Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1311)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/ssl_browser_tests.cc

Issue 10703189: Add end to end client cert auth test for wss (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: add cacert.pem Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/test/base/ui_test_utils.h » ('j') | chrome/test/data/ssl/cacert.pem » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/ssl_browser_tests.cc
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index 79b43a802d5f8e0d7caf4f7085876fc155f44519..75639722db787e09d66c2f344fffe3f4da6291fe 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -9,6 +9,8 @@
#include "base/time.h"
#include "base/utf_string_conversions.h"
#include "chrome/app/chrome_command_ids.h"
+#include "chrome/browser/content_settings/host_content_settings_map.h"
+#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/browser_commands.h"
#include "chrome/browser/ui/browser_navigator.h"
@@ -31,7 +33,11 @@
#include "content/public/common/security_style.h"
#include "content/public/common/ssl_status.h"
#include "content/public/test/test_renderer_host.h"
+#include "crypto/nss_util.h"
+#include "net/base/cert_database.h"
#include "net/base/cert_status_flags.h"
+#include "net/base/crypto_module.h"
+#include "net/base/net_errors.h"
#include "net/test/test_server.h"
using content::InterstitialPage;
@@ -599,6 +605,75 @@ IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSInvalidCertAndGoForward) {
EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
}
+#if defined(USE_NSS)
Ryan Sleevi 2012/07/13 19:25:06 nit: Add an explanation for why this is only for U
Takashi Toyoshima 2012/07/17 11:50:58 Done.
+// Visit a HTTPS page which requires client cert authentication. The client
+// cert will be selected automatically, then a test which uses WebSocket runs.
+IN_PROC_BROWSER_TEST_F(SSLUITest, TestWSSClientCert) {
+ // Open temporal NSSDB for test.
+ // TODO(toyoshim): This interface will be changed as a scoped resource.
+ // See also crypto/nss_util.h and http://crbug.com/136950#c5 .
Ryan Sleevi 2012/07/13 19:25:06 nit: // Open a temporary NSS DB for testing. // TO
Takashi Toyoshima 2012/07/17 11:50:58 Done.
+ ASSERT_TRUE(crypto::OpenTestNSSDB());
+
+ // Import client cert for test. These interfaces require NSS.
+ net::CertDatabase cert_db;
+ scoped_refptr<net::CryptoModule> crypt_module = cert_db.GetPublicModule();
+ std::string pkcs12_data;
+ FilePath cert_path;
+ ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &cert_path));
+ cert_path = cert_path.Append(FILE_PATH_LITERAL("ssl"));
+ cert_path = cert_path.Append(FILE_PATH_LITERAL("client_cert.p12"));
+ EXPECT_TRUE(file_util::ReadFileToString(cert_path, &pkcs12_data));
+ EXPECT_EQ(net::OK, cert_db.ImportFromPKCS12(crypt_module,
+ pkcs12_data,
+ string16(),
+ true,
+ NULL));
+
+ // Start pywebsocket with TLS and client cert authentication.
+ ui_test_utils::TestWebSocketServer wss_server;
Ryan Sleevi 2012/07/13 19:25:06 A random note (and not a pre-requisite for this CL
Takashi Toyoshima 2012/07/17 11:50:58 I filed a bug on this as a TODO. https://code.goog
+ int port = wss_server.UseRandomPort();
+ wss_server.UseTLS();
+ wss_server.UseClientAuthentication();
+ FilePath wss_root_dir;
+ ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &wss_root_dir));
+ ASSERT_TRUE(wss_server.Start(wss_root_dir));
+ std::string urlPath =
+ StringPrintf("%s%d%s", "https://localhost:", port, "/wss.html");
+ GURL url(urlPath);
+
+ // Setup page title observer.
+ WebContents* tab = chrome::GetActiveWebContents(browser());
+ ui_test_utils::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
+ watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
+
+ // Add an entry into AutoSelectCertificateForUrls policy for automatic client
+ // cert selection.
+ Profile* profile = Profile::FromBrowserContext(tab->GetBrowserContext());
+ DCHECK(profile);
+ scoped_ptr<DictionaryValue> dict(new DictionaryValue());
+ dict->SetString("ISSUER.CN", "pywebsocket");
+ profile->GetHostContentSettingsMap()->SetWebsiteSetting(
+ ContentSettingsPattern::FromURL(url),
+ ContentSettingsPattern::FromURL(url),
+ CONTENT_SETTINGS_TYPE_AUTO_SELECT_CERTIFICATE,
+ std::string(),
+ dict.release());
+
+ // Visit a HTTPS page which requires client certs.
+ ui_test_utils::NavigateToURL(browser(), url);
+ CheckAuthenticationBrokenState(tab, net::CERT_STATUS_COMMON_NAME_INVALID,
+ false, true); // Interstitial showing
Ryan Sleevi 2012/07/13 19:25:06 Since this is a browser test, you can/should be us
Takashi Toyoshima 2012/07/17 11:50:58 Currently, we use cert files in WebKit source code
+
+ // Proceed anyway.
+ ProceedThroughInterstitial(tab);
+
+ // Test page runs a WebSocket wss connection test. The result will be shown
+ // as page title.
+ const string16 result = watcher.WaitAndGetTitle();
+ EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
+}
+#endif // defined(USE_NSS)
+
// Flaky on CrOS http://crbug.com/92292
#if defined(OS_CHROMEOS)
#define MAYBE_TestHTTPSErrorWithNoNavEntry \
« no previous file with comments | « no previous file | chrome/test/base/ui_test_utils.h » ('j') | chrome/test/data/ssl/cacert.pem » ('J')

Powered by Google App Engine
This is Rietveld 408576698