Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Side by Side Diff: chrome/browser/net/sqlite_server_bound_cert_store_unittest.cc

Issue 10407124: Don't force non-session only cookies to be session only cookies, instead delete on shutdown (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: updates Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/bind.h" 5 #include "base/bind.h"
6 #include "base/file_util.h" 6 #include "base/file_util.h"
7 #include "base/memory/ref_counted.h" 7 #include "base/memory/ref_counted.h"
8 #include "base/memory/scoped_vector.h" 8 #include "base/memory/scoped_vector.h"
9 #include "base/message_loop.h" 9 #include "base/message_loop.h"
10 #include "base/scoped_temp_dir.h" 10 #include "base/scoped_temp_dir.h"
11 #include "base/stl_util.h" 11 #include "base/stl_util.h"
12 #include "base/test/thread_test_helper.h" 12 #include "base/test/thread_test_helper.h"
13 #include "chrome/browser/net/clear_on_exit_policy.h"
13 #include "chrome/browser/net/sqlite_server_bound_cert_store.h" 14 #include "chrome/browser/net/sqlite_server_bound_cert_store.h"
14 #include "chrome/common/chrome_constants.h" 15 #include "chrome/common/chrome_constants.h"
15 #include "content/test/test_browser_thread.h" 16 #include "content/test/test_browser_thread.h"
16 #include "net/base/cert_test_util.h" 17 #include "net/base/cert_test_util.h"
17 #include "sql/statement.h" 18 #include "sql/statement.h"
18 #include "testing/gtest/include/gtest/gtest.h" 19 #include "testing/gtest/include/gtest/gtest.h"
20 #include "webkit/quota/mock_special_storage_policy.h"
19 21
20 using content::BrowserThread; 22 using content::BrowserThread;
21 23
22 class SQLiteServerBoundCertStoreTest : public testing::Test { 24 class SQLiteServerBoundCertStoreTest : public testing::Test {
23 public: 25 public:
24 SQLiteServerBoundCertStoreTest() 26 SQLiteServerBoundCertStoreTest()
25 : db_thread_(BrowserThread::DB) { 27 : db_thread_(BrowserThread::DB) {
26 } 28 }
27 29
28 protected: 30 protected:
(...skipping 25 matching lines...) Expand all
54 exploded_time.minute = 23; 56 exploded_time.minute = 23;
55 exploded_time.second = 45; 57 exploded_time.second = 45;
56 exploded_time.millisecond = 0; 58 exploded_time.millisecond = 0;
57 return base::Time::FromUTCExploded(exploded_time); 59 return base::Time::FromUTCExploded(exploded_time);
58 } 60 }
59 61
60 virtual void SetUp() { 62 virtual void SetUp() {
61 db_thread_.Start(); 63 db_thread_.Start();
62 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir()); 64 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
63 store_ = new SQLiteServerBoundCertStore( 65 store_ = new SQLiteServerBoundCertStore(
64 temp_dir_.path().Append(chrome::kOBCertFilename)); 66 temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
65 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; 67 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
66 ASSERT_TRUE(store_->Load(&certs.get())); 68 ASSERT_TRUE(store_->Load(&certs.get()));
67 ASSERT_EQ(0u, certs.size()); 69 ASSERT_EQ(0u, certs.size());
68 // Make sure the store gets written at least once. 70 // Make sure the store gets written at least once.
69 store_->AddServerBoundCert( 71 store_->AddServerBoundCert(
70 net::DefaultServerBoundCertStore::ServerBoundCert( 72 net::DefaultServerBoundCertStore::ServerBoundCert(
71 "google.com", 73 "google.com",
72 net::CLIENT_CERT_RSA_SIGN, 74 net::CLIENT_CERT_RSA_SIGN,
73 base::Time::FromInternalValue(1), 75 base::Time::FromInternalValue(1),
74 base::Time::FromInternalValue(2), 76 base::Time::FromInternalValue(2),
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after
125 // Replace the store effectively destroying the current one and forcing it 127 // Replace the store effectively destroying the current one and forcing it
126 // to write its data to disk. Then we can see if after loading it again it 128 // to write its data to disk. Then we can see if after loading it again it
127 // is still there. 129 // is still there.
128 store_ = NULL; 130 store_ = NULL;
129 scoped_refptr<base::ThreadTestHelper> helper( 131 scoped_refptr<base::ThreadTestHelper> helper(
130 new base::ThreadTestHelper( 132 new base::ThreadTestHelper(
131 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); 133 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB)));
132 // Make sure we wait until the destructor has run. 134 // Make sure we wait until the destructor has run.
133 ASSERT_TRUE(helper->Run()); 135 ASSERT_TRUE(helper->Run());
134 store_ = new SQLiteServerBoundCertStore( 136 store_ = new SQLiteServerBoundCertStore(
135 temp_dir_.path().Append(chrome::kOBCertFilename)); 137 temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
136 138
137 // Reload and test for persistence 139 // Reload and test for persistence
138 ASSERT_TRUE(store_->Load(&certs.get())); 140 ASSERT_TRUE(store_->Load(&certs.get()));
139 ASSERT_EQ(2U, certs.size()); 141 ASSERT_EQ(2U, certs.size());
140 net::DefaultServerBoundCertStore::ServerBoundCert* ec_cert; 142 net::DefaultServerBoundCertStore::ServerBoundCert* ec_cert;
141 net::DefaultServerBoundCertStore::ServerBoundCert* rsa_cert; 143 net::DefaultServerBoundCertStore::ServerBoundCert* rsa_cert;
142 if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) { 144 if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) {
143 rsa_cert = certs[0]; 145 rsa_cert = certs[0];
144 ec_cert = certs[1]; 146 ec_cert = certs[1];
145 } else { 147 } else {
(...skipping 14 matching lines...) Expand all
160 ASSERT_EQ(4, ec_cert->expiration_time().ToInternalValue()); 162 ASSERT_EQ(4, ec_cert->expiration_time().ToInternalValue());
161 163
162 // Now delete the cert and check persistence again. 164 // Now delete the cert and check persistence again.
163 store_->DeleteServerBoundCert(*certs[0]); 165 store_->DeleteServerBoundCert(*certs[0]);
164 store_->DeleteServerBoundCert(*certs[1]); 166 store_->DeleteServerBoundCert(*certs[1]);
165 store_ = NULL; 167 store_ = NULL;
166 // Make sure we wait until the destructor has run. 168 // Make sure we wait until the destructor has run.
167 ASSERT_TRUE(helper->Run()); 169 ASSERT_TRUE(helper->Run());
168 certs.reset(); 170 certs.reset();
169 store_ = new SQLiteServerBoundCertStore( 171 store_ = new SQLiteServerBoundCertStore(
170 temp_dir_.path().Append(chrome::kOBCertFilename)); 172 temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
171 173
172 // Reload and check if the cert has been removed. 174 // Reload and check if the cert has been removed.
173 ASSERT_TRUE(store_->Load(&certs.get())); 175 ASSERT_TRUE(store_->Load(&certs.get()));
174 ASSERT_EQ(0U, certs.size()); 176 ASSERT_EQ(0U, certs.size());
175 } 177 }
176 178
177 TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) { 179 TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) {
178 // Reset the store. We'll be using a different database for this test. 180 // Reset the store. We'll be using a different database for this test.
179 store_ = NULL; 181 store_ = NULL;
180 182
(...skipping 30 matching lines...) Expand all
211 )); 213 ));
212 } 214 }
213 215
214 // Load and test the DB contents twice. First time ensures that we can use 216 // Load and test the DB contents twice. First time ensures that we can use
215 // the updated values immediately. Second time ensures that the updated 217 // the updated values immediately. Second time ensures that the updated
216 // values are stored and read correctly on next load. 218 // values are stored and read correctly on next load.
217 for (int i = 0; i < 2; ++i) { 219 for (int i = 0; i < 2; ++i) {
218 SCOPED_TRACE(i); 220 SCOPED_TRACE(i);
219 221
220 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; 222 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
221 store_ = new SQLiteServerBoundCertStore(v1_db_path); 223 store_ = new SQLiteServerBoundCertStore(v1_db_path, NULL);
222 224
223 // Load the database and ensure the certs can be read and are marked as RSA. 225 // Load the database and ensure the certs can be read and are marked as RSA.
224 ASSERT_TRUE(store_->Load(&certs.get())); 226 ASSERT_TRUE(store_->Load(&certs.get()));
225 ASSERT_EQ(2U, certs.size()); 227 ASSERT_EQ(2U, certs.size());
226 228
227 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); 229 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str());
228 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); 230 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
229 ASSERT_EQ(GetTestCertExpirationTime(), 231 ASSERT_EQ(GetTestCertExpirationTime(),
230 certs[0]->expiration_time()); 232 certs[0]->expiration_time());
231 ASSERT_EQ(key_data, certs[0]->private_key()); 233 ASSERT_EQ(key_data, certs[0]->private_key());
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
299 )); 301 ));
300 } 302 }
301 303
302 // Load and test the DB contents twice. First time ensures that we can use 304 // Load and test the DB contents twice. First time ensures that we can use
303 // the updated values immediately. Second time ensures that the updated 305 // the updated values immediately. Second time ensures that the updated
304 // values are saved and read correctly on next load. 306 // values are saved and read correctly on next load.
305 for (int i = 0; i < 2; ++i) { 307 for (int i = 0; i < 2; ++i) {
306 SCOPED_TRACE(i); 308 SCOPED_TRACE(i);
307 309
308 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; 310 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
309 store_ = new SQLiteServerBoundCertStore(v2_db_path); 311 store_ = new SQLiteServerBoundCertStore(v2_db_path, NULL);
310 312
311 // Load the database and ensure the certs can be read and are marked as RSA. 313 // Load the database and ensure the certs can be read and are marked as RSA.
312 ASSERT_TRUE(store_->Load(&certs.get())); 314 ASSERT_TRUE(store_->Load(&certs.get()));
313 ASSERT_EQ(2U, certs.size()); 315 ASSERT_EQ(2U, certs.size());
314 316
315 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); 317 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str());
316 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); 318 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
317 ASSERT_EQ(GetTestCertExpirationTime(), 319 ASSERT_EQ(GetTestCertExpirationTime(),
318 certs[0]->expiration_time()); 320 certs[0]->expiration_time());
319 ASSERT_EQ(key_data, certs[0]->private_key()); 321 ASSERT_EQ(key_data, certs[0]->private_key());
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
389 )); 391 ));
390 } 392 }
391 393
392 // Load and test the DB contents twice. First time ensures that we can use 394 // Load and test the DB contents twice. First time ensures that we can use
393 // the updated values immediately. Second time ensures that the updated 395 // the updated values immediately. Second time ensures that the updated
394 // values are saved and read correctly on next load. 396 // values are saved and read correctly on next load.
395 for (int i = 0; i < 2; ++i) { 397 for (int i = 0; i < 2; ++i) {
396 SCOPED_TRACE(i); 398 SCOPED_TRACE(i);
397 399
398 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs; 400 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
399 store_ = new SQLiteServerBoundCertStore(v3_db_path); 401 store_ = new SQLiteServerBoundCertStore(v3_db_path, NULL);
400 402
401 // Load the database and ensure the certs can be read and are marked as RSA. 403 // Load the database and ensure the certs can be read and are marked as RSA.
402 ASSERT_TRUE(store_->Load(&certs.get())); 404 ASSERT_TRUE(store_->Load(&certs.get()));
403 ASSERT_EQ(2U, certs.size()); 405 ASSERT_EQ(2U, certs.size());
404 406
405 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str()); 407 ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str());
406 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type()); 408 ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
407 ASSERT_EQ(1000, certs[0]->expiration_time().ToInternalValue()); 409 ASSERT_EQ(1000, certs[0]->expiration_time().ToInternalValue());
408 ASSERT_EQ(GetTestCertCreationTime(), 410 ASSERT_EQ(GetTestCertCreationTime(),
409 certs[0]->creation_time()); 411 certs[0]->creation_time());
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after
503 505
504 store_->Flush(base::Bind(&CallbackCounter::Callback, counter.get())); 506 store_->Flush(base::Bind(&CallbackCounter::Callback, counter.get()));
505 507
506 scoped_refptr<base::ThreadTestHelper> helper( 508 scoped_refptr<base::ThreadTestHelper> helper(
507 new base::ThreadTestHelper( 509 new base::ThreadTestHelper(
508 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB))); 510 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB)));
509 ASSERT_TRUE(helper->Run()); 511 ASSERT_TRUE(helper->Run());
510 512
511 ASSERT_EQ(1, counter->callback_count()); 513 ASSERT_EQ(1, counter->callback_count());
512 } 514 }
515
516 namespace {
517
518 bool CertificateExistsInList(
519 std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs,
520 const std::string& server,
521 int type,
522 const std::string& key,
523 const std::string& cert,
524 int creation_time,
525 int expiration_time) {
526 for (unsigned i = 0; i < certs->size(); ++i) {
527 if ((*certs)[i]->server_identifier() == server &&
528 (*certs)[i]->type() == type &&
529 (*certs)[i]->private_key() == key &&
530 (*certs)[i]->cert() == cert &&
531 (*certs)[i]->creation_time().ToInternalValue() == creation_time &&
532 (*certs)[i]->expiration_time().ToInternalValue() == expiration_time) {
533 return true;
534 }
535 }
536 return false;
537 }
538
539 } // namespace
540
541 // Tests the interaction with the clear on exit policy.
542 TEST_F(SQLiteServerBoundCertStoreTest, TestClearOnExitPolicy) {
543 // First, delete a possibly existing store.
544 store_->SetClearLocalStateOnExit(true);
545 store_ = NULL;
546 scoped_refptr<base::ThreadTestHelper> helper(
547 new base::ThreadTestHelper(
548 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB)));
549 ASSERT_TRUE(helper->Run());
550
551 // Create a new store with three certificates in it.
552 store_ = new SQLiteServerBoundCertStore(
553 temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
554
555 ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
556 ASSERT_TRUE(store_->Load(&certs.get()));
557 ASSERT_EQ(0U, certs.size());
558
559 store_->AddServerBoundCert(
560 net::DefaultServerBoundCertStore::ServerBoundCert(
561 "other.com",
562 net::CLIENT_CERT_RSA_SIGN,
563 base::Time::FromInternalValue(1),
564 base::Time::FromInternalValue(2),
565 "a", "b"));
566 store_->AddServerBoundCert(
567 net::DefaultServerBoundCertStore::ServerBoundCert(
568 "session.com",
569 net::CLIENT_CERT_RSA_SIGN,
570 base::Time::FromInternalValue(3),
571 base::Time::FromInternalValue(4),
572 "x", "y"));
573 store_->AddServerBoundCert(
574 net::DefaultServerBoundCertStore::ServerBoundCert(
575 "protected.com",
576 net::CLIENT_CERT_RSA_SIGN,
577 base::Time::FromInternalValue(5),
578 base::Time::FromInternalValue(6),
579 "n", "m"));
580
581 // Write out the certificates to disk.
582 store_ = NULL;
583 ASSERT_TRUE(helper->Run());
584
585 // Load the store again with a clear on exit policy.
586 scoped_refptr<quota::MockSpecialStoragePolicy> storage_policy =
587 new quota::MockSpecialStoragePolicy;
588 scoped_refptr<ClearOnExitPolicy> clear_policy =
589 new ClearOnExitPolicy(storage_policy.get());
590 storage_policy->AddSessionOnly(GURL("https://session.com"));
591 storage_policy->AddSessionOnly(GURL("https://protected.com"));
592 storage_policy->AddProtected(GURL("https://protected.com"));
593 store_ = new SQLiteServerBoundCertStore(
594 temp_dir_.path().Append(chrome::kOBCertFilename), clear_policy.get());
595 ASSERT_TRUE(store_->Load(&certs.get()));
596 ASSERT_EQ(3U, certs.size());
597
598 // Delete the store. This should apply the clear on exit policy.
599 store_ = NULL;
600 // Make sure we wait until the destructor has run.
601 ASSERT_TRUE(helper->Run());
602
603 store_ = new SQLiteServerBoundCertStore(
604 temp_dir_.path().Append(chrome::kOBCertFilename), clear_policy.get());
605
606 // Reload and test for persistence
607 certs->clear();
608 ASSERT_TRUE(store_->Load(&certs.get()));
609 ASSERT_EQ(2U, certs.size());
610
611 ASSERT_TRUE(CertificateExistsInList(&certs.get(),
612 "other.com",
613 net::CLIENT_CERT_RSA_SIGN,
614 "a", "b", 1, 2));
615 ASSERT_TRUE(CertificateExistsInList(&certs.get(),
616 "protected.com",
617 net::CLIENT_CERT_RSA_SIGN,
618 "n", "m", 5, 6));
619 }
OLDNEW
« no previous file with comments | « chrome/browser/net/sqlite_server_bound_cert_store.cc ('k') | chrome/browser/profiles/profile_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698