Upstream version 11.40.277.0
[platform/framework/web/crosswalk.git] / src / net / ssl / openssl_client_key_store_unittest.cc
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/ssl/openssl_client_key_store.h"
6
7 #include "base/memory/ref_counted.h"
8 #include "crypto/scoped_openssl_types.h"
9 #include "net/base/test_data_directory.h"
10 #include "net/test/cert_test_util.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12
13 namespace net {
14
15 namespace {
16
17 // Return the internal reference count of a given EVP_PKEY.
18 int EVP_PKEY_get_refcount(EVP_PKEY* pkey) {
19   return pkey->references;
20 }
21
22 // A common test class to ensure that the store is flushed after
23 // each test.
24 class OpenSSLClientKeyStoreTest : public ::testing::Test {
25  public:
26   OpenSSLClientKeyStoreTest()
27     : store_(OpenSSLClientKeyStore::GetInstance()) {
28   }
29
30   virtual ~OpenSSLClientKeyStoreTest() {
31     if (store_)
32       store_->Flush();
33   }
34
35  protected:
36   OpenSSLClientKeyStore* store_;
37 };
38
39 // Check that GetInstance() returns non-null
40 TEST_F(OpenSSLClientKeyStoreTest, GetInstance) {
41   ASSERT_TRUE(store_);
42 }
43
44 // Check that Flush() works correctly.
45 TEST_F(OpenSSLClientKeyStoreTest, Flush) {
46   ASSERT_TRUE(store_);
47
48   scoped_refptr<X509Certificate> cert_1(
49       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
50   ASSERT_TRUE(cert_1.get());
51
52   crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new());
53   ASSERT_TRUE(priv_key.get());
54
55   ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
56                                                  priv_key.get()));
57
58   store_->Flush();
59
60   // Retrieve the private key. This should fail because the store
61   // was flushed.
62   crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get());
63   ASSERT_FALSE(pkey.get());
64 }
65
66 // Check that trying to retrieve the private key of an unknown certificate
67 // simply fails by returning null.
68 TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) {
69   ASSERT_TRUE(store_);
70
71   scoped_refptr<X509Certificate> cert_1(
72       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
73   ASSERT_TRUE(cert_1.get());
74
75   // Retrieve the private key now. This should fail because it was
76   // never recorded in the store.
77   crypto::ScopedEVP_PKEY pkey = store_->FetchClientCertPrivateKey(cert_1.get());
78   ASSERT_FALSE(pkey.get());
79 }
80
81 // Check that any private key recorded through RecordClientCertPrivateKey
82 // can be retrieved with FetchClientCertPrivateKey.
83 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) {
84   ASSERT_TRUE(store_);
85
86   // Any certificate / key pair will do, the store is not supposed to
87   // check that the private and certificate public keys match. This is
88   // by design since the private EVP_PKEY could be a wrapper around a
89   // JNI reference, with no way to access the real private key bits.
90   scoped_refptr<X509Certificate> cert_1(
91       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
92   ASSERT_TRUE(cert_1.get());
93
94   crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new());
95   ASSERT_TRUE(priv_key.get());
96   ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get()));
97
98   // Add the key a first time, this should increment its reference count.
99   ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
100                                                  priv_key.get()));
101   ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
102
103   // Two successive calls with the same certificate / private key shall
104   // also succeed, but the key's reference count should not be incremented.
105   ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
106                                                  priv_key.get()));
107   ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
108
109   // Retrieve the private key. This should increment the private key's
110   // reference count.
111   crypto::ScopedEVP_PKEY pkey2 =
112       store_->FetchClientCertPrivateKey(cert_1.get());
113   ASSERT_EQ(pkey2.get(), priv_key.get());
114   ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get()));
115
116   // Flush the store explicitely, this should decrement the private
117   // key's reference count.
118   store_->Flush();
119   ASSERT_EQ(2, EVP_PKEY_get_refcount(priv_key.get()));
120 }
121
122 // Same test, but with two certificates / private keys.
123 TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) {
124   scoped_refptr<X509Certificate> cert_1(
125       ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
126   ASSERT_TRUE(cert_1.get());
127
128   scoped_refptr<X509Certificate> cert_2(
129       ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
130   ASSERT_TRUE(cert_2.get());
131
132   crypto::ScopedEVP_PKEY priv_key1(EVP_PKEY_new());
133   ASSERT_TRUE(priv_key1.get());
134   ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get()));
135
136   crypto::ScopedEVP_PKEY priv_key2(EVP_PKEY_new());
137   ASSERT_TRUE(priv_key2.get());
138   ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get()));
139
140   ASSERT_NE(priv_key1.get(), priv_key2.get());
141
142   // Add the key a first time, this shall succeed, and increment the
143   // reference count.
144   EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
145                                                  priv_key1.get()));
146   EXPECT_TRUE(store_->RecordClientCertPrivateKey(cert_2.get(),
147                                                  priv_key2.get()));
148   EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key1.get()));
149   EXPECT_EQ(2, EVP_PKEY_get_refcount(priv_key2.get()));
150
151   // Retrieve the private key now. This shall succeed and increment
152   // the private key's reference count.
153   crypto::ScopedEVP_PKEY fetch_key1 =
154       store_->FetchClientCertPrivateKey(cert_1.get());
155   crypto::ScopedEVP_PKEY fetch_key2 =
156       store_->FetchClientCertPrivateKey(cert_2.get());
157
158   EXPECT_TRUE(fetch_key1.get());
159   EXPECT_TRUE(fetch_key2.get());
160
161   EXPECT_EQ(fetch_key1.get(), priv_key1.get());
162   EXPECT_EQ(fetch_key2.get(), priv_key2.get());
163
164   EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key1.get()));
165   EXPECT_EQ(3, EVP_PKEY_get_refcount(priv_key2.get()));
166 }
167
168 }  // namespace
169 }  // namespace net