src/net/ssl/client_cert_store_chromeos_unittest.cc

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/ssl/client_cert_store_chromeos.h"
   6
   7 #include "base/bind.h"
   8 #include "base/callback.h"
   9 #include "base/file_util.h"
  10 #include "base/run_loop.h"
  11 #include "base/strings/utf_string_conversions.h"
  12 #include "crypto/nss_util.h"
  13 #include "crypto/nss_util_internal.h"
  14 #include "net/cert/nss_cert_database.h"
  15 #include "net/ssl/client_cert_store_unittest-inl.h"
  16
  17 namespace net {
  18
  19 class ClientCertStoreChromeOSTestDelegate {
  20  public:
  21   ClientCertStoreChromeOSTestDelegate()
  22       : store_("usernamehash",
  23                ClientCertStoreChromeOS::PasswordDelegateFactory()) {
  24     store_.InitForTesting(
  25         crypto::ScopedPK11Slot(crypto::GetPublicNSSKeySlot()),
  26         crypto::ScopedPK11Slot(crypto::GetPrivateNSSKeySlot()));
  27   }
  28
  29   bool SelectClientCerts(const CertificateList& input_certs,
  30                          const SSLCertRequestInfo& cert_request_info,
  31                          CertificateList* selected_certs) {
  32     return store_.SelectClientCertsForTesting(
  33         input_certs, cert_request_info, selected_certs);
  34   }
  35
  36  private:
  37   ClientCertStoreChromeOS store_;
  38 };
  39
  40 INSTANTIATE_TYPED_TEST_CASE_P(ChromeOS,
  41                               ClientCertStoreTest,
  42                               ClientCertStoreChromeOSTestDelegate);
  43
  44 class ClientCertStoreChromeOSTest : public ::testing::Test {
  45  public:
  46   scoped_refptr<X509Certificate> ImportCertForUser(
  47       const std::string& username_hash,
  48       const std::string& filename,
  49       const std::string& password) {
  50     crypto::ScopedPK11Slot slot(
  51         crypto::GetPublicSlotForChromeOSUser(username_hash));
  52     EXPECT_TRUE(slot.get());
  53     if (!slot.get())
  54       return NULL;
  55
  56     net::CertificateList cert_list;
  57
  58     base::FilePath p12_path = GetTestCertsDirectory().AppendASCII(filename);
  59     std::string p12_data;
  60     if (!base::ReadFileToString(p12_path, &p12_data)) {
  61       EXPECT_TRUE(false);
  62       return NULL;
  63     }
  64
  65     scoped_refptr<net::CryptoModule> module(
  66         net::CryptoModule::CreateFromHandle(slot.get()));
  67     int rv = NSSCertDatabase::GetInstance()->ImportFromPKCS12(
  68         module.get(), p12_data, base::UTF8ToUTF16(password), false, &cert_list);
  69
  70     EXPECT_EQ(0, rv);
  71     EXPECT_EQ(1U, cert_list.size());
  72     if (rv || cert_list.size() != 1)
  73       return NULL;
  74
  75     return cert_list[0];
  76   }
  77 };
  78
  79 // TODO(mattm): Do better testing of cert_authorities matching below. Update
  80 // net/data/ssl/scripts/generate-client-certificates.sh so that it actually
  81 // saves the .p12 files, and regenerate them.
  82
  83 TEST_F(ClientCertStoreChromeOSTest, WaitForNSSInit) {
  84   crypto::ScopedTestNSSChromeOSUser user("scopeduser");
  85   ASSERT_TRUE(user.constructed_successfully());
  86   ClientCertStoreChromeOS store(
  87       user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());
  88   scoped_refptr<X509Certificate> cert_1(
  89       ImportCertForUser(user.username_hash(), "client.p12", "12345"));
  90   scoped_refptr<X509Certificate> cert_2(
  91       ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", ""));
  92
  93   std::vector<std::string> authority_1(
  94       1,
  95       std::string(reinterpret_cast<const char*>(kAuthority1DN),
  96                   sizeof(kAuthority1DN)));
  97   scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());
  98   request_1->cert_authorities = authority_1;
  99
 100   scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());
 101
 102   base::RunLoop run_loop_1;
 103   base::RunLoop run_loop_all;
 104   store.GetClientCerts(
 105       *request_1, &request_1->client_certs, run_loop_1.QuitClosure());
 106   store.GetClientCerts(
 107       *request_all, &request_all->client_certs, run_loop_all.QuitClosure());
 108
 109   // Callbacks won't be run until nss_util init finishes for the user.
 110   user.FinishInit();
 111
 112   run_loop_1.Run();
 113   run_loop_all.Run();
 114
 115   ASSERT_EQ(0u, request_1->client_certs.size());
 116   ASSERT_EQ(2u, request_all->client_certs.size());
 117 }
 118
 119 TEST_F(ClientCertStoreChromeOSTest, NSSAlreadyInitialized) {
 120   crypto::ScopedTestNSSChromeOSUser user("scopeduser");
 121   ASSERT_TRUE(user.constructed_successfully());
 122   user.FinishInit();
 123
 124   ClientCertStoreChromeOS store(
 125       user.username_hash(), ClientCertStoreChromeOS::PasswordDelegateFactory());
 126   scoped_refptr<X509Certificate> cert_1(
 127       ImportCertForUser(user.username_hash(), "client.p12", "12345"));
 128   scoped_refptr<X509Certificate> cert_2(
 129       ImportCertForUser(user.username_hash(), "websocket_client_cert.p12", ""));
 130
 131   std::vector<std::string> authority_1(
 132       1,
 133       std::string(reinterpret_cast<const char*>(kAuthority1DN),
 134                   sizeof(kAuthority1DN)));
 135   scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());
 136   request_1->cert_authorities = authority_1;
 137
 138   scoped_refptr<SSLCertRequestInfo> request_all(new SSLCertRequestInfo());
 139
 140   base::RunLoop run_loop_1;
 141   base::RunLoop run_loop_all;
 142   store.GetClientCerts(
 143       *request_1, &request_1->client_certs, run_loop_1.QuitClosure());
 144   store.GetClientCerts(
 145       *request_all, &request_all->client_certs, run_loop_all.QuitClosure());
 146
 147   run_loop_1.Run();
 148   run_loop_all.Run();
 149
 150   ASSERT_EQ(0u, request_1->client_certs.size());
 151   ASSERT_EQ(2u, request_all->client_certs.size());
 152 }
 153
 154 TEST_F(ClientCertStoreChromeOSTest, TwoUsers) {
 155   crypto::ScopedTestNSSChromeOSUser user1("scopeduser1");
 156   ASSERT_TRUE(user1.constructed_successfully());
 157   crypto::ScopedTestNSSChromeOSUser user2("scopeduser2");
 158   ASSERT_TRUE(user2.constructed_successfully());
 159   ClientCertStoreChromeOS store1(
 160       user1.username_hash(),
 161       ClientCertStoreChromeOS::PasswordDelegateFactory());
 162   ClientCertStoreChromeOS store2(
 163       user2.username_hash(),
 164       ClientCertStoreChromeOS::PasswordDelegateFactory());
 165   scoped_refptr<X509Certificate> cert_1(
 166       ImportCertForUser(user1.username_hash(), "client.p12", "12345"));
 167   scoped_refptr<X509Certificate> cert_2(ImportCertForUser(
 168       user2.username_hash(), "websocket_client_cert.p12", ""));
 169
 170   scoped_refptr<SSLCertRequestInfo> request_1(new SSLCertRequestInfo());
 171   scoped_refptr<SSLCertRequestInfo> request_2(new SSLCertRequestInfo());
 172
 173   base::RunLoop run_loop_1;
 174   base::RunLoop run_loop_2;
 175   store1.GetClientCerts(
 176       *request_1, &request_1->client_certs, run_loop_1.QuitClosure());
 177   store2.GetClientCerts(
 178       *request_2, &request_2->client_certs, run_loop_2.QuitClosure());
 179
 180   // Callbacks won't be run until nss_util init finishes for the user.
 181   user1.FinishInit();
 182   user2.FinishInit();
 183
 184   run_loop_1.Run();
 185   run_loop_2.Run();
 186
 187   ASSERT_EQ(1u, request_1->client_certs.size());
 188   EXPECT_TRUE(cert_1->Equals(request_1->client_certs[0]));
 189   // TODO(mattm): Request for second user will have zero results due to
 190   // crbug.com/315285.  Update the test once that is fixed.
 191 }
 192
 193 }  // namespace net