net/socket/ssl_client_socket_openssl_unittest.cc - Issue 13866049: Fix client certificate authentication on Mac and Linux introduced in r178732

Side by Side Diff: net/socket/ssl_client_socket_openssl_unittest.cc

Issue 13866049: Fix client certificate authentication on Mac and Linux introduced in r178732 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Refresh key files for certs Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/ssl/client_cert_store_impl_mac.cc » ('j') | no next file with comments »

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/socket/ssl_client_socket.h"	5 #include "net/socket/ssl_client_socket.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <string.h>	8 #include <string.h>

9	9

10 #include <openssl/bio.h>	10 #include <openssl/bio.h>

(...skipping 201 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
212 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv);	212 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_CERT_NEEDED, rv);

213 EXPECT_FALSE(sock_->IsConnected());	213 EXPECT_FALSE(sock_->IsConnected());

214 }	214 }

215	215

216 // Connect to a server requesting client authentication, and send it	216 // Connect to a server requesting client authentication, and send it

217 // an empty certificate. It should refuse the connection.	217 // an empty certificate. It should refuse the connection.

218 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) {	218 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendEmptyCert) {

219 TestServer::SSLOptions ssl_options;	219 TestServer::SSLOptions ssl_options;

220 ssl_options.request_client_certificate = true;	220 ssl_options.request_client_certificate = true;

221 ssl_options.client_authorities.push_back(	221 ssl_options.client_authorities.push_back(

222 GetTestClientCertsDirectory().AppendASCII("client_1_root.pem"));	222 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem"));

223	223

224 ASSERT_TRUE(ConnectToTestServer(ssl_options));	224 ASSERT_TRUE(ConnectToTestServer(ssl_options));

225	225

226 base::FilePath certs_dir = GetTestCertsDirectory();	226 base::FilePath certs_dir = GetTestCertsDirectory();

227 SSLConfig ssl_config = kDefaultSSLConfig;	227 SSLConfig ssl_config = kDefaultSSLConfig;

228 ssl_config.send_client_cert = true;	228 ssl_config.send_client_cert = true;

229 ssl_config.client_cert = NULL;	229 ssl_config.client_cert = NULL;

230	230

231 int rv;	231 int rv;

232 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));	232 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

233	233

234 EXPECT_EQ(OK, rv);	234 EXPECT_EQ(OK, rv);

235 EXPECT_TRUE(sock_->IsConnected());	235 EXPECT_TRUE(sock_->IsConnected());

236 }	236 }

237	237

238 // Connect to a server requesting client authentication. Send it a	238 // Connect to a server requesting client authentication. Send it a

239 // matching certificate. It should allow the connection.	239 // matching certificate. It should allow the connection.

240 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendGoodCert) {	240 TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendGoodCert) {

241 TestServer::SSLOptions ssl_options;	241 TestServer::SSLOptions ssl_options;

242 ssl_options.request_client_certificate = true;	242 ssl_options.request_client_certificate = true;

243 ssl_options.client_authorities.push_back(	243 ssl_options.client_authorities.push_back(

244 GetTestClientCertsDirectory().AppendASCII("client_1_root.pem"));	244 GetTestClientCertsDirectory().AppendASCII("client_1_ca.pem"));

245	245

246 ASSERT_TRUE(ConnectToTestServer(ssl_options));	246 ASSERT_TRUE(ConnectToTestServer(ssl_options));

247	247

248 base::FilePath certs_dir = GetTestCertsDirectory();	248 base::FilePath certs_dir = GetTestCertsDirectory();

249 SSLConfig ssl_config = kDefaultSSLConfig;	249 SSLConfig ssl_config = kDefaultSSLConfig;

250 ssl_config.send_client_cert = true;	250 ssl_config.send_client_cert = true;

251 ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem");	251 ssl_config.client_cert = ImportCertFromFile(certs_dir, "client_1.pem");

252	252

253 // This is required to ensure that signing works with the client	253 // This is required to ensure that signing works with the client

254 // certificate's private key.	254 // certificate's private key.

255 OpenSSLClientKeyStore::ScopedEVP_PKEY client_private_key;	255 OpenSSLClientKeyStore::ScopedEVP_PKEY client_private_key;

256 ASSERT_TRUE(LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"),	256 ASSERT_TRUE(LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"),

257 &client_private_key));	257 &client_private_key));

258 EXPECT_TRUE(RecordPrivateKey(ssl_config, client_private_key.get()));	258 EXPECT_TRUE(RecordPrivateKey(ssl_config, client_private_key.get()));

259	259

260 int rv;	260 int rv;

261 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));	261 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

262	262

263 EXPECT_EQ(OK, rv);	263 EXPECT_EQ(OK, rv);

264 EXPECT_TRUE(sock_->IsConnected());	264 EXPECT_TRUE(sock_->IsConnected());

265	265

266 EXPECT_TRUE(CheckSSLClientSocketSentCert());	266 EXPECT_TRUE(CheckSSLClientSocketSentCert());

267	267

268 sock_->Disconnect();	268 sock_->Disconnect();

269 EXPECT_FALSE(sock_->IsConnected());	269 EXPECT_FALSE(sock_->IsConnected());

270 }	270 }

271	271

272 } // namespace	272 } // namespace

273 } // namespace net	273 } // namespace net

OLD	NEW