| Index: chrome/browser/net/sqlite_server_bound_cert_store_unittest.cc
|
| diff --git a/chrome/browser/net/sqlite_server_bound_cert_store_unittest.cc b/chrome/browser/net/sqlite_server_bound_cert_store_unittest.cc
|
| index b119252d0023520b80cb8fdfa368df9042033031..24ce98350c47196cb54d48c5676352ae94e63a46 100644
|
| --- a/chrome/browser/net/sqlite_server_bound_cert_store_unittest.cc
|
| +++ b/chrome/browser/net/sqlite_server_bound_cert_store_unittest.cc
|
| @@ -10,12 +10,14 @@
|
| #include "base/scoped_temp_dir.h"
|
| #include "base/stl_util.h"
|
| #include "base/test/thread_test_helper.h"
|
| +#include "chrome/browser/net/clear_on_exit_policy.h"
|
| #include "chrome/browser/net/sqlite_server_bound_cert_store.h"
|
| #include "chrome/common/chrome_constants.h"
|
| #include "content/test/test_browser_thread.h"
|
| #include "net/base/cert_test_util.h"
|
| #include "sql/statement.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
| +#include "webkit/quota/mock_special_storage_policy.h"
|
|
|
| using content::BrowserThread;
|
|
|
| @@ -61,7 +63,7 @@ class SQLiteServerBoundCertStoreTest : public testing::Test {
|
| db_thread_.Start();
|
| ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
|
| store_ = new SQLiteServerBoundCertStore(
|
| - temp_dir_.path().Append(chrome::kOBCertFilename));
|
| + temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
|
| ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
|
| ASSERT_TRUE(store_->Load(&certs.get()));
|
| ASSERT_EQ(0u, certs.size());
|
| @@ -132,7 +134,7 @@ TEST_F(SQLiteServerBoundCertStoreTest, TestPersistence) {
|
| // Make sure we wait until the destructor has run.
|
| ASSERT_TRUE(helper->Run());
|
| store_ = new SQLiteServerBoundCertStore(
|
| - temp_dir_.path().Append(chrome::kOBCertFilename));
|
| + temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
|
|
|
| // Reload and test for persistence
|
| ASSERT_TRUE(store_->Load(&certs.get()));
|
| @@ -167,7 +169,7 @@ TEST_F(SQLiteServerBoundCertStoreTest, TestPersistence) {
|
| ASSERT_TRUE(helper->Run());
|
| certs.reset();
|
| store_ = new SQLiteServerBoundCertStore(
|
| - temp_dir_.path().Append(chrome::kOBCertFilename));
|
| + temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
|
|
|
| // Reload and check if the cert has been removed.
|
| ASSERT_TRUE(store_->Load(&certs.get()));
|
| @@ -218,7 +220,7 @@ TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) {
|
| SCOPED_TRACE(i);
|
|
|
| ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
|
| - store_ = new SQLiteServerBoundCertStore(v1_db_path);
|
| + store_ = new SQLiteServerBoundCertStore(v1_db_path, NULL);
|
|
|
| // Load the database and ensure the certs can be read and are marked as RSA.
|
| ASSERT_TRUE(store_->Load(&certs.get()));
|
| @@ -306,7 +308,7 @@ TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV2) {
|
| SCOPED_TRACE(i);
|
|
|
| ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
|
| - store_ = new SQLiteServerBoundCertStore(v2_db_path);
|
| + store_ = new SQLiteServerBoundCertStore(v2_db_path, NULL);
|
|
|
| // Load the database and ensure the certs can be read and are marked as RSA.
|
| ASSERT_TRUE(store_->Load(&certs.get()));
|
| @@ -396,7 +398,7 @@ TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV3) {
|
| SCOPED_TRACE(i);
|
|
|
| ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
|
| - store_ = new SQLiteServerBoundCertStore(v3_db_path);
|
| + store_ = new SQLiteServerBoundCertStore(v3_db_path, NULL);
|
|
|
| // Load the database and ensure the certs can be read and are marked as RSA.
|
| ASSERT_TRUE(store_->Load(&certs.get()));
|
| @@ -510,3 +512,108 @@ TEST_F(SQLiteServerBoundCertStoreTest, TestFlushCompletionCallback) {
|
|
|
| ASSERT_EQ(1, counter->callback_count());
|
| }
|
| +
|
| +namespace {
|
| +
|
| +bool CertificateExistsInList(
|
| + std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs,
|
| + const std::string& server,
|
| + int type,
|
| + const std::string& key,
|
| + const std::string& cert,
|
| + int creation_time,
|
| + int expiration_time) {
|
| + for (unsigned i = 0; i < certs->size(); ++i) {
|
| + if ((*certs)[i]->server_identifier() == server &&
|
| + (*certs)[i]->type() == type &&
|
| + (*certs)[i]->private_key() == key &&
|
| + (*certs)[i]->cert() == cert &&
|
| + (*certs)[i]->creation_time().ToInternalValue() == creation_time &&
|
| + (*certs)[i]->expiration_time().ToInternalValue() == expiration_time) {
|
| + return true;
|
| + }
|
| + }
|
| + return false;
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +// Tests the interaction with the clear on exit policy.
|
| +TEST_F(SQLiteServerBoundCertStoreTest, TestClearOnExitPolicy) {
|
| + // First, delete a possibly existing store.
|
| + store_->SetClearLocalStateOnExit(true);
|
| + store_ = NULL;
|
| + scoped_refptr<base::ThreadTestHelper> helper(
|
| + new base::ThreadTestHelper(
|
| + BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB)));
|
| + ASSERT_TRUE(helper->Run());
|
| +
|
| + // Create a new store with three certificates in it.
|
| + store_ = new SQLiteServerBoundCertStore(
|
| + temp_dir_.path().Append(chrome::kOBCertFilename), NULL);
|
| +
|
| + ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
|
| + ASSERT_TRUE(store_->Load(&certs.get()));
|
| + ASSERT_EQ(0U, certs.size());
|
| +
|
| + store_->AddServerBoundCert(
|
| + net::DefaultServerBoundCertStore::ServerBoundCert(
|
| + "other.com",
|
| + net::CLIENT_CERT_RSA_SIGN,
|
| + base::Time::FromInternalValue(1),
|
| + base::Time::FromInternalValue(2),
|
| + "a", "b"));
|
| + store_->AddServerBoundCert(
|
| + net::DefaultServerBoundCertStore::ServerBoundCert(
|
| + "session.com",
|
| + net::CLIENT_CERT_RSA_SIGN,
|
| + base::Time::FromInternalValue(3),
|
| + base::Time::FromInternalValue(4),
|
| + "x", "y"));
|
| + store_->AddServerBoundCert(
|
| + net::DefaultServerBoundCertStore::ServerBoundCert(
|
| + "protected.com",
|
| + net::CLIENT_CERT_RSA_SIGN,
|
| + base::Time::FromInternalValue(5),
|
| + base::Time::FromInternalValue(6),
|
| + "n", "m"));
|
| +
|
| + // Write out the certificates to disk.
|
| + store_ = NULL;
|
| + ASSERT_TRUE(helper->Run());
|
| +
|
| + // Load the store again with a clear on exit policy.
|
| + scoped_refptr<quota::MockSpecialStoragePolicy> storage_policy =
|
| + new quota::MockSpecialStoragePolicy;
|
| + scoped_refptr<ClearOnExitPolicy> clear_policy =
|
| + new ClearOnExitPolicy(storage_policy.get());
|
| + storage_policy->AddSessionOnly(GURL("https://session.com"));
|
| + storage_policy->AddSessionOnly(GURL("https://protected.com"));
|
| + storage_policy->AddProtected(GURL("https://protected.com"));
|
| + store_ = new SQLiteServerBoundCertStore(
|
| + temp_dir_.path().Append(chrome::kOBCertFilename), clear_policy.get());
|
| + ASSERT_TRUE(store_->Load(&certs.get()));
|
| + ASSERT_EQ(3U, certs.size());
|
| +
|
| + // Delete the store. This should apply the clear on exit policy.
|
| + store_ = NULL;
|
| + // Make sure we wait until the destructor has run.
|
| + ASSERT_TRUE(helper->Run());
|
| +
|
| + store_ = new SQLiteServerBoundCertStore(
|
| + temp_dir_.path().Append(chrome::kOBCertFilename), clear_policy.get());
|
| +
|
| + // Reload and test for persistence
|
| + certs->clear();
|
| + ASSERT_TRUE(store_->Load(&certs.get()));
|
| + ASSERT_EQ(2U, certs.size());
|
| +
|
| + ASSERT_TRUE(CertificateExistsInList(&certs.get(),
|
| + "other.com",
|
| + net::CLIENT_CERT_RSA_SIGN,
|
| + "a", "b", 1, 2));
|
| + ASSERT_TRUE(CertificateExistsInList(&certs.get(),
|
| + "protected.com",
|
| + net::CLIENT_CERT_RSA_SIGN,
|
| + "n", "m", 5, 6));
|
| +}
|
|
|