/shill_manager_client.h"
 #include "chromeos/dbus/shill_profile_client.h"
 #include "chromeos/dbus/shill_service_client.h"
 #include "chromeos/network/managed_network_configuration_handler_impl.h"
 #include "chromeos/network/network_configuration_handler.h"
 #include "chromeos/network/network_profile_handler.h"
 #include "chromeos/network/network_state_handler.h"
-#include "chromeos/tpm_token_loader.h"
 #include "components/onc/onc_constants.h"
 #include "crypto/nss_util_internal.h"
 #include "crypto/scoped_test_nss_chromeos_user.h"
-#include "net/base/crypto_module.h"
 #include "net/base/net_errors.h"
 #include "net/base/test_data_directory.h"
 #include "net/cert/nss_cert_database_chromeos.h"
 #include "net/cert/x509_certificate.h"
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
-// http://crbug.com/418369
-#ifdef NDEBUG
-
 namespace chromeos {
 
 namespace {
 
 const char* kWifiStub = "wifi_stub";
 const char* kWifiSSID = "wifi_ssid";
 const char* kUserProfilePath = "user_profile";
 const char* kUserHash = "user_hash";
 
 }  // namespace
@@ skipping 20 matching lines @@
         crypto::GetPrivateSlotForChromeOSUser(
             user_.username_hash(),
             base::Callback<void(crypto::ScopedPK11Slot)>())));
     test_nssdb_->SetSlowTaskRunnerForTest(message_loop_.message_loop_proxy());
 
     DBusThreadManager::Initialize();
     service_test_ =
         DBusThreadManager::Get()->GetShillServiceClient()->GetTestInterface();
     profile_test_ =
         DBusThreadManager::Get()->GetShillProfileClient()->GetTestInterface();
+    profile_test_->AddProfile(kUserProfilePath, kUserHash);
     base::RunLoop().RunUntilIdle();
     service_test_->ClearServices();
     base::RunLoop().RunUntilIdle();
 
-    TPMTokenLoader::InitializeForTest();
-
     CertLoader::Initialize();
     cert_loader_ = CertLoader::Get();
     cert_loader_->force_hardware_backed_for_test();
   }
 
   virtual void TearDown() override {
     client_cert_resolver_.reset();
     managed_config_handler_.reset();
     network_config_handler_.reset();
     network_profile_handler_.reset();
     network_state_handler_.reset();
     CertLoader::Shutdown();
-    TPMTokenLoader::Shutdown();
     DBusThreadManager::Shutdown();
-    CleanupSlotContents();
   }
 
  protected:
   void StartCertLoader() {
     cert_loader_->StartWithNSSDB(test_nssdb_.get());
     if (test_client_cert_.get()) {
       int slot_id = 0;
       const std::string pkcs11_id =
           CertLoader::GetPkcs11IdAndSlotForCert(*test_client_cert_, &slot_id);
       test_cert_id_ = base::StringPrintf("%i:%s", slot_id, pkcs11_id.c_str());
     }
   }
 
   // Imports a CA cert (stored as PEM in test_ca_cert_pem_) and a client
   // certificate signed by that CA. Its PKCS#11 ID is stored in
   // |test_cert_id_|.
   void SetupTestCerts() {
     // Import a CA cert.
     net::CertificateList ca_cert_list =
         net::CreateCertificateListFromFile(net::GetTestCertsDirectory(),
-                                           "websocket_cacert.pem",
+                                           "client_1_ca.pem",
                                            net::X509Certificate::FORMAT_AUTO);
     ASSERT_TRUE(!ca_cert_list.empty());
     net::NSSCertDatabase::ImportCertFailureList failures;
     EXPECT_TRUE(test_nssdb_->ImportCACerts(
         ca_cert_list, net::NSSCertDatabase::TRUST_DEFAULT, &failures));
     ASSERT_TRUE(failures.empty()) << net::ErrorToString(failures[0].net_error);
 
     net::X509Certificate::GetPEMEncoded(ca_cert_list[0]->os_cert_handle(),
                                         &test_ca_cert_pem_);
     ASSERT_TRUE(!test_ca_cert_pem_.empty());
 
     // Import a client cert signed by that CA.
-    std::string pkcs12_data;
-    ASSERT_TRUE(base::ReadFileToString(
-        net::GetTestCertsDirectory().Append("websocket_client_cert.p12"),
-        &pkcs12_data));
-
-    net::CertificateList client_cert_list;
-    scoped_refptr<net::CryptoModule> module(
-        net::CryptoModule::CreateFromHandle(private_slot_.get()));
-    ASSERT_EQ(net::OK,
-              test_nssdb_->ImportFromPKCS12(module.get(),
-                                            pkcs12_data,
-                                            base::string16(),
-                                            false,
-                                            &client_cert_list));
-    ASSERT_TRUE(!client_cert_list.empty());
-    test_client_cert_ = client_cert_list[0];
+    test_client_cert_ =
+        net::ImportClientCertAndKeyFromFile(net::GetTestCertsDirectory(),
+                                            "client_1.pem",
+                                            "client_1.pk8",
+                                            private_slot_.get());
+    ASSERT_TRUE(test_client_cert_.get());
   }
 
   void SetupNetworkHandlers() {
     network_state_handler_.reset(NetworkStateHandler::InitializeForTest());
     network_profile_handler_.reset(new NetworkProfileHandler());
     network_config_handler_.reset(new NetworkConfigurationHandler());
     managed_config_handler_.reset(new ManagedNetworkConfigurationHandlerImpl());
     client_cert_resolver_.reset(new ClientCertResolver());
 
     network_profile_handler_->Init();
     network_config_handler_->Init(network_state_handler_.get());
     managed_config_handler_->Init(network_state_handler_.get(),
                                   network_profile_handler_.get(),
                                   network_config_handler_.get(),
                                   NULL /* network_device_handler */);
+    // Run all notifications before starting the cert loader to reduce run time.
+    base::RunLoop().RunUntilIdle();
+
     client_cert_resolver_->Init(network_state_handler_.get(),
                                 managed_config_handler_.get());
     client_cert_resolver_->SetSlowTaskRunnerForTest(
         message_loop_.message_loop_proxy());
 
-    profile_test_->AddProfile(kUserProfilePath, kUserHash);
   }
 
   void SetupWifi() {
     service_test_->SetServiceProperties(kWifiStub,
                                         kWifiStub,
                                         kWifiSSID,
                                         shill::kTypeWifi,
                                         shill::kStateOnline,
                                         true /* visible */);
     // Set an arbitrary cert id, so that we can check afterwards whether we
@@ skipping 57 matching lines @@
   }
 
   ShillServiceClient::TestInterface* service_test_;
   ShillProfileClient::TestInterface* profile_test_;
   std::string test_cert_id_;
   scoped_refptr<net::X509Certificate> test_ca_cert_;
   std::string test_ca_cert_pem_;
   base::MessageLoop message_loop_;
 
  private:
-  void CleanupSlotContents() {
-    CERTCertList* cert_list = PK11_ListCertsInSlot(private_slot_.get());
-    for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
-         !CERT_LIST_END(node, cert_list);
-         node = CERT_LIST_NEXT(node)) {
-      scoped_refptr<net::X509Certificate> cert(
-          net::X509Certificate::CreateFromHandle(
-              node->cert, net::X509Certificate::OSCertHandles()));
-      test_nssdb_->DeleteCertAndKey(cert.get());
-    }
-    CERT_DestroyCertList(cert_list);
-  }
-
   CertLoader* cert_loader_;
   scoped_refptr<net::X509Certificate> test_client_cert_;
   scoped_ptr<NetworkStateHandler> network_state_handler_;
   scoped_ptr<NetworkProfileHandler> network_profile_handler_;
   scoped_ptr<NetworkConfigurationHandler> network_config_handler_;
   scoped_ptr<ManagedNetworkConfigurationHandlerImpl> managed_config_handler_;
   scoped_ptr<ClientCertResolver> client_cert_resolver_;
   crypto::ScopedTestNSSChromeOSUser user_;
   scoped_ptr<net::NSSCertDatabaseChromeOS> test_nssdb_;
   crypto::ScopedPK11Slot private_slot_;
 
   DISALLOW_COPY_AND_ASSIGN(ClientCertResolverTest);
 };
 
 TEST_F(ClientCertResolverTest, NoMatchingCertificates) {
+  StartCertLoader();
+  SetupWifi();
+  base::RunLoop().RunUntilIdle();
   SetupNetworkHandlers();
-  SetupWifi();
-  StartCertLoader();
   SetupPolicy();
   base::RunLoop().RunUntilIdle();
 
   // Verify that no client certificate was configured.
   std::string pkcs11_id;
   GetClientCertProperties(&pkcs11_id);
   EXPECT_EQ(std::string(), pkcs11_id);
 }
 
 TEST_F(ClientCertResolverTest, ResolveOnCertificatesLoaded) {
+  SetupTestCerts();
+  SetupWifi();
+  base::RunLoop().RunUntilIdle();
+
   SetupNetworkHandlers();
-  SetupWifi();
-  SetupTestCerts();
   SetupPolicy();
   base::RunLoop().RunUntilIdle();
 
   StartCertLoader();
   base::RunLoop().RunUntilIdle();
 
   // Verify that the resolver positively matched the pattern in the policy with
   // the test client cert and configured the network.
   std::string pkcs11_id;
   GetClientCertProperties(&pkcs11_id);
   EXPECT_EQ(test_cert_id_, pkcs11_id);
 }
 
 TEST_F(ClientCertResolverTest, ResolveAfterPolicyApplication) {
   SetupTestCerts();
+  SetupWifi();
+  base::RunLoop().RunUntilIdle();
   StartCertLoader();
   SetupNetworkHandlers();
-  SetupWifi();
   base::RunLoop().RunUntilIdle();
 
   // Policy application will trigger the ClientCertResolver.
   SetupPolicy();
   base::RunLoop().RunUntilIdle();
 
   // Verify that the resolver positively matched the pattern in the policy with
   // the test client cert and configured the network.
   std::string pkcs11_id;
   GetClientCertProperties(&pkcs11_id);
   EXPECT_EQ(test_cert_id_, pkcs11_id);
 }
 
 }  // namespace chromeos
-
-#endif